Fix 401 error when uploading images

closes #6377 - restores ajax prefilter initializer that was removed in #6243 - adds regression test for standard `$.ajax` requests sending Authorization header This can be removed once we no longer have jquery plugins that make internal ajax calls that don't go through ember-ajax.
2025-02-17 23:44:39 -05:00 · 2016-01-25 11:11:29 +00:00 · 2016-01-25 11:11:29 +00:00 · c55d9699ef
commit c55d9699ef
parent 100ab9ecef
2 changed files with 58 additions and 0 deletions
--- a/core/client/app/instance-initializers/jquery-ajax-oauth-prefilter.js
+++ b/core/client/app/instance-initializers/jquery-ajax-oauth-prefilter.js
@ -0,0 +1,21 @@
 import Ember from 'ember';
 const {merge} = Ember;
 export default {
    name: 'jquery-ajax-oauth-prefilter',
    after: 'ember-simple-auth',
    initialize(application) {
        let session = application.lookup('service:session');
        Ember.$.ajaxPrefilter(function (options) {
            session.authorize('authorizer:oauth2', function (headerName, headerValue) {
                let headerObject = {};
                headerObject[headerName] = headerValue;
                options.headers = merge(options.headers || {}, headerObject);
            });
        });
    }
 };
--- a/core/client/tests/acceptance/authentication-test.js
+++ b/core/client/tests/acceptance/authentication-test.js
@ -12,6 +12,9 @@ import destroyApp from '../helpers/destroy-app';
 import { authenticateSession, currentSession, invalidateSession } from 'ghost/tests/helpers/ember-simple-auth';
 import Mirage from 'ember-cli-mirage';
 import windowProxy from 'ghost/utils/window-proxy';
 import ghostPaths from 'ghost/utils/ghost-paths';
 const Ghost = ghostPaths();
 describe('Acceptance: Authentication', function () {
    let application,
@ -125,4 +128,38 @@ describe('Acceptance: Authentication', function () {
            Ember.run.throttle = origThrottle;
        });
    });
    it('adds auth headers to jquery ajax', function (done) {
        let role = server.create('role', {name: 'Administrator'});
        let user = server.create('user', {roles: [role]});
        server.post('/uploads', (db, request) => {
            return request;
        });
        server.loadFixtures();
        // jscs:disable requireCamelCaseOrUpperCaseIdentifiers
        authenticateSession(application, {
            access_token: 'test_token',
            expires_in: 3600,
            token_type: 'Bearer'
        });
        // jscs:enable requireCamelCaseOrUpperCaseIdentifiers
        // necessary to visit a page to fully boot the app in testing
        visit('/').andThen(() => {
            $.ajax({
                type: 'POST',
                url: `${Ghost.apiRoot}/uploads/`,
                data: {test: 'Test'}
            }).then((request) => {
                expect(request.requestHeaders.Authorization, 'Authorization header')
                    .to.exist;
                expect(request.requestHeaders.Authorization, 'Authotization header content')
                    .to.equal('Bearer test_token');
            }).always(() => {
                done();
            });
        });
    });
 });