Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

fix: error handling when login via test env (#7228)

Browse source 
no issue
- add error protection for login via test env
- extend route test: users_spec to get login with a different user working
This commit is contained in:
Katharina Irrgang 2016-08-19 13:02:07 +02:00 committed by Hannah Wolfe
parent 7fca4c8a4f
commit 356d6ea031
2 changed files with 60 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
core/test/functional/routes/api/users_spec.js
View file

@ -16,7 +16,7 @@ describe('User API', function () {
ghost().then(function (ghostServer) {
request = supertest.agent(ghostServer.rootApp);
}).then(function () {
return testUtils.doAuth(request);
return testUtils.doAuth(request, 'users:roles:no-owner');
}).then(function (token) {
ownerAccessToken = token;
@ -38,7 +38,9 @@ describe('User API', function () {
describe('As Owner', function () {
describe('Browse', function () {
it('returns dates in ISO 8601 format', function (done) {
request.get(testUtils.API.getApiQuery('users/'))
// @TODO: postgres returns for default oder (last_login DESC) something else then sqlite
// @TODO: maybe related to https://github.com/TryGhost/Ghost/issues/6104
request.get(testUtils.API.getApiQuery('users/?order=id%20ASC'))
.set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
@ -52,13 +54,16 @@ describe('User API', function () {
should.exist(jsonResponse.users);
testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1);
jsonResponse.users.should.have.length(4);
testUtils.API.checkResponse(jsonResponse.users[0], 'user');
testUtils.API.isISO8601(jsonResponse.users[0].last_login).should.be.true();
testUtils.API.isISO8601(jsonResponse.users[0].created_at).should.be.true();
testUtils.API.isISO8601(jsonResponse.users[0].updated_at).should.be.true();
testUtils.API.isISO8601(jsonResponse.users[2].last_login).should.be.true();
testUtils.API.isISO8601(jsonResponse.users[2].created_at).should.be.true();
testUtils.API.isISO8601(jsonResponse.users[2].updated_at).should.be.true();
done();
});
});
@ -79,7 +84,7 @@ describe('User API', function () {
should.exist(jsonResponse.users);
testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1);
jsonResponse.users.should.have.length(4);
testUtils.API.checkResponse(jsonResponse.users[0], 'user');
done();
});
@ -101,7 +106,7 @@ describe('User API', function () {
should.exist(jsonResponse.users);
testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1);
jsonResponse.users.should.have.length(4);
testUtils.API.checkResponse(jsonResponse.users[0], 'user', 'roles');
done();
});
@ -132,7 +137,7 @@ describe('User API', function () {
});
it('can retrieve a user by id', function (done) {
request.get(testUtils.API.getApiQuery('users/1/'))
request.get(testUtils.API.getApiQuery('users/2/'))
.set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
@ -391,19 +396,44 @@ describe('User API', function () {
});
describe('As Editor', function () {
it('can\'t edit a user', function (done) {
request.get(testUtils.API.getApiQuery('users/me/'))
.set('Authorization', 'Bearer ' + editorAccessToken)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(401)
.end(function (err) {
if (err) {
return done(err);
}
describe('success cases', function () {
it('can edit himself', function (done) {
request.put(testUtils.API.getApiQuery('users/3/'))
.set('Authorization', 'Bearer ' + editorAccessToken)
.send({
users: [{id: 3, name: 'test'}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err) {
if (err) {
return done(err);
}
done();
});
done();
});
});
});
describe('error cases', function () {
it('can\'t edit the owner', function (done) {
request.put(testUtils.API.getApiQuery('users/1/'))
.set('Authorization', 'Bearer ' + editorAccessToken)
.send({
users: [{id: 1}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403)
.end(function (err) {
if (err) {
return done(err);
}
done();
});
});
});
});
});

11
core/test/utils/index.js
View file

@ -237,6 +237,16 @@ fixtures = {
});
},
createUsersWithRolesWithoutOwner: function createUsersWithRolesWithoutOwner() {
var usersWithoutOwner = DataGenerator.forKnex.users.slice(1);
return db.knex('roles').insert(DataGenerator.forKnex.roles).then(function () {
return db.knex('users').insert(usersWithoutOwner);
}).then(function () {
return db.knex('roles_users').insert(DataGenerator.forKnex.roles_users);
});
},
createExtraUsers: function createExtraUsers() {
// grab 3 more users
var extraUsers = DataGenerator.Content.users.slice(2, 5);
@ -415,6 +425,7 @@ toDoList = {
return models.Settings.populateDefaults().then(function () { return SettingsAPI.updateSettingsCache(); });
},
'users:roles': function createUsersWithRoles() { return fixtures.createUsersWithRoles(); },
'users:roles:no-owner': function createUsersWithRoles() { return fixtures.createUsersWithRolesWithoutOwner(); },
users: function createExtraUsers() { return fixtures.createExtraUsers(); },
'user:token': function createTokensForUser() { return fixtures.createTokensForUser(); },
owner: function insertOwnerUser() { return fixtures.insertOwnerUser(); },