mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-03 00:15:11 +03:00
f08a55c21f
refs: https://github.com/TryGhost/Team/issues/856 refs: https://github.com/TryGhost/Team/issues/756 - The .test.js extension is better than _spec.js as it's more obvious that it's an extension - It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test` - It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856) - Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756
99 lines
2.9 KiB
JavaScript
99 lines
2.9 KiB
JavaScript
const errors = require('@tryghost/errors');
|
|
const {authenticateContentApiKey} = require('../../../../../core/server/services/auth/api-key/content');
|
|
const models = require('../../../../../core/server/models');
|
|
const should = require('should');
|
|
const sinon = require('sinon');
|
|
const testUtils = require('../../../../utils');
|
|
|
|
describe('Content API Key Auth', function () {
|
|
before(models.init);
|
|
|
|
this.beforeEach(function () {
|
|
const fakeApiKey = {
|
|
id: '1234',
|
|
type: 'content',
|
|
secret: Buffer.from('testing').toString('hex'),
|
|
get(prop) {
|
|
return this[prop];
|
|
}
|
|
};
|
|
this.fakeApiKey = fakeApiKey;
|
|
|
|
this.apiKeyStub = sinon.stub(models.ApiKey, 'findOne');
|
|
this.apiKeyStub.returns(Promise.resolve());
|
|
this.apiKeyStub.withArgs({secret: fakeApiKey.secret}).returns(Promise.resolve(fakeApiKey));
|
|
});
|
|
|
|
afterEach(function () {
|
|
sinon.restore();
|
|
});
|
|
|
|
it('should authenticate with known+valid key', function (done) {
|
|
const req = {
|
|
query: {
|
|
key: this.fakeApiKey.secret
|
|
}
|
|
};
|
|
const res = {};
|
|
|
|
authenticateContentApiKey(req, res, (arg) => {
|
|
should.not.exist(arg);
|
|
req.api_key.should.eql(this.fakeApiKey);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('shouldn\'t authenticate with invalid/unknown key', function (done) {
|
|
const req = {
|
|
query: {
|
|
key: 'unknown'
|
|
}
|
|
};
|
|
const res = {};
|
|
|
|
authenticateContentApiKey(req, res, function next(err) {
|
|
should.exist(err);
|
|
should.equal(err instanceof errors.UnauthorizedError, true);
|
|
err.code.should.eql('UNKNOWN_CONTENT_API_KEY');
|
|
should.not.exist(req.api_key);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('shouldn\'t authenticate with a non-content-api key', function (done) {
|
|
const req = {
|
|
query: {
|
|
key: this.fakeApiKey.secret
|
|
}
|
|
};
|
|
const res = {};
|
|
|
|
this.fakeApiKey.type = 'admin';
|
|
|
|
authenticateContentApiKey(req, res, function next(err) {
|
|
should.exist(err);
|
|
should.equal(err instanceof errors.UnauthorizedError, true);
|
|
err.code.should.eql('INVALID_API_KEY_TYPE');
|
|
should.not.exist(req.api_key);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('shouldn\'t authenticate with invalid request', function (done) {
|
|
const req = {
|
|
query: {
|
|
key: [this.fakeApiKey.secret, '']
|
|
}
|
|
};
|
|
const res = {};
|
|
|
|
authenticateContentApiKey(req, res, function next(err) {
|
|
should.exist(err);
|
|
should.equal(err instanceof errors.BadRequestError, true);
|
|
err.code.should.eql('INVALID_REQUEST');
|
|
should.not.exist(req.api_key);
|
|
done();
|
|
});
|
|
});
|
|
});
|