RubyGems - locomotivecms_steam - Versions diffs - 1.4.1 → 1.5.0.beta1 - Mend

locomotivecms_steam 1.4.1 → 1.5.0.beta1

Files changed (173) hide show

data/lib/locomotive/steam/services/url_finder_service.rb ADDED

@@ -0,0 +1,87 @@
+module Locomotive
+  module Steam
+    # This service is used for the following use cases:
+    # - get an url of a link encoded by the RichTextEditor component in the engine
+    # - get an url of a link created through the UrlPicker component in the engine
+    #
+    class UrlFinderService
+      attr_accessor_initialize :url_builder, :page_finder, :content_entry_finder
+      # Return an array with the following elements: [<URL>, <NEW_WINDOW>]
+      #
+      # Example:
+      # url_for({
+      #   'type'        => 'page',
+      #   'value'       =>  '42', # id of the home page
+      #   'locale'      => 'en',
+      #   'new_window'  => true
+      # })
+      #
+      # will return: ['/', true]
+      #
+      def url_for(resource)
+        return [resource, false] if resource.is_a?(String)
+        _resource   = resource || {}
+        page_or_url = find_page(_resource['type'], _resource['value']) || page_finder.find('404')
+        [
+          page_or_url.is_a?(String) ? page_or_url : url_builder.url_for(page_or_url),
+          _resource['new_window'] || false
+        ]
+      end
+      # Same behavior as for url_for except the parameter is a
+      # JSON string encoded in Base64
+      def decode_url_for(encoded_value)
+        url_for(decode_link(encoded_value))
+      end
+      # Apply the decode_url_for method for each link of a text
+      def decode_urls_for(text)
+        return text if text.blank?
+        text.gsub(Locomotive::Steam::SECTIONS_LINK_TARGET_REGEXP) do
+          decode_url_for($~[:link])[0]
+        end
+      end
+      # Decode a link
+      def decode_link(encoded_value)
+        decoded_value = Base64.decode64(encoded_value)
+        JSON.parse(decoded_value)
+      end
+      private
+      # Based on the type of the resource, it returns either:
+      # - a simple page
+      # - a templatized page with its related content entry attached
+      # - nil if external url
+      def find_page(type, value)
+        case type
+        when 'page'
+          page_finder.find_by_id(value)
+        when 'content_entry'
+          # find the page template
+          page_finder.find_by_id(value['page_id']).tap do |_page|
+            entry = content_entry_finder.find(value['content_type_slug'], value['id'])
+            return nil if _page.nil? || entry.nil?
+            # attach the template to the content entry
+            _page.content_entry = entry
+          end
+        when '_external'
+          value
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/locomotive/steam/version.rb CHANGED

@@ -1,8 +1,8 @@
 # http://semver.org/
 # MAJOR.MINOR.PATCH format.
-# 1.0.0-alpha < 1.0.0-alpha.1 < 1.0.0-alpha.beta < 1.0.0-beta < 1.0.0-beta.2 < 1.0.0-beta.11 < 1.0.0-rc.1 < 1.0.0
+# 1.0.0.alpha < 1.0.0.alpha1 < 1.0.0.beta < 1.0.0.beta2 < 1.0.0.beta11 < 1.0.0.rc1 < 1.0.0
 module Locomotive
   module Steam
-    VERSION = '1.4.1'
+    VERSION = '1.5.0.beta1'
   end
 end

data/locomotivecms_steam.gemspec CHANGED

@@ -49,7 +49,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'pony',                   '~> 1.12'
   spec.add_dependency 'locomotivecms-solid',      '~> 4.0.1'
-  spec.add_dependency 'locomotivecms_common',     '~> 0.3.0'
+  spec.add_dependency 'locomotivecms_common',     '~> 0.3.1'
   spec.required_ruby_version = '>= 2.0'
 end

data/spec/fixtures/default/app/views/pages/tags/section.liquid.haml ADDED

@@ -0,0 +1,11 @@
+---
+title: sectionTemplateTest
+template: true
+listed: true
+position: 5
+---
+{% section "header" %}
+{% section_dropzone %}
+{% section "footer" %}

data/spec/fixtures/default/app/views/sections/carousel.liquid ADDED

@@ -0,0 +1,20 @@
+---
+{
+  "name": "carousel",
+  "category": "carousel",
+  "class": "section-carousel",
+  "settings":
+  [
+    {
+      "id": "brand",
+      "type": "text",
+      "label": "Text to display in the carousel",
+      "default": "Header"
+    }
+  ]
+}
+---
+<h2>
+  FOOTER PLAIN TEXT
+</h2>

data/spec/fixtures/default/app/views/sections/footer.liquid ADDED

@@ -0,0 +1,48 @@
+---
+{
+  "name": "footer",
+  "category": "footer",
+  "class": "section-footer",
+  "settings":
+  [
+    {
+      "id": "brand",
+      "type": "text",
+      "label": "Text to display in the footer",
+      "default": "Header"
+    }
+  ],
+  "default":
+  {
+    "settings":
+    {
+      "brand": "MY COMPANY"
+    },
+    "blocks":
+    [
+      {
+        "type": "link",
+        "settings":
+        {
+          "label": "Link #1",
+          "url": "https://www.nocoffee.fr",
+          "new_tab": "true"
+        }
+      },
+      {
+        "type": "link",
+        "settings":
+        {
+          "label": "Link #2",
+          "url": "https://www.nocoffee.fr",
+          "new_tab": "true"
+        }
+      }
+    ]
+  }
+}
+---
+<h2>
+  FOOTER PLAIN TEXT
+</h2>

data/spec/fixtures/default/app/views/sections/header.liquid ADDED

@@ -0,0 +1,54 @@
+---
+{
+  "name": "header",
+  "category": "header",
+  "class": "section-header",
+  "settings":
+  [
+    {
+      "id": "brand",
+      "type": "text",
+      "label": "Text to display in the header",
+      "default": "Header"
+    }
+  ],
+  "default":
+  {
+    "settings":
+    {
+      "brand": "MY COMPANY"
+    },
+    "blocks":
+    [
+      {
+        "type": "link",
+        "settings":
+        {
+          "label": "Link #1",
+          "url": "https://www.nocoffee.fr",
+          "new_tab": "true"
+        }
+      },
+      {
+        "type": "link",
+        "settings":
+        {
+          "label": "Link #2",
+          "url": "https://www.nocoffee.fr",
+          "new_tab": "true"
+        }
+      }
+    ]
+  }
+}
+---
+<h1> {{ section.settings.brand }} </h1>
+<ul>
+  {% for block in section.blocks %}
+    <li>
+      <a href="{{ block.settings.url }}" target="{% if block.settings.new_tab %}_blank{% endif %}">
+        {{ block.settings.label }}
+      </a>
+    </li>
+  {% endfor %}
+</ul>

data/spec/fixtures/default/config/deploy.yml CHANGED

@@ -1,6 +1,6 @@
 development:
   host: localhost:3000
-  handle: sample
+  handle: www
   email: admin@locomotivecms.com
   api_key: d49cd50f6f0d2b163f48fc73cb249f0244c37074
 staging:

data/spec/fixtures/errors/section_bad_json_content.liquid ADDED

@@ -0,0 +1,9 @@
+---
+{
+  name: "Section"
+  text: "Missing coma in previous line"
+}
+---
+<div>
+  Plop
+</div>

data/spec/fixtures/errors/section_bad_json_header.liquid ADDED

@@ -0,0 +1,8 @@
+{
+  name: "Section",
+  text: "Missing start of JSON symbol"
+}
+---
+<div>
+  Plop
+</div>

data/spec/fixtures/mongodb/locomotive_accounts.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_accounts.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_accounts"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_accounts"}]}

data/spec/fixtures/mongodb/locomotive_activities.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_activities.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_activities"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_activities"}]}

data/spec/fixtures/mongodb/locomotive_content_assets.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_content_assets.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_content_assets"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_content_assets"}]}

data/spec/fixtures/mongodb/locomotive_content_entries.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_content_entries.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_content_entries"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_content_entries"}]}

data/spec/fixtures/mongodb/locomotive_content_types.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_content_types.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_content_types"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_content_types"}]}

data/spec/fixtures/mongodb/locomotive_pages.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_pages.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_pages"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_pages"}]}

data/spec/fixtures/mongodb/locomotive_sections.bson ADDED

Binary file

data/spec/fixtures/mongodb/{sessions.metadata.json → locomotive_sections.metadata.json} RENAMED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.~~sessions~~"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_sections"}]}

data/spec/fixtures/mongodb/locomotive_sites.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_sites.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_sites"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_sites"}]}

data/spec/fixtures/mongodb/locomotive_snippets.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_snippets.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_snippets"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_snippets"}]}

data/spec/fixtures/mongodb/locomotive_theme_assets.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_theme_assets.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_theme_assets"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_theme_assets"}]}

data/spec/fixtures/mongodb/locomotive_translations.bson CHANGED

Binary file

data/spec/fixtures/mongodb/locomotive_translations.metadata.json CHANGED

	@@ -1 +1 @@
1	- {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"~~locomotive_engine_test~~.locomotive_translations"}]}
1	+ {"options":{},"indexes":[{"v":2,"key":{"_id":1},"name":"_id_","ns":"locomotiveapp_steam_specs.locomotive_translations"}]}

data/spec/integration/repositories/content_entry_repository_spec.rb CHANGED

@@ -116,7 +116,7 @@ describe Locomotive::Steam::ContentEntryRepository do
       let(:site_id)   { mongodb_site_id }
       let(:adapter)   { Locomotive::Steam::MongoDBAdapter.new(database: mongodb_database, hosts: ['127.0.0.1:27017']) }
-      let(:entry_id)  { BSON::ObjectId.from_string('5ae73458e051bb4f5525c92f') }
+      let(:entry_id)  { BSON::ObjectId.from_string('5baf7d38a953300567956448') }
     end

data/spec/integration/repositories/page_repository_spec.rb CHANGED

@@ -14,7 +14,7 @@ describe Locomotive::Steam::PageRepository do
     describe '#all' do
       let(:conditions) { {} }
       subject { repository.all(conditions) }
-      it { expect(subject.size).to eq 34 }
+      it { expect(subject.size).to eq 35 }
       context 'with conditions' do
         let(:conditions) { { fullpath: 'index', 'slug.ne' => '404' } }

data/spec/integration/repositories/theme_asset_repository_spec.rb CHANGED

@@ -26,7 +26,7 @@ describe Locomotive::Steam::ThemeAssetRepository do
     describe '#checksums' do
       subject { repository.checksums }
       it { expect(subject.size).to eq 16 }
-      it { expect(subject['stylesheets/application.css']).to eq '15161ceeb93a9d26027a8a38862be47b' }
+      it { expect(subject['stylesheets/application.css']).to eq 'bcf663fd61d87846a60496249854d81a' }
     end
   end

data/spec/integration/server/auth_spec.rb CHANGED

@@ -171,11 +171,7 @@ describe 'Authentication' do
       auth_id:                    email,
       auth_reset_password_url:    'http://acme.com/account/reset-password',
       auth_callback:              '/account/sign-in',
-      auth_email_from:            'support@acme.com',
       auth_email_handle:          'reset_password_instructions',
-      auth_email_smtp_address:    'smtp.nowhere.net',
-      auth_email_smtp_user_name:  'jane',
-      auth_email_smtp_password:   'easyone'
     } }
     it 'renders the forgot password page with an error message' do

data/spec/integration/server/basic_spec.rb CHANGED

@@ -191,4 +191,12 @@ describe Locomotive::Steam::Server do
   end
+  describe 'prevent XSS attacks' do
+    subject { get '/events?some_variable=%3Cscript%3Ealert(document.cookie)%3C/script%3E'; last_response.body }
+    it { is_expected.not_to include '<script>alert(document.cookie)</script>' }
+  end
 end

data/spec/integration/server/contact_form_spec.rb CHANGED

@@ -135,8 +135,8 @@ describe 'ContactForm' do
   describe 'submit a new entry (new version)' do
-    let(:url) { '/events' }
-    let(:params) { {
+    let(:url)     { '/events' }
+    let(:params)  { {
       'content_type_slug' => 'messages',
       'some_variable'     => '42',
       'entry' => { 'name' => 'John', 'email' => 'j@doe.net', 'message' => 'Bla bla' } } }
@@ -155,6 +155,19 @@ describe 'ContactForm' do
         expect(response.body.to_s).to include "can't be blank"
       end
+      describe 'XSS attack' do
+        let(:params) { {
+          'content_type_slug' => 'messages',
+          'entry' => { 'name' => '<script>alert(document.cookie)</script>' }
+        } }
+        it "doesn't let people to insert malicious JS code" do
+          expect(response.body.to_s).not_to include "<script>alert(document.cookie)</script>"
+        end
+      end
     end
     context 'when valid' do

data/spec/integration/server/sitemap_spec.rb CHANGED

@@ -21,13 +21,15 @@ describe Locomotive::Steam::Server do
     it 'checks if it looks valid' do
       expect(Nokogiri::XML(subject).errors.empty?).to eq true
-      expect(subject.scan(/<url>/).size).to eq 25
+      expect(subject.scan(/<url>/).size).to eq 22
       expect(subject).to match("<loc>http://example.org/songs/song-number-2/band</loc>")
+      expect(subject).to match(%(<xhtml:link rel="alternate" hreflang="fr" href="http://example.org/fr/a-notre-sujet" />))
       expect(subject).to match((<<-EOF
   <url>
-    <loc>http://example.org/fr/a-notre-sujet</loc>
+    <loc>http://example.org/about-us</loc>
     <lastmod>2015-03-25</lastmod>
-    <priority>0.9</priority>
+    <xhtml:link rel="alternate" hreflang="fr" href="http://example.org/fr/a-notre-sujet" />
+     <xhtml:link rel="alternate" hreflang="nb" href="http://example.org/nb/om-oss" />
   </url>
       EOF
       ).strip)