rails-prg 0.1.0

data/spec/dummy/public/404.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/spec/dummy/public/422.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/spec/dummy/public/500.html

@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/spec/rails/prg/features/error_duplication_spec.rb

@@ -0,0 +1,100 @@
+require "spec_helper"
+
+feature "Standard Rails render on errors" do
+  let(:existing_example) { ErrorDuplicator.create(subject: 'anything', body: 'test body', published: true) }
+
+  scenario "ensure secure environment for accurate test" do
+    # Check that environment tested is actually secure (without selenium)
+    visit new_error_duplicator_path
+    expect(page.response_headers["Cache-Control"]).to include("no-cache, no-store")
+  end
+
+  scenario "triggering browser cache error in secure environment with browser history disabled", js: true do
+    ErrorDuplicator.count.should eq(0)
+
+    # Create new with an error
+    visit new_error_duplicator_path
+    fill_in "Subject", :with => existing_example.subject
+    click_button "Create Error duplicator"
+    expect(page).to have_text("Subject has already been taken")
+
+    # Should have set the error on the object
+    expect(page).to have_field('Subject', with: existing_example.subject)
+
+    # Should *not* have redirected back
+    expect(page.current_path).to eq(error_duplicators_path)
+
+    # Should create successfully following an error
+    fill_in "Subject", :with => "testing NEW input"
+    click_button "Create Error duplicator"
+    expect(page).to have_text("Error duplicator was successfully created.")
+
+    ErrorDuplicator.count.should eq(2)
+
+    # On click of back button
+    page.execute_script("window.history.back();")
+
+    # Cache miss error displayed for specific browser
+    case $selenium_display.browser.to_sym
+    when :firefox
+      expect(page.find("h1#errorTitleText")).to have_text("Document Expired")
+      expect(page.find("p#errorShortDescText")).to have_text("This document is no longer available.")
+      expect(page.find("div#errorLongDesc")).to have_text("The requested document is not available in Firefox's cache")
+      expect(page.current_path).to eq(error_duplicators_path)
+    when :chrome
+      within "div#main-frame-error" do
+        expect(page.find("h1")).to have_text("Confirm Form Resubmission")
+        click_button "More" #triggers chrome to load error code
+        expect(page.find("div.error-code")).to have_text("Error code: ERR_CACHE_MISS")
+      end
+    else
+      raise "Error - Unhandled browser"
+    end
+  end
+
+  scenario "ensure non-secure environment for accurate test" do
+    # Check that environment tested is not secure (without selenium)
+    visit edit_error_duplicator_path(existing_example)
+    expect(page.response_headers["Cache-Control"]).not_to include("no-cache, no-store")
+  end
+
+  scenario "working normally in non-secure environment with browser history", js: true do
+    # Edit page has no secure headers set
+    visit edit_error_duplicator_path(existing_example)
+
+    fill_in "Subject", :with => ""
+    click_button "Update Error duplicator"
+    expect(page).to have_text("Subject can't be blank")
+    expect(page).to have_field('Subject', with: "")
+    expect(page.current_path).to eq(error_duplicator_path(existing_example))
+
+    # Edit successfully
+    fill_in "Subject", :with => "updated test input"
+    click_button "Update Error duplicator"
+    expect(page).to have_text("Error duplicator was successfully updated.")
+
+    # Should *not* have redirected back
+    expect(page.current_path).to eq(error_duplicator_path(existing_example))
+
+    # On click of back button
+    page.execute_script("window.history.back();")
+
+    # Browser specific way of handling 'back' with errors in non-secure environment
+    case $selenium_display.browser.to_sym
+    when :firefox
+      # Backs all the way back to edit page without errors (pre-post)
+      expect(page.current_path).to eq(edit_error_duplicator_path(existing_example))
+      page.should have_content("Editing error_duplicator")
+      expect(page).to_not have_text("Subject can't be blank")
+      expect(page).to have_field('Subject', with: "") #Posted value
+    when :chrome
+      # Backs all the way back to show page with errors (post -> rendered error)
+      expect(page.current_path).to eq(error_duplicator_path(existing_example))
+      page.should have_content("Editing error_duplicator")
+      expect(page).to have_text("Subject can't be blank")
+      expect(page).to have_field('Subject', with: "updated test input") #updated value
+    else
+      raise "Error - Unhandled browser"
+    end
+  end
+end

data/spec/rails/prg/features/redirected_objects_spec.rb

@@ -0,0 +1,92 @@
+require "spec_helper"
+
+feature "Use full post-redirect-get displaying original params and errors on redirect" do
+  let(:existing_example) { ExamplePrg.create(subject: 'existing test input', body: 'test body', published: true) }
+
+  scenario "ensure secure environment for accurate test" do
+    # Check that environment tested is actually secure (without selenium)
+    visit new_error_duplicator_path
+    expect(page.response_headers["Cache-Control"]).to include("no-cache, no-store")
+  end
+
+  scenario "within a secure environment with browser history disallowed", js: true do
+    ExamplePrg.count.should eq(0)
+
+    # Create error
+    visit new_example_prg_path
+    fill_in "Subject", :with => existing_example.subject
+    click_button "Create Example prg"
+    expect(page).to have_text("Subject has already been taken")
+
+    # Should have set the error on the object
+    expect(page).to have_field('Subject', with: existing_example.subject)
+
+    # Should have redirected back
+    expect(page.current_path).to eq(new_example_prg_path)
+
+    # Should create successfully following error
+    fill_in "Subject", :with => "testing NEW input"
+    click_button "Create Example prg"
+    expect(page).to have_text("Example prg was successfully created.")
+
+    ExamplePrg.count.should eq(2)
+
+    # On click of back button
+    page.execute_script("window.history.back();")
+
+    # Should go back to a blank 'new' page
+    expect(page).to have_text("New example_prg")
+    expect(page.current_path).to eq(new_example_prg_path)
+    expect(page).not_to have_text("Subject has already been taken") #no errors
+
+    # Browser specific redirection
+    case $selenium_display.browser.to_sym
+    when :firefox
+      # Backs to the new page being completely empty
+      expect(page).to have_field('Subject', with: "")
+    when :chrome
+      # Backs to the new page with original entries already loaded
+      expect(page).to have_field('Subject', with: "testing NEW input")
+    else
+      raise "Error - Unhandled browser"
+    end
+  end
+
+  scenario "ensure normal browser history environment for accurate test" do
+    # Check that environment tested is not secure
+    #  -> Selenium driver cannot check response headers
+    visit edit_example_prg_path(existing_example)
+    expect(page.response_headers["Cache-Control"]).not_to include("no-cache, no-store")
+  end
+
+  scenario "within a normal browser history environment", js: true do
+    # Edit page has no secure headers set
+    visit edit_example_prg_path(existing_example)
+
+    # Create error
+    fill_in "Subject", :with => ""
+    click_button "Update Example prg"
+
+    # Should redirect back to edit page with errors
+    expect(page.current_path).to eq(edit_example_prg_path(existing_example))
+    expect(page).to have_text("Subject can't be blank")
+    expect(page).to have_field('Subject', with: "")
+
+    # Edit successfully
+    fill_in "Subject", :with => "updated test input"
+    click_button "Update Example prg"
+    expect(page).to have_text("Example prg was successfully updated.")
+
+    # Should have redirected back
+    expect(page.current_path).to eq(example_prg_path(existing_example))
+
+    # On click of back button
+    page.execute_script("window.history.back();")
+
+    # Should have redirected back to edit page with errors
+    expect(page.current_path).to eq(edit_example_prg_path(existing_example))
+    expect(page).to have_text("Subject can't be blank")
+    expect(page).to have_field('Subject', with: "updated test input")
+    expect(page).to have_field('Published', with: 1)
+  end
+end

data/spec/rails/prg/redirected_object_controller_spec.rb

@@ -0,0 +1,282 @@
+require "spec_helper"
+#require "action_controller"
+
+describe ExamplePrgsController, type: :controller do
+
+  describe "post redirect get with error conditions" do
+    # Example Post-Redirect-Get on error conditions
+    # without Rails error->render pattern
+    class TestObject
+      include ActiveModel::Validations
+      attr_accessor :some_field
+      attr_reader :protected_field, :private_field
+
+      def initialize(passed_attributes = {})
+        self.some_field = passed_attributes[:some_field] if passed_attributes
+      end
+
+      protected
+
+      def protected_field=(value)
+        @protected_field = value #Shouldn't allow this
+      end
+
+      private
+
+      def private_field=(value)
+        @private_field = value #Shouldn't allow this
+      end
+    end
+
+    controller(ExamplePrgsController) do
+      def new
+        safe_params = [
+          :some_field, :set_redirected_flash,
+          :protected_field, :private_field
+        ]
+        fake_flash_for_test(safe_params)
+
+        @object = TestObject.new(params.permit(*safe_params))
+
+        load_redirected_objects!
+
+        render text: 'successful load'
+      end
+
+      def create
+        @object = TestObject.new(create_params)
+
+        if params.delete(:error)
+          @object.errors.add(:some_field, "not present")
+          set_redirected_object!('@object', @object, create_params)
+          redirect_to '/back_to_new_page'
+        else
+          redirect_to '/successful_result'
+        end
+      end
+
+      private
+
+      def create_params
+        @create_params ||= begin
+          if params.delete(:with_strong_parameters)
+            params.require(:object).permit(:some_field)
+          else
+            #Unsafe parameters
+            params[:object]
+          end
+        end
+      end
+
+      # As request hasn't happened in test yet,
+      # we must set flash manually that would handle redirected objects
+      # This duplicates the behaviour for unit testing 'after' a redirect
+      def fake_flash_for_test(allowed_params)
+        if params[:set_redirected_flash]
+          content_for_flash = JSON.parse(params[:set_redirected_flash], symbolize_names: true)
+          flash[:redirected_objects] = if params.delete(:raw_hash)
+            # Checking if a developer has passed raw hashes instead
+            # of full parameters hash with permitted attributes
+            content_for_flash
+          else
+            object_params = content_for_flash[:@object][:params]
+            if object_params
+              # Ensure params are set as proper parameters object like they
+              # should be in controller before
+              controller_params = ActionController::Parameters.new(object_params).permit(*allowed_params)
+              content_for_flash[:@object][:params] = controller_params
+            end
+            content_for_flash
+          end
+        end
+      end
+    end
+
+    context "on change" do
+      context "when error occurs with unpermitted params" do
+        let(:params) do
+          {
+            error: true,
+            object: {
+              unknown_field: 'scary unsafe value',
+              another_unknown: 'field'
+            }
+          }
+        end
+
+        context "with submission" do
+          it "should raise error with descriptive error message for faster debugging" do
+            expect { post :create, params }.to raise_error { |exception_received|
+              exception_received.should be_a(RuntimeError)
+              exception_received.to_s.should eq(
+                '[Rails::Prg] Error - Must use permitted strong parameters. Unsafe: unknown_field, another_unknown'
+              )
+            }
+            # Must use curly braces https://github.com/rspec/rspec-expectations/commit/dd5ee3aba1eb33b3dacc56a12964e48a0d2c84f5
+            # Until rspec-expectations 3+ is used
+          end
+        end
+      end
+
+      context "when error occurs for permitted params" do
+        let(:params) { { error: true, with_strong_parameters: true, object: { some_field: 'input value'} } }
+
+        before do
+          post :create, params
+        end
+        subject { response }
+
+        it { should redirect_to '/back_to_new_page' }
+
+        context "flash for redirected objects" do
+          subject { flash[:redirected_objects] }
+
+          it "should set required attributes" do
+            subject.should eq(
+              {
+                '@object' => {
+                  errors: { some_field: ["not present"] },
+                  params: { "some_field" => "input value" }
+                }
+              }
+            )
+          end
+        end
+      end
+
+      context "when no error has occured" do
+        let(:params) { {} }
+        before do
+          post :create, params
+        end
+        subject { response }
+
+        it { should redirect_to '/successful_result' }
+
+        context "flash error" do
+          subject { flash[:redirected_objects] }
+
+          it { should_not be_present }
+        end
+      end
+    end
+
+    context "after a redirect" do
+      context "after an error has occured" do
+        before do
+          get :new, params
+        end
+        subject { controller.instance_variable_get(:@object) }
+
+        let(:object_errors)    { { some_field: ["not present"] } }
+        let(:object_params)    { { some_field: "inputted value" } }
+
+        let(:redirected_flash) do
+          {
+            '@object' => {
+              errors: object_errors,
+              params: object_params
+            }
+          }
+        end
+        let(:params) { { set_redirected_flash: redirected_flash.to_json } }
+        its(:errors) { should be_an_instance_of(ActiveModel::Errors) }
+
+        it "should have applied the errors to the object for display" do
+          subject.errors.messages.should eq(object_errors)
+        end
+
+        it "should have applied any values passed in previous form" do
+          subject.some_field.should eq("inputted value")
+        end
+
+        it "should have removed the collection from the flash object" do
+          flash[:redirected_objects].should be_blank
+        end
+      end
+
+      context "when a developer sends unsafe parameters" do
+        let(:object_errors) { { some_field: ["not present"] } }
+        let(:object_params) { { some_field: "inputted value" } }
+        let(:params)        { { raw_hash: true, set_redirected_flash: redirected_flash.to_json } }
+        let(:redirected_flash) do
+          {
+            '@object' => {
+              errors: object_errors,
+              params: object_params
+            }
+          }
+        end
+
+        it 'should raise an error' do
+          # Must be curly braces https://github.com/rspec/rspec-expectations/commit/dd5ee3aba1eb33b3dacc56a12964e48a0d2c84f5
+          # do...end blocks for raise_error are ignored...
+          # Until rspec-expectations 3+ is used
+          expect { get :new, params }.to raise_error { |exception_received|
+            exception_received.should be_a(RuntimeError)
+            exception_received.to_s.should eq('[Rails::Prg] Error - Must pass strong parameters.')
+          }
+        end
+
+        it 'should always clear the flash' do
+          expect { get :new, params }.to raise_error
+          flash[:redirected_objects].should be_blank
+        end
+
+        it "should set errors on to the object" do
+          expect { get :new, params }.to raise_error
+          controller.instance_variable_get(:@object).errors.should be_an_instance_of(ActiveModel::Errors)
+        end
+      end
+
+      context "when attempting to assign illegal fields" do
+        let(:params)        { { set_redirected_flash: redirected_flash.to_json } }
+        let(:redirected_flash) do
+          {
+            '@object' => {
+              errors: {},
+              params: object_params
+            }
+          }
+        end
+
+        context "assigning on to object" do
+          context "protected fields" do
+            let(:object_params) { { protected_field: 'protected value' } }
+
+            it "should raise an error on assignment" do
+              expect {  get :new, params }.to raise_error { |exception_received|
+                exception_received.should be_a(NoMethodError)
+                exception_received.to_s.should include("protected method `protected_field=' called for")
+              }
+            end
+          end
+
+          context "private fields" do
+            let(:object_params) { { private_field: 'private value' } }
+
+            it "should raise an error on assignment" do
+              expect {  get :new, params }.to raise_error { |exception_received|
+                exception_received.should be_a(NoMethodError)
+                exception_received.to_s.should include("private method `private_field=' called for")
+              }
+            end
+          end
+        end
+      end
+    end
+
+    context "when no error has occured" do
+      let(:redirected_flash) { nil }
+      let(:params)           { nil }
+
+      before do
+        get :new, params
+      end
+
+      subject { controller.instance_variable_get(:@object) }
+
+      its(:errors) { should be_empty }
+    end
+  end
+end