From aa15b464c8922e889c27001186cce9fd9e830223 Mon Sep 17 00:00:00 2001 From: Hannah Wolfe Date: Tue, 25 Feb 2014 10:20:32 +0000 Subject: [PATCH] /ghost/reset/* should not redirect to signin fixes #2257 --- core/server/middleware/middleware.js | 17 +++++++++--- core/test/functional/routes/admin_test.js | 33 ++++++++++++++++++++--- 2 files changed, 43 insertions(+), 7 deletions(-) diff --git a/core/server/middleware/middleware.js b/core/server/middleware/middleware.js index cb64409c5b..0f67ffe178 100644 --- a/core/server/middleware/middleware.js +++ b/core/server/middleware/middleware.js @@ -25,15 +25,24 @@ function cacheServer(server) { var middleware = { // ### Authenticate Middleware - // authentication has to be done for /ghost/* routes with + // authentication has to be done for /ghost/* routes with // exceptions for signin, signout, signup, forgotten, reset only // api and frontend use different authentication mechanisms atm authenticate: function (req, res, next) { - var subPath = req.path.substring(config().paths.subdir.length), - noAuthNeeded = [ + var noAuthNeeded = [ '/ghost/signin/', '/ghost/signout/', '/ghost/signup/', '/ghost/forgotten/', '/ghost/reset/' - ]; + ], + subPath; + + // SubPath is the url path starting after any default subdirectories + // it is stripped of anything after the two levels `/ghost/.*?/` as the reset link has an argument + subPath = req.path.substring(config().paths.subdir.length); + /*jslint regexp:true, unparam:true*/ + subPath = subPath.replace(/^(\/.*?\/.*?\/)(.*)?/, function (match, a) { + return a; + }); + if (res.isAdmin) { if (subPath.indexOf('/ghost/api/') === 0) { return middleware.authAPI(req, res, next); diff --git a/core/test/functional/routes/admin_test.js b/core/test/functional/routes/admin_test.js index 0e9f626bf2..8d57a0eb50 100644 --- a/core/test/functional/routes/admin_test.js +++ b/core/test/functional/routes/admin_test.js @@ -73,7 +73,7 @@ describe('Admin Routing', function () { }); }); - it('should redirect from /ghost to /ghost/signin when no user', function (done) { + it('should redirect from /ghost/ to /ghost/signin/ when no user', function (done) { request.get('/ghost/') .expect('Location', /ghost\/signin/) .expect('Cache-Control', cacheRules['private']) @@ -81,7 +81,7 @@ describe('Admin Routing', function () { .end(doEnd(done)); }); - it('should redirect from /ghost/signin to /ghost/signup when no user', function (done) { + it('should redirect from /ghost/signin/ to /ghost/signup/ when no user', function (done) { request.get('/ghost/signin/') .expect('Location', /ghost\/signup/) .expect('Cache-Control', cacheRules['private']) @@ -89,7 +89,7 @@ describe('Admin Routing', function () { .end(doEnd(done)); }); - it('should respond with html for /ghost/signup', function (done) { + it('should respond with html for /ghost/signup/', function (done) { request.get('/ghost/signup/') .expect('Content-Type', /html/) .expect('Cache-Control', cacheRules['private']) @@ -118,4 +118,31 @@ describe('Admin Routing', function () { // }); }); + + describe('Ghost Admin Forgot Password', function () { + + it('should respond with html for /ghost/forgotten/', function (done) { + request.get('/ghost/forgotten/') + .expect('Content-Type', /html/) + .expect('Cache-Control', cacheRules['private']) + .expect(200) + .end(doEnd(done)); + }); + + it('should respond 404 for /ghost/reset/', function (done) { + request.get('/ghost/reset/') + .expect('Cache-Control', cacheRules.hour) + .expect(404) + .expect(/Page Not Found/) + .end(doEnd(done)); + }); + + it('should redirect /ghost/reset/*/', function (done) { + request.get('/ghost/reset/athing/') + .expect('Location', /ghost\/forgotten/) + .expect('Cache-Control', cacheRules['private']) + .expect(302) + .end(doEnd(done)); + }); + }); }); \ No newline at end of file