OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure public api can uses limit parameter

Browse Source 
No Issue

- removes client id and secret after authentication
- adds tests to check default limit, all and integer
This commit is contained in:
cobbspur 2015-10-28 18:39:10 +00:00
parent 9dc4efca13
commit d0d126eba7
2 changed files with 54 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/server/middleware/auth.js
View File

@ -76,6 +76,10 @@ auth = {
origin = url.parse(req.headers.origin).hostname;
}
// req.body needs to be null for GET requests to build options correctly
delete req.body.client_id;
delete req.body.client_secret;
if (!origin && client && client.type === 'ua') {
res.header('Access-Control-Allow-Origin', config.url);
req.client = client;

53
core/test/functional/routes/api/public_api_spec.js
View File

@ -15,6 +15,9 @@ describe('Public API', function () {
// TODO: prevent db init, and manage bringing up the DB with fixtures ourselves
ghost().then(function (ghostServer) {
request = supertest.agent(ghostServer.rootApp);
}).then(function () {
return testUtils.doAuth(request, 'posts', 'tags');
}).then(function () {
done();
}).catch(done);
});
@ -40,7 +43,7 @@ describe('Public API', function () {
var jsonResponse = res.body;
jsonResponse.posts.should.exist;
testUtils.API.checkResponse(jsonResponse, 'posts');
jsonResponse.posts.should.have.length(1);
jsonResponse.posts.should.have.length(5);
testUtils.API.checkResponse(jsonResponse.posts[0], 'post');
testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination');
_.isBoolean(jsonResponse.posts[0].featured).should.eql(true);
@ -49,7 +52,7 @@ describe('Public API', function () {
});
});
it('browse tags', function (done) {
it('browse tags without limit defaults to 15', function (done) {
request.get(testUtils.API.getApiQuery('tags/?client_id=ghost-admin&client_secret=not_available'))
.set('Origin', testUtils.API.getURL())
.expect('Content-Type', /json/)
@ -64,7 +67,51 @@ describe('Public API', function () {
var jsonResponse = res.body;
jsonResponse.tags.should.exist;
testUtils.API.checkResponse(jsonResponse, 'tags');
jsonResponse.tags.should.have.length(1);
jsonResponse.tags.should.have.length(15);
testUtils.API.checkResponse(jsonResponse.tags[0], 'tag');
testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination');
done();
});
});
it('browse tags - limit=all should fetch all tags', function (done) {
request.get(testUtils.API.getApiQuery('tags/?limit=all&client_id=ghost-admin&client_secret=not_available'))
.set('Origin', testUtils.API.getURL())
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
console.log('tags:', res.body.tags);
should.not.exist(res.headers['x-cache-invalidate']);
var jsonResponse = res.body;
jsonResponse.tags.should.exist;
testUtils.API.checkResponse(jsonResponse, 'tags');
jsonResponse.tags.should.have.length(56);
testUtils.API.checkResponse(jsonResponse.tags[0], 'tag');
testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination');
done();
});
});
it('browse tags without limit=4 fetches 4 tags', function (done) {
request.get(testUtils.API.getApiQuery('tags/?limit=4&client_id=ghost-admin&client_secret=not_available'))
.set('Origin', testUtils.API.getURL())
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
var jsonResponse = res.body;
jsonResponse.tags.should.exist;
testUtils.API.checkResponse(jsonResponse, 'tags');
jsonResponse.tags.should.have.length(4);
testUtils.API.checkResponse(jsonResponse.tags[0], 'tag');
testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination');
done();