# Offense count: 26
# Configuration parameters: CountComments, CountAsOne.
Metrics/ClassLength:
- Max: 305
+ Max: 313
# Offense count: 59
# Configuration parameters: AllowedMethods, AllowedPatterns.
});
}
- function updateChangeset(form, method, url, include_data) {
+ function updateChangeset(method, url, include_data) {
var data;
- $(form).find("#comment-error").prop("hidden", true);
- $(form).find("input[type=submit]").prop("disabled", true);
+ content.find("#comment-error").prop("hidden", true);
+ content.find("button[data-method][data-url]").prop("disabled", true);
if (include_data) {
- data = { text: $(form.text).val() };
+ data = { text: content.find("textarea").val() };
} else {
data = {};
}
OSM.loadSidebarContent(window.location.pathname, page.load);
},
error: function (xhr) {
- $(form).find("#comment-error").text(xhr.responseText);
- $(form).find("#comment-error").prop("hidden", false);
- $(form).find("input[type=submit]").prop("disabled", false);
+ content.find("button[data-method][data-url]").prop("disabled", false);
+ content.find("#comment-error")
+ .text(xhr.responseText)
+ .prop("hidden", false)
+ .get(0).scrollIntoView({ block: "nearest" });
}
});
}
function initialize() {
- content.find("input[name=comment]").on("click", function (e) {
+ content.find("button[data-method][data-url]").on("click", function (e) {
e.preventDefault();
var data = $(e.target).data();
- updateChangeset(e.target.form, data.method, data.url, true);
- });
-
- content.find(".action-button").on("click", function (e) {
- e.preventDefault();
- var data = $(e.target).data();
- updateChangeset(e.target.form, data.method, data.url);
+ var include_data = e.target.name === "comment";
+ updateChangeset(data.method, data.url, include_data);
});
content.find("textarea").on("input", function (e) {
}
}
- span.action-button:hover {
- cursor: pointer;
- text-decoration: underline;
- }
-
.note-description {
overflow: hidden;
margin: 0 0 10px 10px;
trace = do_create(params[:file], tags, description, visibility)
if trace.id
- TraceImporterJob.perform_later(trace)
+ trace.schedule_import
render :plain => trace.id.to_s
elsif trace.valid?
head :internal_server_error
if trace.user == current_user
trace.visible = false
trace.save!
- TraceDestroyerJob.perform_later(trace)
+ trace.schedule_destruction
head :ok
else
##
#
def unconfirmed_login(user)
- session[:token] = user.tokens.create.token
+ session[:pending_user] = user.id
- redirect_to :controller => "confirmations", :action => "confirm", :display_name => user.display_name
+ redirect_to :controller => "confirmations", :action => "confirm",
+ :display_name => user.display_name, :referer => session[:referer]
session.delete(:remember_me)
session.delete(:referer)
flash[:notice] = t "accounts.update.success_confirm_needed"
begin
- UserMailer.email_confirm(user, user.tokens.create).deliver_later
+ UserMailer.email_confirm(user, user.generate_token_for(:new_email)).deliver_later
rescue StandardError
# Ignore errors sending email
end
def confirm
if request.post?
- token = UserToken.find_by(:token => params[:confirm_string])
- if token&.user&.active?
- flash[:error] = t(".already active")
- redirect_to login_path
- elsif !token || token.expired?
+ token = params[:confirm_string]
+
+ user = User.find_by_token_for(:new_user, token) ||
+ UserToken.unexpired.find_by(:token => token)&.user
+
+ if !user
flash[:error] = t(".unknown token")
redirect_to :action => "confirm"
- elsif !token.user.visible?
- render_unknown_user token.user.display_name
+ elsif user.active?
+ flash[:error] = t(".already active")
+ redirect_to login_path
+ elsif !user.visible?
+ render_unknown_user user.display_name
else
- user = token.user
user.activate
user.email_valid = true
flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
user.save!
- referer = safe_referer(token.referer) if token.referer
- token.destroy
+ referer = safe_referer(params[:referer]) if params[:referer]
+ UserToken.delete_by(:token => token)
- if session[:token]
- token = UserToken.find_by(:token => session[:token])
- session.delete(:token)
- else
- token = nil
- end
-
- if token.nil? || token.user != user
- flash[:notice] = t(".success")
- redirect_to login_path(:referer => referer)
- else
- token.destroy
+ pending_user = session.delete(:pending_user)
+ if user.id == pending_user
session[:user] = user.id
session[:fingerprint] = user.fingerprint
redirect_to referer || welcome_path
+ else
+ flash[:notice] = t(".success")
+ redirect_to login_path(:referer => referer)
end
end
else
def confirm_resend
user = User.visible.find_by(:display_name => params[:display_name])
- token = UserToken.find_by(:token => session[:token])
- if user.nil? || token.nil? || token.user != user
+ if user.nil? || user.id != session[:pending_user]
flash[:error] = t ".failure", :name => params[:display_name]
else
- UserMailer.signup_confirm(user, user.tokens.create).deliver_later
+ UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
end
def confirm_email
if request.post?
- token = UserToken.find_by(:token => params[:confirm_string])
- if token&.user&.new_email?
- self.current_user = token.user
+ token = params[:confirm_string]
+
+ self.current_user = User.find_by_token_for(:new_email, token) ||
+ UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
+
+ if current_user&.new_email?
current_user.email = current_user.new_email
current_user.new_email = nil
current_user.email_valid = true
current_user.tokens.delete_all
session[:user] = current_user.id
session[:fingerprint] = current_user.fingerprint
- elsif token
+ elsif current_user
flash[:error] = t ".failure"
else
flash[:error] = t ".unknown_token"
@title = t ".title"
if params[:token]
- token = UserToken.find_by(:token => params[:token])
+ self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
+ UserToken.unexpired.find_by(:token => params[:token])&.user
- if token
- self.current_user = token.user
- else
+ if current_user.nil?
flash[:error] = t ".flash token bad"
redirect_to :action => "new"
end
end
if user
- token = user.tokens.create
+ token = user.generate_token_for(:password_reset)
UserMailer.lost_password(user, token).deliver_later
flash[:notice] = t ".notice email on way"
redirect_to login_path
def update
if params[:token]
- token = UserToken.find_by(:token => params[:token])
-
- if token
- self.current_user = token.user
+ self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
+ UserToken.unexpired.find_by(:token => params[:token])&.user
+ if current_user
if params[:user]
current_user.pass_crypt = params[:user][:pass_crypt]
current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
current_user.email_valid = true
if current_user.save
- token.destroy
+ UserToken.delete_by(:token => params[:token])
session[:fingerprint] = current_user.fingerprint
flash[:notice] = t ".flash changed"
successful_login(current_user)
@title = t ".title"
if request.post?
- if session[:token]
- token = UserToken.find_by(:token => session[:token])
- token&.destroy
- session.delete(:token)
- end
-
+ session.delete(:pending_user)
session.delete(:user)
session_expires_automatically
flash[:notice] = t ".trace_uploaded"
flash[:warning] = t ".traces_waiting", :count => current_user.traces.where(:inserted => false).count if current_user.traces.where(:inserted => false).count > 4
- TraceImporterJob.perform_later(@trace)
+ @trace.schedule_import
redirect_to :action => :index, :display_name => current_user.display_name
else
flash[:error] = t(".upload_failed") if @trace.valid?
trace.visible = false
trace.save
flash[:notice] = t ".scheduled_for_deletion"
- TraceDestroyerJob.perform_later(trace)
+ trace.schedule_destruction
redirect_to :action => :index, :display_name => trace.user.display_name
end
rescue ActiveRecord::RecordNotFound
session[:referer] = referer
successful_login(current_user)
else
- session[:token] = current_user.tokens.create.token
- UserMailer.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_later
+ session[:pending_user] = current_user.id
+ UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later
redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name
end
else
when "openid"
uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
uid.match(%r{https://me.yahoo.com/(.*)})
- when "google", "facebook", "microsoft"
+ when "google", "facebook", "microsoft", "github", "wikipedia"
true
else
false
before_action :set_shared_template_vars
before_action :attach_project_logo
- def signup_confirm(user, token)
+ def signup_confirm(user, token, referer = nil)
with_recipient_locale user do
@url = url_for(:controller => "confirmations", :action => "confirm",
:display_name => user.display_name,
- :confirm_string => token.token)
+ :confirm_string => token,
+ :referer => referer)
mail :to => user.email,
:subject => t(".subject")
with_recipient_locale user do
@address = user.new_email
@url = url_for(:controller => "confirmations", :action => "confirm_email",
- :confirm_string => token.token)
+ :confirm_string => token)
mail :to => user.new_email,
:subject => t(".subject")
def lost_password(user, token)
with_recipient_locale user do
- @url = user_reset_password_url(:token => token.token)
+ @url = user_reset_password_url(:token => token)
mail :to => user.email,
:subject => t(".subject")
end
end
+ def schedule_import
+ TraceImporterJob.new(self).enqueue(:priority => user.traces.where(:inserted => false).count)
+ end
+
+ def schedule_destruction
+ TraceDestroyerJob.perform_later(self)
+ end
+
private
def content_type(file)
before_save :update_tile
after_save :spam_check
+ generates_token_for :new_user, :expires_in => 1.week do
+ fingerprint
+ end
+
+ generates_token_for :new_email, :expires_in => 1.week do
+ fingerprint
+ end
+
+ generates_token_for :password_reset, :expires_in => 1.week do
+ fingerprint
+ end
+
def display_name_cannot_be_user_id_with_other_id
display_name&.match(/^user_(\d+)$/i) do |m|
errors.add :display_name, I18n.t("activerecord.errors.messages.display_name_is_user_n") unless m[1].to_i == id
class UserToken < ApplicationRecord
belongs_to :user
+ scope :unexpired, -> { where("expiry >= now()") }
+
after_initialize :set_defaults
def expired?
<% if current_user %>
<div class="col-auto">
<% if @changeset.subscribers.exists?(current_user.id) %>
- <button class="action-button btn btn-sm btn-primary" name="unsubscribe" data-method="POST" data-url="<%= changeset_unsubscribe_url(@changeset) %>"><%= t("javascripts.changesets.show.unsubscribe") %></button>
+ <button class="btn btn-sm btn-primary" name="unsubscribe" data-method="POST" data-url="<%= changeset_unsubscribe_url(@changeset) %>"><%= t("javascripts.changesets.show.unsubscribe") %></button>
<% else %>
- <button class="action-button btn btn-sm btn-primary" name="subscribe" data-method="POST" data-url="<%= changeset_subscribe_url(@changeset) %>"><%= t("javascripts.changesets.show.subscribe") %></button>
+ <button class="btn btn-sm btn-primary" name="subscribe" data-method="POST" data-url="<%= changeset_subscribe_url(@changeset) %>"><%= t("javascripts.changesets.show.subscribe") %></button>
<% end %>
</div>
<% end %>
</div>
<% if @comments.length > 0 %>
- <div class='changeset-comments'>
- <form action="#">
- <ul class="list-unstyled">
- <% @comments.each do |comment| %>
- <% if comment.visible %>
- <li id="c<%= comment.id %>">
- <small class='text-muted'>
- <%= t(".comment_by_html",
- :time_ago => friendly_date_ago(comment.created_at),
- :user => link_to(comment.author.display_name, user_path(comment.author))) %>
- <% if current_user and current_user.moderator? %>
- — <span class="action-button" data-comment-id="<%= comment.id %>" data-method="POST" data-url="<%= changeset_comment_hide_url(comment.id) %>"><%= t("javascripts.changesets.show.hide_comment") %></span>
- <% end %>
- </small>
- <div class="mx-2">
- <%= comment.body.to_html %>
- </div>
- </li>
- <% elsif current_user and current_user.moderator? %>
- <li id="c<%= comment.id %>">
- <small class='text-muted'>
- <%= t(".hidden_comment_by_html",
- :time_ago => friendly_date_ago(comment.created_at),
- :user => link_to(comment.author.display_name, user_path(comment.author))) %>
- — <span class="action-button text-muted" data-comment-id="<%= comment.id %>" data-method="POST" data-url="<%= changeset_comment_unhide_url(comment.id) %>"><%= t("javascripts.changesets.show.unhide_comment") %></span>
- </small>
- <div class="mx-2">
- <%= comment.body.to_html %>
- </div>
- </li>
+ <ul class="list-unstyled">
+ <% @comments.each do |comment| %>
+ <% next unless comment.visible || current_user&.moderator? %>
+ <li id="c<%= comment.id %>">
+ <small class='text-muted'>
+ <%= t comment.visible ? ".comment_by_html" : ".hidden_comment_by_html",
+ :time_ago => friendly_date_ago(comment.created_at),
+ :user => link_to(comment.author.display_name, user_path(comment.author)) %>
+ <% if current_user&.moderator? %>
+ —
+ <%= tag.button t("javascripts.changesets.show.#{comment.visible ? 'hide' : 'unhide'}_comment"),
+ :class => "btn btn-sm small btn-link link-secondary p-0 align-baseline",
+ :data => { :method => "POST",
+ :url => comment.visible ? changeset_comment_hide_url(comment) : changeset_comment_unhide_url(comment) } %>
<% end %>
- <% end %>
- </ul>
- </form>
- </div>
+ </small>
+ <div class="mx-2">
+ <%= comment.body.to_html %>
+ </div>
+ </li>
+ <% end %>
+ </ul>
<% end %>
<% unless current_user %>
- <p class="notice">
+ <p>
<%= link_to(t(".join_discussion"), login_path(:referer => request.fullpath)) %>
</p>
<% end %>
<div id="comment-error" class="alert alert-danger p-2 mb-3" hidden>
</div>
<div>
- <input type="submit" name="comment" value="<%= t("javascripts.changesets.show.comment") %>" data-changeset-id="<%= @changeset.id %>" data-method="POST" data-url="<%= changeset_comment_url(@changeset) %>" disabled="1" class="btn btn-sm btn-primary" />
+ <button name="comment" data-method="POST" data-url="<%= changeset_comment_url(@changeset) %>" disabled class="btn btn-sm btn-primary"><%= t("javascripts.changesets.show.comment") %></button>
</div>
</form>
<% else %>
- <p class="notice">
+ <p>
<%= t(".still_open") %>
</p>
<% end %>
end
end
+ def sign_out
+ visit logout_path
+ click_on "Logout", :match => :first
+ end
+
def within_sidebar(&block)
within "#sidebar_content", &block
end
browse_check :changeset_path, changeset.id, "browse/changeset"
end
- def test_read_changeset_hidden_comments
- changeset = create(:changeset)
- create_list(:changeset_comment, 3, :changeset => changeset)
- create(:changeset_comment, :visible => false, :changeset => changeset)
-
- browse_check :changeset_path, changeset.id, "browse/changeset"
- assert_select "div.changeset-comments ul li", :count => 3
-
- session_for(create(:moderator_user))
-
- browse_check :changeset_path, changeset.id, "browse/changeset"
- assert_select "div.changeset-comments ul li", :count => 4
- end
-
def test_read_changeset_element_links
changeset = create(:changeset)
node = create(:node, :with_history, :changeset => changeset)
user = build(:user, :pending)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
assert_response :success
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
# Get the confirmation page
get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
post logout_path
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
assert_redirected_to welcome_path
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
post logout_path
session_for(create(:user))
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
post logout_path
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string, :referer => new_diary_entry_path }
assert_redirected_to login_path(:referer => new_diary_entry_path)
assert_match(/Confirmed your account/, flash[:notice])
end
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string, :referer => new_diary_entry_path }
assert_redirected_to new_diary_entry_path
end
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
post logout_path
session_for(create(:user))
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string, :referer => new_diary_entry_path }
assert_redirected_to login_path(:referer => new_diary_entry_path)
assert_match(/Confirmed your account/, flash[:notice])
end
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:expiry => 1.day.ago).token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ travel 2.weeks do
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ end
assert_redirected_to :action => "confirm"
assert_match(/confirmation code has expired/, flash[:error])
end
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string, :referer => new_diary_entry_path }
assert_redirected_to new_diary_entry_path
post logout_path
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string, :referer => new_diary_entry_path }
assert_redirected_to login_path
assert_match(/already been confirmed/, flash[:error])
end
stub_gravatar_request(user.email)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
+ confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user)
User.find_by(:display_name => user.display_name).hide!
def test_confirm_email_get
user = create(:user)
- confirm_string = user.tokens.create.token
+ confirm_string = user.generate_token_for(:new_email)
get user_confirm_email_path, :params => { :confirm_string => confirm_string }
assert_response :success
def test_confirm_email_success
user = create(:user, :new_email => "test-new@example.com")
stub_gravatar_request(user.new_email)
- confirm_string = user.tokens.create.token
+ confirm_string = user.generate_token_for(:new_email)
post user_confirm_email_path, :params => { :confirm_string => confirm_string }
assert_response :redirect
def test_confirm_email_already_confirmed
user = create(:user)
- confirm_string = user.tokens.create.token
+ confirm_string = user.generate_token_for(:new_email)
post user_confirm_email_path, :params => { :confirm_string => confirm_string }
assert_response :redirect
# switch to email that has a gravatar
user = create(:user, :new_email => "test-new@example.com")
stub_gravatar_request(user.new_email, 200)
- confirm_string = user.tokens.create.token
+ confirm_string = user.generate_token_for(:new_email)
# precondition gravatar should be turned off
assert_not user.image_use_gravatar
post user_confirm_email_path, :params => { :confirm_string => confirm_string }
# switch to email without a gravatar
user = create(:user, :new_email => "test-new@example.com", :image_use_gravatar => true)
stub_gravatar_request(user.new_email, 404)
- confirm_string = user.tokens.create.token
+ confirm_string = user.generate_token_for(:new_email)
# precondition gravatar should be turned on
assert user.image_use_gravatar
post user_confirm_email_path, :params => { :confirm_string => confirm_string }
assert_redirected_to :action => :new
# Create a valid token for a user
- token = user.tokens.create
+ token = user.generate_token_for(:password_reset)
# Test a request with a valid token
- get user_reset_password_path, :params => { :token => token.token }
+ get user_reset_password_path, :params => { :token => token }
assert_response :success
assert_template :edit
# Test that errors are reported for erroneous submissions
- post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
+ post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
assert_response :success
assert_template :edit
assert_select "div.invalid-feedback"
# Test setting a new password
- post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
+ post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
assert_response :redirect
assert_redirected_to root_path
assert_equal user.id, session[:user]
user = build(:user, :pending)
post user_new_path, :params => { :user => user.attributes }
post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
-
- assert_difference "User.find_by(:email => user.email).tokens.count", -1 do
- post logout_path
- end
+ post logout_path
assert_response :redirect
assert_redirected_to root_path
end
assert_difference "User.count", 1 do
assert_difference "ActionMailer::Base.deliveries.size", 1 do
- perform_enqueued_jobs do
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- end
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ assert_enqueued_with :job => ActionMailer::MailDeliveryJob,
+ :args => proc { |args| args[3][:args][2] == welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3) }
+ perform_enqueued_jobs
end
end
- assert_equal welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3),
- User.find_by(:email => user.email).tokens.order("id DESC").first.referer
-
ActionMailer::Base.deliveries.clear
end
+++ /dev/null
-require "test_helper"
-
-class UserChangesetCommentsTest < ActionDispatch::IntegrationTest
- # Test 'log in to comment' message for nonlogged in user
- def test_log_in_message
- changeset = create(:changeset, :closed)
-
- get "/changeset/#{changeset.id}"
- assert_response :success
-
- assert_select "div#content" do
- assert_select "div#sidebar" do
- assert_select "div#sidebar_content" do
- assert_select "div" do
- assert_select "p.notice" do
- assert_select "a[href='/login?referer=%2Fchangeset%2F#{changeset.id}']", :text => I18n.t("browse.changeset.join_discussion"), :count => 1
- end
- end
- end
- end
- end
- end
-
- # Test if the form is shown
- def test_displaying_form
- user = create(:user)
- changeset = create(:changeset, :closed)
-
- get "/login"
- follow_redirect!
- # We should now be at the login page
- assert_response :success
- assert_template "sessions/new"
- # We can now login
- post "/login", :params => { "username" => user.email, "password" => "test" }
- assert_response :redirect
-
- get "/changeset/#{changeset.id}"
-
- assert_response :success
- assert_template "browse/changeset"
-
- assert_select "div#content" do
- assert_select "div#sidebar" do
- assert_select "div#sidebar_content" do
- assert_select "div" do
- assert_select "form[action='#']" do
- assert_select "textarea[name=text]"
- end
- end
- end
- end
- end
- end
-end
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
OmniAuth.config.add_mock(:github, :uid => "123454321", :info => { "email" => new_email })
assert_difference("User.count") do
- assert_difference("ActionMailer::Base.deliveries.size", 1) do
+ assert_no_difference("ActionMailer::Base.deliveries.size") do
perform_enqueued_jobs do
post "/user/new",
:params => { :user => { :email => new_email,
:read_ct => 1,
:read_tou => 1 }
assert_response :redirect
- assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+ assert_redirected_to welcome_path
follow_redirect!
end
end
# Check the page
assert_response :success
- assert_template "confirmations/confirm"
+ assert_template "site/welcome"
ActionMailer::Base.deliveries.clear
end
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
OmniAuth.config.add_mock(:wikipedia, :uid => "123454321", :info => { "email" => new_email })
assert_difference("User.count") do
- assert_difference("ActionMailer::Base.deliveries.size", 1) do
+ assert_no_difference("ActionMailer::Base.deliveries.size") do
perform_enqueued_jobs do
post "/user/new",
:params => { :user => { :email => new_email,
:read_ct => 1,
:read_tou => 1 }
assert_response :redirect
- assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+ assert_redirected_to welcome_path
follow_redirect!
end
end
# Check the page
assert_response :success
- assert_template "confirmations/confirm"
+ assert_template "site/welcome"
ActionMailer::Base.deliveries.clear
end
assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct
- confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+ confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s
end
- confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+ confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
# Check the page
assert_response :success
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
- get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :success
assert_template "confirmations/confirm"
- post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+ post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
assert_response :redirect
follow_redirect!
assert_response :success
--- /dev/null
+require "application_system_test_case"
+
+class ChangesetCommentsTest < ApplicationSystemTestCase
+ test "open changeset has a still open notice" do
+ changeset = create(:changeset)
+ sign_in_as(create(:user))
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_no_button "Comment"
+ assert_text "Changeset still open"
+ end
+ end
+
+ test "changeset has a login notice" do
+ changeset = create(:changeset, :closed)
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_no_button "Subscribe"
+ assert_no_button "Comment"
+ assert_link "Log in to join the discussion", :href => login_path(:referer => changeset_path(changeset))
+ end
+ end
+
+ test "can add a comment to a changeset" do
+ changeset = create(:changeset, :closed)
+ user = create(:user)
+ sign_in_as(user)
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_no_content "Comment from #{user.display_name}"
+ assert_no_content "Some newly added changeset comment"
+ assert_button "Comment", :disabled => true
+
+ fill_in "text", :with => "Some newly added changeset comment"
+
+ assert_button "Comment", :disabled => false
+
+ click_on "Comment"
+
+ assert_content "Comment from #{user.display_name}"
+ assert_content "Some newly added changeset comment"
+ end
+ end
+
+ test "regular users can't hide comments" do
+ changeset = create(:changeset, :closed)
+ create(:changeset_comment, :changeset => changeset, :body => "Unwanted comment")
+ sign_in_as(create(:user))
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_text "Unwanted comment"
+ assert_no_button "hide"
+ end
+ end
+
+ test "moderators can hide comments" do
+ changeset = create(:changeset, :closed)
+ create(:changeset_comment, :changeset => changeset, :body => "Unwanted comment")
+
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_text "Unwanted comment"
+ end
+
+ sign_in_as(create(:moderator_user))
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_text "Unwanted comment"
+ assert_button "hide", :exact => true
+ assert_no_button "unhide", :exact => true
+
+ click_on "hide", :exact => true
+
+ assert_text "Unwanted comment"
+ assert_no_button "hide", :exact => true
+ assert_button "unhide", :exact => true
+ end
+
+ sign_out
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_no_text "Unwanted comment"
+ end
+ end
+
+ test "moderators can unhide comments" do
+ changeset = create(:changeset, :closed)
+ create(:changeset_comment, :changeset => changeset, :body => "Wanted comment", :visible => false)
+
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_no_text "Wanted comment"
+ end
+
+ sign_in_as(create(:moderator_user))
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_text "Wanted comment"
+ assert_no_button "hide", :exact => true
+ assert_button "unhide", :exact => true
+
+ click_on "unhide", :exact => true
+
+ assert_text "Wanted comment"
+ assert_button "hide", :exact => true
+ assert_no_button "unhide", :exact => true
+ end
+
+ sign_out
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_text "Wanted comment"
+ end
+ end
+
+ test "can subscribe" do
+ changeset = create(:changeset, :closed)
+ user = create(:user)
+ sign_in_as(user)
+ visit changeset_path(changeset)
+
+ within_sidebar do
+ assert_button "Subscribe"
+ assert_no_button "Unsubscribe"
+
+ click_on "Subscribe"
+
+ assert_no_button "Subscribe"
+ assert_button "Unsubscribe"
+ end
+ end
+
+ test "can't subscribe when blocked" do
+ changeset = create(:changeset, :closed)
+ user = create(:user)
+ sign_in_as(user)
+ visit changeset_path(changeset)
+ create(:user_block, :user => user)
+
+ within_sidebar do
+ assert_no_text "Your access to the API has been blocked"
+ assert_button "Subscribe"
+ assert_no_button "Unsubscribe"
+
+ click_on "Subscribe"
+
+ assert_text "Your access to the API has been blocked"
+ assert_button "Subscribe"
+ assert_no_button "Unsubscribe"
+ end
+ end
+end
projects / rails.git / commitdiff