landable 1.7.0

data/doc/schema/theme.json

@@ -0,0 +1,37 @@
+{
+  "title": "Theme",
+  "description": "A landable theme contains a Liquid template which can be used as a layout wrapping its pages' bodies",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["id", "name", "description", "body"],
+
+  "properties": {
+    "id": {
+      "$ref": "uuid.json"
+    },
+
+    "name": {
+      "type": "string",
+      "minLength": 1
+    },
+
+    "description": {
+      "type": "string",
+      "minLength": 1
+    },
+
+    "body": {
+      "type": ["string", "null"],
+      "minLength": 0
+    },
+
+    "thumbnail_url": {
+      "type": ["string", "null"],
+      "minLength": 0
+    },
+
+    "editable": {
+      "type": "boolean"
+    }
+  }
+}

data/doc/schema/uuid.json

@@ -0,0 +1,6 @@
+{
+  "title": "UUID",
+  "description": "Unique identifier type used for all exposed resources",
+  "type": "string",
+  "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$"
+}

data/features/api/access_tokens.feature

@@ -0,0 +1,84 @@
+@api @no-api-auth
+Feature: Access Tokens API
+
+  Scenario: Responding with a fresh access token
+    Given an author "someone"
+    And   "someone" has an unexpired access token
+    When I POST to "/api/access_tokens" with:
+      """
+      { "access_token": { "username": "someone", "password": "anything" } }
+      """
+    Then the response status should be 201 "Created"
+    And  there should be 2 access tokens in the database
+
+  Scenario: Invalid username or password
+    When I POST to "/api/access_tokens" with:
+      """
+      { "access_token": { "username": "anything", "password": "fail" } }
+      """
+    Then the response status should be 401 "Not Authorized"
+    And  the response body should be empty
+
+  Scenario: Creating an author if none yet exists
+    Given there are no authors in the database
+    When I POST to "/api/access_tokens" with:
+      """
+      { "access_token": { "username": "someone", "password": "anything" } }
+      """
+    Then an author "someone" should exist
+    And  the author "someone" should have 1 access token
+
+  Scenario: Reusing a pre-existing author record
+    Given an author "someone"
+    When I POST to "/api/access_tokens" with:
+      """
+      { "access_token": { "username": "someone", "password": "anything" } }
+      """
+    Then there should be 1 author in the database
+    And  the author "someone" should have 1 access token
+
+  Scenario: Retrieving my own fresh token
+    Given my API requests include a valid access token
+    When  I GET "/api/access_tokens/{{@current_access_token.id}}"
+    Then  the response status should be 200 "OK"
+
+  Scenario: Retrieving my expired token (while authenticating with a fresh one)
+    Given my API requests include a valid access token
+    And   I also have an older, expired access token
+    When  I GET "/api/access_tokens/{{@expired_access_token.id}}"
+    Then  the response status should be 404 "Not Found"
+
+  Scenario: Retrieving someone else's token
+    Given my API requests include a valid access token
+    And   there is another author's access token in the database
+    When  I GET "/api/access_tokens/{{@foreign_access_token.id}}"
+    Then  the response status should be 404 "Not Found"
+
+  Scenario: Refreshing an active token
+    Given my API requests include a valid access token
+    But my access token will expire in 2 minutes
+    When I PUT to "/api/access_tokens/{{@current_access_token.id}}"
+    Then my access token should not expire for at least 2 hours
+
+  Scenario: Refreshing an expired token
+    Given my API requests include a valid access token
+    But my access token expired 2 minutes ago
+    When I PUT to "/api/access_tokens/{{@current_access_token.id}}"
+    Then the response status should be 401 "Not Authorized"
+
+  Scenario: Deleting your own access token
+    Given my API requests include a valid access token
+    When I DELETE "/api/access_tokens/{{@current_access_token.id}}"
+    Then the response status should be 204 "No Content"
+    And  there should be 0 access tokens in the database
+
+  Scenario: Deleting someone else's access token
+    Given my API requests include a valid access token
+    And there is another author's access token in the database
+    When I DELETE "/api/access_tokens/{{@foreign_access_token.id}}"
+    Then the response status should be 401 "Not Authorized"
+
+  Scenario: Deleting a non-existent token is 401, not 404
+    Given my API requests include a valid access token
+    When I DELETE "/api/access_tokens/{{random_uuid}}"
+    Then the response status should be 401 "Not Authorized"

data/features/api/assets.feature

@@ -0,0 +1,46 @@
+@api
+Feature: Asset management API
+
+  @no-api-auth @allow-rescue
+  Scenario Outline: Authentication required
+    When I <verb> "<path>"
+    Then the response should be 401 "Not Authorized"
+    When I repeat the request with a valid access token
+    Then the response should not be 401 "Not Authorized"
+
+    Examples:
+      | verb   | path                   |
+      | GET    | /api/assets            |
+      | GET    | /api/assets/1          |
+      | POST   | /api/assets            |
+
+  Scenario: Getting all assets
+    Given 3 assets
+    When  I GET "/api/assets"
+    Then  the response should contain 3 "assets"
+
+  Scenario: Getting multiple assets by ID
+    Given 3 assets
+    When  I GET "/api/assets?ids[]={{@assets[0].id}}&ids[]={{@assets[1].id}}"
+    Then  the response should contain 2 "assets"
+
+  Scenario: Searching by asset name
+    Given 2 assets named "panda" and "disclaimer"
+    When  I GET "/api/assets?search[name]=p"
+    Then  the response should contain 1 "assets"
+    And   the JSON at "assets/0/name" should be "panda"
+
+  Scenario: Uploading a new asset
+    When I POST an asset to "/api/assets"
+    Then the response should be 201 "Created"
+    And  the response should contain an "asset"
+    When I follow the "Location" header
+    Then the response should contain the same "asset"
+
+  Scenario: Uploading a pre-existing asset, based on SHA
+    Given an asset
+    When  I POST that asset to "/api/assets" again
+    Then  the response should be 301 "Moved Permanently"
+    And   the response body should be empty
+    When  I follow the "Location" header
+    Then  the response should contain the original "asset"

data/features/api/cors.feature

@@ -0,0 +1,25 @@
+@allow-rescue
+Feature: Cross-Origin Support
+
+  Scenario Outline: Only supported from declared origins, within the API namespace
+    When I request CORS from "<path>" with:
+      | origin   | method   |
+      | <origin> | <method> |
+    Then the response should be <code>
+
+    Examples:
+      | path       | origin               | method | code            |
+      | /priority  | http://cors.test     | PUT    | 404 "Not Found" |
+      | /api/pages | http://cors.test     | PUT    | 200 "OK"        |
+      | /api/pages | http://anything.else | PUT    | 404 "Not Found" |
+
+  Scenario: Response headers to successful CORS OPTIONS requests
+    When I request CORS from "/api/pages" with:
+      | origin           | method |
+      | http://cors.test | PUT    |
+    Then the response should be 200 "OK"
+    And  the response headers should include:
+      | header                       | value                         |
+      | Access-Control-Allow-Origin  | http://cors.test              |
+      | Access-Control-Allow-Methods | GET, POST, PUT, PATCH, DELETE |
+

data/features/api/pages.feature

@@ -0,0 +1,42 @@
+@api
+Feature: Pages API
+
+  Scenario: Loading multiple pages
+    Given 2 pages
+    When  I GET "/api/pages?ids[]={{@pages[0].id}}&ids[]={{@pages[1].id}}"
+    Then  the response should be 200 "OK"
+    And   the response should contain 2 "pages"
+
+  Scenario: Loading a single page
+    Given a page
+    When  I GET "/api/pages/{{@page.id}}"
+    Then  the response should be 200 "OK"
+    And   the response should contain a "page"
+
+  Scenario: Create a new page
+    When I POST to "/api/pages" with:
+    """
+    { 
+        "path": "/page",
+        "body": "<HTML>BODY</HTML" 
+    }
+    """
+    Then the response should be 201 "Created"
+    And the JSON at "page/path" should be "/page"
+
+  Scenario: Update a page
+    Given a page
+    When I PATCH "/api/pages/{{@page.id}}":
+    """
+    { "page": { "title": "Updated page" } }
+    """
+    Then the response should be 200 "OK"
+    And the JSON at "page/title" should be "Updated page"
+
+  Scenario: Publish a page
+    Given a page
+    When I POST "/api/pages/{{@page.id}}/publish"
+    Then the response should be 201 "Created"
+    And  the JSON at "page/published_revision_id" should be a page revision's ID
+    When I GET "/api/page_revisions/{{@revision.id}}"
+    Then the response should be 200 "OK"

data/features/api/preview.feature

@@ -0,0 +1,16 @@
+@api
+Feature: Preview Page
+
+  Scenario: Preview a page
+    Given I accept JSON
+    When I POST "/api/pages/preview":
+    """
+    {
+      "page": {
+        "path": "/page/path",
+        "body": "This is just a preview!",
+        "status_code": "200"
+      }
+    }
+    """
+    Then the response should be 200 "OK"

data/features/api/templates.feature

@@ -0,0 +1,33 @@
+@api
+Feature: Templates API
+  Scenario: List all templates
+    Given 3 templates
+    When  I GET "/api/templates"
+    Then  the response status should be 200
+    And   the response should contain 3 "templates"
+
+  Scenario: Create a new template
+    When I POST "/api/templates":
+      """
+      {
+        "template": {
+          "name": "A template name!",
+          "description": "A beautiful template",
+          "body": "<div>body</div>",
+          "thumbnail_url": "http://foo/bar.jpg"
+        }
+      }
+      """
+    Then the response should be 201 "Created"
+    And  the JSON at "template/name" should be "A template name!"
+    When I follow the "Location" header
+    Then the JSON at "template/name" should be "A template name!"
+
+  Scenario: Update a template
+    Given a template
+    When  I PATCH "/api/templates/{{@template.id}}":
+      """
+      { "template": { "name": "New day new name" } }
+      """
+    Then the response should be 200 "OK"
+    And  the JSON at "template/name" should be "New day new name"

data/features/api/themes.feature

@@ -0,0 +1,33 @@
+@api
+Feature: Themes API
+  Scenario: List all themes
+    Given 3 themes
+    When I GET "/api/themes"
+    Then the response status should be 200
+    And  the response should contain 3 "themes"
+
+  Scenario: Create a new theme
+    When I POST "/api/themes":
+      """
+      {
+        "theme": {
+          "name": "A theme name!",
+          "description": "A beautiful theme",
+          "body": "{{ body }}",
+          "thumbnail_url": "http://foo/bar.jpg"
+        }
+      }
+      """
+    Then the response should be 201 "Created"
+    And  the JSON at "theme/name" should be "A theme name!"
+    When I follow the "Location" header
+    Then the JSON at "theme/name" should be "A theme name!"
+
+  Scenario: Update a theme
+    Given a theme
+    When  I PATCH "/api/themes/{{@theme.id}}":
+      """
+      { "theme": { "name": "New day new name" } }
+      """
+    Then the response should be 200 "OK"
+    And  the JSON at "theme/name" should be "New day new name"

data/features/liquid/body.feature

@@ -0,0 +1,35 @@
+Feature: Page body via `body` variable
+  Scenario: Theme accesses rendered page body via `body` variable
+    Given a theme with the body:
+      """
+      <div class="container">{{body}}</div>
+      """
+    When this page is rendered:
+      """
+      <h1>Hi mom!</h1>
+      """
+    Then the rendered content should be:
+      """
+      <div class="container"><h1>Hi mom!</h1></div>
+      """
+
+  Scenario: Rendering a page that attempts to inject Liquid markup into its theme
+    Given a theme with the body "{{body}}"
+    When  this page is rendered:
+      """
+      {% raw %}{{body}}{% endraw %}
+      """
+    Then the rendered content should be:
+      """
+      {{body}}
+      """
+
+  Scenario: Page rendering does not provide a `body` variable
+    When this page is rendered:
+      """
+      <div>{{body}}</div>
+      """
+    Then the rendered content should be:
+      """
+      <div></div>
+      """

data/features/liquid/drops/categories.feature

@@ -0,0 +1,54 @@
+Feature: Liquid drop for categories
+  As a content author
+  I want to be able to create category lists
+  And I want to be able to create lists of pages
+
+  Background:
+    Given a page under test
+
+  Scenario: Category list
+    Given a "published" page with title "Title 1" and category "seo"
+    Given a "published" page with title "Title 1" and category "affiliates"
+    Given a "published" page with title "Title 1" and category "traditional"
+    Given a "published" page with title "Title 1" and category "traditional"
+    Given a "unpublished" page with title "Title 1" and category "traditional"
+    When this page is rendered:
+      """
+        {% for category in categories %}{{ category.name }} ({{ category.pages.size }})
+        {% endfor %}
+      """
+    Then the rendered content should be:
+      """
+        Uncategorized (0)
+        Affiliates (1)
+        PPC (0)
+        SEO (1)
+        Social (0)
+        Email (0)
+        Traditional (2)
+      """
+
+  Scenario: Category when there are no published pages
+    Given a "unpublished" page with title "Title 1" and category "seo"
+    When this page is rendered:
+      """
+        count: {{ categories.seo.pages.size }}
+        {% for page in categories.seo.pages %}{{page.title}}{% endfor %}
+      """
+    Then the rendered content should be:
+      """
+        count: 0
+      """
+
+  Scenario: Category proxy when there is one published page
+    Given a "published" page with title "Title 1" and category "seo"
+    When this page is rendered:
+      """
+        count: {{ categories.seo.pages.size }}
+        {% for page in categories.seo.pages %}{{page.title}}{% endfor %}
+      """
+    Then the rendered content should be:
+      """
+        count: 1
+        Title 1
+      """

data/features/liquid/tags.feature

@@ -0,0 +1,168 @@
+# This is totally a unit test, but it's much more informative to read
+# this in cuke form.
+Feature: Liquid Tags
+  A number of custom liquid tags are made available to the page and theme bodies,
+  enabling generation of HTML tags, referencing assets, etc.
+
+  Background:
+    Given the asset URI prefix is "https://landable.dev/_assets"
+    And   a page under test
+    And   these assets:
+      | name    | description           |
+      | panda   | Baz!                  |
+      | cthulhu | Wisconsin Disclosures |
+      | small   | Site Favicon          |
+
+
+  Scenario: title_tag
+    Given the page's body is "{% title_tag %}"
+    Then  the rendered content should be:
+      """
+      <title>Page Under Test</title>
+      """
+
+  Scenario: meta_tags
+    Given the page's body is "{% meta_tags %}"
+    And the page's meta tags are:
+      | name     | content            |
+      | robots   | noindex,nofollow   |
+      | keywords | momoney,moproblems |
+    Then the rendered content should be:
+      """
+      <meta content="noindex,nofollow" name="robots" />
+      <meta content="momoney,moproblems" name="keywords" />
+      """
+
+  Scenario: head_content
+    Given the page's body is "{% head_content %}"
+    And the page's head tag is "<head lang='en'><meta test='text'>"  
+    Then the rendered content should be:
+      """
+      <head lang='en'><meta test='text'>
+      """
+
+  Scenario: head
+    Given the page's body is "{% head %}"
+    And the page's head tag is "<head lang='en'><meta test='text'>"
+    And the page's meta tags are:
+      | name     | content            |
+      | robots   | noindex,nofollow   |
+      | keywords | momoney,moproblems |
+    Then the rendered content should be:
+      """
+      <title>Page Under Test</title>
+      <meta content="noindex,nofollow" name="robots" />
+      <meta content="momoney,moproblems" name="keywords" />
+      <head lang='en'><meta test='text'>
+      """
+
+  Scenario: body
+    Given the page's body is "{% body %}"
+    And the page's body is "<div>Page body</div>"
+    Then the rendered content should be:
+      """
+      <div>Page body</div>
+      """
+
+  Scenario: body with nested liquid tag
+    Given the page's body is "{% body %}"
+    And the page's body is "<div>Page body</div>{% meta_tags %}"
+    And the page's meta tags are:
+      | name     | content            |
+      | robots   | noindex,nofollow   |
+      | keywords | momoney,moproblems |
+    Then the rendered content should be:
+      """
+      <div>Page body</div><meta content="noindex,nofollow" name="robots" />
+      <meta content="momoney,moproblems" name="keywords" />
+      """
+
+  Scenario: img_tag
+    Given the page's body is "{% img_tag panda %}"
+    Then the rendered content should be:
+      """
+      <img alt="Baz!" src="https://landable.dev/_assets//uploads/panda.png" />
+      """
+
+  Scenario: asset_url and asset_description
+    Given the page's body is:
+      """
+      <a href="{% asset_url cthulhu %}" title="{% asset_description cthulhu %}">Disclosures</a>
+      """
+    Then the rendered content should be:
+      """
+      <a href="https://landable.dev/_assets//uploads/cthulhu.jpg" title="Wisconsin Disclosures">Disclosures</a>
+      """
+
+  Scenario: Referencing a template
+    Given the page's body is:
+      """
+      <div>{% template bar %}</div>
+      """
+    And   the template "bar" with body "<span>some stuff</span>"
+    Then  the rendered content should be:
+      """
+      <div><span>some stuff</span></div>
+      """
+
+  Scenario: Referencing file backed partials
+    Given the page's body is:
+      """
+      <div>{% template partials_foobazz %}</div>
+      """
+    And   the template is a filed backed partial
+    Then  the rendered content should be:
+      """
+      <div><div class='content'>some stuff</div></div>
+      """
+
+  Scenario: Referencing a template with variables
+    Given the page's body is:
+      """
+      <div>{% template foobar body: "seven" footer: "the end" %}</div>
+      """
+    And   the template "foobar" with the body:
+      """
+      <span>{{ body | default: "eight" }}</span>
+      <footer>{{ footer }}</footer>
+      """
+    Then  the rendered content should be:
+      """
+      <div><span>seven</span>
+      <footer>the end</footer></div>
+      """
+
+  Scenario: Referencing a template with variable defaults
+    Given the page's body is:
+      """
+      <div>{% template bar %}</div>
+      """
+    And   the template "bar" with the body:
+      """
+      <span>{{ body | default: "eight" }}</span>
+      """
+    Then  the rendered content should be:
+      """
+      <div><span>eight</span></div>
+      """
+
+  Scenario: Referencing a template that doesn't exist
+    Given the page's body is:
+      """
+      <div>{% template fubu %}</div>
+      """
+    Then  the rendered content should be:
+      """
+      <div><!-- render error: missing template "fubu" --></div>
+      """
+
+  Scenario: App asset tags
+    Given the page's body is:
+      """
+      {% stylesheet_link_tag application %}
+      {% javascript_include_tag application %}
+      {% image_tag foo.jpg %}
+      {% img_tag foo.jpg %}
+      {% image_tag panda %}
+      """
+    Then  the rendered body should be the correct assets