]> git.openstreetmap.org Git - rails.git/blobdiff - test/helpers/user_roles_helper_test.rb
Prevent CSRF bypass with password reset form
[rails.git] / test / helpers / user_roles_helper_test.rb
index 058d6abd40aca00e32f4ecf95f3f916ef3d64884..dfd790a0b3da1311df54c4dca75513361b83f4a1 100644 (file)
@@ -10,7 +10,13 @@ class UserRolesHelperTest < ActionView::TestCase
     assert_dom_equal "", icon
 
     icon = role_icon(create(:moderator_user), "moderator")
     assert_dom_equal "", icon
 
     icon = role_icon(create(:moderator_user), "moderator")
-    assert_dom_equal '<picture><source srcset="/images/roles/moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" /></picture>', icon
+    expected = <<~HTML.delete("\n")
+      <picture>
+      <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" />
+      </picture>
+    HTML
+    assert_dom_equal expected, icon
   end
 
   def test_role_icon_administrator
   end
 
   def test_role_icon_administrator
@@ -18,24 +24,56 @@ class UserRolesHelperTest < ActionView::TestCase
 
     user = create(:user)
     icon = role_icon(user, "moderator")
 
     user = create(:user)
     icon = role_icon(user, "moderator")
-    assert_dom_equal %(<a confirm="Are you sure you want to grant the role `moderator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/moderator/grant"><picture><source srcset="/images/roles/blank_moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/blank_moderator.svg" border="0" alt="Grant moderator access" title="Grant moderator access" src="/images/roles/blank_moderator.png" width="20" height="20" /></picture></a>), icon
+    expected = <<~HTML.delete("\n")
+      <a confirm="Are you sure you want to grant the role `moderator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/moderator/grant">
+      <picture>
+      <source srcset="/images/roles/blank_moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/blank_moderator.svg" border="0" alt="Grant moderator access" title="Grant moderator access" src="/images/roles/blank_moderator.png" width="20" height="20" />
+      </picture>
+      </a>
+    HTML
+    assert_dom_equal expected, icon
 
     moderator_user = create(:moderator_user)
     icon = role_icon(moderator_user, "moderator")
 
     moderator_user = create(:moderator_user)
     icon = role_icon(moderator_user, "moderator")
-    assert_dom_equal %(<a confirm="Are you sure you want to revoke the role `moderator&#39; from the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/moderator/revoke"><picture><source srcset="/images/roles/moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/moderator.svg" border="0" alt="Revoke moderator access" title="Revoke moderator access" src="/images/roles/moderator.png" width="20" height="20" /></picture></a>), icon
+    expected = <<~HTML.delete("\n")
+      <a confirm="Are you sure you want to revoke the role `moderator&#39; from the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/moderator/revoke">
+      <picture>
+      <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/moderator.svg" border="0" alt="Revoke moderator access" title="Revoke moderator access" src="/images/roles/moderator.png" width="20" height="20" />
+      </picture>
+      </a>
+    HTML
+    assert_dom_equal expected, icon
   end
 
   def test_role_icons_normal
     self.current_user = create(:user)
 
     icons = role_icons(current_user)
   end
 
   def test_role_icons_normal
     self.current_user = create(:user)
 
     icons = role_icons(current_user)
-    assert_dom_equal "  ", icons
+    assert_dom_equal "", icons
 
     icons = role_icons(create(:moderator_user))
 
     icons = role_icons(create(:moderator_user))
-    assert_dom_equal '  <picture><source srcset="/images/roles/moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" /></picture>', icons
+    expected = <<~HTML.delete("\n")
+      <picture>
+      <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" />
+      </picture>
+    HTML
+    assert_dom_equal expected, icons
 
     icons = role_icons(create(:super_user))
 
     icons = role_icons(create(:super_user))
-    assert_dom_equal ' <picture><source srcset="/images/roles/administrator.svg" type="image/svg+xml" /><img srcset="/images/roles/administrator.svg" border="0" alt="This user is an administrator" title="This user is an administrator" src="/images/roles/administrator.png" width="20" height="20" /></picture> <picture><source srcset="/images/roles/moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" /></picture>', icons
+    expected = <<~HTML.delete("\n")
+      <picture>
+      <source srcset="/images/roles/administrator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/administrator.svg" border="0" alt="This user is an administrator" title="This user is an administrator" src="/images/roles/administrator.png" width="20" height="20" />
+      </picture>
+       <picture>
+      <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" />
+      </picture>
+    HTML
+    assert_dom_equal expected, icons
   end
 
   def test_role_icons_administrator
   end
 
   def test_role_icons_administrator
@@ -43,14 +81,56 @@ class UserRolesHelperTest < ActionView::TestCase
 
     user = create(:user)
     icons = role_icons(user)
 
     user = create(:user)
     icons = role_icons(user)
-    assert_dom_equal %( <a confirm="Are you sure you want to grant the role `administrator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/administrator/grant"><picture><source srcset="/images/roles/blank_administrator.svg" type="image/svg+xml" /><img srcset="/images/roles/blank_administrator.svg" border="0" alt="Grant administrator access" title="Grant administrator access" src="/images/roles/blank_administrator.png" width="20" height="20" /></picture></a> <a confirm="Are you sure you want to grant the role `moderator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/moderator/grant"><picture><source srcset="/images/roles/blank_moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/blank_moderator.svg" border="0" alt="Grant moderator access" title="Grant moderator access" src="/images/roles/blank_moderator.png" width="20" height="20" /></picture></a>), icons
+    expected = <<~HTML.delete("\n")
+      <a confirm="Are you sure you want to grant the role `administrator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/administrator/grant">
+      <picture>
+      <source srcset="/images/roles/blank_administrator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/blank_administrator.svg" border="0" alt="Grant administrator access" title="Grant administrator access" src="/images/roles/blank_administrator.png" width="20" height="20" />
+      </picture>
+      </a>
+       <a confirm="Are you sure you want to grant the role `moderator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/moderator/grant">
+      <picture>
+      <source srcset="/images/roles/blank_moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/blank_moderator.svg" border="0" alt="Grant moderator access" title="Grant moderator access" src="/images/roles/blank_moderator.png" width="20" height="20" />
+      </picture>
+      </a>
+    HTML
+    assert_dom_equal expected, icons
 
     moderator_user = create(:moderator_user)
     icons = role_icons(moderator_user)
 
     moderator_user = create(:moderator_user)
     icons = role_icons(moderator_user)
-    assert_dom_equal %( <a confirm="Are you sure you want to grant the role `administrator&#39; to the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/administrator/grant"><picture><source srcset="/images/roles/blank_administrator.svg" type="image/svg+xml" /><img srcset="/images/roles/blank_administrator.svg" border="0" alt="Grant administrator access" title="Grant administrator access" src="/images/roles/blank_administrator.png" width="20" height="20" /></picture></a> <a confirm="Are you sure you want to revoke the role `moderator&#39; from the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/moderator/revoke"><picture><source srcset="/images/roles/moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/moderator.svg" border="0" alt="Revoke moderator access" title="Revoke moderator access" src="/images/roles/moderator.png" width="20" height="20" /></picture></a>), icons
+    expected = <<~HTML.delete("\n")
+      <a confirm="Are you sure you want to grant the role `administrator&#39; to the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/administrator/grant">
+      <picture>
+      <source srcset="/images/roles/blank_administrator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/blank_administrator.svg" border="0" alt="Grant administrator access" title="Grant administrator access" src="/images/roles/blank_administrator.png" width="20" height="20" />
+      </picture>
+      </a>
+       <a confirm="Are you sure you want to revoke the role `moderator&#39; from the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/moderator/revoke">
+      <picture>
+      <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/moderator.svg" border="0" alt="Revoke moderator access" title="Revoke moderator access" src="/images/roles/moderator.png" width="20" height="20" />
+      </picture>
+      </a>
+    HTML
+    assert_dom_equal expected, icons
 
     super_user = create(:super_user)
     icons = role_icons(super_user)
 
     super_user = create(:super_user)
     icons = role_icons(super_user)
-    assert_dom_equal %( <a confirm="Are you sure you want to revoke the role `administrator&#39; from the user `#{super_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(super_user.display_name)}/role/administrator/revoke"><picture><source srcset="/images/roles/administrator.svg" type="image/svg+xml" /><img srcset="/images/roles/administrator.svg" border="0" alt="Revoke administrator access" title="Revoke administrator access" src="/images/roles/administrator.png" width="20" height="20" /></picture></a> <a confirm="Are you sure you want to revoke the role `moderator&#39; from the user `#{super_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(super_user.display_name)}/role/moderator/revoke"><picture><source srcset="/images/roles/moderator.svg" type="image/svg+xml" /><img srcset="/images/roles/moderator.svg" border="0" alt="Revoke moderator access" title="Revoke moderator access" src="/images/roles/moderator.png" width="20" height="20" /></picture></a>), icons
+    expected = <<~HTML.delete("\n")
+      <a confirm="Are you sure you want to revoke the role `administrator&#39; from the user `#{super_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(super_user.display_name)}/role/administrator/revoke">
+      <picture>
+      <source srcset="/images/roles/administrator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/administrator.svg" border="0" alt="Revoke administrator access" title="Revoke administrator access" src="/images/roles/administrator.png" width="20" height="20" />
+      </picture>
+      </a>
+       <a confirm="Are you sure you want to revoke the role `moderator&#39; from the user `#{super_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(super_user.display_name)}/role/moderator/revoke">
+      <picture>
+      <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
+      <img srcset="/images/roles/moderator.svg" border="0" alt="Revoke moderator access" title="Revoke moderator access" src="/images/roles/moderator.png" width="20" height="20" />
+      </picture>
+      </a>
+    HTML
+    assert_dom_equal expected, icons
   end
 end
   end
 end