# frozen_string_literal: true RSpec.describe Onebox::Helpers do describe ".truncate" do let(:test_string) { "Chops off on spaces" } it { expect(described_class.truncate(test_string)).to eq(test_string) } it { expect(described_class.truncate(test_string, 5)).to eq("Chops...") } it { expect(described_class.truncate(test_string, 7)).to eq("Chops...") } it { expect(described_class.truncate(test_string, 9)).to eq("Chops off...") } it { expect(described_class.truncate(test_string, 10)).to eq("Chops off...") } it { expect(described_class.truncate(test_string, 100)).to eq("Chops off on spaces") } it { expect(described_class.truncate(" #{test_string} ", 6)).to eq(" Chops...") } end describe "fetch_response" do around do |example| previous_options = Onebox.options.to_h Onebox.options = { max_download_kb: 1 } stub_request(:get, "http://example.com/large-file").to_return( status: 200, body: onebox_response("slides"), ) example.run Onebox.options = previous_options end it "raises an exception when responses are larger than our limit" do expect { described_class.fetch_response("http://example.com/large-file") }.to raise_error( Onebox::Helpers::DownloadTooLarge, ) end it "returns the body of the response when size of response body exceeds the limit and `raise_error_when_response_too_large` has been set to `false`" do expect( described_class.fetch_response( "http://example.com/large-file", raise_error_when_response_too_large: false, ), ).to eq(onebox_response("slides")) end it "raises an exception when private url requested" do FinalDestination::TestHelper.stub_to_fail do expect { described_class.fetch_response("http://example.com/large-file") }.to raise_error( FinalDestination::SSRFDetector::DisallowedIpError, ) end end end describe "fetch_html_doc" do it "can handle unicode URIs" do uri = "https://www.reddit.com/r/UFOs/comments/k18ukd/๐จ๐๐ข_๐ฑ๐ฟ๐ผ๐ฝ๐_๐ฐ๐ผ๐_๐๐ต๐ฟ๐ผ๐๐ด๐ต_๐ฏ๐ฎ๐ฟ๐ป_๐ฟ๐ผ๐ผ๐ณ/" stub_request(:get, uri).to_return(status: 200, body: "
success
") expect(described_class.fetch_html_doc(uri).to_s).to match("success") end it "does not raise an error when response body exceeds Onebox's `max_download_kb` limit" do previous_options = Onebox.options.to_h Onebox.options = previous_options.merge(max_download_kb: 1) stub_request(:get, "http://example.com/large-file").to_return( status: 200, body: onebox_response("slides"), ) expect(described_class.fetch_html_doc("http://example.com/large-file").to_s).to include( "ECMAScript 2015 by David Leonard", ) ensure Onebox.options = previous_options end context "with canonical link" do it "follows canonical link" do uri = "https://www.example.com" stub_request(:get, uri).to_return( status: 200, body: "invalid
", ) stub_request(:get, "http://foobar.com").to_return( status: 200, body: "success
", ) stub_request(:head, "http://foobar.com").to_return(status: 200, body: "") expect(described_class.fetch_html_doc(uri).to_s).to match("success") end it "does not follow canonical link pointing at localhost" do uri = "https://www.example.com" FinalDestination::SSRFDetector .stubs(:lookup_ips) .with { |h| h == "localhost" } .returns(["127.0.0.1"]) stub_request(:get, uri).to_return( status: 200, body: "success
", ) expect(described_class.fetch_html_doc(uri).to_s).to match("success") end end end describe ".fetch_content_length" do it "does not connect to private IP" do uri = "https://www.example.com" FinalDestination::TestHelper.stub_to_fail do expect { described_class.fetch_content_length(uri) }.to raise_error( FinalDestination::SSRFDetector::DisallowedIpError, ) end end end describe "redirects" do describe "redirect limit" do before do codes = [301, 302, 303, 307, 308] (1..6).each do |i| code = codes.pop || 302 stub_request(:get, "https://httpbin.org/redirect/#{i}").to_return( status: code, body: "", headers: { location: "https://httpbin.org/redirect/#{i - 1}", }, ) end stub_request(:get, "https://httpbin.org/redirect/0").to_return( status: 200, body: "success
", ) end it "can follow redirects" do expect(described_class.fetch_response("https://httpbin.org/redirect/2")).to match("success") end it "errors on long redirect chains" do expect { described_class.fetch_response("https://httpbin.org/redirect/6") }.to raise_error( Net::HTTPError, /redirect too deep/, ) end end describe "cookie handling" do it "naively forwards cookies to the next request" do stub_request(:get, "https://httpbin.org/cookies/set/a/b").to_return( status: 302, headers: { location: "/cookies", "set-cookie": "a=b; Path=/", }, ) stub_request(:get, "https://httpbin.org/cookies").with( headers: { cookie: "a=b; Path=/", }, ).to_return(status: 200, body: "success, cookie readback not implemented") expect(described_class.fetch_response("https://httpbin.org/cookies/set/a/b")).to match( "success", ) end it "does not send cookies to the wrong domain" do skip("unimplemented") stub_request(:get, "https://httpbin.org/cookies/set/a/b").to_return( status: 302, headers: { location: "https://evil.com/show_cookies", "set-cookie": "a=b; Path=/", }, ) stub_request(:get, "https://evil.com/show_cookies").with( headers: { cookie: nil, }, ).to_return(status: 200, body: "success, cookie readback not implemented") described_class.fetch_response("https://httpbin.org/cookies/set/a/b") end end end describe "user_agent" do context "with default" do it "has the default Discourse user agent" do stub_request(:get, "http://example.com/some-resource").with( headers: { "user-agent" => /Discourse Forum Onebox/, }, ).to_return(status: 200, body: "test") described_class.fetch_response("http://example.com/some-resource") end end context "with custom option" do around do |example| previous_options = Onebox.options.to_h Onebox.options = { user_agent: "EvilTroutBot" } example.run Onebox.options = previous_options end it "has the custom user agent" do stub_request(:get, "http://example.com/some-resource").with( headers: { "user-agent" => "EvilTroutBot v#{Discourse::VERSION::STRING}", }, ).to_return(status: 200, body: "test") described_class.fetch_response("http://example.com/some-resource") end end end describe ".normalize_url_for_output" do it do expect(described_class.normalize_url_for_output("http://example.com/fo o")).to eq( "http://example.com/fo%20o", ) end it do expect(described_class.normalize_url_for_output("http://example.com/fo'o")).to eq( "http://example.com/fo'o", ) end it do expect(described_class.normalize_url_for_output('http://example.com/fo"o')).to eq( "http://example.com/fo"o", ) end it do expect(described_class.normalize_url_for_output("http://example.com/fo