Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

Added test checking notifications are not editable through API

Browse source 
refs https://github.com/TryGhost/Team/issues/754

- `notifications` settings are part of a "core" group and should not be editable through non-internal API calls
This commit is contained in:
Naz 2021-06-28 11:59:38 +04:00
parent 3f2327c4d1
commit 23367ee0bb
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
test/regression/api/canary/admin/settings_spec.js
View file

@ -1226,6 +1226,21 @@ describe('Settings API (canary)', function () {
dbSettings.should.have.property('og_image', '__GHOST_URL__/content/images/og_image.png'); dbSettings.should.have.property('og_image', '__GHOST_URL__/content/images/og_image.png');
dbSettings.should.have.property('twitter_image', '__GHOST_URL__/content/images/twitter_image.png'); dbSettings.should.have.property('twitter_image', '__GHOST_URL__/content/images/twitter_image.png');
}); });
it('Cannot edit notifications key through API', async function () {
const settingsToChange = {
settings: [
{key: 'notifications', value: `anything`}
]
};
await request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(settingsToChange)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403);
});
}); });
describe('As Admin', function () { describe('As Admin', function () {