letter_opener_web 1.3.4 → 2.0.0

data/spec/dummy/config/initializers/application_controller_renderer.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
-# ApplicationController.renderer.defaults.merge!(
-#   http_host: 'example.org',
-#   https: false
-# )
+# ActiveSupport::Reloader.to_prepare do
+#   ApplicationController.renderer.defaults.merge!(
+#     http_host: 'example.org',
+#     https: false
+#   )
+# end

data/spec/dummy/config/initializers/assets.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
-
 # Be sure to restart your server when you modify this file.
 
 # Version of your assets, change this if you want to expire all your assets.
-Rails.application.config.assets.version = '1.0'
+# Rails.application.config.assets.version = '1.0'
 
-# Add additional assets to the asset load path
+# Add additional assets to the asset load path.
 # Rails.application.config.assets.paths << Emoji.images_path
 
 # Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-# Rails.application.config.assets.precompile += %w( search.js )
+# application.js, application.css, and all non-JS/CSS in the app/assets
+# folder are already added.
+# Rails.application.config.assets.precompile += %w( admin.js admin.css )

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
-# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) }
 
-# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
-# Rails.backtrace_cleaner.remove_silencers!
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code
+# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'".
+Rails.backtrace_cleaner.remove_silencers! if ENV['BACKTRACE']

data/spec/dummy/config/initializers/content_security_policy.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Define an application-wide content security policy
+# For further information see the following documentation
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+# Rails.application.config.content_security_policy do |policy|
+#   policy.default_src :self, :https
+#   policy.font_src    :self, :https, :data
+#   policy.img_src     :self, :https, :data
+#   policy.object_src  :none
+#   policy.script_src  :self, :https
+#   policy.style_src   :self, :https
+
+#   # Specify URI for violation reports
+#   # policy.report_uri "/csp-violation-report-endpoint"
+# end
+
+# If you are using UJS then enable automatic nonce generation
+# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
+
+# Set the nonce only to specific directives
+# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
+
+# Report CSP violations to a specified URI
+# For further information see the following documentation:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+# Rails.application.config.content_security_policy_report_only = true

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -3,4 +3,6 @@
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password]
+Rails.application.config.filter_parameters += %i[
+  passw secret token _key crypt salt certificate otp ssn
+]

data/spec/dummy/config/initializers/permissions_policy.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+# Define an application-wide HTTP permissions policy. For further
+# information see https://developers.google.com/web/updates/2018/06/feature-policy
+#
+# Rails.application.config.permissions_policy do |f|
+#   f.camera      :none
+#   f.gyroscope   :none
+#   f.microphone  :none
+#   f.usb         :none
+#   f.fullscreen  :self
+#   f.payment     :self, "https://secure.example.com"
+# end

data/spec/dummy/config/locales/en.yml

@@ -16,8 +16,18 @@
 #
 # This would use the information in config/locales/es.yml.
 #
+# The following keys must be escaped otherwise they will not be retrieved by
+# the default I18n backend:
+#
+# true, false, on, off, yes, no
+#
+# Instead, surround them with single quotes.
+#
+# en:
+#   'true': 'foo'
+#
 # To learn more, please read the Rails Internationalization guide
-# available at http://guides.rubyonrails.org/i18n.html.
+# available at https://guides.rubyonrails.org/i18n.html.
 
 en:
   hello: "Hello world"

data/spec/dummy/config/puma.rb

@@ -1,24 +1,33 @@
 # frozen_string_literal: true
 
 # Puma can serve each request in a thread from an internal thread pool.
-# The `threads` method setting takes two numbers a minimum and maximum.
+# The `threads` method setting takes two numbers: a minimum and maximum.
 # Any libraries that use thread pools should be configured to match
 # the maximum value specified for Puma. Default is set to 5 threads for minimum
-# and maximum, this matches the default thread size of Active Record.
+# and maximum; this matches the default thread size of Active Record.
 #
-threads_count = ENV.fetch('RAILS_MAX_THREADS') { 5 }.to_i
-threads threads_count, threads_count
+max_threads_count = ENV.fetch('RAILS_MAX_THREADS', 5)
+min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count }
+threads min_threads_count, max_threads_count
 
-# Specifies the `port` that Puma will listen on to receive requests, default is 3000.
+# Specifies the `worker_timeout` threshold that Puma will use to wait before
+# terminating a worker in development environments.
 #
-port        ENV.fetch('PORT') { 3000 }
+worker_timeout 3600 if ENV.fetch('RAILS_ENV', 'development') == 'development'
+
+# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
+#
+port ENV.fetch('PORT', 3000)
 
 # Specifies the `environment` that Puma will run in.
 #
-environment ENV.fetch('RAILS_ENV') { 'development' }
+environment ENV.fetch('RAILS_ENV', 'development')
+
+# Specifies the `pidfile` that Puma will use.
+pidfile ENV.fetch('PIDFILE', 'tmp/pids/server.pid')
 
 # Specifies the number of `workers` to boot in clustered mode.
-# Workers are forked webserver processes. If using threads and workers together
+# Workers are forked web server processes. If using threads and workers together
 # the concurrency of the application would be max `threads` * `workers`.
 # Workers do not work on JRuby or Windows (both of which do not support
 # processes).
@@ -28,22 +37,9 @@ environment ENV.fetch('RAILS_ENV') { 'development' }
 # Use the `preload_app!` method when specifying a `workers` number.
 # This directive tells Puma to first boot the application and load code
 # before forking the application. This takes advantage of Copy On Write
-# process behavior so workers use less memory. If you use this option
-# you need to make sure to reconnect any threads in the `on_worker_boot`
-# block.
+# process behavior so workers use less memory.
 #
 # preload_app!
 
-# The code in the `on_worker_boot` will be called if you are using
-# clustered mode by specifying a number of `workers`. After each worker
-# process is booted this block will be run, if you are using `preload_app!`
-# option you will want to use this block to reconnect to any threads
-# or connections that may have been created at application boot, Ruby
-# cannot share connections between processes.
-#
-# on_worker_boot do
-#   ActiveRecord::Base.establish_connection if defined?(ActiveRecord)
-# end
-
 # Allow puma to be restarted by `rails restart` command.
 plugin :tmp_restart

data/spec/dummy/config/routes.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
 Rails.application.routes.draw do
-  mount LetterOpenerWeb::Engine => '/letter_opener'
-
-  root to: 'home#index'
-  post '/', to: 'home#create'
+  mount LetterOpenerWeb::Engine => '/letter_opener_web'
 end

data/spec/dummy/config.ru

@@ -5,3 +5,4 @@
 require_relative 'config/environment'
 
 run Rails.application
+Rails.application.load_server

data/spec/dummy/public/404.html

@@ -4,7 +4,7 @@
   <title>The page you were looking for doesn't exist (404)</title>
   <meta name="viewport" content="width=device-width,initial-scale=1">
   <style>
-  body {
+  .rails-default-error-page {
     background-color: #EFEFEF;
     color: #2E2F30;
     text-align: center;
@@ -12,13 +12,13 @@
     margin: 0;
   }
 
-  div.dialog {
+  .rails-default-error-page div.dialog {
     width: 95%;
     max-width: 33em;
     margin: 4em auto 0;
   }
 
-  div.dialog > div {
+  .rails-default-error-page div.dialog > div {
     border: 1px solid #CCC;
     border-right-color: #999;
     border-left-color: #999;
@@ -31,13 +31,13 @@
     box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
   }
 
-  h1 {
+  .rails-default-error-page h1 {
     font-size: 100%;
     color: #730E15;
     line-height: 1.5em;
   }
 
-  div.dialog > p {
+  .rails-default-error-page div.dialog > p {
     margin: 0 0 1em;
     padding: 1em;
     background-color: #F7F7F7;
@@ -54,7 +54,7 @@
   </style>
 </head>
 
-<body>
+<body class="rails-default-error-page">
   <!-- This file lives in public/404.html -->
   <div class="dialog">
     <div>

data/spec/dummy/public/422.html

@@ -4,7 +4,7 @@
   <title>The change you wanted was rejected (422)</title>
   <meta name="viewport" content="width=device-width,initial-scale=1">
   <style>
-  body {
+  .rails-default-error-page {
     background-color: #EFEFEF;
     color: #2E2F30;
     text-align: center;
@@ -12,13 +12,13 @@
     margin: 0;
   }
 
-  div.dialog {
+  .rails-default-error-page div.dialog {
     width: 95%;
     max-width: 33em;
     margin: 4em auto 0;
   }
 
-  div.dialog > div {
+  .rails-default-error-page div.dialog > div {
     border: 1px solid #CCC;
     border-right-color: #999;
     border-left-color: #999;
@@ -31,13 +31,13 @@
     box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
   }
 
-  h1 {
+  .rails-default-error-page h1 {
     font-size: 100%;
     color: #730E15;
     line-height: 1.5em;
   }
 
-  div.dialog > p {
+  .rails-default-error-page div.dialog > p {
     margin: 0 0 1em;
     padding: 1em;
     background-color: #F7F7F7;
@@ -54,7 +54,7 @@
   </style>
 </head>
 
-<body>
+<body class="rails-default-error-page">
   <!-- This file lives in public/422.html -->
   <div class="dialog">
     <div>

data/spec/dummy/public/500.html

@@ -4,7 +4,7 @@
   <title>We're sorry, but something went wrong (500)</title>
   <meta name="viewport" content="width=device-width,initial-scale=1">
   <style>
-  body {
+  .rails-default-error-page {
     background-color: #EFEFEF;
     color: #2E2F30;
     text-align: center;
@@ -12,13 +12,13 @@
     margin: 0;
   }
 
-  div.dialog {
+  .rails-default-error-page div.dialog {
     width: 95%;
     max-width: 33em;
     margin: 4em auto 0;
   }
 
-  div.dialog > div {
+  .rails-default-error-page div.dialog > div {
     border: 1px solid #CCC;
     border-right-color: #999;
     border-left-color: #999;
@@ -31,13 +31,13 @@
     box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
   }
 
-  h1 {
+  .rails-default-error-page h1 {
     font-size: 100%;
     color: #730E15;
     line-height: 1.5em;
   }
 
-  div.dialog > p {
+  .rails-default-error-page div.dialog > p {
     margin: 0 0 1em;
     padding: 1em;
     background-color: #F7F7F7;
@@ -54,7 +54,7 @@
   </style>
 </head>
 
-<body>
+<body class="rails-default-error-page">
   <!-- This file lives in public/500.html -->
   <div class="dialog">
     <div>

data/spec/letter_opener_web_spec.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
-describe LetterOpenerWeb do
+RSpec.describe LetterOpenerWeb do
   subject { described_class }
   after(:each) { described_class.reset! }
 

data/spec/models/letter_opener_web/letter_spec.rb

@@ -1,20 +1,31 @@
 # frozen_string_literal: true
 
-describe LetterOpenerWeb::Letter do
-  let(:location) { File.expand_path('../../tmp', __dir__) }
+RSpec.describe LetterOpenerWeb::Letter do
+  let(:location) { Pathname.new(__dir__).join('..', '..', 'tmp').cleanpath }
 
   def rich_text(mail_id)
-    <<-MAIL
-Rich text for #{mail_id}
-<!DOCTYPE html>
-<a href='a-link.html'>
-  <img src='an-image.jpg'>
-  Link text
-</a>
-<a href='fooo.html'>Bar</a>
-<a href="example.html" class="blank"></a>
-<address><a href="inside-address.html">inside address</a></address>
-MAIL
+    <<~MAIL
+      Rich text for #{mail_id}
+      <!DOCTYPE html>
+      <body>
+        <div id="container">
+          <div id="message_headers">
+            <dl>
+              <dt>From:</dt>
+              <dd>noreply@example.com</dd>
+            </dl>
+          </div>
+
+          <a href='a-link.html'>
+            <img src='an-image.jpg'>
+            Link text
+          </a>
+          <a href='fooo.html'>Bar</a>
+          <a href="example.html" class="blank"></a>
+          <address><a href="inside-address.html">inside address</a></address>
+        </div>
+      </body>
+    MAIL
   end
 
   before :each do
@@ -36,6 +47,28 @@ MAIL
     FileUtils.rm_rf(location)
   end
 
+  describe 'rich text headers' do
+    let(:id) { '1111_1111' }
+    subject { described_class.new(id: id).headers }
+
+    before do
+      FileUtils.rm_rf("#{location}/#{id}/plain.html")
+    end
+
+    it { is_expected.to match(%r{<dl>\s*<dt>From:</dt>\s*<dd>noreply@example\.com</dd>}m) }
+  end
+
+  describe 'plain text headers' do
+    let(:id) { '1111_1111' }
+    subject { described_class.new(id: id).headers }
+
+    before do
+      FileUtils.rm_rf("#{location}/#{id}/rich.html")
+    end
+
+    it { is_expected.to eq('UNABLE TO PARSE HEADERS') }
+  end
+
   describe 'rich text version' do
     let(:id) { '1111_1111' }
     subject { described_class.new(id: id).rich_text }
@@ -45,9 +78,10 @@ MAIL
     it 'changes links to show up on a new window' do
       link_html = [
         "<a href='a-link.html' target='_blank'>",
-        "<img src='an-image.jpg'/>",
-        "Link text\n</a>"
-      ].join("\n  ")
+        "  <img src='an-image.jpg'/>",
+        '  Link text',
+        '</a>'
+      ].join("\n    ")
 
       expect(subject).to include(link_html)
     end
@@ -128,13 +162,24 @@ MAIL
 
   describe '#delete' do
     let(:id) { '1111_1111' }
+
     subject { described_class.new(id: id).delete }
 
-    it'removes the letter with given id' do
+    it 'removes the letter with given id' do
       subject
       directories = Dir["#{location}/*"]
       expect(directories.count).to eql(1)
       expect(directories.first).not_to match(id)
     end
+
+    context 'when the id is outside of the letters base path' do
+      let(:id) { '../3333_3333' }
+
+      it 'does not remove the letter' do
+        expect(FileUtils).not_to receive(:rm_rf).with(location.join(id).cleanpath.to_s)
+
+        expect(subject).to be_nil
+      end
+    end
   end
 end

data/spec/spec_helper.rb

@@ -1,5 +1,13 @@
 # frozen_string_literal: true
 
+require 'simplecov'
+SimpleCov.start
+
+if ENV.fetch('CI', '') == 'true'
+  require 'codecov'
+  SimpleCov.formatter = SimpleCov::Formatter::Codecov
+end
+
 require 'shoulda-matchers'
 
 RSpec.configure do |config|