0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00

🐛 Fixed broken access to preview of scheduled email-only posts (#19539)

no issue

- we recently added a redirect to disable access to the preview endpoint for sent email-only posts but the condition was too broad and also disabled access to scheduled email-only posts
- adjusted so we only apply the /p/ -> /email/ redirect for sent posts
This commit is contained in:
Kevin Ansfield 2024-01-22 14:20:50 +00:00 committed by GitHub
parent f4e20ad247
commit 15897096b0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 20 additions and 3 deletions

View file

@ -49,12 +49,13 @@ module.exports = function previewController(req, res, next) {
return next();
}
// published content should only resolve to /:slug - /p/:uuid is for drafts only in lieu of an actual preview api
if (post.status === 'published') {
return urlUtils.redirect301(res, routerManager.getUrlByResourceId(post.id, {withSubdirectory: true}));
}
// published content should only resolve to /:slug or /email/:uuid - /p/:uuid is for drafts only in lieu of an actual preview api
if (post.status !== 'published' && post.email_only === true) {
// once an email-only post has been sent it shouldn't be available via /p/ to avoid leaking members-only content
if (post.status === 'sent') {
return urlUtils.redirect301(res, urlUtils.urlJoin('/email', post.uuid, '/'));
}

View file

@ -9,6 +9,7 @@ const supertest = require('supertest');
const cheerio = require('cheerio');
const testUtils = require('../utils');
const config = require('../../core/shared/config');
const {DateTime} = require('luxon');
let request;
function assertCorrectFrontendHeaders(res) {
@ -90,8 +91,23 @@ describe('Frontend Routing: Preview Routes', function () {
.expect(assertCorrectFrontendHeaders);
});
it('should render scheduled email-only posts', async function () {
const scheduledEmail = await testUtils.fixtures.insertPosts([{
title: 'test newsletter',
status: 'scheduled',
published_at: DateTime.now().plus({days: 1}).toISODate(),
posts_meta: {
email_only: true
}
}]);
await request.get(`/p/${scheduledEmail[0].get('uuid')}/`)
.expect('Content-Type', /html/)
.expect(200)
.expect(assertCorrectFrontendHeaders);
});
it('should redirect sent email-only posts to /email/:uuid from /p/:uuid', async function () {
// difficult to build a sent newsletter using the data generator
const emailedPost = await testUtils.fixtures.insertPosts([{
title: 'test newsletter',
status: 'sent',