mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-25 19:48:50 +03:00
3010d498ca
refs https://github.com/TryGhost/Toolbox/issues/292 - There are couple of reasons why we don't want to include the query string information in the outgoing notification emails: - 1. Security - we can expose the Content API key to an unauthorized person. The emails go out to administrators, so they have access to this data anyway. But for example they might forward full email content to someone from “tech team” or whoever is not really authorized to see it. 2. It looks a bit ugly and could be waaay to long breaking the email layou
104 lines
4.4 KiB
JavaScript
104 lines
4.4 KiB
JavaScript
const assert = require('assert');
|
|
const sinon = require('sinon');
|
|
const errors = require('@tryghost/errors');
|
|
|
|
const versionMismatchMW = require('../index');
|
|
|
|
describe('mw-api-version-mismatch', function () {
|
|
it('Does call handle mismatch when a generic RequestNotAcceptableError is used', function (done) {
|
|
const APIVersionCompatibilityService = {
|
|
handleMismatch: sinon.stub().resolves()
|
|
};
|
|
const req = {
|
|
originalUrl: '/api/admin/posts/1',
|
|
headers: {
|
|
'accept-version': 'v3.28',
|
|
'user-agent': 'Zapier/2.1 GhostAdminSDK/3.28'
|
|
}
|
|
};
|
|
const res = {
|
|
locals: {
|
|
safeVersion: '4.46'
|
|
}
|
|
};
|
|
|
|
versionMismatchMW(APIVersionCompatibilityService)(new errors.RequestNotAcceptableError({
|
|
code: 'UPDATE_CLIENT'
|
|
}), req, res, () => {
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.called, true);
|
|
assert.deepEqual(Object.keys(APIVersionCompatibilityService.handleMismatch.args[0][0]), [
|
|
'acceptVersion',
|
|
'contentVersion',
|
|
'requestURL',
|
|
'userAgent',
|
|
'apiKeyValue',
|
|
'apiKeyType'
|
|
], 'handleMismatch called with wrong arguments');
|
|
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].acceptVersion, 'v3.28');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].contentVersion, 'v4.46');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].requestURL, '/api/admin/posts/1');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].userAgent, 'Zapier/2.1 GhostAdminSDK/3.28');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyValue, null);
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyType, null);
|
|
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('Does call handle mismatch when with correct API key values when identification information is in the request', function (done) {
|
|
const APIVersionCompatibilityService = {
|
|
handleMismatch: sinon.stub().resolves()
|
|
};
|
|
const req = {
|
|
originalUrl: '/api/admin/posts/1?tim_me=please',
|
|
query: {
|
|
key: 'content_api_key_secret'
|
|
},
|
|
headers: {
|
|
'accept-version': 'v3.28',
|
|
'user-agent': 'Zapier/2.1 GhostAdminSDK/3.28'
|
|
}
|
|
};
|
|
const res = {
|
|
locals: {
|
|
safeVersion: '4.46'
|
|
}
|
|
};
|
|
|
|
versionMismatchMW(APIVersionCompatibilityService)(new errors.RequestNotAcceptableError({
|
|
code: 'UPDATE_CLIENT'
|
|
}), req, res, () => {
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.called, true);
|
|
assert.deepEqual(Object.keys(APIVersionCompatibilityService.handleMismatch.args[0][0]), [
|
|
'acceptVersion',
|
|
'contentVersion',
|
|
'requestURL',
|
|
'userAgent',
|
|
'apiKeyValue',
|
|
'apiKeyType'
|
|
], 'handleMismatch called with wrong arguments');
|
|
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].acceptVersion, 'v3.28');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].contentVersion, 'v4.46');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].requestURL, '/api/admin/posts/1', 'trims query string');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].userAgent, 'Zapier/2.1 GhostAdminSDK/3.28');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyValue, 'content_api_key_secret');
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyType, 'content');
|
|
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('Does NOT call handle mismatch when a generic RequestNotAcceptableError is used', function (done) {
|
|
const APIVersionCompatibilityService = {
|
|
handleMismatch: sinon.stub().resolves()
|
|
};
|
|
|
|
versionMismatchMW(APIVersionCompatibilityService)(new errors.RequestNotAcceptableError(), {}, {}, () => {
|
|
assert.equal(APIVersionCompatibilityService.handleMismatch.called, false);
|
|
done();
|
|
});
|
|
});
|
|
});
|