1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe UserDetail do
it { is_expected.to belong_to(:user) }
it { is_expected.to define_enum_for(:registration_objective).with_values([:basics, :move_repository, :code_storage, :exploring, :ci, :other, :joining_team]).with_suffix }
describe 'validations' do
describe '#job_title' do
it { is_expected.not_to validate_presence_of(:job_title) }
it { is_expected.to validate_length_of(:job_title).is_at_most(200) }
end
describe '#pronouns' do
it { is_expected.not_to validate_presence_of(:pronouns) }
it { is_expected.to validate_length_of(:pronouns).is_at_most(50) }
end
describe '#pronunciation' do
it { is_expected.not_to validate_presence_of(:pronunciation) }
it { is_expected.to validate_length_of(:pronunciation).is_at_most(255) }
end
describe '#bio' do
it { is_expected.to validate_length_of(:bio).is_at_most(255) }
end
describe '#linkedin' do
it { is_expected.to validate_length_of(:linkedin).is_at_most(500) }
end
describe '#twitter' do
it { is_expected.to validate_length_of(:twitter).is_at_most(500) }
end
describe '#skype' do
it { is_expected.to validate_length_of(:skype).is_at_most(500) }
end
describe '#location' do
it { is_expected.to validate_length_of(:location).is_at_most(500) }
end
describe '#organization' do
it { is_expected.to validate_length_of(:organization).is_at_most(500) }
end
describe '#website_url' do
it { is_expected.to validate_length_of(:website_url).is_at_most(500) }
it 'only validates the website_url if it is changed' do
user_detail = create(:user_detail)
# `update_attribute` required to bypass current validations
# Validations on `User#website_url` were added after
# there was already data in the database and `UserDetail#website_url` is
# derived from `User#website_url` so this reproduces the state of some of
# our production data
user_detail.update_attribute(:website_url, 'NotAUrl')
expect(user_detail).to be_valid
user_detail.website_url = 'AlsoNotAUrl'
expect(user_detail).not_to be_valid
expect(user_detail.errors.full_messages).to match_array(["Website url is not a valid URL"])
end
end
end
describe '#save' do
let(:user_detail) do
create(:user_detail,
bio: 'bio',
linkedin: 'linkedin',
twitter: 'twitter',
skype: 'skype',
location: 'location',
organization: 'organization',
website_url: 'https://example.com')
end
shared_examples 'prevents `nil` value' do |attr|
it 'converts `nil` to the empty string' do
user_detail[attr] = nil
expect { user_detail.save! }
.to change { user_detail[attr] }.to('')
.and not_change { user_detail.attributes.except(attr.to_s) }
end
end
it_behaves_like 'prevents `nil` value', :bio
it_behaves_like 'prevents `nil` value', :linkedin
it_behaves_like 'prevents `nil` value', :twitter
it_behaves_like 'prevents `nil` value', :skype
it_behaves_like 'prevents `nil` value', :location
it_behaves_like 'prevents `nil` value', :organization
it_behaves_like 'prevents `nil` value', :website_url
end
describe '#sanitize_attrs' do
shared_examples 'sanitizes html' do |attr|
it 'sanitizes html tags' do
details = build_stubbed(:user_detail, attr => '<a href="//evil.com">https://example.com<a>')
expect { details.sanitize_attrs }.to change { details[attr] }.to('https://example.com')
end
it 'sanitizes iframe scripts' do
details = build_stubbed(:user_detail, attr => '<iframe src=javascript:alert()><iframe>')
expect { details.sanitize_attrs }.to change { details[attr] }.to('')
end
it 'sanitizes js scripts' do
details = build_stubbed(:user_detail, attr => '<script>alert("Test")</script>')
expect { details.sanitize_attrs }.to change { details[attr] }.to('')
end
end
%i[linkedin skype twitter website_url].each do |attr|
it_behaves_like 'sanitizes html', attr
it 'encodes HTML entities' do
details = build_stubbed(:user_detail, attr => 'test&attr')
expect { details.sanitize_attrs }.to change { details[attr] }.to('test&attr')
end
end
%i[location organization].each do |attr|
it_behaves_like 'sanitizes html', attr
it 'does not encode HTML entities' do
details = build_stubbed(:user_detail, attr => 'test&attr')
expect { details.sanitize_attrs }.not_to change { details[attr] }
end
end
it 'sanitizes on validation' do
details = build(:user_detail)
expect(details)
.to receive(:sanitize_attrs)
.at_least(:once)
.and_call_original
details.save!
end
end
end
|
