diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb index e822d7eb348..6ee91576676 100644 --- a/spec/mailers/notify_spec.rb +++ b/spec/mailers/notify_spec.rb @@ -63,7 +63,7 @@ describe Notify do end it 'contains a link to note author' do - is_expected.to have_body_text issue.author_name + is_expected.to have_html_escaped_body_text issue.author_name is_expected.to have_body_text 'wrote:' end end @@ -75,7 +75,7 @@ describe Notify do it_behaves_like 'it should show Gmail Actions View Issue link' it 'contains the description' do - is_expected.to have_body_text issue_with_description.description + is_expected.to have_html_escaped_body_text issue_with_description.description end end @@ -100,11 +100,11 @@ describe Notify do end it 'contains the name of the previous assignee' do - is_expected.to have_body_text previous_assignee.name + is_expected.to have_html_escaped_body_text previous_assignee.name end it 'contains the name of the new assignee' do - is_expected.to have_body_text assignee.name + is_expected.to have_html_escaped_body_text assignee.name end it 'contains a link to the issue' do @@ -167,7 +167,7 @@ describe Notify do end it 'contains the user name' do - is_expected.to have_body_text current_user.name + is_expected.to have_html_escaped_body_text current_user.name end it 'contains a link to the issue' do @@ -242,7 +242,7 @@ describe Notify do end it 'contains a link to note author' do - is_expected.to have_body_text merge_request.author_name + is_expected.to have_html_escaped_body_text merge_request.author_name is_expected.to have_body_text 'wrote:' end end @@ -255,7 +255,7 @@ describe Notify do it_behaves_like "an unsubscribeable thread" it 'contains the description' do - is_expected.to have_body_text merge_request_with_description.description + is_expected.to have_html_escaped_body_text merge_request_with_description.description end end @@ -280,11 +280,11 @@ describe Notify do end it 'contains the name of the previous assignee' do - is_expected.to have_body_text previous_assignee.name + is_expected.to have_html_escaped_body_text previous_assignee.name end it 'contains the name of the new assignee' do - is_expected.to have_body_text assignee.name + is_expected.to have_html_escaped_body_text assignee.name end it 'contains a link to the merge request' do @@ -347,7 +347,7 @@ describe Notify do end it 'contains the user name' do - is_expected.to have_body_text current_user.name + is_expected.to have_html_escaped_body_text current_user.name end it 'contains a link to the merge request' do @@ -400,7 +400,7 @@ describe Notify do end it 'contains name of project' do - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace end it 'contains new user role' do @@ -433,7 +433,7 @@ describe Notify do expect(to_emails[0].address).to eq(project.members.owners_and_masters.first.user.notification_email) is_expected.to have_subject "Request to join the #{project.name_with_namespace} project" - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text namespace_project_project_members_url(project.namespace, project) is_expected.to have_body_text project_member.human_access end @@ -460,7 +460,7 @@ describe Notify do expect(to_emails[0].address).to eq(group.members.owners_and_masters.first.user.notification_email) is_expected.to have_subject "Request to join the #{project.name_with_namespace} project" - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text namespace_project_project_members_url(project.namespace, project) is_expected.to have_body_text project_member.human_access end @@ -482,13 +482,14 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Access to the #{project.name_with_namespace} project was denied" - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text project.web_url end end describe 'project access changed' do - let(:project) { create(:empty_project, :public, :access_requestable) } + let(:owner) { create(:user, name: "Chang O'Keefe") } + let(:project) { create(:empty_project, :public, :access_requestable, namespace: owner.namespace) } let(:user) { create(:user) } let(:project_member) { create(:project_member, project: project, user: user) } subject { Notify.member_access_granted_email('project', project_member.id) } @@ -499,7 +500,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Access to the #{project.name_with_namespace} project was granted" - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text project.web_url is_expected.to have_body_text project_member.human_access end @@ -530,7 +531,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Invitation to join the #{project.name_with_namespace} project" - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text project.web_url is_expected.to have_body_text project_member.human_access is_expected.to have_body_text project_member.invite_token @@ -555,10 +556,10 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject 'Invitation accepted' - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text project.web_url is_expected.to have_body_text project_member.invite_email - is_expected.to have_body_text invited_user.name + is_expected.to have_html_escaped_body_text invited_user.name end end @@ -579,7 +580,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject 'Invitation declined' - is_expected.to have_body_text project.name_with_namespace + is_expected.to have_html_escaped_body_text project.name_with_namespace is_expected.to have_body_text project.web_url is_expected.to have_body_text project_member.invite_email end @@ -607,7 +608,7 @@ describe Notify do end it 'contains the message from the note' do - is_expected.to have_body_text note.note + is_expected.to have_html_escaped_body_text note.note end it 'does not contain note author' do @@ -620,7 +621,7 @@ describe Notify do end it 'contains a link to note author' do - is_expected.to have_body_text note.author_name + is_expected.to have_html_escaped_body_text note.author_name is_expected.to have_body_text 'wrote:' end end @@ -727,7 +728,7 @@ describe Notify do end it 'contains the message from the note' do - is_expected.to have_body_text note.note + is_expected.to have_html_escaped_body_text note.note end it 'does not contain note author' do @@ -740,7 +741,7 @@ describe Notify do end it 'contains a link to note author' do - is_expected.to have_body_text note.author_name + is_expected.to have_html_escaped_body_text note.author_name is_expected.to have_body_text 'wrote:' end end @@ -786,7 +787,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Request to join the #{group.name} group" - is_expected.to have_body_text group.name + is_expected.to have_html_escaped_body_text group.name is_expected.to have_body_text group_group_members_url(group) is_expected.to have_body_text group_member.human_access end @@ -807,7 +808,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Access to the #{group.name} group was denied" - is_expected.to have_body_text group.name + is_expected.to have_html_escaped_body_text group.name is_expected.to have_body_text group.web_url end end @@ -825,7 +826,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Access to the #{group.name} group was granted" - is_expected.to have_body_text group.name + is_expected.to have_html_escaped_body_text group.name is_expected.to have_body_text group.web_url is_expected.to have_body_text group_member.human_access end @@ -856,7 +857,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject "Invitation to join the #{group.name} group" - is_expected.to have_body_text group.name + is_expected.to have_html_escaped_body_text group.name is_expected.to have_body_text group.web_url is_expected.to have_body_text group_member.human_access is_expected.to have_body_text group_member.invite_token @@ -881,10 +882,10 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject 'Invitation accepted' - is_expected.to have_body_text group.name + is_expected.to have_html_escaped_body_text group.name is_expected.to have_body_text group.web_url is_expected.to have_body_text group_member.invite_email - is_expected.to have_body_text invited_user.name + is_expected.to have_html_escaped_body_text invited_user.name end end @@ -905,7 +906,7 @@ describe Notify do it 'contains all the useful information' do is_expected.to have_subject 'Invitation declined' - is_expected.to have_body_text group.name + is_expected.to have_html_escaped_body_text group.name is_expected.to have_body_text group.web_url is_expected.to have_body_text group_member.invite_email end diff --git a/spec/support/matchers/email_matchers.rb b/spec/support/matchers/email_matchers.rb new file mode 100644 index 00000000000..d9d59ec12ec --- /dev/null +++ b/spec/support/matchers/email_matchers.rb @@ -0,0 +1,5 @@ +RSpec::Matchers.define :have_html_escaped_body_text do |expected| + match do |actual| + expect(actual).to have_body_text(ERB::Util.html_escape(expected)) + end +end