aboutsummaryrefslogtreecommitdiffstats
path: root/spec/integration
Commit message (Collapse)AuthorAgeLines
* Make logging in as a user a POST-constrained action.Louise Crow2014-12-18-1/+1
|
* Move outgoing message admin actions to RESTful model.Louise Crow2014-12-18-2/+2
|
* Move admin incoming message actions to use RESTful routes.Louise Crow2014-12-18-4/+4
| | | | | So data changing actions require a POST and can be protected against CSRF.
* Make show_raw_email a RESTful action via GETLouise Crow2014-12-12-20/+39
| | | | | Move specs that involve receiving email and then viewing the interface to be integration specs, which is what they really are.
* Use RESTful routing for index and show actionsLouise Crow2014-12-12-3/+3
|
* Merge branch 'sanitize-non-utf8-request-uri' into rails-3-developLouise Crow2014-12-09-8/+6
|\
| * Use rack-utf8_sanitizer gemLouise Crow2014-11-18-8/+6
| | | | | | | | This sanitises non utf-8 params before they're processed by Rails.
* | Don't display specific error messages in production.Louise Crow2014-12-05-3/+0
|/
* Merge branch 'hotfix/0.19.0.9' into rails-3-developLouise Crow2014-10-31-6/+9
|\
| * Comment out spec which sends an invalid utf-8 param.0.19.0.9hotfix/0.19.0.9Louise Crow2014-10-31-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original error `ActionView::Template::Error` that this spec was written to represent (#1406) occurred under ruby 1.8 when the decoded non-utf-8 string was used in the locale switcher on the 'not found' error page to generate a url for the alternative locales. Under Ruby >= 1.9, the error thrown in that situation is an `invalid byte sequence in UTF-8` error, thrown in the same place - the locale switcher. However, no error seems to be thrown when the same param is used in a request in production. The upgrade to Rails 3.2.20 causes `String.split` to be called on the request path in `actionpack/lib/action_dispatch/middleware/static.rb` in order to check for attempts to access files outside the `public` directory. This means that under Ruby >= 1.9, an `invalid byte sequence in UTF-8` error will be thrown there in running this spec. I think a possible solution is to use the `rack-utf8_sanitizer` gem to provide middleware to strip invalid utf-8 from request URIs and headers before they're processed by Rails, but it's currently unclear whether that would have any undesirable side-effects.
* | Use factories, not fixtures, in integration spec.Louise Crow2014-10-28-7/+22
|/ | | | Removes the dependency on fixtures having been loaded.
* Add integration spec.0.19.0.1hotfix/0.19.0.1Louise Crow2014-09-01-0/+31
|
* Handle unhelpful stemmingGareth Rees2014-06-25-0/+10
| | | | | | | Stemming returns 'bore' as the word to highlight which can't be matched in the original phrase. Also removes duplicates from the results
* Add helper to highlight and excerpt by regexGareth Rees2014-06-25-0/+29
| | | | | | | Backport of https://github.com/rails/rails/pull/11793/ Contains integration tests to check that it works as expected with ActsAsXapian.
* Merge branch 'issues/1343-ip-spoofing-error' into rails-3-developGareth Rees2014-04-14-0/+11
|\
| * Rescue from IpSpoofAttackError when using remote IPGareth Rees2014-04-14-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some proxies seem to be setting the Client-IP HTTP header to 127.0.0.1. Rails checks that Client-IP is contained in X-Forwarded-For and raises the error. We decided to rescue in this individual case rather than adding a middleware to strip Client-IP (http://writeheavy.com/2011/07/31/when-its-ok-to-turn-of-rails-ip-spoof-checking.html#well_thats_stupid_can_we_turn_it_off) so that we don't introduce unexpected behaviour. If we start to do anything more with request.remote_ip, then we should look at doing so. See http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection for an in-depth look at this issue.
* | Rescue from non-numeric page parameter exceptionsGareth Rees2014-04-10-0/+8
|/ | | | | | will_paginate intentionally throws an ArgumentError when a non-numeric page parameter is used. Conveniently, they tag it with WillPaginate::InvalidPage, so here we rescue with a 404.
* URL Encode the path parameter for render_exceptionGareth Rees2014-03-31-0/+7
| | | | | | | | | | | | | | | | | | | | | | If a request is made and path is something like /%d3 we rescue this with a custom 404 template. This gets unescaped as {"path"=>"\323"}. In the case of a RouteNotFound, ApplicationController#render_exception renders the general/exception_caught template in to the default layout, which renders the general/_locale_switcher partial. This partial calls url_for – sending the full params hash as the argument – so that a user may return to the existing page in their chosen locale. The problem is that url_for tries to construct the url with the hash {:action=>"not_found", :controller=>"general", :path=>"\323"}. ApplicationController#sanitize_params re-encodes the path parameter so that it can be passed through to url_for without trouble.
* Insert cookie stripping at correct point in middleware stack.Louise Crow2013-11-18-0/+12
|
* Use 403, not 410, for hidden items.Louise Crow2013-09-16-3/+3
| | | | | As @mhl points out, this more clearly indicates that they may come back at some point.
* Add message index to attachment filesLouise Crow2013-09-16-3/+3
| | | | | So that files attached to different messages with the same name and url_part don't get overwritten.
* Make test ruby 1.8.7 compatible.Louise Crow2013-09-16-1/+1
|
* Hide hidden outgoing messages in download.Louise Crow2013-09-16-1/+97
|
* Add hidden messages for outgoing message.Louise Crow2013-09-16-0/+38
| | | | | | Conflicts: app/views/request/_incoming_correspondence.html.erb
* Convert specs to factories from fixtures.Louise Crow2013-09-16-52/+48
| | | | | | Conflicts: spec/integration/view_request_spec.rb
* Add a test of incoming message hiding with PDF conversionLouise Crow2013-09-16-0/+59
|
* Clean up the test download dir after use.Louise Crow2013-09-16-0/+4
|
* Add expectations for admin and requester.Louise Crow2013-09-16-5/+17
|
* Restore the download for hidden requestsLouise Crow2013-09-16-1/+54
| | | | | | This was disabled for hidden requests as the download was by redirect, allowing people who have not been authenticated to conceivably access the download. We'll be moving to send_file instead, so can restore it.
* Fix problem with integration session reuse.Louise Crow2013-09-16-0/+7
| | | | | The third (and any subsequent) session created shares a session id with the second without this explicit reset.
* Make absence of htmltopdf converter more explicit.Louise Crow2013-09-16-47/+52
| | | | We're testing the code path where there is no converter here.
* Make external request download spec more specific.Louise Crow2013-09-16-4/+5
|
* Remove hidden incoming messages from correspondence.txtLouise Crow2013-09-16-0/+34
| | | | | | | Adds a spec for what we want to see - no message text in correspondence.txt, and no attachments. Refactors the simple_correspondence templates to make it clearer that these are doing the same job as the html.erb ones, for text.
* Split up translated messages.Louise Crow2013-09-16-5/+11
| | | | | | | | | Each part is a separate sentence, and we're going to reuse some of them in the text view. Conflicts: spec/integration/view_request_spec.rb
* Rewrite download specLouise Crow2013-09-16-0/+60
| | | | | Make it an integration spec so we don't need to touch the internals so much.
* Allow an actual user to be passed to the login method.Louise Crow2013-09-16-1/+5
|
* Shorter route names and pathsLouise Crow2013-09-16-2/+2
|
* Move incoming message admin to its own controller.Louise Crow2013-09-16-2/+55
| | | | | Make specs that depend on multiple controllers and models interacting integration specs.
* Add prominence reason.Louise Crow2013-09-16-5/+7
| | | | | | | | | | Conflicts: app/views/request/_incoming_correspondence.html.erb Conflicts: spec/integration/view_request_spec.rb
* Add messages for hidden and requester_only states.Louise Crow2013-09-16-4/+93
| | | | Different messages for normal user, requester and admin user.
* Refactor some common setup steps in integration tests into a DSL.Louise Crow2013-09-16-60/+114
| | | | Add a failing test for what should happen on request hiding.
* Move some more config into AlaveteliLocalization so that it can be called ↵Louise Crow2013-07-24-8/+3
| | | | outside initialization e.g. in tests.
* Extract code for setting locales in FastGettext and I18nLouise Crow2013-07-18-6/+3
|
* Switch routing-filter (which takes locale out of the params and puts it in ↵Louise Crow2013-07-18-0/+96
| | | | the URL) off by default in model, controller, and helper tests. This means we can supply the locale as a param. Turn it on specifically for a couple of controller tests that test routing, and change other url localization tests into integration tests.
* Use request.params to generate a json format url when @has_json is true, not ↵Louise Crow2013-06-20-0/+7
| | | | request.query_parameters. The latter has unexpected results when a querystring parameter of 'action' or 'controller' is supplied. Fixes #981.
* For non-HTML requests, just return the response code for now.Louise Crow2013-06-03-0/+17
|
* Add encoding line as we use utf-8 in the tests.Louise Crow2013-05-02-0/+1
|
* Add logging of any errors.Louise Crow2013-05-02-1/+6
|
* Clearer setting of status code, addition of notification.Louise Crow2013-05-02-3/+5
|
* Rewrite specs to more clearly represent expected behaviour - exceptions and ↵Louise Crow2013-05-02-29/+94
| | | | 404s on non-local requests are to be rendered with our custom template (such that this template can be overriden by themes in the usual way). Note that requests to the admin interface are considered local.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-23 22:23:16 +0000