2019-04-30 08:27:42 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-10-11 17:41:23 +08:00
|
|
|
require 'rails_helper'
|
2013-02-06 03:16:51 +08:00
|
|
|
|
|
|
|
describe StaticController do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:upload) { Fabricate(:upload) }
|
2013-02-06 03:16:51 +08:00
|
|
|
|
2017-11-27 11:50:57 +08:00
|
|
|
context '#favicon' do
|
2019-03-14 04:17:36 +08:00
|
|
|
let(:filename) { 'smallest.png' }
|
|
|
|
let(:file) { file_from_fixtures(filename) }
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
let(:upload) do
|
|
|
|
UploadCreator.new(file, filename).create_for(Discourse.system_user.id)
|
|
|
|
end
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-05-29 14:34:55 +08:00
|
|
|
before_all do
|
|
|
|
DistributedMemoizer.flush!
|
|
|
|
end
|
|
|
|
|
2018-11-14 15:03:02 +08:00
|
|
|
after do
|
2019-02-21 15:03:55 +08:00
|
|
|
DistributedMemoizer.flush!
|
2018-11-14 15:03:02 +08:00
|
|
|
end
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
describe 'local store' do
|
|
|
|
it 'returns the default favicon if favicon has not been configured' do
|
|
|
|
get '/favicon/proxied'
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.content_type).to eq('image/png')
|
2019-05-01 21:44:45 +08:00
|
|
|
expect(response.body.bytesize).to eq(SiteIconManager.favicon.filesize)
|
2019-03-14 04:17:36 +08:00
|
|
|
end
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
it 'returns the configured favicon' do
|
|
|
|
SiteSetting.favicon = upload
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
get '/favicon/proxied'
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.content_type).to eq('image/png')
|
|
|
|
expect(response.body.bytesize).to eq(upload.filesize)
|
|
|
|
end
|
2017-11-27 11:50:57 +08:00
|
|
|
end
|
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
describe 'external store' do
|
|
|
|
let(:upload) do
|
|
|
|
Upload.create!(
|
|
|
|
url: '//s3-upload-bucket.s3-us-east-1.amazonaws.com/somewhere/a.png',
|
|
|
|
original_filename: filename,
|
|
|
|
filesize: file.size,
|
|
|
|
user_id: Discourse.system_user.id
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.enable_s3_uploads = true
|
|
|
|
SiteSetting.s3_access_key_id = 'X'
|
|
|
|
SiteSetting.s3_secret_access_key = 'X'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can proxy a favicon correctly' do
|
|
|
|
SiteSetting.favicon = upload
|
|
|
|
|
|
|
|
stub_request(:get, "https:/#{upload.url}")
|
|
|
|
.to_return(status: 200, body: file)
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
get '/favicon/proxied'
|
2017-11-27 11:50:57 +08:00
|
|
|
|
2019-03-14 04:17:36 +08:00
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.content_type).to eq('image/png')
|
|
|
|
expect(response.body.bytesize).to eq(upload.filesize)
|
|
|
|
end
|
2017-11-27 11:50:57 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
context '#brotli_asset' do
|
2017-03-21 03:59:06 +08:00
|
|
|
it 'returns a non brotli encoded 404 if asset is missing' do
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/brotli_asset/missing.js"
|
2016-12-15 13:05:20 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
expect(response.status).to eq(404)
|
|
|
|
expect(response.headers['Content-Encoding']).not_to eq('br')
|
2017-11-27 11:50:57 +08:00
|
|
|
expect(response.headers['Cache-Control']).to match(/max-age=1/)
|
2017-03-21 03:59:06 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'can handle fallback brotli assets' do
|
|
|
|
begin
|
|
|
|
assets_path = Rails.root.join("tmp/backup_assets")
|
|
|
|
|
|
|
|
GlobalSetting.stubs(:fallback_assets_path).returns(assets_path.to_s)
|
|
|
|
|
|
|
|
FileUtils.mkdir_p(assets_path)
|
|
|
|
|
|
|
|
file_path = assets_path.join("test.js.br")
|
|
|
|
File.write(file_path, 'fake brotli file')
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/brotli_asset/test.js"
|
2017-03-21 03:59:06 +08:00
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.headers["Cache-Control"]).to match(/public/)
|
|
|
|
ensure
|
|
|
|
File.delete(file_path)
|
|
|
|
end
|
2016-12-15 13:05:20 +08:00
|
|
|
end
|
|
|
|
|
2016-12-05 13:08:36 +08:00
|
|
|
it 'has correct headers for brotli assets' do
|
2016-12-05 13:37:33 +08:00
|
|
|
begin
|
|
|
|
assets_path = Rails.root.join("public/assets")
|
2016-12-05 13:08:36 +08:00
|
|
|
|
2016-12-05 13:37:33 +08:00
|
|
|
FileUtils.mkdir_p(assets_path)
|
2016-12-05 13:08:36 +08:00
|
|
|
|
2016-12-05 13:37:33 +08:00
|
|
|
file_path = assets_path.join("test.js.br")
|
|
|
|
File.write(file_path, 'fake brotli file')
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/brotli_asset/test.js"
|
2016-12-05 13:37:33 +08:00
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.headers["Cache-Control"]).to match(/public/)
|
|
|
|
ensure
|
|
|
|
File.delete(file_path)
|
|
|
|
end
|
2016-12-05 13:08:36 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
context '#show' do
|
2014-07-25 02:27:34 +08:00
|
|
|
before do
|
|
|
|
post = create_post
|
2017-07-07 14:09:14 +08:00
|
|
|
SiteSetting.tos_topic_id = post.topic.id
|
|
|
|
SiteSetting.guidelines_topic_id = post.topic.id
|
|
|
|
SiteSetting.privacy_topic_id = post.topic.id
|
2014-07-25 02:27:34 +08:00
|
|
|
end
|
|
|
|
|
2013-10-31 04:37:22 +08:00
|
|
|
context "with a static file that's present" do
|
2019-03-04 11:32:12 +08:00
|
|
|
it "should return the right response for /faq" do
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/faq"
|
2013-02-06 03:16:51 +08:00
|
|
|
|
2018-06-07 16:11:09 +08:00
|
|
|
expect(response.status).to eq(200)
|
2017-08-31 12:06:56 +08:00
|
|
|
expect(response.body).to include(I18n.t('js.faq'))
|
2018-11-28 10:36:14 +08:00
|
|
|
expect(response.body).to include("<title>FAQ - Discourse</title>")
|
2013-07-24 02:42:52 +08:00
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
[
|
2019-05-22 21:29:15 +08:00
|
|
|
['tos', :tos_url, I18n.t('js.tos')],
|
|
|
|
['privacy', :privacy_policy_url, I18n.t('js.privacy')]
|
2017-08-31 12:06:56 +08:00
|
|
|
].each do |id, setting_name, text|
|
2013-06-18 22:52:04 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
context "#{id}" do
|
2013-10-31 04:37:22 +08:00
|
|
|
context "when #{setting_name} site setting is NOT set" do
|
|
|
|
it "renders the #{id} page" do
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/#{id}"
|
|
|
|
|
2018-06-07 16:11:09 +08:00
|
|
|
expect(response.status).to eq(200)
|
2017-08-31 12:06:56 +08:00
|
|
|
expect(response.body).to include(text)
|
2013-07-24 02:42:52 +08:00
|
|
|
end
|
2013-06-18 22:52:04 +08:00
|
|
|
end
|
|
|
|
|
2013-10-31 04:37:22 +08:00
|
|
|
context "when #{setting_name} site setting is set" do
|
2017-08-31 12:06:56 +08:00
|
|
|
before do
|
2019-05-07 09:00:09 +08:00
|
|
|
SiteSetting.set(setting_name, 'http://example.com/page')
|
2017-08-31 12:06:56 +08:00
|
|
|
end
|
2013-06-18 22:52:04 +08:00
|
|
|
|
2013-10-31 04:37:22 +08:00
|
|
|
it "redirects to the #{setting_name}" do
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/#{id}"
|
|
|
|
|
|
|
|
expect(response).to redirect_to('http://example.com/page')
|
2013-10-31 04:37:22 +08:00
|
|
|
end
|
2013-06-18 22:52:04 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-10-31 04:37:22 +08:00
|
|
|
context "with a missing file" do
|
|
|
|
it "should respond 404" do
|
2017-08-31 12:06:56 +08:00
|
|
|
get "/static/does-not-exist"
|
|
|
|
expect(response.status).to eq(404)
|
2013-10-31 04:37:22 +08:00
|
|
|
end
|
2019-03-04 17:34:48 +08:00
|
|
|
|
|
|
|
context "modal pages" do
|
|
|
|
it "should return the right response for /signup" do
|
|
|
|
get "/signup"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should return the right response for /password-reset" do
|
|
|
|
get "/password-reset"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
2013-10-31 04:37:22 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'should redirect to / when logged in and path is /login' do
|
2017-08-31 12:06:56 +08:00
|
|
|
sign_in(Fabricate(:user))
|
|
|
|
get "/login"
|
|
|
|
expect(response).to redirect_to('/')
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2014-07-27 05:16:08 +08:00
|
|
|
it "should display the login template when login is required" do
|
2017-07-07 14:09:14 +08:00
|
|
|
SiteSetting.login_required = true
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
get "/login"
|
|
|
|
|
2018-06-07 16:11:09 +08:00
|
|
|
expect(response.status).to eq(200)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
expect(response.body).to include(PrettyText.cook(I18n.t(
|
|
|
|
'login_required.welcome_message', title: SiteSetting.title
|
|
|
|
)))
|
2014-07-27 05:16:08 +08:00
|
|
|
end
|
2017-03-08 18:30:49 +08:00
|
|
|
|
|
|
|
context "when login_required is enabled" do
|
|
|
|
before do
|
|
|
|
SiteSetting.login_required = true
|
|
|
|
end
|
|
|
|
|
2018-12-19 05:40:05 +08:00
|
|
|
['faq', 'guidelines', 'rules', 'conduct'].each do |page_name|
|
2018-07-27 03:37:56 +08:00
|
|
|
it "#{page_name} page redirects to login page for anon" do
|
|
|
|
get "/#{page_name}"
|
|
|
|
expect(response).to redirect_to '/login'
|
|
|
|
end
|
2017-08-31 12:06:56 +08:00
|
|
|
|
2018-07-27 03:37:56 +08:00
|
|
|
it "#{page_name} page redirects to login page for anon" do
|
|
|
|
get "/#{page_name}"
|
|
|
|
expect(response).to redirect_to '/login'
|
|
|
|
end
|
2017-03-08 18:30:49 +08:00
|
|
|
|
2018-07-27 03:37:56 +08:00
|
|
|
it "#{page_name} page loads for logged in user" do
|
|
|
|
sign_in(Fabricate(:user))
|
2017-08-31 12:06:56 +08:00
|
|
|
|
2018-07-27 03:37:56 +08:00
|
|
|
get "/#{page_name}"
|
2017-08-31 12:06:56 +08:00
|
|
|
|
2018-07-27 03:37:56 +08:00
|
|
|
expect(response.status).to eq(200)
|
2019-05-22 21:29:15 +08:00
|
|
|
expect(response.body).to include(I18n.t('js.guidelines'))
|
2018-07-27 03:37:56 +08:00
|
|
|
end
|
2017-03-08 18:30:49 +08:00
|
|
|
end
|
|
|
|
end
|
2018-11-28 10:36:14 +08:00
|
|
|
|
|
|
|
context "crawler view" do
|
|
|
|
it "should include correct title" do
|
|
|
|
get '/faq', headers: { 'HTTP_USER_AGENT' => 'Googlebot' }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response.body).to include("<title>FAQ - Discourse</title>")
|
|
|
|
end
|
|
|
|
end
|
2014-07-27 05:16:08 +08:00
|
|
|
end
|
2013-10-31 04:37:22 +08:00
|
|
|
|
2013-06-05 06:34:54 +08:00
|
|
|
describe '#enter' do
|
|
|
|
context 'without a redirect path' do
|
|
|
|
it 'redirects to the root url' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json"
|
|
|
|
expect(response).to redirect_to('/')
|
2013-06-05 06:34:54 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a redirect path' do
|
|
|
|
it 'redirects to the redirect path' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json", params: { redirect: '/foo' }
|
|
|
|
expect(response).to redirect_to('/foo')
|
2013-06-05 06:34:54 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-08-29 05:45:13 +08:00
|
|
|
context 'with a full url' do
|
|
|
|
it 'redirects to the correct path' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json", params: { redirect: "#{Discourse.base_url}/foo" }
|
|
|
|
expect(response).to redirect_to('/foo')
|
2014-08-29 05:45:13 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-10-30 23:31:44 +08:00
|
|
|
context 'with a period to force a new host' do
|
|
|
|
it 'redirects to the root path' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json", params: { redirect: ".org/foo" }
|
|
|
|
expect(response).to redirect_to('/')
|
2014-10-30 23:31:44 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-08-29 05:45:13 +08:00
|
|
|
context 'with a full url to someone else' do
|
|
|
|
it 'redirects to the root path' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json", params: { redirect: "http://eviltrout.com/foo" }
|
|
|
|
expect(response).to redirect_to('/')
|
2014-08-29 05:45:13 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with an invalid URL' do
|
|
|
|
it "redirects to the root" do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json", params: { redirect: "javascript:alert('trout')" }
|
|
|
|
expect(response).to redirect_to('/')
|
2014-08-29 05:45:13 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 19:40:16 +08:00
|
|
|
context 'with an array' do
|
|
|
|
it "redirects to the root" do
|
|
|
|
post "/login.json", params: { redirect: ["/foo"] }
|
2019-06-17 19:14:30 +08:00
|
|
|
expect(response.status).to eq(400)
|
|
|
|
json = JSON.parse(response.body)
|
|
|
|
expect(json["errors"]).to be_present
|
|
|
|
expect(json["errors"]).to include(
|
|
|
|
I18n.t("invalid_params", message: "redirect")
|
|
|
|
)
|
2019-06-11 19:40:16 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-06-05 06:34:54 +08:00
|
|
|
context 'when the redirect path is the login page' do
|
|
|
|
it 'redirects to the root url' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post "/login.json", params: { redirect: login_path }
|
|
|
|
expect(response).to redirect_to('/')
|
2013-06-05 06:34:54 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|