mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-21 09:52:06 +03:00
7f1d3ebc07
- move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
81 lines
2.9 KiB
JavaScript
81 lines
2.9 KiB
JavaScript
const should = require('should');
|
|
const supertest = require('supertest');
|
|
const _ = require('lodash');
|
|
const testUtils = require('../../utils');
|
|
const config = require('../../../core/server/config');
|
|
const localUtils = require('./utils');
|
|
|
|
const ghost = testUtils.startGhost;
|
|
|
|
describe('Admin API key authentication', function () {
|
|
let request;
|
|
|
|
before(function () {
|
|
return ghost()
|
|
.then(function () {
|
|
request = supertest.agent(config.get('url'));
|
|
})
|
|
.then(function () {
|
|
return testUtils.initFixtures('api_keys');
|
|
});
|
|
});
|
|
|
|
it('Can not access endpoint without a token header', function () {
|
|
return request.get(localUtils.API.getApiQuery('posts/'))
|
|
.set('Authorization', `Ghost`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(401);
|
|
});
|
|
|
|
it('Can not access endpoint with a wrong endpoint token', function () {
|
|
return request.get(localUtils.API.getApiQuery('posts/'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('https://wrong.com')}`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(401);
|
|
});
|
|
|
|
it('Can access browse endpoint with correct token', function () {
|
|
return request.get(localUtils.API.getApiQuery('posts/'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
});
|
|
|
|
it('Can create post', function () {
|
|
const post = {
|
|
title: 'Post created with api_key'
|
|
};
|
|
|
|
return request
|
|
.post(localUtils.API.getApiQuery('posts/?include=authors'))
|
|
.set('Origin', config.get('url'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`)
|
|
.send({
|
|
posts: [post]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(201)
|
|
.then((res) => {
|
|
// falls back to owner user
|
|
res.body.posts[0].authors.length.should.eql(1);
|
|
});
|
|
});
|
|
|
|
it('Can read users', function () {
|
|
return request
|
|
.get(localUtils.API.getApiQuery('users/'))
|
|
.set('Origin', config.get('url'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200)
|
|
.then((res) => {
|
|
localUtils.API.checkResponse(res.body.users[0], 'user');
|
|
});
|
|
});
|
|
});
|