mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-10 23:36:14 -05:00
8dd33c5034
refs https://github.com/TryGhost/Toolbox/issues/138 - Having the "ghost" alias only added cognitive load when reading through the test code and didn't provide any additional value. Removed the pattern to keep things simpler and more explicit
294 lines
11 KiB
JavaScript
294 lines
11 KiB
JavaScript
const should = require('should');
|
|
const supertest = require('supertest');
|
|
const ObjectId = require('bson-objectid');
|
|
const testUtils = require('../../../../utils');
|
|
const config = require('../../../../../core/shared/config');
|
|
const localUtils = require('./utils');
|
|
let request;
|
|
|
|
describe('User API', function () {
|
|
let editor;
|
|
let author;
|
|
let ghostServer;
|
|
let otherAuthor;
|
|
let admin;
|
|
|
|
describe('As Owner', function () {
|
|
before(function () {
|
|
return testUtils.startGhost()
|
|
.then(function (_ghostServer) {
|
|
ghostServer = _ghostServer;
|
|
request = supertest.agent(config.get('url'));
|
|
})
|
|
.then(function () {
|
|
// create inactive user
|
|
return testUtils.createUser({
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+3@ghost.org'}),
|
|
role: testUtils.DataGenerator.Content.roles[2].name
|
|
});
|
|
})
|
|
.then(function (_user) {
|
|
otherAuthor = _user;
|
|
|
|
// create admin user
|
|
return testUtils.createUser({
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+admin@ghost.org', slug: 'owner'}),
|
|
role: testUtils.DataGenerator.Content.roles[3].name
|
|
});
|
|
})
|
|
.then(function (_user) {
|
|
admin = _user;
|
|
|
|
// by default we login with the owner
|
|
return localUtils.doAuth(request);
|
|
});
|
|
});
|
|
|
|
describe('Read', function () {
|
|
it('can\'t retrieve non existent user by id', function (done) {
|
|
request.get(localUtils.API.getApiQuery('users/' + ObjectId().toHexString() + '/'))
|
|
.set('Origin', config.get('url'))
|
|
.set('Accept', 'application/json')
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(404)
|
|
.end(function (err, res) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
const jsonResponse = res.body;
|
|
should.exist(jsonResponse);
|
|
should.exist(jsonResponse.errors);
|
|
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
|
|
'message',
|
|
'context',
|
|
'type',
|
|
'details',
|
|
'property',
|
|
'help',
|
|
'code',
|
|
'id'
|
|
]);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('can\'t retrieve non existent user by slug', function (done) {
|
|
request.get(localUtils.API.getApiQuery('users/slug/blargh/'))
|
|
.set('Origin', config.get('url'))
|
|
.set('Accept', 'application/json')
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(404)
|
|
.end(function (err, res) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
const jsonResponse = res.body;
|
|
should.exist(jsonResponse);
|
|
should.exist(jsonResponse.errors);
|
|
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
|
|
'message',
|
|
'context',
|
|
'type',
|
|
'details',
|
|
'property',
|
|
'help',
|
|
'code',
|
|
'id'
|
|
]);
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('Edit', function () {
|
|
it('can change the other users password', function (done) {
|
|
request.put(localUtils.API.getApiQuery('users/password/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
password: [{
|
|
newPassword: 'superSecure',
|
|
ne2Password: 'superSecure',
|
|
user_id: otherAuthor.id
|
|
}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200)
|
|
.end(function (err) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('Destroy', function () {
|
|
it('[failure] Destroy unknown user id', function (done) {
|
|
request.delete(localUtils.API.getApiQuery('users/' + ObjectId().toHexString()))
|
|
.set('Origin', config.get('url'))
|
|
.expect(404)
|
|
.end(function (err) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('As Editor', function () {
|
|
before(function () {
|
|
return testUtils.startGhost()
|
|
.then(function (_ghostServer) {
|
|
ghostServer = _ghostServer;
|
|
request = supertest.agent(config.get('url'));
|
|
})
|
|
.then(function () {
|
|
// create editor
|
|
return testUtils.createUser({
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+1@ghost.org'}),
|
|
role: testUtils.DataGenerator.Content.roles[1].name
|
|
});
|
|
})
|
|
.then(function (_user1) {
|
|
editor = _user1;
|
|
request.user = editor;
|
|
|
|
// by default we login with the owner
|
|
return localUtils.doAuth(request);
|
|
});
|
|
});
|
|
|
|
describe('success cases', function () {
|
|
it('can edit himself', function (done) {
|
|
request.put(localUtils.API.getApiQuery('users/' + editor.id + '/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
users: [{id: editor.id, name: 'test'}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200)
|
|
.end(function (err) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('error cases', function () {
|
|
it('can\'t edit the owner', function (done) {
|
|
request.put(localUtils.API.getApiQuery('users/' + testUtils.DataGenerator.Content.users[0].id + '/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
users: [{
|
|
id: testUtils.DataGenerator.Content.users[0].id
|
|
}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(403)
|
|
.end(function (err) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('Cannot transfer ownership to any other user', function () {
|
|
return request
|
|
.put(localUtils.API.getApiQuery('users/owner'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
owner: [{
|
|
id: testUtils.getExistingData().users[1].id
|
|
}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(403);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('As Author', function () {
|
|
before(function () {
|
|
return testUtils.startGhost()
|
|
.then(function (_ghostServer) {
|
|
ghostServer = _ghostServer;
|
|
request = supertest.agent(config.get('url'));
|
|
})
|
|
.then(function () {
|
|
// create author
|
|
return testUtils.createUser({
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+2@ghost.org'}),
|
|
role: testUtils.DataGenerator.Content.roles[2].name
|
|
});
|
|
})
|
|
.then(function (_user2) {
|
|
author = _user2;
|
|
request.user = author;
|
|
|
|
// by default we login with the owner
|
|
return localUtils.doAuth(request);
|
|
});
|
|
});
|
|
|
|
describe('success cases', function () {
|
|
it('can edit himself', function (done) {
|
|
request.put(localUtils.API.getApiQuery('users/' + author.id + '/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
users: [{id: author.id, name: 'test'}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(200)
|
|
.end(function (err) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('error cases', function () {
|
|
it('can\'t edit the owner', function (done) {
|
|
request.put(localUtils.API.getApiQuery('users/' + testUtils.DataGenerator.Content.users[0].id + '/'))
|
|
.set('Origin', config.get('url'))
|
|
.send({
|
|
users: [{
|
|
id: testUtils.DataGenerator.Content.users[0].id
|
|
}]
|
|
})
|
|
.expect('Content-Type', /json/)
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
.expect(403)
|
|
.end(function (err) {
|
|
if (err) {
|
|
return done(err);
|
|
}
|
|
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|