e29c3d7932
This adds a needs_authorization flag before the main hash branch dispatch. When running non-frozen specs, if that flag is not cleared before a response is returned, an exception is raised. The flag can be cleared by: * Calling an authorization method * Calling no_authorization_needed to explicit indicate authorization is not needed To find incorrect usage of no_authorization_needed, it also raises if the request is already authorizated or does not require authorization. This support found the missing postgres read-replica authorization, and should prevent missing authorization in the future.
96 lines
2.6 KiB
Ruby
96 lines
2.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require_relative "spec_helper"
|
|
|
|
RSpec.describe Clover do
|
|
it "handles CSRF token errors" do
|
|
visit "/login"
|
|
find(".rodauth input[name=_csrf]", visible: false).set("")
|
|
click_button "Sign in"
|
|
|
|
expect(page.status_code).to eq(400)
|
|
expect(page).to have_flash_error("An invalid security token submitted with this request, please try again")
|
|
end
|
|
|
|
it "does not redirect to requested path if path is too long" do
|
|
create_account
|
|
visit("/a" * 2048)
|
|
expect(page.status_code).to eq(200)
|
|
expect(page).to have_current_path("/login", ignore_query: true)
|
|
fill_in "Email Address", with: TEST_USER_EMAIL
|
|
fill_in "Password", with: TEST_USER_PASSWORD
|
|
click_button "Sign in"
|
|
expect(page.title).to end_with("Dashboard")
|
|
end
|
|
|
|
if ENV["CLOVER_FREEZE"] != "1"
|
|
it "raises error if no_authorization_needed called when not needed or already authorized" do
|
|
create_account.create_project_with_default_policy("project-1")
|
|
login
|
|
|
|
visit "/test-no-authorization-needed/once"
|
|
expect(page.status_code).to eq(200)
|
|
|
|
expect { visit "/test-no-authorization-needed/twice" }.to raise_error(RuntimeError)
|
|
expect { visit "/test-no-authorization-needed/after-authorization" }.to raise_error(RuntimeError)
|
|
end
|
|
end
|
|
|
|
it "handles expected errors" do
|
|
expect(Clog).to receive(:emit).with("route exception").and_call_original
|
|
|
|
visit "/webhook/test-error"
|
|
|
|
expect(page.title).to eq("Ubicloud - UnexceptedError")
|
|
end
|
|
|
|
it "raises unexpected errors in test environment" do
|
|
expect(Clog).not_to receive(:emit)
|
|
|
|
expect { visit "/webhook/test-error?message=treat+as+unexpected+error" }.to raise_error(RuntimeError, "treat as unexpected error")
|
|
end
|
|
|
|
it "does not have broken links" do
|
|
create_account
|
|
login
|
|
|
|
visited = {"" => true}
|
|
failures = []
|
|
queue = Queue.new
|
|
queue.push([nil, "/"])
|
|
|
|
pop = lambda do
|
|
queue.pop(true)
|
|
rescue ThreadError
|
|
end
|
|
|
|
while (tuple = pop.call)
|
|
from, path = tuple
|
|
|
|
next if visited[path]
|
|
visited[path] = true
|
|
visit path
|
|
|
|
if page.status_code == 404
|
|
failures << [from, path]
|
|
end
|
|
|
|
if page.response_headers["content-type"].include?("text/html")
|
|
links = page.all("a").map do |a|
|
|
a["href"].sub(/#.*\z/, "")
|
|
end
|
|
|
|
links.reject! do |path|
|
|
path.empty? || path.start_with?(%r{https://|mailto:})
|
|
end
|
|
|
|
links.each do |path|
|
|
queue.push [page.current_path, path]
|
|
end
|
|
end
|
|
end
|
|
|
|
expect(failures).to be_empty
|
|
end
|
|
end
|