Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

🐛Fixed short urls when private blogging is enabled (#9628)

Browse source 
close #9578

- updated condition to disable RSS for private blog
- use regex
- ensure private rss feed still works
This commit is contained in:
Tien Do 2018-06-04 23:57:18 +07:00 committed by Katharina Irrgang
parent a993994d68
commit 3afc2654aa
2 changed files with 69 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/server/apps/private-blogging/lib/middleware.js
View file

@ -70,7 +70,7 @@ privateBlogging = {
// NOTE: Redirect to /private if the session does not exist.
privateBlogging.authenticatePrivateSession(req, res, function onSessionVerified() {
// CASE: RSS is disabled for private blogging e.g. they create overhead
if (req.path.lastIndexOf('/rss/', 0) === 0 || req.path.lastIndexOf('/rss/') === req.url.length - 5) {
if (req.path.match(/\/rss(\/?|\/\d+\/?)$/)) {
return next(new common.errors.NotFoundError({
message: common.i18n.t('errors.errors.pageNotFound')
}));

68
core/test/unit/apps/private-blogging/middleware_spec.js
View file

@ -259,6 +259,23 @@ describe('Private Blogging', function () {
(next.firstCall.args[0] instanceof common.errors.NotFoundError).should.eql(true);
});
it('filterPrivateRoutes should 404 for rss with pagination requests', function () {
var salt = Date.now().toString();
req.url = req.path = '/rss/1';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
res.redirect = sandbox.spy();
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
(next.firstCall.args[0] instanceof common.errors.NotFoundError).should.eql(true);
});
it('filterPrivateRoutes should 404 for tag rss requests', function () {
var salt = Date.now().toString();
req.url = req.path = '/tag/welcome/rss/';
@ -276,6 +293,57 @@ describe('Private Blogging', function () {
(next.firstCall.args[0] instanceof common.errors.NotFoundError).should.eql(true);
});
it('filterPrivateRoutes should 404 for tag rss with pagination requests', function () {
var salt = Date.now().toString();
req.url = req.path = '/tag/welcome/rss/2';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
res.redirect = sandbox.spy();
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
(next.firstCall.args[0] instanceof common.errors.NotFoundError).should.eql(true);
});
it('filterPrivateRoutes should return next if tag contains rss', function () {
var salt = Date.now().toString();
req.url = req.path = '/tag/rss-test/';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
res.redirect = sandbox.spy();
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
next.firstCall.args.length.should.equal(0);
});
it('filterPrivateRoutes should not 404 for very short post url', function () {
var salt = Date.now().toString();
req.url = req.path = '/ab/';
req.session = {
token: hash('rightpassword', salt),
salt: salt
};
res.isPrivateBlog = true;
res.redirect = sandbox.spy();
privateBlogging.filterPrivateRoutes(req, res, next);
next.called.should.be.true();
next.firstCall.args.length.should.equal(0);
});
it('filterPrivateRoutes: allow private /rss/ feed', function () {
settingsStub.withArgs('public_hash').returns('777aaa');