Commit d9680fb600b55d6b5f393f74e5fd9921677f9254

Authored by Rodrigo Souto
1 parent 94df4822

rails3: fix tiny_mce_article tests

PS: still breaking xss_terminate related tests
Showing 1 changed file with 30 additions and 28 deletions   Show diff stats
test/unit/tiny_mce_article_test.rb
@@ -23,52 +23,52 @@ class TinyMceArticleTest < ActiveSupport::TestCase @@ -23,52 +23,52 @@ class TinyMceArticleTest < ActiveSupport::TestCase
23 end 23 end
24 24
25 should 'not sanitize target attribute' do 25 should 'not sanitize target attribute' do
26 - article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile) 26 + article = create(TinyMceArticle, :name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile)
27 assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'} 27 assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'}
28 end 28 end
29 29
30 should 'not translate & to amp; over times' do 30 should 'not translate & to amp; over times' do
31 - article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile) 31 + article = create(TinyMceArticle, :name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile)
32 assert article.save 32 assert article.save
33 assert_no_match(/&amp;amp;/, article.body) 33 assert_no_match(/&amp;amp;/, article.body)
34 assert_match(/&amp;/, article.body) 34 assert_match(/&amp;/, article.body)
35 end 35 end
36 36
37 should 'not escape comments from tiny mce article body' do 37 should 'not escape comments from tiny mce article body' do
38 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...") 38 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...")
39 assert_equal "the <!-- comment --> article ...", article.body 39 assert_equal "the <!-- comment --> article ...", article.body
40 end 40 end
41 41
42 should 'convert entities characters to UTF-8 instead of ISO-8859-1' do 42 should 'convert entities characters to UTF-8 instead of ISO-8859-1' do
43 - article = TinyMceArticle.create!(:profile => profile, :name => 'teste ' + Time.now.to_s, :body => '<a title="inform&#225;tica">link</a>') 43 + article = create(TinyMceArticle, :profile => profile, :name => 'teste ' + Time.now.to_s, :body => '<a title="inform&#225;tica">link</a>')
44 assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect) 44 assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect)
45 end 45 end
46 46
47 should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do 47 should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do
48 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->")  
49 - assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body 48 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->")
  49 + assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body.html_safe
50 end 50 end
51 51
52 should 'remove iframe if it is not from a trusted site' do 52 should 'remove iframe if it is not from a trusted site' do
53 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://anything/videos.ogg'></iframe>") 53 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://anything/videos.ogg'></iframe>")
54 assert_equal "", article.body 54 assert_equal "", article.body
55 end 55 end
56 56
57 should 'not mess with <iframe and </iframe if it is from itheora by default' do 57 should 'not mess with <iframe and </iframe if it is from itheora by default' do
58 assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org' 58 assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org'
59 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/demo/index.php?v=example.ogv'></iframe>") 59 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/demo/index.php?v=example.ogv'></iframe>")
60 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://itheora.org/demo/index.php?v=example.ogv"} 60 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://itheora.org/demo/index.php?v=example.ogv"}
61 end 61 end
62 62
63 should 'allow iframe if it is from stream.softwarelivre.org by default' do 63 should 'allow iframe if it is from stream.softwarelivre.org by default' do
64 assert_includes Environment.default.trusted_sites_for_iframe, 'stream.softwarelivre.org' 64 assert_includes Environment.default.trusted_sites_for_iframe, 'stream.softwarelivre.org'
65 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg'></iframe>") 65 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg'></iframe>")
66 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg"} 66 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg"}
67 end 67 end
68 68
69 should 'allow iframe if it is from tv.softwarelivre.org by default' do 69 should 'allow iframe if it is from tv.softwarelivre.org by default' do
70 assert_includes Environment.default.trusted_sites_for_iframe, 'tv.softwarelivre.org' 70 assert_includes Environment.default.trusted_sites_for_iframe, 'tv.softwarelivre.org'
71 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>") 71 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>")
72 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"} 72 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"}
73 end 73 end
74 74
@@ -77,12 +77,12 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase @@ -77,12 +77,12 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
77 env.trusted_sites_for_iframe = ['avideosite.com'] 77 env.trusted_sites_for_iframe = ['avideosite.com']
78 env.save 78 env.save
79 assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com' 79 assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com'
80 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://avideosite.com/videos.ogg'></iframe>") 80 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://avideosite.com/videos.ogg'></iframe>")
81 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://avideosite.com/videos.ogg"} 81 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://avideosite.com/videos.ogg"}
82 end 82 end
83 83
84 should 'remove only the iframe from untrusted site' do 84 should 'remove only the iframe from untrusted site' do
85 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>") 85 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>")
86 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/videos.ogg"} 86 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/videos.ogg"}
87 assert_no_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://untrusted_site.com/videos.ogg"} 87 assert_no_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://untrusted_site.com/videos.ogg"}
88 end 88 end
@@ -90,13 +90,13 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase @@ -90,13 +90,13 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
90 should 'remove iframe if it has 2 or more src' do 90 should 'remove iframe if it has 2 or more src' do
91 assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org' 91 assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org'
92 92
93 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>") 93 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>")
94 assert_equal '', article.body 94 assert_equal '', article.body
95 end 95 end
96 96
97 #TinymMCE convert config={"key":(.*)} in config={&quotkey&quot:(.*)} 97 #TinymMCE convert config={"key":(.*)} in config={&quotkey&quot:(.*)}
98 should 'not replace &quot with &amp;quot; when adding an Archive.org video' do 98 should 'not replace &quot with &amp;quot; when adding an Archive.org video' do
99 - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}'> </embed>") 99 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}'> </embed>")
100 assert_equal "<embed flashvars=\"config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}\"> </embed>", article.body 100 assert_equal "<embed flashvars=\"config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}\"> </embed>", article.body
101 end 101 end
102 102
@@ -109,12 +109,12 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase @@ -109,12 +109,12 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
109 end 109 end
110 110
111 should 'not allow XSS on name' do 111 should 'not allow XSS on name' do
112 - article = TinyMceArticle.create!(:name => 'title with <script>alert("xss")</script>', :profile => profile) 112 + article = create(TinyMceArticle, :name => 'title with <script>alert("xss")</script>', :profile => profile)
113 assert_no_match /script/, article.name 113 assert_no_match /script/, article.name
114 end 114 end
115 115
116 should 'not allow XSS on abstract' do 116 should 'not allow XSS on abstract' do
117 - article = TinyMceArticle.create!(:name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile) 117 + article = create(TinyMceArticle, :name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile)
118 assert_no_match /script/, article.abstract 118 assert_no_match /script/, article.abstract
119 end 119 end
120 120
@@ -125,23 +125,24 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase @@ -125,23 +125,24 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
125 125
126 should 'notify activity on create' do 126 should 'notify activity on create' do
127 ActionTracker::Record.delete_all 127 ActionTracker::Record.delete_all
128 - TinyMceArticle.create! :name => 'test', :profile_id => fast_create(Profile).id, :published => true 128 + create TinyMceArticle, :name => 'test', :profile_id => fast_create(Profile).id, :published => true
129 assert_equal 1, ActionTracker::Record.count 129 assert_equal 1, ActionTracker::Record.count
130 end 130 end
131 131
132 should 'not group trackers activity of article\'s creation' do 132 should 'not group trackers activity of article\'s creation' do
133 ActionTracker::Record.delete_all 133 ActionTracker::Record.delete_all
134 profile = fast_create(Profile) 134 profile = fast_create(Profile)
135 - TinyMceArticle.create! :name => 'bar', :profile_id => profile.id, :published => true  
136 - TinyMceArticle.create! :name => 'another bar', :profile_id => profile.id, :published => true 135 + create TinyMceArticle, :name => 'bar', :profile_id => profile.id, :published => true
  136 + create TinyMceArticle, :name => 'another bar', :profile_id => profile.id, :published => true
137 assert_equal 2, ActionTracker::Record.count 137 assert_equal 2, ActionTracker::Record.count
138 - TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true 138 + create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
139 assert_equal 3, ActionTracker::Record.count 139 assert_equal 3, ActionTracker::Record.count
140 end 140 end
141 141
142 should 'not update activity on update of an article' do 142 should 'not update activity on update of an article' do
143 ActionTracker::Record.delete_all 143 ActionTracker::Record.delete_all
144 profile = fast_create(Profile) 144 profile = fast_create(Profile)
  145 + ActionTracker::Record.stubs(:current_user_from_model).returns(fast_create(Person))
145 article = create(TinyMceArticle, :profile_id => profile.id) 146 article = create(TinyMceArticle, :profile_id => profile.id)
146 time = article.activity.updated_at 147 time = article.activity.updated_at
147 Time.stubs(:now).returns(time + 1.day) 148 Time.stubs(:now).returns(time + 1.day)
@@ -154,8 +155,8 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase @@ -154,8 +155,8 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
154 155
155 should 'not create trackers activity when updating articles' do 156 should 'not create trackers activity when updating articles' do
156 ActionTracker::Record.delete_all 157 ActionTracker::Record.delete_all
157 - a1 = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true  
158 - a2 = TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true 158 + a1 = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true
  159 + a2 = create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
159 assert_no_difference ActionTracker::Record, :count do 160 assert_no_difference ActionTracker::Record, :count do
160 a1.name = 'foo';a1.save! 161 a1.name = 'foo';a1.save!
161 a2.name = 'another foo';a2.save! 162 a2.name = 'another foo';a2.save!
@@ -164,8 +165,8 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase @@ -164,8 +165,8 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
164 165
165 should 'remove activity when an article is destroyed' do 166 should 'remove activity when an article is destroyed' do
166 ActionTracker::Record.delete_all 167 ActionTracker::Record.delete_all
167 - a1 = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true  
168 - a2 = TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true 168 + a1 = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true
  169 + a2 = create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
169 assert_difference ActionTracker::Record, :count, -2 do 170 assert_difference ActionTracker::Record, :count, -2 do
170 a1.destroy 171 a1.destroy
171 a2.destroy 172 a2.destroy
@@ -178,20 +179,21 @@ end @@ -178,20 +179,21 @@ end
178 p1 = Person.first 179 p1 = Person.first
179 community.add_member(p1) 180 community.add_member(p1)
180 assert p1.is_member_of?(community) 181 assert p1.is_member_of?(community)
181 - article = TinyMceArticle.create! :name => 'test', :profile_id => community.id 182 + article = create TinyMceArticle, :name => 'test', :profile_id => community.id
182 assert_equal article, ActionTracker::Record.last.target 183 assert_equal article, ActionTracker::Record.last.target
183 end 184 end
184 185
185 should "the tracker action target be defined as the article on articles'creation in profile" do 186 should "the tracker action target be defined as the article on articles'creation in profile" do
186 ActionTracker::Record.delete_all 187 ActionTracker::Record.delete_all
187 person = Person.first 188 person = Person.first
188 - article = TinyMceArticle.create! :name => 'test', :profile_id => person.id 189 + ActionTracker::Record.stubs(:current_user_from_model).returns(fast_create(Person))
  190 + article = create TinyMceArticle, :name => 'test', :profile_id => person.id
189 assert_equal article, ActionTracker::Record.last.target 191 assert_equal article, ActionTracker::Record.last.target
190 end 192 end
191 193
192 should 'not notify activity if the article is not advertise' do 194 should 'not notify activity if the article is not advertise' do
193 ActionTracker::Record.delete_all 195 ActionTracker::Record.delete_all
194 - a = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true, :advertise => false 196 + a = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true, :advertise => false
195 assert_equal true, a.published? 197 assert_equal true, a.published?
196 assert_equal true, a.notifiable? 198 assert_equal true, a.notifiable?
197 assert_equal false, a.image? 199 assert_equal false, a.image?
@@ -204,7 +206,7 @@ end @@ -204,7 +206,7 @@ end
204 end 206 end
205 207
206 should "the common trackable conditions return the correct value" do 208 should "the common trackable conditions return the correct value" do
207 - a = TinyMceArticle.new(:profile => profile) 209 + a = build(TinyMceArticle, :profile => profile)
208 a.published = a.advertise = true 210 a.published = a.advertise = true
209 assert_equal true, a.published? 211 assert_equal true, a.published?
210 assert_equal true, a.notifiable? 212 assert_equal true, a.notifiable?