nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Redirect conversations/new to conversations

Browse source
This commit is contained in:
Steffen van Bergerem 2014-09-01 17:11:56 +02:00
parent 1a5bcec394
commit ba0bccbef1
2 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/conversations_controller.rb
View file

@ -84,7 +84,7 @@ class ConversationsController < ApplicationController
end end
def new def new
if !params[:facebox] && session[:mobile_view] == false && request.format.html? if !params[:facebox] && !session[:mobile_view] && request.format.html?
redirect_to conversations_path redirect_to conversations_path
return return
end end

19
spec/controllers/conversations_controller_spec.rb
View file

@ -10,32 +10,39 @@ describe ConversationsController, :type => :controller do
end end
describe '#new' do describe '#new' do
it 'succeeds' do it 'redirects to #index' do
get :new get :new
expect(response).to redirect_to conversations_path
end
end
describe '#new facebox' do
it 'succeeds' do
get :new, :facebox => true
expect(response).to be_success expect(response).to be_success
end end
it "assigns a json list of contacts that are sharing with the person" do it "assigns a json list of contacts that are sharing with the person" do
get :new get :new, :facebox => true
expect(assigns(:contacts_json)).to include(alice.contacts.where(:sharing => true).first.person.name) expect(assigns(:contacts_json)).to include(alice.contacts.where(:sharing => true).first.person.name)
alice.contacts << Contact.new(:person_id => eve.person.id, :user_id => alice.id, :sharing => false, :receiving => true) alice.contacts << Contact.new(:person_id => eve.person.id, :user_id => alice.id, :sharing => false, :receiving => true)
expect(assigns(:contacts_json)).not_to include(alice.contacts.where(:sharing => false).first.person.name) expect(assigns(:contacts_json)).not_to include(alice.contacts.where(:sharing => false).first.person.name)
end end
it "assigns a contact if passed a contact id" do it "assigns a contact if passed a contact id" do
get :new, :contact_id => alice.contacts.first.id get :new, :contact_id => alice.contacts.first.id, :facebox => true
expect(assigns(:contact_ids)).to eq(alice.contacts.first.id) expect(assigns(:contact_ids)).to eq(alice.contacts.first.id)
end end
it "assigns a set of contacts if passed an aspect id" do it "assigns a set of contacts if passed an aspect id" do
get :new, :aspect_id => alice.aspects.first.id get :new, :aspect_id => alice.aspects.first.id, :facebox => true
expect(assigns(:contact_ids)).to eq(alice.aspects.first.contacts.map(&:id).join(',')) expect(assigns(:contact_ids)).to eq(alice.aspects.first.contacts.map(&:id).join(','))
end end
it "does not allow XSS via the name parameter" do it "does not allow XSS via the name parameter" do
["</script><script>alert(1);</script>", ["</script><script>alert(1);</script>",
'"}]});alert(1);(function f() {var foo = [{b:"'].each do |xss| '"}]});alert(1);(function f() {var foo = [{b:"'].each do |xss|
get :new, name: xss get :new, :facebox => true, name: xss
expect(response.body).not_to include xss expect(response.body).not_to include xss
end end
end end
@ -44,7 +51,7 @@ describe ConversationsController, :type => :controller do
xss = "<script>alert(0);</script>" xss = "<script>alert(0);</script>"
contact = alice.contacts.first contact = alice.contacts.first
contact.person.profile.update_attribute(:first_name, xss) contact.person.profile.update_attribute(:first_name, xss)
get :new get :new, :facebox => true
json = JSON.parse(assigns(:contacts_json)).first json = JSON.parse(assigns(:contacts_json)).first
expect(json['value'].to_s).to eq(contact.id.to_s) expect(json['value'].to_s).to eq(contact.id.to_s)
expect(json['name']).to_not include(xss) expect(json['name']).to_not include(xss)