From 43bd77a1ad43d7cb24117bf3973f841221fd2c6e Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Thu, 12 Jan 2012 07:47:16 +0000 Subject: Return 403 when attachment "folders" are spidered. Fixes #340 --- spec/integration/errors_spec.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index bfb7e5fb5..f8f9162c1 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -45,5 +45,9 @@ describe "When rendering errors" do get("/request/#{ir.url_title}") response.code.should == "500" end + it "should render a 403 for attempts at directory listing for attachments" do + get("/request/5/response/4/attach/html/3/" ) + response.code.should == "403" + end end -- cgit v1.2.3 From f158e9c96d2af74c940a8d775799fcb9755d0b12 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Thu, 12 Jan 2012 08:05:57 +0000 Subject: Return 404 for non-existent 'details' pages. Fixes #325 --- spec/integration/errors_spec.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index f8f9162c1..8084bb35a 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -49,5 +49,9 @@ describe "When rendering errors" do get("/request/5/response/4/attach/html/3/" ) response.code.should == "403" end + it "should render a 404 for non-existent 'details' pages for requests" do + get("/details/request/wobble" ) + response.code.should == "404" + end end -- cgit v1.2.3 From 4808347cb65556756d38b60b25fa9761f92c4513 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Fri, 13 Jan 2012 10:46:30 +0000 Subject: Further refinement for issue #340 --- spec/integration/errors_spec.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 8084bb35a..705c1fff8 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -48,6 +48,8 @@ describe "When rendering errors" do it "should render a 403 for attempts at directory listing for attachments" do get("/request/5/response/4/attach/html/3/" ) response.code.should == "403" + get("/request/5/response/4/attach/html" ) + response.code.should == "403" end it "should render a 404 for non-existent 'details' pages for requests" do get("/details/request/wobble" ) -- cgit v1.2.3 From 3affd6ab3d29bf2e86c9d4b00733499d060af20c Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 17 Jan 2012 13:31:22 +0000 Subject: Don't allow directory listings (better fix for and closes #340). --- spec/integration/errors_spec.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 705c1fff8..d03323445 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -46,10 +46,13 @@ describe "When rendering errors" do response.code.should == "500" end it "should render a 403 for attempts at directory listing for attachments" do - get("/request/5/response/4/attach/html/3/" ) - response.code.should == "403" - get("/request/5/response/4/attach/html" ) + # make a fake cache + foi_cache_path = File.join(File.dirname(__FILE__), '../../cache') + FileUtils.mkdir_p(File.join(foi_cache_path, "views/en/request/101/101/response/1/attach/html/1")) + get("/request/101/response/1/attach/html/1/" ) response.code.should == "403" + get("/request/101/response/1/attach/html" ) + response.code.should == "403" end it "should render a 404 for non-existent 'details' pages for requests" do get("/details/request/wobble" ) -- cgit v1.2.3 From 5aa2bd13042110e73212f83564c35b3a1d672bbb Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Sun, 29 Jan 2012 16:26:50 +0000 Subject: Load all raw emails for testing Previously there was just one raw email, and the test code relied on that fact. Generalise it to handle multiple raw emails. This change causes a number of tests to fail, because it exposes failures that should have happened when the second raw email was added but were masked by the fact that the text of this second raw email was never loaded. These failures will be fixed in the next commit. --- spec/integration/errors_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index d03323445..ea9caaf12 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -17,7 +17,7 @@ describe "When rendering errors" do ] before(:each) do - load_raw_emails_data(raw_emails) + load_raw_emails_data ActionController::Base.consider_all_requests_local = false end -- cgit v1.2.3 From ac4587afff81177a0bf86fc0064b81538811cb29 Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Tue, 31 Jan 2012 16:29:04 +0000 Subject: Load all fixtures for all tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ad hoc specification of fixtures has been an ongoing source of bugs in the tests. The straw that broke the camel’s back is that 7c6eb09 requires the fixtures to be loaded in order (i.e. children before their parents), and it would have been a painful process to reorder all the dozens of different fixture lists, but the test system ought to be more reliable this way. --- spec/integration/errors_spec.rb | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index ea9caaf12..ec2e1c376 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -2,20 +2,6 @@ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') describe "When rendering errors" do - fixtures [ - :users, - :public_bodies, - :public_body_translations, - :public_body_versions, - :info_requests, - :raw_emails, - :outgoing_messages, - :incoming_messages, - :comments, - :info_request_events, - :track_things, - ] - before(:each) do load_raw_emails_data ActionController::Base.consider_all_requests_local = false -- cgit v1.2.3