2022-10-21 23:03:12 +03:00
import ctrlOrCmd from 'ghost-admin/utils/ctrl-or-cmd' ;
2016-05-24 15:06:59 +03:00
import windowProxy from 'ghost-admin/utils/window-proxy' ;
2022-03-08 14:32:01 +03:00
import { Response } from 'miragejs' ;
2017-05-29 21:50:03 +03:00
import { afterEach , beforeEach , describe , it } from 'mocha' ;
2019-01-02 12:58:55 +03:00
import { authenticateSession , invalidateSession } from 'ember-simple-auth/test-support' ;
2023-01-11 14:39:04 +03:00
import { currentRouteName , currentURL , fillIn , findAll , triggerKeyEvent , visit , waitFor } from '@ember/test-helpers' ;
2017-05-29 21:50:03 +03:00
import { expect } from 'chai' ;
2017-08-22 10:53:26 +03:00
import { run } from '@ember/runloop' ;
2019-01-02 12:58:55 +03:00
import { setupApplicationTest } from 'ember-mocha' ;
2019-05-27 11:37:05 +03:00
import { setupMirage } from 'ember-cli-mirage/test-support' ;
2016-01-25 14:11:29 +03:00
2015-11-04 18:20:11 +03:00
describe ( 'Acceptance: Authentication' , function ( ) {
2019-01-02 12:58:55 +03:00
let originalReplaceLocation ;
2015-11-04 18:20:11 +03:00
2019-01-02 12:58:55 +03:00
let hooks = setupApplicationTest ( ) ;
setupMirage ( hooks ) ;
2015-11-04 18:20:11 +03:00
2023-10-04 14:22:54 +03:00
beforeEach ( async function ( ) {
this . server . loadFixtures ( 'configs' ) ;
} ) ;
2017-03-14 19:04:46 +03:00
describe ( 'setup redirect' , function ( ) {
beforeEach ( function ( ) {
2017-10-13 12:39:49 +03:00
// ensure the /users/me route doesn't error
2019-01-02 12:58:55 +03:00
this . server . create ( 'user' ) ;
this . server . get ( 'authentication/setup' , function ( ) {
2017-03-14 19:04:46 +03:00
return { setup : [ { status : false } ] } ;
} ) ;
} ) ;
2017-04-24 15:29:48 +03:00
it ( 'redirects to setup when setup isn\'t complete' , async function ( ) {
await visit ( 'settings/labs' ) ;
2022-03-08 20:30:46 +03:00
expect ( currentURL ( ) ) . to . equal ( '/setup' ) ;
2017-03-14 19:04:46 +03:00
} ) ;
} ) ;
2015-11-04 18:20:11 +03:00
describe ( 'general page' , function ( ) {
2017-04-24 15:29:48 +03:00
let newLocation ;
2015-11-04 18:20:11 +03:00
beforeEach ( function ( ) {
originalReplaceLocation = windowProxy . replaceLocation ;
windowProxy . replaceLocation = function ( url ) {
2017-01-25 23:05:28 +03:00
url = url . replace ( /^\/ghost\// , '/' ) ;
2017-04-24 15:29:48 +03:00
newLocation = url ;
2015-11-04 18:20:11 +03:00
} ;
2017-04-24 15:29:48 +03:00
newLocation = undefined ;
2015-11-04 18:20:11 +03:00
2019-01-02 12:58:55 +03:00
let role = this . server . create ( 'role' , { name : 'Administrator' } ) ;
this . server . create ( 'user' , { roles : [ role ] , slug : 'test-user' } ) ;
2015-11-04 18:20:11 +03:00
} ) ;
afterEach ( function ( ) {
windowProxy . replaceLocation = originalReplaceLocation ;
} ) ;
2017-04-24 15:29:48 +03:00
it ( 'invalidates session on 401 API response' , async function ( ) {
2016-05-14 04:02:55 +03:00
// return a 401 when attempting to retrieve users
2022-10-21 23:03:12 +03:00
this . server . get ( '/users/me' , ( ) => new Response ( 401 , { } , {
2018-01-05 18:38:23 +03:00
errors : [
2019-03-25 14:29:14 +03:00
{ message : 'Access denied.' , type : 'UnauthorizedError' }
2018-01-05 18:38:23 +03:00
]
} ) ) ;
2015-11-04 18:20:11 +03:00
2019-01-02 12:58:55 +03:00
await authenticateSession ( ) ;
2021-11-04 11:40:24 +03:00
await visit ( '/settings/staff' ) ;
2015-11-04 18:20:11 +03:00
2017-04-24 15:29:48 +03:00
// running `visit(url)` inside windowProxy.replaceLocation breaks
// the async behaviour so we need to run `visit` here to simulate
// the browser visiting the new page
if ( newLocation ) {
await visit ( newLocation ) ;
}
2017-03-14 19:04:46 +03:00
2017-04-24 15:29:48 +03:00
expect ( currentURL ( ) , 'url after 401' ) . to . equal ( '/signin' ) ;
2015-11-04 18:20:11 +03:00
} ) ;
2016-05-14 04:02:55 +03:00
2022-10-21 23:03:12 +03:00
it ( 'invalidates session on 403 API response' , async function ( ) {
// return a 401 when attempting to retrieve users
this . server . get ( '/users/me' , ( ) => new Response ( 403 , { } , {
errors : [
{ message : 'Authorization failed' , type : 'NoPermissionError' }
]
} ) ) ;
await authenticateSession ( ) ;
await visit ( '/settings/staff' ) ;
// running `visit(url)` inside windowProxy.replaceLocation breaks
// the async behaviour so we need to run `visit` here to simulate
// the browser visiting the new page
if ( newLocation ) {
await visit ( newLocation ) ;
}
expect ( currentURL ( ) , 'url after 403' ) . to . equal ( '/signin' ) ;
} ) ;
2017-04-24 15:29:48 +03:00
it ( 'doesn\'t show navigation menu on invalid url when not authenticated' , async function ( ) {
2019-01-02 12:58:55 +03:00
await invalidateSession ( ) ;
2016-05-14 04:02:55 +03:00
2017-04-24 15:29:48 +03:00
await visit ( '/' ) ;
2016-05-14 04:02:55 +03:00
2017-04-24 15:29:48 +03:00
expect ( currentURL ( ) , 'current url' ) . to . equal ( '/signin' ) ;
2019-01-02 12:58:55 +03:00
expect ( findAll ( 'nav.gh-nav' ) . length , 'nav menu presence' ) . to . equal ( 0 ) ;
2016-05-14 04:02:55 +03:00
2017-04-24 15:29:48 +03:00
await visit ( '/signin/invalidurl/' ) ;
2016-05-14 04:02:55 +03:00
2017-04-24 15:29:48 +03:00
expect ( currentURL ( ) , 'url after invalid url' ) . to . equal ( '/signin/invalidurl/' ) ;
2019-01-02 12:58:55 +03:00
expect ( currentRouteName ( ) , 'path after invalid url' ) . to . equal ( 'error404' ) ;
expect ( findAll ( 'nav.gh-nav' ) . length , 'nav menu presence' ) . to . equal ( 0 ) ;
2016-05-14 04:02:55 +03:00
} ) ;
2017-04-24 15:29:48 +03:00
it ( 'shows nav menu on invalid url when authenticated' , async function ( ) {
2019-01-02 12:58:55 +03:00
await authenticateSession ( ) ;
2017-04-24 15:29:48 +03:00
await visit ( '/signin/invalidurl/' ) ;
2016-05-14 04:02:55 +03:00
2017-04-24 15:29:48 +03:00
expect ( currentURL ( ) , 'url after invalid url' ) . to . equal ( '/signin/invalidurl/' ) ;
2019-01-02 12:58:55 +03:00
expect ( currentRouteName ( ) , 'path after invalid url' ) . to . equal ( 'error404' ) ;
expect ( findAll ( 'nav.gh-nav' ) . length , 'nav menu presence' ) . to . equal ( 1 ) ;
2016-05-14 04:02:55 +03:00
} ) ;
2015-11-04 18:20:11 +03:00
} ) ;
2022-10-21 23:03:12 +03:00
describe ( 'editor' , function ( ) {
2016-06-11 19:52:36 +03:00
let origDebounce = run . debounce ;
let origThrottle = run . throttle ;
2015-11-04 18:20:11 +03:00
// we don't want the autosave interfering in this test
beforeEach ( function ( ) {
2016-06-11 19:52:36 +03:00
run . debounce = function ( ) { } ;
run . throttle = function ( ) { } ;
2015-11-04 18:20:11 +03:00
} ) ;
2017-04-24 15:29:48 +03:00
it ( 'displays re-auth modal attempting to save with invalid session' , async function ( ) {
2019-01-02 12:58:55 +03:00
let role = this . server . create ( 'role' , { name : 'Administrator' } ) ;
this . server . create ( 'user' , { roles : [ role ] } ) ;
2022-10-21 23:03:12 +03:00
let testOn = 'save' ; // use marker for different type of server.put result
2015-11-04 18:20:11 +03:00
// simulate an invalid session when saving the edited post
2022-10-21 23:03:12 +03:00
this . server . put ( '/posts/:id/' , function ( { posts , db } , { params } ) {
2017-01-02 21:50:36 +03:00
let post = posts . find ( params . id ) ;
2022-10-21 23:03:12 +03:00
let attrs = db . posts . find ( params . id ) ; // use attribute from db.posts to avoid hasInverseFor error
2015-11-04 18:20:11 +03:00
2022-10-21 23:03:12 +03:00
if ( testOn === 'edit' ) {
2017-01-02 21:50:36 +03:00
return new Response ( 401 , { } , {
2015-11-04 18:20:11 +03:00
errors : [
2019-03-25 14:29:14 +03:00
{ message : 'Access denied.' , type : 'UnauthorizedError' }
2015-11-04 18:20:11 +03:00
]
} ) ;
} else {
2017-01-02 21:50:36 +03:00
return post . update ( attrs ) ;
2015-11-04 18:20:11 +03:00
}
} ) ;
2019-01-02 12:58:55 +03:00
await authenticateSession ( ) ;
2015-11-04 18:20:11 +03:00
2017-04-24 15:29:48 +03:00
await visit ( '/editor' ) ;
2015-11-04 18:20:11 +03:00
// create the post
2022-10-21 23:03:12 +03:00
await fillIn ( '.gh-editor-title' , 'Test Post' ) ;
2023-10-04 14:22:54 +03:00
// await fillIn('.kg-prose', 'Test post body'); // TODO: We don't currently have an editorInstance when loading Lexical as the editor.. need to look in to this
2022-10-21 23:03:12 +03:00
await triggerKeyEvent ( '.gh-editor-title' , 'keydown' , 83 , {
metaKey : ctrlOrCmd === 'command' ,
ctrlKey : ctrlOrCmd === 'ctrl'
} ) ;
2017-04-24 15:29:48 +03:00
// we shouldn't have a modal at this point
2022-11-11 19:21:03 +03:00
expect ( findAll ( '[data-test-modal="re-authenticate"]' ) . length , 'modal exists' ) . to . equal ( 0 ) ;
2017-04-24 15:29:48 +03:00
// we also shouldn't have any alerts
2019-01-02 12:58:55 +03:00
expect ( findAll ( '.gh-alert' ) . length , 'no of alerts' ) . to . equal ( 0 ) ;
2015-11-04 18:20:11 +03:00
// update the post
2022-10-21 23:03:12 +03:00
testOn = 'edit' ;
2023-10-04 14:22:54 +03:00
await fillIn ( '.gh-editor-title' , 'Test Post Updated' ) ;
2022-11-11 19:21:03 +03:00
triggerKeyEvent ( '.gh-editor-title' , 'keydown' , 83 , {
2022-10-21 23:03:12 +03:00
metaKey : ctrlOrCmd === 'command' ,
ctrlKey : ctrlOrCmd === 'ctrl'
} ) ;
2015-11-04 18:20:11 +03:00
2017-04-24 15:29:48 +03:00
// we should see a re-auth modal
2022-11-11 19:21:03 +03:00
await waitFor ( '[data-test-modal="re-authenticate"]' , { timeout : 100 } ) ;
// close the modal so the modal promise is settled and we can continue
2023-01-11 14:39:04 +03:00
await triggerKeyEvent ( '[data-test-modal="re-authenticate"]' , 'keydown' , 'Escape' ) ;
2015-11-04 18:20:11 +03:00
} ) ;
// don't clobber debounce/throttle for future tests
afterEach ( function ( ) {
2016-06-11 19:52:36 +03:00
run . debounce = origDebounce ;
run . throttle = origThrottle ;
2015-11-04 18:20:11 +03:00
} ) ;
} ) ;
} ) ;