Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-27 22:49:56 -05:00
Code Issues Activity
ghost/test/unit/apps/private-blogging/middleware_spec.js

351 lines
13 KiB
JavaScript
Raw Normal View History

Refactored tests to destructure `common` lib import (#11838)
2020-05-25 03:49:38 -05:00
const errors = require('@tryghost/errors');
Private blogging misc cleanup This is a bunch of small changes, that simplifies working with the private blogging module: - remove reference to really old paginated RSS behaviour - remove handling for /rss and allow our standard redirects to redirect to /rss/ and then execute - readd should to tests so that they can be run standalone - fix eslint warning
2020-06-15 20:13:35 +01:00
const should = require('should');
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const sinon = require('sinon');
const crypto = require('crypto');
const fs = require('fs-extra');
const settingsCache = require('../../../../core/server/services/settings/cache');
const privateBlogging = require('../../../../core/frontend/apps/private-blogging/lib/middleware');
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
function hash(password, salt) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const hasher = crypto.createHash('sha256');
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
hasher.update(password + salt, 'utf8');
return hasher.digest('hex');
}
describe('Private Blogging', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
let settingsStub;
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
afterEach(function () {
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
sinon.restore();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
describe('passProtect', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
let req;
let res;
let next;
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
beforeEach(function () {
:bug: Fixed redirect issue with private sites (#9960) closes #9959 This issue existed because the logic assumed that if there were no query parameters then there would be no `query` object. However this is not the case. What we really wanted to check was for the existence of an "r" query param - the code has been refactor to explicitly do this now.
2018-10-08 16:31:08 +07:00
req = {
query: {}
};
Removed uneeded jshint comments in order to cleanup the tests closes #6505 -Removed all of the /*jshint expr:true*/ comments from the tests -Removed all of the should.equal(true, true) statements from the tests -Removed should from the greenkeeper ignores
2016-02-14 22:48:20 +00:00
res = {};
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
settingsStub = sinon.stub(settingsCache, 'get');
next = sinon.spy();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
it('checkIsPrivate should call next if not private', function () {
settingsStub.withArgs('is_private').returns(false);
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.checkIsPrivate(req, res, next);
next.called.should.be.true();
res.isPrivateBlog.should.be.false();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
it('checkIsPrivate should load session if private', function () {
settingsStub.withArgs('is_private').returns(true);
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.checkIsPrivate(req, res, next);
res.isPrivateBlog.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
describe('not private', function () {
beforeEach(function () {
res.isPrivateBlog = false;
});
it('filterPrivateRoutes should call next if not private', function () {
privateBlogging.filterPrivateRoutes(req, res, next);
deps: should@8.2.1 closes #6448 -upgraded should.js to the latest version (8.2.1) -Changed the tests so that they comply with the breaking changes introduced in the new version of should.js -Installs the package should-http so should.be.json() can be used -Installs the package should-sinon so that should.be.calledOnce() can be used
2016-02-07 21:27:01 +00:00
next.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('redirectPrivateToHomeIfLoggedIn should redirect if blog is not private', function () {
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
res = {
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
redirect: sinon.spy(),
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
isPrivateBlog: false
};
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.redirectPrivateToHomeIfLoggedIn(req, res, next);
deps: should@8.2.1 closes #6448 -upgraded should.js to the latest version (8.2.1) -Changed the tests so that they comply with the breaking changes introduced in the new version of should.js -Installs the package should-http so should.be.json() can be used -Installs the package should-sinon so that should.be.calledOnce() can be used
2016-02-07 21:27:01 +00:00
res.redirect.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
});
describe('private', function () {
beforeEach(function () {
res = {
status: function () {
return this;
},
💄 🐷 Test consistency (#8199) no issue - change out should.equal for // jshint ignore:line - ensure should is the first require in every test, and ALWAYS require - make sinon the second require, and sandbox the last thing - ALWAYS use sandbox, futureproofs tests against contributors who don't know it - change require formatting
2017-03-21 08:24:11 +00:00
send: function () {
},
set: function () {
},
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
redirect: sinon.spy(),
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
isPrivateBlog: true
};
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
req.session = {};
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
it('filterPrivateRoutes should call next if is the "private" route', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.path = req.url = '/private/';
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
deps: should@8.2.1 closes #6448 -upgraded should.js to the latest version (8.2.1) -Changed the tests so that they comply with the breaking changes introduced in the new version of should.js -Installs the package should-http so should.be.json() can be used -Installs the package should-sinon so that should.be.calledOnce() can be used
2016-02-07 21:27:01 +00:00
next.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
it('filterPrivateRoutes: sitemap redirects to /private', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.path = req.url = '/sitemap.xml';
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 17:33:43 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.calledOnce.should.be.true();
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
});
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
it('filterPrivateRoutes: sitemap with params redirects to /private', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.url = '/sitemap.xml?weird=param';
req.path = '/sitemap.xml';
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 17:33:43 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.calledOnce.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
it('filterPrivateRoutes: rss redirects to /private', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.path = req.url = '/rss/';
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 17:33:43 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.calledOnce.should.be.true();
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
});
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
it('filterPrivateRoutes: author rss redirects to /private', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.path = req.url = '/author/halfdan/rss/';
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 17:33:43 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.calledOnce.should.be.true();
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
});
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
it('filterPrivateRoutes: tag rss redirects to /private', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.path = req.url = '/tag/slimer/rss/';
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 17:33:43 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.calledOnce.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
🐛 Fixed private blogging leaking post information (#8999) * 🐛 Fixed private blogging leaking post information closes #8990 - a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content - remove this condition and ensure we always redirect to /private * lint 😋
2017-09-11 15:09:19 +02:00
it('filterPrivateRoutes: rss plus something redirects to /private', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.path = req.url = '/rss/sometag';
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 17:33:43 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.calledOnce.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
it('filterPrivateRoutes should render custom robots.txt', function () {
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290
2016-01-07 15:03:39 +01:00
req.url = req.path = '/robots.txt';
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.writeHead = sinon.spy();
res.end = sinon.spy();
sinon.stub(fs, 'readFile').callsFake(function (file, cb) {
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
cb(null, 'User-agent: * Disallow: /');
});
privateBlogging.filterPrivateRoutes(req, res, next);
deps: should@8.2.1 closes #6448 -upgraded should.js to the latest version (8.2.1) -Changed the tests so that they comply with the breaking changes introduced in the new version of should.js -Installs the package should-http so should.be.json() can be used -Installs the package should-sinon so that should.be.calledOnce() can be used
2016-02-07 21:27:01 +00:00
res.writeHead.called.should.be.true();
res.end.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('doLoginToPrivateSite should call next if error', function () {
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
res.error = 'Test Error';
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.doLoginToPrivateSite(req, res, next);
deps: should@8.2.1 closes #6448 -upgraded should.js to the latest version (8.2.1) -Changed the tests so that they comply with the breaking changes introduced in the new version of should.js -Installs the package should-http so should.be.json() can be used -Installs the package should-sinon so that should.be.calledOnce() can be used
2016-02-07 21:27:01 +00:00
next.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
describe('with hash verification', function () {
beforeEach(function () {
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
settingsStub.withArgs('password').returns('rightpassword');
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
it('authenticatePrivateSession should return next if hash is verified', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const salt = Date.now().toString();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.authenticatePrivateSession(req, res, next);
next.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
it('authenticatePrivateSession should redirect if hash is not verified', function () {
📖 new default post content (#8548) closes #8542 - updates default post fixtures - adds default logo and cover images to settings fixtures - update tests due to coupling to dev/prod fixtures
2017-06-08 16:36:14 +01:00
req.url = '/welcome';
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
req.session = {
token: 'wrongpassword',
salt: Date.now().toString()
};
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
privateBlogging.authenticatePrivateSession(req, res, next);
res.redirect.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('redirectPrivateToHomeIfLoggedIn should redirect if hash is verified', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const salt = Date.now().toString();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.redirectPrivateToHomeIfLoggedIn(req, res, next);
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
res.redirect.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('redirectPrivateToHomeIfLoggedIn should return next if hash is not verified', function () {
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
req.session = {
token: 'wrongpassword',
salt: Date.now().toString()
};
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.redirectPrivateToHomeIfLoggedIn(req, res, next);
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
next.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('doLoginToPrivateSite should return next if password is incorrect', function () {
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
req.body = {password: 'wrongpassword'};
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.doLoginToPrivateSite(req, res, next);
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
res.error.should.not.be.empty();
next.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('doLoginToPrivateSite should redirect if password is correct', function () {
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
req.body = {password: 'rightpassword'};
req.session = {};
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.doLoginToPrivateSite(req, res, next);
Refactored private blogging app: use settings cache (#9086) no issue - preparation for #9001 - no need to require the settings API, we can simply fetch the data from the settings cache - the settings API uses the settings cache anyway
2017-10-03 13:40:53 +02:00
res.redirect.called.should.be.true();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
Updated private-sites to not redirect to full urls no-issue - Parse redirects as URL with blog as base - Redirect to the pathname property of parsed URL Credits: @j3ssie
2018-09-24 20:47:05 +07:00
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
it('doLoginToPrivateSite should redirect to "/" if r param is a full url', function () {
Updated private-sites to not redirect to full urls no-issue - Parse redirects as URL with blog as base - Redirect to the pathname property of parsed URL Credits: @j3ssie
2018-09-24 20:47:05 +07:00
req.body = {password: 'rightpassword'};
req.session = {};
req.query = {
r: encodeURIComponent('http://britney.com')
};
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
Updated private-sites to not redirect to full urls no-issue - Parse redirects as URL with blog as base - Redirect to the pathname property of parsed URL Credits: @j3ssie
2018-09-24 20:47:05 +07:00
Rename private blogging mw functions - This is just a nicety, trying to make it easier to follow the logic of private blogging
2020-06-15 20:55:59 +01:00
privateBlogging.doLoginToPrivateSite(req, res, next);
Updated private-sites to not redirect to full urls no-issue - Parse redirects as URL with blog as base - Redirect to the pathname property of parsed URL Credits: @j3ssie
2018-09-24 20:47:05 +07:00
res.redirect.called.should.be.true();
res.redirect.args[0][0].should.be.equal('/');
});
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
it('filterPrivateRoutes should 404 for /rss/ requests', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const salt = Date.now().toString();
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
req.url = req.path = '/rss/';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
Refactored tests to destructure `common` lib import (#11838)
2020-05-25 03:49:38 -05:00
(next.firstCall.args[0] instanceof errors.NotFoundError).should.eql(true);
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
});
it('filterPrivateRoutes should 404 for tag rss requests', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const salt = Date.now().toString();
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
req.url = req.path = '/tag/welcome/rss/';
req.session = {
token: hash('rightpassword', salt),
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
salt: salt
};
res.isPrivateBlog = true;
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
Refactored tests to destructure `common` lib import (#11838)
2020-05-25 03:49:38 -05:00
(next.firstCall.args[0] instanceof errors.NotFoundError).should.eql(true);
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
});
it('filterPrivateRoutes should return next if tag contains rss', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const salt = Date.now().toString();
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
req.url = req.path = '/tag/rss-test/';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
next.firstCall.args.length.should.equal(0);
});
it('filterPrivateRoutes should not 404 for very short post url', function () {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 16:44:27 +01:00
const salt = Date.now().toString();
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
req.url = req.path = '/ab/';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
🐛Fixed short urls when private blogging is enabled (#9628) close #9578 - updated condition to disable RSS for private blog - use regex - ensure private rss feed still works
2018-06-04 23:57:18 +07:00
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
next.firstCall.args.length.should.equal(0);
});
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
it('filterPrivateRoutes: allow private /rss/ feed', function () {
settingsStub.withArgs('public_hash').returns('777aaa');
req.url = req.originalUrl = req.path = '/777aaa/rss/';
req.params = {};
res.isPrivateBlog = true;
res.locals = {};
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
req.url.should.eql('/rss/');
});
it('filterPrivateRoutes: allow private rss feed e.g. tags', function () {
settingsStub.withArgs('public_hash').returns('777aaa');
req.url = req.originalUrl = req.path = '/tag/getting-started/777aaa/rss/';
req.params = {};
res.isPrivateBlog = true;
res.locals = {};
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
req.url.should.eql('/tag/getting-started/rss/');
});
it('[failure] filterPrivateRoutes: allow private rss feed e.g. tags', function () {
settingsStub.withArgs('public_hash').returns('777aaa');
req.url = req.originalUrl = req.path = '/tag/getting-started/rss/';
req.params = {};
res.isPrivateBlog = true;
res.locals = {};
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
res.redirect = sinon.spy();
✨ Private RSS feed (#9088) refs #9001 When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc. - add public hash for private blogging - auto generate on bootstrap if missing - global hash, we can re-use in the future - update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display - if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 12:07:32 +02:00
privateBlogging.filterPrivateRoutes(req, res, next);
res.redirect.called.should.be.true();
});
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 18:01:23 +02:00
});
});
});
});
Reference in a new issue Copy permalink