dumplingmiku/ubicloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ubicloud/spec/routes/web/clover_web_spec.rb
Jeremy Evans fa17b98dba Avoid Roda::RodaPlugins::Sessions::CookieTooLarge for unauthenticated request to long path 
Clover uses Rodauth's login_return_to_requested_location? feature,
which store the path to redirect to after login in the session.
Unfortunately, for too long paths, this results in exceeding the
4K cookie size limit, which is an unhandled production exception.

I fixed this in Rodauth's master branch, by enforcing a limit for
the path size, so update to the current Rodauth master branch to
fix this issue.
2025-03-31 14:17:34 -07:00

82 lines
2 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
require_relative "spec_helper"
RSpec.describe Clover do
it "handles CSRF token errors" do
visit "/login"
find(".rodauth input[name=_csrf]", visible: false).set("")
click_button "Sign in"
expect(page.status_code).to eq(400)
expect(page).to have_flash_error("An invalid security token submitted with this request, please try again")
end
it "does not redirect to requested path if path is too long" do
create_account
visit("/a" * 2048)
expect(page.status_code).to eq(200)
expect(page).to have_current_path("/login", ignore_query: true)
fill_in "Email Address", with: TEST_USER_EMAIL
fill_in "Password", with: TEST_USER_PASSWORD
click_button "Sign in"
expect(page.title).to end_with("Dashboard")
end
it "handles expected errors" do
expect(Clog).to receive(:emit).with("route exception").and_call_original
visit "/webhook/test-error"
expect(page.title).to eq("Ubicloud - UnexceptedError")
end
it "raises unexpected errors in test environment" do
expect(Clog).not_to receive(:emit)
expect { visit "/webhook/test-error?message=treat+as+unexpected+error" }.to raise_error(RuntimeError, "treat as unexpected error")
end
it "does not have broken links" do
create_account
login
visited = {"" => true}
failures = []
queue = Queue.new
queue.push([nil, "/"])
pop = lambda do
queue.pop(true)
rescue ThreadError
end
while (tuple = pop.call)
from, path = tuple
next if visited[path]
visited[path] = true
visit path
if page.status_code == 404
failures << [from, path]
end
if page.response_headers["content-type"].include?("text/html")
links = page.all("a").map do |a|
a["href"].sub(/#.*\z/, "")
end
links.reject! do |path|
path.empty? || path.start_with?(%r{https://|mailto:})
end
links.each do |path|
queue.push [page.current_path, path]
end
end
end
expect(failures).to be_empty
end
end
Reference in a new issue View git blame Copy permalink