diff --git a/core/server/middleware/auth.js b/core/server/middleware/auth.js index 28b7416db2..59100b34e3 100644 --- a/core/server/middleware/auth.js +++ b/core/server/middleware/auth.js @@ -76,6 +76,10 @@ auth = { origin = url.parse(req.headers.origin).hostname; } + // req.body needs to be null for GET requests to build options correctly + delete req.body.client_id; + delete req.body.client_secret; + if (!origin && client && client.type === 'ua') { res.header('Access-Control-Allow-Origin', config.url); req.client = client; diff --git a/core/test/functional/routes/api/public_api_spec.js b/core/test/functional/routes/api/public_api_spec.js index 68a0e4866a..1b422b1523 100644 --- a/core/test/functional/routes/api/public_api_spec.js +++ b/core/test/functional/routes/api/public_api_spec.js @@ -15,6 +15,9 @@ describe('Public API', function () { // TODO: prevent db init, and manage bringing up the DB with fixtures ourselves ghost().then(function (ghostServer) { request = supertest.agent(ghostServer.rootApp); + }).then(function () { + return testUtils.doAuth(request, 'posts', 'tags'); + }).then(function () { done(); }).catch(done); }); @@ -40,7 +43,7 @@ describe('Public API', function () { var jsonResponse = res.body; jsonResponse.posts.should.exist; testUtils.API.checkResponse(jsonResponse, 'posts'); - jsonResponse.posts.should.have.length(1); + jsonResponse.posts.should.have.length(5); testUtils.API.checkResponse(jsonResponse.posts[0], 'post'); testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination'); _.isBoolean(jsonResponse.posts[0].featured).should.eql(true); @@ -49,7 +52,7 @@ describe('Public API', function () { }); }); - it('browse tags', function (done) { + it('browse tags without limit defaults to 15', function (done) { request.get(testUtils.API.getApiQuery('tags/?client_id=ghost-admin&client_secret=not_available')) .set('Origin', testUtils.API.getURL()) .expect('Content-Type', /json/) @@ -64,7 +67,51 @@ describe('Public API', function () { var jsonResponse = res.body; jsonResponse.tags.should.exist; testUtils.API.checkResponse(jsonResponse, 'tags'); - jsonResponse.tags.should.have.length(1); + jsonResponse.tags.should.have.length(15); + testUtils.API.checkResponse(jsonResponse.tags[0], 'tag'); + testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination'); + done(); + }); + }); + + it('browse tags - limit=all should fetch all tags', function (done) { + request.get(testUtils.API.getApiQuery('tags/?limit=all&client_id=ghost-admin&client_secret=not_available')) + .set('Origin', testUtils.API.getURL()) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(200) + .end(function (err, res) { + if (err) { + return done(err); + } + console.log('tags:', res.body.tags); + should.not.exist(res.headers['x-cache-invalidate']); + var jsonResponse = res.body; + jsonResponse.tags.should.exist; + testUtils.API.checkResponse(jsonResponse, 'tags'); + jsonResponse.tags.should.have.length(56); + testUtils.API.checkResponse(jsonResponse.tags[0], 'tag'); + testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination'); + done(); + }); + }); + + it('browse tags without limit=4 fetches 4 tags', function (done) { + request.get(testUtils.API.getApiQuery('tags/?limit=4&client_id=ghost-admin&client_secret=not_available')) + .set('Origin', testUtils.API.getURL()) + .expect('Content-Type', /json/) + .expect('Cache-Control', testUtils.cacheRules.private) + .expect(200) + .end(function (err, res) { + if (err) { + return done(err); + } + + should.not.exist(res.headers['x-cache-invalidate']); + var jsonResponse = res.body; + jsonResponse.tags.should.exist; + testUtils.API.checkResponse(jsonResponse, 'tags'); + jsonResponse.tags.should.have.length(4); testUtils.API.checkResponse(jsonResponse.tags[0], 'tag'); testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination'); done();