Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

💡Migrated session controllers for compatibility with "frame" (#11101)

Browse source 
no issue

- Session controllers were using API v1 http method which bypassed "frame" introduced with API v2. 
- Changes here are just a long-awaited cleanup to allow completely remove v0.1 code
This commit is contained in:
Naz Gargol 2019-09-11 11:28:55 +02:00 committed by GitHub
parent 465ee0e609
commit b8b0a5ea18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 43 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
core/server/api/canary/session.js
View file

@ -4,16 +4,18 @@ const models = require('../../models');
const auth = require('../../services/auth');
const session = {
read(options) {
read(frame) {
/*
* TODO
* Don't query db for user, when new api http wrapper is in we can
* have direct access to req.user, we can also get access to some session
* inofrmation too and send it back
*/
return models.User.findOne({id: options.context.user});
return models.User.findOne({id: frame.options.context.user});
},
add(object) {
add(frame) {
const object = frame.data;
if (!object || !object.username || !object.password) {
return Promise.reject(new common.errors.UnauthorizedError({
message: common.i18n.t('errors.middleware.auth.accessDenied')

8
core/server/api/v2/session.js
View file

@ -4,16 +4,18 @@ const models = require('../../models');
const auth = require('../../services/auth');
const session = {
read(options) {
read(frame) {
/*
* TODO
* Don't query db for user, when new api http wrapper is in we can
* have direct access to req.user, we can also get access to some session
* inofrmation too and send it back
*/
return models.User.findOne({id: options.context.user});
return models.User.findOne({id: frame.options.context.user});
},
add(object) {
add(frame) {
const object = frame.data;
if (!object || !object.username || !object.password) {
return Promise.reject(new common.errors.UnauthorizedError({
message: common.i18n.t('errors.middleware.auth.accessDenied')

6
core/server/web/api/canary/admin/routes.js
View file

@ -167,14 +167,14 @@ module.exports = function apiRoutes() {
router.post('/slack/test', mw.authAdminApi, http(apiCanary.slack.sendTest));
// ## Sessions
router.get('/session', mw.authAdminApi, api.http(apiCanary.session.read));
router.get('/session', mw.authAdminApi, http(apiCanary.session.read));
// We don't need auth when creating a new session (logging in)
router.post('/session',
shared.middlewares.brute.globalBlock,
shared.middlewares.brute.userLogin,
api.http(apiCanary.session.add)
http(apiCanary.session.add)
);
router.del('/session', mw.authAdminApi, api.http(apiCanary.session.delete));
router.del('/session', mw.authAdminApi, http(apiCanary.session.delete));
// ## Authentication
router.post('/authentication/passwordreset',

6
core/server/web/api/v2/admin/routes.js
View file

@ -167,14 +167,14 @@ module.exports = function apiRoutes() {
router.post('/slack/test', mw.authAdminApi, http(apiv2.slack.sendTest));
// ## Sessions
router.get('/session', mw.authAdminApi, api.http(apiv2.session.read));
router.get('/session', mw.authAdminApi, http(apiv2.session.read));
// We don't need auth when creating a new session (logging in)
router.post('/session',
shared.middlewares.brute.globalBlock,
shared.middlewares.brute.userLogin,
api.http(apiv2.session.add)
http(apiv2.session.add)
);
router.del('/session', mw.authAdminApi, api.http(apiv2.session.delete));
router.del('/session', mw.authAdminApi, http(apiv2.session.delete));
// ## Authentication
router.post('/authentication/passwordreset',

14
core/test/unit/api/canary/session_spec.js
View file

@ -60,10 +60,10 @@ describe('Session controller', function () {
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then((fn) => {
}}).then((fn) => {
fn(fakeReq, fakeRes, fakeNext);
}).then(function () {
should.equal(fakeReq.brute.reset.callCount, 1);
@ -91,10 +91,10 @@ describe('Session controller', function () {
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then((fn) => {
}}).then((fn) => {
fn(fakeReq, fakeRes, fakeNext);
}).then(function () {
should.equal(fakeReq.brute.reset.callCount, 1);
@ -129,8 +129,10 @@ describe('Session controller', function () {
.returns(findOneReturnVal);
const result = sessionController.read({
context: {
user: 108
options: {
context: {
user: 108
}
}
});
should.equal(result, findOneReturnVal);

14
core/test/unit/api/v2/session_spec.js
View file

@ -60,10 +60,10 @@ describe('Session controller', function () {
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then((fn) => {
}}).then((fn) => {
fn(fakeReq, fakeRes, fakeNext);
}).then(function () {
should.equal(fakeReq.brute.reset.callCount, 1);
@ -91,10 +91,10 @@ describe('Session controller', function () {
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then((fn) => {
}}).then((fn) => {
fn(fakeReq, fakeRes, fakeNext);
}).then(function () {
should.equal(fakeReq.brute.reset.callCount, 1);
@ -129,8 +129,10 @@ describe('Session controller', function () {
.returns(findOneReturnVal);
const result = sessionController.read({
context: {
user: 108
options: {
context: {
user: 108
}
}
});
should.equal(result, findOneReturnVal);

18
core/test/unit/api/v3/session_spec.js
View file

@ -36,10 +36,10 @@ describe('Session controller', function () {
const userCheckStub = sinon.stub(models.User, 'check')
.rejects(new Error());
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then(() => {
}}).then(() => {
should.fail('session.add did not throw');
},(err) => {
should.equal(err instanceof UnauthorizedError, true);
@ -60,10 +60,10 @@ describe('Session controller', function () {
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then((fn) => {
}}).then((fn) => {
fn(fakeReq, fakeRes, fakeNext);
}).then(function () {
should.equal(fakeReq.brute.reset.callCount, 1);
@ -91,10 +91,10 @@ describe('Session controller', function () {
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
return sessionController.add({
return sessionController.add({data: {
username: 'freddy@vodafone.com',
password: 'qu33nRul35'
}, {}).then((fn) => {
}}).then((fn) => {
fn(fakeReq, fakeRes, fakeNext);
}).then(function () {
should.equal(fakeReq.brute.reset.callCount, 1);
@ -129,8 +129,10 @@ describe('Session controller', function () {
.returns(findOneReturnVal);
const result = sessionController.read({
context: {
user: 108
options: {
context: {
user: 108
}
}
});
should.equal(result, findOneReturnVal);

2
core/test/utils/api.js
View file

@ -106,7 +106,7 @@ const login = (request, API_URL) => {
}));
}
resolve(res.headers['set-cookie'] || res.body.access_token);
resolve(res.headers['set-cookie']);
}, reject);
});
};