From d3d39461e6c60e3137f90ea9381371323ee76d29 Mon Sep 17 00:00:00 2001 From: Joenio Costa Date: Sat, 6 Feb 2010 12:52:15 -0300 Subject: [PATCH] More anti-spam measures --- app/controllers/public/contact_controller.rb | 2 +- app/controllers/public/content_viewer_controller.rb | 2 +- app/views/contact/new.rhtml | 4 ++-- app/views/content_viewer/_comment_form.rhtml | 5 +++-- features/comment.feature | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ features/step_definitions/custom_webrat_steps.rb | 3 +++ test/functional/contact_controller_test.rb | 57 ++++++++++++++++++++++++++++----------------------------- test/functional/content_viewer_controller_test.rb | 54 ++++++++---------------------------------------------- 8 files changed, 107 insertions(+), 81 deletions(-) create mode 100644 features/comment.feature diff --git a/app/controllers/public/contact_controller.rb b/app/controllers/public/contact_controller.rb index 55a36b9..2379375 100644 --- a/app/controllers/public/contact_controller.rb +++ b/app/controllers/public/contact_controller.rb @@ -7,7 +7,7 @@ class ContactController < PublicController inverse_captcha :field => 'e_mail' def new @contact - if request.post? && params[self.icaptcha_field].blank? + if request.post? && params[self.icaptcha_field].blank? && params[:confirm] == 'true' @contact = user.build_contact(profile, params[:contact]) @contact.city = (!params[:city].blank? && City.exists?(params[:city])) ? City.find(params[:city]).name : nil @contact.state = (!params[:state].blank? && State.exists?(params[:state])) ? State.find(params[:state]).name : nil diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb index 13d98e9..974aa25 100644 --- a/app/controllers/public/content_viewer_controller.rb +++ b/app/controllers/public/content_viewer_controller.rb @@ -77,7 +77,7 @@ class ContentViewerController < ApplicationController @form_div = params[:form] - if request.post? && params[:comment] && params[self.icaptcha_field].blank? && @page.accept_comments? + if request.post? && params[:comment] && params[self.icaptcha_field].blank? && params[:confirm] == 'true' && @page.accept_comments? add_comment end diff --git a/app/views/contact/new.rhtml b/app/views/contact/new.rhtml index 0003ea4..a9c69c4 100644 --- a/app/views/contact/new.rhtml +++ b/app/views/contact/new.rhtml @@ -5,6 +5,7 @@ <% labelled_form_for :contact, @contact do |f| %> <%= icaptcha_field() %> + <%= hidden_field_tag(:confirm, 'false') %> <%= required_fields_message %> @@ -15,6 +16,5 @@ <%= required f.text_area(:message, :rows => 10, :cols => 60) %> <%= labelled_form_field check_box(:contact, :receive_a_copy) + _('I want to receive a copy of the message in my e-mail.'), '' %> - <%= submit_button(:send, _('Send')) %> - + <%= submit_button(:send, _('Send'), :onclick => "$('confirm').value = 'true'") %> <% end %> diff --git a/app/views/content_viewer/_comment_form.rhtml b/app/views/content_viewer/_comment_form.rhtml index 50434ed..dcf94df 100644 --- a/app/views/content_viewer/_comment_form.rhtml +++ b/app/views/content_viewer/_comment_form.rhtml @@ -17,8 +17,9 @@

<%= content_tag('a', '', :name => 'comment_form') + _('Post a comment') %>

-<% form_tag( @page.view_url, { :id => comment_form_id } ) do %> +<% form_tag( url_for(@page.view_url.merge({:only_path => true})), { :id => comment_form_id } ) do %> <%= icaptcha_field() %> + <%= hidden_field_tag(:confirm, 'false') %> <%= required_fields_message %> @@ -36,7 +37,7 @@ <%= required labelled_form_field(_('Title'), text_field(:comment, :title)) %> <%= required labelled_form_field(_('Enter your comment'), text_area(:comment, :body, :rows => 5)) %> <% button_bar do %> - <%= submit_button('add', _('Post comment')) %> + <%= submit_button('add', _('Post comment'), :onclick => "$('confirm').value = 'true'") %> <% end %> <% end %> diff --git a/features/comment.feature b/features/comment.feature new file mode 100644 index 0000000..2880da6 --- /dev/null +++ b/features/comment.feature @@ -0,0 +1,61 @@ +Feature: comment + As a visitor + I want to post comments + + Background: + Given the following users + | login | + | booking | + And the following articles + | owner | name | + | booking | article to comment | + + Scenario: not post a comment without javascript + Given I am on /booking/article-to-comment + And I fill in "Name" with "Joey Ramone" + And I fill in "e-Mail" with "joey@ramones.com" + And I fill in "Title" with "Hey ho, let's go!" + And I fill in "Enter your comment" with "Hey ho, let's go!" + When I press "Post comment" + Then I should not see "Hey ho, let's go" + + @selenium + Scenario: post a comment while not authenticated + Given I am on /booking/article-to-comment + And I fill in "Name" with "Joey Ramone" + And I fill in "e-Mail" with "joey@ramones.com" + And I fill in "Title" with "Hey ho, let's go!" + And I fill in "Enter your comment" with "Hey ho, let's go!" + When I press "Post comment" + Then I should see "Hey ho, let's go" + + @selenium + Scenario: post comment while authenticated + Given I am logged in as "booking" + And I am on /booking/article-to-comment + And I fill in "Title" with "Hey ho, let's go!" + And I fill in "Enter your comment" with "Hey ho, let's go!" + When I press "Post comment" + Then I should see "Hey ho, let's go" + + @selenium + Scenario: redirect to right place after comment a picture + Given I am logged in as "booking" + And the following files + | owner | file | mime | + | booking | rails.png | image/png | + And I am on /booking/rails.png?view=true + And I fill in "Title" with "Hey ho, let's go!" + And I fill in "Enter your comment" with "Hey ho, let's go!" + When I press "Post comment" + And I wait 2 seconds + Then I should be exactly on /booking/rails.png?view=true + + @selenium + Scenario: show error messages when make a blank comment + Given I am logged in as "booking" + And I am on /booking/article-to-comment + When I press "Post comment" + And I wait 2 seconds + Then I should see "Title can't be blank" + And I should see "Body can't be blank" diff --git a/features/step_definitions/custom_webrat_steps.rb b/features/step_definitions/custom_webrat_steps.rb index 97ed810..87a24de 100644 --- a/features/step_definitions/custom_webrat_steps.rb +++ b/features/step_definitions/custom_webrat_steps.rb @@ -10,3 +10,6 @@ When /^I wait (\d+) seconds$/ do |seconds| sleep seconds.to_i end +Then /^I should be exactly on (.+)$/ do |page_name| + URI.parse(current_url).request_uri.should == path_to(page_name) +end diff --git a/test/functional/contact_controller_test.rb b/test/functional/contact_controller_test.rb index c30b2b7..cb5e0ea 100644 --- a/test/functional/contact_controller_test.rb +++ b/test/functional/contact_controller_test.rb @@ -40,12 +40,6 @@ class ContactControllerTest < Test::Unit::TestCase assert_tag :tag => 'textarea', :attributes => { :name => 'contact[message]' } end - should 'redirect back to contact page after send contact' do - post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all'} - assert_response :redirect - assert_redirected_to :action => 'new' - end - should 'have logged user email' do get :new, :profile => enterprise.identifier assert_equal profile.email, assigns(:contact).email @@ -56,27 +50,11 @@ class ContactControllerTest < Test::Unit::TestCase assert_equal profile.name, assigns(:contact).name end - should 'define city and state' do - City.stubs(:exists?).returns(true) - City.stubs(:find).returns(City.new(:name => 'Camaçari')) - State.stubs(:exists?).returns(true) - State.stubs(:find).returns(State.new(:name => 'Bahia')) - post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all'}, :state => '1', :city => '1' - assert_equal 'Camaçari', assigns(:contact).city - assert_equal 'Bahia', assigns(:contact).state - end - should 'display checkbox for receive copy of email' do get :new, :profile => enterprise.identifier assert_tag :tag => 'input', :attributes => {:name => 'contact[receive_a_copy]'} end - should 'deliver contact if subject and message are filled' do - post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all'} - assert_response :redirect - assert_redirected_to :action => 'new' - end - should 'not throws exception when city and state is blank' do State.expects(:exists?).with('').never City.expects(:exists?).with('').never @@ -95,13 +73,6 @@ class ContactControllerTest < Test::Unit::TestCase assert_no_tag :tag => 'select', :attributes => {:name => 'state'} end - should 'be able to post contact while inverse captcha field filled' do - post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all', :state => '', :city => ''} - - assert_response :redirect - assert_redirected_to :action => 'new' - end - should 'not be able to post contact while inverse captcha field filled' do post :new, :profile => enterprise.identifier, @controller.icaptcha_field => 'filled', :contact => {:subject => 'Hi', :message => 'Hi, all', :state => '', :city => ''} @@ -121,4 +92,32 @@ class ContactControllerTest < Test::Unit::TestCase assert_equal Person['contact_test_user'], assigns(:contact).sender end + should 'send contact while inverse captcha field not filled' do + post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all', :state => '', :city => ''}, :confirm => 'true' + assert_response :redirect + assert_redirected_to :action => 'new' + end + + should 'deliver contact if subject and message are filled' do + post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all'}, :confirm => 'true' + assert_response :redirect + assert_redirected_to :action => 'new' + end + + should 'redirect back to contact page after send contact' do + post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all'}, :confirm => 'true' + assert_response :redirect + assert_redirected_to :action => 'new' + end + + should 'define city and state for contact object' do + City.stubs(:exists?).returns(true) + City.stubs(:find).returns(City.new(:name => 'Camaçari')) + State.stubs(:exists?).returns(true) + State.stubs(:find).returns(State.new(:name => 'Bahia')) + post :new, :profile => enterprise.identifier, :contact => {:subject => 'Hi', :message => 'Hi, all'}, :state => '1', :city => '1', :confirm => 'true' + assert_equal 'Camaçari', assigns(:contact).city + assert_equal 'Bahia', assigns(:contact).state + end + end diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb index 92f9b5e..c815dc6 100644 --- a/test/functional/content_viewer_controller_test.rb +++ b/test/functional/content_viewer_controller_test.rb @@ -64,29 +64,6 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_response :missing end - def test_should_be_able_to_post_comment_while_authenticated - profile = create_user('popstar').person - page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text') - page.save! - profile.home_page = page; profile.save! - - assert_difference Comment, :count do - login_as('ze') - post :view_page, :profile => 'popstar', :page => [ 'myarticle' ], :comment => { :title => 'crap!', :body => 'I think that this article is crap' } - end - end - - def test_should_be_able_to_post_comment_while_not_authenticated - profile = create_user('popstar').person - page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text') - page.save! - profile.home_page = page; profile.save! - - assert_difference Comment, :count do - post :view_page, :profile => 'popstar', :page => [ 'myarticle' ], :comment => { :title => 'crap!', :body => 'I think that this article is crap', :name => 'Anonymous coward', :email => 'coward@anonymous.com' } - end - end - should 'produce a download-like when article is not text/html' do # for example, RSS feeds @@ -243,20 +220,6 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_tag :tag => 'input', :attributes => { :type => 'text', :name => @controller.icaptcha_field } end - should 'show error messages when make a blank comment' do - login_as @profile.identifier - page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') - post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], :comment => { :title => '', :body => '' } - assert_tag :tag => 'div', :attributes => { :class => 'errorExplanation', :id => 'errorExplanation' } - end - - should 'show comment form opened on error' do - login_as @profile.identifier - page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') - post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], :comment => { :title => '', :body => '' } - assert_tag :tag => 'div', :attributes => { :class => 'post_comment_box opened' } - end - should 'filter html content from body' do login_as @profile.identifier page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') @@ -279,7 +242,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase get :view_page, :profile => profile.identifier, :page => [ 'myarticle' ] - assert_tag :tag => 'form', :attributes => { :id => /^comment_form/, :action => 'http://www.mysite.com/person/article' } + assert_tag :tag => 'form', :attributes => { :id => /^comment_form/, :action => '/person/article' } end should "display current article's tags" do @@ -778,14 +741,6 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_tag :tag => 'a', :content => 'Upload files', :attributes => {:href => /parent_id=#{folder.id}/} end - should 'have a link to properly post a comment' do - login_as(profile.identifier) - file = UploadedFile.create!(:profile => profile, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png')) - get :view_page, :profile => profile.identifier, :page => file.explode_path, :view => true - - assert_tag :tag => 'input', :attributes => {:type => 'submit', :value => 'Post comment'}, :ancestor => {:tag => 'form', :attributes => {:action => /#{file.slug}.*view=true/}} - end - should 'post comment in a image' do login_as(profile.identifier) image = UploadedFile.create!(:profile => profile, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png')) @@ -905,4 +860,11 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_tag :tag => 'span', :content => '(removed user)', :attributes => {:class => 'comment-info'} end + should 'show comment form opened on error' do + login_as @profile.identifier + page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') + post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], :comment => { :title => '', :body => '' }, :confirm => 'true' + assert_tag :tag => 'div', :attributes => { :class => 'post_comment_box opened' } + end + end -- libgit2 0.21.2