discourse/spec/jobs/download_backup_email_spec.rb
Guo Xiang Tan c6f5df4caa SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:32:26 +08:00

23 lines
618 B
Ruby

require 'rails_helper'
RSpec.describe Jobs::DownloadBackupEmail do
let(:user) { Fabricate(:admin) }
it "should work" do
described_class.new.execute(
user_id: user.id,
backup_file_path: "http://some.example.test/"
)
email = ActionMailer::Base.deliveries.last
expect(email.subject).to eq(I18n.t('download_backup_mailer.subject_template',
email_prefix: SiteSetting.title
))
expect(email.body.raw_source).to eq(I18n.t('download_backup_mailer.text_body_template',
backup_file_path: "http://some.example.test/?token=#{EmailBackupToken.get(user.id)}"
))
end
end