RubyGems - blacklight-spotlight - Versions diffs - 0.30.0 → 0.31.0 - Mend

blacklight-spotlight 0.30.0 → 0.31.0

Files changed (17) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7dd88ac0b2f47a2f72fbbaa0d7395c31ab24a86d
-  data.tar.gz: d15195cc46560c6ac23745bf6a46afd5cde83870
+  metadata.gz: 9129ce334891bf7bc19eda0bd1a59b3431e7914c
+  data.tar.gz: fdf77ce53166788e4b32db54dc9e0b0a2c577010
 SHA512:
-  metadata.gz: b9966f72907df2f6d2e945047ae2d72c37bbba13adbd2cc2df56f39b9eee4fc4df238bc85ad561d5c82f32fc18ddded497033218d81f3daeb7946c089cf15ea8
-  data.tar.gz: 787eafb42229bb8d5504fa7b8a97b46876079bcb348f91e5cfef39f4ce3fb7697270d41fd2aa20c2cd89e0e54a7ba39e723ad5dd8aa5e0e5c7e77d633b07f8ef
+  metadata.gz: 71aff72f8a8e7b63b7cd4d21871b116d9afa35f76113218e296364fe6119a840134932062c315ee0aa969289662639b33c26ce6615224058aa551c9eca4609e9
+  data.tar.gz: 8c72942251aadf9def1efa373cbbf3eb9b97a4454cbf84ac9e5745c78a3522f57b64a93c732b26bc8a5b44ac0ce195178088df6cbc4fe28272e1d77c0561064f

data/app/controllers/spotlight/contact_forms_controller.rb CHANGED

@@ -29,7 +29,7 @@ module Spotlight
     end
     def contact_form_params
-      params.require(:contact_form).permit(:name, :email, :message, :current_url)
+      params.require(:contact_form).permit(:name, :email, Spotlight::Engine.config.spambot_honeypot_email_field, :message, :current_url)
     end
   end
 end

data/app/models/spotlight/contact_form.rb CHANGED

@@ -4,10 +4,17 @@ module Spotlight
   class ContactForm
     include ActiveModel::Model
-    attr_accessor :current_exhibit, :name, :email, :message, :current_url, :request
+    attr_accessor :current_exhibit, :name, :email, Spotlight::Engine.config.spambot_honeypot_email_field, :message, :current_url, :request
     validates :email, format: { with: /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i }
+    # the spambot_honeypot_email_field field is intended to be hidden visually from the user,
+    # in hope that a spam bot filling out the form will enter a value, whereas a human with a
+    # browser wouldn't, allowing us to differentiate and reject likely spam messages.
+    # the field must be present, since we expect real users to just submit the form as-is w/o
+    # hacking what fields are present.
+    validates Spotlight::Engine.config.spambot_honeypot_email_field, length: { is: 0 }
     def headers
       {
         to: to,

data/app/views/spotlight/contact_forms/new.html.erb CHANGED

@@ -3,7 +3,12 @@
   <h1 class="page-title"><%= t(:'.header') %></h1>
   <div class="row">
     <%= f.text_field :name %>
-    <%= f.text_field :email %>
+    <span style="display:none;visibility:hidden;">
+      <% honeypot_field_name = Spotlight::Engine.config.spambot_honeypot_email_field %>
+      <%= label_tag(honeypot_field_name, t(:'.honeypot_field_explanation')) %><br/>
+      <%= f.email_field honeypot_field_name %>
+    </span>
+    <%= f.email_field :email %>
     <%= f.text_area :message, rows: 7 %>
     <%= f.hidden_field :current_url %>
     <div class="form-actions">

data/app/views/spotlight/shared/_report_a_problem.html.erb CHANGED

@@ -6,7 +6,12 @@
     <h2><%= t(:'.title') %></h2>
     <%= f.text_field :name %>
-    <%= f.text_field :email %>
+    <span style="display:none;visibility:hidden;">
+      <% honeypot_field_name = Spotlight::Engine.config.spambot_honeypot_email_field %>
+      <%= label_tag(honeypot_field_name, t(:'.honeypot_field_explanation')) %><br/>
+      <%= f.email_field honeypot_field_name %>
+    </span>
+    <%= f.email_field :email %>
     <%= f.text_area :message, rows: 7 %>
     <%= f.hidden_field :current_url %>
     <div class="form-actions">

data/app/views/spotlight/sir_trevor/blocks/_list_block.html.erb CHANGED

@@ -1,3 +1,11 @@
 <div class="st__content-block st__content-block--list">
-	<%= sir_trevor_markdown list_block.text %>
+  <% if list_block.format == :html %>
+    <ul>
+      <% list_block.listItems.each do |item| %>
+        <li><%= sir_trevor_format item[:content], format: list_block.format %></li>
+      <% end %>
+    </ul>
+  <% else %>
+    <%= sir_trevor_markdown list_block.text %>
+  <% end %>
 </div>

data/app/views/spotlight/sir_trevor/blocks/_quote_block.html.erb CHANGED

@@ -1,13 +1,19 @@
 <div class="st__content-block st__content-block--quote">
   <div class="quote">
-    <div class="quote__content">
-    	<%= sir_trevor_markdown quote_block.text %>
-    </div>
-    <% if quote_block.cite.present? %>
-      <div class="quote__cite">
-        <cite class="quote__cite-text">&ndash; <%= quote_block.cite %></cite>
+    <blockquote>
+      <div class="quote__content">
+        <% if quote_block.format == :html %>
+            <%= sir_trevor_format quote_block.text, format: quote_block.format %>
+        <% else %>
+          <%= sir_trevor_markdown quote_block.text %>
+        <% end %>
       </div>
-    <% end %>
+      <% if quote_block.cite.present? %>
+        <div class="quote__cite">
+          <cite class="quote__cite-text">&ndash; <%= quote_block.cite %></cite>
+        </div>
+      <% end %>
+    </blockquote>
   </div>
 </div>

data/app/views/spotlight/sir_trevor/blocks/_text_block.html.erb CHANGED

@@ -1,3 +1,4 @@
 <div class="st__content-block st__content-block--text">
-	<%= sir_trevor_markdown text_block.text %>
+  <%# We prefer the GitHub markup here. %>
+  <%= sir_trevor_markdown text_block.text %>
 </div>

data/config/locales/spotlight.en.yml CHANGED

@@ -172,6 +172,7 @@ en:
     contact_forms:
       new:
         header: "Feedback"
+        honeypot_field_explanation: 'Ignore this text box. It is used to detect spammers. If you enter anything into this text box, your message will not be sent.'
     curation:
       sidebar:
         header: Curation
@@ -650,6 +651,7 @@ en:
     shared:
       report_a_problem:
         title: Contact Us
+        honeypot_field_explanation: 'Ignore this text box. It is used to detect spammers. If you enter anything into this text box, your message will not be sent.'
     indexing_complete_mailer:
       documents_indexed:
         title: "Your CSV file has just finished being processed."

data/lib/spotlight/engine.rb CHANGED

@@ -15,6 +15,7 @@ require 'clipboard/rails'
 module Spotlight
   ##
   # Spotlight::Engine
+  # rubocop:disable ClassLength
   class Engine < ::Rails::Engine
     isolate_namespace Spotlight
     # Breadcrumbs on rails must be required outside of an initializer or it doesn't get loaded.
@@ -172,6 +173,8 @@ module Spotlight
     # default email address to send "Report a Problem" feedback to (in addition to any exhibit-specific contacts)
     config.default_contact_email = nil
+    config.spambot_honeypot_email_field = :email_address
     initializer 'blacklight.configuration' do
       # Field containing the last modified date for a Solr document
       Blacklight::Configuration.default_values[:index].timestamp_field ||= 'timestamp'

data/lib/spotlight/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Spotlight
-  VERSION = '0.30.0'.freeze
+  VERSION = '0.31.0'.freeze
 end

data/spec/controllers/spotlight/contact_forms_controller_spec.rb CHANGED

@@ -1,6 +1,8 @@
 describe Spotlight::ContactFormsController, type: :controller do
   routes { Spotlight::Engine.routes }
   let(:exhibit) { FactoryGirl.create(:exhibit) }
+  let(:honeypot_field_name) { Spotlight::Engine.config.spambot_honeypot_email_field }
   before do
     request.env['HTTP_REFERER'] = 'http://example.com'
     exhibit.contact_emails_attributes = [{ 'email' => 'test@example.com' }, { 'email' => 'test2@example.com' }]
@@ -16,15 +18,15 @@ describe Spotlight::ContactFormsController, type: :controller do
   describe 'POST create' do
     it 'sends an email' do
       expect do
-        post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com' } }
+        post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com', honeypot_field_name => '' } }
       end.to change { ActionMailer::Base.deliveries.count }.by(1)
     end
     it 'redirects back' do
-      post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com' } }
+      post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com', honeypot_field_name => '' } }
       expect(response).to redirect_to 'http://example.com'
     end
     it 'sets a flash message' do
-      post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com' } }
+      post :create, params: { exhibit_id: exhibit.id, contact_form: { name: 'Joe Doe', email: 'jdoe@example.com', honeypot_field_name => '' } }
       expect(flash[:notice]).to eq 'Thanks. Your feedback has been sent.'
     end
   end

data/spec/features/javascript/home_page_edit_spec.rb CHANGED

@@ -10,4 +10,23 @@ feature 'Editing the Home Page', js: true do
     expect(page).to have_css("[data-type='solr_documents']", visible: true)
     expect(page).not_to have_css("[data-type='search_results']", visible: true)
   end
+  it 'correctly saves a list widget' do
+    visit spotlight.edit_exhibit_home_page_path(exhibit)
+    click_add_widget
+    expect(page).to have_css('button.st-block-controls__button')
+    find("button[data-type='list']").click
+    expect(page).to have_css('ul.st-list-block__list')
+    expect(page).to have_css('li.st-list-block__item')
+    expect(page).to have_css('*[contenteditable=true]')
+    expect(page).to have_css('div.st-list-block__editor[contenteditable=true]', count: 1)
+    first_element = page.all('div.st-list-block__editor[contenteditable=true]').first
+    first_element.set('one')
+    click_button 'Save changes'
+    expect(page).to have_css('div.st__content-block--list ul li', count: 1)
+    expect(page).to have_css('div.st__content-block--list ul li', text: 'on')
+  end
 end

data/spec/features/report_a_problem_spec.rb CHANGED

@@ -1,5 +1,7 @@
 describe 'Report a Problem', type: :feature do
   let!(:exhibit) { FactoryGirl.create(:exhibit) }
+  let(:honeypot_field_name) { Spotlight::Engine.config.spambot_honeypot_email_field }
   it 'does not have a header link' do
     visit root_path
     expect(page).to_not have_content 'Feedback'
@@ -30,5 +32,19 @@ describe 'Report a Problem', type: :feature do
         click_on 'Send'
       end.to change { ActionMailer::Base.deliveries.count }.by(1)
     end
+    it 'rejects a spammy looking problem report', js: true do
+      visit spotlight.exhibit_solr_document_path(exhibit, id: 'dq287tq6352')
+      click_on 'Feedback'
+      expect(find('#contact_form_current_url', visible: false).value).to end_with spotlight.exhibit_solr_document_path(exhibit, id: 'dq287tq6352')
+      fill_in 'Name', with: 'Some Body'
+      fill_in 'Email', with: 'test@example.com'
+      page.find("#contact_form_#{honeypot_field_name}", visible: false).set 'possible_spam@spam.com'
+      fill_in 'Message', with: 'This is my problem report'
+      expect do
+        click_on 'Send'
+      end.not_to change { ActionMailer::Base.deliveries.count }
+    end
   end
 end

data/spec/models/spotlight/contact_form_spec.rb CHANGED

@@ -1,6 +1,7 @@
 describe Spotlight::ContactForm do
   subject { described_class.new(name: 'Root', email: 'user@example.com').tap { |c| c.current_exhibit = exhibit } }
   let(:exhibit) { FactoryGirl.create(:exhibit) }
+  let(:honeypot_field_name) { Spotlight::Engine.config.spambot_honeypot_email_field }
   context 'with a site-wide contact email' do
     before { allow(Spotlight::Engine.config).to receive_messages default_contact_email: 'root@localhost' }
@@ -30,4 +31,28 @@ describe Spotlight::ContactForm do
       expect(subject.headers[:cc]).to eq 'curator@example.com, addl_curator@example.com'
     end
   end
+  context 'when validating feedback submission fields' do
+    it 'allows submissions that set a valid email address' do
+      subject.email = 'user@legitimatebusinesspersonssocialclub.biz'
+      subject.send("#{honeypot_field_name}=", '')
+      expect(subject).to be_valid
+    end
+    it 'rejects submissions that set an invalid email address' do
+      subject.email = 'user'
+      subject.send("#{honeypot_field_name}=", '')
+      expect(subject).to_not be_valid
+    end
+    it 'allows submissions that leave the spammer honeypot field blank' do
+      subject.send("#{honeypot_field_name}=", '')
+      expect(subject).to be_valid
+    end
+    it 'rejects submissions that set the spammer honeypot field' do
+      subject.send("#{honeypot_field_name}=", 'spam@spam.com')
+      expect(subject).to_not be_valid
+    end
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: blacklight-spotlight
 version: !ruby/object:Gem::Version
-  version: 0.30.0
+  version: 0.31.0
 platform: ruby
 authors:
 - Chris Beer
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-08 00:00:00.000000000 Z
+date: 2017-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -1065,7 +1065,6 @@ files:
 - app/views/spotlight/sir_trevor/blocks/_solr_documents_features_block.html.erb
 - app/views/spotlight/sir_trevor/blocks/_solr_documents_grid_block.html.erb
 - app/views/spotlight/sir_trevor/blocks/_text_block.html.erb
-- app/views/spotlight/sir_trevor/blocks/_tweet_block.html.erb
 - app/views/spotlight/sir_trevor/blocks/_uploaded_items_block.html.erb
 - app/views/spotlight/sir_trevor/blocks/videos/_vimeo.html.erb
 - app/views/spotlight/sir_trevor/blocks/videos/_youtube.html.erb

data/app/views/spotlight/sir_trevor/blocks/_tweet_block.html.erb DELETED

@@ -1,9 +0,0 @@
-<div class="st__content-block st__content-block--tweet">
-  <%= link_to image_tag(tweet_block.profile_image_url, class: 'img'), tweet_block.screen_name %>
-  <p>
-    <%= tweet_block.render_tweet_body %>
-  </p>
-  <cite>From <%= link_to tweet_block.at_name, tweet_block.screen_name %> on Twitter:</cite>
-  <time datetime="<%= tweet_block.created_at %>">(<%= link_to Time.parse(tweet_block.created_at), tweet_block.status_url %>)</time>
-</div>