Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

🐛 Fixed frontmatter-related validation error

Browse source 
refs https://github.com/TryGhost/Team/issues/687

- The frontmatter field has leaked into the API layer unintentionally when it was introduced into the DB schema during 4.0 release.
- The fix add the field to "trim" list in all API. A proper validation and handling will be add per API as usecase for the field becomes clear
This commit is contained in:
Naz 2021-05-13 12:14:05 +04:00
parent 06dd9bac59
commit eb7e4bb815
5 changed files with 98 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -43,7 +43,7 @@
"@nexes/nql": "0.5.2",
"@sentry/node": "6.3.6",
"@tryghost/adapter-manager": "0.2.12",
"@tryghost/admin-api-schema": "2.2.1",
"@tryghost/admin-api-schema": "2.2.2",
"@tryghost/bootstrap-socket": "0.2.8",
"@tryghost/constants": "0.1.7",
"@tryghost/email-analytics-provider-mailgun": "1.0.0",

31
test/regression/api/canary/admin/posts_spec.js
View file

@ -337,6 +337,37 @@ describe('Posts API (canary)', function () {
});
});
it('read-only value do not cause errors when edited', function () {
return request
.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`))
.set('Origin', config.get('url'))
.expect(200)
.then((res) => {
return request
.put(localUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Origin', config.get('url'))
.send({
posts: [{
frontmatter: 'hey!',
plaintext: 'hello!',
updated_at: res.body.posts[0].updated_at
}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200);
})
.then((res) => {
// NOTE: when ONLY ignored fields are posted they should not change a thing, thus cache stays untouched
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(res.body.posts);
should.exist(res.body.posts[0].published_at);
should.equal(res.body.posts[0].frontmatter, null);
should.equal(res.body.posts[0].plaintext, testUtils.DataGenerator.Content.posts[0].plaintext);
});
});
it('html to plaintext', function () {
return request
.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`))

31
test/regression/api/v2/admin/posts_spec.js
View file

@ -172,6 +172,37 @@ describe('Posts API (v2)', function () {
});
});
it('read-only value do not cause errors when edited', function () {
return request
.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`))
.set('Origin', config.get('url'))
.expect(200)
.then((res) => {
return request
.put(localUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Origin', config.get('url'))
.send({
posts: [{
frontmatter: 'hey!',
plaintext: 'hello!',
updated_at: res.body.posts[0].updated_at
}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200);
})
.then((res) => {
// NOTE: when ONLY ignored fields are posted they should not change a thing, thus cache stays untouched
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(res.body.posts);
should.exist(res.body.posts[0].published_at);
should.equal(res.body.posts[0].frontmatter, null);
should.equal(res.body.posts[0].plaintext, testUtils.DataGenerator.Content.posts[0].plaintext);
});
});
it('html to plaintext', function () {
return request
.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`))

31
test/regression/api/v3/admin/posts_spec.js
View file

@ -337,6 +337,37 @@ describe('Posts API (v3)', function () {
});
});
it('read-only value do not cause errors when edited', function () {
return request
.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`))
.set('Origin', config.get('url'))
.expect(200)
.then((res) => {
return request
.put(localUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Origin', config.get('url'))
.send({
posts: [{
frontmatter: 'hey!',
plaintext: 'hello!',
updated_at: res.body.posts[0].updated_at
}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200);
})
.then((res) => {
// NOTE: when ONLY ignored fields are posted they should not change a thing, thus cache stays untouched
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(res.body.posts);
should.exist(res.body.posts[0].published_at);
should.equal(res.body.posts[0].frontmatter, null);
should.equal(res.body.posts[0].plaintext, testUtils.DataGenerator.Content.posts[0].plaintext);
});
});
it('html to plaintext', function () {
return request
.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[0].id}/`))

8
yarn.lock
View file

@ -564,10 +564,10 @@
dependencies:
"@tryghost/errors" "^0.2.11"
"@tryghost/admin-api-schema@2.2.1":
version "2.2.1"
resolved "https://registry.yarnpkg.com/@tryghost/admin-api-schema/-/admin-api-schema-2.2.1.tgz#5d31abd194a5742d30b17ca230438a353b05b1aa"
integrity sha512-FDNYefBGsCdJ0Y/Suil8snye+cchl5B/sU5gJ25rLBRrN2AD9zAJM0N27R1+6R93MUlwsggEKM7T/6GxNhMudQ==
"@tryghost/admin-api-schema@2.2.2":
version "2.2.2"
resolved "https://registry.yarnpkg.com/@tryghost/admin-api-schema/-/admin-api-schema-2.2.2.tgz#d02c811f10bee5c3f62d3349ed220afd318f43cc"
integrity sha512-H2L8DkGloUT+1i8/0qdNYEeZNCrocFIqa8kE89EfjcyxTPkMsI6whpdI1CFQNHxuz9TazbC2M2TeTzCgALrQLg==
dependencies:
"@tryghost/errors" "^0.2.10"
bluebird "^3.5.3"