summaryrefslogtreecommitdiff
path: root/spec/helpers/wiki_page_version_helper_spec.rb
blob: bc500c28c5ac72ac77698e8a87175a3052ead04a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe WikiPageVersionHelper do
  let_it_be(:project) { create(:project, :public, :repository) }
  let_it_be(:user) { create(:user, username: 'foo') }

  let(:commit_with_user) { create(:commit, project: project, author: user)}
  let(:commit_without_user) { create(:commit, project: project, author_name: 'Foo', author_email: 'foo@example.com')}
  let(:wiki_page_version) { Gitlab::Git::WikiPageVersion.new(commit, nil) }

  describe '#wiki_page_version_author_url' do
    subject { helper.wiki_page_version_author_url(wiki_page_version) }

    context 'when user exists' do
      let(:commit) { commit_with_user }

      it 'returns the link to the user profile' do
        expect(subject).to eq('http://localhost/foo')
      end
    end

    context 'when user does not exist' do
      let(:commit) { commit_without_user }

      it 'returns the mailto link' do
        expect(subject).to eq "mailto:#{commit_without_user.author_email}"
      end
    end
  end

  describe '#wiki_page_version_author_avatar' do
    let(:commit) { commit_with_user }

    subject { helper.wiki_page_version_author_avatar(wiki_page_version) }

    it 'returns the user avatar', :aggregate_failures do
      avatar = Nokogiri::HTML.parse(subject)

      expect(avatar.css('img')[0].attr('class')).to eq('avatar s24 float-none gl-mr-0! lazy')
      expect(avatar.css('img')[0].attr('data-src')).not_to be_empty
      expect(avatar.css('img')[0].attr('src')).not_to be_empty
    end
  end

  describe '#wiki_page_version_author_header', :aggregate_failures do
    let(:commit_with_xss) { create(:commit, project: project, author_email: "#' style=animation-name:blinking-dot onanimationstart=alert(document.domain) other", author_name: "<i>foo</i>") }
    let(:header) { Nokogiri::HTML.parse(subject) }

    subject { helper.wiki_page_version_author_header(wiki_page_version) }

    context 'when user exists' do
      let(:commit) { commit_with_user }

      it 'renders commit header with user info' do
        expect(header.css('a')[0].attr('href')).to eq("http://localhost/foo")
        expect(header.css('a')[0].children[2].to_s).to eq("<strong>#{user.name}</strong>")
      end
    end

    context 'when user does not exist' do
      let(:commit) { commit_without_user }

      it 'renders commit header with info from commit' do
        expect(header.css('a')[0].attr('href')).to eq("mailto:#{commit.author_email}")
        expect(header.css('a')[0].children[2].to_s).to eq("<strong>#{wiki_page_version.author_name}</strong>")
      end
    end

    context 'when user info has XSS' do
      let(:commit) { commit_with_xss }

      it 'sets the right href and escapes HTML chars' do
        expect(header.css('a')[0].attr('href')).to eq("mailto:#{commit.author_email}")
        expect(header.css('a')[0].children[2].to_s).to eq("<strong>&lt;i&gt;foo&lt;/i&gt;</strong>")
      end
    end
  end
end
View Lorry Controller Status