Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Removed GET settings/:key route

Browse source 
refs: https://github.com/TryGhost/Team/issues/1625

- there's not really a usecase for this route, so removing so we don't have to maintain it
This commit is contained in:
Hannah Wolfe 2022-05-13 23:02:39 +01:00
parent 37818a1b71
commit 705a72431d
No known key found for this signature in database
GPG key ID: AB586C3B5AE5C037
3 changed files with 6 additions and 270 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
core/server/web/api/canary/admin/routes.js
View file

@ -58,7 +58,6 @@ module.exports = function apiRoutes() {
); );
router.get('/settings', mw.authAdminApi, http(api.settings.browse)); router.get('/settings', mw.authAdminApi, http(api.settings.browse));
router.get('/settings/:key', mw.authAdminApi, http(api.settings.read));
router.put('/settings', mw.authAdminApi, http(api.settings.edit)); router.put('/settings', mw.authAdminApi, http(api.settings.edit));
router.get('/settings/members/email', http(api.settings.validateMembersEmailUpdate)); router.get('/settings/members/email', http(api.settings.validateMembersEmailUpdate));
router.post('/settings/members/email', mw.authAdminApi, http(api.settings.updateMembersEmail)); router.post('/settings/members/email', mw.authAdminApi, http(api.settings.updateMembersEmail));

11
test/e2e-api/admin/settings.test.js
View file

@ -59,17 +59,6 @@ describe('Settings API', function () {
}); });
}); });
it('Can read a setting', async function () {
await agent.get('settings/codeinjection_head/')
.expectStatus(200)
.matchBodySnapshot({
settings: [settingsMatcher]
})
.matchHeaderSnapshot({
etag: anyEtag
});
});
it('Can edit a setting', async function () { it('Can edit a setting', async function () {
const settingsToChange = [ const settingsToChange = [
{ {

264
test/regression/api/admin/settings.test.js
View file

@ -462,187 +462,17 @@ describe('Settings API (canary)', function () {
}); });
}); });
it('Can\'t read core setting', function () { it('Can edit newly introduced locale setting', function () {
return request return request.put(localUtils.API.getApiQuery('settings/'))
.get(localUtils.API.getApiQuery('settings/db_hash/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403);
});
it('Can\'t read secret setting', function (done) {
const key = 'stripe_secret_key';
request
.get(localUtils.API.getApiQuery(`settings/${key}/`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
const json = res.body;
should.exist(json);
should.exist(json.settings);
json.settings.length.should.eql(1);
json.settings[0].key.should.eql('stripe_secret_key');
should(json.settings[0].value).be.null();
done();
});
});
it('Can\'t read secret setting', function (done) {
const key = 'stripe_secret_key';
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url')) .set('Origin', config.get('url'))
.send({ .send({
settings: [{ settings: [{key: 'locale', value: 'ge'}]
key,
value: 'sk_test_4eC39HqLyjWDarjtT1zdp7dc'
}]
}) })
.then(() => {
request
.get(localUtils.API.getApiQuery(`settings/${key}/`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
const json = res.body;
should.exist(json);
should.exist(json.settings);
json.settings.length.should.eql(1);
json.settings[0].key.should.eql('stripe_secret_key');
json.settings[0].value.should.eql('••••••••');
done();
});
});
});
it('Can\'t read permalinks', function (done) {
request.get(localUtils.API.getApiQuery('settings/permalinks/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
done();
});
});
it('Can read slack_url introduced in v4', function (done) {
request.get(localUtils.API.getApiQuery('settings/slack_url/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
jsonResponse.settings[0].key.should.eql('slack_url');
done();
});
});
it('Can read labs', async function () {
const res = await request.get(localUtils.API.getApiQuery('settings/labs/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200);
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'group', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
const jsonObjectRegex = /^\{.*\}$/; // '{...}'
jsonResponse.settings[0].key.should.eql('labs');
jsonResponse.settings[0].value.should.match(jsonObjectRegex);
});
it('Can edit newly introduced locale setting', function () {
return request.get(localUtils.API.getApiQuery('settings/locale/'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.then(function (res) { .then(function (res) {
let jsonResponse = res.body; should.exist(res.headers['x-cache-invalidate']);
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings = [{key: 'locale', value: 'ge'}];
return jsonResponse;
})
.then((editedSetting) => {
return request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(editedSetting)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then(function (res) {
should.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'group', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
jsonResponse.settings[0].key.should.eql('locale');
jsonResponse.settings[0].value.should.eql('ge');
});
});
});
it('Can read timezone', function (done) {
request.get(localUtils.API.getApiQuery('settings/timezone/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body; const jsonResponse = res.body;
should.exist(jsonResponse); should.exist(jsonResponse);
@ -651,90 +481,8 @@ describe('Settings API (canary)', function () {
jsonResponse.settings.length.should.eql(1); jsonResponse.settings.length.should.eql(1);
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'group', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']); testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'group', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
jsonResponse.settings[0].key.should.eql('timezone'); jsonResponse.settings[0].key.should.eql('locale');
done(); jsonResponse.settings[0].value.should.eql('ge');
});
});
it('Can read slack renamed&reformatted in v4', function (done) {
request.get(localUtils.API.getApiQuery('settings/slack/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'group', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
jsonResponse.settings[0].key.should.eql('slack');
done();
});
});
it('Format of unsplash is boolean as introduced with v4', function (done) {
request.get(localUtils.API.getApiQuery('settings/unsplash/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'group', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
jsonResponse.settings[0].key.should.eql('unsplash');
JSON.parse(jsonResponse.settings[0].value).should.eql(true);
done();
});
});
it('Can\'t read non existent setting', function (done) {
request.get(localUtils.API.getApiQuery('settings/testsetting/'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.errors);
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
'message',
'context',
'type',
'details',
'property',
'help',
'code',
'id',
'ghostErrorCode'
]);
done();
}); });
}); });