diff options
| author | Marius Halden <marius.h@lden.org> | 2021-10-07 13:32:40 +0200 |
|---|---|---|
| committer | Marius Halden <marius.h@lden.org> | 2021-10-07 13:32:40 +0200 |
| commit | 09dacfc6b8bf62addeee16c20b1d90c2a256da96 (patch) | |
| tree | 7caa2bf9e92227ab74448f9b746dd28bbcb81b2a /t/app/controller/report_updates.t | |
| parent | 585e57484f9c6332668bf1ac0a6a3b39dbe32223 (diff) | |
| parent | cea89fb87a96943708a1db0f646492fbfaaf000f (diff) | |
Merge tag 'v3.1' into fiksgatami-devfiksgatami-dev
Diffstat (limited to 't/app/controller/report_updates.t')
| -rw-r--r-- | t/app/controller/report_updates.t | 209 |
1 files changed, 168 insertions, 41 deletions
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t index 07ee48587..2b60867b8 100644 --- a/t/app/controller/report_updates.t +++ b/t/app/controller/report_updates.t @@ -22,6 +22,8 @@ my $user2 = $mech->create_user_ok('commenter@example.com', name => 'Commenter'); my $body = $mech->create_body_ok(2504, 'Westminster City Council'); +my $contact = $mech->create_contact_ok( body_id => $body->id, category => 'Other', email => 'other' ); + my $dt = DateTime->new( year => 2011, month => 04, @@ -270,7 +272,8 @@ for my $test ( { desc => 'No email, no message', fields => { - username => '', + username_register => '', + username => '', update => '', name => '', photo1 => '', @@ -283,12 +286,13 @@ for my $test ( password_sign_in => '', }, changes => {}, - field_errors => [ 'Please enter a message', 'Please enter your email', 'Please enter your name' ] + field_errors => [ 'Please enter a message', 'Please enter your name', 'Please enter your email' ] }, { desc => 'Invalid email, no message', fields => { - username => 'test', + username_register => 'test', + username => '', update => '', name => '', photo1 => '', @@ -301,12 +305,13 @@ for my $test ( password_register => '', }, changes => {}, - field_errors => [ 'Please enter a message', 'Please enter a valid email', 'Please enter your name' ] + field_errors => [ 'Please enter a message', 'Please enter your name', 'Please enter a valid email' ] }, { desc => 'email with spaces, no message', fields => { - username => 'test @ example. com', + username_register => 'test @ example. com', + username => '', update => '', name => '', photo1 => '', @@ -318,15 +323,14 @@ for my $test ( password_register => '', password_sign_in => '', }, - changes => { - username => 'test@example.com', - }, + changes => {}, field_errors => [ 'Please enter a message', 'Please enter your name' ] }, { desc => 'email with uppercase, no message', fields => { - username => 'test@EXAMPLE.COM', + username_register => 'test@EXAMPLE.COM', + username => '', update => '', name => '', photo1 => '', @@ -338,9 +342,7 @@ for my $test ( password_register => '', password_sign_in => '', }, - changes => { - username => 'test@example.com', - }, + changes => {}, field_errors => [ 'Please enter a message', 'Please enter your name' ] }, ) @@ -367,6 +369,7 @@ for my $test ( desc => 'submit an update for a non registered user', initial_values => { name => '', + username_register => '', username => '', may_show_name => undef, add_alert => 1, @@ -380,7 +383,7 @@ for my $test ( }, form_values => { submit_update => 1, - username => 'unregistered@example.com', + username_register => 'unregistered@example.com', update => 'Update from an unregistered user', add_alert => undef, name => 'Unreg User', @@ -392,6 +395,7 @@ for my $test ( desc => 'submit an update for a non registered user and sign up', initial_values => { name => '', + username_register => '', username => '', may_show_name => undef, add_alert => 1, @@ -405,7 +409,7 @@ for my $test ( }, form_values => { submit_update => 1, - username => 'unregistered@example.com', + username_register => 'unregistered@example.com', update => "update from an\r\n\r\nunregistered user", add_alert => 1, name => 'Unreg User', @@ -463,14 +467,14 @@ for my $test ( ok $update, 'found update in database'; is $update->state, 'unconfirmed', 'update unconfirmed'; - is $update->user->email, $details->{username}, 'update email'; + is $update->user->email, $details->{username_register}, 'update email'; is $update->text, $details->{update}, 'update text'; is $add_alerts, $details->{add_alert} ? 1 : 0, 'do not sign up for alerts'; $mech->get_ok( $url ); $mech->content_contains("/report/$report_id#update_$update_id"); - my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username} } ); + my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username_register} } ); ok $unreg_user, 'found user'; @@ -495,6 +499,7 @@ for my $test ( desc => 'overriding email confirmation allows report confirmation with no email sent', initial_values => { name => '', + username_register => '', username => '', may_show_name => undef, add_alert => 1, @@ -508,7 +513,7 @@ for my $test ( }, form_values => { submit_update => 1, - username => 'unregistered@example.com', + username_register => 'unregistered@example.com', update => "update no email confirm", add_alert => 1, name => 'Unreg User', @@ -560,10 +565,10 @@ for my $test ( ok $update, 'found update in database'; is $update->state, 'confirmed', 'update confirmed'; - is $update->user->email, $details->{username}, 'update email'; + is $update->user->email, $details->{username_register}, 'update email'; is $update->text, $details->{update}, 'update text'; - my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username} } ); + my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username_register} } ); ok $unreg_user, 'found user'; @@ -842,8 +847,9 @@ subtest "check comment with no status change has not status in meta" => sub { $user->from_body( undef ); $user->update; + $report->update( { state => 'fixed - user' } ); my $comment = $report->comments->first; - $comment->update( { mark_fixed => 1, problem_state => 'fixed - council' } ); + $comment->update( { mark_fixed => 1, problem_state => 'fixed - user' } ); $mech->get_ok("/report/$report_id"); @@ -869,8 +875,8 @@ subtest "check comment with no status change has not status in meta" => sub { my $update = pop @updates; - is $report->state, 'fixed - council', 'correct report state'; - is $update->problem_state, 'fixed - council', 'correct update state'; + is $report->state, 'fixed - user', 'correct report state'; + is $update->problem_state, 'fixed - user', 'correct update state'; my $update_meta = $mech->extract_update_metas; unlike $update_meta->[1], qr/State changed to/, 'update meta does not include state change'; @@ -905,6 +911,7 @@ subtest "check comment with no status change has not status in meta" => sub { is $report->state, 'investigating', 'correct report state'; is $update->problem_state, 'investigating', 'correct update state'; + is $update->get_extra_metadata('is_body_user'), $body->id, 'correct metadata'; $update_meta = $mech->extract_update_metas; like $update_meta->[0], qr/fixed/i, 'first update meta says fixed'; unlike $update_meta->[2], qr/State changed to/, 'second update meta does not include state change'; @@ -1094,10 +1101,10 @@ subtest $test->{desc} => sub { unlike $update_meta->[1], qr/Commenter/, 'commenter name not included'; like $update_meta->[0], qr/investigating/i, 'update meta includes state change'; - if ($test->{body} || $test->{bodyuser}) { - like $update_meta->[1], qr/Westminster/, 'body user update uses body name'; - } elsif ($test->{superuser}) { + if ($test->{superuser}) { like $update_meta->[1], qr/an administrator/, 'superuser update says an administrator'; + } elsif ($test->{body} || $test->{bodyuser}) { + like $update_meta->[1], qr/Westminster/, 'body user update uses body name'; } ok $user->user_body_permissions->create({ @@ -1219,6 +1226,21 @@ $report->comments->delete; for my $test ( { + desc => 'submit an update with bad email and password', + form_values => { + submit_update => 1, + username => 'registered@', + update => 'Update from a user', + add_alert => undef, + password_sign_in => 'secret', + }, + field_errors => [ + 'Please enter a valid email', + "There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the \x{2018}No\x{2019} section of the form.", + 'Please enter your name', # FIXME Not really necessary error + ], + }, + { desc => 'submit an update for a registered user, signing in with wrong password', form_values => { submit_update => 1, @@ -1304,7 +1326,7 @@ subtest 'submit an update for a registered user, creating update by email' => su $mech->submit_form_ok( { with_fields => { submit_update => 1, - username => $user->email, + username_register => $user->email, update => 'Update from a user', add_alert => undef, name => 'New Name', @@ -1753,7 +1775,7 @@ for my $test ( fields => { submit_update => 1, name => 'Test User', - username => $report->user->email, + username_register => $report->user->email, may_show_name => 1, update => 'update from owner', add_alert => undef, @@ -1775,7 +1797,7 @@ for my $test ( submit_update => 1, name => 'Test User', may_show_name => 1, - username => $report->user->email, + username_register => $report->user->email, update => 'update from owner', add_alert => undef, fixed => 1, @@ -1840,7 +1862,7 @@ for my $test ( my $update = $report->comments->first; ok $update, 'found update'; is $update->text, $results->{update}, 'update text'; - is $update->user->email, $test->{fields}->{username}, 'update user'; + is $update->user->email, $test->{fields}->{username_register}, 'update user'; is $update->state, 'unconfirmed', 'update confirmed'; is $update->anonymous, $test->{anonymous}, 'user anonymous'; @@ -1893,6 +1915,18 @@ for my $test ( }; } +$mech->log_in_ok( $report->user->email ); + +my %standard_fields = ( + name => $report->user->name, + update => 'update text', + photo1 => '', + photo2 => '', + photo3 => '', + may_show_name => 1, + add_alert => 1, +); + for my $test ( { desc => 'update confirmed without marking as fixed leaves state unchanged', @@ -2094,18 +2128,6 @@ for my $test ( }, ) { subtest $test->{desc} => sub { - $mech->log_in_ok( $report->user->email ); - - my %standard_fields = ( - name => $report->user->name, - update => 'update text', - photo1 => '', - photo2 => '', - photo3 => '', - may_show_name => 1, - add_alert => 1, - ); - my %expected_fields = ( %standard_fields, %{ $test->{expected_form_fields} }, @@ -2143,6 +2165,17 @@ for my $test ( }; } +subtest 'check disabling of reopening' => sub { + $report->state('fixed - council'); + $report->update; + $mech->get_ok("/report/$report_id"); + $mech->content_contains('This problem has not been fixed'); + $contact->set_extra_metadata( reopening_disallowed => 1 ); + $contact->update; + $mech->get_ok("/report/$report_id"); + $mech->content_lacks('This problem has not been fixed'); +}; + subtest 'check have to be logged in for creator fixed questionnaire' => sub { $mech->log_out_ok(); @@ -2178,4 +2211,98 @@ FixMyStreet::override_config { }; }; +subtest 'check disabling of updates per category' => sub { + $contact->set_extra_metadata( updates_disallowed => 1 ); + $contact->update; + $mech->get_ok("/report/$report_id"); + $mech->content_lacks('Provide an update'); +}; + +subtest 'check that only staff can display HTML in updates' => sub { + $report->comments->delete; + $user->update({ from_body => undef, is_superuser => 0 }); + + my @lines = ( + "This update contains:", + "1. <strong>some staff-allowed HTML</strong>", + "2. *some Markdown-style italics*", + "3. <script>some disallowed HTML</script>", + "4. An automatic link: https://myfancylink.fixmystreet.com/", + "5. A block-level element: <p>This is its own para</p>", + "" + ); + my $comment = FixMyStreet::DB->resultset('Comment')->create( + { + user => $user, + problem_id => $report->id, + text => join("\n\n", @lines), + confirmed => DateTime->now( time_zone => 'local'), + problem_state => 'confirmed', + anonymous => 0, + mark_open => 0, + mark_fixed => 0, + state => 'confirmed', + } + ); + + # First check that comments from a public user don't receive special treatment + $mech->get_ok( "/report/" . $report->id ); + + $mech->content_contains("1. <strong>some staff-allowed HTML</strong>"); + $mech->content_lacks("<strong>some staff-allowed HTML</strong>"); + + $mech->content_contains("2. *some Markdown-style italics*"); + $mech->content_lacks("<i>some Markdown-style italics</i>"); + $mech->content_lacks("<i>some Markdown-style italics</i>"); + + $mech->content_contains("3. <script>some disallowed HTML</script>"); + $mech->content_lacks("<script>some disallowed HTML</script>"); + + $mech->content_contains('4. An automatic link: <a href="https://myfancylink.fixmystreet.com/">https://myfancylink.fixmystreet.com/</a>') or diag $mech->content; + + $mech->content_contains("5. A block-level element: <p>This is its own para</p>"); + $mech->content_lacks("5. A block-level element: <p>This is its own para</p>"); + + # Now check that comments from a member of staff user do allow HTML/italic markup + $comment->set_extra_metadata(is_body_user => $body->id); + $comment->update; + $mech->get_ok( "/report/" . $report->id ); + + $mech->content_contains("1. <strong>some staff-allowed HTML</strong>"); + $mech->content_lacks("<strong>some staff-allowed HTML</strong>"); + + $mech->content_contains("2. <i>some Markdown-style italics</i>"); + $mech->content_lacks("*some Markdown-style italics*"); + $mech->content_lacks("<i>some Markdown-style italics</i>"); + + $mech->content_lacks("some disallowed HTML"); + + $mech->content_contains('4. An automatic link: <a href="https://myfancylink.fixmystreet.com/">https://myfancylink.fixmystreet.com/</a>'); + + $mech->content_contains("5. A block-level element: <p>This is its own para</p>"); + $mech->content_lacks("<p>\n5. A block-level element: <p>This is its own para</p></p>"); + + # and the same for superusers + $comment->unset_extra_metadata('is_body_user'); + $comment->set_extra_metadata(is_superuser => 1); + $comment->update; + $mech->get_ok( "/report/" . $report->id ); + + $mech->content_contains("1. <strong>some staff-allowed HTML</strong>"); + $mech->content_lacks("<strong>some staff-allowed HTML</strong>"); + + $mech->content_contains("2. <i>some Markdown-style italics</i>"); + $mech->content_lacks("*some Markdown-style italics*"); + $mech->content_lacks("<i>some Markdown-style italics</i>"); + + $mech->content_lacks("some disallowed HTML"); + + $mech->content_contains('4. An automatic link: <a href="https://myfancylink.fixmystreet.com/">https://myfancylink.fixmystreet.com/</a>'); + + $mech->content_contains("5. A block-level element: <p>This is its own para</p>"); + $mech->content_lacks("<p>\n5. A block-level element: <p>This is its own para</p></p>"); + +}; + + done_testing(); |