discourse/spec/controllers/application_controller_spec.rb

require 'rails_helper'

describe TopicsController do
  before do
    TopicUser.stubs(:track_visit!)
  end

  let :topic do
    Fabricate(:post).topic
  end

  def set_referer(ref)
    request.env['HTTP_REFERER'] = ref
  end

  def set_accept_language(locale)
    request.env['HTTP_ACCEPT_LANGUAGE'] = locale
  end

  it "doesn't store an incoming link when there's no referer" do
    expect {
      get :show, id: topic.id
    }.not_to change(IncomingLink, :count)
  end

  it "doesn't raise an error on a very long link" do
    set_referer("http://#{'a' * 2000}.com")
    expect { get :show, {id: topic.id} }.not_to raise_error
  end

  describe "has_escaped_fragment?" do
    render_views

    context "when the SiteSetting is disabled" do
      before do
        SiteSetting.stubs(:enable_escaped_fragments?).returns(false)
      end

      it "uses the application layout even with an escaped fragment param" do
        get :show, {'topic_id' => topic.id, 'slug' => topic.slug, '_escaped_fragment_' => 'true'}
        expect(response).to render_template(layout: 'application')
        assert_select "meta[name=fragment]", false, "it doesn't have the meta tag"
      end
    end

    context "when the SiteSetting is enabled" do
      before do
        SiteSetting.stubs(:enable_escaped_fragments?).returns(true)
      end

      it "uses the application layout when there's no param" do
        get :show, topic_id: topic.id, slug: topic.slug
        expect(response).to render_template(layout: 'application')
        assert_select "meta[name=fragment]", true, "it has the meta tag"
      end

      it "uses the crawler layout when there's an _escaped_fragment_ param" do
        get :show, topic_id: topic.id, slug: topic.slug, _escaped_fragment_: 'true'
        expect(response).to render_template(layout: 'crawler')
        assert_select "meta[name=fragment]", false, "it doesn't have the meta tag"
      end
    end
  end

  describe "crawler" do
    render_views

    context "when not a crawler" do
      before do
        CrawlerDetection.expects(:crawler?).returns(false)
      end
      it "renders with the application layout" do
        get :show, topic_id: topic.id, slug: topic.slug
        expect(response).to render_template(layout: 'application')
        assert_select "meta[name=fragment]", true, "it has the meta tag"
      end
    end

    context "when a crawler" do
      before do
        CrawlerDetection.expects(:crawler?).returns(true)
      end
      it "renders with the crawler layout" do
        get :show, topic_id: topic.id, slug: topic.slug
        expect(response).to render_template(layout: 'crawler')
        assert_select "meta[name=fragment]", false, "it doesn't have the meta tag"
      end
    end

  end

  describe 'clear_notifications' do
    it 'correctly clears notifications if specified via cookie' do
      notification = Fabricate(:notification)
      log_in_user(notification.user)

      request.cookies['cn'] = "2828,100,#{notification.id}"

      get :show, {topic_id: 100}

      expect(response.cookies['cn']).to eq nil

      notification.reload
      expect(notification.read).to eq true

    end

    it 'correctly clears notifications if specified via header' do
      notification = Fabricate(:notification)
      log_in_user(notification.user)

      request.headers['Discourse-Clear-Notifications'] = "2828,100,#{notification.id}"

      get :show, {topic_id: 100}

      notification.reload
      expect(notification.read).to eq true
    end
  end

  describe "set_locale" do
    context "allow_user_locale disabled" do
      context "accept-language header differs from default locale" do
        before do
          SiteSetting.stubs(:allow_user_locale).returns(false)
          SiteSetting.stubs(:default_locale).returns("en")
          set_accept_language("fr")
        end

        context "with an anonymous user" do
          it "uses the default locale" do
            get :show, {topic_id: topic.id}

            expect(I18n.locale).to eq(:en)
          end
        end

        context "with a logged in user" do
          it "it uses the default locale" do
            user = Fabricate(:user, locale: :fr)
            log_in_user(user)

            get :show, {topic_id: topic.id}

            expect(I18n.locale).to eq(:en)
          end
        end
      end
    end

    context "allow_user_locale enabled" do
      context "accept-language header differs from default locale" do
        before do
          SiteSetting.stubs(:allow_user_locale).returns(true)
          SiteSetting.stubs(:default_locale).returns("en")
          set_accept_language("fr")
        end

        context "with an anonymous user" do
          it "uses the locale from the headers" do
            get :show, {topic_id: topic.id}

            expect(I18n.locale).to eq(:fr)
          end
        end

        context "with a logged in user" do
          it "uses the user's preferred locale" do
            user = Fabricate(:user, locale: :fr)
            log_in_user(user)

            get :show, {topic_id: topic.id}

            expect(I18n.locale).to eq(:fr)
          end
        end
      end

      context "the preferred locale includes a region" do
        it "returns the locale and region separated by an underscore" do
          SiteSetting.stubs(:allow_user_locale).returns(true)
          SiteSetting.stubs(:default_locale).returns("en")
          set_accept_language("zh-CN")

          get :show, {topic_id: topic.id}

          expect(I18n.locale).to eq(:zh_CN)
        end
      end

      context 'accept-language header is not set' do
        it 'uses the site default locale' do
          SiteSetting.stubs(:allow_user_locale).returns(true)
          SiteSetting.stubs(:default_locale).returns('en')
          set_accept_language('')

          get :show, {topic_id: topic.id}

          expect(I18n.locale).to eq(:en)
        end
      end
    end
  end

  describe "read only header" do
    it "returns no read only header by default" do
      get :show, {topic_id: topic.id}
      expect(response.headers['Discourse-Readonly']).to eq(nil)
    end

    it "returns a readonly header if the site is read only" do
      Discourse.received_readonly!
      get :show, {topic_id: topic.id}
      expect(response.headers['Discourse-Readonly']).to eq('true')
    end
  end
end

describe 'api' do

  before do
    ActionController::Base.allow_forgery_protection = true
  end

  after do
    ActionController::Base.allow_forgery_protection = false
  end

  describe PostsController do
    let(:user) do
      Fabricate(:user)
    end

    let(:post) do
      Fabricate(:post)
    end

    let(:api_key) { user.generate_api_key(user) }
    let(:master_key) { ApiKey.create_master_key }

    # choosing an arbitrarily easy to mock trusted activity
    it 'allows users with api key to bookmark posts' do
      PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).once
      put :bookmark, bookmarked: "true", post_id: post.id, api_key: api_key.key, format: :json
      expect(response).to be_success
    end

    it 'raises an error with a user key that does not match an optionally specified username' do
      PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).never
      put :bookmark, bookmarked: "true", post_id: post.id, api_key: api_key.key, api_username: 'made_up', format: :json
      expect(response).not_to be_success
    end

    it 'allows users with a master api key to bookmark posts' do
      PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).once
      put :bookmark, bookmarked: "true", post_id: post.id, api_key: master_key.key, api_username: user.username, format: :json
      expect(response).to be_success
    end

    it 'disallows phonies to bookmark posts' do
      PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).never
      put :bookmark, bookmarked: "true", post_id: post.id, api_key: SecureRandom.hex(32), api_username: user.username, format: :json
      expect(response.code.to_i).to eq(403)
    end

    it 'disallows blank api' do
      PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).never
      put :bookmark, bookmarked: "true", post_id: post.id, api_key: "", api_username: user.username, format: :json
      expect(response.code.to_i).to eq(403)
    end
  end
end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require 'rails_helper'`
basic api support 2013-03-25 21:04:28 -04:00
remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-10 18:50:48 -05:00			`describe TopicsController do`
			`before do`
			`TopicUser.stubs(:track_visit!)`
			`end`

			`let :topic do`
			`Fabricate(:post).topic`
			`end`

			`def set_referer(ref)`
			`request.env['HTTP_REFERER'] = ref`
			`end`

set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`def set_accept_language(locale)`
			`request.env['HTTP_ACCEPT_LANGUAGE'] = locale`
			`end`

remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-10 18:50:48 -05:00			`it "doesn't store an incoming link when there's no referer" do`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect {`
remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-10 18:50:48 -05:00			`get :show, id: topic.id`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`}.not_to change(IncomingLink, :count)`
remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-10 18:50:48 -05:00			`end`

			`it "doesn't raise an error on a very long link" do`
			`set_referer("http://#{'a' * 2000}.com")`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect { get :show, {id: topic.id} }.not_to raise_error`
remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-10 18:50:48 -05:00			`end`

CHANGE: We now include the `_escaped_fragment_` support by default, but only if the crawler check fails. It is a fallback for non-google search engines that support the Ajax crawling API. 2014-02-20 17:02:26 -05:00			`describe "has_escaped_fragment?" do`
			`render_views`

			`context "when the SiteSetting is disabled" do`
			`before do`
			`SiteSetting.stubs(:enable_escaped_fragments?).returns(false)`
			`end`

			`it "uses the application layout even with an escaped fragment param" do`
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`get :show, {'topic_id' => topic.id, 'slug' => topic.slug, '_escaped_fragment_' => 'true'}`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to render_template(layout: 'application')`
CHANGE: We now include the `_escaped_fragment_` support by default, but only if the crawler check fails. It is a fallback for non-google search engines that support the Ajax crawling API. 2014-02-20 17:02:26 -05:00			`assert_select "meta[name=fragment]", false, "it doesn't have the meta tag"`
			`end`
			`end`

			`context "when the SiteSetting is enabled" do`
			`before do`
			`SiteSetting.stubs(:enable_escaped_fragments?).returns(true)`
			`end`

			`it "uses the application layout when there's no param" do`
FIX: broken tests 2014-07-29 02:35:15 -04:00			`get :show, topic_id: topic.id, slug: topic.slug`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to render_template(layout: 'application')`
CHANGE: We now include the `_escaped_fragment_` support by default, but only if the crawler check fails. It is a fallback for non-google search engines that support the Ajax crawling API. 2014-02-20 17:02:26 -05:00			`assert_select "meta[name=fragment]", true, "it has the meta tag"`
			`end`

			`it "uses the crawler layout when there's an _escaped_fragment_ param" do`
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`get :show, topic_id: topic.id, slug: topic.slug, _escaped_fragment_: 'true'`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to render_template(layout: 'crawler')`
CHANGE: We now include the `_escaped_fragment_` support by default, but only if the crawler check fails. It is a fallback for non-google search engines that support the Ajax crawling API. 2014-02-20 17:02:26 -05:00			`assert_select "meta[name=fragment]", false, "it doesn't have the meta tag"`
			`end`
			`end`
			`end`

			`describe "crawler" do`
			`render_views`

			`context "when not a crawler" do`
			`before do`
			`CrawlerDetection.expects(:crawler?).returns(false)`
			`end`
			`it "renders with the application layout" do`
FIX: broken tests 2014-07-29 02:35:15 -04:00			`get :show, topic_id: topic.id, slug: topic.slug`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to render_template(layout: 'application')`
CHANGE: We now include the `_escaped_fragment_` support by default, but only if the crawler check fails. It is a fallback for non-google search engines that support the Ajax crawling API. 2014-02-20 17:02:26 -05:00			`assert_select "meta[name=fragment]", true, "it has the meta tag"`
			`end`
			`end`

			`context "when a crawler" do`
			`before do`
			`CrawlerDetection.expects(:crawler?).returns(true)`
			`end`
			`it "renders with the crawler layout" do`
FIX: broken tests 2014-07-29 02:35:15 -04:00			`get :show, topic_id: topic.id, slug: topic.slug`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to render_template(layout: 'crawler')`
CHANGE: We now include the `_escaped_fragment_` support by default, but only if the crawler check fails. It is a fallback for non-google search engines that support the Ajax crawling API. 2014-02-20 17:02:26 -05:00			`assert_select "meta[name=fragment]", false, "it doesn't have the meta tag"`
			`end`
			`end`

			`end`

FIX: Always ensure notifications are treated as read once clicked UX: improve messaging so notifications list is far more stable PERF: improve performance of notifcation lookup queries - Add feature "SetTransientHeader" that allows shipping info to server in the next Ajax request - remove local storage hack used for notifications - amend lookupStale to return hydrated objects, move logic into store - stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge) 2016-02-15 03:29:35 -05:00			`describe 'clear_notifications' do`
			`it 'correctly clears notifications if specified via cookie' do`
			`notification = Fabricate(:notification)`
			`log_in_user(notification.user)`

			`request.cookies['cn'] = "2828,100,#{notification.id}"`

			`get :show, {topic_id: 100}`

			`expect(response.cookies['cn']).to eq nil`

			`notification.reload`
			`expect(notification.read).to eq true`

			`end`

			`it 'correctly clears notifications if specified via header' do`
			`notification = Fabricate(:notification)`
			`log_in_user(notification.user)`

			`request.headers['Discourse-Clear-Notifications'] = "2828,100,#{notification.id}"`

			`get :show, {topic_id: 100}`

			`notification.reload`
			`expect(notification.read).to eq true`
			`end`
			`end`

set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`describe "set_locale" do`
			`context "allow_user_locale disabled" do`
			`context "accept-language header differs from default locale" do`
			`before do`
			`SiteSetting.stubs(:allow_user_locale).returns(false)`
			`SiteSetting.stubs(:default_locale).returns("en")`
			`set_accept_language("fr")`
			`end`

			`context "with an anonymous user" do`
			`it "uses the default locale" do`
			`get :show, {topic_id: topic.id}`

			`expect(I18n.locale).to eq(:en)`
			`end`
			`end`

			`context "with a logged in user" do`
			`it "it uses the default locale" do`
			`user = Fabricate(:user, locale: :fr)`
			`log_in_user(user)`

			`get :show, {topic_id: topic.id}`

			`expect(I18n.locale).to eq(:en)`
			`end`
			`end`
			`end`
			`end`

			`context "allow_user_locale enabled" do`
			`context "accept-language header differs from default locale" do`
			`before do`
			`SiteSetting.stubs(:allow_user_locale).returns(true)`
			`SiteSetting.stubs(:default_locale).returns("en")`
			`set_accept_language("fr")`
			`end`
Allow users to toggle interface language in their preferences 2014-02-07 22:24:10 -05:00
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`context "with an anonymous user" do`
			`it "uses the locale from the headers" do`
			`get :show, {topic_id: topic.id}`
Allow users to toggle interface language in their preferences 2014-02-07 22:24:10 -05:00
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`expect(I18n.locale).to eq(:fr)`
			`end`
			`end`
Allow users to toggle interface language in their preferences 2014-02-07 22:24:10 -05:00
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`context "with a logged in user" do`
			`it "uses the user's preferred locale" do`
			`user = Fabricate(:user, locale: :fr)`
			`log_in_user(user)`
Add a site setting to allow users to toggle I18n.locale It is false by default. 2014-02-08 20:35:46 -05:00
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`get :show, {topic_id: topic.id}`
Add a site setting to allow users to toggle I18n.locale It is false by default. 2014-02-08 20:35:46 -05:00
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`expect(I18n.locale).to eq(:fr)`
			`end`
			`end`
			`end`

			`context "the preferred locale includes a region" do`
			`it "returns the locale and region separated by an underscore" do`
			`SiteSetting.stubs(:allow_user_locale).returns(true)`
			`SiteSetting.stubs(:default_locale).returns("en")`
			`set_accept_language("zh-CN")`

			`get :show, {topic_id: topic.id}`

			`expect(I18n.locale).to eq(:zh_CN)`
			`end`
			`end`

			`context 'accept-language header is not set' do`
			`it 'uses the site default locale' do`
			`SiteSetting.stubs(:allow_user_locale).returns(true)`
			`SiteSetting.stubs(:default_locale).returns('en')`
			`set_accept_language('')`
Add a site setting to allow users to toggle I18n.locale It is false by default. 2014-02-08 20:35:46 -05:00
set locale for anonymous from header set locale on signup update spec add locale option 2016-02-06 14:49:39 -05:00			`get :show, {topic_id: topic.id}`

			`expect(I18n.locale).to eq(:en)`
			`end`
			`end`
Add a site setting to allow users to toggle I18n.locale It is false by default. 2014-02-08 20:35:46 -05:00			`end`
Allow users to toggle interface language in their preferences 2014-02-07 22:24:10 -05:00			`end`

Allow ReadOnly to propogate up to the Ember app via Response Header 2015-04-24 14:32:18 -04:00			`describe "read only header" do`
			`it "returns no read only header by default" do`
			`get :show, {topic_id: topic.id}`
			`expect(response.headers['Discourse-Readonly']).to eq(nil)`
			`end`

			`it "returns a readonly header if the site is read only" do`
Allow Postgres to trigger readonly mode for the site. 2015-04-29 11:49:58 -04:00			`Discourse.received_readonly!`
Allow ReadOnly to propogate up to the Ember app via Response Header 2015-04-24 14:32:18 -04:00			`get :show, {topic_id: topic.id}`
			`expect(response.headers['Discourse-Readonly']).to eq('true')`
			`end`
			`end`
remove problem spec that does not work properly in rails 4 mode into application controller and correct it 2013-11-10 18:50:48 -05:00			`end`

FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00			`describe 'api' do`
BUGFIX: missed a key rename BUGFIX: API spec not enabling CSRF 2014-05-22 18:42:58 -04:00
			`before do`
			`ActionController::Base.allow_forgery_protection = true`
			`end`

			`after do`
			`ActionController::Base.allow_forgery_protection = false`
			`end`

basic api support 2013-03-25 21:04:28 -04:00			`describe PostsController do`
			`let(:user) do`
			`Fabricate(:user)`
			`end`

FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00			`let(:post) do`
basic api support 2013-03-25 21:04:28 -04:00			`Fabricate(:post)`
			`end`
FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00
Support for per-user API keys 2013-10-22 15:53:08 -04:00			`let(:api_key) { user.generate_api_key(user) }`
			`let(:master_key) { ApiKey.create_master_key }`

basic api support 2013-03-25 21:04:28 -04:00			`# choosing an arbitrarily easy to mock trusted activity`
			`it 'allows users with api key to bookmark posts' do`
FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00			`PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).once`
Support for per-user API keys 2013-10-22 15:53:08 -04:00			`put :bookmark, bookmarked: "true", post_id: post.id, api_key: api_key.key, format: :json`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to be_success`
Raise an error if a `api_username` is supplied and does not match the key 2013-10-23 11:05:49 -04:00			`end`

			`it 'raises an error with a user key that does not match an optionally specified username' do`
			`PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).never`
			`put :bookmark, bookmarked: "true", post_id: post.id, api_key: api_key.key, api_username: 'made_up', format: :json`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).not_to be_success`
Support for per-user API keys 2013-10-22 15:53:08 -04:00			`end`

			`it 'allows users with a master api key to bookmark posts' do`
			`PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).once`
			`put :bookmark, bookmarked: "true", post_id: post.id, api_key: master_key.key, api_username: user.username, format: :json`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response).to be_success`
basic api support 2013-03-25 21:04:28 -04:00			`end`

			`it 'disallows phonies to bookmark posts' do`
FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00			`PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).never`
Revert "Revert "BUGFIX: improve error messages for invalid API keys"" This reverts commit e9afe28586cd887b92fa86c52db78d543a70e433. 2014-05-22 18:13:25 -04:00			`put :bookmark, bookmarked: "true", post_id: post.id, api_key: SecureRandom.hex(32), api_username: user.username, format: :json`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response.code.to_i).to eq(403)`
basic api support 2013-03-25 21:04:28 -04:00			`end`
FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00
basic api support 2013-03-25 21:04:28 -04:00			`it 'disallows blank api' do`
FIX: [security bug] XHR check bypass 2013-04-29 20:34:19 -04:00			`PostAction.expects(:act).with(user, post, PostActionType.types[:bookmark]).never`
Revert "Revert "BUGFIX: improve error messages for invalid API keys"" This reverts commit e9afe28586cd887b92fa86c52db78d543a70e433. 2014-05-22 18:13:25 -04:00			`put :bookmark, bookmarked: "true", post_id: post.id, api_key: "", api_username: user.username, format: :json`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response.code.to_i).to eq(403)`
basic api support 2013-03-25 21:04:28 -04:00			`end`
			`end`
			`end`