spec/models/safe_erb_template.html.erb vendor/gems/emk-safe_erb-0.1.2/.specification vendor/gems/emk-safe_erb-0.1.2/MIT-LICENSE vendor/gems/emk-safe_erb-0.1.2/README vendor/gems/emk-safe_erb-0.1.2/Rakefile vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/action_view_extensions.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/common.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/erb_extensions.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/rails_1.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/rails_2.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/sqlite3_fix.rb vendor/gems/emk-safe_erb-0.1.2/lib/safe_erb/tag_helper.rb vendor/gems/emk-safe_erb-0.1.2/rails/init.rb vendor/gems/emk-safe_erb-0.1.2/test/safe_erb_test.rb vendor/gems/emk-safe_erb-0.1.2/test/tag_helper_test.rb vendor/gems/emk-safe_erb-0.1.2/test/test_helper.rb @@ -11,9 +11,17 @@ class Event < ActiveRecord::Base belongs_to :comment belongs_to :site + def self.mode_from(record) + case + when record.is_a?(Comment) then 'comment' + when record.new_record? then 'publish' + else 'edit' + end + end + protected def content_and_user_added - errors.add_to_base "Title or Body must be changed" unless %w(publish comment).include?(mode) || article.changed.include?('title') || article.changed.include?('body') + errors.add_to_base "Title or Body must be changed" unless %w(publish comment).include?(mode) || article.title_changed? || article.body_changed? errors.add_to_base "User must be provided for Article events" unless (mode == 'comment' && author) || user_id end end app/models/event.rb @@ -1,5 +1,5 @@ <li class="event-revision<%= " shade" if defined?(shaded) && shaded == true %>"> <span class="event-time"><%= event_time_for event, later %></span> <%= link_to h(event.title), :controller => 'articles', :action => 'edit', :id => event.article_id %> was revised. - <span class="meta">by <%= link_to who(event.user.login), :controller => 'users', :action => 'show', :id => event.user %></span> + <span class="meta">by <%= link_to h(who(event.user.login)), :controller => 'users', :action => 'show', :id => event.user %></span> </li> \ No newline at end of file app/views/admin/overview/_edit_event.rhtml @@ -87,7 +87,7 @@ Rails::Initializer.run do |config| config.gem 'mocha' config.gem 'coderay' config.gem 'tzinfo', :version => '>= 0.3.12' - config.gem 'emk-safe_erb', :version => '>= 0.1.1', :lib => 'safe_erb', + config.gem 'emk-safe_erb', :version => '>= 0.1.2', :lib => 'safe_erb', :source => 'http://gems.github.com' end config/environment.rb @@ -30,7 +30,7 @@ User.blueprint do token { 'quentintoken' } admin { false } salt { '7e3041ebc2fc05a40c60028e2c4901a81035d3cd' } - crypted_password { '00742970dc9e6319f8019fd54864d3ea740f04b1' } + crypted_password { '00742970dc9e6319f8019fd54864d3ea740f04b1' } # test end Membership.blueprint do @@ -62,3 +62,27 @@ end Tag.blueprint do name { Sham.tag } end + +Event.class_eval do + blueprint do + site + mode { 'publish' } # or 'edit', 'comment' + title { Sham.title } + body { Sham.body } + created_at { Time.now - 3.days } + # These can be nil, depending on the type of comment + # author + # comment + # user + end + + def self.make_from(record) + options = {:title => record.title, :body => record.body, :site => record.site, :mode => Event.mode_from(record)} + if record.is_a?(Comment) + options.update :article => record.article, :comment => record, :author => record.author + else + options.update :article => record, :user => record.updater || record.user + end + Event.make(options) + end +end \ No newline at end of file spec/blueprints.rb @@ -1,20 +1,20 @@ require File.dirname(__FILE__) + '/../spec_helper' # Verify that our safe_erb patches are working. -describe "An ERB template" do +describe ActionView::Template do before :each do - @template = ERB.new('<%= var %>') + path = File.join(File.dirname(__FILE__), 'safe_erb_template.html.erb') + @template = ActionView::Template.new(path) + @view = ActionView::Base.new end it "should not raise an error when untained values are interpolated" do - var = "foo" - assert_equal var, @template.result(binding) + assert_equal "foo\n", @template.render_template(@view, :var => 'foo') end - it "should raise an error when tained values are interpolated" do - assert_raise RuntimeError do - var = "foo".taint - @template.result(binding) + it "should fail when tainted values are interpolated into HTML" do + assert_raise ActionView::TemplateError do + @template.render_template(@view, :var => 'foo'.taint) end end end spec/models/safe_erb_spec.rb @@ -3,13 +3,13 @@ require File.dirname(__FILE__) + '/../../test_helper' # Re-raise errors caught by the controller. class Admin::OverviewController; def rescue_action(e) raise e end; end -class Admin::OverviewControllerTest < Test::Unit::TestCase - fixtures :users, :contents, :events, :sites, :memberships +class Admin::OverviewControllerTest < ActionController::TestCase def setup - @controller = Admin::OverviewController.new - @request = ActionController::TestRequest.new - @response = ActionController::TestResponse.new - login_as :quentin + Site.transaction do + [Site, User, Event, Article, Membership].each &:delete_all + end + @site = Site.make + host! @site.host end def test_routing @@ -20,41 +20,62 @@ class Admin::OverviewControllerTest < Test::Unit::TestCase end def test_should_allow_site_admins_to_access_site - login_as :arthur + @user = User.make + Membership.make :user => @user, :site => @site, :admin => true + @request.session[:user] = User.authenticate_for(@site, @user.login, 'test') + get :index assert_response :success end def test_should_allow_site_members_to_acces_overview - login_as :ben - get :index - assert_response :success - end + @user = User.make + Membership.make :user => @user, :site => @site, :admin => false + @request.session[:user] = User.authenticate_for(@site, @user.login, 'test') - def test_should_not_explode_on_home_page get :index assert_response :success end - + def test_should_require_http_auth_on_feed get :feed assert_response 401 end - - def test_should_require_http_auth_on_feed - @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("quentin:test")}" + + def test_should_allow_http_auth_on_feed + @user = User.make + Membership.make :user => @user, :site => @site, :admin => true + @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{@user.login}:test")}" get :feed assert_response :success end - + def test_should_sort_future_items_in_todays_events - today = Time.now.utc - assert events(:future).update_attribute( :created_at, today + 2.days) - assert events(:site_map).update_attribute(:created_at, today) - assert events(:about).update_attribute( :created_at, today - 1.day) + Site.transaction do + @admin = User.make + @user = User.make + @article = Article.make :site => @site, :user => @user + @article.title = 'foo' ; @article.body = 'bar' + @event1 = Event.make_from @article + @comment = Comment.make :article => @article + @event2 = Event.make_from @comment + @article.title = 'foo2' ; @article.body = 'bar2' + @event3 = Event.make_from @article + @events = Event.all + assert_equal 3, @events.size + + today = Time.now.utc + assert @event1.update_attribute(:created_at, today + 2.days) + assert @event2.update_attribute(:created_at, today) + assert @event3.update_attribute(:created_at, today - 1.day) + + Membership.make :user => @admin, :site => @site, :admin => true + end + + @request.session[:user] = User.authenticate_for(@site, @admin.login, 'test') get :index - assert assigns(:todays_events).include?(events(:future)), "#{assigns(:todays_events).collect(&:id).inspect}" - assert assigns(:todays_events).include?(events(:site_map)), "#{assigns(:todays_events).collect(&:id).inspect}" - assert assigns(:yesterdays_events).include?(events(:about)), "#{assigns(:yesterdays_events).collect(&:id).inspect}" + assert assigns(:todays_events).include?(@event1), "#{assigns(:todays_events).collect(&:id).inspect}" + assert assigns(:todays_events).include?(@event2), "#{assigns(:todays_events).collect(&:id).inspect}" + assert assigns(:yesterdays_events).include?(@event3), "#{assigns(:yesterdays_events).collect(&:id).inspect}" end end test/functional/admin/overview_controller_test.rb @@ -3,6 +3,9 @@ ENV['TZ'] = 'US/Central' require File.expand_path(File.dirname(__FILE__) + "/../config/environment") require 'test_help' +require 'ruby-debug' +require 'machinist' +require File.join(File.dirname(__FILE__), '..', 'spec', 'blueprints') require File.expand_path(File.dirname(__FILE__) + "/actor") ASSET_PATH = File.join(RAILS_ROOT, 'test/fixtures/tmp/assets') unless Object.const_defined?(:ASSET_PATH) require File.join(File.dirname(__FILE__), 'referenced_caching_test_helper') test/test_helper.rb vendor/gems/emk-safe_erb-0.1.1/.specification vendor/gems/emk-safe_erb-0.1.1/MIT-LICENSE vendor/gems/emk-safe_erb-0.1.1/README vendor/gems/emk-safe_erb-0.1.1/Rakefile vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/action_view_extensions.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/common.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/erb_extensions.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/rails_1.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/rails_2.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/sqlite3_fix.rb vendor/gems/emk-safe_erb-0.1.1/lib/safe_erb/tag_helper.rb vendor/gems/emk-safe_erb-0.1.1/rails/init.rb vendor/gems/emk-safe_erb-0.1.1/test/safe_erb_test.rb vendor/gems/emk-safe_erb-0.1.1/test/tag_helper_test.rb vendor/gems/emk-safe_erb-0.1.1/test/test_helper.rb f2712773d0f8beed1be8ec97fcd39a27f6ff4159 4f4e5a77b043d9626507548acd65ac6fe1839aa4 Eric Kidd git@randomhacks.net http://github.com/emk/mephisto/commit/adaba9bc598e822903ed8c51280061933d5aad7a adaba9bc598e822903ed8c51280061933d5aad7a 2008-12-20T19:02:25-08:00 2008-12-20T19:02:25-08:00 Merge branch 'master' into new-plugins 45d62477c4e49e5547b5ab84bc39b303bb586eca Eric Kidd git@randomhacks.net