OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6161f94910
Ghost/ghost/mw-api-version-mismatch/test/mw-api-version-mismatch.test.js

104 lines
4.4 KiB
JavaScript
Raw Normal View History

Updated to use assert/strict everywhere (#17047) refs: https://github.com/TryGhost/Toolbox/issues/595 We're rolling out new rules around the node assert library, the first of which is enforcing the use of assert/strict. This means we don't need to use the strict version of methods, as the standard version will work that way by default. This caught some gotchas in our existing usage of assert where the lack of strict mode had unexpected results: - Url matching needs to be done on `url.href` see https://github.com/TryGhost/Ghost/pull/17047/commits/aa58b354a40751326fe3c00902b202099b2223d2 - Null and undefined are not the same thing, there were a few cases of this being confused - Particularly questionable changes in [PostExporter tests](https://github.com/TryGhost/Ghost/pull/17047/commits/c1a468744beeca4c09ebfe4ac4f87fb3a685f25e) tracked [here](https://github.com/TryGhost/Team/issues/3505). - A typo see https://github.com/TryGhost/Ghost/pull/17047/commits/eaac9c293a87fe0c9646eb52f5f5ef3ecd6d56b0 Moving forward, using assert strict should help us to catch unexpected behaviour, particularly around nulls and undefineds during implementation.
2023-06-21 11:56:59 +03:00
const assert = require('assert/strict');
Added test coverage to mw-api-version-mismatch refs https://github.com/TryGhost/Toolbox/issues/292 - There's no good reason to not write tests!
2022-04-21 15:29:52 +03:00
const sinon = require('sinon');
const errors = require('@tryghost/errors');
const versionMismatchMW = require('../index');
describe('mw-api-version-mismatch', function () {
it('Does call handle mismatch when a generic RequestNotAcceptableError is used', function (done) {
const APIVersionCompatibilityService = {
handleMismatch: sinon.stub().resolves()
};
const req = {
Fixed requestURL value passed to the APIVersionCompatibilityService refs https://github.com/TryGhost/Toolbox/issues/292 - There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object - Added tests to avoid similar mistake again
2022-05-09 10:33:40 +03:00
originalUrl: '/api/admin/posts/1',
headers: {
'accept-version': 'v3.28',
'user-agent': 'Zapier/2.1 GhostAdminSDK/3.28'
}
Added test coverage to mw-api-version-mismatch refs https://github.com/TryGhost/Toolbox/issues/292 - There's no good reason to not write tests!
2022-04-21 15:29:52 +03:00
};
const res = {
Fixed requestURL value passed to the APIVersionCompatibilityService refs https://github.com/TryGhost/Toolbox/issues/292 - There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object - Added tests to avoid similar mistake again
2022-05-09 10:33:40 +03:00
locals: {
safeVersion: '4.46'
}
Added test coverage to mw-api-version-mismatch refs https://github.com/TryGhost/Toolbox/issues/292 - There's no good reason to not write tests!
2022-04-21 15:29:52 +03:00
};
versionMismatchMW(APIVersionCompatibilityService)(new errors.RequestNotAcceptableError({
code: 'UPDATE_CLIENT'
}), req, res, () => {
assert.equal(APIVersionCompatibilityService.handleMismatch.called, true);
Updated version mismatch middleware to handle API keys refs https://github.com/TryGhost/Toolbox/issues/292 - The version mismatch middleware middleware is the best place where the information can be assembled for the APIVersionCompatibilityService to handle. We need API key identification information to be able to pick up the integration name when sending a notification email to the administrators
2022-05-10 11:44:18 +03:00
assert.deepEqual(Object.keys(APIVersionCompatibilityService.handleMismatch.args[0][0]), [
'acceptVersion',
'contentVersion',
'requestURL',
'userAgent',
'apiKeyValue',
'apiKeyType'
], 'handleMismatch called with wrong arguments');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].acceptVersion, 'v3.28');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].contentVersion, 'v4.46');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].requestURL, '/api/admin/posts/1');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].userAgent, 'Zapier/2.1 GhostAdminSDK/3.28');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyValue, null);
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyType, null);
done();
});
});
it('Does call handle mismatch when with correct API key values when identification information is in the request', function (done) {
const APIVersionCompatibilityService = {
handleMismatch: sinon.stub().resolves()
};
const req = {
Added query string trimming from the original URL refs https://github.com/TryGhost/Toolbox/issues/292 - There are couple of reasons why we don't want to include the query string information in the outgoing notification emails: - 1. Security - we can expose the Content API key to an unauthorized person. The emails go out to administrators, so they have access to this data anyway. But for example they might forward full email content to someone from “tech team” or whoever is not really authorized to see it. 2. It looks a bit ugly and could be waaay to long breaking the email layou
2022-05-11 05:40:09 +03:00
originalUrl: '/api/admin/posts/1?tim_me=please',
Updated version mismatch middleware to handle API keys refs https://github.com/TryGhost/Toolbox/issues/292 - The version mismatch middleware middleware is the best place where the information can be assembled for the APIVersionCompatibilityService to handle. We need API key identification information to be able to pick up the integration name when sending a notification email to the administrators
2022-05-10 11:44:18 +03:00
query: {
key: 'content_api_key_secret'
},
headers: {
'accept-version': 'v3.28',
'user-agent': 'Zapier/2.1 GhostAdminSDK/3.28'
}
};
const res = {
locals: {
safeVersion: '4.46'
}
};
versionMismatchMW(APIVersionCompatibilityService)(new errors.RequestNotAcceptableError({
code: 'UPDATE_CLIENT'
}), req, res, () => {
assert.equal(APIVersionCompatibilityService.handleMismatch.called, true);
assert.deepEqual(Object.keys(APIVersionCompatibilityService.handleMismatch.args[0][0]), [
'acceptVersion',
'contentVersion',
'requestURL',
'userAgent',
'apiKeyValue',
'apiKeyType'
], 'handleMismatch called with wrong arguments');
Fixed requestURL value passed to the APIVersionCompatibilityService refs https://github.com/TryGhost/Toolbox/issues/292 - There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object - Added tests to avoid similar mistake again
2022-05-09 10:33:40 +03:00
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].acceptVersion, 'v3.28');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].contentVersion, 'v4.46');
Added query string trimming from the original URL refs https://github.com/TryGhost/Toolbox/issues/292 - There are couple of reasons why we don't want to include the query string information in the outgoing notification emails: - 1. Security - we can expose the Content API key to an unauthorized person. The emails go out to administrators, so they have access to this data anyway. But for example they might forward full email content to someone from “tech team” or whoever is not really authorized to see it. 2. It looks a bit ugly and could be waaay to long breaking the email layou
2022-05-11 05:40:09 +03:00
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].requestURL, '/api/admin/posts/1', 'trims query string');
Fixed requestURL value passed to the APIVersionCompatibilityService refs https://github.com/TryGhost/Toolbox/issues/292 - There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object - Added tests to avoid similar mistake again
2022-05-09 10:33:40 +03:00
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].userAgent, 'Zapier/2.1 GhostAdminSDK/3.28');
Updated version mismatch middleware to handle API keys refs https://github.com/TryGhost/Toolbox/issues/292 - The version mismatch middleware middleware is the best place where the information can be assembled for the APIVersionCompatibilityService to handle. We need API key identification information to be able to pick up the integration name when sending a notification email to the administrators
2022-05-10 11:44:18 +03:00
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyValue, 'content_api_key_secret');
assert.equal(APIVersionCompatibilityService.handleMismatch.args[0][0].apiKeyType, 'content');
Fixed requestURL value passed to the APIVersionCompatibilityService refs https://github.com/TryGhost/Toolbox/issues/292 - There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object - Added tests to avoid similar mistake again
2022-05-09 10:33:40 +03:00
Added test coverage to mw-api-version-mismatch refs https://github.com/TryGhost/Toolbox/issues/292 - There's no good reason to not write tests!
2022-04-21 15:29:52 +03:00
done();
});
});
it('Does NOT call handle mismatch when a generic RequestNotAcceptableError is used', function (done) {
const APIVersionCompatibilityService = {
handleMismatch: sinon.stub().resolves()
};
versionMismatchMW(APIVersionCompatibilityService)(new errors.RequestNotAcceptableError(), {}, {}, () => {
assert.equal(APIVersionCompatibilityService.handleMismatch.called, false);
done();
});
});
});
Reference in New Issue Copy Permalink