2017-09-28 15:00:52 +02:00
|
|
|
var _ = require('lodash'),
|
|
|
|
url = require('url'),
|
|
|
|
moment = require('moment'),
|
2018-10-05 15:08:30 +02:00
|
|
|
DataGenerator = require('./fixtures/data-generator'),
|
2017-09-28 15:00:52 +02:00
|
|
|
config = require('../../server/config'),
|
2018-10-05 15:08:30 +02:00
|
|
|
common = require('../../server/lib/common'),
|
|
|
|
sequence = require('../../server/lib/promise/sequence'),
|
2017-09-28 15:00:52 +02:00
|
|
|
schema = require('../../server/data/schema').tables,
|
|
|
|
host = config.get('server').host,
|
|
|
|
port = config.get('server').port,
|
|
|
|
protocol = 'http://',
|
2013-11-07 10:34:18 +01:00
|
|
|
expectedProperties = {
|
2016-02-14 12:46:09 +00:00
|
|
|
// API top level
|
2017-09-28 15:00:52 +02:00
|
|
|
posts: ['posts', 'meta'],
|
|
|
|
tags: ['tags', 'meta'],
|
|
|
|
users: ['users', 'meta'],
|
|
|
|
settings: ['settings', 'meta'],
|
|
|
|
subscribers: ['subscribers', 'meta'],
|
|
|
|
roles: ['roles'],
|
|
|
|
pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],
|
|
|
|
slugs: ['slugs'],
|
|
|
|
slug: ['slug'],
|
|
|
|
post: _(schema.posts)
|
|
|
|
.keys()
|
|
|
|
// by default we only return html
|
2018-07-19 11:35:55 +02:00
|
|
|
.without('mobiledoc', 'plaintext')
|
2018-03-27 16:16:15 +02:00
|
|
|
// swaps author_id to author, and always returns computed properties: url, comment_id, primary_tag, primary_author
|
2018-07-19 11:35:55 +02:00
|
|
|
.without('author_id').concat('author', 'url', 'primary_tag', 'primary_author')
|
2017-05-30 11:40:39 +01:00
|
|
|
.value(),
|
2017-09-28 15:00:52 +02:00
|
|
|
user: {
|
|
|
|
default: _(schema.users).keys().without('password').without('ghost_auth_access_token').value(),
|
|
|
|
public: _(schema.users)
|
|
|
|
.keys()
|
|
|
|
.without(
|
|
|
|
'password',
|
|
|
|
'email',
|
|
|
|
'ghost_auth_access_token',
|
|
|
|
'ghost_auth_id',
|
|
|
|
'created_at',
|
|
|
|
'created_by',
|
|
|
|
'updated_at',
|
|
|
|
'updated_by',
|
|
|
|
'last_seen',
|
|
|
|
'status'
|
|
|
|
)
|
|
|
|
.value()
|
|
|
|
},
|
2016-02-14 12:46:09 +00:00
|
|
|
// Tag API swaps parent_id to parent
|
2017-09-28 15:00:52 +02:00
|
|
|
tag: _(schema.tags).keys().without('parent_id').concat('parent').value(),
|
|
|
|
setting: _.keys(schema.settings),
|
2016-04-14 22:44:05 +02:00
|
|
|
subscriber: _.keys(schema.subscribers),
|
2016-02-14 12:46:09 +00:00
|
|
|
accesstoken: _.keys(schema.accesstokens),
|
2017-09-28 15:00:52 +02:00
|
|
|
role: _.keys(schema.roles),
|
|
|
|
permission: _.keys(schema.permissions),
|
2018-01-18 11:42:26 +01:00
|
|
|
notification: ['type', 'message', 'status', 'id', 'dismissible', 'location', 'custom'],
|
2017-09-28 15:00:52 +02:00
|
|
|
theme: ['name', 'package', 'active'],
|
|
|
|
themes: ['themes'],
|
2017-11-21 15:43:14 +00:00
|
|
|
invites: _(schema.invites).keys().without('token').value(),
|
|
|
|
webhook: _.keys(schema.webhooks)
|
2013-11-07 10:34:18 +01:00
|
|
|
};
|
|
|
|
|
2016-02-14 12:46:09 +00:00
|
|
|
function getURL() {
|
|
|
|
return protocol + host;
|
|
|
|
}
|
|
|
|
|
2014-04-28 21:42:38 +01:00
|
|
|
function getSigninURL() {
|
2016-02-14 12:46:09 +00:00
|
|
|
return url.resolve(protocol + host + ':' + port, 'ghost/signin/');
|
2013-10-07 20:39:33 -05:00
|
|
|
}
|
2016-02-14 12:46:09 +00:00
|
|
|
|
2014-04-28 21:42:38 +01:00
|
|
|
function getAdminURL() {
|
2016-02-14 12:46:09 +00:00
|
|
|
return url.resolve(protocol + host + ':' + port, 'ghost/');
|
|
|
|
}
|
|
|
|
|
|
|
|
function isISO8601(date) {
|
|
|
|
return moment(date).parsingFlags().iso;
|
2013-11-24 15:29:36 +01:00
|
|
|
}
|
2013-10-07 20:39:33 -05:00
|
|
|
|
2013-11-03 18:13:19 +01:00
|
|
|
// make sure the API only returns expected properties only
|
2016-02-14 12:46:09 +00:00
|
|
|
function checkResponseValue(jsonResponse, expectedProperties) {
|
|
|
|
var providedProperties = _.keys(jsonResponse),
|
|
|
|
missing = _.difference(expectedProperties, providedProperties),
|
|
|
|
unexpected = _.difference(providedProperties, expectedProperties);
|
|
|
|
|
|
|
|
_.each(missing, function (prop) {
|
|
|
|
jsonResponse.should.have.property(prop);
|
|
|
|
});
|
|
|
|
|
|
|
|
_.each(unexpected, function (prop) {
|
|
|
|
jsonResponse.should.not.have.property(prop);
|
|
|
|
});
|
|
|
|
|
|
|
|
providedProperties.length.should.eql(expectedProperties.length);
|
2013-10-07 20:39:33 -05:00
|
|
|
}
|
|
|
|
|
2017-09-28 15:00:52 +02:00
|
|
|
// @TODO: support options pattern only, it's annoying to call checkResponse(null, null, null, something)
|
|
|
|
function checkResponse(jsonResponse, objectType, additionalProperties, missingProperties, onlyProperties, options) {
|
|
|
|
options = options || {};
|
|
|
|
|
|
|
|
var checkProperties = options.public ? (expectedProperties[objectType].public || expectedProperties[objectType]) : (expectedProperties[objectType].default || expectedProperties[objectType]);
|
2017-05-30 11:40:39 +01:00
|
|
|
|
|
|
|
checkProperties = onlyProperties ? onlyProperties : checkProperties;
|
2014-07-08 18:00:59 +02:00
|
|
|
checkProperties = additionalProperties ? checkProperties.concat(additionalProperties) : checkProperties;
|
2015-04-17 22:27:04 +01:00
|
|
|
checkProperties = missingProperties ? _.xor(checkProperties, missingProperties) : checkProperties;
|
2014-07-08 18:00:59 +02:00
|
|
|
|
|
|
|
checkResponseValue(jsonResponse, checkProperties);
|
2014-04-28 21:42:38 +01:00
|
|
|
}
|
|
|
|
|
2018-10-05 15:08:30 +02:00
|
|
|
/**
|
|
|
|
* This function manages the work of ensuring we have an overridden owner user, and grabbing an access token
|
|
|
|
*
|
|
|
|
* @TODO make this do the DB init as well
|
|
|
|
*/
|
|
|
|
const doAuth = (apiOptions) => {
|
|
|
|
return function doAuthInner() {
|
|
|
|
let API_URL = arguments[0];
|
|
|
|
let request = arguments[1];
|
|
|
|
let options = arguments;
|
|
|
|
let fixtureOps;
|
|
|
|
|
|
|
|
// Remove API_URL & request from this list
|
|
|
|
delete options[0];
|
|
|
|
delete options[1];
|
|
|
|
|
|
|
|
// No DB setup, but override the owner
|
|
|
|
options = _.merge({'owner:post': true}, _.transform(options, function (result, val) {
|
|
|
|
if (val) {
|
|
|
|
result[val] = true;
|
|
|
|
}
|
|
|
|
}));
|
|
|
|
|
|
|
|
fixtureOps = apiOptions.getFixtureOps(options);
|
|
|
|
|
|
|
|
return sequence(fixtureOps).then(function () {
|
|
|
|
return login(request, API_URL);
|
|
|
|
});
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
const login = (request, API_URL) => {
|
|
|
|
// CASE: by default we use the owner to login
|
|
|
|
if (!request.user) {
|
|
|
|
request.user = DataGenerator.Content.users[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
return new Promise(function (resolve, reject) {
|
|
|
|
request.post(API_URL)
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send({
|
|
|
|
grant_type: 'password',
|
|
|
|
username: request.user.email,
|
|
|
|
password: 'Sl1m3rson99',
|
|
|
|
client_id: 'ghost-admin',
|
|
|
|
client_secret: 'not_available'
|
|
|
|
}).then(function then(res) {
|
|
|
|
if (res.statusCode !== 200) {
|
|
|
|
return reject(new common.errors.GhostError({
|
|
|
|
message: res.body.errors[0].message
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
|
|
|
resolve(res.body.access_token);
|
|
|
|
}, reject);
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = (options = {}) => {
|
|
|
|
return {
|
|
|
|
getSigninURL: getSigninURL,
|
|
|
|
getAdminURL: getAdminURL,
|
|
|
|
doAuth: doAuth(options),
|
|
|
|
login: login,
|
|
|
|
getURL: getURL,
|
|
|
|
checkResponse: checkResponse,
|
|
|
|
checkResponseValue: checkResponseValue,
|
|
|
|
isISO8601: isISO8601
|
|
|
|
};
|
2013-11-07 10:34:18 +01:00
|
|
|
};
|