mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 10:21:36 +03:00
143921948d
refs b6728ecb0f
- The "no-shadow" eslint rune was introduced into ghost's eslint plugin (referenced commmit), which resulted in flood of warning in console output when linting the project codebase.
- This cleanup is aiming to make any new linting issues more visible. Follow up commits will contain similar cleanups in other parts of the codebase
103 lines
3.4 KiB
JavaScript
103 lines
3.4 KiB
JavaScript
const should = require('should');
|
|
const supertest = require('supertest');
|
|
const jwt = require('jsonwebtoken');
|
|
const jwksClient = require('jwks-rsa');
|
|
const testUtils = require('../../../../utils');
|
|
const localUtils = require('./utils');
|
|
const config = require('../../../../../core/shared/config');
|
|
|
|
const ghost = testUtils.startGhost;
|
|
|
|
let request;
|
|
|
|
const verifyJWKS = (endpoint, token) => {
|
|
return new Promise((resolve, reject) => {
|
|
const client = jwksClient({
|
|
jwksUri: endpoint
|
|
});
|
|
|
|
function getKey(header, callback){
|
|
client.getSigningKey(header.kid, (err, key) => {
|
|
let signingKey = key.publicKey || key.rsaPublicKey;
|
|
callback(null, signingKey);
|
|
});
|
|
}
|
|
|
|
jwt.verify(token, getKey, {}, (err, decoded) => {
|
|
if (err) {
|
|
reject(err);
|
|
}
|
|
|
|
resolve(decoded);
|
|
});
|
|
});
|
|
};
|
|
|
|
describe('Identities API', function () {
|
|
describe('As Owner', function () {
|
|
before(function () {
|
|
return ghost()
|
|
.then(function () {
|
|
request = supertest.agent(config.get('url'));
|
|
})
|
|
.then(function () {
|
|
return localUtils.doAuth(request);
|
|
});
|
|
});
|
|
|
|
it('Can create JWT token and verify it afterwards with public jwks', function () {
|
|
let identity;
|
|
|
|
return request
|
|
.get(localUtils.API.getApiQuery(`identities/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200)
|
|
.then((res) => {
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
const jsonResponse = res.body;
|
|
should.exist(jsonResponse);
|
|
should.exist(jsonResponse.identities);
|
|
|
|
identity = jsonResponse.identities[0];
|
|
})
|
|
.then(() => {
|
|
return verifyJWKS(`${request.app}/ghost/.well-known/jwks.json`, identity.token);
|
|
})
|
|
.then((decoded) => {
|
|
decoded.sub.should.equal('jbloggs@example.com');
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('As non-Owner', function () {
|
|
before(function () {
|
|
return ghost()
|
|
.then(function (_ghostServer) {
|
|
request = supertest.agent(config.get('url'));
|
|
})
|
|
.then(function () {
|
|
return testUtils.createUser({
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'admin+1@ghost.org'}),
|
|
role: testUtils.DataGenerator.Content.roles[0].name
|
|
});
|
|
})
|
|
.then(function (admin) {
|
|
request.user = admin;
|
|
|
|
return localUtils.doAuth(request);
|
|
});
|
|
});
|
|
|
|
it('Cannot read', function () {
|
|
return request
|
|
.get(localUtils.API.getApiQuery(`identities/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(403);
|
|
});
|
|
});
|
|
});
|