OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
40cedb84ff
Ghost/ghost/admin/tests/unit/authenticators/cookie-test.js

102 lines
3.4 KiB
JavaScript
Raw Normal View History

Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
import Service from '@ember/service';
Switched from v3 to canary API refs https://github.com/TryGhost/Team/issues/221 - we're getting ready for the 4.0 API version so we should be using canary to fully test the changes - changed from `v3` to `canary` in `utils/ghost-paths.js` - updated mirage and tests to use `ghostPaths` util so we only need to change the version in one place in the future
2021-02-05 12:12:26 +03:00
import ghostPaths from 'ghost-admin/utils/ghost-paths';
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
import sinon from 'sinon';
import {beforeEach, describe, it} from 'mocha';
import {expect} from 'chai';
import {setupTest} from 'ember-mocha';
const mockAjax = Service.extend({
skipSessionDeletion: false,
init() {
this._super(...arguments);
this.post = sinon.stub().resolves();
this.del = sinon.stub().resolves();
}
});
🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
2019-08-12 11:11:10 +03:00
const mockConfig = Service.extend({
init() {
this._super(...arguments);
this.fetchAuthenticated = sinon.stub().resolves();
}
});
const mockFeature = Service.extend({
init() {
this._super(...arguments);
this.fetch = sinon.stub().resolves();
}
});
const mockSettings = Service.extend({
init() {
this._super(...arguments);
this.fetch = sinon.stub().resolves();
}
});
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
const mockGhostPaths = Service.extend({
Switched from v3 to canary API refs https://github.com/TryGhost/Team/issues/221 - we're getting ready for the 4.0 API version so we should be using canary to fully test the changes - changed from `v3` to `canary` in `utils/ghost-paths.js` - updated mirage and tests to use `ghostPaths` util so we only need to change the version in one place in the future
2021-02-05 12:12:26 +03:00
apiRoot: ghostPaths().apiRoot
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
});
describe('Unit: Authenticator: cookie', () => {
Refactored deprecated usage of setupTest* methods no issue - https://github.com/emberjs/ember-mocha/blob/master/docs/migration.md#upgrading-to-the-new-testing-apis - deleted tests files which had no specific tests - migrated unskipped component unit tests to integration tests
2019-05-13 15:43:53 +03:00
setupTest();
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
beforeEach(function () {
Refactored deprecated usage of setupTest* methods no issue - https://github.com/emberjs/ember-mocha/blob/master/docs/migration.md#upgrading-to-the-new-testing-apis - deleted tests files which had no specific tests - migrated unskipped component unit tests to integration tests
2019-05-13 15:43:53 +03:00
this.owner.register('service:ajax', mockAjax);
🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
2019-08-12 11:11:10 +03:00
this.owner.register('service:config', mockConfig);
this.owner.register('service:feature', mockFeature);
this.owner.register('service:settings', mockSettings);
Refactored deprecated usage of setupTest* methods no issue - https://github.com/emberjs/ember-mocha/blob/master/docs/migration.md#upgrading-to-the-new-testing-apis - deleted tests files which had no specific tests - migrated unskipped component unit tests to integration tests
2019-05-13 15:43:53 +03:00
this.owner.register('service:ghost-paths', mockGhostPaths);
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
});
describe('#restore', function () {
it('returns a resolving promise', function () {
Refactored deprecated usage of setupTest* methods no issue - https://github.com/emberjs/ember-mocha/blob/master/docs/migration.md#upgrading-to-the-new-testing-apis - deleted tests files which had no specific tests - migrated unskipped component unit tests to integration tests
2019-05-13 15:43:53 +03:00
return this.owner.lookup('authenticator:cookie').restore();
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
});
});
describe('#authenticate', function () {
it('posts the username and password to the sessionEndpoint and returns the promise', function () {
Refactored deprecated usage of setupTest* methods no issue - https://github.com/emberjs/ember-mocha/blob/master/docs/migration.md#upgrading-to-the-new-testing-apis - deleted tests files which had no specific tests - migrated unskipped component unit tests to integration tests
2019-05-13 15:43:53 +03:00
let authenticator = this.owner.lookup('authenticator:cookie');
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
let post = authenticator.ajax.post;
🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
2019-08-12 11:11:10 +03:00
let config = this.owner.lookup('service:config');
let feature = this.owner.lookup('service:feature');
let settings = this.owner.lookup('service:settings');
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
return authenticator.authenticate('AzureDiamond', 'hunter2').then(() => {
Switched from v3 to canary API refs https://github.com/TryGhost/Team/issues/221 - we're getting ready for the 4.0 API version so we should be using canary to fully test the changes - changed from `v3` to `canary` in `utils/ghost-paths.js` - updated mirage and tests to use `ghostPaths` util so we only need to change the version in one place in the future
2021-02-05 12:12:26 +03:00
expect(post.args[0][0]).to.equal(`${ghostPaths().apiRoot}/session`);
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
expect(post.args[0][1]).to.deep.include({
data: {
username: 'AzureDiamond',
password: 'hunter2'
}
});
expect(post.args[0][1]).to.deep.include({
dataType: 'text'
});
expect(post.args[0][1]).to.deep.include({
contentType: 'application/json;charset=utf-8'
});
🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
2019-08-12 11:11:10 +03:00
// ensure our pre-loading calls have been made
expect(config.fetchAuthenticated.calledOnce, 'config.fetchAuthenticated called').to.be.true;
expect(feature.fetch.calledOnce, 'feature.fetch called').to.be.true;
expect(settings.fetch.calledOnce, 'settings.fetch called').to.be.true;
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
});
});
});
describe('#invalidate', function () {
it('makes a delete request to the sessionEndpoint', function () {
Refactored deprecated usage of setupTest* methods no issue - https://github.com/emberjs/ember-mocha/blob/master/docs/migration.md#upgrading-to-the-new-testing-apis - deleted tests files which had no specific tests - migrated unskipped component unit tests to integration tests
2019-05-13 15:43:53 +03:00
let authenticator = this.owner.lookup('authenticator:cookie');
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
let del = authenticator.ajax.del;
return authenticator.invalidate().then(() => {
Switched from v3 to canary API refs https://github.com/TryGhost/Team/issues/221 - we're getting ready for the 4.0 API version so we should be using canary to fully test the changes - changed from `v3` to `canary` in `utils/ghost-paths.js` - updated mirage and tests to use `ghostPaths` util so we only need to change the version in one place in the future
2021-02-05 12:12:26 +03:00
expect(del.args[0][0]).to.equal(`${ghostPaths().apiRoot}/session`);
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 21:46:33 +03:00
});
});
});
});
Reference in New Issue Copy Permalink