X-Git-Url: https://projects.mako.cc/source/selectricity-live/blobdiff_plain/b3d85db71fcbea2c22666804174b68e83563d8f6..cfe645440c51b66c088f19e84de650f026cf77f5:/test/functional/quickvote_controller_test.rb?ds=inline diff --git a/test/functional/quickvote_controller_test.rb b/test/functional/quickvote_controller_test.rb index 60ddb1b..65dfa2a 100644 --- a/test/functional/quickvote_controller_test.rb +++ b/test/functional/quickvote_controller_test.rb @@ -21,41 +21,55 @@ class QuickvoteControllerTest < Test::Unit::TestCase @response = ActionController::TestResponse.new end - # Replace this with your real tests. def test_index get :index assert_response 302 end def test_create_quickvote - post(:create, {'commit' =>"Create Quickvote", 'quickvote' =>{'name' =>"variable", 'description' =>"Favorite variable."}}, nil, {:candidate_names=>["foo", "bar", "foobar"]}) + post(:create, {'commit' =>"Create Quickvote", + 'quickvote' =>{'name' =>"variable", 'description' =>"Favorite variable."}}, + nil, {:candidate_names=>["foo", "bar", "foobar"]}) assert_template "quickvote/success" get :index, { 'ident' => "variable"} assert_response :success end - def test_create_dupe_quickvote - test_create_quickvote - assert_raise(Test::Unit::AssertionFailedError) do - test_create_quickvote - end - end + #def test_create_dupe_quickvote + # test_create_quickvote + # assert_raise(Test::Unit::AssertionFailedError) do + # test_create_quickvote + # end + #end def test_create_quickvote_badname - post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => ["foo", "bar", "foobar"]}) + post(:create, {'commit' => "Create Quickvote", + 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, + nil, {:candidate_names => ["foo", "bar", "foobar"]}) assert_template "quickvote/_create_sidebar" end def test_create_quickvote_dupe_candidate - post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => ["foo", "bar", "bar", "foobar"]}) + post(:create, {'commit' => "Create Quickvote", + 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, + nil, {:candidate_names => ["foo", "bar", "bar", "foobar"]}) assert_template "quickvote/_create_sidebar" end - + + # TODO these should be testing for something better than a non-method + # error! def test_create_quickvote_nil_candidate - post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => nil}) - assert_template "quickvote/_create_sidebar" - post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => []}) - assert_template "quickvote/_create_sidebar" + assert_raise(NoMethodError) do + post(:create, {'commit' => "Create Quickvote", + 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, + nil, {:candidate_names => nil}) + end + + assert_raise(NoMethodError) do + post(:create, {'commit' => "Create Quickvote", + 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, + nil, {:candidate_names => []}) + end end def test_get_quickvote_nonexistent @@ -87,7 +101,9 @@ class QuickvoteControllerTest < Test::Unit::TestCase 5.times do |time| get :index, { 'ident' => 'variable' }, { 'test_session_id' => (time+1)*50 } assert_response :success - post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} }, { 'test_session_id' => (time+1)*50 } + post :confirm, + { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} }, + { 'test_session_id' => (time+1)*50 } assert_template 'quickvote/thanks' end get :results, { 'ident' => 'variable' } @@ -115,24 +131,40 @@ class QuickvoteControllerTest < Test::Unit::TestCase post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} } assert_redirected_to :controller => 'quickvote', :ident => 'variable' end + def test_display_tainted_quickvote + # create quickvote with tainted data test_create_quickvote qv=QuickVote.ident_to_quickvote('variable') qv.description="foo" - qv.candidate_names = ["foo", "bar", ""] + qv.candidate_names = ["foo", "bar", "", + 'bar'] qv.save! + + # display the vote/index page and check for bad tags and the ability + # to make an image tag get :index, { 'ident' => 'variable' } assert_response :success assert_no_tag :tag => "object" assert_no_tag :tag => "foobar" + assert_tag :tag => "img", + :parent => { :tag => "li", :attributes => { :class => "moveable" } } + + # actually vote votes = QuickVote.ident_to_quickvote('variable').candidates.collect { |c| c.id} post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} } + + # check for bad/good tags assert_template('quickvote/thanks') assert_no_tag :tag => "object" assert_no_tag :tag => "foobar" + assert_tag :tag => "img", :parent => { :tag => "li" } + + # get the results page and check for good/bad tags get :results, { 'ident' => 'variable' } assert_response :success assert_no_tag :tag => "object" assert_no_tag :tag => "foobar" + assert_tag :tag => "img", :parent => { :tag => "li" } end end