From 0fe573b1d0bfea4e388525ee626b70be0391c1dc Mon Sep 17 00:00:00 2001
From: Steve Larson <9larsons@gmail.com>
Date: Tue, 14 Nov 2023 13:31:41 -0600
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Redirected=20email=20previews=20?=
 =?UTF-8?q?to=20/email/=20route=20(#18976)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

closes TryGhost/Product#4136
- the `/p/` route is only intended for drafts, not published content
(e.g. sent newsletters)
- email-only posts (newsletters) do not get assigned a slug, and could
still be viewed at `/p/:uuid`, which didn't hide paid/member content
---
 .../services/routing/controllers/previews.js    |  5 +++++
 .../test/e2e-frontend/preview_routes.test.js    | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/ghost/core/core/frontend/services/routing/controllers/previews.js b/ghost/core/core/frontend/services/routing/controllers/previews.js
index 8769b999b6..0afa021472 100644
--- a/ghost/core/core/frontend/services/routing/controllers/previews.js
+++ b/ghost/core/core/frontend/services/routing/controllers/previews.js
@@ -53,6 +53,11 @@ module.exports = function previewController(req, res, next) {
                 return urlUtils.redirect301(res, routerManager.getUrlByResourceId(post.id, {withSubdirectory: true}));
             }
 
+            // published content should only resolve to /:slug or /email/:uuid - /p/:uuid is for drafts only in lieu of an actual preview api
+            if (post.status !== 'published' && post.email_only === true) {
+                return urlUtils.redirect301(res, urlUtils.urlJoin('/email', post.uuid, '/'));
+            }
+
             post.access = !!post.html;
 
             return renderer.renderEntry(req, res)(post);
diff --git a/ghost/core/test/e2e-frontend/preview_routes.test.js b/ghost/core/test/e2e-frontend/preview_routes.test.js
index 9258fe1b96..a6e56ec5e2 100644
--- a/ghost/core/test/e2e-frontend/preview_routes.test.js
+++ b/ghost/core/test/e2e-frontend/preview_routes.test.js
@@ -90,6 +90,23 @@ describe('Frontend Routing: Preview Routes', function () {
             .expect(assertCorrectFrontendHeaders);
     });
 
+    it('should redirect sent email-only posts to /email/:uuid from /p/:uuid', async function () {
+        // difficult to build a sent newsletter using the data generator
+        const emailedPost = await testUtils.fixtures.insertPosts([{
+            title: 'test newsletter',
+            status: 'sent',
+            posts_meta: {
+                email_only: true
+            }
+        }]);
+
+        await request.get(`/p/${emailedPost[0].get('uuid')}/`)
+            .expect(301)
+            .expect('Location', `/email/${emailedPost[0].get('uuid')}/`)
+            .expect('Cache-Control', testUtils.cacheRules.year)
+            .expect(assertCorrectFrontendHeaders);
+    });
+
     it('404s unknown uuids', async function () {
         request.get('/p/aac6b4f6-e1f3-406c-9247-c94a0496d39f/')
             .expect(404)