mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-27 12:53:13 +03:00
41103000d2
refs https://github.com/TryGhost/Toolbox/issues/292 - Allows to detect and extract admin api key ID value. The reason why we are not dealing withe the "secret" value here in a similar way as Content API key is to keep the package independent from the model layer. It only provides "identification" information along with the key type so that the version mismatch data service can deal with this information in an optimal way (just one db query).
49 lines
1.4 KiB
JavaScript
49 lines
1.4 KiB
JavaScript
const assert = require('assert');
|
|
const extractApiKey = require('../index');
|
|
|
|
describe('Extract API Key', function () {
|
|
it('Returns nulls for a request without any key', function () {
|
|
const {key, type} = extractApiKey({
|
|
query: {
|
|
filter: 'status:active'
|
|
}
|
|
});
|
|
|
|
assert.equal(key, null);
|
|
assert.equal(type, null);
|
|
});
|
|
|
|
it('Extracts Content API key from the request', function () {
|
|
const {key, type} = extractApiKey({
|
|
query: {
|
|
key: '123thekey'
|
|
}
|
|
});
|
|
|
|
assert.equal(key, '123thekey');
|
|
assert.equal(type, 'content');
|
|
});
|
|
|
|
it('Extracts Admin API key from the request', function () {
|
|
const {key, type} = extractApiKey({
|
|
headers: {
|
|
authorization: 'Ghost eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjYyNzM4MjQzNDZiZjUxZjNhYWI5OTA5OSJ9.eyJpYXQiOjE2NTIxNjUyNDQsImV4cCI6MTY1MjE2NTU0NCwiYXVkIjoiL3YyL2FkbWluLyJ9.VdPOZ4XffgYd8qn_46zlJR3jW_rPZTw70COkG5IYIuU'
|
|
}
|
|
});
|
|
|
|
assert.equal(key, '6273824346bf51f3aab99099');
|
|
assert.equal(type, 'admin');
|
|
});
|
|
|
|
it('Returns null if malformatted Admin API Key', function () {
|
|
const {key, type} = extractApiKey({
|
|
headers: {
|
|
authorization: 'Ghost incorrectformat'
|
|
}
|
|
});
|
|
|
|
assert.equal(key, null);
|
|
assert.equal(type, 'admin');
|
|
});
|
|
});
|