From 356d6ea031cf8639267fc0f5f27c283eeb0b9da8 Mon Sep 17 00:00:00 2001 From: Katharina Irrgang Date: Fri, 19 Aug 2016 13:02:07 +0200 Subject: [PATCH] fix: error handling when login via test env (#7228) no issue - add error protection for login via test env - extend route test: users_spec to get login with a different user working --- core/test/functional/routes/api/users_spec.js | 68 +++++++++++++------ core/test/utils/index.js | 11 +++ 2 files changed, 60 insertions(+), 19 deletions(-) diff --git a/core/test/functional/routes/api/users_spec.js b/core/test/functional/routes/api/users_spec.js index bafa34f6af..4768706b34 100644 --- a/core/test/functional/routes/api/users_spec.js +++ b/core/test/functional/routes/api/users_spec.js @@ -16,7 +16,7 @@ describe('User API', function () { ghost().then(function (ghostServer) { request = supertest.agent(ghostServer.rootApp); }).then(function () { - return testUtils.doAuth(request); + return testUtils.doAuth(request, 'users:roles:no-owner'); }).then(function (token) { ownerAccessToken = token; @@ -38,7 +38,9 @@ describe('User API', function () { describe('As Owner', function () { describe('Browse', function () { it('returns dates in ISO 8601 format', function (done) { - request.get(testUtils.API.getApiQuery('users/')) + // @TODO: postgres returns for default oder (last_login DESC) something else then sqlite + // @TODO: maybe related to https://github.com/TryGhost/Ghost/issues/6104 + request.get(testUtils.API.getApiQuery('users/?order=id%20ASC')) .set('Authorization', 'Bearer ' + ownerAccessToken) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) @@ -52,13 +54,16 @@ describe('User API', function () { should.exist(jsonResponse.users); testUtils.API.checkResponse(jsonResponse, 'users'); - jsonResponse.users.should.have.length(1); + jsonResponse.users.should.have.length(4); testUtils.API.checkResponse(jsonResponse.users[0], 'user'); - testUtils.API.isISO8601(jsonResponse.users[0].last_login).should.be.true(); testUtils.API.isISO8601(jsonResponse.users[0].created_at).should.be.true(); testUtils.API.isISO8601(jsonResponse.users[0].updated_at).should.be.true(); + testUtils.API.isISO8601(jsonResponse.users[2].last_login).should.be.true(); + testUtils.API.isISO8601(jsonResponse.users[2].created_at).should.be.true(); + testUtils.API.isISO8601(jsonResponse.users[2].updated_at).should.be.true(); + done(); }); }); @@ -79,7 +84,7 @@ describe('User API', function () { should.exist(jsonResponse.users); testUtils.API.checkResponse(jsonResponse, 'users'); - jsonResponse.users.should.have.length(1); + jsonResponse.users.should.have.length(4); testUtils.API.checkResponse(jsonResponse.users[0], 'user'); done(); }); @@ -101,7 +106,7 @@ describe('User API', function () { should.exist(jsonResponse.users); testUtils.API.checkResponse(jsonResponse, 'users'); - jsonResponse.users.should.have.length(1); + jsonResponse.users.should.have.length(4); testUtils.API.checkResponse(jsonResponse.users[0], 'user', 'roles'); done(); }); @@ -132,7 +137,7 @@ describe('User API', function () { }); it('can retrieve a user by id', function (done) { - request.get(testUtils.API.getApiQuery('users/1/')) + request.get(testUtils.API.getApiQuery('users/2/')) .set('Authorization', 'Bearer ' + ownerAccessToken) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) @@ -391,19 +396,44 @@ describe('User API', function () { }); describe('As Editor', function () { - it('can\'t edit a user', function (done) { - request.get(testUtils.API.getApiQuery('users/me/')) - .set('Authorization', 'Bearer ' + editorAccessToken) - .expect('Content-Type', /json/) - .expect('Cache-Control', testUtils.cacheRules.private) - .expect(401) - .end(function (err) { - if (err) { - return done(err); - } + describe('success cases', function () { + it('can edit himself', function (done) { + request.put(testUtils.API.getApiQuery('users/3/')) + .set('Authorization', 'Bearer ' + editorAccessToken) + .send({ + users: [{id: 3, name: 'test'}] + }) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(200) + .end(function (err) { + if (err) { + return done(err); + } - done(); - }); + done(); + }); + }); + }); + + describe('error cases', function () { + it('can\'t edit the owner', function (done) { + request.put(testUtils.API.getApiQuery('users/1/')) + .set('Authorization', 'Bearer ' + editorAccessToken) + .send({ + users: [{id: 1}] + }) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(403) + .end(function (err) { + if (err) { + return done(err); + } + + done(); + }); + }); }); }); }); diff --git a/core/test/utils/index.js b/core/test/utils/index.js index 386952d89a..ced9e28f18 100644 --- a/core/test/utils/index.js +++ b/core/test/utils/index.js @@ -237,6 +237,16 @@ fixtures = { }); }, + createUsersWithRolesWithoutOwner: function createUsersWithRolesWithoutOwner() { + var usersWithoutOwner = DataGenerator.forKnex.users.slice(1); + + return db.knex('roles').insert(DataGenerator.forKnex.roles).then(function () { + return db.knex('users').insert(usersWithoutOwner); + }).then(function () { + return db.knex('roles_users').insert(DataGenerator.forKnex.roles_users); + }); + }, + createExtraUsers: function createExtraUsers() { // grab 3 more users var extraUsers = DataGenerator.Content.users.slice(2, 5); @@ -415,6 +425,7 @@ toDoList = { return models.Settings.populateDefaults().then(function () { return SettingsAPI.updateSettingsCache(); }); }, 'users:roles': function createUsersWithRoles() { return fixtures.createUsersWithRoles(); }, + 'users:roles:no-owner': function createUsersWithRoles() { return fixtures.createUsersWithRolesWithoutOwner(); }, users: function createExtraUsers() { return fixtures.createExtraUsers(); }, 'user:token': function createTokensForUser() { return fixtures.createTokensForUser(); }, owner: function insertOwnerUser() { return fixtures.insertOwnerUser(); },