aboutsummaryrefslogtreecommitdiffstats
path: root/spec/integration
Commit message (Collapse)AuthorAgeLines
* Merge branch 'issues/1343-ip-spoofing-error' into rails-3-developGareth Rees2014-04-14-0/+11
|\
| * Rescue from IpSpoofAttackError when using remote IPGareth Rees2014-04-14-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some proxies seem to be setting the Client-IP HTTP header to 127.0.0.1. Rails checks that Client-IP is contained in X-Forwarded-For and raises the error. We decided to rescue in this individual case rather than adding a middleware to strip Client-IP (http://writeheavy.com/2011/07/31/when-its-ok-to-turn-of-rails-ip-spoof-checking.html#well_thats_stupid_can_we_turn_it_off) so that we don't introduce unexpected behaviour. If we start to do anything more with request.remote_ip, then we should look at doing so. See http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection for an in-depth look at this issue.
* | Rescue from non-numeric page parameter exceptionsGareth Rees2014-04-10-0/+8
|/ | | | | | will_paginate intentionally throws an ArgumentError when a non-numeric page parameter is used. Conveniently, they tag it with WillPaginate::InvalidPage, so here we rescue with a 404.
* URL Encode the path parameter for render_exceptionGareth Rees2014-03-31-0/+7
| | | | | | | | | | | | | | | | | | | | | | If a request is made and path is something like /%d3 we rescue this with a custom 404 template. This gets unescaped as {"path"=>"\323"}. In the case of a RouteNotFound, ApplicationController#render_exception renders the general/exception_caught template in to the default layout, which renders the general/_locale_switcher partial. This partial calls url_for – sending the full params hash as the argument – so that a user may return to the existing page in their chosen locale. The problem is that url_for tries to construct the url with the hash {:action=>"not_found", :controller=>"general", :path=>"\323"}. ApplicationController#sanitize_params re-encodes the path parameter so that it can be passed through to url_for without trouble.
* Insert cookie stripping at correct point in middleware stack.Louise Crow2013-11-18-0/+12
|
* Use 403, not 410, for hidden items.Louise Crow2013-09-16-3/+3
| | | | | As @mhl points out, this more clearly indicates that they may come back at some point.
* Add message index to attachment filesLouise Crow2013-09-16-3/+3
| | | | | So that files attached to different messages with the same name and url_part don't get overwritten.
* Make test ruby 1.8.7 compatible.Louise Crow2013-09-16-1/+1
|
* Hide hidden outgoing messages in download.Louise Crow2013-09-16-1/+97
|
* Add hidden messages for outgoing message.Louise Crow2013-09-16-0/+38
| | | | | | Conflicts: app/views/request/_incoming_correspondence.html.erb
* Convert specs to factories from fixtures.Louise Crow2013-09-16-52/+48
| | | | | | Conflicts: spec/integration/view_request_spec.rb
* Add a test of incoming message hiding with PDF conversionLouise Crow2013-09-16-0/+59
|
* Clean up the test download dir after use.Louise Crow2013-09-16-0/+4
|
* Add expectations for admin and requester.Louise Crow2013-09-16-5/+17
|
* Restore the download for hidden requestsLouise Crow2013-09-16-1/+54
| | | | | | This was disabled for hidden requests as the download was by redirect, allowing people who have not been authenticated to conceivably access the download. We'll be moving to send_file instead, so can restore it.
* Fix problem with integration session reuse.Louise Crow2013-09-16-0/+7
| | | | | The third (and any subsequent) session created shares a session id with the second without this explicit reset.
* Make absence of htmltopdf converter more explicit.Louise Crow2013-09-16-47/+52
| | | | We're testing the code path where there is no converter here.
* Make external request download spec more specific.Louise Crow2013-09-16-4/+5
|
* Remove hidden incoming messages from correspondence.txtLouise Crow2013-09-16-0/+34
| | | | | | | Adds a spec for what we want to see - no message text in correspondence.txt, and no attachments. Refactors the simple_correspondence templates to make it clearer that these are doing the same job as the html.erb ones, for text.
* Split up translated messages.Louise Crow2013-09-16-5/+11
| | | | | | | | | Each part is a separate sentence, and we're going to reuse some of them in the text view. Conflicts: spec/integration/view_request_spec.rb
* Rewrite download specLouise Crow2013-09-16-0/+60
| | | | | Make it an integration spec so we don't need to touch the internals so much.
* Allow an actual user to be passed to the login method.Louise Crow2013-09-16-1/+5
|
* Shorter route names and pathsLouise Crow2013-09-16-2/+2
|
* Move incoming message admin to its own controller.Louise Crow2013-09-16-2/+55
| | | | | Make specs that depend on multiple controllers and models interacting integration specs.
* Add prominence reason.Louise Crow2013-09-16-5/+7
| | | | | | | | | | Conflicts: app/views/request/_incoming_correspondence.html.erb Conflicts: spec/integration/view_request_spec.rb
* Add messages for hidden and requester_only states.Louise Crow2013-09-16-4/+93
| | | | Different messages for normal user, requester and admin user.
* Refactor some common setup steps in integration tests into a DSL.Louise Crow2013-09-16-60/+114
| | | | Add a failing test for what should happen on request hiding.
* Move some more config into AlaveteliLocalization so that it can be called ↵Louise Crow2013-07-24-8/+3
| | | | outside initialization e.g. in tests.
* Extract code for setting locales in FastGettext and I18nLouise Crow2013-07-18-6/+3
|
* Switch routing-filter (which takes locale out of the params and puts it in ↵Louise Crow2013-07-18-0/+96
| | | | the URL) off by default in model, controller, and helper tests. This means we can supply the locale as a param. Turn it on specifically for a couple of controller tests that test routing, and change other url localization tests into integration tests.
* Use request.params to generate a json format url when @has_json is true, not ↵Louise Crow2013-06-20-0/+7
| | | | request.query_parameters. The latter has unexpected results when a querystring parameter of 'action' or 'controller' is supplied. Fixes #981.
* For non-HTML requests, just return the response code for now.Louise Crow2013-06-03-0/+17
|
* Add encoding line as we use utf-8 in the tests.Louise Crow2013-05-02-0/+1
|
* Add logging of any errors.Louise Crow2013-05-02-1/+6
|
* Clearer setting of status code, addition of notification.Louise Crow2013-05-02-3/+5
|
* Rewrite specs to more clearly represent expected behaviour - exceptions and ↵Louise Crow2013-05-02-29/+94
| | | | 404s on non-local requests are to be rendered with our custom template (such that this template can be overriden by themes in the usual way). Note that requests to the admin interface are considered local.
* Merge branch 'release/0.9' into rails-3-developLouise Crow2013-04-24-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Gemfile.lock app/controllers/public_body_controller.rb app/mailers/track_mailer.rb app/views/request/_hidden_correspondence.html.erb app/views/request/_sidebar.html.erb app/views/request/hidden.html.erb app/views/request/new_please_describe.html.erb app/views/request/preview.html.erb app/views/user/show.html.erb config/environment.rb config/routes.rb spec/controllers/public_body_controller_spec.rb
| * Make sure raw emails are loaded before running integration specLouise Crow2013-04-23-0/+1
| |
* | Remove test of rails internals that is somehow interfering with other testsMatthew Landauer2013-03-19-4/+0
| |
* | Merge remote-tracking branch 'mysociety/develop' into rails-3-developHenare Degan2013-03-14-0/+41
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Gemfile Gemfile.lock app/controllers/admin_request_controller.rb app/controllers/admin_track_controller.rb app/controllers/request_controller.rb app/controllers/services_controller.rb app/helpers/link_to_helper.rb app/mailers/request_mailer.rb app/models/application_mailer.rb app/models/info_request.rb app/views/admin_censor_rule/edit.html.erb app/views/admin_censor_rule/new.html.erb app/views/admin_public_body/_form.html.erb app/views/admin_public_body/_locale_selector.html.erb app/views/admin_public_body/_one_list.html.erb app/views/admin_public_body/edit.html.erb app/views/admin_public_body/list.html.erb app/views/admin_public_body/new.html.erb app/views/admin_request/_incoming_message_actions.html.erb app/views/admin_request/edit.html.erb app/views/admin_request/edit_comment.html.erb app/views/admin_request/edit_outgoing.html.erb app/views/admin_request/list.html.erb app/views/admin_request/list_old_unclassified.html.erb app/views/admin_request/show.html.erb app/views/admin_track/_some_tracks.html.erb app/views/admin_track/list.html.erb app/views/admin_user/edit.html.erb app/views/admin_user/list.html.erb app/views/admin_user/show.html.erb app/views/general/_footer.html.erb app/views/general/exception_caught.html.erb app/views/help/contact.html.erb app/views/layouts/default.html.erb app/views/public_body/_alphabet.html.erb app/views/request/_request_listing_single.html.erb app/views/request/_sidebar.html.erb app/views/request/new.html.erb app/views/request/show.html.erb app/views/request_mailer/external_response.rhtml app/views/request_mailer/fake_response.rhtml config/environment.rb config/environments/production.rb config/routes.rb spec/controllers/admin_censor_rule_controller_spec.rb spec/controllers/request_controller_spec.rb spec/controllers/track_controller_spec.rb spec/helpers/link_to_helper_spec.rb spec/mailers/request_mailer_spec.rb spec/models/info_request_spec.rb spec/spec_helper.rb spec/views/public_body/show.html.erb_spec.rb spec/views/request/show.html.erb_spec.rb vendor/plugins/rails_xss/lib/rails_xss/erubis.rb
| * Now direct changes of state to error_message and requires_admin to a new ↵Matthew Landauer2013-03-06-0/+41
| | | | | | | | page asking for more info
* | Rename Configuration class to avoid conflict with ActiveSupport::ConfigurableHenare Degan2013-03-03-1/+1
| |
* | Simplify redirection testMatthew Landauer2013-01-31-4/+2
| |
* | There's really no need to test the internals of RailsMatthew Landauer2013-01-31-9/+0
|/
* Use new function that copies existing xapian index in spec setup where a ↵Louise Crow2012-11-21-1/+1
| | | | clean copy of the xapian index with fixtures loaded is required.
* Restore explanatory messages when asked to sign in for actions that don't ↵Louise Crow2012-11-20-14/+21
| | | | require an existing user. Fixes #719.
* if the response code doesn't match, the failure message is unhelpfulJames McKinney2012-11-01-2/+7
|
* Extract configuration with defaults into one moduleMatthew Landauer2012-09-25-3/+1
|
* Update references to point to the mySociety repo.Louise Crow2012-08-29-6/+6
|
* File.dirname(__FILE__) is not necessarily absoluteRobin Houston2012-06-03-1/+1
| | | | | | | It’s weird that there’s so much code here that implicitly assumes File.dirname(__FILE__) is an absolute path, because really in general it very much is not! This assumption was invalidated by the recent bundler-awareness changes.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-25 14:02:34 +0000