SECURITY: banner-info (#17071)
This commit is contained in:
parent
6650218e3d
commit
ae6a907943
|
@ -676,6 +676,7 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
def banner_json
|
||||
json = ApplicationController.banner_json_cache["json"]
|
||||
return "{}" if !current_user && SiteSetting.login_required?
|
||||
|
||||
unless json
|
||||
topic = Topic.where(archetype: Archetype.banner).first
|
||||
|
|
|
@ -1002,4 +1002,53 @@ RSpec.describe ApplicationController do
|
|||
expect(response.status).to eq(200)
|
||||
end
|
||||
end
|
||||
|
||||
describe "#banner_json" do
|
||||
let(:admin) { Fabricate(:admin) }
|
||||
let(:user) { Fabricate(:user) }
|
||||
fab!(:banner_topic) { Fabricate(:banner_topic) }
|
||||
fab!(:p1) { Fabricate(:post, topic: banner_topic, raw: "A banner topic") }
|
||||
|
||||
before do
|
||||
admin # to skip welcome wizard at home page `/`
|
||||
end
|
||||
|
||||
context "login_required" do
|
||||
before do
|
||||
SiteSetting.login_required = true
|
||||
end
|
||||
it "does not include banner info for anonymous users" do
|
||||
get "/login"
|
||||
|
||||
expect(response.body).to have_tag("div#data-preloaded") do |element|
|
||||
json = JSON.parse(element.current_scope.attribute('data-preloaded').value)
|
||||
expect(json['banner']).to eq("{}")
|
||||
end
|
||||
end
|
||||
|
||||
it "includes banner info for logged-in users" do
|
||||
sign_in(user)
|
||||
get "/"
|
||||
|
||||
expect(response.body).to have_tag("div#data-preloaded") do |element|
|
||||
json = JSON.parse(element.current_scope.attribute('data-preloaded').value)
|
||||
expect(JSON.parse(json['banner'])["html"]).to eq("<p>A banner topic</p>")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context "login not required" do
|
||||
before do
|
||||
SiteSetting.login_required = false
|
||||
end
|
||||
it "does include banner info for anonymous users" do
|
||||
get "/login"
|
||||
|
||||
expect(response.body).to have_tag("div#data-preloaded") do |element|
|
||||
json = JSON.parse(element.current_scope.attribute('data-preloaded').value)
|
||||
expect(JSON.parse(json['banner'])["html"]).to eq("<p>A banner topic</p>")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue