comment_test.rb
11.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
require File.dirname(__FILE__) + '/../test_helper'
class CommentTest < ActiveSupport::TestCase
  def setup
  end
  should 'have a name but not require it' do
    assert_optional(Comment.new, :title)
  end
  should 'have a body and require it' do
    assert_mandatory(Comment.new, :body)
  end
  should 'belong to an article' do
    c = Comment.new
    assert_raise ActiveRecord::AssociationTypeMismatch do
      c.article = 1
    end
    assert_nothing_raised do
      c.article = Article.new
    end
  end
  should 'record authenticated author' do
    c = Comment.new
    assert_raise ActiveRecord::AssociationTypeMismatch do
      c.author = 1
    end
    assert_raise ActiveRecord::AssociationTypeMismatch do
      c.author = Profile
    end
    assert_nothing_raised do
      c.author = Person.new
    end
  end
  should 'record unauthenticated author' do
    assert_optional Comment.new, :name
    assert_optional Comment.new, :email
    # if given name, require email
    c1 = Comment.new
    c1.name = 'My Name'
    assert_mandatory c1, :email, 'my@email.com'
    # if given email, require name
    c2 = Comment.new
    c2.email = 'my@email.com'
    assert_mandatory c2, :name
  end
  should 'accept either an authenticated or unauthenticated author' do
    assert_mandatory Comment.new, :author_id
    c1 = Comment.new
    c1.author = create_user('someperson').person
    c1.name = 'my name'
    c1.valid?
    assert c1.errors.invalid?(:name)
    assert_no_match /\{fn\}/, c1.errors.on(:name)
  end
  should 'update counter cache in article' do
    owner = create_user('testuser').person
    art = owner.articles.build(:name => 'ytest'); art.save!
    cc = art.comments_count
    art.comments.build(:title => 'test comment', :body => 'anything', :author => owner).save!
    art.reload
    assert_equal cc + 1, art.comments_count
  end
  should 'provide author name for authenticated authors' do
    owner = create_user('testuser').person
    assert_equal 'testuser', Comment.new(:author => owner).author_name
  end
  should 'provide author name for unauthenticated author' do
    assert_equal 'anonymous coward', Comment.new(:name => 'anonymous coward').author_name
  end
  should 'provide empty text for author name if user was removed ' do
    assert_equal '', Comment.new(:author_id => 9999).author_name
  end
  should "provide author e-mail for athenticated authors" do
    owner = create_user('testuser').person
    assert_equal owner.email, Comment.new(:author => owner).author_email
  end
  should "provide author e-mail for unauthenticated author" do
    assert_equal 'my@email.com', Comment.new(:email => 'my@email.com').author_email
  end
  should 'provide author link for authenticated author' do
    author = Person.new
    author.expects(:url).returns('http://blabla.net/author')
    assert_equal  'http://blabla.net/author', Comment.new(:author => author).author_link
  end
  should 'provide author e-mail as author link for unauthenticated author' do
    assert_equal 'my@email.com', Comment.new(:email => 'my@email.com').author_link
  end
  should 'provide url to comment' do
    art = Article.new
    art.expects(:url).returns({ :controller => 'lala', :action => 'something' })
    comment = Comment.new(:article => art)
    comment.expects(:id).returns(9876)
    assert_equal({ :controller => 'lala', :action => 'something', :anchor => 'comment-9876'}, comment.url)
  end
  should 'provide anchor' do
    comment = Comment.new
    comment.expects(:id).returns(4321)
    assert_equal 'comment-4321', comment.anchor
  end
  should 'be able to find recent comments' do
    Comment.delete_all
    owner = create_user('testuser').person
    art = owner.articles.build(:name => 'ytest'); art.save!
    comments = []
    3.times do
      comments.unshift art.comments.create!(:title => 'a test comment', :body => 'bla', :author => owner)
    end
    assert_equal comments, Comment.recent
  end
  should 'be able to find recent comments with limit' do
    Comment.delete_all
    owner = create_user('testuser').person
    art = owner.articles.build(:name => 'ytest'); art.save!
    comments = []
    3.times do
      comments.unshift art.comments.create!(:title => 'a test comment', :body => 'bla', :author => owner)
    end
    comments.pop
    assert_equal comments, Comment.recent(2)
  end
  should 'not accept invalid email' do
    c = Comment.new(:name => 'My Name', :email => 'my@invalid')
    c.valid?
    assert c.errors.invalid?(:email)
  end
  should 'notify article to reindex after saving' do
    owner = create_user('testuser').person
    article = owner.articles.create!(:name => 'test', :body => '...')
    article.expects(:comments_updated)
    c1 = article.comments.new(:title => "A comment", :body => '...', :author => owner)
    c1.stubs(:article).returns(article)
    c1.save!
  end
  should 'notify article to reindex after being removed' do
    owner = create_user('testuser').person
    article = owner.articles.create!(:name => 'test', :body => '...')
    c1 = article.comments.create!(:title => "A comment", :body => '...', :author => owner)
    c1.stubs(:article).returns(article)
    article.expects(:comments_updated)
    c1.destroy
  end
  should 'generate links to comments on images with view set to true' do
    owner = create_user('testuser').person
    image = UploadedFile.create!(:profile => owner, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
    comment = image.comments.create!(:article => image, :author => owner, :title => 'a random comment', :body => 'just another comment')
    assert comment.url[:view]
  end
  should 'not fill fields with javascript' do
    owner = create_user('testuser').person
    article = owner.articles.create!(:name => 'test', :body => '...')
    javascript = "<script>alert('XSS')</script>"
    comment = article.comments.create!(:article => article, :name => javascript, :title => javascript, :body => javascript, :email => 'cracker@test.org')
    assert_no_match(/<script>/, comment.name)
  end
  should 'sanitize required fields before validation' do
    owner = create_user('testuser').person
    article = owner.articles.create(:name => 'test', :body => '...')
    comment = article.comments.new(:title => '<h1 title </h1>', :body => '<h1 body </h1>', :name => '<h1 name </h1>', :email => 'cracker@test.org')
    comment.valid?
    assert comment.errors.invalid?(:name)
    assert comment.errors.invalid?(:body)
  end
  should 'escape malformed html tags' do
    owner = create_user('testuser').person
    article = owner.articles.create(:name => 'test', :body => '...')
    comment = article.comments.new(:title => '<h1 title </h1>>> sd f <<', :body => '<h1>> sdf><asd>< body </h1>', :name => '<h1 name </h1>>><<dfsf<sd', :email => 'cracker@test.org')
    comment.valid?
    assert_no_match /[<>]/, comment.title
    assert_no_match /[<>]/, comment.body
    assert_no_match /[<>]/, comment.name
  end
  should 'use an existing image for deleted comments' do
    image = Comment.new.removed_user_image
    assert File.exists?(File.join(Rails.root, 'public', image)), "#{image} does not exist."
  end
  should 'track action when comment is created' do
    owner = create_user('testuser').person
    article = owner.articles.create!(:name => 'test', :body => '...')
    comment = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
    ta = ActionTracker::Record.last
    assert_equal 'bar', ta.get_title
    assert_equal 'my comment', ta.get_body
    assert_equal 'test', ta.get_article_title
    assert_equal article.url, ta.get_article_url
    assert_equal comment.url, ta.get_url
  end
  should 'have the action_tracker_target defined' do
    assert Comment.method_defined?(:action_tracker_target)
  end
  should "have the action_tracker_target be the articles's profile" do
    owner = create_user('testuser').person
    article = owner.articles.create!(:name => 'test', :body => '...')
    comment = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
    ta = ActionTracker::Record.last
    assert_equal owner, ta.target
  end
  should "get children of a comment" do
    c = fast_create(Comment)
    c1 = fast_create(Comment, :reply_of_id => c.id)
    c2 = fast_create(Comment)
    c3 = fast_create(Comment, :reply_of_id => c.id)
    assert_equal [c1,c3], c.children
  end
  should "get parent of a comment" do
    c = fast_create(Comment)
    c1 = fast_create(Comment, :reply_of_id => c.id)
    c2 = fast_create(Comment, :reply_of_id => c1.id)
    c3 = fast_create(Comment, :reply_of_id => c.id)
    c4 = fast_create(Comment)
    assert_equal c, c1.reply_of
    assert_equal c, c3.reply_of
    assert_equal c1, c2.reply_of
    assert_nil c4.reply_of
  end
  should 'destroy replies when comment is removed' do
    Comment.delete_all
    owner = create_user('testuser').person
    article = owner.articles.create!(:name => 'test', :body => '...')
    c = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
    c1 = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org', :reply_of_id => c.id)
    c2 = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org')
    c3 = article.comments.create!(:article => article, :name => 'foo', :title => 'bar', :body => 'my comment', :email => 'cracker@test.org', :reply_of_id => c.id)
    assert_equal 4, Comment.count
    c.destroy
    assert_equal [c2], Comment.all
  end
  should "get children if replies are not loaded" do
    c = fast_create(Comment)
    c1 = fast_create(Comment, :reply_of_id => c.id)
    c2 = fast_create(Comment)
    c3 = fast_create(Comment, :reply_of_id => c.id)
    assert_nil c.instance_variable_get('@replies')
    assert_equal [c1,c3], c.replies
  end
  should "get replies if they are loaded" do
    c = fast_create(Comment)
    c1 = fast_create(Comment, :reply_of_id => c.id)
    c2 = fast_create(Comment)
    c3 = fast_create(Comment, :reply_of_id => c.id)
    c.replies = [c2]
    assert_not_nil c.instance_variable_get('@replies')
    assert_equal [c2], c.replies
  end
  should "set replies" do
    c = fast_create(Comment)
    c1 = fast_create(Comment, :reply_of_id => c.id)
    c2 = fast_create(Comment)
    c3 = fast_create(Comment, :reply_of_id => c.id)
    c.replies = []
    c.replies << c2
    assert_equal [c2], c.instance_variable_get('@replies')
    assert_equal [c2], c.replies
    assert_equal [c1,c3], c.reload.children
  end
  should "return comments as a thread" do
    a = fast_create(Article)
    c0 = fast_create(Comment, :article_id => a.id)
    c1 = fast_create(Comment, :reply_of_id => c0.id, :article_id => a.id)
    c2 = fast_create(Comment, :reply_of_id => c1.id, :article_id => a.id)
    c3 = fast_create(Comment, :reply_of_id => c0.id, :article_id => a.id)
    c4 = fast_create(Comment, :article_id => a.id)
    result = a.comments.as_thread
    assert_equal c0.id, result[0].id
    assert_equal [c1.id, c3.id], result[0].replies.map(&:id)
    assert_equal [c2.id], result[0].replies[0].replies.map(&:id)
    assert_equal c4.id, result[1].id
    assert result[1].replies.empty?
  end
  should 'provide author url for authenticated user' do
    author = Person.new
    author.expects(:url).returns('http://blabla.net/author')
    assert_equal  'http://blabla.net/author', Comment.new(:author => author).author_url
  end
  should 'not provide author url for unauthenticated user' do
    assert_nil Comment.new(:email => 'my@email.com').author_url
  end
end