From 550ed0aa483d0b31a6f844a728340e5a81a753ed Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Tue, 11 Mar 2014 12:53:49 +0000 Subject: Graceful failure of new_comment route Fixes https://github.com/mysociety/alaveteli/issues/662 If /annotate/request/:url_title is accessed when comments are disabled an exception is incorrectly thrown. Conditionals should be used for control flow, so now the action redirects to the info_request path and displays a notice. --- spec/controllers/comment_controller_spec.rb | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/comment_controller_spec.rb b/spec/controllers/comment_controller_spec.rb index c03615ce2..3ad334ab1 100644 --- a/spec/controllers/comment_controller_spec.rb +++ b/spec/controllers/comment_controller_spec.rb @@ -53,16 +53,17 @@ describe CommentController, "when commenting on a request" do response.should render_template('new') end - + it "should not allow comments if comments are not allowed" do - session[:user_id] = users(:silly_name_user).id - - expect { - post :new, :url_title => info_requests(:spam_1_request).url_title, - :comment => { :body => "I demand to be heard!" }, - :type => 'request', :submitted_comment => 1, :preview => 0 - }.to raise_error("Comments are not allowed on this request") - + session[:user_id] = users(:silly_name_user).id + info_request = info_requests(:spam_1_request) + + post :new, :url_title => info_request.url_title, + :comment => { :body => "I demand to be heard!" }, + :type => 'request', :submitted_comment => 1, :preview => 0 + + response.should redirect_to(show_request_path(info_request.url_title)) + flash[:notice].should == 'Comments are not allowed on this request' end describe 'when commenting on an external request' do -- cgit v1.2.3 From 73d0f361fd4e49f11b3b99db7b3dc2b06dc9e9d7 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Tue, 11 Mar 2014 14:37:48 +0000 Subject: Use filter to reject if user is banned Extract checking whether a user is banned from making Comments on an InfoRequest to a filter in CommentController. Removes responsibility from the #new method. Adds a missing spec. --- spec/controllers/comment_controller_spec.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'spec/controllers') diff --git a/spec/controllers/comment_controller_spec.rb b/spec/controllers/comment_controller_spec.rb index 3ad334ab1..5e250f689 100644 --- a/spec/controllers/comment_controller_spec.rb +++ b/spec/controllers/comment_controller_spec.rb @@ -66,6 +66,19 @@ describe CommentController, "when commenting on a request" do flash[:notice].should == 'Comments are not allowed on this request' end + it "should not allow comments from banned users" do + User.any_instance.stub(:ban_text).and_return('Banned from commenting') + + user = users(:silly_name_user) + session[:user_id] = user.id + + post :new, :url_title => info_requests(:fancy_dog_request).url_title, + :comment => { :body => comments(:silly_comment).body }, + :type => 'request', :submitted_comment => 1, :preview => 0 + + response.should render_template('user/banned') + end + describe 'when commenting on an external request' do describe 'when responding to a GET request on a successful request' do -- cgit v1.2.3 From 4bde7f5d1dce36ffeb47826b146b5d53a155d123 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 18 Mar 2014 10:15:49 +0000 Subject: Make track factory name a bit more specific. --- spec/controllers/track_controller_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/track_controller_spec.rb b/spec/controllers/track_controller_spec.rb index 40865d2b9..7c2e1b369 100644 --- a/spec/controllers/track_controller_spec.rb +++ b/spec/controllers/track_controller_spec.rb @@ -58,7 +58,7 @@ end describe TrackController, "when unsubscribing from a track" do before do - @track_thing = FactoryGirl.create(:track_thing) + @track_thing = FactoryGirl.create(:search_track) end it 'should destroy the track thing' do @@ -78,7 +78,7 @@ describe TrackController, "when unsubscribing from a track" do end it 'should not redirect to a url on another site' do - track_thing = FactoryGirl.create(:track_thing) + track_thing = FactoryGirl.create(:search_track) get :update, {:track_id => @track_thing.id, :track_medium => 'delete', :r => 'http://example.com/'}, -- cgit v1.2.3 From a00067262fd7171a39e74a4ebcd75a5758e12ee6 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 17 Mar 2014 17:30:34 +0000 Subject: Add notices for subscribing to something. These notices are complete sentences, not composed on the fly, so should be easier to translate. --- spec/controllers/track_controller_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/controllers') diff --git a/spec/controllers/track_controller_spec.rb b/spec/controllers/track_controller_spec.rb index 7c2e1b369..d2b45b6bf 100644 --- a/spec/controllers/track_controller_spec.rb +++ b/spec/controllers/track_controller_spec.rb @@ -5,7 +5,7 @@ describe TrackController, "when making a new track on a request" do @ir = mock_model(InfoRequest, :url_title => 'myrequest', :title => 'My request') @track_thing = mock_model(TrackThing, :save! => true, - :params => {:list_description => 'list description'}, + :params => {}, :track_medium= => nil, :tracking_user_id= => nil) TrackThing.stub!(:create_track_for_request).and_return(@track_thing) -- cgit v1.2.3 From 271adedcd705c7e6aa61e9706b5dc2832dea528f Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Fri, 14 Mar 2014 10:42:32 +0000 Subject: Add specs for AdminUserController#modify_comment_visibility --- spec/controllers/admin_user_controller_spec.rb | 69 ++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) (limited to 'spec/controllers') diff --git a/spec/controllers/admin_user_controller_spec.rb b/spec/controllers/admin_user_controller_spec.rb index 99894a414..8b89506f9 100644 --- a/spec/controllers/admin_user_controller_spec.rb +++ b/spec/controllers/admin_user_controller_spec.rb @@ -44,3 +44,72 @@ describe AdminUserController, "when updating a user" do end end + +describe AdminUserController do + + describe :modify_comment_visibility do + + before(:each) do + @user = FactoryGirl.create(:user) + request.env["HTTP_REFERER"] = admin_user_show_path(@user) + end + + it 'redirects to the page the admin was previously on' do + comment = FactoryGirl.create(:visible_comment, :user => @user) + + post :modify_comment_visibility, { :id => @user.id, + :comment_ids => comment.id, + :hide_selected => 'hidden' } + + response.should redirect_to(admin_user_show_path(@user)) + end + + it 'sets the given comments visibility to hidden' do + comments = FactoryGirl.create_list(:visible_comment, 3, :user => @user) + comment_ids = comments.map(&:id) + + post :modify_comment_visibility, { :id => @user.id, + :comment_ids => comment_ids, + :hide_selected => 'hidden' } + + Comment.find(comment_ids).each { |comment| comment.should_not be_visible } + end + + it 'sets the given comments visibility to visible' do + comments = FactoryGirl.create_list(:hidden_comment, 3, :user => @user) + comment_ids = comments.map(&:id) + + post :modify_comment_visibility, { :id => @user.id, + :comment_ids => comment_ids, + :unhide_selected => 'visible' } + + Comment.find(comment_ids).each { |comment| comment.should be_visible } + end + + it 'only modifes the given list of comments' do + unaffected_comment = FactoryGirl.create(:hidden_comment, :user => @user) + affected_comment = FactoryGirl.create(:hidden_comment, :user => @user) + + post :modify_comment_visibility, { :id => @user.id, + :comment_ids => affected_comment.id, + :unhide_selected => 'visible' } + + Comment.find(unaffected_comment).should_not be_visible + Comment.find(affected_comment).should be_visible + end + + it 'preserves the visibility if a comment is already of the requested visibility' do + hidden_comment = FactoryGirl.create(:hidden_comment, :user => @user) + visible_comment = FactoryGirl.create(:visible_comment, :user => @user) + comment_ids = [hidden_comment.id, visible_comment.id] + + post :modify_comment_visibility, { :id => @user.id, + :comment_ids => comment_ids, + :unhide_selected => 'visible' } + + Comment.find(comment_ids).each { |c| c.should be_visible } + end + + end + +end -- cgit v1.2.3 From b6561750b971030767a0e8146be1414471518086 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Wed, 19 Mar 2014 11:40:59 +0000 Subject: Use AttachmentToHTML to generate FoiAttachment#body_as_html --- spec/controllers/request_controller_spec.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 1e7df4536..9353efcb3 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -2407,8 +2407,7 @@ describe RequestController, "when caching fragments" do :html_mask_stuff! => nil, :user_can_view? => true, :all_can_view? => true) - attachment = mock(FoiAttachment, :display_filename => long_name, - :body_as_html => ['some text', 'wrapper']) + attachment = FactoryGirl.build(:body_text, :filename => long_name) IncomingMessage.stub!(:find).with("44").and_return(incoming_message) IncomingMessage.stub!(:get_attachment_by_url_part_number_and_filename).and_return(attachment) InfoRequest.stub!(:find).with("132").and_return(info_request) -- cgit v1.2.3 From aa63d4df0209fb482236e5f6dd5516c0fc6ddf35 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Tue, 25 Mar 2014 17:57:02 +0000 Subject: Add AdminSpamAddressesController and UI --- .../admin_spam_addresses_controller_spec.rb | 91 ++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 spec/controllers/admin_spam_addresses_controller_spec.rb (limited to 'spec/controllers') diff --git a/spec/controllers/admin_spam_addresses_controller_spec.rb b/spec/controllers/admin_spam_addresses_controller_spec.rb new file mode 100644 index 000000000..da1e9bb5a --- /dev/null +++ b/spec/controllers/admin_spam_addresses_controller_spec.rb @@ -0,0 +1,91 @@ +require 'spec_helper' + +describe AdminSpamAddressesController do + render_views + before { basic_auth_login @request } + + describe :index do + + it 'lists the spam addresses' do + 3.times { FactoryGirl.create(:spam_address) } + get :index + assigns(:spam_addresses).should == SpamAddress.all + end + + it 'creates a new spam address for the form' do + get :index + expect(assigns(:spam_address)).to be_a_new(SpamAddress) + end + + it 'renders the index template' do + get :index + expect(response).to render_template('index') + end + + end + + describe :create do + + let(:spam_params) { FactoryGirl.attributes_for(:spam_address) } + + it 'creates a new spam address with the given parameters' do + post :create, :spam_address => spam_params + assigns(:spam_address).email.should == spam_params[:email] + assigns(:spam_address).should be_persisted + end + + it 'redirects to the index action if successful' do + SpamAddress.any_instance.stub(:save).and_return(true) + post :create, :spam_address => spam_params + expect(response).to redirect_to(spam_addresses_path) + end + + it 'notifies the admin the spam address has been created' do + SpamAddress.any_instance.stub(:save).and_return(true) + post :create, :spam_address => spam_params + msg = "#{ spam_params[:email] } has been added to the spam addresses list" + flash[:notice].should == msg + end + + it 'renders the index action if the address could not be saved' do + SpamAddress.any_instance.stub(:save).and_return(false) + post :create, :spam_address => spam_params + expect(response).to render_template('index') + end + + it 'collects the spam addresses if the address could not be saved' do + 3.times { FactoryGirl.create(:spam_address) } + SpamAddress.any_instance.stub(:save).and_return(false) + post :create, :spam_address => spam_params + assigns(:spam_addresses).should == SpamAddress.all + end + + end + + describe :delete do + + before(:each) do + @spam = FactoryGirl.create(:spam_address) + delete :destroy, :id => @spam.id + end + + it 'finds the spam address to delete' do + assigns(:spam_address).should == @spam + end + + it 'destroys the spam address' do + assigns(:spam_address).should be_destroyed + end + + it 'tells the admin the spam address has been deleted' do + msg = "#{ @spam.email } has been removed from the spam addresses list" + flash[:notice].should == msg + end + + it 'redirects to the index action' do + expect(response).to redirect_to(spam_addresses_path) + end + + end + +end -- cgit v1.2.3 From a0169110f90726ef03fdd6fd5e58718eff0b26d1 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Wed, 26 Mar 2014 16:28:59 +0000 Subject: Tidy HelpControllerSpec --- spec/controllers/help_controller_spec.rb | 70 +++++++++++++++++++------------- 1 file changed, 41 insertions(+), 29 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb index cc024f840..d552127ba 100644 --- a/spec/controllers/help_controller_spec.rb +++ b/spec/controllers/help_controller_spec.rb @@ -1,48 +1,60 @@ # -*- coding: utf-8 -*- require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') -describe HelpController, "when using help" do +describe HelpController do render_views - it "shows the about page" do - get :about - end + describe :about do - it "shows contact form" do - get :contact - end + it 'shows the about page' do + get :about + end - it "sends a contact message" do - post :contact, { :contact => { - :name => "Vinny Vanilli", - :email => "vinny@localhost", - :subject => "Why do I have such an ace name?", - :message => "You really should know!!!\n\nVinny", - }, :submitted_contact_form => 1 - } - response.should redirect_to(:controller => 'general', :action => 'frontpage') - - deliveries = ActionMailer::Base.deliveries - deliveries.size.should == 1 - deliveries[0].body.should include("really should know") - deliveries.clear end - describe 'when requesting a page in a supported locale ' do + describe 'GET contact' do - before do - # Prepend our fixture templates - fixture_theme_path = File.join(Rails.root, 'spec', 'fixtures', 'theme_views', 'theme_one') - controller.prepend_view_path fixture_theme_path + it 'shows contact form' do + get :contact end - it 'should render the locale-specific template if available' do - get :contact, {:locale => 'es'} - response.body.should match('contáctenos theme one') + describe 'when requesting a page in a supported locale' do + + before do + # Prepend our fixture templates + fixture_theme_path = File.join(Rails.root, 'spec', 'fixtures', 'theme_views', 'theme_one') + controller.prepend_view_path fixture_theme_path + end + + it 'should render the locale-specific template if available' do + get :contact, {:locale => 'es'} + response.body.should match('contáctenos theme one') + end + end end + describe 'POST contact' do + + it 'sends a contact message' do + post :contact, { :contact => { + :name => 'Vinny Vanilli', + :email => 'vinny@localhost', + :subject => 'Why do I have such an ace name?', + :comment => '', + :message => "You really should know!!!\n\nVinny", + }, :submitted_contact_form => 1 + } + response.should redirect_to(:controller => 'general', :action => 'frontpage') + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + deliveries[0].body.should include('really should know') + deliveries.clear + end + + end end -- cgit v1.2.3 From b2acdc723ab7f56ca71f19ddcb571468dd5159ef Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Wed, 26 Mar 2014 16:54:37 +0000 Subject: Improve HelpControllerSpec - Actually assert something when getting the pages - Use named route --- spec/controllers/help_controller_spec.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'spec/controllers') diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb index d552127ba..8ac10e244 100644 --- a/spec/controllers/help_controller_spec.rb +++ b/spec/controllers/help_controller_spec.rb @@ -8,6 +8,8 @@ describe HelpController do it 'shows the about page' do get :about + response.should be_success + response.should render_template('help/about') end end @@ -16,6 +18,8 @@ describe HelpController do it 'shows contact form' do get :contact + response.should be_success + response.should render_template('help/contact') end describe 'when requesting a page in a supported locale' do @@ -46,7 +50,7 @@ describe HelpController do :message => "You really should know!!!\n\nVinny", }, :submitted_contact_form => 1 } - response.should redirect_to(:controller => 'general', :action => 'frontpage') + response.should redirect_to(frontpage_path) deliveries = ActionMailer::Base.deliveries deliveries.size.should == 1 -- cgit v1.2.3 From 5d6d21f690e283682b9be74a8f00c501b148856f Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Wed, 26 Mar 2014 17:00:20 +0000 Subject: Add honeypot spam protection to contact form Intercepts the request and redirects to the homepage if the comment field is filled in on the contact form. --- spec/controllers/help_controller_spec.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'spec/controllers') diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb index 8ac10e244..f92323f50 100644 --- a/spec/controllers/help_controller_spec.rb +++ b/spec/controllers/help_controller_spec.rb @@ -58,6 +58,23 @@ describe HelpController do deliveries.clear end + it 'has rudimentary spam protection' do + post :contact, { :contact => { + :name => 'Vinny Vanilli', + :email => 'vinny@localhost', + :subject => 'Why do I have such an ace name?', + :comment => 'I AM A SPAMBOT', + :message => "You really should know!!!\n\nVinny", + }, :submitted_contact_form => 1 + } + + response.should redirect_to(frontpage_path) + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 0 + deliveries.clear + end + end end -- cgit v1.2.3