Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests/static_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

335 lines
9.2 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-29 20:27:42 -04:00
# frozen_string_literal: true
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails.
2015-10-11 05:41:23 -04:00
require 'rails_helper'
Initial release of Discourse
2013-02-05 14:16:51 -05:00
describe StaticController do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:upload) { Fabricate(:upload) }
Initial release of Discourse
2013-02-05 14:16:51 -05:00
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
context '#favicon' do
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
let(:filename) { 'smallest.png' }
let(:file) { file_from_fixtures(filename) }
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
let(:upload) do
UploadCreator.new(file, filename).create_for(Discourse.system_user.id)
end
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
DEV: switch message bus backend to memory for tests This backend is a bit faster and well tested, this is part of a longer term plan to have a `backend: :memory, threaded: false` type config for message bus which we can use in test. The threading in message bus causes all sorts of surprises in test, it will be nice not to be beholden to them.
2019-05-29 02:34:55 -04:00
before_all do
DistributedMemoizer.flush!
end
FEATURE: Upload Site Settings. (#6573)
2018-11-14 02:03:02 -05:00
after do
DEV: Properly flush `DistributedMemoizer` in spec. - $redis.flushall may hide state leak from other tests.
2019-02-21 02:03:55 -05:00
DistributedMemoizer.flush!
FEATURE: Upload Site Settings. (#6573)
2018-11-14 02:03:02 -05:00
end
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
describe 'local store' do
it 'returns the default favicon if favicon has not been configured' do
get '/favicon/proxied'
expect(response.status).to eq(200)
DEV: Upgrade Discourse to Rails 6 (#8083) * Adjustments to pass specs on Rails 6.0.0 * Use classic autoloader instead of Zeitwerk * Update Rails 6.0.0 deprecated methods * Rails 6.0.0 not allowing column with integer name * Drop freedom_patches/rails6.rb * Default value for trigger_transactional_callbacks? is true * Bump rspec-rails version to 4.0.0.beta2
2019-09-11 20:41:50 -04:00
expect(response.media_type).to eq('image/png')
FEATURE: Automatically generate optimized site metadata icons (#7372) This change automatically resizes icons for various purposes. Admins can now upload `logo` and `logo_small`, and everything else will be auto-generated. Specific icons can still be uploaded separately if required. ## Core - Adds an SiteIconManager module which manages automatic resizing and fallback - Icons are looked up in the OptimizedImage table at runtime, and then cached in Redis. If the resized version is missing for some reason, then most icons will fall back to the original files. Some icons (e.g. PWA Manifest) will return `nil` (because an incorrectly sized icon is worse than a missing icon). - `SiteSetting.site_large_icon_url` will return the optimized version, including any fallback. `SiteSetting.large_icon` continues to return the upload object. This means that (almost) no changes are required in core/plugins to support this new system. - Icons are resized whenever a relevant site setting is changed, and during post-deploy migrations ## Wizard - Allows `requiresRefresh` wizard steps to reload data via AJAX instead of a full page reload - Add placeholders to the **icons** step of the wizard, which automatically update from the "Square Logo" - Various copy updates to support the changes - Remove the "upload-time" resizing for `large_icon`. This is no longer required. ## Site Settings UX - Move logo/icon settings under a new "Branding" tab - Various copy changes to support the changes - Adds placeholder support to the `image-uploader` component - Automatically reloads site settings after saving. This allows setting placeholders to change based on changes to other settings - Upload site settings will be assigned a placeholder if SiteIconManager `responds_to?` an icon of the same name ## Dashboard Warnings - Remove PWA icon and PWA title warnings. Both are now handled automatically. ## Bonus - Updated the sketch logos to use @awesomerobot's new high-res designs
2019-05-01 09:44:45 -04:00
expect(response.body.bytesize).to eq(SiteIconManager.favicon.filesize)
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
end
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
it 'returns the configured favicon' do
SiteSetting.favicon = upload
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
get '/favicon/proxied'
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
expect(response.status).to eq(200)
DEV: Upgrade Discourse to Rails 6 (#8083) * Adjustments to pass specs on Rails 6.0.0 * Use classic autoloader instead of Zeitwerk * Update Rails 6.0.0 deprecated methods * Rails 6.0.0 not allowing column with integer name * Drop freedom_patches/rails6.rb * Default value for trigger_transactional_callbacks? is true * Bump rspec-rails version to 4.0.0.beta2
2019-09-11 20:41:50 -04:00
expect(response.media_type).to eq('image/png')
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
expect(response.body.bytesize).to eq(upload.filesize)
end
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
end
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
describe 'external store' do
let(:upload) do
Upload.create!(
url: '//s3-upload-bucket.s3-us-east-1.amazonaws.com/somewhere/a.png',
original_filename: filename,
filesize: file.size,
user_id: Discourse.system_user.id
)
end
before do
SiteSetting.enable_s3_uploads = true
SiteSetting.s3_access_key_id = 'X'
SiteSetting.s3_secret_access_key = 'X'
end
it 'can proxy a favicon correctly' do
SiteSetting.favicon = upload
stub_request(:get, "https:/#{upload.url}")
.to_return(status: 200, body: file)
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
get '/favicon/proxied'
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
expect(response.status).to eq(200)
DEV: Upgrade Discourse to Rails 6 (#8083) * Adjustments to pass specs on Rails 6.0.0 * Use classic autoloader instead of Zeitwerk * Update Rails 6.0.0 deprecated methods * Rails 6.0.0 not allowing column with integer name * Drop freedom_patches/rails6.rb * Default value for trigger_transactional_callbacks? is true * Bump rspec-rails version to 4.0.0.beta2
2019-09-11 20:41:50 -04:00
expect(response.media_type).to eq('image/png')
FIX: `StaticController#favicon` reads from disk when using local store. (#7160) Since uploads site settings are now backed by an actual upload, we don't have to reach over the network just to fetch the favicon. Instead, we can just read the upload directly from disk.
2019-03-13 16:17:36 -04:00
expect(response.body.bytesize).to eq(upload.filesize)
end
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
end
end
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
context '#brotli_asset' do
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:06 -04:00
it 'returns a non brotli encoded 404 if asset is missing' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/brotli_asset/missing.js"
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue
2016-12-15 00:05:20 -05:00
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
expect(response.status).to eq(404)
expect(response.headers['Content-Encoding']).not_to eq('br')
favicon proxy now uses hijack
2017-11-26 22:50:57 -05:00
expect(response.headers['Cache-Control']).to match(/max-age=1/)
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:06 -04:00
end
it 'can handle fallback brotli assets' do
begin
assets_path = Rails.root.join("tmp/backup_assets")
GlobalSetting.stubs(:fallback_assets_path).returns(assets_path.to_s)
FileUtils.mkdir_p(assets_path)
file_path = assets_path.join("test.js.br")
File.write(file_path, 'fake brotli file')
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/brotli_asset/test.js"
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:06 -04:00
expect(response.status).to eq(200)
expect(response.headers["Cache-Control"]).to match(/public/)
ensure
File.delete(file_path)
end
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue
2016-12-15 00:05:20 -05:00
end
add spec for brotli controller, ensure cached correctly
2016-12-05 00:08:36 -05:00
it 'has correct headers for brotli assets' do
FIX: Clean up specs.
2016-12-05 00:37:33 -05:00
begin
assets_path = Rails.root.join("public/assets")
add spec for brotli controller, ensure cached correctly
2016-12-05 00:08:36 -05:00
FIX: Clean up specs.
2016-12-05 00:37:33 -05:00
FileUtils.mkdir_p(assets_path)
add spec for brotli controller, ensure cached correctly
2016-12-05 00:08:36 -05:00
FIX: Clean up specs.
2016-12-05 00:37:33 -05:00
file_path = assets_path.join("test.js.br")
File.write(file_path, 'fake brotli file')
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/brotli_asset/test.js"
FIX: Clean up specs.
2016-12-05 00:37:33 -05:00
expect(response.status).to eq(200)
expect(response.headers["Cache-Control"]).to match(/public/)
ensure
File.delete(file_path)
end
add spec for brotli controller, ensure cached correctly
2016-12-05 00:08:36 -05:00
end
end
FIX: Fallback to gzip compression if brotli isn't supported (#7895)
2019-07-16 10:05:37 -04:00
context '#cdn_asset' do
let (:site) { RailsMultisite::ConnectionManagement.current_db }
it 'can serve assets' do
begin
assets_path = Rails.root.join("public/assets")
FileUtils.mkdir_p(assets_path)
file_path = assets_path.join("test.js.br")
File.write(file_path, 'fake brotli file')
get "/cdn_asset/#{site}/test.js.br"
expect(response.status).to eq(200)
expect(response.headers["Cache-Control"]).to match(/public/)
ensure
File.delete(file_path)
end
end
end
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
context '#show' do
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files.
2014-07-24 14:27:34 -04:00
before do
post = create_post
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.tos_topic_id = post.topic.id
SiteSetting.guidelines_topic_id = post.topic.id
SiteSetting.privacy_topic_id = post.topic.id
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files.
2014-07-24 14:27:34 -04:00
end
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
context "with a static file that's present" do
FIX: /signup and /password-reset direct links were broken
2019-03-03 22:32:12 -05:00
it "should return the right response for /faq" do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/faq"
Initial release of Discourse
2013-02-05 14:16:51 -05:00
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 04:11:09 -04:00
expect(response.status).to eq(200)
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
expect(response.body).to include(I18n.t('js.faq'))
FIX: title was repeating on about page
2018-11-27 21:36:14 -05:00
expect(response.body).to include("<title>FAQ - Discourse</title>")
Rails 4 updates
2013-07-23 14:42:52 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
[
Remove duplicate translations
2019-05-22 09:29:15 -04:00
['tos', :tos_url, I18n.t('js.tos')],
['privacy', :privacy_policy_url, I18n.t('js.privacy')]
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
].each do |id, setting_name, text|
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
context "#{id}" do
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
context "when #{setting_name} site setting is NOT set" do
it "renders the #{id} page" do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/#{id}"
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 04:11:09 -04:00
expect(response.status).to eq(200)
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
expect(response.body).to include(text)
Rails 4 updates
2013-07-23 14:42:52 -04:00
end
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
end
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
context "when #{setting_name} site setting is set" do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
before do
DEV: introduce new API to look up dynamic site setting This removes all uses of both `send` and `public_send` from consumers of SiteSetting and instead introduces a `get` helper for dynamic lookup This leads to much cleaner and safer code long term as we are always explicit to test that a site setting is really there before sending an arbitrary string to the class It also removes a couple of risky stubs from the auth provider test
2019-05-06 21:00:09 -04:00
SiteSetting.set(setting_name, 'http://example.com/page')
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
end
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
it "redirects to the #{setting_name}" do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/#{id}"
expect(response).to redirect_to('http://example.com/page')
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
end
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
end
end
end
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
context "with a missing file" do
it "should respond 404" do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/static/does-not-exist"
expect(response.status).to eq(404)
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
end
DEV: deprecate blank files for static modal pages
2019-03-04 04:34:48 -05:00
context "modal pages" do
it "should return the right response for /signup" do
get "/signup"
expect(response.status).to eq(200)
end
it "should return the right response for /password-reset" do
get "/password-reset"
expect(response.status).to eq(200)
end
end
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
end
it 'should redirect to / when logged in and path is /login' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
sign_in(Fabricate(:user))
get "/login"
expect(response).to redirect_to('/')
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
BUGFIX: login was broken when login was required
2014-07-26 17:16:08 -04:00
it "should display the login template when login is required" do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 02:09:14 -04:00
SiteSetting.login_required = true
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
get "/login"
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 04:11:09 -04:00
expect(response.status).to eq(200)
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
expect(response.body).to include(PrettyText.cook(I18n.t(
'login_required.welcome_message', title: SiteSetting.title
)))
BUGFIX: login was broken when login was required
2014-07-26 17:16:08 -04:00
end
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 05:30:49 -05:00
context "when login_required is enabled" do
before do
SiteSetting.login_required = true
end
FEATURE: add /conduct as an alias for /guidelines
2018-12-18 16:40:05 -05:00
['faq', 'guidelines', 'rules', 'conduct'].each do |page_name|
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:37:56 -04:00
it "#{page_name} page redirects to login page for anon" do
get "/#{page_name}"
expect(response).to redirect_to '/login'
end
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:37:56 -04:00
it "#{page_name} page redirects to login page for anon" do
get "/#{page_name}"
expect(response).to redirect_to '/login'
end
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 05:30:49 -05:00
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:37:56 -04:00
it "#{page_name} page loads for logged in user" do
sign_in(Fabricate(:user))
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:37:56 -04:00
get "/#{page_name}"
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:37:56 -04:00
expect(response.status).to eq(200)
Remove duplicate translations
2019-05-22 09:29:15 -04:00
expect(response.body).to include(I18n.t('js.guidelines'))
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:37:56 -04:00
end
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 05:30:49 -05:00
end
end
FIX: title was repeating on about page
2018-11-27 21:36:14 -05:00
context "crawler view" do
it "should include correct title" do
get '/faq', headers: { 'HTTP_USER_AGENT' => 'Googlebot' }
expect(response.status).to eq(200)
expect(response.body).to include("<title>FAQ - Discourse</title>")
end
end
BUGFIX: login was broken when login was required
2014-07-26 17:16:08 -04:00
end
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:22 -04:00
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path.
2013-06-04 18:34:54 -04:00
describe '#enter' do
context 'without a redirect path' do
it 'redirects to the root url' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json"
expect(response).to redirect_to('/')
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path.
2013-06-04 18:34:54 -04:00
end
end
context 'with a redirect path' do
it 'redirects to the redirect path' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json", params: { redirect: '/foo' }
expect(response).to redirect_to('/foo')
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path.
2013-06-04 18:34:54 -04:00
end
end
SECURITY: Only redirect to our host by path on the login action
2014-08-28 17:45:13 -04:00
context 'with a full url' do
it 'redirects to the correct path' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json", params: { redirect: "#{Discourse.base_url}/foo" }
expect(response).to redirect_to('/foo')
SECURITY: Only redirect to our host by path on the login action
2014-08-28 17:45:13 -04:00
end
end
FEATURE: support query params when redirecting to internal link on login (#7829)
2019-07-04 01:41:43 -04:00
context 'with a redirect path with query params' do
it 'redirects to the redirect path and preserves query params' do
post "/login.json", params: { redirect: '/foo?bar=1' }
expect(response).to redirect_to('/foo?bar=1')
end
end
SECURITY: Don't allow redirects with periods in case you don't control other tlds on the same domain.
2014-10-30 11:31:44 -04:00
context 'with a period to force a new host' do
it 'redirects to the root path' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json", params: { redirect: ".org/foo" }
expect(response).to redirect_to('/')
SECURITY: Don't allow redirects with periods in case you don't control other tlds on the same domain.
2014-10-30 11:31:44 -04:00
end
end
SECURITY: Only redirect to our host by path on the login action
2014-08-28 17:45:13 -04:00
context 'with a full url to someone else' do
it 'redirects to the root path' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json", params: { redirect: "http://eviltrout.com/foo" }
expect(response).to redirect_to('/')
SECURITY: Only redirect to our host by path on the login action
2014-08-28 17:45:13 -04:00
end
end
context 'with an invalid URL' do
it "redirects to the root" do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json", params: { redirect: "javascript:alert('trout')" }
expect(response).to redirect_to('/')
SECURITY: Only redirect to our host by path on the login action
2014-08-28 17:45:13 -04:00
end
end
FIX: handle array in redirect param
2019-06-11 07:40:16 -04:00
context 'with an array' do
it "redirects to the root" do
post "/login.json", params: { redirect: ["/foo"] }
FIX: respond with 400 error on invalid redirect param
2019-06-17 07:14:30 -04:00
expect(response.status).to eq(400)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
json = response.parsed_body
FIX: respond with 400 error on invalid redirect param
2019-06-17 07:14:30 -04:00
expect(json["errors"]).to be_present
expect(json["errors"]).to include(
I18n.t("invalid_params", message: "redirect")
)
FIX: handle array in redirect param
2019-06-11 07:40:16 -04:00
end
end
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path.
2013-06-04 18:34:54 -04:00
context 'when the redirect path is the login page' do
it 'redirects to the root url' do
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 00:06:56 -04:00
post "/login.json", params: { redirect: login_path }
expect(response).to redirect_to('/')
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path.
2013-06-04 18:34:54 -04:00
end
end
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end