# frozen_string_literal: true
RSpec.describe "Sidebar navigation menu", type: :system, js: true do
fab!(:current_user) { Fabricate(:user) }
before do
SiteSetting.navigation_menu = "sidebar"
chat_system_bootstrap
sign_in(current_user)
end
context "when displaying the public channels section" do
fab!(:channel_1) { Fabricate(:chat_channel) }
before { channel_1.add(current_user) }
it "displays correct channels section title" do
visit("/")
expect(page).to have_css(
".sidebar-section-chat-channels .sidebar-section-header-text",
text: I18n.t("js.chat.chat_channels"),
)
end
it "displays the correct hash icon prefix" do
visit("/")
expect(page).to have_css(
".sidebar-section-chat-channels .sidebar-section-link-#{channel_1.slug} .sidebar-section-link-prefix svg.prefix-icon.d-icon-hashtag",
)
end
it "channel link has the correct href" do
visit("/")
expect(page).to have_link(
channel_1.name,
href: "/chat/channel/#{channel_1.id}/#{channel_1.slug}",
)
end
context "when the category is private" do
fab!(:group_1) { Fabricate(:group) }
fab!(:private_channel_1) { Fabricate(:private_category_channel, group: group_1) }
before do
group_1.add(current_user)
private_channel_1.add(current_user)
end
it "has a lock badge" do
visit("/")
expect(page).to have_css(
".sidebar-section-chat-channels .sidebar-section-link-#{private_channel_1.slug} .sidebar-section-link-prefix svg.prefix-badge.d-icon-lock",
)
end
end
context "when the channel has an emoji in the title" do
fab!(:channel_1) { Fabricate(:chat_channel, name: "test :heart:") }
before { channel_1.add(current_user) }
it "unescapes the emoji" do
visit("/")
expect(page).to have_css(
".sidebar-section-chat-channels .sidebar-section-link-#{channel_1.slug} .emoji",
)
end
end
context "when the channel is muted" do
fab!(:channel_2) { Fabricate(:chat_channel) }
before do
Fabricate(
:user_chat_channel_membership,
user: current_user,
chat_channel: channel_2,
muted: true,
)
end
it "has a muted class" do
visit("/")
expect(page).to have_css(
".sidebar-section-chat-channels .sidebar-section-link-#{channel_2.slug}.sidebar-section-link--muted",
)
end
end
context "when channel description contains malicious content" do
before { channel_1.update!(description: "") }
it "escapes the title attribute using it" do
visit("/")
expect(
page.find(".sidebar-section-chat-channels .sidebar-section-link-#{channel_1.slug}")[
"title"
],
).to eq("<script>alert('hello')</script>")
end
end
end
context "when displaying the direct message channels section" do
context "when the channel has two participants" do
fab!(:other_user) { Fabricate(:user) }
fab!(:dm_channel_1) { Fabricate(:direct_message_channel, users: [current_user, other_user]) }
it "displays other user avatar in prefix when two participants" do
visit("/")
expect(
page.find(
".sidebar-section-chat-dms a.sidebar-section-link:nth-child(1) .sidebar-section-link-prefix img",
)[
"src"
],
).to include(other_user.username)
end
it "displays other user username as link text" do
visit("/")
expect(
page.find(".sidebar-section-chat-dms a.sidebar-section-link:nth-child(1)"),
).to have_content(other_user.username)
end
context "when other user has status" do
before do
SiteSetting.enable_user_status = true
other_user.set_status!("online", "heart")
end
it "displays the status" do
visit("/")
expect(
page.find(".sidebar-section-chat-dms a.sidebar-section-link:nth-child(1)"),
).to have_css(".user-status")
end
end
end
context "when channel has more than 2 participants" do
fab!(:user_1) { Fabricate(:user) }
fab!(:user_2) { Fabricate(:user) }
fab!(:dm_channel_1) do
Fabricate(:direct_message_channel, users: [current_user, user_1, user_2])
end
it "displays all participants names" do
visit("/")
expect(
page.find(
".sidebar-section-chat-dms a.sidebar-section-link:nth-child(1) .sidebar-section-link-content-text",
),
).to have_content("#{user_1.username}, #{user_2.username}")
end
end
context "when username contains malicious content" do
fab!(:other_user) { Fabricate(:user) }
fab!(:dm_channel_1) { Fabricate(:direct_message_channel, users: [current_user, other_user]) }
before do
other_user.username = ""
other_user.save!(validate: false)
end
it "escapes the title attribute using it" do
visit("/")
expect(page.find(".sidebar-section-chat-dms .channel-#{dm_channel_1.id}")["title"]).to eq(
"Chat with @<script>alert('hello')</script>",
)
end
end
end
end