mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-13 22:41:32 -05:00
9fe573a0c5
- Simplify the `init` method in `models/index.js` so that it no longer returns a promise. Easier to use. - Eliminates the `deleteAllContent` method from `models/index.js` as it can all be handled at the API layer in a single spot. - Optimize `destroyAllContent` in `api/db.js`. Eliminates double-fetching every post from the database and converting it to JSON. Also only fetches ids from the database instead of the entire model. - Eliminates the custom static method `destroy` in the Post model in favor of handling detaching tag relations in a single place (the `destroying` event). This also eliminates a big source of unneeded database round trips--needing to get post ids to feed into `Post.destroy()` which then re-fetches the post again.
193 lines
7.2 KiB
JavaScript
193 lines
7.2 KiB
JavaScript
/*globals describe, before, beforeEach, afterEach, it*/
|
|
var should = require('should'),
|
|
sinon = require('sinon'),
|
|
Promise = require('bluebird'),
|
|
|
|
authStrategies = require('../../../server/middleware/auth-strategies'),
|
|
Models = require('../../../server/models'),
|
|
globalUtils = require('../../../server/utils'),
|
|
|
|
sandbox = sinon.sandbox.create(),
|
|
|
|
fakeClient = {
|
|
slug: 'ghost-admin',
|
|
secret: 'not_available',
|
|
status: 'enabled'
|
|
},
|
|
|
|
fakeValidToken = {
|
|
user_id: 3,
|
|
token: 'valid-token',
|
|
client_id: 1,
|
|
expires: Date.now() + globalUtils.ONE_DAY_MS
|
|
},
|
|
fakeInvalidToken = {
|
|
user_id: 3,
|
|
token: 'expired-token',
|
|
client_id: 1,
|
|
expires: Date.now() - globalUtils.ONE_DAY_MS
|
|
};
|
|
|
|
describe('Auth Strategies', function () {
|
|
var next;
|
|
|
|
before(function () {
|
|
// Loads all the models
|
|
Models.init();
|
|
});
|
|
|
|
beforeEach(function () {
|
|
next = sandbox.spy();
|
|
});
|
|
|
|
afterEach(function () {
|
|
sandbox.restore();
|
|
});
|
|
|
|
describe('Client Password Strategy', function () {
|
|
var clientStub;
|
|
|
|
beforeEach(function () {
|
|
clientStub = sandbox.stub(Models.Client, 'findOne');
|
|
clientStub.returns(new Promise.resolve());
|
|
clientStub.withArgs({slug: fakeClient.slug}).returns(new Promise.resolve({
|
|
toJSON: function () { return fakeClient; }
|
|
}));
|
|
});
|
|
|
|
it('should find client', function (done) {
|
|
var clientId = 'ghost-admin',
|
|
clientSecret = 'not_available';
|
|
|
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
|
|
clientStub.calledOnce.should.be.true();
|
|
clientStub.calledWith({slug: clientId}).should.be.true();
|
|
next.called.should.be.true();
|
|
next.firstCall.args.length.should.eql(2);
|
|
should.equal(next.firstCall.args[0], null);
|
|
next.firstCall.args[1].slug.should.eql(clientId);
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('shouldn\'t find client with invalid id', function (done) {
|
|
var clientId = 'invalid_id',
|
|
clientSecret = 'not_available';
|
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
|
|
clientStub.calledOnce.should.be.true();
|
|
clientStub.calledWith({slug: clientId}).should.be.true();
|
|
next.called.should.be.true();
|
|
next.calledWith(null, false).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('shouldn\'t find client with invalid secret', function (done) {
|
|
var clientId = 'ghost-admin',
|
|
clientSecret = 'invalid_secret';
|
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
|
|
clientStub.calledOnce.should.be.true();
|
|
clientStub.calledWith({slug: clientId}).should.be.true();
|
|
next.called.should.be.true();
|
|
next.calledWith(null, false).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('shouldn\'t auth client that is disabled', function (done) {
|
|
var clientId = 'ghost-admin',
|
|
clientSecret = 'not_available';
|
|
|
|
fakeClient.status = 'disabled';
|
|
|
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
|
|
clientStub.calledOnce.should.be.true();
|
|
clientStub.calledWith({slug: clientId}).should.be.true();
|
|
next.called.should.be.true();
|
|
next.calledWith(null, false).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
});
|
|
|
|
describe('Bearer Strategy', function () {
|
|
var tokenStub, userStub;
|
|
|
|
beforeEach(function () {
|
|
tokenStub = sandbox.stub(Models.Accesstoken, 'findOne');
|
|
tokenStub.returns(new Promise.resolve());
|
|
tokenStub.withArgs({token: fakeValidToken.token}).returns(new Promise.resolve({
|
|
toJSON: function () { return fakeValidToken; }
|
|
}));
|
|
tokenStub.withArgs({token: fakeInvalidToken.token}).returns(new Promise.resolve({
|
|
toJSON: function () { return fakeInvalidToken; }
|
|
}));
|
|
|
|
userStub = sandbox.stub(Models.User, 'findOne');
|
|
userStub.returns(new Promise.resolve());
|
|
userStub.withArgs({id: 3}).returns(new Promise.resolve({
|
|
toJSON: function () { return {id: 3}; }
|
|
}));
|
|
});
|
|
|
|
it('should find user with valid token', function (done) {
|
|
var accessToken = 'valid-token',
|
|
userId = 3;
|
|
|
|
authStrategies.bearerStrategy(accessToken, next).then(function () {
|
|
tokenStub.calledOnce.should.be.true();
|
|
tokenStub.calledWith({token: accessToken}).should.be.true();
|
|
userStub.calledOnce.should.be.true();
|
|
userStub.calledWith({id: userId}).should.be.true();
|
|
next.calledOnce.should.be.true();
|
|
next.firstCall.args.length.should.eql(3);
|
|
next.calledWith(null, {id: userId}, {scope: '*'}).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('shouldn\'t find user with invalid token', function (done) {
|
|
var accessToken = 'invalid_token';
|
|
|
|
authStrategies.bearerStrategy(accessToken, next).then(function () {
|
|
tokenStub.calledOnce.should.be.true();
|
|
tokenStub.calledWith({token: accessToken}).should.be.true();
|
|
userStub.called.should.be.false();
|
|
next.called.should.be.true();
|
|
next.calledWith(null, false).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('should find user that doesn\'t exist', function (done) {
|
|
var accessToken = 'valid-token',
|
|
userId = 2;
|
|
|
|
// override user
|
|
fakeValidToken.user_id = userId;
|
|
|
|
authStrategies.bearerStrategy(accessToken, next).then(function () {
|
|
tokenStub.calledOnce.should.be.true();
|
|
tokenStub.calledWith({token: accessToken}).should.be.true();
|
|
userStub.calledOnce.should.be.true();
|
|
userStub.calledWith({id: userId}).should.be.true();
|
|
next.called.should.be.true();
|
|
next.calledWith(null, false).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('should find user with expired token', function (done) {
|
|
var accessToken = 'expired-token';
|
|
|
|
authStrategies.bearerStrategy(accessToken, next).then(function () {
|
|
tokenStub.calledOnce.should.be.true();
|
|
tokenStub.calledWith({token: accessToken}).should.be.true();
|
|
userStub.calledOnce.should.be.false();
|
|
next.called.should.be.true();
|
|
next.calledWith(null, false).should.be.true();
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
});
|
|
});
|