RubyGems - zen - Versions diffs - 0.3 → 0.4 - Mend

zen 0.3 → 0.4

Files changed (373) hide show

data/spec/zen/package/categories/controller/category_groups.rb CHANGED

@@ -2,7 +2,7 @@ require File.expand_path('../../../../../helper', __FILE__)
 Zen::Language.load('category_groups')
-describe("Categories::Controller::CategoryGroups") do
+describe "Categories::Controller::CategoryGroups" do
   behaves_like :capybara
   index_url     = Categories::Controller::CategoryGroups.r(:index).to_s
@@ -22,16 +22,7 @@ describe("Categories::Controller::CategoryGroups") do
     )
   end
-  it('Submit a form without a CSRF token') do
-    response = page.driver.post(
-      Categories::Controller::CategoryGroups.r(:save).to_s
-    )
-    response.body.include?(lang('zen_general.errors.csrf')).should == true
-    response.status.should                                         == 403
-  end
-  it('Find no existing category groups') do
+  it 'Find no existing category groups' do
     message = lang('category_groups.messages.no_groups')
     visit(index_url)
@@ -40,7 +31,18 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_selector?('table tbody tr').should == false
   end
-  it("Create a new category group") do
+  it 'Try to create a new category group with a missing CSRF token' do
+    visit(new_url)
+    within '#category_group_form' do
+      find('input[name="csrf_token"]').set('')
+      click_on(save_button)
+    end
+    page.has_content?(lang('zen_general.errors.csrf')).should == true
+  end
+  it "Create a new category group" do
     new_button  = lang('category_groups.buttons.new')
     name        = 'Spec category group'
     event_name  = nil
@@ -59,7 +61,7 @@ describe("Categories::Controller::CategoryGroups") do
     current_path.should == new_url
-    within('#category_group_form') do
+    within '#category_group_form' do
       fill_in('name', :with => name)
       click_on(save_button)
     end
@@ -72,12 +74,12 @@ describe("Categories::Controller::CategoryGroups") do
     event_name2.should == event_name
   end
-  it('Search for a category group') do
+  it 'Search for a category group' do
     visit(index_url)
     search_button = lang('zen_general.buttons.search')
     error         = lang('zen_general.errors.invalid_search')
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'Spec category group')
       click_on(search_button)
     end
@@ -85,7 +87,7 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_content?(error).should                 == false
     page.has_content?('Spec category group').should == true
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'does not exist')
       click_on(search_button)
     end
@@ -95,7 +97,7 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_selector?('table tbody tr').should     == false
   end
-  it("Edit an existing category group") do
+  it "Edit an existing category group" do
     event_name  = nil
     event_name2 = nil
     name        = 'Spec category group 123'
@@ -113,7 +115,7 @@ describe("Categories::Controller::CategoryGroups") do
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#category_group_form') do
+    within '#category_group_form' do
       fill_in('name', :with => name)
       click_on(save_button)
     end
@@ -128,7 +130,7 @@ describe("Categories::Controller::CategoryGroups") do
       group.name = 'Spec category group modified'
     end
-    within('#category_group_form') do
+    within '#category_group_form' do
       click_on(save_button)
     end
@@ -136,13 +138,13 @@ describe("Categories::Controller::CategoryGroups") do
       .value.should == 'Spec category group modified'
   end
-  it("Edit an existing category group with invalid data") do
+  it "Edit an existing category group with invalid data" do
     visit(index_url)
     click_link('Spec category group')
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#category_group_form') do
+    within '#category_group_form' do
       fill_in('name', :with => '')
       click_on(save_button)
     end
@@ -150,14 +152,44 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_selector?('span.error').should == true
   end
-  it('Fail to delete a category group without an ID') do
+  enable_javascript
+  it 'Automatically save a category group' do
+    visit(index_url)
+    click_link('Spec category group')
+    within '#category_group_form' do
+      fill_in('name', :with => 'Spec category group autosave')
+    end
+    autosave_form('category_group_form')
+    # Check if the content was actually saved.
+    visit(index_url)
+    page.has_content?('Spec category group autosave').should == true
+    click_link('Spec category group autosave')
+    within '#category_group_form' do
+      fill_in('name', :with => 'Spec category group modified')
+      click_on(save_button)
+    end
+    page.has_selector?('span.error').should      == false
+    page.find('input[name="name"]').value.should == 'Spec category group modified'
+  end
+  disable_javascript
+  it 'Fail to delete a category group without an ID' do
     visit(index_url)
     click_on(delete_button)
     page.has_selector?('input[name="category_group_ids[]"]').should == true
   end
-  it("Delete an existing category group") do
+  it "Delete an existing category group" do
     message     = lang('category_groups.messages.no_groups')
     event_name  = nil
     event_name2 = nil

data/spec/zen/package/categories/helper/category.rb CHANGED

@@ -1,6 +1,6 @@
 require File.expand_path('../../../../../helper', __FILE__)
-describe('Ramaze::Helper::Category') do
+describe 'Ramaze::Helper::Category' do
   behaves_like :capybara
   category_group = ::Categories::Model::CategoryGroup.create(
@@ -12,7 +12,7 @@ describe('Ramaze::Helper::Category') do
     :category_group_id => category_group.id
   )
-  it('Validate a valid category group') do
+  it 'Validate a valid category group' do
     url = ::Categories::Controller::Categories.r(
       :index, category_group.id
     ).to_s
@@ -22,7 +22,7 @@ describe('Ramaze::Helper::Category') do
     current_path.should == "/admin/categories/index/#{category_group.id}"
   end
-  it('Validate an invalid category group') do
+  it 'Validate an invalid category group' do
     url = ::Categories::Controller::Categories.r(
       :index, category_group.id + 1
     ).to_s
@@ -32,7 +32,7 @@ describe('Ramaze::Helper::Category') do
     current_path.should == '/admin/category-groups/index'
   end
-  it('Validate a valid category') do
+  it 'Validate a valid category' do
     group_id = category_group.id
     cat_id   = category.id
@@ -45,7 +45,7 @@ describe('Ramaze::Helper::Category') do
     current_path.should == "/admin/categories/edit/#{group_id}/#{cat_id}"
   end
-  it('Validate an invalid category') do
+  it 'Validate an invalid category' do
     group_id = category_group.id
     url = ::Categories::Controller::Categories.r(

data/spec/zen/package/categories/helper/category_frontend.rb CHANGED

@@ -1,7 +1,7 @@
 require File.expand_path('../../../../../helper', __FILE__)
 require File.join(Zen::FIXTURES, 'package/categories/helper/category_frontend')
-describe('Ramaze::Helper::CategoryFrontend') do
+describe 'Ramaze::Helper::CategoryFrontend' do
   behaves_like :capybara
   extend Ramaze::Helper::CategoryFrontend
@@ -20,28 +20,28 @@ describe('Ramaze::Helper::CategoryFrontend') do
     :category_group_id => category_group.id
   )
-  it('Retrieve categories for a group ID') do
+  it 'Retrieve categories for a group ID' do
     categories = get_categories(category_group.id).all
     categories.length.should   == 2
     categories[0].name.should  == category1.name
   end
-  it('Retrieve categories for a group slug') do
+  it 'Retrieve categories for a group slug' do
     categories = get_categories(category_group.name).all
     categories.length.should   == 2
     categories[0].name.should  == category1.name
   end
-  it('Limit the amount of results') do
+  it 'Limit the amount of results' do
     categories = get_categories(category_group.id, :limit => 1).all
     categories.length.should  == 1
     categories[0].name.should == category1.name
   end
-  it('Retrieve and paginate two categories') do
+  it 'Retrieve and paginate two categories' do
     visit('/spec-category-frontend')
     page.has_selector?('p').should          == true

data/spec/zen/package/comments/anti_spam.rb CHANGED

@@ -1,6 +1,6 @@
 require File.expand_path('../../../../helper', __FILE__)
-describe('Comments::AntiSpam') do
+describe 'Comments::AntiSpam' do
   behaves_like :capybara
   spam_comment = 'Hello, you can buy viagra here ' \
@@ -23,20 +23,20 @@ describe('Comments::AntiSpam') do
     'http://api.defensio.com/2.0/users/test/documents.yaml'
   ).to_return(:body => yaml_response)
-  it('Fail to use an invalid engine') do
+  it 'Fail to use an invalid engine' do
     should.raise?(ArgumentError) do
       Comments::AntiSpam.validate(:foobar, nil, nil, nil, spam_comment)
     end
   end
-  it('Validate a spam comment using Defensio') do
+  it 'Validate a spam comment using Defensio' do
     get_setting(:defensio_key).value = 'test'
     Comments::AntiSpam.validate(:defensio, nil, nil, nil, spam_comment) \
       .should == true
   end
-  it('Fail to validate using defensio without an API key') do
+  it 'Fail to validate using defensio without an API key' do
     get_setting(:defensio_key).value = nil
     should.raise? do

data/spec/zen/package/comments/controller/comments.rb CHANGED

@@ -1,6 +1,6 @@
 require File.expand_path('../../../../../helper', __FILE__)
-describe('Comments::Controller::Comments') do
+describe 'Comments::Controller::Comments' do
   behaves_like :capybara
   index_url   = Comments::Controller::Comments.r(:index).to_s
@@ -30,16 +30,7 @@ describe('Comments::Controller::Comments') do
     )
   end
-  it('Submit a form without a CSRF token') do
-    response = page.driver.post(
-      Comments::Controller::Comments.r(:save).to_s
-    )
-    response.body.include?(lang('zen_general.errors.csrf')).should == true
-    response.status.should                                         == 403
-  end
-  it('Find no existing comments') do
+  it 'Find no existing comments' do
     message = lang('comments.messages.no_comments')
     visit(index_url)
@@ -48,9 +39,9 @@ describe('Comments::Controller::Comments') do
     page.has_selector?('table tbody tr').should == false
   end
-  it('Create a new comment') do
+  it 'Create a new comment' do
     comment = Comments::Model::Comment.create(
-      :user_id          => 1,
+      :user_id          => user_id,
       :section_entry_id => entry.id,
       :email            => 'spec@domain.tld',
       :comment          => 'Spec comment'
@@ -60,16 +51,29 @@ describe('Comments::Controller::Comments') do
     visit(index_url)
+    comment.exists?.should                      == true
     page.has_content?(message).should           == false
     page.has_selector?('table tbody tr').should == true
   end
-  it('Search for a comment') do
+  it 'Try to edit an existing comment with a missing CSRF token' do
+    visit(index_url)
+    click_link('Spec comment')
+    within '#comment_form' do
+      find('input[name="csrf_token"]').set('')
+      click_on(save_button)
+    end
+    page.has_content?(lang('zen_general.errors.csrf')).should == true
+  end
+  it 'Search for a comment' do
     visit(index_url)
     search_button = lang('zen_general.buttons.search')
     error         = lang('zen_general.errors.invalid_search')
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'Spec comment')
       click_on(search_button)
     end
@@ -77,7 +81,7 @@ describe('Comments::Controller::Comments') do
     page.has_content?(error).should          == false
     page.has_content?('Spec comment').should == true
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'spec@domain.tld')
       click_on(search_button)
     end
@@ -85,7 +89,7 @@ describe('Comments::Controller::Comments') do
     page.has_content?(error).should          == false
     page.has_content?('Spec comment').should == true
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'does not exist')
       click_on(search_button)
     end
@@ -94,7 +98,7 @@ describe('Comments::Controller::Comments') do
     page.has_content?('Spec comment').should == false
   end
-  it('Edit an existing comment') do
+  it 'Edit an existing comment' do
     event_comment  = nil
     event_comment2 = nil
     comment        = 'Spec modified 123'
@@ -112,7 +116,7 @@ describe('Comments::Controller::Comments') do
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#comment_form') do
+    within '#comment_form' do
       fill_in('comment', :with => comment)
       select(lang('comments.labels.open'), :from => 'comment_status_id')
       click_on(save_button)
@@ -133,7 +137,7 @@ describe('Comments::Controller::Comments') do
       comment.comment = 'Spec comment modified'
     end
-    within('#comment_form') do
+    within '#comment_form' do
       click_on(save_button)
     end
@@ -141,13 +145,13 @@ describe('Comments::Controller::Comments') do
       .value.should == 'Spec comment modified'
   end
-  it('Edit an existing comment with invalid data') do
+  it 'Edit an existing comment with invalid data' do
     visit(index_url)
     click_link('Spec comment')
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#comment_form') do
+    within '#comment_form' do
       fill_in('comment', :with => '')
       click_on(save_button)
     end
@@ -155,7 +159,37 @@ describe('Comments::Controller::Comments') do
     page.has_selector?('span.error').should == true
   end
-  it('Fail to delete a set of comments without IDs') do
+  enable_javascript
+  it 'Automatically save a comment' do
+    visit(index_url)
+    click_link('Spec comment')
+    within '#comment_form' do
+      fill_in('comment', :with => 'Spec comment autosave')
+    end
+    autosave_form('comment_form')
+    visit(index_url)
+    # Comments are truncated in the index overview.
+    page.has_content?('Spec comment au...').should == true
+    click_link('Spec comment au...')
+    within '#comment_form' do
+      fill_in('comment', :with => 'Spec comment modified')
+      click_on(save_button)
+    end
+    page.has_selector?('span.error').should            == false
+    page.find('textarea[name="comment"]').value.should == 'Spec comment modified'
+  end
+  disable_javascript
+  it 'Fail to delete a set of comments without IDs' do
     delete_button = lang('comments.buttons.delete')
     visit(index_url)
@@ -164,7 +198,7 @@ describe('Comments::Controller::Comments') do
     page.has_selector?('input[name="comment_ids[]"]').should == true
   end
-  it('Delete an existing comment') do
+  it 'Delete an existing comment' do
     delete_button  = lang('comments.buttons.delete')
     message        = lang('comments.messages.no_comments')
     event_comment  = nil
@@ -189,6 +223,43 @@ describe('Comments::Controller::Comments') do
     event_comment2.should == event_comment
   end
+  it 'Comments should not be able to use Etanni tags' do
+    comment = Comments::Model::Comment.create(
+      :user_id          => user_id,
+      :section_entry_id => entry.id,
+      :email            => 'spec@domain.tld',
+      :comment          => '<?r puts "hello" ?>'
+    )
+    comment.exists?.should == true
+    # Loofah completely strips the <?r ?> tags so all that remains are two
+    # backslashes.
+    comment.comment.should == '\\'
+    # Lets try #{}
+    comment.comment = 'hello #{name}'
+    comment.save
+    comment.comment.should == 'hello \#\{name\}'
+    comment.destroy
+  end
+  it 'Comments should not contain evil HTML elements' do
+    comment = Comments::Model::Comment.create(
+      :user_id          => user_id,
+      :section_entry_id => entry.id,
+      :email            => 'spec@domain.tld',
+      :comment          => '<script src="foobar.js"></script>'
+    )
+    comment.exists?.should        == true
+    comment.comment.empty?.should == true
+    comment.destroy
+  end
   entry.destroy
   section.destroy
 end