0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00
ghost/core/test/unit/middleware_spec.js
Mark Stosberg 770317b834 Refactor: Make checkSSL unit-testable and add unit tests for it.
- Code was moved to core/server/middleware/middleware.js, which is the
  home for unit-testable middleware.

- Functional code coverage for this code also exists at:
  test/functional/routes/admin_test.js
2015-01-18 13:44:50 -05:00

239 lines
8.4 KiB
JavaScript

/*globals describe, beforeEach, afterEach, it*/
/*jshint expr:true*/
var assert = require('assert'),
should = require('should'),
sinon = require('sinon'),
middleware = require('../../server/middleware').middleware;
describe('Middleware', function () {
// TODO: needs new test for ember admin
// describe('redirectToDashboard', function () {
// var req, res;
// beforeEach(function () {
// req = {
// session: {}
// };
// res = {
// redirect: sinon.spy()
// };
// });
// it('should redirect to dashboard', function () {
// req.session.user = {};
// middleware.redirectToDashboard(req, res, null);
// assert(res.redirect.calledWithMatch('/ghost/'));
// });
// it('should call next if no user in session', function (done) {
// middleware.redirectToDashboard(req, res, function (a) {
// should.not.exist(a);
// assert(res.redirect.calledOnce.should.be.false);
// done();
// });
// });
// });
describe('cacheControl', function () {
var res;
beforeEach(function () {
res = {
set: sinon.spy()
};
});
it('correctly sets the public profile headers', function (done) {
middleware.cacheControl('public')(null, res, function (a) {
should.not.exist(a);
res.set.calledOnce.should.be.true;
res.set.calledWith({'Cache-Control': 'public, max-age=0'});
done();
});
});
it('correctly sets the private profile headers', function (done) {
middleware.cacheControl('private')(null, res, function (a) {
should.not.exist(a);
res.set.calledOnce.should.be.true;
res.set.calledWith({
'Cache-Control':
'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
});
done();
});
});
it('will not set headers without a profile', function (done) {
middleware.cacheControl()(null, res, function (a) {
should.not.exist(a);
res.set.called.should.be.false;
done();
});
});
});
describe('whenEnabled', function () {
var cbFn, blogApp;
beforeEach(function () {
cbFn = sinon.spy();
blogApp = {
enabled: function (setting) {
if (setting === 'enabled') {
return true;
} else {
return false;
}
}
};
middleware.cacheBlogApp(blogApp);
});
it('should call function if setting is enabled', function (done) {
var req = 1, res = 2, next = 3;
middleware.whenEnabled('enabled', function (a, b, c) {
assert.equal(a, 1);
assert.equal(b, 2);
assert.equal(c, 3);
done();
})(req, res, next);
});
it('should call next() if setting is disabled', function (done) {
middleware.whenEnabled('rando', cbFn)(null, null, function (a) {
should.not.exist(a);
cbFn.calledOnce.should.be.false;
done();
});
});
});
describe('staticTheme', function () {
beforeEach(function () {
sinon.stub(middleware, 'forwardToExpressStatic').yields();
});
afterEach(function () {
middleware.forwardToExpressStatic.restore();
});
it('should call next if hbs file type', function (done) {
var req = {
url: 'mytemplate.hbs'
};
middleware.staticTheme(null)(req, null, function (a) {
should.not.exist(a);
middleware.forwardToExpressStatic.calledOnce.should.be.false;
done();
});
});
it('should call next if md file type', function (done) {
var req = {
url: 'README.md'
};
middleware.staticTheme(null)(req, null, function (a) {
should.not.exist(a);
middleware.forwardToExpressStatic.calledOnce.should.be.false;
done();
});
});
it('should call next if json file type', function (done) {
var req = {
url: 'sample.json'
};
middleware.staticTheme(null)(req, null, function (a) {
should.not.exist(a);
middleware.forwardToExpressStatic.calledOnce.should.be.false;
done();
});
});
it('should call express.static if valid file type', function (done) {
var req = {
url: 'myvalidfile.css'
};
middleware.staticTheme(null)(req, null, function (reqArg, res, next) {
/*jshint unused:false */
middleware.forwardToExpressStatic.calledOnce.should.be.true;
assert.deepEqual(middleware.forwardToExpressStatic.args[0][0], req);
done();
});
});
});
describe('isSSLRequired', function () {
var isSSLrequired = middleware.isSSLrequired;
it('SSL is required if config.url starts with https', function () {
isSSLrequired(undefined, 'https://example.com', undefined).should.be.true;
});
it('SSL is required if isAdmin and config.forceAdminSSL is set', function () {
isSSLrequired(true, 'http://example.com', true).should.be.true;
});
it('SSL is not required if config.url starts with "http:/" and forceAdminSSL is not set', function () {
isSSLrequired(false, 'http://example.com', false).should.be.false;
});
});
describe('sslForbiddenOrRedirect', function () {
var sslForbiddenOrRedirect = middleware.sslForbiddenOrRedirect;
it('Return forbidden if config forces admin SSL for AdminSSL redirect is false.', function () {
var response = sslForbiddenOrRedirect({
forceAdminSSL: {redirect: false},
configUrl: 'http://example.com'
});
response.isForbidden.should.be.true;
});
it('If not forbidden, should produce SSL to redirect to when config.url ends with no slash', function () {
var response = sslForbiddenOrRedirect({
forceAdminSSL: {redirect: true},
configUrl: 'http://example.com/config/path',
reqUrl: '/req/path'
});
response.isForbidden.should.be.false;
response.redirectUrl({}).should.equal('https://example.com/config/path/req/path');
});
it('If config ends is slash, potential double-slash in resulting URL is removed', function () {
var response = sslForbiddenOrRedirect({
forceAdminSSL: {redirect: true},
configUrl: 'http://example.com/config/path/',
reqUrl: '/req/path'
});
response.redirectUrl({}).should.equal('https://example.com/config/path/req/path');
});
it('If config.urlSSL is provided it is preferred over config.url', function () {
var response = sslForbiddenOrRedirect({
forceAdminSSL: {redirect: true},
configUrl: 'http://example.com/config/path/',
configUrlSSL: 'https://example.com/ssl/config/path/',
reqUrl: '/req/path'
});
response.redirectUrl({}).should.equal('https://example.com/ssl/config/path/req/path');
});
it('query string in request is preserved in redirect URL', function () {
var response = sslForbiddenOrRedirect({
forceAdminSSL: {redirect: true},
configUrl: 'http://example.com/config/path/',
configUrlSSL: 'https://example.com/ssl/config/path/',
reqUrl: '/req/path'
});
response.redirectUrl({a: 'b'}).should.equal('https://example.com/ssl/config/path/req/path?a=b');
});
});
});