mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 18:31:57 +03:00
2dd94d4300
refs https://github.com/TryGhost/Ghost/pull/16461 - The referenced migration had an incorrect 'type' assigned to the self-serve integration's api key. Should have been "admin" instead of "core"
394 lines
15 KiB
JavaScript
394 lines
15 KiB
JavaScript
const _ = require('lodash');
|
|
const should = require('should');
|
|
const supertest = require('supertest');
|
|
const config = require('../../../core/shared/config');
|
|
const testUtils = require('../../utils');
|
|
const localUtils = require('./utils');
|
|
const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework');
|
|
const {anyEtag, anyErrorId, anyContentVersion} = matchers;
|
|
|
|
describe('Integrations API', function () {
|
|
let request;
|
|
|
|
before(async function () {
|
|
await localUtils.startGhost();
|
|
request = supertest.agent(config.get('url'));
|
|
await localUtils.doAuth(request, 'integrations');
|
|
});
|
|
|
|
const findBy = (prop, val) => object => object[prop] === val;
|
|
|
|
it('Can browse all integrations', async function () {
|
|
const res = await request.get(localUtils.API.getApiQuery(`integrations/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
should.equal(res.body.integrations.length, 6);
|
|
|
|
// there is no enforced order for integrations which makes order different on SQLite and MySQL
|
|
const zapierIntegration = _.find(res.body.integrations, {name: 'Zapier'}); // from migrations
|
|
should.exist(zapierIntegration);
|
|
|
|
const testIntegration = _.find(res.body.integrations, {name: 'Test Integration'}); // from fixtures
|
|
should.exist(testIntegration);
|
|
|
|
const exploreIntegration = _.find(res.body.integrations, {name: 'Test Core Integration'}); // from fixtures
|
|
should.exist(exploreIntegration);
|
|
|
|
const selfServeMigrationIntegration = _.find(res.body.integrations, {name: 'Self-Serve Migration Integration'}); // from fixtures
|
|
should.exist(selfServeMigrationIntegration);
|
|
});
|
|
|
|
it('Can not read internal integration', async function () {
|
|
await request.get(localUtils.API.getApiQuery(`integrations/${testUtils.DataGenerator.Content.integrations[1].id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(404);
|
|
});
|
|
|
|
it('Can successfully create a single integration with auto generated content and admin api key', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Dis-Integrate!!'
|
|
}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(201);
|
|
|
|
should.equal(res.body.integrations.length, 1);
|
|
|
|
const [integration] = res.body.integrations;
|
|
should.equal(integration.name, 'Dis-Integrate!!');
|
|
|
|
should.equal(integration.api_keys.length, 2);
|
|
|
|
const contentApiKey = integration.api_keys.find(findBy('type', 'content'));
|
|
should.equal(contentApiKey.integration_id, integration.id);
|
|
|
|
const adminApiKey = integration.api_keys.find(findBy('type', 'admin'));
|
|
should.equal(adminApiKey.integration_id, integration.id);
|
|
should.exist(adminApiKey.secret);
|
|
|
|
// check Admin API key secret format
|
|
const [id, secret] = adminApiKey.secret.split(':');
|
|
should.exist(id);
|
|
should.equal(id, adminApiKey.id);
|
|
should.exist(secret);
|
|
secret.length.should.equal(64);
|
|
|
|
should.exist(res.headers.location);
|
|
res.headers.location.should.equal(`http://127.0.0.1:2369${localUtils.API.getApiQuery('integrations/')}${res.body.integrations[0].id}/`);
|
|
});
|
|
|
|
it('Can successfully create a single integration with a webhook', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Integratatron4000',
|
|
webhooks: [{
|
|
event: 'something',
|
|
target_url: 'http://example.com'
|
|
}]
|
|
}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(201);
|
|
|
|
should.equal(res.body.integrations.length, 1);
|
|
|
|
const [integration] = res.body.integrations;
|
|
should.equal(integration.name, 'Integratatron4000');
|
|
|
|
should.equal(integration.webhooks.length, 1);
|
|
|
|
const webhook = integration.webhooks[0];
|
|
should.equal(webhook.integration_id, integration.id);
|
|
|
|
should.exist(res.headers.location);
|
|
res.headers.location.should.equal(`http://127.0.0.1:2369${localUtils.API.getApiQuery('integrations/')}${res.body.integrations[0].id}/`);
|
|
});
|
|
|
|
it('Can successfully get a created integration', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Interrogation Integration'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
const [createdIntegration] = res.body.integrations;
|
|
|
|
const res2 = await request.get(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
should.equal(res2.body.integrations.length, 1);
|
|
|
|
const [integration] = res2.body.integrations;
|
|
|
|
should.equal(integration.id, createdIntegration.id);
|
|
should.equal(integration.name, createdIntegration.name);
|
|
should.equal(integration.slug, createdIntegration.slug);
|
|
should.equal(integration.description, createdIntegration.description);
|
|
should.equal(integration.icon_image, createdIntegration.icon_image);
|
|
});
|
|
|
|
it('Can successfully get *all* created integrations with api_keys', async function () {
|
|
await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Integrate with this!'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Winter-(is)-great'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
const res = await request.get(localUtils.API.getApiQuery(`integrations/?include=api_keys&limit=all`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
const body = res.body;
|
|
// This is the only page
|
|
should.equal(body.meta.pagination.page, 1);
|
|
should.equal(body.meta.pagination.pages, 1);
|
|
should.equal(body.meta.pagination.next, null);
|
|
should.equal(body.meta.pagination.prev, null);
|
|
|
|
body.integrations.forEach((integration) => {
|
|
should.exist(integration.api_keys);
|
|
if (integration.api_keys.length) {
|
|
integration.api_keys.forEach((apiKey) => {
|
|
should.exist(apiKey.secret);
|
|
|
|
if (apiKey.type === 'content') {
|
|
should.equal(apiKey.secret.split(':').length, 1, `${integration.name} api key secret should have correct key format without ":"`);
|
|
} else if (apiKey.type === 'admin') {
|
|
should.equal(apiKey.secret.split(':').length, 2, `${integration.name} api key secret should have correct key format with ":"`);
|
|
}
|
|
});
|
|
}
|
|
});
|
|
});
|
|
|
|
it('Can successfully edit a created integration', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Rubbish Integration Name'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
const [createdIntegration] = res.body.integrations;
|
|
|
|
await request.put(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Awesome Integration Name',
|
|
description: 'Finally got round to writing this...'
|
|
}]
|
|
})
|
|
.expect(200);
|
|
|
|
const res2 = await request.get(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
const [updatedIntegration] = res2.body.integrations;
|
|
|
|
should.equal(updatedIntegration.id, createdIntegration.id);
|
|
should.equal(updatedIntegration.name, 'Awesome Integration Name');
|
|
should.equal(updatedIntegration.description, 'Finally got round to writing this...');
|
|
});
|
|
|
|
it('Can successfully refresh an integration api key', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/?include=api_keys'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Rubbish Integration Name'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
const [createdIntegration] = res.body.integrations;
|
|
const apiKeys = createdIntegration.api_keys;
|
|
const adminApiKey = apiKeys.find(key => key.type === 'admin');
|
|
|
|
await request.post(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/api_key/${adminApiKey.id}/refresh`))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
id: createdIntegration.id
|
|
}]
|
|
})
|
|
.expect(200);
|
|
|
|
const res2 = await request.get(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/?include=api_keys`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
const [updatedIntegration] = res2.body.integrations;
|
|
const updatedAdminApiKey = updatedIntegration.api_keys.find(key => key.type === 'admin');
|
|
should.equal(updatedIntegration.id, createdIntegration.id);
|
|
updatedAdminApiKey.secret.should.not.eql(adminApiKey.secret);
|
|
|
|
const res3 = await request.get(localUtils.API.getApiQuery(`actions/?filter=resource_id:${adminApiKey.id}&include=actor`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
const actions = res3.body.actions;
|
|
const refreshedAction = actions.find((action) => {
|
|
return action.event === 'refreshed';
|
|
});
|
|
should.exist(refreshedAction);
|
|
});
|
|
|
|
it('Can successfully add and delete a created integrations webhooks', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Webhook-less Integration'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
const [createdIntegration] = res.body.integrations;
|
|
|
|
await request.put(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
webhooks: [{
|
|
event: 'somestuff',
|
|
target_url: 'http://example.com'
|
|
}]
|
|
}]
|
|
})
|
|
.expect(200);
|
|
|
|
const res2 = await request.get(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/?include=webhooks`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
const [updatedIntegration] = res2.body.integrations;
|
|
|
|
should.equal(updatedIntegration.webhooks.length, 1);
|
|
|
|
const webhook = updatedIntegration.webhooks[0];
|
|
should.equal(webhook.integration_id, updatedIntegration.id);
|
|
|
|
await request.put(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
webhooks: []
|
|
}]
|
|
})
|
|
.expect(200);
|
|
|
|
const res3 = await request.get(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/?include=webhooks`))
|
|
.set('Origin', config.get('url'))
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
const [updatedIntegration2] = res3.body.integrations;
|
|
should.equal(updatedIntegration2.webhooks.length, 0);
|
|
});
|
|
|
|
it('Can successfully delete a created integration', async function () {
|
|
const res = await request.post(localUtils.API.getApiQuery('integrations/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
integrations: [{
|
|
name: 'Short Lived Integration'
|
|
}]
|
|
})
|
|
.expect(201);
|
|
|
|
const [createdIntegration] = res.body.integrations;
|
|
|
|
await request.del(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect(204)
|
|
.expect((_res) => {
|
|
_res.body.should.be.empty();
|
|
});
|
|
|
|
await request.get(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.set('Origin', config.get('url'))
|
|
.expect(404);
|
|
|
|
const editRes = await request.put(localUtils.API.getApiQuery(`integrations/${createdIntegration.id}/`))
|
|
.send({
|
|
integrations: [createdIntegration]
|
|
})
|
|
.set('Origin', config.get('url'))
|
|
.expect(404);
|
|
|
|
editRes.body.errors[0].context.should.eql('Integration not found.');
|
|
});
|
|
|
|
describe('As Administrator', function () {
|
|
let agent;
|
|
|
|
before(async function () {
|
|
agent = await agentProvider.getAdminAPIAgent();
|
|
await fixtureManager.init('users', 'integrations');
|
|
await agent.loginAsContributor();
|
|
});
|
|
|
|
it('Can\'t see Self-Serve or any other integration', async function () {
|
|
await agent
|
|
.get('integrations')
|
|
.matchHeaderSnapshot({
|
|
'content-version': anyContentVersion,
|
|
etag: anyEtag
|
|
})
|
|
.matchBodySnapshot({
|
|
errors: [
|
|
{
|
|
id: anyErrorId
|
|
}
|
|
]
|
|
})
|
|
.expectStatus(403);
|
|
});
|
|
});
|
|
});
|