discourse/spec/controllers/static_controller_spec.rb

require 'rails_helper'

describe StaticController do

  context 'brotli_asset' do
    it 'returns a non brotli encoded 404 if asset is missing' do

      get :brotli_asset, path: 'missing.js'

        expect(response.status).to eq(404)
        expect(response.headers['Content-Encoding']).not_to eq('br')
        expect(response.headers["Cache-Control"]).to match(/max-age=1/)
    end

    it 'can handle fallback brotli assets' do
      begin
        assets_path = Rails.root.join("tmp/backup_assets")

        GlobalSetting.stubs(:fallback_assets_path).returns(assets_path.to_s)

        FileUtils.mkdir_p(assets_path)

        file_path = assets_path.join("test.js.br")
        File.write(file_path, 'fake brotli file')

        get :brotli_asset, path: 'test.js'

        expect(response.status).to eq(200)
        expect(response.headers["Cache-Control"]).to match(/public/)
      ensure
        File.delete(file_path)
      end
    end

    it 'has correct headers for brotli assets' do
      begin
        assets_path = Rails.root.join("public/assets")

        FileUtils.mkdir_p(assets_path)

        file_path = assets_path.join("test.js.br")
        File.write(file_path, 'fake brotli file')

        get :brotli_asset, path: 'test.js'

        expect(response.status).to eq(200)
        expect(response.headers["Cache-Control"]).to match(/public/)
      ensure
        File.delete(file_path)
      end
    end
  end

  context 'show' do
    before do
      post = create_post
      SiteSetting.tos_topic_id = post.topic.id
      SiteSetting.guidelines_topic_id = post.topic.id
      SiteSetting.privacy_topic_id = post.topic.id
    end

    context "with a static file that's present" do

      before do
        xhr :get, :show, id: 'faq'
      end

      it 'renders the static file if present' do
        expect(response).to be_success
      end

      it "renders the file" do
        expect(response).to render_template('static/show')
        expect(assigns(:page)).to eq('faq')
      end
    end

    [ ['tos', :tos_url], ['privacy', :privacy_policy_url] ].each do |id, setting_name|
      context "#{id}" do
        subject { xhr :get, :show, id: id }

        context "when #{setting_name} site setting is NOT set" do
          it "renders the #{id} page" do
            expect(subject).to render_template("static/show")
            expect(assigns(:page)).to eq(id)
          end
        end

        context "when #{setting_name} site setting is set" do
          before  { SiteSetting.public_send("#{setting_name}=", 'http://example.com/page') }

          it "redirects to the #{setting_name}" do
            expect(subject).to redirect_to('http://example.com/page')
          end
        end
      end
    end

    context "with a missing file" do
      it "should respond 404" do
        xhr :get, :show, id: 'does-not-exist'
        expect(response.response_code).to eq(404)
      end
    end

    it 'should redirect to / when logged in and path is /login' do
      log_in
      xhr :get, :show, id: 'login'
      expect(response).to redirect_to '/'
    end

    it "should display the login template when login is required" do
      SiteSetting.login_required = true
      xhr :get, :show, id: 'login'
      expect(response).to be_success
    end

    context "when login_required is enabled" do
      before do
        SiteSetting.login_required = true
      end

      it 'faq page redirects to login page for anon' do
        xhr :get, :show, id: 'faq'
        expect(response).to redirect_to '/login'
      end

      it 'guidelines page redirects to login page for anon' do
        xhr :get, :show, id: 'guidelines'
        expect(response).to redirect_to '/login'
      end

      it 'faq page loads for logged in user' do
        log_in
        xhr :get, :show, id: 'faq'
        expect(response).to be_success
        expect(response).to render_template('static/show')
        expect(assigns(:page)).to eq('faq')
      end

      it 'guidelines page loads for logged in user' do
        log_in
        xhr :get, :show, id: 'guidelines'
        expect(response).to be_success
        expect(response).to render_template('static/show')
        expect(assigns(:page)).to eq('faq')
      end
    end
  end

  describe '#enter' do
    context 'without a redirect path' do
      it 'redirects to the root url' do
        xhr :post, :enter
        expect(response).to redirect_to '/'
      end
    end

    context 'with a redirect path' do
      it 'redirects to the redirect path' do
        xhr :post, :enter, redirect: '/foo'
        expect(response).to redirect_to '/foo'
      end
    end

    context 'with a full url' do
      it 'redirects to the correct path' do
        xhr :post, :enter, redirect: "#{Discourse.base_url}/foo"
        expect(response).to redirect_to '/foo'
      end
    end

    context 'with a period to force a new host' do
      it 'redirects to the root path' do
        xhr :post, :enter, redirect: ".org/foo"
        expect(response).to redirect_to '/'
      end
    end

    context 'with a full url to someone else' do
      it 'redirects to the root path' do
        xhr :post, :enter, redirect: "http://eviltrout.com/foo"
        expect(response).to redirect_to '/'
      end
    end

    context 'with an invalid URL' do
      it "redirects to the root" do
        xhr :post, :enter, redirect: "javascript:alert('trout')"
        expect(response).to redirect_to '/'
      end
    end

    context 'when the redirect path is the login page' do
      it 'redirects to the root url' do
        xhr :post, :enter, redirect: login_path
        expect(response).to redirect_to '/'
      end
    end
  end
end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require 'rails_helper'`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`describe StaticController do`

add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00			`context 'brotli_asset' do`
FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:06 -04:00			`it 'returns a non brotli encoded 404 if asset is missing' do`
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue 2016-12-15 00:05:20 -05:00
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`get :brotli_asset, path: 'missing.js'`
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue 2016-12-15 00:05:20 -05:00
			`expect(response.status).to eq(404)`
			`expect(response.headers['Content-Encoding']).not_to eq('br')`
FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:06 -04:00			`expect(response.headers["Cache-Control"]).to match(/max-age=1/)`
			`end`

			`it 'can handle fallback brotli assets' do`
			`begin`
			`assets_path = Rails.root.join("tmp/backup_assets")`

			`GlobalSetting.stubs(:fallback_assets_path).returns(assets_path.to_s)`

			`FileUtils.mkdir_p(assets_path)`

			`file_path = assets_path.join("test.js.br")`
			`File.write(file_path, 'fake brotli file')`

			`get :brotli_asset, path: 'test.js'`

			`expect(response.status).to eq(200)`
			`expect(response.headers["Cache-Control"]).to match(/public/)`
			`ensure`
			`File.delete(file_path)`
			`end`
FIX: on 404 from brotli asset path return a correctly encoded doc old implementation would cache the 404 for 1 year with incorrect encoding hilarity would ensue 2016-12-15 00:05:20 -05:00			`end`

add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00			`it 'has correct headers for brotli assets' do`
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00			`begin`
			`assets_path = Rails.root.join("public/assets")`
add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00			`FileUtils.mkdir_p(assets_path)`
add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00
FIX: Clean up specs. 2016-12-05 00:37:33 -05:00			`file_path = assets_path.join("test.js.br")`
			`File.write(file_path, 'fake brotli file')`

			`get :brotli_asset, path: 'test.js'`

			`expect(response.status).to eq(200)`
			`expect(response.headers["Cache-Control"]).to match(/public/)`
			`ensure`
			`File.delete(file_path)`
			`end`
add spec for brotli controller, ensure cached correctly 2016-12-05 00:08:36 -05:00			`end`
			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context 'show' do`
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-24 14:27:34 -04:00			`before do`
			`post = create_post`
Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 02:09:14 -04:00			`SiteSetting.tos_topic_id = post.topic.id`
			`SiteSetting.guidelines_topic_id = post.topic.id`
			`SiteSetting.privacy_topic_id = post.topic.id`
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-24 14:27:34 -04:00			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "with a static file that's present" do`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`before do`
			`xhr :get, :show, id: 'faq'`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`it 'renders the static file if present' do`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to be_success`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`it "renders the file" do`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to render_template('static/show')`
			`expect(assigns(:page)).to eq('faq')`
Rails 4 updates 2013-07-23 14:42:52 -04:00			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`[ ['tos', :tos_url], ['privacy', :privacy_policy_url] ].each do \|id, setting_name\|`
			`context "#{id}" do`
			`subject { xhr :get, :show, id: id }`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "when #{setting_name} site setting is NOT set" do`
			`it "renders the #{id} page" do`
Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-24 14:27:34 -04:00			`expect(subject).to render_template("static/show")`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(assigns(:page)).to eq(id)`
Rails 4 updates 2013-07-23 14:42:52 -04:00			`end`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "when #{setting_name} site setting is set" do`
Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 02:09:14 -04:00			`before { SiteSetting.public_send("#{setting_name}=", 'http://example.com/page') }`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`it "redirects to the #{setting_name}" do`
			`expect(subject).to redirect_to('http://example.com/page')`
			`end`
tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00			`end`
			`end`
			`end`

On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`context "with a missing file" do`
			`it "should respond 404" do`
			`xhr :get, :show, id: 'does-not-exist'`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response.response_code).to eq(404)`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00			`end`
			`end`

			`it 'should redirect to / when logged in and path is /login' do`
			`log_in`
			`xhr :get, :show, id: 'login'`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to redirect_to '/'`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`it "should display the login template when login is required" do`
Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 02:09:14 -04:00			`SiteSetting.login_required = true`
BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`xhr :get, :show, id: 'login'`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to be_success`
BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`end`
FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 05:30:49 -05:00
			`context "when login_required is enabled" do`
			`before do`
			`SiteSetting.login_required = true`
			`end`

			`it 'faq page redirects to login page for anon' do`
			`xhr :get, :show, id: 'faq'`
			`expect(response).to redirect_to '/login'`
			`end`

			`it 'guidelines page redirects to login page for anon' do`
			`xhr :get, :show, id: 'guidelines'`
			`expect(response).to redirect_to '/login'`
			`end`

			`it 'faq page loads for logged in user' do`
			`log_in`
			`xhr :get, :show, id: 'faq'`
			`expect(response).to be_success`
			`expect(response).to render_template('static/show')`
			`expect(assigns(:page)).to eq('faq')`
			`end`

			`it 'guidelines page loads for logged in user' do`
			`log_in`
			`xhr :get, :show, id: 'guidelines'`
			`expect(response).to be_success`
			`expect(response).to render_template('static/show')`
			`expect(assigns(:page)).to eq('faq')`
			`end`
			`end`
BUGFIX: login was broken when login was required 2014-07-26 17:16:08 -04:00			`end`
On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:22 -04:00
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`describe '#enter' do`
			`context 'without a redirect path' do`
			`it 'redirects to the root url' do`
			`xhr :post, :enter`
Refactor routes in order to be compatible with Rails 4 2013-07-01 14:00:06 -04:00			`expect(response).to redirect_to '/'`
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`end`
			`end`

			`context 'with a redirect path' do`
			`it 'redirects to the redirect path' do`
			`xhr :post, :enter, redirect: '/foo'`
			`expect(response).to redirect_to '/foo'`
			`end`
			`end`

SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`context 'with a full url' do`
			`it 'redirects to the correct path' do`
			`xhr :post, :enter, redirect: "#{Discourse.base_url}/foo"`
			`expect(response).to redirect_to '/foo'`
			`end`
			`end`

SECURITY: Don't allow redirects with periods in case you don't control other tlds on the same domain. 2014-10-30 11:31:44 -04:00			`context 'with a period to force a new host' do`
			`it 'redirects to the root path' do`
			`xhr :post, :enter, redirect: ".org/foo"`
			`expect(response).to redirect_to '/'`
			`end`
			`end`

SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00			`context 'with a full url to someone else' do`
			`it 'redirects to the root path' do`
			`xhr :post, :enter, redirect: "http://eviltrout.com/foo"`
			`expect(response).to redirect_to '/'`
			`end`
			`end`

			`context 'with an invalid URL' do`
			`it "redirects to the root" do`
			`xhr :post, :enter, redirect: "javascript:alert('trout')"`
			`expect(response).to redirect_to '/'`
			`end`
			`end`

Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`context 'when the redirect path is the login page' do`
			`it 'redirects to the root url' do`
			`xhr :post, :enter, redirect: login_path`
Refactor routes in order to be compatible with Rails 4 2013-07-01 14:00:06 -04:00			`expect(response).to redirect_to '/'`
Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`end`
			`end`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`