2020-01-01 13:55:28 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
RSpec.describe SafeUrl do
|
2020-01-01 13:55:28 +05:30
|
|
|
describe '#safe_url' do
|
2020-03-13 15:44:24 +05:30
|
|
|
let(:safe_url_test_class) do
|
|
|
|
Class.new do
|
|
|
|
include SafeUrl
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
attr_reader :url
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def initialize(url)
|
|
|
|
@url = url
|
|
|
|
end
|
2020-01-01 13:55:28 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
let(:test_class) { safe_url_test_class.new(url) }
|
2020-01-01 13:55:28 +05:30
|
|
|
let(:url) { 'http://example.com' }
|
|
|
|
|
|
|
|
subject { test_class.safe_url }
|
|
|
|
|
|
|
|
it { is_expected.to eq(url) }
|
|
|
|
|
|
|
|
context 'when URL contains credentials' do
|
|
|
|
let(:url) { 'http://foo:bar@example.com' }
|
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
it 'masks username and password' do
|
|
|
|
is_expected.to eq('http://*****:*****@example.com')
|
|
|
|
end
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
context 'when username is allowed' do
|
|
|
|
subject { test_class.safe_url(allowed_usernames: usernames) }
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
let(:usernames) { %w[foo] }
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
it 'masks the password, but not the username' do
|
2020-01-01 13:55:28 +05:30
|
|
|
is_expected.to eq('http://foo:*****@example.com')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when URL is empty' do
|
|
|
|
let(:url) { nil }
|
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when URI raises an error' do
|
|
|
|
let(:url) { 123 }
|
|
|
|
|
|
|
|
it { is_expected.to be_nil }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|