Ghost/test/e2e-api/content/key_authentication.test.js

const should = require('should');
const supertest = require('supertest');
const testUtils = require('../../utils');
const localUtils = require('./utils');
const config = require('../../../core/shared/config');
const configUtils = require('../../utils/configUtils');

describe('Content API key authentication', function () {
    let request;

    before(async function () {
        await localUtils.startGhost();
        request = supertest.agent(config.get('url'));
        await testUtils.initFixtures('api_keys');
    });

    it('Can not access without key', async function () {
        await request.get(localUtils.API.getApiQuery('posts/'))
            .expect('Content-Type', /json/)
            .expect('Cache-Control', testUtils.cacheRules.private)
            .expect(403);
    });

    it('Can access with with valid key', async function () {
        const key = localUtils.getValidKey();

        await request.get(localUtils.API.getApiQuery(`posts/?key=${key}`))
            .expect('Content-Type', /json/)
            .expect('Cache-Control', testUtils.cacheRules.private)
            .expect(200);
    });

    describe('Host Settings: custom integration limits', function () {
        afterEach(function () {
            configUtils.set('hostSettings:limits', undefined);
        });

        it('Blocks the request when host limit is in place for custom integrations', async function () {
            configUtils.set('hostSettings:limits', {
                customIntegrations: {
                    disabled: true,
                    error: 'Custom limit error message'
                }
            });

            // NOTE: need to do a full reboot to reinitialize hostSettings
            await localUtils.startGhost();
            await testUtils.initFixtures('api_keys');

            const key = localUtils.getValidKey();

            const response = await request.get(localUtils.API.getApiQuery(`posts/?key=${key}`))
                .expect('Content-Type', /json/)
                .expect('Cache-Control', testUtils.cacheRules.private)
                .expect(403);

            response.body.errors[0].type.should.equal('HostLimitError');
            response.body.errors[0].message.should.equal('Custom limit error message');
        });
    });
});
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`const should = require('should');`
			`const supertest = require('supertest');`
Switched to canary endpoints in acceptance tests (#11143) no issue - Switched acceptance tests to run against canary branch - Corrected actions specs - Corrected authentication spec - Moved test suites our of 'old' folder 2019-09-20 18:02:45 +03:00			`const testUtils = require('../../utils');`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`const localUtils = require('./utils');`
Moved config from server to shared (#11850) * moved `server/config` to `shared/config` * updated config import paths in server to use shared * updated config import paths in frontend to use shared * updated config import paths in test to use shared * updated config import paths in root to use shared * trigger regression tests * of course the rebase broke tests 2020-05-27 20:47:53 +03:00			`const config = require('../../../core/shared/config');`
Blocked requests from integrations when integration limit is in place https://github.com/TryGhost/Team/issues/599 - When custom integration limit is enabled all requests from existing integrations should not be accepted. With the exception of internal integrations like backup and scheduler 2021-04-09 15:45:26 +03:00			`const configUtils = require('../../utils/configUtils');`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00
Reduced & moved acceptance tests for content API refs #9178 - goal: only run main use cases regurlay - the rest should run once per day - reduced tests also 2019-02-04 17:49:59 +03:00			`describe('Content API key authentication', function () {`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`let request;`

Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`before(async function () {`
Renamed testUtils.startGhost to localUtils.startGhost refs https://github.com/TryGhost/Toolbox/issues/135 - Going though local utils allows to have the "withFrontend: false" flag applied only to the e2e-api test suites. This way we can gradually introduce the no-frontend change across all test suites 2021-11-18 11:55:35 +03:00			`await localUtils.startGhost();`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`request = supertest.agent(config.get('url'));`
			`await testUtils.initFixtures('api_keys');`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`});`

Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`it('Can not access without key', async function () {`
			`await request.get(localUtils.API.getApiQuery('posts/'))`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`.expect('Content-Type', /json/)`
			`.expect('Cache-Control', testUtils.cacheRules.private)`
			`.expect(403);`
			`});`

Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`it('Can access with with valid key', async function () {`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`const key = localUtils.getValidKey();`

Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			await request.get(localUtils.API.getApiQuery(`posts/?key=${key}`))
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`.expect('Content-Type', /json/)`
			`.expect('Cache-Control', testUtils.cacheRules.private)`
			`.expect(200);`
			`});`
Blocked requests from integrations when integration limit is in place https://github.com/TryGhost/Team/issues/599 - When custom integration limit is enabled all requests from existing integrations should not be accepted. With the exception of internal integrations like backup and scheduler 2021-04-09 15:45:26 +03:00
			`describe('Host Settings: custom integration limits', function () {`
			`afterEach(function () {`
			`configUtils.set('hostSettings:limits', undefined);`
			`});`

			`it('Blocks the request when host limit is in place for custom integrations', async function () {`
			`configUtils.set('hostSettings:limits', {`
			`customIntegrations: {`
			`disabled: true,`
			`error: 'Custom limit error message'`
			`}`
			`});`

			`// NOTE: need to do a full reboot to reinitialize hostSettings`
Renamed testUtils.startGhost to localUtils.startGhost refs https://github.com/TryGhost/Toolbox/issues/135 - Going though local utils allows to have the "withFrontend: false" flag applied only to the e2e-api test suites. This way we can gradually introduce the no-frontend change across all test suites 2021-11-18 11:55:35 +03:00			`await localUtils.startGhost();`
Blocked requests from integrations when integration limit is in place https://github.com/TryGhost/Team/issues/599 - When custom integration limit is enabled all requests from existing integrations should not be accepted. With the exception of internal integrations like backup and scheduler 2021-04-09 15:45:26 +03:00			`await testUtils.initFixtures('api_keys');`

			`const key = localUtils.getValidKey();`

			const response = await request.get(localUtils.API.getApiQuery(`posts/?key=${key}`))
			`.expect('Content-Type', /json/)`
			`.expect('Cache-Control', testUtils.cacheRules.private)`
			`.expect(403);`

Update dependency @tryghost/mw-error-handler to v1 (#14719) - Replaced usage of handleJSONResponseV2 with the newly renamed handleJSONResponse Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Hannah Wolfe <github.erisds@gmail.com> 2022-05-07 17:28:28 +03:00			`response.body.errors[0].type.should.equal('HostLimitError');`
Blocked requests from integrations when integration limit is in place https://github.com/TryGhost/Team/issues/599 - When custom integration limit is enabled all requests from existing integrations should not be accepted. With the exception of internal integrations like backup and scheduler 2021-04-09 15:45:26 +03:00			`response.body.errors[0].message.should.equal('Custom limit error message');`
			`});`
			`});`
Added acceptance suite for Content API key verification 2019-01-24 15:37:27 +03:00			`});`