From eb7e4bb8158484f27f46bc6c60de832fdb2dd4ee Mon Sep 17 00:00:00 2001 From: Naz Date: Thu, 13 May 2021 12:14:05 +0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fixed=20frontmatter-related=20va?= =?UTF-8?q?lidation=20error?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit refs https://github.com/TryGhost/Team/issues/687 - The frontmatter field has leaked into the API layer unintentionally when it was introduced into the DB schema during 4.0 release. - The fix add the field to "trim" list in all API. A proper validation and handling will be add per API as usecase for the field becomes clear --- package.json | 2 +- .../regression/api/canary/admin/posts_spec.js | 31 +++++++++++++++++++ test/regression/api/v2/admin/posts_spec.js | 31 +++++++++++++++++++ test/regression/api/v3/admin/posts_spec.js | 31 +++++++++++++++++++ yarn.lock | 8 ++--- 5 files changed, 98 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 806a20a5ed..b291070931 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "@nexes/nql": "0.5.2", "@sentry/node": "6.3.6", "@tryghost/adapter-manager": "0.2.12", - "@tryghost/admin-api-schema": "2.2.1", + "@tryghost/admin-api-schema": "2.2.2", "@tryghost/bootstrap-socket": "0.2.8", "@tryghost/constants": "0.1.7", "@tryghost/email-analytics-provider-mailgun": "1.0.0", diff --git a/test/regression/api/canary/admin/posts_spec.js b/test/regression/api/canary/admin/posts_spec.js index 9347c22ce8..732f6d0ffd 100644 --- a/test/regression/api/canary/admin/posts_spec.js +++ b/test/regression/api/canary/admin/posts_spec.js @@ -337,6 +337,37 @@ describe('Posts API (canary)', function () { }); }); + it('read-only value do not cause errors when edited', function () { + return request + .get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`)) + .set('Origin', config.get('url')) + .expect(200) + .then((res) => { + return request + .put(localUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) + .set('Origin', config.get('url')) + .send({ + posts: [{ + frontmatter: 'hey!', + plaintext: 'hello!', + updated_at: res.body.posts[0].updated_at + }] + }) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(200); + }) + .then((res) => { + // NOTE: when ONLY ignored fields are posted they should not change a thing, thus cache stays untouched + should.not.exist(res.headers['x-cache-invalidate']); + + should.exist(res.body.posts); + should.exist(res.body.posts[0].published_at); + should.equal(res.body.posts[0].frontmatter, null); + should.equal(res.body.posts[0].plaintext, testUtils.DataGenerator.Content.posts[0].plaintext); + }); + }); + it('html to plaintext', function () { return request .get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`)) diff --git a/test/regression/api/v2/admin/posts_spec.js b/test/regression/api/v2/admin/posts_spec.js index 9a5e24fd54..8472aa4296 100644 --- a/test/regression/api/v2/admin/posts_spec.js +++ b/test/regression/api/v2/admin/posts_spec.js @@ -172,6 +172,37 @@ describe('Posts API (v2)', function () { }); }); + it('read-only value do not cause errors when edited', function () { + return request + .get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`)) + .set('Origin', config.get('url')) + .expect(200) + .then((res) => { + return request + .put(localUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) + .set('Origin', config.get('url')) + .send({ + posts: [{ + frontmatter: 'hey!', + plaintext: 'hello!', + updated_at: res.body.posts[0].updated_at + }] + }) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(200); + }) + .then((res) => { + // NOTE: when ONLY ignored fields are posted they should not change a thing, thus cache stays untouched + should.not.exist(res.headers['x-cache-invalidate']); + + should.exist(res.body.posts); + should.exist(res.body.posts[0].published_at); + should.equal(res.body.posts[0].frontmatter, null); + should.equal(res.body.posts[0].plaintext, testUtils.DataGenerator.Content.posts[0].plaintext); + }); + }); + it('html to plaintext', function () { return request .get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`)) diff --git a/test/regression/api/v3/admin/posts_spec.js b/test/regression/api/v3/admin/posts_spec.js index 144232ff7a..fa0ba67fe1 100644 --- a/test/regression/api/v3/admin/posts_spec.js +++ b/test/regression/api/v3/admin/posts_spec.js @@ -337,6 +337,37 @@ describe('Posts API (v3)', function () { }); }); + it('read-only value do not cause errors when edited', function () { + return request + .get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`)) + .set('Origin', config.get('url')) + .expect(200) + .then((res) => { + return request + .put(localUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) + .set('Origin', config.get('url')) + .send({ + posts: [{ + frontmatter: 'hey!', + plaintext: 'hello!', + updated_at: res.body.posts[0].updated_at + }] + }) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(200); + }) + .then((res) => { + // NOTE: when ONLY ignored fields are posted they should not change a thing, thus cache stays untouched + should.not.exist(res.headers['x-cache-invalidate']); + + should.exist(res.body.posts); + should.exist(res.body.posts[0].published_at); + should.equal(res.body.posts[0].frontmatter, null); + should.equal(res.body.posts[0].plaintext, testUtils.DataGenerator.Content.posts[0].plaintext); + }); + }); + it('html to plaintext', function () { return request .get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`)) diff --git a/yarn.lock b/yarn.lock index 276330da81..24fc42874a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -564,10 +564,10 @@ dependencies: "@tryghost/errors" "^0.2.11" -"@tryghost/admin-api-schema@2.2.1": - version "2.2.1" - resolved "https://registry.yarnpkg.com/@tryghost/admin-api-schema/-/admin-api-schema-2.2.1.tgz#5d31abd194a5742d30b17ca230438a353b05b1aa" - integrity sha512-FDNYefBGsCdJ0Y/Suil8snye+cchl5B/sU5gJ25rLBRrN2AD9zAJM0N27R1+6R93MUlwsggEKM7T/6GxNhMudQ== +"@tryghost/admin-api-schema@2.2.2": + version "2.2.2" + resolved "https://registry.yarnpkg.com/@tryghost/admin-api-schema/-/admin-api-schema-2.2.2.tgz#d02c811f10bee5c3f62d3349ed220afd318f43cc" + integrity sha512-H2L8DkGloUT+1i8/0qdNYEeZNCrocFIqa8kE89EfjcyxTPkMsI6whpdI1CFQNHxuz9TazbC2M2TeTzCgALrQLg== dependencies: "@tryghost/errors" "^0.2.10" bluebird "^3.5.3"