🐛 Fixed email address not being returned with admin api key authentication

no issue - bug in model layer - we have to drop these context checks when dropping v0.1
2025-01-06 22:40:14 -05:00 · 2019-03-06 10:17:41 +01:00 · 2019-03-06 10:17:41 +01:00 · 5b73e8238e
commit 5b73e8238e
parent fba277ce1d
5 changed files with 23 additions and 8 deletions
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@ -219,7 +219,8 @@ User = ghostBookshelf.Model.extend({

        // NOTE: We don't expose the email address for for external, app and public context.
        // @TODO: Why? External+Public is actually the same context? Was also mentioned here https://github.com/TryGhost/Ghost/issues/9043
-        if (!options || !options.context || (!options.context.user && !options.context.internal)) {
+        // @TODO: move to api serialization when we drop v0.1
+        if (!options || !options.context || (!options.context.user && !options.context.internal && (!options.context.api_key || options.context.api_key.type === 'content'))) {
            delete attrs.email;
        }

--- a/core/test/acceptance/old/admin/key_authentication_spec.js
+++ b/core/test/acceptance/old/admin/key_authentication_spec.js
@ -64,4 +64,17 @@ describe('Admin API key authentication', function () {
                res.body.posts[0].authors.length.should.eql(1);
            });
    });
+
+    it('Can read users', function () {
+        return request
+            .get(localUtils.API.getApiQuery('users/'))
+            .set('Origin', config.get('url'))
+            .set('Authorization', `Ghost ${localUtils.getValidAdminToken('/v2/admin/')}`)
+            .expect('Content-Type', /json/)
+            .expect('Cache-Control', testUtils.cacheRules.private)
+            .expect(200)
+            .then((res) => {
+                localUtils.API.checkResponse(res.body.users[0], 'user');
+            });
+    });
 });
--- a/core/test/acceptance/old/admin/posts_spec.js
+++ b/core/test/acceptance/old/admin/posts_spec.js
@ -249,7 +249,7 @@ describe('Posts API', function () {
                localUtils.API.checkResponse(jsonResponse.posts[0], 'post');

                jsonResponse.posts[0].authors[0].should.be.an.Object();
-                localUtils.API.checkResponse(jsonResponse.posts[0].authors[0], 'user', ['url']);
+                localUtils.API.checkResponse(jsonResponse.posts[0].authors[0], 'user');

                jsonResponse.posts[0].tags[0].should.be.an.Object();
                localUtils.API.checkResponse(jsonResponse.posts[0].tags[0], 'tag', ['url']);
--- a/core/test/acceptance/old/admin/users_spec.js
+++ b/core/test/acceptance/old/admin/users_spec.js
@ -67,7 +67,7 @@ describe('User API', function () {
                // and two extra users, see createUser in before
                jsonResponse.users.should.have.length(4);

-                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['url']);
+                localUtils.API.checkResponse(jsonResponse.users[0], 'user');

                jsonResponse.users[0].email.should.eql(admin.email);
                jsonResponse.users[0].status.should.eql(admin.status);
@ -108,7 +108,7 @@ describe('User API', function () {
                localUtils.API.checkResponse(jsonResponse, 'users');

                jsonResponse.users.should.have.length(4);
-                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles', 'url']);
+                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
                done();
            });
    });
@ -147,7 +147,7 @@ describe('User API', function () {
                should.not.exist(jsonResponse.meta);

                jsonResponse.users.should.have.length(1);
-                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles', 'count', 'url']);
+                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles', 'count']);
                localUtils.API.checkResponse(jsonResponse.users[0].roles[0], 'role', ['permissions']);
                done();
            });
@ -170,7 +170,7 @@ describe('User API', function () {
                should.not.exist(jsonResponse.meta);

                jsonResponse.users.should.have.length(1);
-                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['url']);
+                localUtils.API.checkResponse(jsonResponse.users[0], 'user');
                done();
            });
    });
@ -192,7 +192,7 @@ describe('User API', function () {
                should.not.exist(jsonResponse.meta);

                jsonResponse.users.should.have.length(1);
-                localUtils.API.checkResponse(jsonResponse.users[0], 'user', ['url']);
+                localUtils.API.checkResponse(jsonResponse.users[0], 'user');
                done();
            });
    });
@ -219,7 +219,7 @@ describe('User API', function () {
                should.exist(putBody.users[0]);
                putBody.users[0].website.should.eql('http://joe-bloggs.ghost.org');
                putBody.users[0].email.should.eql('jbloggs@example.com');
-                localUtils.API.checkResponse(putBody.users[0], 'user', ['url']);
+                localUtils.API.checkResponse(putBody.users[0], 'user');

                should.not.exist(putBody.users[0].password);

--- a/core/test/acceptance/old/admin/utils.js
+++ b/core/test/acceptance/old/admin/utils.js
@ -61,6 +61,7 @@ const expectedProperties = {
        .without('locale')
        .without('ghost_auth_access_token')
        .without('ghost_auth_id')
+        .concat('url')
    ,
    tag: _(schema.tags)
        .keys()