mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
🐛 Fixed broken access to preview of scheduled email-only posts (#19539)
no issue - we recently added a redirect to disable access to the preview endpoint for sent email-only posts but the condition was too broad and also disabled access to scheduled email-only posts - adjusted so we only apply the /p/ -> /email/ redirect for sent posts
This commit is contained in:
parent
f4e20ad247
commit
15897096b0
2 changed files with 20 additions and 3 deletions
|
@ -49,12 +49,13 @@ module.exports = function previewController(req, res, next) {
|
|||
return next();
|
||||
}
|
||||
|
||||
// published content should only resolve to /:slug - /p/:uuid is for drafts only in lieu of an actual preview api
|
||||
if (post.status === 'published') {
|
||||
return urlUtils.redirect301(res, routerManager.getUrlByResourceId(post.id, {withSubdirectory: true}));
|
||||
}
|
||||
|
||||
// published content should only resolve to /:slug or /email/:uuid - /p/:uuid is for drafts only in lieu of an actual preview api
|
||||
if (post.status !== 'published' && post.email_only === true) {
|
||||
// once an email-only post has been sent it shouldn't be available via /p/ to avoid leaking members-only content
|
||||
if (post.status === 'sent') {
|
||||
return urlUtils.redirect301(res, urlUtils.urlJoin('/email', post.uuid, '/'));
|
||||
}
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ const supertest = require('supertest');
|
|||
const cheerio = require('cheerio');
|
||||
const testUtils = require('../utils');
|
||||
const config = require('../../core/shared/config');
|
||||
const {DateTime} = require('luxon');
|
||||
let request;
|
||||
|
||||
function assertCorrectFrontendHeaders(res) {
|
||||
|
@ -90,8 +91,23 @@ describe('Frontend Routing: Preview Routes', function () {
|
|||
.expect(assertCorrectFrontendHeaders);
|
||||
});
|
||||
|
||||
it('should render scheduled email-only posts', async function () {
|
||||
const scheduledEmail = await testUtils.fixtures.insertPosts([{
|
||||
title: 'test newsletter',
|
||||
status: 'scheduled',
|
||||
published_at: DateTime.now().plus({days: 1}).toISODate(),
|
||||
posts_meta: {
|
||||
email_only: true
|
||||
}
|
||||
}]);
|
||||
|
||||
await request.get(`/p/${scheduledEmail[0].get('uuid')}/`)
|
||||
.expect('Content-Type', /html/)
|
||||
.expect(200)
|
||||
.expect(assertCorrectFrontendHeaders);
|
||||
});
|
||||
|
||||
it('should redirect sent email-only posts to /email/:uuid from /p/:uuid', async function () {
|
||||
// difficult to build a sent newsletter using the data generator
|
||||
const emailedPost = await testUtils.fixtures.insertPosts([{
|
||||
title: 'test newsletter',
|
||||
status: 'sent',
|
||||
|
|
Loading…
Add table
Reference in a new issue