Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Added labs setting import validation

Browse source 
refs https://github.com/TryGhost/Team/issues/757

- Similarly to the API input serrialization importer should not pass through unknown labs keys to avoid soiling data
This commit is contained in:
Naz 2021-06-04 20:07:33 +04:00 committed by naz
parent cd35358fdb
commit d8230f3343
2 changed files with 36 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
core/server/data/importer/importers/data/settings.js
View file

@ -7,6 +7,7 @@ const models = require('../../../../models');
const defaultSettings = require('../../../schema').defaultSettings;
const keyGroupMapper = require('../../../../api/shared/serializers/input/utils/settings-key-group-mapper');
const keyTypeMapper = require('../../../../api/shared/serializers/input/utils/settings-key-type-mapper');
const {WRITABLE_KEYS_ALLOWLIST} = require('../../../../services/labs');
const labsDefaults = JSON.parse(defaultSettings.labs.labs.defaultValue);
const ignoredSettings = ['slack_url', 'members_from_address', 'members_support_address'];
@ -207,9 +208,18 @@ class SettingsImporter extends BaseImporter {
_.each(this.dataToImport, (obj) => {
if (obj.key === 'labs' && obj.value) {
const inputLabsValue = JSON.parse(obj.value);
const filteredLabsValue = {};
for (const flag in inputLabsValue) {
if (WRITABLE_KEYS_ALLOWLIST.includes(flag)) {
filteredLabsValue[flag] = inputLabsValue[flag];
}
}
// Overwrite the labs setting with our current defaults
// Ensures things that are enabled in new versions, are turned on
obj.value = JSON.stringify(_.assign({}, JSON.parse(obj.value), labsDefaults));
obj.value = JSON.stringify(_.assign({}, filteredLabsValue, labsDefaults));
}
// CASE: we do not import "from address" for members settings as that needs to go via validation with magic link

28
test/regression/importer/v2_spec.js
View file

@ -821,12 +821,12 @@ describe('Integration: Importer', function () {
});
});
it('does not import settings: labs', function () {
it('does import settings: labs', function () {
const exportData = exportedBodyV2().db[0];
exportData.data.settings[0] = testUtils.DataGenerator.forKnex.createSetting({
key: 'labs',
value: JSON.stringify({members: true})
value: JSON.stringify({activitypub: true})
});
return dataImporter.doImport(exportData, importOptions)
@ -835,7 +835,29 @@ describe('Integration: Importer', function () {
return models.Settings.findOne(_.merge({key: 'labs'}, testUtils.context.internal));
})
.then(function (result) {
should.equal(result, null);
should.equal(result.attributes.key, 'labs');
should.equal(result.attributes.group, 'labs');
should.equal(result.attributes.value, '{"activitypub":true}');
});
});
it('does not import unknown settings: labs', function () {
const exportData = exportedBodyV2().db[0];
exportData.data.settings[0] = testUtils.DataGenerator.forKnex.createSetting({
key: 'labs',
value: JSON.stringify({gibberish: true})
});
return dataImporter.doImport(exportData, importOptions)
.then(function (imported) {
imported.problems.length.should.eql(0);
return models.Settings.findOne(_.merge({key: 'labs'}, testUtils.context.internal));
})
.then(function (result) {
should.equal(result.attributes.key, 'labs');
should.equal(result.attributes.group, 'labs');
should.equal(result.attributes.value, '{}');
});
});