qiita_team_services 0.3.5 → 0.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3704aa3fd1816af8903e4e9d6b1b4a30b212813a
-  data.tar.gz: 6da5d69f29bfe6624b92caeeb0ba44895a502837
+  metadata.gz: fef4a03f843aba4fd94b121bb2bc3b167925c41c
+  data.tar.gz: 4fe8e266110be34bbc07f01dae2a46e4c3f580dc
 SHA512:
-  metadata.gz: 0fb982dedd4396887380e660d90b6fbc05938e41287f498507298a8851181cff4627d2179a68e5fdb09fe3ab7078deb0ec3da10fb8d7184617deb3c5dcc206f4
-  data.tar.gz: 3485b7c84bbcc067148714be6c0bedb40b74ec08fc56fb2a7f46aa2a9778a23448ba3dcc4e402f6ee34cf78bd5f50925034a6876d6219ac6c2b52374eef7c79f
+  metadata.gz: 581ea55242fad065de959775b300bc189c5ce7828ebb1cb7a3e1c68203e55eac9cfff6cf5dfd5c39be7cc3f645918c0159de0a087040d567842e04fde3cf30bf
+  data.tar.gz: 5e7d81e6e64d8e27afc29d0fa2772021897981ca0dcdc3d2186cfe696adf4da6a38271edddaff419cb4ec803d6be8f436a5df0a2c8224b69cff774eaef1e71b7

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# 0.3.6
+
+- [#13] Escape special characters for slack markup.
+
 # 0.3.5
 
 - Add link to comments.

data/lib/qiita/team/services/hooks/concerns/slack.rb

@@ -248,13 +248,13 @@ module Qiita::Team::Services
         # @param user [Qiita::Team::Services::Resources::User]
         # @return [String]
         def user_link(user)
-          "<#{user.url}|#{user.name}>"
+          "<#{user.url}|#{markup_escape(user.name)}>"
         end
 
         # @param item [Qiita::Team::Services::Resources::Item]
         # @return [String]
         def item_link(item)
-          "<#{item.url}|#{item.title}>"
+          "<#{item.url}|#{markup_escape(item.title)}>"
         end
 
         # @param comment [Qiita::Team::Services::Resources::Comment]
@@ -266,13 +266,27 @@ module Qiita::Team::Services
         # @param project [Qiita::Team::Services::Resources::Project]
         # @return [String]
         def project_link(project)
-          "<#{project.url}|#{project.name}>"
+          "<#{project.url}|#{markup_escape(project.name)}>"
         end
 
         # @param team [Qiita::Team::Services::Resources::Team]
         # @return [String]
         def team_link(team)
-          "<#{team.url}|#{team.name}>"
+          "<#{team.url}|#{markup_escape(team.name)}>"
+        end
+
+        # Escape special characters for Slack markup.
+        #
+        # @see https://api.slack.com/docs/formatting
+        # @param text [String]
+        # @return [String]
+        def markup_escape(text)
+          table_for_escape = {
+            "&" => "&amp;",
+            "<" => "&lt;",
+            ">" => "&gt;",
+          }
+          text.gsub(/[&<>]/, table_for_escape)
         end
       end
     end

data/lib/qiita/team/services/version.rb

@@ -1,3 +1,3 @@
 module Qiita::Team::Services
-  VERSION = "0.3.5"
+  VERSION = "0.3.6"
 end

data/spec/support/factories/users.rb

@@ -5,7 +5,7 @@ FactoryGirl.define do
     id { generate(:id) }
     url_name { "url_name#{id}" }
     name { "name#{id}" }
-    url { "#{build(:team).url}/#{name}" }
+    url { "#{build(:team).url}/#{url_name}" }
     profile_image_url "http://example.com"
   end
 end

data/spec/support/helpers/slack_hook_helper.rb

@@ -28,15 +28,6 @@ module Qiita::Team::Services
         :team_member_removed,
       ].freeze
 
-      EVENT_NAMES_TO_SEND_WITH_ATTACHMENTS = [
-        :item_comment_created,
-        :item_created,
-        :project_comment_created,
-      ].freeze
-
-      EVENT_NAMES_TO_SEND_WITH_TEXT =
-        (EXPECTED_AVAILABLE_EVENT_NAMES - EVENT_NAMES_TO_SEND_WITH_ATTACHMENTS).freeze
-
       included do
         shared_examples "Slack hook" do |hook:|
           describe ".service_name" do
@@ -80,19 +71,8 @@ module Qiita::Team::Services
             end
           end
 
-          EVENT_NAMES_TO_SEND_WITH_TEXT.each do |event_name|
-            describe "##{event_name}" do
-              subject do
-                send(hook).public_send(event_name, public_send("#{event_name}_event"))
-              end
-
-              it "sends proper text message" do
-                expect(send(hook)).to receive(:send_message) do |request_body|
-                  expect(request_body).to match_slack_text_request
-                end.once
-                subject
-              end
-
+          describe "hook methods" do
+            shared_examples "hook method" do
               context "when message is delivered successfully" do
                 include_context "Delivery success"
 
@@ -105,31 +85,178 @@ module Qiita::Team::Services
                 it { expect { subject }.to raise_error(Qiita::Team::Services::DeliveryError) }
               end
             end
-          end
 
-          EVENT_NAMES_TO_SEND_WITH_ATTACHMENTS.each do |event_name|
-            describe "##{event_name}" do
-              subject do
-                send(hook).public_send(event_name, public_send("#{event_name}_event"))
+            shared_examples "text request hook method" do
+              it "sends proper text request message" do
+                expect(send(hook)).to receive(:send_message) do |request_body|
+                  expect(request_body).to match_slack_text_request
+                end.once
+                subject
               end
+            end
 
+            shared_examples "attachments request hook method" do
               it "sends message with proper attachments" do
                 expect(send(hook)).to receive(:send_message) do |request_body|
                   expect(request_body).to match_slack_attachments_request
                 end.once
                 subject
               end
+            end
 
-              context "when message is delivered successfully" do
-                include_context "Delivery success"
+            subject do
+              send(hook).public_send(event_name,
+                                     public_send("#{event_name}_event",
+                                                 try(:resource), try(:user), try(:team)))
+            end
 
-                it { expect { subject }.not_to raise_error }
+            describe "#item_created" do
+              let(:event_name) { "item_created" }
+              it_behaves_like "hook method"
+              it_behaves_like "attachments request hook method"
+
+              context "when the item's title has angle bracket characters" do
+                let(:resource) { build(:item, title: "1 on 1 qiitan <> kobito") }
+                it_behaves_like "attachments request hook method"
               end
 
-              context "when message is not delivered successfully" do
-                include_context "Delivery fail"
+              context "when the user's name has angle bracket characters" do
+                let(:user) { build(:user, name: "<Qiitan>") }
+                it_behaves_like "attachments request hook method"
+              end
+            end
 
-                it { expect { subject }.to raise_error(Qiita::Team::Services::DeliveryError) }
+            %w(became_coediting destroyed updated).each do |action_name|
+              describe "#item_#{action_name}" do
+                let(:event_name) { "item_#{action_name}" }
+                it_behaves_like "hook method"
+                it_behaves_like "text request hook method"
+
+                context "when the item's title has angle bracket characters" do
+                  let(:resource) { build(:item, title: "1 on 1 qiitan <> kobito") }
+                  it_behaves_like "text request hook method"
+                end
+
+                context "when the user's name has angle bracket characters" do
+                  let(:user) { build(:user, name: "<Qiitan>") }
+                  it_behaves_like "text request hook method"
+                end
+              end
+            end
+
+            describe "#item_comment_created" do
+              let(:event_name) { "item_comment_created" }
+              it_behaves_like "hook method"
+              it_behaves_like "attachments request hook method"
+
+              context "when the item's title has angle bracket characters" do
+                let(:resource) do
+                  build(:comment, item: build(:item, title: "1 on 1 qiitan <> kobito"))
+                end
+                it_behaves_like "attachments request hook method"
+              end
+
+              context "when the user's name has angle bracket characters" do
+                let(:user) { build(:user, name: "<Qiitan>") }
+                it_behaves_like "attachments request hook method"
+              end
+            end
+
+            %w(destroyed updated).each do |action_name|
+              describe "#item_comment_#{action_name}" do
+                let(:event_name) { "item_comment_#{action_name}" }
+                it_behaves_like "hook method"
+                it_behaves_like "text request hook method"
+
+                context "when the item's title has angle bracket characters" do
+                  let(:resource) do
+                    build(:comment, item: build(:item, title: "1 on 1 qiitan <> kobito"))
+                  end
+                  it_behaves_like "text request hook method"
+                end
+
+                context "when the user's name has angle bracket characters" do
+                  let(:user) { build(:user, name: "<Qiitan>") }
+                  it_behaves_like "text request hook method"
+                end
+              end
+            end
+
+            %w(activated archived created destroyed updated).each do |action_name|
+              describe "#project_#{action_name}" do
+                let(:event_name) { "project_#{action_name}" }
+                it_behaves_like "hook method"
+                it_behaves_like "text request hook method"
+
+                context "when the project's name has angle bracket characters" do
+                  let(:resource) { build(:project, name: "1 on 1 project qiitan <> kobito") }
+                  it_behaves_like "text request hook method"
+                end
+
+                context "when the user's name has angle bracket characters" do
+                  let(:user) { build(:user, name: "<Qiitan>") }
+                  it_behaves_like "text request hook method"
+                end
+              end
+            end
+
+            describe "#project_comment_created" do
+              let(:event_name) { "project_comment_created" }
+              it_behaves_like "hook method"
+              it_behaves_like "attachments request hook method"
+
+              context "when the project's name has angle bracket characters" do
+                let(:resource) do
+                  build(:project_comment,
+                        item: build(:project, name: "1 on 1 project qiitan <> kobito"))
+                end
+                it_behaves_like "attachments request hook method"
+              end
+
+              context "when the user's name has angle bracket characters" do
+                let(:user) { build(:user, name: "<Qiitan>") }
+                it_behaves_like "attachments request hook method"
+              end
+            end
+
+            %w(destroyed updated).each do |action_name|
+              describe "#project_comment_#{action_name}" do
+                let(:event_name) { "project_comment_#{action_name}" }
+                it_behaves_like "hook method"
+                it_behaves_like "text request hook method"
+
+                context "when the project's name has angle bracket characters" do
+                  let(:resource) do
+                    build(:project_comment,
+                          item: build(:project, name: "1 on 1 project qiitan <> kobito"))
+                  end
+                  it_behaves_like "text request hook method"
+                end
+
+                context "when the user's name has angle bracket characters" do
+                  let(:user) { build(:user, name: "<Qiitan>") }
+                  it_behaves_like "text request hook method"
+                end
+              end
+            end
+
+            %w(added removed).each do |action_name|
+              describe "#team_member_#{action_name}" do
+                let(:event_name) { "team_member_#{action_name}" }
+                it_behaves_like "hook method"
+                it_behaves_like "text request hook method"
+
+                context "when the team's name has angle bracket characters" do
+                  let(:team) do
+                    build(:team, name: "qiitan <> kobito team", url: "https://qiitan.qiita.com")
+                  end
+                  it_behaves_like "text request hook method"
+                end
+
+                context "when the user's name has angle bracket characters" do
+                  let(:user) { build(:user, name: "<Qiitan>") }
+                  it_behaves_like "text request hook method"
+                end
               end
             end
           end

data/spec/support/matchers/match_slack_text_request.rb

@@ -3,6 +3,11 @@ RSpec::Matchers.define :match_slack_text_request do
     request_body.is_a?(Hash) && \
       request_body.key?(:text) && \
       !request_body.key?(:attachments) && \
-      request_body[:text].is_a?(String)
+      request_body[:text].is_a?(String) && \
+      !illegal_slack_link_format?(request_body[:text])
+  end
+
+  def illegal_slack_link_format?(text)
+    text.match(/<[^>]+</)
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: qiita_team_services
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.3.6
 platform: ruby
 authors:
 - Yuku Takahashi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-26 00:00:00.000000000 Z
+date: 2015-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel-url_validator