blacklight-spotlight 0.30.0 → 0.31.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/spotlight/contact_forms_controller.rb +1 -1
- data/app/models/spotlight/contact_form.rb +8 -1
- data/app/views/spotlight/contact_forms/new.html.erb +6 -1
- data/app/views/spotlight/shared/_report_a_problem.html.erb +6 -1
- data/app/views/spotlight/sir_trevor/blocks/_list_block.html.erb +9 -1
- data/app/views/spotlight/sir_trevor/blocks/_quote_block.html.erb +14 -8
- data/app/views/spotlight/sir_trevor/blocks/_text_block.html.erb +2 -1
- data/config/locales/spotlight.en.yml +2 -0
- data/lib/spotlight/engine.rb +3 -0
- data/lib/spotlight/version.rb +1 -1
- data/spec/controllers/spotlight/contact_forms_controller_spec.rb +5 -3
- data/spec/features/javascript/home_page_edit_spec.rb +19 -0
- data/spec/features/report_a_problem_spec.rb +16 -0
- data/spec/models/spotlight/contact_form_spec.rb +25 -0
- metadata +2 -3
- data/app/views/spotlight/sir_trevor/blocks/_tweet_block.html.erb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9129ce334891bf7bc19eda0bd1a59b3431e7914c
|
4
|
+
data.tar.gz: fdf77ce53166788e4b32db54dc9e0b0a2c577010
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 71aff72f8a8e7b63b7cd4d21871b116d9afa35f76113218e296364fe6119a840134932062c315ee0aa969289662639b33c26ce6615224058aa551c9eca4609e9
|
7
|
+
data.tar.gz: 8c72942251aadf9def1efa373cbbf3eb9b97a4454cbf84ac9e5745c78a3522f57b64a93c732b26bc8a5b44ac0ce195178088df6cbc4fe28272e1d77c0561064f
|
@@ -29,7 +29,7 @@ module Spotlight
|
|
29
29
|
end
|
30
30
|
|
31
31
|
def contact_form_params
|
32
|
-
params.require(:contact_form).permit(:name, :email, :message, :current_url)
|
32
|
+
params.require(:contact_form).permit(:name, :email, Spotlight::Engine.config.spambot_honeypot_email_field, :message, :current_url)
|
33
33
|
end
|
34
34
|
end
|
35
35
|
end
|
@@ -4,10 +4,17 @@ module Spotlight
|
|
4
4
|
class ContactForm
|
5
5
|
include ActiveModel::Model
|
6
6
|
|
7
|
-
attr_accessor :current_exhibit, :name, :email, :message, :current_url, :request
|
7
|
+
attr_accessor :current_exhibit, :name, :email, Spotlight::Engine.config.spambot_honeypot_email_field, :message, :current_url, :request
|
8
8
|
|
9
9
|
validates :email, format: { with: /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i }
|
10
10
|
|
11
|
+
# the spambot_honeypot_email_field field is intended to be hidden visually from the user,
|
12
|
+
# in hope that a spam bot filling out the form will enter a value, whereas a human with a
|
13
|
+
# browser wouldn't, allowing us to differentiate and reject likely spam messages.
|
14
|
+
# the field must be present, since we expect real users to just submit the form as-is w/o
|
15
|
+
# hacking what fields are present.
|
16
|
+
validates Spotlight::Engine.config.spambot_honeypot_email_field, length: { is: 0 }
|
17
|
+
|
11
18
|
def headers
|
12
19
|
{
|
13
20
|
to: to,
|
@@ -3,7 +3,12 @@
|
|
3
3
|
<h1 class="page-title"><%= t(:'.header') %></h1>
|
4
4
|
<div class="row">
|
5
5
|
<%= f.text_field :name %>
|
6
|
-
|
6
|
+
<span style="display:none;visibility:hidden;">
|
7
|
+
<% honeypot_field_name = Spotlight::Engine.config.spambot_honeypot_email_field %>
|
8
|
+
<%= label_tag(honeypot_field_name, t(:'.honeypot_field_explanation')) %><br/>
|
9
|
+
<%= f.email_field honeypot_field_name %>
|
10
|
+
</span>
|
11
|
+
<%= f.email_field :email %>
|
7
12
|
<%= f.text_area :message, rows: 7 %>
|
8
13
|
<%= f.hidden_field :current_url %>
|
9
14
|
<div class="form-actions">
|
@@ -6,7 +6,12 @@
|
|
6
6
|
|
7
7
|
<h2><%= t(:'.title') %></h2>
|
8
8
|
<%= f.text_field :name %>
|
9
|
-
|
9
|
+
<span style="display:none;visibility:hidden;">
|
10
|
+
<% honeypot_field_name = Spotlight::Engine.config.spambot_honeypot_email_field %>
|
11
|
+
<%= label_tag(honeypot_field_name, t(:'.honeypot_field_explanation')) %><br/>
|
12
|
+
<%= f.email_field honeypot_field_name %>
|
13
|
+
</span>
|
14
|
+
<%= f.email_field :email %>
|
10
15
|
<%= f.text_area :message, rows: 7 %>
|
11
16
|
<%= f.hidden_field :current_url %>
|
12
17
|
<div class="form-actions">
|
@@ -1,3 +1,11 @@
|
|
1
1
|
<div class="st__content-block st__content-block--list">
|
2
|
-
|
2
|
+
<% if list_block.format == :html %>
|
3
|
+
<ul>
|
4
|
+
<% list_block.listItems.each do |item| %>
|
5
|
+
<li><%= sir_trevor_format item[:content], format: list_block.format %></li>
|
6
|
+
<% end %>
|
7
|
+
</ul>
|
8
|
+
<% else %>
|
9
|
+
<%= sir_trevor_markdown list_block.text %>
|
10
|
+
<% end %>
|
3
11
|
</div>
|
@@ -1,13 +1,19 @@
|
|
1
1
|
<div class="st__content-block st__content-block--quote">
|
2
2
|
<div class="quote">
|
3
|
-
<
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
3
|
+
<blockquote>
|
4
|
+
<div class="quote__content">
|
5
|
+
<% if quote_block.format == :html %>
|
6
|
+
<%= sir_trevor_format quote_block.text, format: quote_block.format %>
|
7
|
+
<% else %>
|
8
|
+
<%= sir_trevor_markdown quote_block.text %>
|
9
|
+
<% end %>
|
10
10
|
</div>
|
11
|
-
|
11
|
+
|
12
|
+
<% if quote_block.cite.present? %>
|
13
|
+
<div class="quote__cite">
|
14
|
+
<cite class="quote__cite-text">– <%= quote_block.cite %></cite>
|
15
|
+
</div>
|
16
|
+
<% end %>
|
17
|
+
</blockquote>
|
12
18
|
</div>
|
13
19
|
</div>
|
@@ -172,6 +172,7 @@ en:
|
|
172
172
|
contact_forms:
|
173
173
|
new:
|
174
174
|
header: "Feedback"
|
175
|
+
honeypot_field_explanation: 'Ignore this text box. It is used to detect spammers. If you enter anything into this text box, your message will not be sent.'
|
175
176
|
curation:
|
176
177
|
sidebar:
|
177
178
|
header: Curation
|
@@ -650,6 +651,7 @@ en:
|
|
650
651
|
shared:
|
651
652
|
report_a_problem:
|
652
653
|
title: Contact Us
|
654
|
+
honeypot_field_explanation: 'Ignore this text box. It is used to detect spammers. If you enter anything into this text box, your message will not be sent.'
|
653
655
|
indexing_complete_mailer:
|
654
656
|
documents_indexed:
|
655
657
|
title: "Your CSV file has just finished being processed."
|
data/lib/spotlight/engine.rb
CHANGED
@@ -15,6 +15,7 @@ require 'clipboard/rails'
|
|
15
15
|
module Spotlight
|
16
16
|
##
|
17
17
|
# Spotlight::Engine
|
18
|
+
# rubocop:disable ClassLength
|
18
19
|
class Engine < ::Rails::Engine
|
19
20
|
isolate_namespace Spotlight
|
20
21
|
# Breadcrumbs on rails must be required outside of an initializer or it doesn't get loaded.
|
@@ -172,6 +173,8 @@ module Spotlight
|
|
172
173
|
# default email address to send "Report a Problem" feedback to (in addition to any exhibit-specific contacts)
|
173
174
|
config.default_contact_email = nil
|
174
175
|
|
176
|
+
config.spambot_honeypot_email_field = :email_address
|
177
|
+
|
175
178
|
initializer 'blacklight.configuration' do
|
176
179
|
# Field containing the last modified date for a Solr document
|
177
180
|
Blacklight::Configuration.default_values[:index].timestamp_field ||= 'timestamp'
|
data/lib/spotlight/version.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
describe Spotlight::ContactFormsController, type: :controller do
|
2
2
|
routes { Spotlight::Engine.routes }
|
3
3
|
let(:exhibit) { FactoryGirl.create(:exhibit) }
|
4
|
+
let(:honeypot_field_name) { Spotlight::Engine.config.spambot_honeypot_email_field }
|
5
|
+
|
4
6
|
before do
|
5
7
|
request.env['HTTP_REFERER'] = 'http://example.com'
|
6
8
|
exhibit.contact_emails_attributes = [{ 'email' => 'test@example.com' }, { 'email' => 'test2@example.com' }]
|
@@ -16,15 +18,15 @@ describe Spotlight::ContactFormsController, type: :controller do
|
|
16
18
|
describe 'POST create' do
|
17
19
|
it 'sends an email' do
|
18
20
|
expect do
|
19
|
-
post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com' } }
|
21
|
+
post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com', honeypot_field_name => '' } }
|
20
22
|
end.to change { ActionMailer::Base.deliveries.count }.by(1)
|
21
23
|
end
|
22
24
|
it 'redirects back' do
|
23
|
-
post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com' } }
|
25
|
+
post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com', honeypot_field_name => '' } }
|
24
26
|
expect(response).to redirect_to 'http://example.com'
|
25
27
|
end
|
26
28
|
it 'sets a flash message' do
|
27
|
-
post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com' } }
|
29
|
+
post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com', honeypot_field_name => '' } }
|
28
30
|
expect(flash[:notice]).to eq 'Thanks. Your feedback has been sent.'
|
29
31
|
end
|
30
32
|
end
|
@@ -10,4 +10,23 @@ feature 'Editing the Home Page', js: true do
|
|
10
10
|
expect(page).to have_css("[data-type='solr_documents']", visible: true)
|
11
11
|
expect(page).not_to have_css("[data-type='search_results']", visible: true)
|
12
12
|
end
|
13
|
+
|
14
|
+
it 'correctly saves a list widget' do
|
15
|
+
visit spotlight.edit_exhibit_home_page_path(exhibit)
|
16
|
+
click_add_widget
|
17
|
+
expect(page).to have_css('button.st-block-controls__button')
|
18
|
+
|
19
|
+
find("button[data-type='list']").click
|
20
|
+
expect(page).to have_css('ul.st-list-block__list')
|
21
|
+
expect(page).to have_css('li.st-list-block__item')
|
22
|
+
expect(page).to have_css('*[contenteditable=true]')
|
23
|
+
expect(page).to have_css('div.st-list-block__editor[contenteditable=true]', count: 1)
|
24
|
+
|
25
|
+
first_element = page.all('div.st-list-block__editor[contenteditable=true]').first
|
26
|
+
first_element.set('one')
|
27
|
+
|
28
|
+
click_button 'Save changes'
|
29
|
+
expect(page).to have_css('div.st__content-block--list ul li', count: 1)
|
30
|
+
expect(page).to have_css('div.st__content-block--list ul li', text: 'on')
|
31
|
+
end
|
13
32
|
end
|
@@ -1,5 +1,7 @@
|
|
1
1
|
describe 'Report a Problem', type: :feature do
|
2
2
|
let!(:exhibit) { FactoryGirl.create(:exhibit) }
|
3
|
+
let(:honeypot_field_name) { Spotlight::Engine.config.spambot_honeypot_email_field }
|
4
|
+
|
3
5
|
it 'does not have a header link' do
|
4
6
|
visit root_path
|
5
7
|
expect(page).to_not have_content 'Feedback'
|
@@ -30,5 +32,19 @@ describe 'Report a Problem', type: :feature do
|
|
30
32
|
click_on 'Send'
|
31
33
|
end.to change { ActionMailer::Base.deliveries.count }.by(1)
|
32
34
|
end
|
35
|
+
|
36
|
+
it 'rejects a spammy looking problem report', js: true do
|
37
|
+
visit spotlight.exhibit_solr_document_path(exhibit, id: 'dq287tq6352')
|
38
|
+
click_on 'Feedback'
|
39
|
+
expect(find('#contact_form_current_url', visible: false).value).to end_with spotlight.exhibit_solr_document_path(exhibit, id: 'dq287tq6352')
|
40
|
+
fill_in 'Name', with: 'Some Body'
|
41
|
+
fill_in 'Email', with: 'test@example.com'
|
42
|
+
page.find("#contact_form_#{honeypot_field_name}", visible: false).set 'possible_spam@spam.com'
|
43
|
+
fill_in 'Message', with: 'This is my problem report'
|
44
|
+
|
45
|
+
expect do
|
46
|
+
click_on 'Send'
|
47
|
+
end.not_to change { ActionMailer::Base.deliveries.count }
|
48
|
+
end
|
33
49
|
end
|
34
50
|
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
describe Spotlight::ContactForm do
|
2
2
|
subject { described_class.new(name: 'Root', email: 'user@example.com').tap { |c| c.current_exhibit = exhibit } }
|
3
3
|
let(:exhibit) { FactoryGirl.create(:exhibit) }
|
4
|
+
let(:honeypot_field_name) { Spotlight::Engine.config.spambot_honeypot_email_field }
|
4
5
|
|
5
6
|
context 'with a site-wide contact email' do
|
6
7
|
before { allow(Spotlight::Engine.config).to receive_messages default_contact_email: 'root@localhost' }
|
@@ -30,4 +31,28 @@ describe Spotlight::ContactForm do
|
|
30
31
|
expect(subject.headers[:cc]).to eq 'curator@example.com, addl_curator@example.com'
|
31
32
|
end
|
32
33
|
end
|
34
|
+
|
35
|
+
context 'when validating feedback submission fields' do
|
36
|
+
it 'allows submissions that set a valid email address' do
|
37
|
+
subject.email = 'user@legitimatebusinesspersonssocialclub.biz'
|
38
|
+
subject.send("#{honeypot_field_name}=", '')
|
39
|
+
expect(subject).to be_valid
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'rejects submissions that set an invalid email address' do
|
43
|
+
subject.email = 'user'
|
44
|
+
subject.send("#{honeypot_field_name}=", '')
|
45
|
+
expect(subject).to_not be_valid
|
46
|
+
end
|
47
|
+
|
48
|
+
it 'allows submissions that leave the spammer honeypot field blank' do
|
49
|
+
subject.send("#{honeypot_field_name}=", '')
|
50
|
+
expect(subject).to be_valid
|
51
|
+
end
|
52
|
+
|
53
|
+
it 'rejects submissions that set the spammer honeypot field' do
|
54
|
+
subject.send("#{honeypot_field_name}=", 'spam@spam.com')
|
55
|
+
expect(subject).to_not be_valid
|
56
|
+
end
|
57
|
+
end
|
33
58
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: blacklight-spotlight
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.31.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Beer
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2017-01-09 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: rails
|
@@ -1065,7 +1065,6 @@ files:
|
|
1065
1065
|
- app/views/spotlight/sir_trevor/blocks/_solr_documents_features_block.html.erb
|
1066
1066
|
- app/views/spotlight/sir_trevor/blocks/_solr_documents_grid_block.html.erb
|
1067
1067
|
- app/views/spotlight/sir_trevor/blocks/_text_block.html.erb
|
1068
|
-
- app/views/spotlight/sir_trevor/blocks/_tweet_block.html.erb
|
1069
1068
|
- app/views/spotlight/sir_trevor/blocks/_uploaded_items_block.html.erb
|
1070
1069
|
- app/views/spotlight/sir_trevor/blocks/videos/_vimeo.html.erb
|
1071
1070
|
- app/views/spotlight/sir_trevor/blocks/videos/_youtube.html.erb
|
@@ -1,9 +0,0 @@
|
|
1
|
-
<div class="st__content-block st__content-block--tweet">
|
2
|
-
<%= link_to image_tag(tweet_block.profile_image_url, class: 'img'), tweet_block.screen_name %>
|
3
|
-
<p>
|
4
|
-
<%= tweet_block.render_tweet_body %>
|
5
|
-
</p>
|
6
|
-
<cite>From <%= link_to tweet_block.at_name, tweet_block.screen_name %> on Twitter:</cite>
|
7
|
-
<time datetime="<%= tweet_block.created_at %>">(<%= link_to Time.parse(tweet_block.created_at), tweet_block.status_url %>)</time>
|
8
|
-
</div>
|
9
|
-
|