ghost/core/test/functional/api/settings_test.js

/*globals describe, before, beforeEach, afterEach, it */
var testUtils = require('../../utils'),
    should = require('should'),
    _ = require('lodash'),
    request = require('request');

request = request.defaults({jar:true})

describe('Settings API', function () {

    var user = testUtils.DataGenerator.forModel.users[0],
        csrfToken = '';

    before(function (done) {
        testUtils.clearData()
            .then(function () {
                return testUtils.initData();
            })
            .then(function () {
                return testUtils.insertDefaultFixtures();
            })
            .then(function () {
                request.get(testUtils.API.getSigninURL(), function (error, response, body) {
                    response.should.have.status(200);
                    var pattern_meta = /<meta.*?name="csrf-param".*?content="(.*?)".*?>/i;
                    pattern_meta.should.exist;
                    csrfToken = body.match(pattern_meta)[1];
                    setTimeout((function () {
                        request.post({uri: testUtils.API.getSigninURL(),
                                headers: {'X-CSRF-Token': csrfToken}}, function (error, response, body) {
                            response.should.have.status(200);
                            request.get(testUtils.API.getAdminURL(), function (error, response, body) {
                                response.should.have.status(200);
                                csrfToken = body.match(pattern_meta)[1];
                                done();
                            });
                        }).form({email: user.email, password: user.password});
                    }), 2000);
                });
            }, done);
    });

    // TODO: currently includes values of type=core
    it('can retrieve all settings', function (done) {
        request.get(testUtils.API.getApiURL('settings/'), function (error, response, body) {
            response.should.have.status(200);
            should.not.exist(response.headers['x-cache-invalidate']);
            response.should.be.json;
            var jsonResponse = JSON.parse(body);
            jsonResponse.should.exist;

            testUtils.API.checkResponse(jsonResponse, 'settings');
            done();
        });
    });
    it('can retrieve a setting', function (done) {
        request.get(testUtils.API.getApiURL('settings/title/'), function (error, response, body) {
            response.should.have.status(200);
            should.not.exist(response.headers['x-cache-invalidate']);
            response.should.be.json;
            var jsonResponse = JSON.parse(body);

            jsonResponse.should.exist;
            testUtils.API.checkResponseValue(jsonResponse, ['key','value']);
            jsonResponse.key.should.eql('title');
            done();
        });
    });

    it('can\'t retrieve non existent setting', function (done) {
        request.get(testUtils.API.getApiURL('settings/testsetting/'), function (error, response, body) {
            response.should.have.status(404);
            should.not.exist(response.headers['x-cache-invalidate']);
            response.should.be.json;
            var jsonResponse = JSON.parse(body);
            jsonResponse.should.exist;
            testUtils.API.checkResponseValue(jsonResponse, ['error']);
            done();
        });
    });

    it('can edit settings', function (done) {
        request.get(testUtils.API.getApiURL('settings'), function (error, response, body) {
            var jsonResponse = JSON.parse(body),
                changedValue = 'Ghost changed';
            jsonResponse.should.exist;
            jsonResponse.title = changedValue;

            request.put({uri: testUtils.API.getApiURL('settings/'),
                    headers: {'X-CSRF-Token': csrfToken},
                    json: jsonResponse}, function (error, response, putBody) {
                response.should.have.status(200);
                response.headers['x-cache-invalidate'].should.eql('/*');
                response.should.be.json;
                putBody.should.exist;
                putBody.title.should.eql(changedValue);
                testUtils.API.checkResponse(putBody, 'settings');
                done();
            });
        });
    });

    it('can\'t edit settings with invalid CSRF token', function (done) {
        request.get(testUtils.API.getApiURL('settings'), function (error, response, body) {
            var jsonResponse = JSON.parse(body),
                changedValue = 'Ghost changed';
            jsonResponse.should.exist;
            jsonResponse.title = changedValue;

            request.put({uri: testUtils.API.getApiURL('settings/'),
                    headers: {'X-CSRF-Token': 'invalid-token'},
                    json: jsonResponse}, function (error, response, putBody) {
                response.should.have.status(403);
                done();
            });
        });
    });

    it('can\'t edit non existent setting', function (done) {
        request.get(testUtils.API.getApiURL('settings'), function (error, response, body) {
            var jsonResponse = JSON.parse(body),
                newValue = 'new value';
            jsonResponse.should.exist;
            jsonResponse.testvalue = newValue;

            request.put({uri: testUtils.API.getApiURL('settings/'),
                    headers: {'X-CSRF-Token': csrfToken},
                    json: jsonResponse}, function (error, response, putBody) {
                response.should.have.status(404);
                should.not.exist(response.headers['x-cache-invalidate']);
                response.should.be.json;
                testUtils.API.checkResponseValue(putBody, ['error']);
                done();
            });
        });
    });
});
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`/globals describe, before, beforeEach, afterEach, it /`
Move API tests to /integration/ closes #1396 - moved core/test/unit/api* to core/test/integration/api/ - moved core/test/integration/model* to core/test/integration/model/ - moved core/test/unit/utils to core/test/utils - moved core/test/unit/fixtures to core/test/utils/fixtures/ - changed gruntfile.js to execute api tests with target 'integration' 2013-11-07 08:26:47 -05:00			`var testUtils = require('../../utils'),`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`should = require('should'),`
Replace underscore with lodash. 2014-02-05 03:40:30 -05:00			`_ = require('lodash'),`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`request = require('request');`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00
			`request = request.defaults({jar:true})`

			`describe('Settings API', function () {`

			`var user = testUtils.DataGenerator.forModel.users[0],`
			`csrfToken = '';`

			`before(function (done) {`
			`testUtils.clearData()`
			`.then(function () {`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 09:29:36 -05:00			`return testUtils.initData();`
			`})`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`.then(function () {`
Bugfixes for tests 2013-11-05 10:02:57 -05:00			`return testUtils.insertDefaultFixtures();`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`})`
			`.then(function () {`
			`request.get(testUtils.API.getSigninURL(), function (error, response, body) {`
Bugfixes for tests 2013-11-05 10:02:57 -05:00			`response.should.have.status(200);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`var pattern_meta = /<meta.?name="csrf-param".?content="(.?)".?>/i;`
			`pattern_meta.should.exist;`
			`csrfToken = body.match(pattern_meta)[1];`
Test file cleanup on accoutn of OCD 2013-11-11 05:37:09 -05:00			`setTimeout((function () {`
			`request.post({uri: testUtils.API.getSigninURL(),`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 09:29:36 -05:00			`headers: {'X-CSRF-Token': csrfToken}}, function (error, response, body) {`
Bugfixes for tests 2013-11-05 10:02:57 -05:00			`response.should.have.status(200);`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 09:29:36 -05:00			`request.get(testUtils.API.getAdminURL(), function (error, response, body) {`
			`response.should.have.status(200);`
			`csrfToken = body.match(pattern_meta)[1];`
			`done();`
			`});`
Bugfixes for tests 2013-11-05 10:02:57 -05:00			`}).form({email: user.email, password: user.password});`
			`}), 2000);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`});`
			`}, done);`
			`});`

			`// TODO: currently includes values of type=core`
			`it('can retrieve all settings', function (done) {`
			`request.get(testUtils.API.getApiURL('settings/'), function (error, response, body) {`
			`response.should.have.status(200);`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`should.not.exist(response.headers['x-cache-invalidate']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`response.should.be.json;`
			`var jsonResponse = JSON.parse(body);`
			`jsonResponse.should.exist;`

Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`testUtils.API.checkResponse(jsonResponse, 'settings');`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`done();`
			`});`
			`});`
			`it('can retrieve a setting', function (done) {`
			`request.get(testUtils.API.getApiURL('settings/title/'), function (error, response, body) {`
			`response.should.have.status(200);`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`should.not.exist(response.headers['x-cache-invalidate']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`response.should.be.json;`
			`var jsonResponse = JSON.parse(body);`

			`jsonResponse.should.exist;`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`testUtils.API.checkResponseValue(jsonResponse, ['key','value']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`jsonResponse.key.should.eql('title');`
			`done();`
			`});`
			`});`

			`it('can\'t retrieve non existent setting', function (done) {`
			`request.get(testUtils.API.getApiURL('settings/testsetting/'), function (error, response, body) {`
			`response.should.have.status(404);`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`should.not.exist(response.headers['x-cache-invalidate']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`response.should.be.json;`
			`var jsonResponse = JSON.parse(body);`
			`jsonResponse.should.exist;`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`testUtils.API.checkResponseValue(jsonResponse, ['error']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`done();`
			`});`
			`});`

			`it('can edit settings', function (done) {`
			`request.get(testUtils.API.getApiURL('settings'), function (error, response, body) {`
			`var jsonResponse = JSON.parse(body),`
			`changedValue = 'Ghost changed';`
			`jsonResponse.should.exist;`
			`jsonResponse.title = changedValue;`

			`request.put({uri: testUtils.API.getApiURL('settings/'),`
			`headers: {'X-CSRF-Token': csrfToken},`
			`json: jsonResponse}, function (error, response, putBody) {`
			`response.should.have.status(200);`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`response.headers['x-cache-invalidate'].should.eql('/*');`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`response.should.be.json;`
			`putBody.should.exist;`
			`putBody.title.should.eql(changedValue);`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`testUtils.API.checkResponse(putBody, 'settings');`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`done();`
			`});`
			`});`
			`});`

Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test 2014-02-14 05:00:11 -05:00			`it('can\'t edit settings with invalid CSRF token', function (done) {`
			`request.get(testUtils.API.getApiURL('settings'), function (error, response, body) {`
			`var jsonResponse = JSON.parse(body),`
			`changedValue = 'Ghost changed';`
			`jsonResponse.should.exist;`
			`jsonResponse.title = changedValue;`

			`request.put({uri: testUtils.API.getApiURL('settings/'),`
			`headers: {'X-CSRF-Token': 'invalid-token'},`
			`json: jsonResponse}, function (error, response, putBody) {`
			`response.should.have.status(403);`
			`done();`
			`});`
			`});`
			`});`

Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`it('can\'t edit non existent setting', function (done) {`
			`request.get(testUtils.API.getApiURL('settings'), function (error, response, body) {`
			`var jsonResponse = JSON.parse(body),`
			`newValue = 'new value';`
			`jsonResponse.should.exist;`
			`jsonResponse.testvalue = newValue;`

			`request.put({uri: testUtils.API.getApiURL('settings/'),`
			`headers: {'X-CSRF-Token': csrfToken},`
			`json: jsonResponse}, function (error, response, putBody) {`
			`response.should.have.status(404);`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`should.not.exist(response.headers['x-cache-invalidate']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`response.should.be.json;`
Add X-Cache-Invalidation Tests closes #1397 - added checks for x-cache-invalidation to api tests 2013-11-07 04:34:18 -05:00			`testUtils.API.checkResponseValue(putBody, ['error']);`
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js 2013-11-03 12:13:19 -05:00			`done();`
			`});`
			`});`
			`});`
			`});`