RubyGems - zen - Versions diffs - 0.3 → 0.4 - Mend

zen 0.3 → 0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

data/spec/zen/package/categories/controller/category_groups.rb CHANGED

@@ -2,7 +2,7 @@ require File.expand_path('../../../../../helper', __FILE__)
 Zen::Language.load('category_groups')
-describe("Categories::Controller::CategoryGroups") do
+describe "Categories::Controller::CategoryGroups" do
   behaves_like :capybara
   index_url     = Categories::Controller::CategoryGroups.r(:index).to_s
@@ -22,16 +22,7 @@ describe("Categories::Controller::CategoryGroups") do
     )
   end
-  it('Submit a form without a CSRF token') do
-    response = page.driver.post(
-      Categories::Controller::CategoryGroups.r(:save).to_s
-    )
-    response.body.include?(lang('zen_general.errors.csrf')).should == true
-    response.status.should                                         == 403
-  end
-  it('Find no existing category groups') do
+  it 'Find no existing category groups' do
     message = lang('category_groups.messages.no_groups')
     visit(index_url)
@@ -40,7 +31,18 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_selector?('table tbody tr').should == false
   end
-  it("Create a new category group") do
+  it 'Try to create a new category group with a missing CSRF token' do
+    visit(new_url)
+    within '#category_group_form' do
+      find('input[name="csrf_token"]').set('')
+      click_on(save_button)
+    end
+    page.has_content?(lang('zen_general.errors.csrf')).should == true
+  end
+  it "Create a new category group" do
     new_button  = lang('category_groups.buttons.new')
     name        = 'Spec category group'
     event_name  = nil
@@ -59,7 +61,7 @@ describe("Categories::Controller::CategoryGroups") do
     current_path.should == new_url
-    within('#category_group_form') do
+    within '#category_group_form' do
       fill_in('name', :with => name)
       click_on(save_button)
     end
@@ -72,12 +74,12 @@ describe("Categories::Controller::CategoryGroups") do
     event_name2.should == event_name
   end
-  it('Search for a category group') do
+  it 'Search for a category group' do
     visit(index_url)
     search_button = lang('zen_general.buttons.search')
     error         = lang('zen_general.errors.invalid_search')
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'Spec category group')
       click_on(search_button)
     end
@@ -85,7 +87,7 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_content?(error).should                 == false
     page.has_content?('Spec category group').should == true
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'does not exist')
       click_on(search_button)
     end
@@ -95,7 +97,7 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_selector?('table tbody tr').should     == false
   end
-  it("Edit an existing category group") do
+  it "Edit an existing category group" do
     event_name  = nil
     event_name2 = nil
     name        = 'Spec category group 123'
@@ -113,7 +115,7 @@ describe("Categories::Controller::CategoryGroups") do
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#category_group_form') do
+    within '#category_group_form' do
       fill_in('name', :with => name)
       click_on(save_button)
     end
@@ -128,7 +130,7 @@ describe("Categories::Controller::CategoryGroups") do
       group.name = 'Spec category group modified'
     end
-    within('#category_group_form') do
+    within '#category_group_form' do
       click_on(save_button)
     end
@@ -136,13 +138,13 @@ describe("Categories::Controller::CategoryGroups") do
       .value.should == 'Spec category group modified'
   end
-  it("Edit an existing category group with invalid data") do
+  it "Edit an existing category group with invalid data" do
     visit(index_url)
     click_link('Spec category group')
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#category_group_form') do
+    within '#category_group_form' do
       fill_in('name', :with => '')
       click_on(save_button)
     end
@@ -150,14 +152,44 @@ describe("Categories::Controller::CategoryGroups") do
     page.has_selector?('span.error').should == true
   end
-  it('Fail to delete a category group without an ID') do
+  enable_javascript
+  it 'Automatically save a category group' do
+    visit(index_url)
+    click_link('Spec category group')
+    within '#category_group_form' do
+      fill_in('name', :with => 'Spec category group autosave')
+    end
+    autosave_form('category_group_form')
+    # Check if the content was actually saved.
+    visit(index_url)
+    page.has_content?('Spec category group autosave').should == true
+    click_link('Spec category group autosave')
+    within '#category_group_form' do
+      fill_in('name', :with => 'Spec category group modified')
+      click_on(save_button)
+    end
+    page.has_selector?('span.error').should      == false
+    page.find('input[name="name"]').value.should == 'Spec category group modified'
+  end
+  disable_javascript
+  it 'Fail to delete a category group without an ID' do
     visit(index_url)
     click_on(delete_button)
     page.has_selector?('input[name="category_group_ids[]"]').should == true
   end
-  it("Delete an existing category group") do
+  it "Delete an existing category group" do
     message     = lang('category_groups.messages.no_groups')
     event_name  = nil
     event_name2 = nil

data/spec/zen/package/categories/helper/category.rb CHANGED

@@ -1,6 +1,6 @@
 require File.expand_path('../../../../../helper', __FILE__)
-describe('Ramaze::Helper::Category') do
+describe 'Ramaze::Helper::Category' do
   behaves_like :capybara
   category_group = ::Categories::Model::CategoryGroup.create(
@@ -12,7 +12,7 @@ describe('Ramaze::Helper::Category') do
     :category_group_id => category_group.id
   )
-  it('Validate a valid category group') do
+  it 'Validate a valid category group' do
     url = ::Categories::Controller::Categories.r(
       :index, category_group.id
     ).to_s
@@ -22,7 +22,7 @@ describe('Ramaze::Helper::Category') do
     current_path.should == "/admin/categories/index/#{category_group.id}"
   end
-  it('Validate an invalid category group') do
+  it 'Validate an invalid category group' do
     url = ::Categories::Controller::Categories.r(
       :index, category_group.id + 1
     ).to_s
@@ -32,7 +32,7 @@ describe('Ramaze::Helper::Category') do
     current_path.should == '/admin/category-groups/index'
   end
-  it('Validate a valid category') do
+  it 'Validate a valid category' do
     group_id = category_group.id
     cat_id   = category.id
@@ -45,7 +45,7 @@ describe('Ramaze::Helper::Category') do
     current_path.should == "/admin/categories/edit/#{group_id}/#{cat_id}"
   end
-  it('Validate an invalid category') do
+  it 'Validate an invalid category' do
     group_id = category_group.id
     url = ::Categories::Controller::Categories.r(

data/spec/zen/package/categories/helper/category_frontend.rb CHANGED

@@ -1,7 +1,7 @@
 require File.expand_path('../../../../../helper', __FILE__)
 require File.join(Zen::FIXTURES, 'package/categories/helper/category_frontend')
-describe('Ramaze::Helper::CategoryFrontend') do
+describe 'Ramaze::Helper::CategoryFrontend' do
   behaves_like :capybara
   extend Ramaze::Helper::CategoryFrontend
@@ -20,28 +20,28 @@ describe('Ramaze::Helper::CategoryFrontend') do
     :category_group_id => category_group.id
   )
-  it('Retrieve categories for a group ID') do
+  it 'Retrieve categories for a group ID' do
     categories = get_categories(category_group.id).all
     categories.length.should   == 2
     categories[0].name.should  == category1.name
   end
-  it('Retrieve categories for a group slug') do
+  it 'Retrieve categories for a group slug' do
     categories = get_categories(category_group.name).all
     categories.length.should   == 2
     categories[0].name.should  == category1.name
   end
-  it('Limit the amount of results') do
+  it 'Limit the amount of results' do
     categories = get_categories(category_group.id, :limit => 1).all
     categories.length.should  == 1
     categories[0].name.should == category1.name
   end
-  it('Retrieve and paginate two categories') do
+  it 'Retrieve and paginate two categories' do
     visit('/spec-category-frontend')
     page.has_selector?('p').should          == true

data/spec/zen/package/comments/anti_spam.rb CHANGED

@@ -1,6 +1,6 @@
 require File.expand_path('../../../../helper', __FILE__)
-describe('Comments::AntiSpam') do
+describe 'Comments::AntiSpam' do
   behaves_like :capybara
   spam_comment = 'Hello, you can buy viagra here ' \
@@ -23,20 +23,20 @@ describe('Comments::AntiSpam') do
     'http://api.defensio.com/2.0/users/test/documents.yaml'
   ).to_return(:body => yaml_response)
-  it('Fail to use an invalid engine') do
+  it 'Fail to use an invalid engine' do
     should.raise?(ArgumentError) do
       Comments::AntiSpam.validate(:foobar, nil, nil, nil, spam_comment)
     end
   end
-  it('Validate a spam comment using Defensio') do
+  it 'Validate a spam comment using Defensio' do
     get_setting(:defensio_key).value = 'test'
     Comments::AntiSpam.validate(:defensio, nil, nil, nil, spam_comment) \
       .should == true
   end
-  it('Fail to validate using defensio without an API key') do
+  it 'Fail to validate using defensio without an API key' do
     get_setting(:defensio_key).value = nil
     should.raise? do

data/spec/zen/package/comments/controller/comments.rb CHANGED

@@ -1,6 +1,6 @@
 require File.expand_path('../../../../../helper', __FILE__)
-describe('Comments::Controller::Comments') do
+describe 'Comments::Controller::Comments' do
   behaves_like :capybara
   index_url   = Comments::Controller::Comments.r(:index).to_s
@@ -30,16 +30,7 @@ describe('Comments::Controller::Comments') do
     )
   end
-  it('Submit a form without a CSRF token') do
-    response = page.driver.post(
-      Comments::Controller::Comments.r(:save).to_s
-    )
-    response.body.include?(lang('zen_general.errors.csrf')).should == true
-    response.status.should                                         == 403
-  end
-  it('Find no existing comments') do
+  it 'Find no existing comments' do
     message = lang('comments.messages.no_comments')
     visit(index_url)
@@ -48,9 +39,9 @@ describe('Comments::Controller::Comments') do
     page.has_selector?('table tbody tr').should == false
   end
-  it('Create a new comment') do
+  it 'Create a new comment' do
     comment = Comments::Model::Comment.create(
-      :user_id          => 1,
+      :user_id          => user_id,
       :section_entry_id => entry.id,
       :email            => 'spec@domain.tld',
       :comment          => 'Spec comment'
@@ -60,16 +51,29 @@ describe('Comments::Controller::Comments') do
     visit(index_url)
+    comment.exists?.should                      == true
     page.has_content?(message).should           == false
     page.has_selector?('table tbody tr').should == true
   end
-  it('Search for a comment') do
+  it 'Try to edit an existing comment with a missing CSRF token' do
+    visit(index_url)
+    click_link('Spec comment')
+    within '#comment_form' do
+      find('input[name="csrf_token"]').set('')
+      click_on(save_button)
+    end
+    page.has_content?(lang('zen_general.errors.csrf')).should == true
+  end
+  it 'Search for a comment' do
     visit(index_url)
     search_button = lang('zen_general.buttons.search')
     error         = lang('zen_general.errors.invalid_search')
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'Spec comment')
       click_on(search_button)
     end
@@ -77,7 +81,7 @@ describe('Comments::Controller::Comments') do
     page.has_content?(error).should          == false
     page.has_content?('Spec comment').should == true
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'spec@domain.tld')
       click_on(search_button)
     end
@@ -85,7 +89,7 @@ describe('Comments::Controller::Comments') do
     page.has_content?(error).should          == false
     page.has_content?('Spec comment').should == true
-    within('#search_form') do
+    within '#search_form' do
       fill_in('query', :with => 'does not exist')
       click_on(search_button)
     end
@@ -94,7 +98,7 @@ describe('Comments::Controller::Comments') do
     page.has_content?('Spec comment').should == false
   end
-  it('Edit an existing comment') do
+  it 'Edit an existing comment' do
     event_comment  = nil
     event_comment2 = nil
     comment        = 'Spec modified 123'
@@ -112,7 +116,7 @@ describe('Comments::Controller::Comments') do
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#comment_form') do
+    within '#comment_form' do
       fill_in('comment', :with => comment)
       select(lang('comments.labels.open'), :from => 'comment_status_id')
       click_on(save_button)
@@ -133,7 +137,7 @@ describe('Comments::Controller::Comments') do
       comment.comment = 'Spec comment modified'
     end
-    within('#comment_form') do
+    within '#comment_form' do
       click_on(save_button)
     end
@@ -141,13 +145,13 @@ describe('Comments::Controller::Comments') do
       .value.should == 'Spec comment modified'
   end
-  it('Edit an existing comment with invalid data') do
+  it 'Edit an existing comment with invalid data' do
     visit(index_url)
     click_link('Spec comment')
     current_path.should =~ /#{edit_url}\/[0-9]+/
-    within('#comment_form') do
+    within '#comment_form' do
       fill_in('comment', :with => '')
       click_on(save_button)
     end
@@ -155,7 +159,37 @@ describe('Comments::Controller::Comments') do
     page.has_selector?('span.error').should == true
   end
-  it('Fail to delete a set of comments without IDs') do
+  enable_javascript
+  it 'Automatically save a comment' do
+    visit(index_url)
+    click_link('Spec comment')
+    within '#comment_form' do
+      fill_in('comment', :with => 'Spec comment autosave')
+    end
+    autosave_form('comment_form')
+    visit(index_url)
+    # Comments are truncated in the index overview.
+    page.has_content?('Spec comment au...').should == true
+    click_link('Spec comment au...')
+    within '#comment_form' do
+      fill_in('comment', :with => 'Spec comment modified')
+      click_on(save_button)
+    end
+    page.has_selector?('span.error').should            == false
+    page.find('textarea[name="comment"]').value.should == 'Spec comment modified'
+  end
+  disable_javascript
+  it 'Fail to delete a set of comments without IDs' do
     delete_button = lang('comments.buttons.delete')
     visit(index_url)
@@ -164,7 +198,7 @@ describe('Comments::Controller::Comments') do
     page.has_selector?('input[name="comment_ids[]"]').should == true
   end
-  it('Delete an existing comment') do
+  it 'Delete an existing comment' do
     delete_button  = lang('comments.buttons.delete')
     message        = lang('comments.messages.no_comments')
     event_comment  = nil
@@ -189,6 +223,43 @@ describe('Comments::Controller::Comments') do
     event_comment2.should == event_comment
   end
+  it 'Comments should not be able to use Etanni tags' do
+    comment = Comments::Model::Comment.create(
+      :user_id          => user_id,
+      :section_entry_id => entry.id,
+      :email            => 'spec@domain.tld',
+      :comment          => '<?r puts "hello" ?>'
+    )
+    comment.exists?.should == true
+    # Loofah completely strips the <?r ?> tags so all that remains are two
+    # backslashes.
+    comment.comment.should == '\\'
+    # Lets try #{}
+    comment.comment = 'hello #{name}'
+    comment.save
+    comment.comment.should == 'hello \#\{name\}'
+    comment.destroy
+  end
+  it 'Comments should not contain evil HTML elements' do
+    comment = Comments::Model::Comment.create(
+      :user_id          => user_id,
+      :section_entry_id => entry.id,
+      :email            => 'spec@domain.tld',
+      :comment          => '<script src="foobar.js"></script>'
+    )
+    comment.exists?.should        == true
+    comment.comment.empty?.should == true
+    comment.destroy
+  end
   entry.destroy
   section.destroy
 end