aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/admin_controller.rb5
-rw-r--r--app/controllers/request_controller.rb2
-rwxr-xr-xapp/helpers/link_to_helper.rb3
-rw-r--r--app/views/request/_followup.rhtml4
-rw-r--r--config/general.yml-example4
-rw-r--r--config/httpd.conf4
-rw-r--r--config/routes.rb1
-rw-r--r--lib/whatdotheyknow/strip_empty_sessions.rb2
-rw-r--r--public/robots.txt2
-rw-r--r--spec/controllers/admin_public_body_controller_spec.rb23
-rw-r--r--spec/controllers/request_controller_spec.rb3
-rw-r--r--spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb16
12 files changed, 57 insertions, 12 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 8598091d9..655670b5a 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -48,10 +48,13 @@ class AdminController < ApplicationController
def authenticate
username = MySociety::Config.get('ADMIN_USERNAME', '')
password = MySociety::Config.get('ADMIN_PASSWORD', '')
- if !(username && password).empty?
+ if !username.empty? && !password.empty?
authenticate_or_request_with_http_basic do |user_name, password|
user_name == username && password == password
+ session[:using_admin] = 1
end
+ else
+ session[:using_admin] = 1
end
end
end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index b6111b087..c8c7bd34b 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -313,7 +313,7 @@ class RequestController < ApplicationController
replied by then.</p>
<p>If you write about this request (for example in a forum or a blog) please link to this page, and add an
annotation below telling people about your writing.</p>",:law_used_full=>@info_request.law_used_full)
- redirect_to request_url(@info_request)
+ redirect_to show_new_request_path(:url_title => @info_request.url_title)
end
# Submitted to the describing state of messages form
diff --git a/app/helpers/link_to_helper.rb b/app/helpers/link_to_helper.rb
index 6d8ae345e..444129052 100755
--- a/app/helpers/link_to_helper.rb
+++ b/app/helpers/link_to_helper.rb
@@ -162,7 +162,8 @@ module LinkToHelper
# Admin pages
def admin_url(relative_path)
- admin_url_prefix = MySociety::Config.get("ADMIN_BASE_URL", admin_general_index_path+"/")
+ admin_url_prefix = MySociety::Config.get("ADMIN_BASE_URL", "")
+ admin_url_prefix = admin_general_index_path+"/" if admin_url_prefix.empty?
return admin_url_prefix + relative_path
end
diff --git a/app/views/request/_followup.rhtml b/app/views/request/_followup.rhtml
index 8c279d234..78de7decd 100644
--- a/app/views/request/_followup.rhtml
+++ b/app/views/request/_followup.rhtml
@@ -25,9 +25,7 @@
<% end %>
<p>
- <%= _('Please <strong>only</strong> write messages directly relating to your
- request {{request_link}}. If you would like to ask for information
- that was not in your original request, then <a href="%s">file a new request</a>.',:request_link=>request_link(@info_request)) % [new_request_to_body_url(:url_name => @info_request.public_body.url_name)] %>
+ <%= _('Please <strong>only</strong> write messages directly relating to your request {{request_link}}. If you would like to ask for information that was not in your original request, then <a href="{{new_request_link}}">file a new request</a>.', :request_link=>request_link(@info_request), :new_request_link => new_request_to_body_url(:url_name => @info_request.public_body.url_name)) %>
</p>
<% status = @info_request.calculate_status %>
diff --git a/config/general.yml-example b/config/general.yml-example
index fb2afd336..9db95c4d0 100644
--- a/config/general.yml-example
+++ b/config/general.yml-example
@@ -64,7 +64,7 @@ RAW_EMAILS_LOCATION: 'files/raw_emails'
# If not specified, it will default to the path to the admin controller,
# which is usually what you want. It is useful in situations where admin
# requests are proxied via a secure server, for example.
-# ADMIN_BASE_URL: '/admin/'
+ADMIN_BASE_URL: ''
# Where /stylesheets sits under for admin pages. See asset_host in
# config/environment.rb. Can be full domain or relative path (not an
@@ -92,4 +92,4 @@ RECAPTCHA_PRIVATE_KEY: 'x'
# request (Linux only). Since Ruby never returns memory to the OS, if the
# existing process previously served a larger request, this won't
# show any consumption for the later request.
-DEBUG_RECORD_MEMORY: false \ No newline at end of file
+DEBUG_RECORD_MEMORY: false
diff --git a/config/httpd.conf b/config/httpd.conf
index bf8c3bd33..d5e86478a 100644
--- a/config/httpd.conf
+++ b/config/httpd.conf
@@ -32,3 +32,7 @@ RequestHeader add X-Forwarded-User %{RU}e
# files for archiving.
RewriteRule /files/(.+) http://files.whatdotheyknow.com/$1
+<IfModule mod_passenger.c>
+ # Set this to something like 100 if you have memory leak issues
+ PassengerMaxRequests 0
+</IfModule> \ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 0747797d7..7da279002 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -39,6 +39,7 @@ ActionController::Routing::Routes.draw do |map|
request.new_request_to_body '/new/:url_name', :action => 'new'
request.show_request '/request/:url_title.:format', :action => 'show'
+ request.show_new_request '/request/:url_title/new', :action => 'show'
request.details_request '/details/request/:url_title', :action => 'details'
request.similar_request '/similar/request/:url_title', :action => 'similar'
diff --git a/lib/whatdotheyknow/strip_empty_sessions.rb b/lib/whatdotheyknow/strip_empty_sessions.rb
index 9c87a4bbc..e162acf67 100644
--- a/lib/whatdotheyknow/strip_empty_sessions.rb
+++ b/lib/whatdotheyknow/strip_empty_sessions.rb
@@ -3,7 +3,7 @@ module WhatDoTheyKnow
class StripEmptySessions
ENV_SESSION_KEY = "rack.session".freeze
HTTP_SET_COOKIE = "Set-Cookie".freeze
- STRIPPABLE_KEYS = [:session_id, :_csrf_token]
+ STRIPPABLE_KEYS = [:session_id, :_csrf_token, :locale]
def initialize(app, options = {})
@app = app
diff --git a/public/robots.txt b/public/robots.txt
index f1cf80d7c..80dfd8ef7 100644
--- a/public/robots.txt
+++ b/public/robots.txt
@@ -18,3 +18,5 @@ Disallow: /upload/
Disallow: /user/contact/
Disallow: /feed/
Disallow: /profile/
+Disallow: /signin
+
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index cb622dabd..6b88fe39d 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -42,21 +42,27 @@ describe AdminPublicBodyController, "when administering public bodies" do
pb.name.should == "Renamed"
end
- it "destroy a public body" do
+ it "destroys a public body" do
PublicBody.count.should == 2
post :destroy, { :id => 3 }
PublicBody.count.should == 1
end
- it "don't allow non-authenticated users to do anything" do
+ it "sets a using_admin flag" do
+ get :show, :id => 2
+ session[:using_admin].should == 1
+ end
+
+ it "disallows non-authenticated users to do anything" do
@request.env["HTTP_AUTHORIZATION"] = ""
PublicBody.count.should == 2
post :destroy, { :id => 3 }
response.code.should == "401"
PublicBody.count.should == 2
+ session[:using_admin].should == nil
end
- it "when no username/password set, skip admin authorisation" do
+ it "skips admin authorisation when no username/password set" do
config = MySociety::Config.load_default()
config['ADMIN_USERNAME'] = ''
config['ADMIN_PASSWORD'] = ''
@@ -64,6 +70,17 @@ describe AdminPublicBodyController, "when administering public bodies" do
PublicBody.count.should == 2
post :destroy, { :id => 3 }
PublicBody.count.should == 1
+ session[:using_admin].should == 1
+ end
+ it "skips admin authorisation when no username set" do
+ config = MySociety::Config.load_default()
+ config['ADMIN_USERNAME'] = ''
+ config['ADMIN_PASSWORD'] = 'fuz'
+ @request.env["HTTP_AUTHORIZATION"] = ""
+ PublicBody.count.should == 2
+ post :destroy, { :id => 3 }
+ PublicBody.count.should == 1
+ session[:using_admin].should == 1
end
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index e2febacd7..33a6d0486 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -363,6 +363,9 @@ describe RequestController, "when creating a new request" do
mail.body.should =~ /This is a silly letter. It is too short to be interesting./
response.should redirect_to(:action => 'show', :url_title => ir.url_title)
+ # This test uses an explicit path because it's relied in
+ # Google Analytics goals:
+ response.redirected_to.should == "/en/request/why_is_your_quango_called_gerald/new"
end
it "should give an error if the same request is submitted twice" do
diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
index cbe1feea6..1cf5e3d25 100644
--- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
+++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
@@ -43,6 +43,22 @@ describe WhatDoTheyKnow::StripEmptySessions do
response.headers['Set-Cookie'].should == ""
end
+ it 'should strip the session cookie setting header even with a locale' do
+ @session_data[:locale] = 'en'
+ application_response_headers = { 'Content-Type' => 'text/html',
+ 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+ response = make_response(@session_data, application_response_headers)
+ response.headers['Set-Cookie'].should == ""
+ end
+
+ it 'should not strip the session cookie setting for admins' do
+ @session_data[:using_admin] = 1
+ application_response_headers = { 'Content-Type' => 'text/html',
+ 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+ response = make_response(@session_data, application_response_headers)
+ response.headers['Set-Cookie'].should == "mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly"
+ end
+
it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do
application_response_headers = { 'Content-Type' => 'text/html',
'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly',
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 22:05:15 +0000