discourse/spec/requests/static_controller_spec.rb

require 'rails_helper'

describe StaticController do

  context '#brotli_asset' do
    it 'returns a non brotli encoded 404 if asset is missing' do

      get "/brotli_asset/missing.js"

      expect(response.status).to eq(404)
      expect(response.headers['Content-Encoding']).not_to eq('br')
      expect(response.headers["Cache-Control"]).to match(/max-age=1/)
    end

    it 'can handle fallback brotli assets' do
      begin
        assets_path = Rails.root.join("tmp/backup_assets")

        GlobalSetting.stubs(:fallback_assets_path).returns(assets_path.to_s)

        FileUtils.mkdir_p(assets_path)

        file_path = assets_path.join("test.js.br")
        File.write(file_path, 'fake brotli file')

        get "/brotli_asset/test.js"

        expect(response.status).to eq(200)
        expect(response.headers["Cache-Control"]).to match(/public/)
      ensure
        File.delete(file_path)
      end
    end

    it 'has correct headers for brotli assets' do
      begin
        assets_path = Rails.root.join("public/assets")

        FileUtils.mkdir_p(assets_path)

        file_path = assets_path.join("test.js.br")
        File.write(file_path, 'fake brotli file')

        get "/brotli_asset/test.js"

        expect(response.status).to eq(200)
        expect(response.headers["Cache-Control"]).to match(/public/)
      ensure
        File.delete(file_path)
      end
    end
  end

  context '#show' do
    before do
      post = create_post
      SiteSetting.tos_topic_id = post.topic.id
      SiteSetting.guidelines_topic_id = post.topic.id
      SiteSetting.privacy_topic_id = post.topic.id
    end

    context "with a static file that's present" do
      it "should return the right response" do
        get "/faq"

        expect(response).to be_success
        expect(response.body).to include(I18n.t('js.faq'))
      end
    end

    [
      ['tos', :tos_url, I18n.t('terms_of_service.title')],
      ['privacy', :privacy_policy_url, I18n.t('privacy')]
    ].each do |id, setting_name, text|

      context "#{id}" do
        context "when #{setting_name} site setting is NOT set" do
          it "renders the #{id} page" do
            get "/#{id}"

            expect(response).to be_success
            expect(response.body).to include(text)
          end
        end

        context "when #{setting_name} site setting is set" do
          before do
            SiteSetting.public_send("#{setting_name}=", 'http://example.com/page')
          end

          it "redirects to the #{setting_name}" do
            get "/#{id}"

            expect(response).to redirect_to('http://example.com/page')
          end
        end
      end
    end

    context "with a missing file" do
      it "should respond 404" do
        get "/static/does-not-exist"
        expect(response.status).to eq(404)
      end
    end

    it 'should redirect to / when logged in and path is /login' do
      sign_in(Fabricate(:user))
      get "/login"
      expect(response).to redirect_to('/')
    end

    it "should display the login template when login is required" do
      SiteSetting.login_required = true

      get "/login"

      expect(response).to be_success

      expect(response.body).to include(PrettyText.cook(I18n.t(
        'login_required.welcome_message', title: SiteSetting.title
      )))
    end

    context "when login_required is enabled" do
      before do
        SiteSetting.login_required = true
      end

      it 'faq page redirects to login page for anon' do
        get '/faq'
        expect(response).to redirect_to '/login'
      end

      it 'guidelines page redirects to login page for anon' do
        get '/guidelines'
        expect(response).to redirect_to '/login'
      end

      it 'faq page loads for logged in user' do
        sign_in(Fabricate(:user))

        get '/faq'

        expect(response).to be_success
        expect(response.body).to include(I18n.t('js.faq'))
      end

      it 'guidelines page loads for logged in user' do
        sign_in(Fabricate(:user))

        get '/guidelines'

        expect(response).to be_success
        expect(response.body).to include(I18n.t('guidelines'))
      end
    end
  end

  describe '#enter' do
    context 'without a redirect path' do
      it 'redirects to the root url' do
        post "/login.json"
        expect(response).to redirect_to('/')
      end
    end

    context 'with a redirect path' do
      it 'redirects to the redirect path' do
        post "/login.json", params: { redirect: '/foo' }
        expect(response).to redirect_to('/foo')
      end
    end

    context 'with a full url' do
      it 'redirects to the correct path' do
        post "/login.json", params: { redirect: "#{Discourse.base_url}/foo" }
        expect(response).to redirect_to('/foo')
      end
    end

    context 'with a period to force a new host' do
      it 'redirects to the root path' do
        post "/login.json", params: { redirect: ".org/foo" }
        expect(response).to redirect_to('/')
      end
    end

    context 'with a full url to someone else' do
      it 'redirects to the root path' do
        post "/login.json", params: { redirect: "http://eviltrout.com/foo" }
        expect(response).to redirect_to('/')
      end
    end

    context 'with an invalid URL' do
      it "redirects to the root" do
        post "/login.json", params: { redirect: "javascript:alert('trout')" }
        expect(response).to redirect_to('/')
      end
    end

    context 'when the redirect path is the login page' do
      it 'redirects to the root url' do
        post "/login.json", params: { redirect: login_path }
        expect(response).to redirect_to('/')
      end
    end
  end
end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require 'rails_helper'`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`describe StaticController do`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`context '#brotli_asset' do`
FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:06 -04:00			`it 'returns a non brotli encoded 404 if asset is missing' do`
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue 2016-12-15 00:05:20 -05:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get "/brotli_asset/missing.js"`
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue 2016-12-15 00:05:20 -05:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`expect(response.status).to eq(404)`
			`expect(response.headers['Content-Encoding']).not_to eq('br')`
			`expect(response.headers["Cache-Control"]).to match(/max-age=1/)`
FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:06 -04:00			`end`

			`it 'can handle fallback brotli assets' do`
			`begin`
			`assets_path = Rails.root.join("tmp/backup_assets")`

			`GlobalSetting.stubs(:fallback_assets_path).returns(assets_path.to_s)`

			`FileUtils.mkdir_p(assets_path)`

			`file_path = assets_path.join("test.js.br")`
			`File.write(file_path, 'fake brotli file')`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get "/brotli_asset/test.js"`
FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:06 -04:00
			`expect(response.status).to eq(200)`
			`expect(response.headers["Cache-Control"]).to match(/public/)`
			`ensure`
			`File.delete(file_path)`
			`end`
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue 2016-12-15 00:05:20 -05:00			`end`

add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00			`it 'has correct headers for brotli assets' do`
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00			`begin`
			`assets_path = Rails.root.join("public/assets")`
add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00			`FileUtils.mkdir_p(assets_path)`
add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00			`file_path = assets_path.join("test.js.br")`
			`File.write(file_path, 'fake brotli file')`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get "/brotli_asset/test.js"`
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00
			`expect(response.status).to eq(200)`
			`expect(response.headers["Cache-Control"]).to match(/public/)`
			`ensure`
			`File.delete(file_path)`
			`end`
add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00			`end`
			`end`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`context '#show' do`
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-24 14:27:34 -04:00			`before do`
			`post = create_post`
Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 02:09:14 -04:00			`SiteSetting.tos_topic_id = post.topic.id`
			`SiteSetting.guidelines_topic_id = post.topic.id`
			`SiteSetting.privacy_topic_id = post.topic.id`
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-24 14:27:34 -04:00			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "with a static file that's present" do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`it "should return the right response" do`
			`get "/faq"`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to be_success`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`expect(response.body).to include(I18n.t('js.faq'))`
Rails 4 updates 2013-07-23 14:42:52 -04:00			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`[`
			`['tos', :tos_url, I18n.t('terms_of_service.title')],`
			`['privacy', :privacy_policy_url, I18n.t('privacy')]`
			`].each do \|id, setting_name, text\|`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`context "#{id}" do`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "when #{setting_name} site setting is NOT set" do`
			`it "renders the #{id} page" do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get "/#{id}"`

			`expect(response).to be_success`
			`expect(response.body).to include(text)`
Rails 4 updates 2013-07-23 14:42:52 -04:00			`end`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "when #{setting_name} site setting is set" do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`before do`
			`SiteSetting.public_send("#{setting_name}=", 'http://example.com/page')`
			`end`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`it "redirects to the #{setting_name}" do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get "/#{id}"`

			`expect(response).to redirect_to('http://example.com/page')`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`end`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00			`end`
			`end`
			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "with a missing file" do`
			`it "should respond 404" do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get "/static/does-not-exist"`
			`expect(response.status).to eq(404)`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`end`
			`end`

			`it 'should redirect to / when logged in and path is /login' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`sign_in(Fabricate(:user))`
			`get "/login"`
			`expect(response).to redirect_to('/')`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`it "should display the login template when login is required" do`
Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 02:09:14 -04:00			`SiteSetting.login_required = true`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00
			`get "/login"`

controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to be_success`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00
			`expect(response.body).to include(PrettyText.cook(I18n.t(`
			`'login_required.welcome_message', title: SiteSetting.title`
			`)))`
BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`end`
FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00
			`context "when login_required is enabled" do`
			`before do`
			`SiteSetting.login_required = true`
			`end`

			`it 'faq page redirects to login page for anon' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get '/faq'`
FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00			`expect(response).to redirect_to '/login'`
			`end`

			`it 'guidelines page redirects to login page for anon' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`get '/guidelines'`
FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00			`expect(response).to redirect_to '/login'`
			`end`

			`it 'faq page loads for logged in user' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`sign_in(Fabricate(:user))`

			`get '/faq'`

FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00			`expect(response).to be_success`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`expect(response.body).to include(I18n.t('js.faq'))`
FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00			`end`

			`it 'guidelines page loads for logged in user' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`sign_in(Fabricate(:user))`

			`get '/guidelines'`

FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00			`expect(response).to be_success`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`expect(response.body).to include(I18n.t('guidelines'))`
FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00			`end`
			`end`
BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`end`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`describe '#enter' do`
			`context 'without a redirect path' do`
			`it 'redirects to the root url' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json"`
			`expect(response).to redirect_to('/')`
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`end`
			`end`

			`context 'with a redirect path' do`
			`it 'redirects to the redirect path' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json", params: { redirect: '/foo' }`
			`expect(response).to redirect_to('/foo')`
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`end`
			`end`

SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`context 'with a full url' do`
			`it 'redirects to the correct path' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json", params: { redirect: "#{Discourse.base_url}/foo" }`
			`expect(response).to redirect_to('/foo')`
SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`end`
			`end`

SECURITY: Don't allow redirects with periods in case you don't control other tlds on the same domain. 2014-10-30 11:31:44 -04:00			`context 'with a period to force a new host' do`
			`it 'redirects to the root path' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json", params: { redirect: ".org/foo" }`
			`expect(response).to redirect_to('/')`
SECURITY: Don't allow redirects with periods in case you don't control other tlds on the same domain. 2014-10-30 11:31:44 -04:00			`end`
			`end`

SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`context 'with a full url to someone else' do`
			`it 'redirects to the root path' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json", params: { redirect: "http://eviltrout.com/foo" }`
			`expect(response).to redirect_to('/')`
SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`end`
			`end`

			`context 'with an invalid URL' do`
			`it "redirects to the root" do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json", params: { redirect: "javascript:alert('trout')" }`
			`expect(response).to redirect_to('/')`
SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`end`
			`end`

Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`context 'when the redirect path is the login page' do`
			`it 'redirects to the root url' do`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`post "/login.json", params: { redirect: login_path }`
			`expect(response).to redirect_to('/')`
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`end`
			`end`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`