comment_test.rb
11.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
require File.dirname(__FILE__) + '/../test_helper'
class CommentTest < Test::Unit::TestCase
should 'have a name and require it' do
assert_mandatory(Comment.new, :title)
end
should 'have a body and require it' do
assert_mandatory(Comment.new, :body)
end
should 'belong to an article' do
c = Comment.new
assert_raise ActiveRecord::AssociationTypeMismatch do
c.article = 1
end
assert_nothing_raised do
c.article = Article.new
end
end
should 'record authenticated author' do
c = Comment.new
assert_raise ActiveRecord::AssociationTypeMismatch do
c.author = 1
end
assert_raise ActiveRecord::AssociationTypeMismatch do
c.author = Profile
end
assert_nothing_raised do
c.author = Person.new
end
end
should 'record unauthenticated author' do
assert_optional Comment.new, :name
assert_optional Comment.new, :email
# if given name, require email
c1 = Comment.new
c1.name = 'My Name'
assert_mandatory c1, :email, 'my@email.com'
# if given email, require name
c2 = Comment.new
c2.email = 'my@email.com'
assert_mandatory c2, :name
end
should 'accept either an authenticated or unauthenticated author' do
assert_mandatory Comment.new, :author_id
c1 = Comment.new
c1.author = create_user('someperson').person
c1.name = 'my name'
c1.valid?
assert c1.errors.invalid?(:name)
end
should 'update counter cache in article' do
owner = create_user('testuser').person
art = owner.articles.build(:name => 'ytest'); art.save!
cc = art.comments_count
art.comments.build(:title => 'test comment', :body => 'anything', :author => owner).save!
art.reload
assert_equal cc + 1, art.comments_count
end
should 'provide author name for authenticated authors' do
owner = create_user('testuser').person
assert_equal 'testuser', Comment.new(:author => owner).author_name
end
should 'provide author name for unauthenticated author' do
assert_equal 'anonymous coward', Comment.new(:name => 'anonymous coward').author_name
end
should 'provide empty text for author name if user was removed ' do
assert_equal '', Comment.new(:author_id => 9999).author_name
end
should "provide author e-mail for athenticated authors" do
owner = create_user('testuser').person
assert_equal owner.email, Comment.new(:author => owner).author_email
end
should "provide author e-mail for unauthenticated author" do
assert_equal 'my@email.com', Comment.new(:email => 'my@email.com').author_email
end
should 'provide author link for authenticated author' do
author = Person.new
author.expects(:url).returns('http://blabla.net/author')
assert_equal 'http://blabla.net/author', Comment.new(:author => author).author_link
end
should 'provide author e-mail as author link for unauthenticated author' do
assert_equal 'my@email.com', Comment.new(:email => 'my@email.com').author_link
end
should 'provide url to comment' do
art = Article.new
art.expects(:url).returns({ :controller => 'lala', :action => 'something' })
comment = Comment.new(:article => art)
comment.expects(:id).returns(9876)
assert_equal({ :controller => 'lala', :action => 'something', :anchor => 'comment-9876'}, comment.url)
end
should 'provide anchor' do
comment = Comment.new
comment.expects(:id).returns(4321)
assert_equal 'comment-4321', comment.anchor
end
should 'be able to find recent comments' do
Comment.delete_all
owner = create_user('testuser').person
art = owner.articles.build(:name => 'ytest'); art.save!
comments = []
3.times do
comments.unshift art.comments.create!(:title => 'a test comment', :body => 'bla', :author => owner)
end
assert_equal comments, Comment.recent
end
should 'be able to find recent comments with limit' do
Comment.delete_all
owner = create_user('testuser').person
art = owner.articles.build(:name => 'ytest'); art.save!
comments = []
3.times do
comments.unshift art.comments.create!(:title => 'a test comment', :body => 'bla', :author => owner)
end
comments.pop
assert_equal comments, Comment.recent(2)
end
should 'not accept invalid email' do
c = Comment.new(:name => 'My Name', :email => 'my@invalid')
c.valid?
assert c.errors.invalid?(:email)
end
should 'notify article to reindex after saving' do
owner = create_user('testuser').person
article = owner.articles.create!(:name => 'test', :body => '...')
article.expects(:comments_updated)
c1 = article.comments.new(:title => "A comment", :body => '...', :author => owner)
c1.stubs(:article).returns(article)
c1.save!
end
should 'notify article to reindex after being removed' do
owner = create_user('testuser').person
article = owner.articles.create!(:name => 'test', :body => '...')
c1 = article.comments.create!(:title => "A comment", :body => '...', :author => owner)
c1.stubs(:article).returns(article)
article.expects(:comments_updated)
c1.destroy
end
should 'generate links to comments on images with view set to true' do
owner = create_user('testuser').person
image = UploadedFile.create!(:profile => owner, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
comment = image.comments.create!(:article => image, :author => owner, :title => 'a random comment', :body => 'just another comment')
assert comment.url[:view]
end
should 'not fill fields with javascript' do
owner = create_user('testuser').person
article = owner.articles.create!(:name => 'test', :body => '...')
javascript = "<script>alert('XSS')</script>"
comment = article.comments.create!(:article => article, :name => javascript, :title => javascript, :body => javascript, :email => 'cracker@test.org')
assert_no_match(/<script>/, comment.name)
end
should 'sanitize required fields before validation' do
owner = create_user('testuser').person
article = owner.articles.create(:name => 'test', :body => '...')
comment = article.comments.new(:title => '<h1 title </h1>', :body => '<h1 body </h1>', :name => '<h1 name </h1>', :email => 'cracker@test.org')
comment.valid?
assert comment.errors.invalid?(:name)
assert comment.errors.invalid?(:title)
assert comment.errors.invalid?(:body)
end
should 'escape malformed html tags' do
owner = create_user('testuser').person
article = owner.articles.create(:name => 'test', :body => '...')
comment = article.comments.new(:title => '<h1 title </h1>>> sd f <<', :body => '<h1>> sdf><asd>< body </h1>', :name => '<h1 name </h1>>><<dfsf<sd', :email => 'cracker@test.org')
comment.valid?
assert_no_match /[<>]/, comment.title
assert_no_match /[<>]/, comment.body
assert_no_match /[<>]/, comment.name
end
should 'use an existing image for deleted comments' do
image = Comment.new.removed_user_image
assert File.exists?(File.join(Rails.root, 'public', image)), "#{image} does not exist."
end
should 'track action when comment is created' do
owner = create_user('testuser').person
article = owner.articles.create!(:name => 'test', :body => '...')
comment = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
ta = ActionTracker::Record.last
assert_equal 'bar', ta.get_title
assert_equal 'my comment', ta.get_body
assert_equal 'test', ta.get_article_title
assert_equal article.url, ta.get_article_url
assert_equal comment.url, ta.get_url
end
should 'have the action_tracker_target defined' do
assert Comment.method_defined?(:action_tracker_target)
end
should "have the action_tracker_target be the articles's profile" do
owner = create_user('testuser').person
article = owner.articles.create!(:name => 'test', :body => '...')
comment = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
ta = ActionTracker::Record.last
assert_equal owner, ta.target
end
should "get children of a comment" do
c = fast_create(Comment)
c1 = fast_create(Comment, :reply_of_id => c.id)
c2 = fast_create(Comment)
c3 = fast_create(Comment, :reply_of_id => c.id)
assert_equal [c1,c3], c.children
end
should "get parent of a comment" do
c = fast_create(Comment)
c1 = fast_create(Comment, :reply_of_id => c.id)
c2 = fast_create(Comment, :reply_of_id => c1.id)
c3 = fast_create(Comment, :reply_of_id => c.id)
c4 = fast_create(Comment)
assert_equal c, c1.reply_of
assert_equal c, c3.reply_of
assert_equal c1, c2.reply_of
assert_nil c4.reply_of
end
should 'destroy replies when comment is removed' do
Comment.delete_all
owner = create_user('testuser').person
article = owner.articles.create!(:name => 'test', :body => '...')
c = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
c1 = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org', :reply_of_id => c.id)
c2 = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
c3 = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org', :reply_of_id => c.id)
assert_equal 4, Comment.count
c.destroy
assert_equal [c2], Comment.all
end
should "get children if replies are not loaded" do
c = fast_create(Comment)
c1 = fast_create(Comment, :reply_of_id => c.id)
c2 = fast_create(Comment)
c3 = fast_create(Comment, :reply_of_id => c.id)
assert_nil c.instance_variable_get('@replies')
assert_equal [c1,c3], c.replies
end
should "get replies if they are loaded" do
c = fast_create(Comment)
c1 = fast_create(Comment, :reply_of_id => c.id)
c2 = fast_create(Comment)
c3 = fast_create(Comment, :reply_of_id => c.id)
c.replies = [c2]
assert_not_nil c.instance_variable_get('@replies')
assert_equal [c2], c.replies
end
should "set replies" do
c = fast_create(Comment)
c1 = fast_create(Comment, :reply_of_id => c.id)
c2 = fast_create(Comment)
c3 = fast_create(Comment, :reply_of_id => c.id)
c.replies = []
c.replies << c2
assert_equal [c2], c.instance_variable_get('@replies')
assert_equal [c2], c.replies
assert_equal [c1,c3], c.reload.children
end
should "return comments as a thread" do
a = fast_create(Article)
c0 = fast_create(Comment, :article_id => a.id)
c1 = fast_create(Comment, :reply_of_id => c0.id, :article_id => a.id)
c2 = fast_create(Comment, :reply_of_id => c1.id, :article_id => a.id)
c3 = fast_create(Comment, :reply_of_id => c0.id, :article_id => a.id)
c4 = fast_create(Comment, :article_id => a.id)
result = a.comments.as_thread
assert_equal c0.id, result[0].id
assert_equal [c1.id, c3.id], result[0].replies.map(&:id)
assert_equal [c2.id], result[0].replies[0].replies.map(&:id)
assert_equal c4.id, result[1].id
assert result[1].replies.empty?
end
should 'provide author url for authenticated user' do
author = Person.new
author.expects(:url).returns('http://blabla.net/author')
assert_equal 'http://blabla.net/author', Comment.new(:author => author).author_url
end
should 'not provide author url for unauthenticated user' do
assert_nil Comment.new(:email => 'my@email.com').author_url
end
end