0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00

Setup hijacks owner user

closes #3074
- user generated by fixture is hijacked
- user is updated with name, email, password, slug and status
- creates new user if db is migrated but no user exists
- previously removed tests are back
This commit is contained in:
Sebastian Gierlinger 2014-07-10 19:29:51 +02:00
parent f0ce3f2d02
commit 215badc663
6 changed files with 59 additions and 28 deletions

View file

@ -242,10 +242,23 @@ users = {
* @param {User} object the user to create
* @returns {Promise(User}} Newly created user
*/
// TODO: remove when setup is implemented
// TODO: update when setup is moved
register: function register(object) {
// TODO: if we want to prevent users from being created with the signup form this is the right place to do it
return users.add(object, {context: {internal: true}});
var newUser;
return utils.checkObject(object, docName).then(function (checkedUserData) {
newUser = checkedUserData.users[0];
return dataProvider.User.findAll();
}).then(function (users) {
if (users.length > 0) {
return dataProvider.User.setup(newUser, {id: 1});
} else {
// TODO: needs to pass owner role when role endpoint is finished!
return dataProvider.User.add(newUser);
}
}).then(function (user) {
return { users: [user.toJSON()]};
});
},
/**

View file

@ -61,7 +61,7 @@ adminControllers = {
// Route: doSignup
// Path: /ghost/setup/
// Method: POST
'doSignup': function (req, res) {
'doSetup': function (req, res) {
var name = req.body.name,
email = req.body.email,
password = req.body.password,
@ -69,7 +69,8 @@ adminControllers = {
users = [{
name: name,
email: email,
password: password
password: password,
status: 'active'
}];
api.users.register({users: users}).then(function () {

View file

@ -96,7 +96,8 @@ User = ghostBookshelf.Model.extend({
findOne: ['withRelated'],
findAll: ['withRelated'],
add: ['user'],
edit: ['user', 'withRelated']
setup: ['user', 'id'],
edit: ['user', 'withRelated', 'id']
};
if (validOptions[methodName]) {
@ -160,11 +161,6 @@ User = ghostBookshelf.Model.extend({
options = this.filterOptions(options, 'add');
options.withRelated = _.union([ 'roles' ], options.include);
/**
* This only allows one user to be added to the database, otherwise fails.
* @param {object} user
* @author javorszky
*/
return validatePasswordLength(userData.password).then(function () {
return self.forge().fetch();
}).then(function () {
@ -194,6 +190,31 @@ User = ghostBookshelf.Model.extend({
});
},
setup: function (data, options) {
var self = this,
// Clone the _user so we don't expose the hashed password unnecessarily
userData = this.filterData(data);
options = this.filterOptions(options, 'setup');
options.withRelated = _.union([ 'roles' ], options.include);
return validatePasswordLength(userData.password).then(function () {
// Generate a new password hash
return generatePasswordHash(data.password);
}).then(function (hash) {
// Assign the hashed password
userData.password = hash;
// LookupGravatar
return self.gravatarLookup(userData);
}).then(function (userWithGravatar) {
userData = userWithGravatar;
// Generate a new slug
return ghostBookshelf.Model.generateSlug.call(this, User, userData.name, options);
}).then(function (slug) {
// Assign slug and save the updated user
userData.slug = slug;
return self.edit.call(self, userData, options);
});
},
permissable: function (userModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {
var self = this,
userModel = userModelOrId,

View file

@ -33,7 +33,7 @@ adminRoutes = function (middleware) {
res.redirect(301, subdir + '/ghost/signup/');
});
router.post('/ghost/setup/', admin.doSignup);
router.post('/ghost/setup/', admin.doSetup);
router.post('/ghost/upload/', middleware.busboy, admin.upload);
// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.

View file

@ -3,7 +3,7 @@
/*globals CasperTest, casper, testPost, newUser */
CasperTest.begin('Content screen is correct', 20, function suite(test) {
CasperTest.begin('Content screen is correct', 21, function suite(test) {
// First, create a sample post for testing (this should probably be a routine)
CasperTest.Routines.createTestPost.run(false);
@ -32,10 +32,9 @@ CasperTest.begin('Content screen is correct', 20, function suite(test) {
test.assertSelectorHasText(
'.content-preview header .status', 'Written', 'preview header contains "Written" when post is a draft'
);
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
// test.assertSelectorHasText(
// '.content-preview header .author', newUser.name, 'preview header contains author name'
// );
test.assertSelectorHasText(
'.content-preview header .author', newUser.name, 'preview header contains author name'
);
});
casper.then(function testEditPostButton() {
@ -67,7 +66,7 @@ CasperTest.begin('Content screen is correct', 20, function suite(test) {
});
});
CasperTest.begin('Content list shows correct post status', 6, function testStaticPageStatus(test) {
CasperTest.begin('Content list shows correct post status', 7, function testStaticPageStatus(test) {
CasperTest.Routines.createTestPost.run(true);
// Begin test
@ -90,10 +89,9 @@ CasperTest.begin('Content list shows correct post status', 6, function testStati
test.assertSelectorHasText(
'.content-preview header .status', 'Published', 'preview header contains "Published" when post is published'
);
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
// test.assertSelectorHasText(
// '.content-preview header .author', newUser.name, 'preview header contains author name'
// );
test.assertSelectorHasText(
'.content-preview header .author', newUser.name, 'preview header contains author name'
);
});
// Change post to static page

View file

@ -2,7 +2,7 @@
* Tests if RSS exists and is working
*/
/*globals url, CasperTest, casper */
CasperTest.begin('Ensure that RSS is available', 10, function suite(test) {
CasperTest.begin('Ensure that RSS is available', 11, function suite(test) {
CasperTest.Routines.togglePermalinks.run('off');
casper.thenOpen(url + 'rss/', function (response) {
var content = this.getPageContent(),
@ -24,13 +24,12 @@ CasperTest.begin('Ensure that RSS is available', 10, function suite(test) {
test.assert(content.indexOf(postStart) >= 0, 'Feed should contain start of welcome post content.');
test.assert(content.indexOf(postEnd) >= 0, 'Feed should contain end of welcome post content.');
test.assert(content.indexOf(postLink) >= 0, 'Feed should have link to the welcome post.');
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
// test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
test.assert(content.indexOf('</rss>') >= 0, 'Feed should contain </rss>');
});
}, false);
CasperTest.begin('Ensure that author element is not included. Only dc:creator', 2, function suite(test) {
CasperTest.begin('Ensure that author element is not included. Only dc:creator', 3, function suite(test) {
CasperTest.Routines.togglePermalinks.run('off');
casper.thenOpen(url + 'rss/', function (response) {
var content = this.getPageContent(),
@ -39,8 +38,7 @@ CasperTest.begin('Ensure that author element is not included. Only dc:creator',
test.assertEqual(response.status, 200, 'Response status should be 200.');
test.assert(content.indexOf(author) < 0, 'Author element should not be included');
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
// test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
});
}, false);