panda-core 0.7.0 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4aa145ee85e5b0c497754d7d218ceb3cc7c4de6065e3357f85e0676186df37f1
-  data.tar.gz: 9425c978a3208aca75045e4cf1e36408088829a73c19d10746a91cefc320db6f
+  metadata.gz: abf323ca5beed58dcb17cd7f39ed76028413524b20e40cd2de8d9c5d21b97fff
+  data.tar.gz: 992d91647d9cd2567b7d818beb2f7a2d173fb16edf8f78f222a576a1e6b9534f
 SHA512:
-  metadata.gz: ef76d583b1a36ecef8d13788338a847457bcd36a8efddf9582dcb1a7fc7ee484cb689f5dea6f9628d1fc46e2e7e2f513c84b6531116059496bb5e2e862d82f32
-  data.tar.gz: 982d52f5927bddf30b2c6ab1d3981e78e542fba07717628d73f4375c8819ebf29a151eaf08f0f89fea48d06830c52315d3ff9a996d19472696c061597d529bd4
+  metadata.gz: 42f8a466d633d31ee8e77650c0afcd9f768ef7990df74b185d3722e614a623f176944a610bee1ca4eee60f33edba812eda96b0b25f5e9466773c1f1920bd1213
+  data.tar.gz: a0f9ec858050df85d6a9cac0a04dc179673ad5438d8bd6c9deeb1ee0d52c5a1d0f5c2e0af9784cc717fcd59a987efd79f9ecc55d3d2456ba842d5056acff363b

data/app/javascript/panda/core/controllers/navigation_toggle_controller.js

@@ -19,10 +19,14 @@ export default class extends Controller {
   static targets = ["button", "menu", "icon"]
 
   connect() {
+    // Ensure menu starts in correct state
     // Check if this menu should be expanded by default (if a child is active)
     const hasActiveChild = this.menuTarget.querySelector(".bg-mid")
     if (hasActiveChild) {
       this.expand()
+    } else {
+      // Explicitly ensure the menu is collapsed if no active child
+      this.collapse()
     }
   }
 
@@ -42,6 +46,7 @@ export default class extends Controller {
 
   expand() {
     this.menuTarget.classList.remove("hidden")
+    this.menuTarget.style.display = ""
     this.buttonTarget.setAttribute("aria-expanded", "true")
 
     if (this.hasIconTarget) {
@@ -51,6 +56,7 @@ export default class extends Controller {
 
   collapse() {
     this.menuTarget.classList.add("hidden")
+    this.menuTarget.style.display = "none"
     this.buttonTarget.setAttribute("aria-expanded", "false")
 
     if (this.hasIconTarget) {

data/app/views/panda/core/admin/shared/_sidebar.html.erb

@@ -50,6 +50,7 @@
             </button>
             <div id="sub-menu-<%= index %>"
                  class="space-y-1 hidden"
+                 style="display: none;"
                  data-navigation-toggle-target="menu">
               <% item[:children].each do |child| %>
                 <%

data/lib/panda/core/testing/rails_helper.rb

@@ -0,0 +1,174 @@
+# frozen_string_literal: true
+
+# Shared RSpec configuration for all Panda gems
+# This file provides common test infrastructure that can be extended by individual gems
+#
+# IMPORTANT: This file should be required AFTER the dummy app is loaded
+# Individual gem rails_helper files should:
+# 1. Set up SimpleCov
+# 2. Require panda/core and the dummy app
+# 3. Require this file
+# 4. Load gem-specific support files
+
+# Require common test gems (assumes Rails and RSpec/Rails are already loaded by gem's rails_helper)
+require "database_cleaner/active_record"
+require "shoulda/matchers"
+require "capybara"
+require "capybara/rspec"
+require "puma"
+
+# Configure fixtures
+ActiveRecord::FixtureSet.context_class.send :include, ActiveSupport::Testing::TimeHelpers
+
+# Shoulda Matchers configuration
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.test_framework :rspec
+    with.library :rails
+  end
+end
+
+# Load all support files from panda-core
+# Files are now in lib/panda/core/testing/support/ to be included in the published gem
+support_path = File.expand_path("../support", __FILE__)
+Dir[File.join(support_path, "**/*.rb")].sort.each { |f| require f }
+
+RSpec.configure do |config|
+  # Include panda-core route helpers by default
+  config.include Panda::Core::Engine.routes.url_helpers if defined?(Panda::Core::Engine)
+  config.include Rails.application.routes.url_helpers
+
+  # Standard RSpec configuration
+  config.use_transactional_fixtures = true
+  config.infer_spec_type_from_file_location!
+  config.filter_rails_from_backtrace!
+  config.example_status_persistence_file_path = "spec/examples.txt"
+  config.disable_monkey_patching!
+
+  # Print total example count before running
+  config.before(:suite) do
+    puts "Total examples to run: #{RSpec.world.example_count}\n"
+  end
+
+  # Use specific formatter for GitHub Actions
+  if ENV["GITHUB_ACTIONS"] == "true"
+    require "rspec/github"
+    config.add_formatter RSpec::Github::Formatter
+  end
+
+  # Controller testing support (if rails-controller-testing is available)
+  if defined?(Rails::Controller::Testing)
+    config.include Rails::Controller::Testing::TestProcess, type: :controller
+    config.include Rails::Controller::Testing::TemplateAssertions, type: :controller
+    config.include Rails::Controller::Testing::Integration, type: :controller
+  end
+
+  # Reset column information before suite
+  config.before(:suite) do
+    if defined?(Panda::Core::User)
+      Panda::Core::User.connection.schema_cache.clear!
+      Panda::Core::User.reset_column_information
+    end
+  end
+
+  # Disable prepared statements for PostgreSQL tests to avoid caching issues
+  config.before(:suite) do
+    if ActiveRecord::Base.connection.adapter_name == "PostgreSQL"
+      ActiveRecord::Base.connection.unprepared_statement do
+        # This block intentionally left empty
+      end
+      # Disable prepared statements globally for test environment
+      ActiveRecord::Base.establish_connection(
+        ActiveRecord::Base.connection_db_config.configuration_hash.merge(prepared_statements: false)
+      )
+    end
+  end
+
+  # Disable logging during tests
+  config.before(:suite) do
+    Rails.logger.level = Logger::ERROR
+    ActiveRecord::Base.logger = nil if defined?(ActiveRecord)
+    ActionController::Base.logger = nil if defined?(ActionController)
+    ActionMailer::Base.logger = nil if defined?(ActionMailer)
+  end
+
+  # Suppress Rails command output during generator tests
+  config.before(:each, type: :generator) do
+    allow(Rails::Command).to receive(:invoke).and_return(true)
+  end
+
+  # Force all examples to run
+  config.filter_run_including({})
+  config.run_all_when_everything_filtered = true
+
+  # Allow using focus keywords "f... before a specific test"
+  config.filter_run_when_matching :focus
+
+  # Retry flaky tests automatically
+  # This is especially useful for system tests that may have timing issues
+  config.around(:each, :flaky) do |example|
+    retry_count = example.metadata[:retry] || 3
+    retry_count.times do |i|
+      example.run
+      break unless example.exception
+
+      if i < retry_count - 1
+        puts "\n[RETRY] Test failed, retrying... (attempt #{i + 2}/#{retry_count})"
+        puts "[RETRY] Exception: #{example.exception.class.name}: #{example.exception.message[0..100]}"
+        example.instance_variable_set(:@exception, nil)
+        sleep 1 # Brief pause between retries
+      end
+    end
+  end
+
+  # Exclude EditorJS tests by default unless specifically requested
+  config.filter_run_excluding :editorjs unless ENV["INCLUDE_EDITORJS"] == "true"
+
+  # Use verbose output if only running one spec file
+  config.default_formatter = "doc" if config.files_to_run.one?
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run: --seed 1234
+  Kernel.srand config.seed
+  config.order = :random
+
+  # Note: Fixture configuration is gem-specific and should be done in each gem's rails_helper.rb
+  # This includes config.fixture_paths and config.global_fixtures
+
+  # Bullet configuration (if available)
+  if defined?(Bullet) && Bullet.enable?
+    config.before(:each) do
+      Bullet.start_request
+    end
+
+    config.after(:each) do
+      Bullet.perform_out_of_channel_notifications if Bullet.notification?
+      Bullet.end_request
+    end
+  end
+
+  # OmniAuth test mode
+  OmniAuth.config.test_mode = true if defined?(OmniAuth)
+
+  # DatabaseCleaner configuration
+  config.before(:suite) do
+    # Allow DATABASE_URL in CI environment
+    if ENV["DATABASE_URL"]
+      DatabaseCleaner.allow_remote_database_url = true
+    end
+
+    DatabaseCleaner.clean_with :truncation
+
+    # Hook for gems to add custom suite setup
+    # Gems can define Panda::Testing.before_suite_hook and it will be called here
+    if defined?(Panda::Testing) && Panda::Testing.respond_to?(:before_suite_hook)
+      Panda::Testing.before_suite_hook
+    end
+  end
+end

data/lib/panda/core/testing/support/authentication_helpers.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Panda
+  module Core
+    module AuthenticationHelpers
+      # Create test users with fixed IDs for consistent fixture references
+      def create_admin_user
+        Panda::Core::User.find_or_create_by!(id: "8f481fcb-d9c8-55d7-ba17-5ea5d9ed8b7a") do |user|
+          user.email = "admin@test.example.com"
+          user.firstname = "Admin"
+          user.lastname = "User"
+          user.admin = true
+        end
+      end
+
+      def create_regular_user
+        Panda::Core::User.find_or_create_by!(id: "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d") do |user|
+          user.email = "user@test.example.com"
+          user.firstname = "Regular"
+          user.lastname = "User"
+          user.admin = false
+        end
+      end
+
+      # For request specs - set session directly
+      def sign_in_as(user)
+        session[:user_id] = user.id
+        Panda::Core::Current.user = user
+      end
+
+      # For system specs - use test session endpoint if available
+      def login_as_admin
+        admin_user = create_admin_user
+        if defined?(Panda::CMS)
+          # CMS provides test session endpoint
+          post "/admin/test_sessions", params: {user_id: admin_user.id}
+        else
+          # Fall back to direct session setting
+          sign_in_as(admin_user)
+        end
+      end
+
+      def login_as_regular_user
+        regular_user = create_regular_user
+        if defined?(Panda::CMS)
+          post "/admin/test_sessions", params: {user_id: regular_user.id}
+        else
+          sign_in_as(regular_user)
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  # Include authentication helpers for all spec types (model, request, system, component, etc.)
+  config.include Panda::Core::AuthenticationHelpers
+end

data/lib/panda/core/testing/support/authentication_test_helpers.rb

@@ -0,0 +1,260 @@
+# frozen_string_literal: true
+
+# Comprehensive authentication test helpers for Panda Core and consuming gems
+# This module provides helpers for:
+# - Creating test users with fixed IDs
+# - OAuth mocking and configuration
+# - Test session management
+# - Request and system test authentication
+
+module Panda
+  module Core
+    module AuthenticationTestHelpers
+      # ============================================================================
+      # USER CREATION HELPERS
+      # ============================================================================
+
+      # Create an admin user with fixed ID for consistent fixture references
+      def create_admin_user(attributes = {})
+        ensure_columns_loaded
+        admin_id = "8f481fcb-d9c8-55d7-ba17-5ea5d9ed8b7a"
+        Panda::Core::User.find_or_create_by!(id: admin_id) do |user|
+          user.email = attributes[:email] || "admin@example.com"
+          user.firstname = attributes[:firstname] || "Admin" if user.respond_to?(:firstname=)
+          user.lastname = attributes[:lastname] || "User" if user.respond_to?(:lastname=)
+          user.name = attributes[:name] || "Admin User" if user.respond_to?(:name=) && !user.respond_to?(:firstname=)
+          user.image_url = attributes[:image_url] || default_image_url if user.respond_to?(:image_url=)
+          # Use is_admin for the actual column, but support both for compatibility
+          if user.respond_to?(:is_admin=)
+            user.is_admin = attributes.fetch(:admin, true)
+          elsif user.respond_to?(:admin=)
+            user.admin = attributes.fetch(:admin, true)
+          end
+          # Only set OAuth fields if they exist on the model
+          user.uid = attributes[:uid] || "admin_oauth_uid_123" if user.respond_to?(:uid=)
+          user.provider = attributes[:provider] || "google_oauth2" if user.respond_to?(:provider=)
+        end
+      end
+
+      # Create a regular user with fixed ID for consistent fixture references
+      def create_regular_user(attributes = {})
+        ensure_columns_loaded
+        regular_id = "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d"
+        Panda::Core::User.find_or_create_by!(id: regular_id) do |user|
+          user.email = attributes[:email] || "user@example.com"
+          user.firstname = attributes[:firstname] || "Regular" if user.respond_to?(:firstname=)
+          user.lastname = attributes[:lastname] || "User" if user.respond_to?(:lastname=)
+          user.name = attributes[:name] || "Regular User" if user.respond_to?(:name=) && !user.respond_to?(:firstname=)
+          user.image_url = attributes[:image_url] || default_image_url(dark: true) if user.respond_to?(:image_url=)
+          # Use is_admin for the actual column, but support both for compatibility
+          if user.respond_to?(:is_admin=)
+            user.is_admin = attributes.fetch(:admin, false)
+          elsif user.respond_to?(:admin=)
+            user.admin = attributes.fetch(:admin, false)
+          end
+          # Only set OAuth fields if they exist on the model
+          user.uid = attributes[:uid] || "user_oauth_uid_456" if user.respond_to?(:uid=)
+          user.provider = attributes[:provider] || "google_oauth2" if user.respond_to?(:provider=)
+        end
+      end
+
+      # Backwards compatibility with fixture access patterns
+      def admin_user
+        ensure_columns_loaded
+        @admin_user ||= Panda::Core::User.find_by(email: "admin@example.com") || create_admin_user
+      end
+
+      def regular_user
+        ensure_columns_loaded
+        @regular_user ||= Panda::Core::User.find_by(email: "user@example.com") || create_regular_user
+      end
+
+      # ============================================================================
+      # OMNIAUTH HELPERS
+      # ============================================================================
+
+      def clear_omniauth_config
+        OmniAuth.config.mock_auth.clear
+        Rails.application.env_config.delete("omniauth.auth") if defined?(Rails.application)
+      end
+
+      def mock_oauth_for_user(user, provider: :google_oauth2)
+        clear_omniauth_config
+        OmniAuth.config.test_mode = true
+        OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new({
+          provider: provider.to_s,
+          uid: (user.respond_to?(:uid) ? user.uid : nil) || user.id,
+          info: {
+            email: user.email,
+            name: user.name,
+            image: user.respond_to?(:image_url) ? user.image_url : nil
+          },
+          credentials: {
+            token: "mock_token_#{user.id}",
+            expires_at: Time.now + 1.week
+          }
+        })
+      end
+
+      # ============================================================================
+      # REQUEST SPEC HELPERS (Direct Session Manipulation)
+      # ============================================================================
+
+      # For request specs - set session directly (fast, no HTTP requests)
+      def sign_in_as(user)
+        # This works in request specs where we have direct access to the session
+        begin
+          if respond_to?(:session)
+            session[:user_id] = user.id
+          end
+        rescue NoMethodError
+          # Session method doesn't exist in this context (e.g., system specs)
+        end
+        Panda::Core::Current.user = user
+        user
+      end
+
+      # ============================================================================
+      # SYSTEM SPEC HELPERS (HTTP-based Authentication)
+      # ============================================================================
+
+      # For system specs - use test session endpoint (works across processes)
+      # This uses the TestSessionsController which is only available in test environment
+      #
+      # NOTE: Due to Cuprite's redirect handling, we visit the target path directly
+      # after setting up the session via the test endpoint. Flash messages won't be
+      # available in system tests due to cross-process timing. Use request specs
+      # to test flash messages (see authentication_request_spec.rb).
+      def login_with_test_endpoint(user, return_to: nil, expect_success: true)
+        return_path = return_to || determine_default_redirect_path
+
+        # Visit the test login endpoint (sets session via Redis)
+        # Note: Capybara/Cuprite may not follow the redirect properly, so we
+        # manually navigate to the expected destination
+        visit "/admin/test_login/#{user.id}?return_to=#{return_path}"
+
+        # Wait briefly for session to be set
+        sleep 0.2
+
+        # Manually visit the destination since Cuprite doesn't reliably follow redirects
+        if expect_success
+          visit return_path
+          # Wait for page to load
+          sleep 0.2
+
+          # Verify we're on the expected path
+          expect(page).to have_current_path(return_path, wait: 2)
+        end
+      end
+
+      # Convenience method: Login with Google OAuth provider (using test endpoint)
+      def login_with_google(user, expect_success: true)
+        login_with_test_endpoint(user, return_to: determine_default_redirect_path, expect_success: expect_success)
+      end
+
+      # Convenience method: Login with GitHub OAuth provider (using test endpoint)
+      def login_with_github(user, expect_success: true)
+        login_with_test_endpoint(user, return_to: determine_default_redirect_path, expect_success: expect_success)
+      end
+
+      # Convenience method: Login with Microsoft OAuth provider (using test endpoint)
+      def login_with_microsoft(user, expect_success: true)
+        login_with_test_endpoint(user, return_to: determine_default_redirect_path, expect_success: expect_success)
+      end
+
+      # High-level helper: Login as admin (creates user if needed)
+      def login_as_admin(attributes = {})
+        user = create_admin_user(attributes)
+        if respond_to?(:visit)
+          # System spec - use test endpoint
+          login_with_test_endpoint(user, expect_success: true)
+        else
+          # Request spec - use direct session
+          sign_in_as(user)
+        end
+        user
+      end
+
+      # High-level helper: Login as regular user (creates user if needed)
+      def login_as_user(attributes = {})
+        user = create_regular_user(attributes)
+        if respond_to?(:visit)
+          # System spec - regular users get redirected to login
+          login_with_test_endpoint(user, expect_success: false)
+        else
+          # Request spec - use direct session
+          sign_in_as(user)
+        end
+        user
+      end
+
+      # Manual OAuth login (slower, but tests actual OAuth flow)
+      # Use this when you need to test the OAuth callback handler itself
+      def manual_login_with_oauth(user, provider: :google_oauth2)
+        mock_oauth_for_user(user, provider: provider)
+
+        visit admin_login_path
+        expect(page).to have_css("#button-sign-in-#{provider}")
+        find("#button-sign-in-#{provider}").click
+
+        Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[provider]
+      end
+
+      # ============================================================================
+      # PRIVATE HELPER METHODS
+      # ============================================================================
+
+      private
+
+      def ensure_columns_loaded
+        return if @columns_loaded
+        Panda::Core::User.connection.schema_cache.clear!
+        Panda::Core::User.reset_column_information
+        @columns_loaded = true
+      end
+
+      def default_image_url(dark: false)
+        color = dark ? "%23999" : "%23ccc"
+        "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='100' height='100'%3E%3Crect width='100' height='100' fill='#{color}'/%3E%3C/svg%3E"
+      end
+
+      def determine_default_redirect_path
+        # Check if we're in a CMS context
+        if defined?(Panda::CMS)
+          "/admin/cms"
+        else
+          "/admin"
+        end
+      end
+
+      def admin_login_path
+        if defined?(panda_core)
+          panda_core.admin_login_path
+        else
+          "/admin/login"
+        end
+      end
+
+      def admin_root_path
+        if defined?(panda_core)
+          panda_core.admin_root_path
+        else
+          "/admin"
+        end
+      end
+    end
+  end
+end
+
+# Configure RSpec to include these helpers in appropriate test types
+RSpec.configure do |config|
+  config.include Panda::Core::AuthenticationTestHelpers, type: :request
+  config.include Panda::Core::AuthenticationTestHelpers, type: :system
+  config.include Panda::Core::AuthenticationTestHelpers, type: :controller
+end
+
+# Configure OmniAuth for testing
+OmniAuth.config.test_mode = true
+OmniAuth.config.on_failure = proc { |env|
+  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+}

data/lib/panda/core/testing/support/generator_spec_helper.rb

@@ -0,0 +1,97 @@
+require "rails/generators"
+
+module GeneratorSpecHelper
+  extend ActiveSupport::Concern
+
+  included do
+    before(:each) do
+      prepare_destination
+      @original_stdout = $stdout
+      $stdout = File.new(File::NULL, "w")
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(destination_root)
+      $stdout = @original_stdout
+    end
+  end
+
+  def destination_root
+    @destination_root ||= File.expand_path("../../tmp/generators", __dir__)
+  end
+
+  def prepare_destination
+    FileUtils.rm_rf(destination_root)
+    FileUtils.mkdir_p(destination_root)
+  end
+
+  def run_generator(args = [])
+    args = Array(args)
+    # Use the generator namespace instead of class name
+    generator_name = described_class.namespace
+    Rails::Generators.invoke(generator_name, args, destination_root: destination_root)
+  end
+
+  def generator
+    @generator ||= described_class.new([], destination_root: destination_root)
+  end
+
+  def file_exists?(path)
+    File.exist?(File.join(destination_root, path))
+  end
+
+  def read_file(path)
+    File.read(File.join(destination_root, path))
+  end
+
+  private
+
+  def capture(stream)
+    stream = stream.to_s
+    captured_stream = StringIO.new
+
+    # Map stream names to their global variables to avoid eval
+    streams = {
+      "stdout" => $stdout,
+      "stderr" => $stderr,
+      "stdin" => $stdin
+    }
+
+    original_stream = streams[stream]
+    case stream
+    when "stdout"
+      $stdout = captured_stream
+    when "stderr"
+      $stderr = captured_stream
+    when "stdin"
+      $stdin = captured_stream
+    else
+      raise ArgumentError, "Unsupported stream: #{stream}"
+    end
+
+    yield
+    captured_stream.string
+  ensure
+    case stream
+    when "stdout"
+      $stdout = original_stream
+    when "stderr"
+      $stderr = original_stream
+    when "stdin"
+      $stdin = original_stream
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include GeneratorSpecHelper, type: :generator
+
+  # Ensure generator tests have a clean environment
+  config.before(:each, type: :generator) do
+    prepare_destination
+  end
+
+  config.after(:each, type: :generator) do
+    FileUtils.rm_rf(destination_root) if defined?(destination_root)
+  end
+end

data/lib/panda/core/testing/support/html_helpers.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module HtmlHelpers
+  def normalize_html(html)
+    html.gsub(/\s+/, " ").strip
+  end
+end
+
+RSpec.configure do |config|
+  config.include HtmlHelpers
+end

data/lib/panda/core/testing/support/omniauth_setup.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+# Configure authentication providers for tests
+RSpec.configure do |config|
+  config.before(:each, type: :controller) do
+    # Set up test authentication providers
+    Panda::Core.configure do |core_config|
+      core_config.authentication_providers = {
+        google_oauth2: {
+          client_id: "test_client_id",
+          client_secret: "test_client_secret",
+          options: {}
+        }
+      }
+    end
+  end
+end

data/lib/panda/core/testing/support/service_stubs.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "tempfile"
+require "base64"
+
+# Stub services that make external HTTP requests to prevent them in tests
+RSpec.configure do |config|
+  config.before(:each) do
+    # Stub URI.open to prevent external HTTP requests when downloading avatars
+    # This affects AttachAvatarService which downloads avatars from OAuth providers
+    # Tests that specifically need real HTTP requests can override this stub
+    allow(URI).to receive(:open).and_wrap_original do |original_method, *args, **kwargs, &block|
+      url = args[0]
+
+      # Only stub avatar downloads from OAuth providers and test URLs
+      if /googleusercontent\.com|githubusercontent\.com|graph\.microsoft\.com|example\.com/.match?(url.to_s)
+        # Use the actual test fixture file instead of creating a fake file
+        # This ensures compatibility with Active Storage
+        fixture_path = Panda::Core::Engine.root.join("spec", "fixtures", "files", "test_image.jpg")
+        downloaded_file = File.open(fixture_path, "rb")
+
+        # Add methods that AttachAvatarService expects
+        downloaded_file.define_singleton_method(:content_type) { "image/jpeg" }
+        downloaded_file.define_singleton_method(:size) { File.size(fixture_path) }
+
+        # Call the block with our file if a block is given
+        if block_given?
+          result = block.call(downloaded_file)
+          downloaded_file.close unless downloaded_file.closed?
+          result
+        else
+          downloaded_file
+        end
+      else
+        # For other URLs, use the original method
+        original_method.call(*args, **kwargs, &block)
+      end
+    end
+  end
+end

data/lib/panda/core/testing/support/setup.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+def pause
+  $stderr.write "Press enter to continue"
+  $stdin.gets
+end
+
+def debugit
+  # Cuprite-specific debugging method
+  page.driver.debug
+end

data/lib/panda/core/version.rb

@@ -2,6 +2,6 @@
 
 module Panda
   module Core
-    VERSION = "0.7.0"
+    VERSION = "0.7.2"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: panda-core
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.2
 platform: ruby
 authors:
 - Otaina Limited
@@ -470,6 +470,14 @@ files:
 - lib/panda/core/services/base_service.rb
 - lib/panda/core/sluggable.rb
 - lib/panda/core/subscribers/authentication_subscriber.rb
+- lib/panda/core/testing/rails_helper.rb
+- lib/panda/core/testing/support/authentication_helpers.rb
+- lib/panda/core/testing/support/authentication_test_helpers.rb
+- lib/panda/core/testing/support/generator_spec_helper.rb
+- lib/panda/core/testing/support/html_helpers.rb
+- lib/panda/core/testing/support/omniauth_setup.rb
+- lib/panda/core/testing/support/service_stubs.rb
+- lib/panda/core/testing/support/setup.rb
 - lib/panda/core/version.rb
 - lib/tasks/assets.rake
 - lib/tasks/panda/core/migrations.rake