2019-12-17 10:08:15 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 14:09:03 -04:00
|
|
|
RSpec.describe SafeUrl do
|
2019-12-17 10:08:15 -05:00
|
|
|
describe '#safe_url' do
|
2019-12-24 04:07:44 -05:00
|
|
|
let(:safe_url_test_class) do
|
|
|
|
Class.new do
|
|
|
|
include SafeUrl
|
2019-12-17 10:08:15 -05:00
|
|
|
|
2019-12-24 04:07:44 -05:00
|
|
|
attr_reader :url
|
2019-12-17 10:08:15 -05:00
|
|
|
|
2019-12-24 04:07:44 -05:00
|
|
|
def initialize(url)
|
|
|
|
@url = url
|
|
|
|
end
|
2019-12-17 10:08:15 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-12-24 04:07:44 -05:00
|
|
|
let(:test_class) { safe_url_test_class.new(url) }
|
2019-12-17 10:08:15 -05:00
|
|
|
let(:url) { 'http://example.com' }
|
|
|
|
|
|
|
|
subject { test_class.safe_url }
|
|
|
|
|
|
|
|
it { is_expected.to eq(url) }
|
|
|
|
|
|
|
|
context 'when URL contains credentials' do
|
|
|
|
let(:url) { 'http://foo:bar@example.com' }
|
|
|
|
|
2021-03-22 08:09:02 -04:00
|
|
|
it 'masks username and password' do
|
|
|
|
is_expected.to eq('http://*****:*****@example.com')
|
|
|
|
end
|
2019-12-17 10:08:15 -05:00
|
|
|
|
2021-03-22 08:09:02 -04:00
|
|
|
context 'when username is allowed' do
|
|
|
|
subject { test_class.safe_url(allowed_usernames: usernames) }
|
2019-12-17 10:08:15 -05:00
|
|
|
|
2021-03-22 08:09:02 -04:00
|
|
|
let(:usernames) { %w[foo] }
|
2019-12-17 10:08:15 -05:00
|
|
|
|
2021-03-22 08:09:02 -04:00
|
|
|
it 'masks the password, but not the username' do
|
2019-12-17 10:08:15 -05:00
|
|
|
is_expected.to eq('http://foo:*****@example.com')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when URL is empty' do
|
|
|
|
let(:url) { nil }
|
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when URI raises an error' do
|
|
|
|
let(:url) { 123 }
|
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|