mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
04fb7f8e69
- refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike
71 lines
2.7 KiB
JavaScript
71 lines
2.7 KiB
JavaScript
const should = require('should');
|
|
const supertest = require('supertest');
|
|
const testUtils = require('../../utils');
|
|
const config = require('../../../core/shared/config');
|
|
const localUtils = require('./utils');
|
|
|
|
describe('Admin API key authentication', function () {
|
|
let request;
|
|
|
|
before(async function () {
|
|
await testUtils.startGhost();
|
|
request = supertest.agent(config.get('url'));
|
|
await testUtils.initFixtures('api_keys');
|
|
});
|
|
|
|
it('Can not access endpoint without a token header', async function () {
|
|
await request.get(localUtils.API.getApiQuery('posts/'))
|
|
.set('Authorization', `Ghost`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(401);
|
|
});
|
|
|
|
it('Can not access endpoint with a wrong endpoint token', async function () {
|
|
await request.get(localUtils.API.getApiQuery('posts/'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('https://wrong.com')}`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(401);
|
|
});
|
|
|
|
it('Can access browse endpoint with correct token', async function () {
|
|
await request.get(localUtils.API.getApiQuery('posts/'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
});
|
|
|
|
it('Can create post', async function () {
|
|
const post = {
|
|
title: 'Post created with api_key'
|
|
};
|
|
|
|
const res = await request
|
|
.post(localUtils.API.getApiQuery('posts/?include=authors'))
|
|
.set('Origin', config.get('url'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`)
|
|
.send({
|
|
posts: [post]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(201);
|
|
|
|
// falls back to owner user
|
|
res.body.posts[0].authors.length.should.eql(1);
|
|
});
|
|
|
|
it('Can read users', async function () {
|
|
const res = await request
|
|
.get(localUtils.API.getApiQuery('users/'))
|
|
.set('Origin', config.get('url'))
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`)
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200);
|
|
|
|
localUtils.API.checkResponse(res.body.users[0], 'user');
|
|
});
|
|
});
|