From ab456638c1c4e0642599ae48cc1012f77a6782c4 Mon Sep 17 00:00:00 2001
From: Sebastian Gierlinger <s.gierlinger@me.com>
Date: Thu, 17 Jul 2014 14:22:32 +0200
Subject: [PATCH] Fix tests failing because of spam protection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

closes #3128 (now really)
- added express variable disableLoginLimiter
- added disableLoginLimiter to all tests that use Ghost as module and
do authentication
- fixed isSetup not working for status other than active
- removed ‚Ensure a User is Registered‘ test as this is covered by the
new setup test
---
 core/server/api/authentication.js             | 13 ++++-
 core/server/middleware/middleware.js          |  2 +-
 core/test/functional/client/signin_test.js    | 57 +++----------------
 core/test/functional/routes/api/db_test.js    |  1 +
 core/test/functional/routes/api/error_test.js |  2 +-
 .../routes/api/notifications_test.js          |  1 +
 core/test/functional/routes/api/posts_test.js |  1 +
 .../functional/routes/api/settings_test.js    |  1 +
 core/test/functional/routes/api/slugs_test.js |  1 +
 core/test/functional/routes/api/tags_test.js  |  1 +
 core/test/functional/routes/api/users_test.js |  1 +
 11 files changed, 29 insertions(+), 52 deletions(-)

diff --git a/core/server/api/authentication.js b/core/server/api/authentication.js
index 180f8dcac2..755ae9d42b 100644
--- a/core/server/api/authentication.js
+++ b/core/server/api/authentication.js
@@ -127,8 +127,17 @@ authentication = {
     },
 
     isSetup: function () {
-        return dataProvider.User.findOne({status: 'active'}).then(function (user) {
-            if (user) {
+
+        return dataProvider.User.query(function (qb) {
+                qb.where('status', '=', 'active')
+                    .orWhere('status', '=', 'warn-1')
+                    .orWhere('status', '=', 'warn-2')
+                    .orWhere('status', '=', 'warn-3')
+                    .orWhere('status', '=', 'warn-4')
+                    .orWhere('status', '=', 'locked');
+            }).fetch().then(function (users) {
+
+            if (users) {
                 return when.resolve({ setup: [{status: true}]});
             } else {
                 return when.resolve({ setup: [{status: false}]});
diff --git a/core/server/middleware/middleware.js b/core/server/middleware/middleware.js
index 0d6a68513d..c8bc7b1bdf 100644
--- a/core/server/middleware/middleware.js
+++ b/core/server/middleware/middleware.js
@@ -168,7 +168,7 @@ var middleware = {
             return (logTime.ip === remoteAddress);
         });
 
-        if (!denied) {
+        if (!denied || expressServer.get('disableLoginLimiter') === true) {
             loginSecurity.push({ip: remoteAddress, time: currentTime});
             next();
         } else {
diff --git a/core/test/functional/client/signin_test.js b/core/test/functional/client/signin_test.js
index ef6ed6b791..5d0b5b4b3c 100644
--- a/core/test/functional/client/signin_test.js
+++ b/core/test/functional/client/signin_test.js
@@ -3,38 +3,8 @@
 
 /*globals CasperTest, casper, url, newUser, user, falseUser */
 
-// TODO fix signup vs setup testing
-CasperTest.begin('Ensure a User is Registered', 3, function suite(test) {
-   casper.thenOpenAndWaitForPageLoad('setup', function checkUrl() {
-       test.assertUrlMatch(/ghost\/setup\/$/, 'Landed on the correct URL');
-   });
-
-   casper.waitForOpaque('.setup-box',
-       function then() {
-           this.fillAndAdd('#setup', newSetup);
-       },
-       function onTimeout() {
-           test.fail('Set up form didn\'t fade in.');
-       });
-
-   casper.captureScreenshot('login_register_test.png');
-
-   casper.waitForSelectorTextChange('.notification-error', function onSuccess() {
-       test.assertSelectorHasText('.notification-error', 'already registered');
-       // If the previous assert succeeds, then we should skip the next check and just pass.
-       casper.echoConcise('Already registered!');
-       casper.captureScreenshot('already_registered.png');
-   }, function onTimeout() {
-       test.assertUrlMatch(/ghost\/\d+\/$/, 'If we\'re not already registered, we should be logged in.');
-       casper.echoConcise('Successfully registered.');
-   }, 2000);
-
-   casper.thenOpenAndWaitForPageLoad('signout', function then() {
-       test.assertUrlMatch(/ghost\/signin/, 'We got redirected to signin page.');
-   });
-}, true);
-
 CasperTest.begin('Ghost admin will load login page', 3, function suite(test) {
+    CasperTest.Routines.signout.run(test);
     casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
         test.assertTitle('Ghost Admin', 'Ghost admin has no title');
         test.assertUrlMatch(/ghost\/signin\/$/, 'We should be presented with the signin page.');
@@ -48,21 +18,20 @@ CasperTest.begin('Ghost admin will load login page', 3, function suite(test) {
             test.assert(link === '/ghost/forgotten/', 'Has correct forgotten password link');
         });
     });
-}, true);
+});
 
 // Note, this test applies to a global redirect, which sends us to the standard admin.
 // Once Ember becomes the standard admin, this test should still pass.
 CasperTest.begin('Redirects login to signin', 2, function suite(test) {
+    CasperTest.Routines.signout.run(test);
     casper.start(url + 'ghost/login/', function testRedirect(response) {
         test.assertEqual(response.status, 200, 'Response status should be 200.');
         test.assertUrlMatch(/ghost\/signin\//, 'Should be redirected to /signin/.');
     });
-}, true);
+});
 
 
 CasperTest.begin('Can\'t spam it', 4, function suite(test) {
-    // init user to prevent redirect to setup
-    CasperTest.Routines.setup.run(test);
     CasperTest.Routines.signout.run(test);
 
     casper.thenOpenAndWaitForPageLoad('signin', function testTitle() {
@@ -97,11 +66,9 @@ CasperTest.begin('Can\'t spam it', 4, function suite(test) {
     // This test causes the spam notification
     // add a wait to ensure future tests don't get tripped up by this.
     casper.wait(2000);
-}, true);
+});
 
 CasperTest.begin('Login limit is in place', 4, function suite(test) {
-    // init user to prevent redirect to setup
-    CasperTest.Routines.setup.run(test);
     CasperTest.Routines.signout.run(test);
 
     casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
@@ -130,11 +97,9 @@ CasperTest.begin('Login limit is in place', 4, function suite(test) {
     // This test used login, add a wait to
     // ensure future tests don't get tripped up by this.
     casper.wait(2000);
-}, true);
+});
 
 CasperTest.begin('Can login to Ghost', 5, function suite(test) {
-    // init user
-    CasperTest.Routines.setup.run(test);
     CasperTest.Routines.signout.run(test);
 
     casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
@@ -155,11 +120,9 @@ CasperTest.begin('Can login to Ghost', 5, function suite(test) {
     }, function onTimeOut() {
         test.fail('Failed to signin');
     });
-}, true);
+});
 
 CasperTest.begin('Authenticated user is redirected', 8, function suite(test) {
-    // init user
-    CasperTest.Routines.setup.run(test);
     CasperTest.Routines.signout.run(test);
 
     casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
@@ -188,12 +151,10 @@ CasperTest.begin('Authenticated user is redirected', 8, function suite(test) {
     }, function onTimeOut() {
         test.fail('Failed to redirect');
     });
-}, true);
+});
 
 
 CasperTest.begin('Ensure email field form validation', 3, function suite(test) {
-    // init user to prevent redirect to setup
-    CasperTest.Routines.setup.run(test);
     CasperTest.Routines.signout.run(test);
 
     casper.thenOpenAndWaitForPageLoad('signin', function testTitleAndUrl() {
@@ -217,4 +178,4 @@ CasperTest.begin('Ensure email field form validation', 3, function suite(test) {
         test.fail('Email validation error did not appear');
     }, 2000);
 
-}, true);
+});
diff --git a/core/test/functional/routes/api/db_test.js b/core/test/functional/routes/api/db_test.js
index 99cdc7de37..a98263af93 100644
--- a/core/test/functional/routes/api/db_test.js
+++ b/core/test/functional/routes/api/db_test.js
@@ -16,6 +16,7 @@ describe('DB API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({app: app}).then(function (_httpServer) {
             httpServer = _httpServer;
diff --git a/core/test/functional/routes/api/error_test.js b/core/test/functional/routes/api/error_test.js
index a084454255..332965f843 100644
--- a/core/test/functional/routes/api/error_test.js
+++ b/core/test/functional/routes/api/error_test.js
@@ -41,7 +41,7 @@ describe('Unauthorized', function () {
     });
 
 
-    describe('Unauthorized', function () {
+    describe('Unauthorized API', function () {
         it('can\'t retrieve posts', function (done) {
             request.get(testUtils.API.getApiQuery('posts/'))
                 .expect(401)
diff --git a/core/test/functional/routes/api/notifications_test.js b/core/test/functional/routes/api/notifications_test.js
index 14f426bb2c..812bd1403f 100644
--- a/core/test/functional/routes/api/notifications_test.js
+++ b/core/test/functional/routes/api/notifications_test.js
@@ -16,6 +16,7 @@ describe('Notifications API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({app: app}).then(function (_httpServer) {
             httpServer = _httpServer;
diff --git a/core/test/functional/routes/api/posts_test.js b/core/test/functional/routes/api/posts_test.js
index c3996406c9..904e68a46a 100644
--- a/core/test/functional/routes/api/posts_test.js
+++ b/core/test/functional/routes/api/posts_test.js
@@ -18,6 +18,7 @@ describe('Post API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({app: app}).then(function (_httpServer) {
             httpServer = _httpServer;
diff --git a/core/test/functional/routes/api/settings_test.js b/core/test/functional/routes/api/settings_test.js
index 7a77c1102a..fa7c6ac1cd 100644
--- a/core/test/functional/routes/api/settings_test.js
+++ b/core/test/functional/routes/api/settings_test.js
@@ -18,6 +18,7 @@ describe('Settings API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({app: app}).then(function (_httpServer) {
             httpServer = _httpServer;
diff --git a/core/test/functional/routes/api/slugs_test.js b/core/test/functional/routes/api/slugs_test.js
index 7e0915d10f..919b39fb5c 100644
--- a/core/test/functional/routes/api/slugs_test.js
+++ b/core/test/functional/routes/api/slugs_test.js
@@ -18,6 +18,7 @@ describe('Slug API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({ app: app }).then(function (_httpServer) {
             httpServer = _httpServer;
diff --git a/core/test/functional/routes/api/tags_test.js b/core/test/functional/routes/api/tags_test.js
index b629d1df56..72d784823d 100644
--- a/core/test/functional/routes/api/tags_test.js
+++ b/core/test/functional/routes/api/tags_test.js
@@ -18,6 +18,7 @@ describe('Tag API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({app: app}).then(function (_httpServer) {
             httpServer = _httpServer;
diff --git a/core/test/functional/routes/api/users_test.js b/core/test/functional/routes/api/users_test.js
index 5e65d570c9..922fd5ba7e 100644
--- a/core/test/functional/routes/api/users_test.js
+++ b/core/test/functional/routes/api/users_test.js
@@ -16,6 +16,7 @@ describe('User API', function () {
 
     before(function (done) {
         var app = express();
+            app.set('disableLoginLimiter', true);
 
         ghost({app: app}).then(function (_httpServer) {
             httpServer = _httpServer;