0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00

Added tests for content api brute force protection (#10344)

no-issue
This commit is contained in:
Fabien O'Carroll 2019-01-07 21:25:19 +07:00 committed by GitHub
parent d5bf6dc1c8
commit 9ce160df78
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 0 deletions

View file

@ -0,0 +1,17 @@
const should = require('should');
const middleware = require('../../../../../../server/web/api/v2/content/middleware');
describe('Content Api v2 middleware', function () {
it('exports an authenticatePublic middleware', function () {
should.exist(middleware.authenticatePublic);
});
describe('authenticatePublic', function () {
it('uses brute content api middleware as the first middleware in the chain', function () {
const firstMiddleware = middleware.authenticatePublic[0];
const brute = require('../../../../../../server/web/shared/middlewares/brute');
should.equal(firstMiddleware, brute.contentApiKey);
});
});
});

View file

@ -0,0 +1,17 @@
const should = require('should');
const spamPrevention = require('../../../../../../server/web/shared/middlewares/api/spam-prevention');
describe('Spam Prevention', function () {
it('exports a contentApiKey method', function () {
should.equal(typeof spamPrevention.contentApiKey, 'function');
});
describe('contentApiKey method', function () {
it('returns an instance of express-brute', function () {
const ExpressBrute = require('express-brute');
const result = spamPrevention.contentApiKey();
should.equal(result instanceof ExpressBrute, true);
});
});
});

View file

@ -0,0 +1,27 @@
const should = require('should');
const sinon = require('sinon');
const brute = require('../../../../../server/web/shared/middlewares/brute');
describe('brute middleware', function () {
it('exports a contentApiKey method', function () {
should.equal(typeof brute.contentApiKey, 'function');
});
describe('contentApiKey', function () {
it('calls the contentApiKey method of spam prevention', function () {
const spamPrevention = require('../../../../../server/web/shared/middlewares/api/spam-prevention');
const contentApiKeyStub = sinon.stub(spamPrevention, 'contentApiKey');
// CASE: we don't care about what params it takes
// just whether it calls the spam prevention stuff
try {
brute.contentApiKey();
} catch (err) {
// I don't care
} finally {
should.equal(contentApiKeyStub.called, true);
contentApiKeyStub.reset();
}
});
});
});