2019-07-25 01:21:37 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-06-21 07:35:09 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 05:08:32 -04:00
|
|
|
RSpec.describe Banzai::ReferenceRedactor do
|
2017-12-11 09:21:06 -05:00
|
|
|
let(:user) { create(:user) }
|
2017-08-02 15:55:11 -04:00
|
|
|
let(:project) { build(:project) }
|
2018-04-03 09:45:17 -04:00
|
|
|
let(:redactor) { described_class.new(Banzai::RenderContext.new(project, user)) }
|
2016-06-21 07:35:09 -04:00
|
|
|
|
|
|
|
describe '#redact' do
|
2016-09-30 05:03:16 -04:00
|
|
|
context 'when reference not visible to user' do
|
|
|
|
before do
|
|
|
|
expect(redactor).to receive(:nodes_visible_to_user).and_return([])
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'redacts an array of documents' do
|
2017-06-21 09:48:12 -04:00
|
|
|
doc1 = Nokogiri::HTML
|
2019-05-03 09:09:20 -04:00
|
|
|
.fragment('<a class="gfm" href="https://www.gitlab.com" data-reference-type="issue">foo</a>')
|
2016-09-30 05:03:16 -04:00
|
|
|
|
2017-06-21 09:48:12 -04:00
|
|
|
doc2 = Nokogiri::HTML
|
2019-05-03 09:09:20 -04:00
|
|
|
.fragment('<a class="gfm" href="https://www.gitlab.com" data-reference-type="issue">bar</a>')
|
2016-09-30 05:03:16 -04:00
|
|
|
|
|
|
|
redacted_data = redactor.redact([doc1, doc2])
|
|
|
|
|
|
|
|
expect(redacted_data.map { |data| data[:document] }).to eq([doc1, doc2])
|
|
|
|
expect(redacted_data.map { |data| data[:visible_reference_count] }).to eq([0, 0])
|
|
|
|
expect(doc1.to_html).to eq('foo')
|
|
|
|
expect(doc2.to_html).to eq('bar')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'replaces redacted reference with inner HTML' do
|
2019-05-03 09:09:20 -04:00
|
|
|
doc = Nokogiri::HTML.fragment("<a class='gfm' href='https://www.gitlab.com' data-reference-type='issue'>foo</a>")
|
2016-09-30 05:03:16 -04:00
|
|
|
redactor.redact([doc])
|
|
|
|
expect(doc.to_html).to eq('foo')
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when data-original attribute provided' do
|
2022-03-31 17:08:16 -04:00
|
|
|
let(:original_content) { '<script>alert(1);</script>' }
|
2019-12-12 07:07:33 -05:00
|
|
|
|
2016-09-30 05:03:16 -04:00
|
|
|
it 'replaces redacted reference with original content' do
|
2019-05-03 09:09:20 -04:00
|
|
|
doc = Nokogiri::HTML.fragment("<a class='gfm' href='https://www.gitlab.com' data-reference-type='issue' data-original='#{original_content}'>bar</a>")
|
2016-09-30 05:03:16 -04:00
|
|
|
redactor.redact([doc])
|
|
|
|
expect(doc.to_html).to eq(original_content)
|
|
|
|
end
|
2018-02-26 10:28:49 -05:00
|
|
|
|
2019-05-03 09:09:20 -04:00
|
|
|
it 'does not replace redacted reference with original content if href is given' do
|
|
|
|
html = "<a href='https://www.gitlab.com' data-link-reference='true' class='gfm' data-reference-type='issue' data-reference-type='issue' data-original='Marge'>Marge</a>"
|
|
|
|
doc = Nokogiri::HTML.fragment(html)
|
|
|
|
redactor.redact([doc])
|
|
|
|
expect(doc.to_html).to eq('<a href="https://www.gitlab.com">Marge</a>')
|
|
|
|
end
|
2018-02-26 10:28:49 -05:00
|
|
|
|
2019-05-03 09:09:20 -04:00
|
|
|
it 'uses the original content as the link content if given' do
|
|
|
|
html = "<a href='https://www.gitlab.com' data-link-reference='true' class='gfm' data-reference-type='issue' data-reference-type='issue' data-original='Homer'>Marge</a>"
|
|
|
|
doc = Nokogiri::HTML.fragment(html)
|
|
|
|
redactor.redact([doc])
|
|
|
|
expect(doc.to_html).to eq('<a href="https://www.gitlab.com">Homer</a>')
|
|
|
|
end
|
2018-02-26 10:28:49 -05:00
|
|
|
end
|
2016-06-21 07:35:09 -04:00
|
|
|
end
|
2016-07-04 01:31:43 -04:00
|
|
|
|
2017-04-21 02:45:09 -04:00
|
|
|
context 'when project is in pending delete' do
|
2017-04-21 04:02:03 -04:00
|
|
|
let!(:issue) { create(:issue, project: project) }
|
2018-04-03 09:45:17 -04:00
|
|
|
let(:redactor) { described_class.new(Banzai::RenderContext.new(project, user)) }
|
2017-04-21 04:02:03 -04:00
|
|
|
|
|
|
|
before do
|
2021-04-01 17:09:22 -04:00
|
|
|
project.update!(pending_delete: true)
|
2017-04-21 04:02:03 -04:00
|
|
|
end
|
|
|
|
|
2017-04-21 02:45:09 -04:00
|
|
|
it 'redacts an issue attached' do
|
2019-05-03 09:09:20 -04:00
|
|
|
doc = Nokogiri::HTML.fragment("<a class='gfm' href='https://www.gitlab.com' data-reference-type='issue' data-issue='#{issue.id}'>foo</a>")
|
2017-04-21 04:02:03 -04:00
|
|
|
|
|
|
|
redactor.redact([doc])
|
|
|
|
|
|
|
|
expect(doc.to_html).to eq('foo')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'redacts an external issue' do
|
2019-05-03 09:09:20 -04:00
|
|
|
doc = Nokogiri::HTML.fragment("<a class='gfm' href='https://www.gitlab.com' data-reference-type='issue' data-external-issue='#{issue.id}' data-project='#{project.id}'>foo</a>")
|
2017-04-21 04:02:03 -04:00
|
|
|
|
2017-04-21 02:45:09 -04:00
|
|
|
redactor.redact([doc])
|
|
|
|
|
|
|
|
expect(doc.to_html).to eq('foo')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-09-30 05:03:16 -04:00
|
|
|
context 'when reference visible to user' do
|
|
|
|
it 'does not redact an array of documents' do
|
|
|
|
doc1_html = '<a class="gfm" data-reference-type="issue">foo</a>'
|
|
|
|
doc1 = Nokogiri::HTML.fragment(doc1_html)
|
2016-07-04 01:31:43 -04:00
|
|
|
|
2016-09-30 05:03:16 -04:00
|
|
|
doc2_html = '<a class="gfm" data-reference-type="issue">bar</a>'
|
|
|
|
doc2 = Nokogiri::HTML.fragment(doc2_html)
|
2016-07-04 01:31:43 -04:00
|
|
|
|
2016-09-30 05:03:16 -04:00
|
|
|
nodes = redactor.document_nodes([doc1, doc2]).map { |x| x[:nodes] }
|
|
|
|
expect(redactor).to receive(:nodes_visible_to_user).and_return(nodes.flatten)
|
2016-07-04 01:31:43 -04:00
|
|
|
|
2016-09-30 05:03:16 -04:00
|
|
|
redacted_data = redactor.redact([doc1, doc2])
|
2016-07-04 01:31:43 -04:00
|
|
|
|
2016-09-30 05:03:16 -04:00
|
|
|
expect(redacted_data.map { |data| data[:document] }).to eq([doc1, doc2])
|
|
|
|
expect(redacted_data.map { |data| data[:visible_reference_count] }).to eq([1, 1])
|
|
|
|
expect(doc1.to_html).to eq(doc1_html)
|
|
|
|
expect(doc2.to_html).to eq(doc2_html)
|
|
|
|
end
|
2016-07-04 01:31:43 -04:00
|
|
|
end
|
2016-06-21 07:35:09 -04:00
|
|
|
end
|
|
|
|
|
2018-02-21 06:50:13 -05:00
|
|
|
context 'when the user cannot read cross project' do
|
|
|
|
let(:project) { create(:project) }
|
|
|
|
let(:other_project) { create(:project, :public) }
|
|
|
|
|
|
|
|
def create_link(issuable)
|
|
|
|
type = issuable.class.name.underscore.downcase
|
2022-03-07 19:15:27 -05:00
|
|
|
ActionController::Base.helpers.link_to(issuable.to_reference, '',
|
2018-02-21 06:50:13 -05:00
|
|
|
class: 'gfm has-tooltip',
|
|
|
|
title: issuable.title,
|
|
|
|
data: {
|
|
|
|
reference_type: type,
|
|
|
|
"#{type}": issuable.id
|
|
|
|
})
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
project.add_developer(user)
|
|
|
|
|
|
|
|
allow(Ability).to receive(:allowed?).and_call_original
|
|
|
|
allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global) { false }
|
|
|
|
allow(Ability).to receive(:allowed?).with(user, :read_cross_project) { false }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'skips links to issues within the same project' do
|
|
|
|
issue = create(:issue, project: project)
|
|
|
|
link = create_link(issue)
|
|
|
|
doc = Nokogiri::HTML.fragment(link)
|
|
|
|
|
|
|
|
redactor.redact([doc])
|
|
|
|
result = doc.css('a').last
|
|
|
|
|
|
|
|
expect(result['class']).to include('has-tooltip')
|
|
|
|
expect(result['title']).to eq(issue.title)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'removes info from a cross project reference' do
|
|
|
|
issue = create(:issue, project: other_project)
|
|
|
|
link = create_link(issue)
|
|
|
|
doc = Nokogiri::HTML.fragment(link)
|
|
|
|
|
|
|
|
redactor.redact([doc])
|
|
|
|
result = doc.css('a').last
|
|
|
|
|
|
|
|
expect(result['class']).not_to include('has-tooltip')
|
|
|
|
expect(result['title']).to be_empty
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-06-21 07:35:09 -04:00
|
|
|
describe '#redact_nodes' do
|
|
|
|
it 'redacts an Array of nodes' do
|
|
|
|
doc = Nokogiri::HTML.fragment('<a href="foo">foo</a>')
|
|
|
|
node = doc.children[0]
|
|
|
|
|
2017-06-21 09:48:12 -04:00
|
|
|
expect(redactor).to receive(:nodes_visible_to_user)
|
|
|
|
.with([node])
|
|
|
|
.and_return(Set.new)
|
2016-06-21 07:35:09 -04:00
|
|
|
|
2016-07-04 01:31:43 -04:00
|
|
|
redactor.redact_document_nodes([{ document: doc, nodes: [node] }])
|
2016-06-21 07:35:09 -04:00
|
|
|
|
|
|
|
expect(doc.to_html).to eq('foo')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#nodes_visible_to_user' do
|
|
|
|
it 'returns a Set containing the visible nodes' do
|
|
|
|
doc = Nokogiri::HTML.fragment('<a data-reference-type="issue"></a>')
|
|
|
|
node = doc.children[0]
|
|
|
|
|
2019-11-20 01:06:16 -05:00
|
|
|
expect_next_instance_of(Banzai::ReferenceParser::IssueParser) do |instance|
|
|
|
|
expect(instance).to receive(:nodes_visible_to_user)
|
|
|
|
.with(user, [node])
|
|
|
|
.and_return([node])
|
|
|
|
end
|
2016-06-21 07:35:09 -04:00
|
|
|
|
|
|
|
expect(redactor.nodes_visible_to_user([node])).to eq(Set.new([node]))
|
|
|
|
end
|
2020-10-16 14:09:04 -04:00
|
|
|
|
|
|
|
it 'handles invalid references gracefully' do
|
|
|
|
doc = Nokogiri::HTML.fragment('<a data-reference-type="some_invalid_type"></a>')
|
|
|
|
node = doc.children[0]
|
|
|
|
|
|
|
|
expect(redactor.nodes_visible_to_user([node])).to be_empty
|
|
|
|
end
|
2016-06-21 07:35:09 -04:00
|
|
|
end
|
|
|
|
end
|