Ghost/test/regression/api/canary/admin/identities.test.js
Hannah Wolfe f08a55c21f
Renamed tests to .test.js & updated commands
refs: https://github.com/TryGhost/Team/issues/856
refs: https://github.com/TryGhost/Team/issues/756

- The .test.js extension is better than _spec.js as it's more obvious that it's an extension
- It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test`
- It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856)
- Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756
2021-07-06 20:45:01 +01:00

102 lines
3.3 KiB
JavaScript

const should = require('should');
const supertest = require('supertest');
const jwt = require('jsonwebtoken');
const jwksClient = require('jwks-rsa');
const testUtils = require('../../../../utils');
const localUtils = require('./utils');
const config = require('../../../../../core/shared/config');
const ghost = testUtils.startGhost;
let request;
const verifyJWKS = (endpoint, token) => {
return new Promise((resolve, reject) => {
const client = jwksClient({
jwksUri: endpoint
});
async function getKey(header, callback) {
const key = await client.getSigningKey(header.kid);
let signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
}
jwt.verify(token, getKey, {}, (err, decoded) => {
if (err) {
reject(err);
}
resolve(decoded);
});
});
};
describe('Identities API', function () {
describe('As Owner', function () {
before(function () {
return ghost()
.then(function () {
request = supertest.agent(config.get('url'));
})
.then(function () {
return localUtils.doAuth(request);
});
});
it('Can create JWT token and verify it afterwards with public jwks', function () {
let identity;
return request
.get(localUtils.API.getApiQuery(`identities/`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.identities);
identity = jsonResponse.identities[0];
})
.then(() => {
return verifyJWKS(`${request.app}/ghost/.well-known/jwks.json`, identity.token);
})
.then((decoded) => {
decoded.sub.should.equal('jbloggs@example.com');
});
});
});
describe('As non-Owner', function () {
before(function () {
return ghost()
.then(function (_ghostServer) {
request = supertest.agent(config.get('url'));
})
.then(function () {
return testUtils.createUser({
user: testUtils.DataGenerator.forKnex.createUser({email: 'admin+1@ghost.org'}),
role: testUtils.DataGenerator.Content.roles[0].name
});
})
.then(function (admin) {
request.user = admin;
return localUtils.doAuth(request);
});
});
it('Cannot read', function () {
return request
.get(localUtils.API.getApiQuery(`identities/`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403);
});
});
});