Ghost/ghost/admin/tests/acceptance/authentication-test.js

/* jshint expr:true */
import {
    describe,
    it,
    beforeEach,
    afterEach
} from 'mocha';
import { expect } from 'chai';
import Ember from 'ember';
import startApp from '../helpers/start-app';
import destroyApp from '../helpers/destroy-app';
import { authenticateSession, currentSession, invalidateSession } from 'ghost/tests/helpers/ember-simple-auth';
import Mirage from 'ember-cli-mirage';
import windowProxy from 'ghost/utils/window-proxy';
import ghostPaths from 'ghost/utils/ghost-paths';

const Ghost = ghostPaths();

describe('Acceptance: Authentication', function () {
    let application,
        originalReplaceLocation;

    beforeEach(function () {
        application = startApp();
    });

    afterEach(function () {
        destroyApp(application);
    });

    describe('general page', function () {
        beforeEach(function () {
            originalReplaceLocation = windowProxy.replaceLocation;
            windowProxy.replaceLocation = function (url) {
                visit(url);
            };

            server.loadFixtures();
            let role = server.create('role', {name: 'Administrator'});
            let user = server.create('user', {roles: [role], slug: 'test-user'});
        });

        afterEach(function () {
            windowProxy.replaceLocation = originalReplaceLocation;
        });

        it('invalidates session on 401 API response', function () {
            // return a 401 when attempting to retrieve tags
            server.get('/users/', (db, request) => {
                return new Mirage.Response(401, {}, {
                    errors: [
                        {message: 'Access denied.', errorType: 'UnauthorizedError'}
                    ]
                });
            });

            authenticateSession(application);
            visit('/team');

            andThen(() => {
                expect(currentURL(), 'url after 401').to.equal('/signin');
            });
        });
    });

    describe('editor', function () {
        let origDebounce = Ember.run.debounce;
        let origThrottle = Ember.run.throttle;

        // we don't want the autosave interfering in this test
        beforeEach(function () {
            Ember.run.debounce = function () { };
            Ember.run.throttle = function () { };
        });

        it('displays re-auth modal attempting to save with invalid session', function () {
            let role = server.create('role', {name: 'Administrator'});
            let user = server.create('user', {roles: [role]});

            // simulate an invalid session when saving the edited post
            server.put('/posts/:id/', (db, request) => {
                let post = db.posts.find(request.params.id);
                let [attrs] = JSON.parse(request.requestBody).posts;

                if (attrs.markdown === 'Edited post body') {
                    return new Mirage.Response(401, {}, {
                        errors: [
                            {message: 'Access denied.', errorType: 'UnauthorizedError'}
                        ]
                    });
                } else {
                    return {
                        posts: [post]
                    };
                }
            });

            server.loadFixtures();
            authenticateSession(application);

            visit('/editor');

            // create the post
            fillIn('#entry-title', 'Test Post');
            fillIn('textarea.markdown-editor', 'Test post body');
            click('.js-publish-button');

            andThen(() => {
                // we shouldn't have a modal at this point
                expect(find('.modal-container #login').length, 'modal exists').to.equal(0);
                // we also shouldn't have any alerts
                expect(find('.gh-alert').length, 'no of alerts').to.equal(0);
            });

            // update the post
            fillIn('textarea.markdown-editor', 'Edited post body');
            click('.js-publish-button');

            andThen(() => {
                // we should see a re-auth modal
                expect(find('.fullscreen-modal #login').length, 'modal exists').to.equal(1);
            });
        });

        // don't clobber debounce/throttle for future tests
        afterEach(function () {
            Ember.run.debounce = origDebounce;
            Ember.run.throttle = origThrottle;
        });
    });

    it('adds auth headers to jquery ajax', function (done) {
        let role = server.create('role', {name: 'Administrator'});
        let user = server.create('user', {roles: [role]});

        server.post('/uploads', (db, request) => {
            return request;
        });
        server.loadFixtures();

        // jscs:disable requireCamelCaseOrUpperCaseIdentifiers
        authenticateSession(application, {
            access_token: 'test_token',
            expires_in: 3600,
            token_type: 'Bearer'
        });
        // jscs:enable requireCamelCaseOrUpperCaseIdentifiers

        // necessary to visit a page to fully boot the app in testing
        visit('/').andThen(() => {
            $.ajax({
                type: 'POST',
                url: `${Ghost.apiRoot}/uploads/`,
                data: {test: 'Test'}
            }).then((request) => {
                expect(request.requestHeaders.Authorization, 'Authorization header')
                    .to.exist;
                expect(request.requestHeaders.Authorization, 'Authotization header content')
                    .to.equal('Bearer test_token');
            }).always(() => {
                done();
            });
        });
    });
});
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00			`/* jshint expr:true */`
			`import {`
			`describe,`
			`it,`
			`beforeEach,`
			`afterEach`
			`} from 'mocha';`
			`import { expect } from 'chai';`
			`import Ember from 'ember';`
			`import startApp from '../helpers/start-app';`
deps: ember-cli@1.13.13 2015-11-30 20:21:39 +03:00			`import destroyApp from '../helpers/destroy-app';`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00			`import { authenticateSession, currentSession, invalidateSession } from 'ghost/tests/helpers/ember-simple-auth';`
			`import Mirage from 'ember-cli-mirage';`
			`import windowProxy from 'ghost/utils/window-proxy';`
Fix 401 error when uploading images closes #6377 - restores ajax prefilter initializer that was removed in #6243 - adds regression test for standard `$.ajax` requests sending Authorization header This can be removed once we no longer have jquery plugins that make internal ajax calls that don't go through ember-ajax. 2016-01-25 14:11:29 +03:00			`import ghostPaths from 'ghost/utils/ghost-paths';`

			`const Ghost = ghostPaths();`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00
			`describe('Acceptance: Authentication', function () {`
			`let application,`
			`originalReplaceLocation;`

			`beforeEach(function () {`
			`application = startApp();`
			`});`

			`afterEach(function () {`
deps: ember-cli@1.13.13 2015-11-30 20:21:39 +03:00			`destroyApp(application);`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00			`});`

			`describe('general page', function () {`
			`beforeEach(function () {`
			`originalReplaceLocation = windowProxy.replaceLocation;`
			`windowProxy.replaceLocation = function (url) {`
			`visit(url);`
			`};`

			`server.loadFixtures();`
Use es6 across client and add ember-suave to enforce rules no issue - add ember-suave dependency - upgrade grunt-jscs dependency - add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc - separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc - standardize es6 usage across client 2015-10-28 14:36:45 +03:00			`let role = server.create('role', {name: 'Administrator'});`
			`let user = server.create('user', {roles: [role], slug: 'test-user'});`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00			`});`

			`afterEach(function () {`
			`windowProxy.replaceLocation = originalReplaceLocation;`
			`});`

			`it('invalidates session on 401 API response', function () {`
			`// return a 401 when attempting to retrieve tags`
			`server.get('/users/', (db, request) => {`
			`return new Mirage.Response(401, {}, {`
			`errors: [`
			`{message: 'Access denied.', errorType: 'UnauthorizedError'}`
			`]`
			`});`
			`});`

			`authenticateSession(application);`
			`visit('/team');`

			`andThen(() => {`
			`expect(currentURL(), 'url after 401').to.equal('/signin');`
			`});`
			`});`
			`});`

			`describe('editor', function () {`
			`let origDebounce = Ember.run.debounce;`
			`let origThrottle = Ember.run.throttle;`

			`// we don't want the autosave interfering in this test`
			`beforeEach(function () {`
			`Ember.run.debounce = function () { };`
			`Ember.run.throttle = function () { };`
			`});`

			`it('displays re-auth modal attempting to save with invalid session', function () {`
Use es6 across client and add ember-suave to enforce rules no issue - add ember-suave dependency - upgrade grunt-jscs dependency - add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc - separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc - standardize es6 usage across client 2015-10-28 14:36:45 +03:00			`let role = server.create('role', {name: 'Administrator'});`
			`let user = server.create('user', {roles: [role]});`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00
			`// simulate an invalid session when saving the edited post`
			`server.put('/posts/:id/', (db, request) => {`
Use es6 across client and add ember-suave to enforce rules no issue - add ember-suave dependency - upgrade grunt-jscs dependency - add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc - separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc - standardize es6 usage across client 2015-10-28 14:36:45 +03:00			`let post = db.posts.find(request.params.id);`
			`let [attrs] = JSON.parse(request.requestBody).posts;`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00
			`if (attrs.markdown === 'Edited post body') {`
			`return new Mirage.Response(401, {}, {`
			`errors: [`
			`{message: 'Access denied.', errorType: 'UnauthorizedError'}`
			`]`
			`});`
			`} else {`
			`return {`
			`posts: [post]`
			`};`
			`}`
			`});`

			`server.loadFixtures();`
			`authenticateSession(application);`

			`visit('/editor');`

			`// create the post`
			`fillIn('#entry-title', 'Test Post');`
			`fillIn('textarea.markdown-editor', 'Test post body');`
			`click('.js-publish-button');`

			`andThen(() => {`
			`// we shouldn't have a modal at this point`
			`expect(find('.modal-container #login').length, 'modal exists').to.equal(0);`
			`// we also shouldn't have any alerts`
			`expect(find('.gh-alert').length, 'no of alerts').to.equal(0);`
			`});`

			`// update the post`
			`fillIn('textarea.markdown-editor', 'Edited post body');`
			`click('.js-publish-button');`

			`andThen(() => {`
			`// we should see a re-auth modal`
Refactor modals refs #5798, closes #5018 - adds new `gh-fullscreen-modal` component - modals are now specified in-context so that they can have deeper interaction with their surrounding components/controller/route, i.e. a modal component can be a thin confirm/deny wrapper over the underlying controller action keeping all context-sensitive logic in one place - adds spin-buttons to all modals with async behaviour - adds/improves behaviour of inline-validation in modals - improves re-authenticate modal to properly handle validation and authentication errors 2015-11-18 13:50:48 +03:00			`expect(find('.fullscreen-modal #login').length, 'modal exists').to.equal(1);`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00			`});`
			`});`

			`// don't clobber debounce/throttle for future tests`
			`afterEach(function () {`
			`Ember.run.debounce = origDebounce;`
			`Ember.run.throttle = origThrottle;`
			`});`
			`});`
Fix 401 error when uploading images closes #6377 - restores ajax prefilter initializer that was removed in #6243 - adds regression test for standard `$.ajax` requests sending Authorization header This can be removed once we no longer have jquery plugins that make internal ajax calls that don't go through ember-ajax. 2016-01-25 14:11:29 +03:00
			`it('adds auth headers to jquery ajax', function (done) {`
			`let role = server.create('role', {name: 'Administrator'});`
			`let user = server.create('user', {roles: [role]});`

			`server.post('/uploads', (db, request) => {`
			`return request;`
			`});`
			`server.loadFixtures();`

			`// jscs:disable requireCamelCaseOrUpperCaseIdentifiers`
			`authenticateSession(application, {`
			`access_token: 'test_token',`
			`expires_in: 3600,`
			`token_type: 'Bearer'`
			`});`
			`// jscs:enable requireCamelCaseOrUpperCaseIdentifiers`

			`// necessary to visit a page to fully boot the app in testing`
			`visit('/').andThen(() => {`
			`$.ajax({`
			`type: 'POST',`
			url: `${Ghost.apiRoot}/uploads/`,
			`data: {test: 'Test'}`
			`}).then((request) => {`
			`expect(request.requestHeaders.Authorization, 'Authorization header')`
			`.to.exist;`
			`expect(request.requestHeaders.Authorization, 'Authotization header content')`
			`.to.equal('Bearer test_token');`
			`}).always(() => {`
			`done();`
			`});`
			`});`
			`});`
Fix auth regressions after ESA 1.0 upgrade refs #6039, closes #6047, closes #6048 - delete old/unused fixtures file - add failing tests for #6047 & #6048 - redirect to sign-in if we get a 401 when making an API request - fix incorrect `this.notifications` call in tag controller - raise `authorizationFailed` action in application route's `sessionInvalidated` hook so that it can be handled by leaf routes (fixes re-auth modal display) - close "saving failed" alert when successfully re-authenticated - adds a "window-proxy" util so that we can override `window.*` operations in tests - fix `gh-selectize` attempting to register event handlers when the component has already been destroyed 2015-11-04 18:20:11 +03:00			`});`