mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-03 23:00:14 -05:00
Fix tests failing because of spam protection
closes #3128 (now really) - added express variable disableLoginLimiter - added disableLoginLimiter to all tests that use Ghost as module and do authentication - fixed isSetup not working for status other than active - removed ‚Ensure a User is Registered‘ test as this is covered by the new setup test
This commit is contained in:
Sebastian Gierlinger
parent
42f461cb6d
commit
ab456638c1
11 changed files with 29 additions and 52 deletions
|
|
@ -127,8 +127,17 @@ authentication = {
|
|||
},
|
||||
|
||||
isSetup: function () {
|
||||
return dataProvider.User.findOne({status: 'active'}).then(function (user) {
|
||||
if (user) {
|
||||
|
||||
return dataProvider.User.query(function (qb) {
|
||||
qb.where('status', '=', 'active')
|
||||
.orWhere('status', '=', 'warn-1')
|
||||
.orWhere('status', '=', 'warn-2')
|
||||
.orWhere('status', '=', 'warn-3')
|
||||
.orWhere('status', '=', 'warn-4')
|
||||
.orWhere('status', '=', 'locked');
|
||||
}).fetch().then(function (users) {
|
||||
|
||||
if (users) {
|
||||
return when.resolve({ setup: [{status: true}]});
|
||||
} else {
|
||||
return when.resolve({ setup: [{status: false}]});
|
||||
|
|
|
|||
|
|
@ -168,7 +168,7 @@ var middleware = {
|
|||
return (logTime.ip === remoteAddress);
|
||||
});
|
||||
|
||||
if (!denied) {
|
||||
if (!denied || expressServer.get('disableLoginLimiter') === true) {
|
||||
loginSecurity.push({ip: remoteAddress, time: currentTime});
|
||||
next();
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -3,38 +3,8 @@
|
|||
|
||||
/*globals CasperTest, casper, url, newUser, user, falseUser */
|
||||
|
||||
// TODO fix signup vs setup testing
|
||||
CasperTest.begin('Ensure a User is Registered', 3, function suite(test) {
|
||||
casper.thenOpenAndWaitForPageLoad('setup', function checkUrl() {
|
||||
test.assertUrlMatch(/ghost\/setup\/$/, 'Landed on the correct URL');
|
||||
});
|
||||
|
||||
casper.waitForOpaque('.setup-box',
|
||||
function then() {
|
||||
this.fillAndAdd('#setup', newSetup);
|
||||
},
|
||||
function onTimeout() {
|
||||
test.fail('Set up form didn\'t fade in.');
|
||||
});
|
||||
|
||||
casper.captureScreenshot('login_register_test.png');
|
||||
|
||||
casper.waitForSelectorTextChange('.notification-error', function onSuccess() {
|
||||
test.assertSelectorHasText('.notification-error', 'already registered');
|
||||
// If the previous assert succeeds, then we should skip the next check and just pass.
|
||||
casper.echoConcise('Already registered!');
|
||||
casper.captureScreenshot('already_registered.png');
|
||||
}, function onTimeout() {
|
||||
test.assertUrlMatch(/ghost\/\d+\/$/, 'If we\'re not already registered, we should be logged in.');
|
||||
casper.echoConcise('Successfully registered.');
|
||||
}, 2000);
|
||||
|
||||
casper.thenOpenAndWaitForPageLoad('signout', function then() {
|
||||
test.assertUrlMatch(/ghost\/signin/, 'We got redirected to signin page.');
|
||||
});
|
||||
}, true);
|
||||
|
||||
CasperTest.begin('Ghost admin will load login page', 3, function suite(test) {
|
||||
CasperTest.Routines.signout.run(test);
|
||||
casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
|
||||
test.assertTitle('Ghost Admin', 'Ghost admin has no title');
|
||||
test.assertUrlMatch(/ghost\/signin\/$/, 'We should be presented with the signin page.');
|
||||
|
|
@ -48,21 +18,20 @@ CasperTest.begin('Ghost admin will load login page', 3, function suite(test) {
|
|||
test.assert(link === '/ghost/forgotten/', 'Has correct forgotten password link');
|
||||
});
|
||||
});
|
||||
}, true);
|
||||
});
|
||||
|
||||
// Note, this test applies to a global redirect, which sends us to the standard admin.
|
||||
// Once Ember becomes the standard admin, this test should still pass.
|
||||
CasperTest.begin('Redirects login to signin', 2, function suite(test) {
|
||||
CasperTest.Routines.signout.run(test);
|
||||
casper.start(url + 'ghost/login/', function testRedirect(response) {
|
||||
test.assertEqual(response.status, 200, 'Response status should be 200.');
|
||||
test.assertUrlMatch(/ghost\/signin\//, 'Should be redirected to /signin/.');
|
||||
});
|
||||
}, true);
|
||||
});
|
||||
|
||||
|
||||
CasperTest.begin('Can\'t spam it', 4, function suite(test) {
|
||||
// init user to prevent redirect to setup
|
||||
CasperTest.Routines.setup.run(test);
|
||||
CasperTest.Routines.signout.run(test);
|
||||
|
||||
casper.thenOpenAndWaitForPageLoad('signin', function testTitle() {
|
||||
|
|
@ -97,11 +66,9 @@ CasperTest.begin('Can\'t spam it', 4, function suite(test) {
|
|||
// This test causes the spam notification
|
||||
// add a wait to ensure future tests don't get tripped up by this.
|
||||
casper.wait(2000);
|
||||
}, true);
|
||||
});
|
||||
|
||||
CasperTest.begin('Login limit is in place', 4, function suite(test) {
|
||||
// init user to prevent redirect to setup
|
||||
CasperTest.Routines.setup.run(test);
|
||||
CasperTest.Routines.signout.run(test);
|
||||
|
||||
casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
|
||||
|
|
@ -130,11 +97,9 @@ CasperTest.begin('Login limit is in place', 4, function suite(test) {
|
|||
// This test used login, add a wait to
|
||||
// ensure future tests don't get tripped up by this.
|
||||
casper.wait(2000);
|
||||
}, true);
|
||||
});
|
||||
|
||||
CasperTest.begin('Can login to Ghost', 5, function suite(test) {
|
||||
// init user
|
||||
CasperTest.Routines.setup.run(test);
|
||||
CasperTest.Routines.signout.run(test);
|
||||
|
||||
casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
|
||||
|
|
@ -155,11 +120,9 @@ CasperTest.begin('Can login to Ghost', 5, function suite(test) {
|
|||
}, function onTimeOut() {
|
||||
test.fail('Failed to signin');
|
||||
});
|
||||
}, true);
|
||||
});
|
||||
|
||||
CasperTest.begin('Authenticated user is redirected', 8, function suite(test) {
|
||||
// init user
|
||||
CasperTest.Routines.setup.run(test);
|
||||
CasperTest.Routines.signout.run(test);
|
||||
|
||||
casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
|
||||
|
|
@ -188,12 +151,10 @@ CasperTest.begin('Authenticated user is redirected', 8, function suite(test) {
|
|||
}, function onTimeOut() {
|
||||
test.fail('Failed to redirect');
|
||||
});
|
||||
}, true);
|
||||
});
|
||||
|
||||
|
||||
CasperTest.begin('Ensure email field form validation', 3, function suite(test) {
|
||||
// init user to prevent redirect to setup
|
||||
CasperTest.Routines.setup.run(test);
|
||||
CasperTest.Routines.signout.run(test);
|
||||
|
||||
casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
|
||||
|
|
@ -217,4 +178,4 @@ CasperTest.begin('Ensure email field form validation', 3, function suite(test) {
|
|||
test.fail('Email validation error did not appear');
|
||||
}, 2000);
|
||||
|
||||
}, true);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ describe('DB API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({app: app}).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ describe('Unauthorized', function () {
|
|||
});
|
||||
|
||||
|
||||
describe('Unauthorized', function () {
|
||||
describe('Unauthorized API', function () {
|
||||
it('can\'t retrieve posts', function (done) {
|
||||
request.get(testUtils.API.getApiQuery('posts/'))
|
||||
.expect(401)
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ describe('Notifications API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({app: app}).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ describe('Post API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({app: app}).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ describe('Settings API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({app: app}).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ describe('Slug API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({ app: app }).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ describe('Tag API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({app: app}).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ describe('User API', function () {
|
|||
|
||||
before(function (done) {
|
||||
var app = express();
|
||||
app.set('disableLoginLimiter', true);
|
||||
|
||||
ghost({app: app}).then(function (_httpServer) {
|
||||
httpServer = _httpServer;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue