Merge pull request #2 from publiclab/master

sync

app/assets/stylesheets/location.css

@@ -20,6 +20,9 @@
   margin: 0;
 }
 
+#blurred-location-modal .modal-content {
+  margin-top: 0;
+}
 #blurred-location-modal .small-description {
   font-size: 0.9rem;
   color: #808080;

app/controllers/admin_controller.rb

@@ -274,7 +274,6 @@ def moderate
     user = User.find params[:id]
     if logged_in_as(['admin', 'moderator'])
       user.moderate
-      flash[:notice] = 'The user has been moderated.'
     else
       flash[:error] = 'Only moderators can moderate other users.'
     end

app/models/comment.rb

@@ -473,7 +473,14 @@ def render_body
     if !trimmed_content? && parsed.present?
       body = parsed[:body] + COMMENT_FILTER + parsed[:boundary] + parsed[:quote]
     end
-    body
+
+    allowed_tags = %w(a acronym b strong i em li ul ol h1 h2 h3 h4 h5 h6 blockquote br cite sub sup ins p iframe del hr img input code table thead tbody tr th td span dl dt dd div)
+
+    # Sanitize the HTML (remove malicious attributes, unallowed tags...)
+    sanitized_body = ActionController::Base.helpers.sanitize(body, tags: allowed_tags)
+
+    # Properly parse HTML (close incomplete tags...)
+    Nokogiri::HTML::DocumentFragment.parse(sanitized_body).to_html
   end
 
   def self.find_by_tag_and_author(tagname, userid)

app/models/tag.rb

@@ -7,16 +7,6 @@ class Tag < ApplicationRecord
   has_many :node_tag, foreign_key: 'tid'
 
   # we're not really using the filter_by_type stuff here:
-  has_many :node, through: :drupal_node_tag do
-    def filter_by_type(type, limit = 10)
-      where(status: 1, type: type)
-        .limit(limit)
-        .order('created DESC')
-    end
-  end
-
-  # the following probably never gets used; tag.node will use the above definition.
-  # also, we're not really using the filter_by_type stuff here:
   has_many :node, through: :node_tag do
     def filter_by_type(type, limit = 10)
       where(status: 1, type: type)

app/views/sidebar/_dashboard.html.erb

@@ -16,8 +16,17 @@
       </div>
     </div>
   </div>
+
+<% if current_user %>
+  <div style="margin: 2.2rem 0;">
+    <a class="btn btn-lg btn-outline-secondary blurred-location-input" submit_to="/profile/tags/create/<%= current_user.uid %>"><i class="fa fa-map-marker" style="color:#c40;"></i> Add your location</a>
+    <p style="font-size: smaller; margin: 0.3rem 0;">
+      Add your location to see work near you<br>
+      <a href="https://publiclab.org/location-privacy" target="_blank">About location privacy »</a>
+    </p>
+  </div>
+<% end %>
 
-<br><br>
 <ul class="nav nav-tabs">
   <li class="nav-item" style="width:49%;">
     <a class="nav-link active lists-tab" href="#ask-question" data-toggle="tab">

app/views/tag/show.html.erb

@@ -25,7 +25,7 @@
       <div class="tag-buttons">
         <div class="btn-group" role="group">
           <% if current_user && current_user.following(params[:id]) %>
-            <a rel="tooltip" title="<%= t('sidebar._post_button.share_your_work') %>" data-placement="bottom" href="/post?tags=<%= params[:id] %>" class="btn btn-primary requireLogin">New post <i class="fa fa-plus fa-white"></i></a>
+            <a rel="tooltip" title="<%= t('sidebar._post_button.share_your_work') %>" data-placement="bottom" href="/post?tags=<%= @title %>" class="btn btn-primary requireLogin">New post <i class="fa fa-plus fa-white"></i></a>
           <% else %>
             <a class="btn btn-primary requireLogin" target="_blank" href="/subscribe/tag/<%= params[:id] %>"> Follow</a>
               <% if @related_tags %>

test/application_system_test_case.rb

@@ -6,7 +6,7 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   driven_by :selenium, using: :chrome, screen_size: [1400, 1400], options: { desired_capabilities: caps }
 
   # https://web.archive.org/web/20170730200309/http://blog.paulrugelhiatt.com/rails/testing/capybara/dropzonejs/2014/12/29/test-dropzonejs-file-uploads-with-capybara.html
-  def drop_in_dropzone(file_path)
+  def drop_in_dropzone(file_path, dropzoneSelector)
     # Generate a fake input element
     page.execute_script <<-JS
       fakeFileInput = window.$('<input/>').attr(
@@ -29,7 +29,7 @@ def drop_in_dropzone(file_path)
         value: new FakeDataTransferObject(fileToDrop)
       });
 
-      var dropzoneArea = document.querySelector('.dropzone');
+      var dropzoneArea = document.querySelector('#{dropzoneSelector}');
       // Transfer the image to the dropzone area
       dropzoneArea.files = dataTransfer.files;
       // Emit the fake "drop" event

test/editor_test.rb

@@ -0,0 +1,81 @@
+require "application_system_test_case"
+
+class EditorTest < ApplicationSystemTestCase
+
+  def setup
+    visit '/'
+
+    click_on 'Login'
+
+    fill_in("username-login", with: "palpatine")
+    fill_in("password-signup", with: "secretive")
+    click_on "Log in"
+  end
+
+  test "check that rich wiki editor functions correctly" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Try the beta inline Rich Wiki editor.'").click()
+    first("div.inline-section").hover()
+
+    # click edit btn
+    using_wait_time(2) { first("a.inline-edit-btn").click() }
+
+    find("div.wk-wysiwyg").set("wiki text")
+
+    click_on "Save"
+    page.assert_selector("p", text: "wiki text")
+  end
+
+  test "check that markdown wiki editor functions correctly" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Edit this wiki page.'").click()
+
+    find("#text-input").set("wiki text")
+    find("a#publish").click()
+
+    page.assert_selector("p", text: "wiki text")
+  end
+
+  test "check rich editor features are functional" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Try the beta inline Rich Wiki editor.'").click()
+    first("div.inline-section").hover()
+
+    using_wait_time(2) { first("a.inline-edit-btn").click() }
+
+    # test the following features
+    ["bold", "italic", "code", "heading"].each do |element|
+      # clicking on the button generates the element with dummy text
+      find("button.woofmark-command-#{element}").click()
+      # these keys are called to deselect the previous elements
+      find("div.wk-wysiwyg").native.send_key(:arrow_left, :enter)
+    end
+
+    click_on "Save"
+
+    # assert that the features have worked and that the correct wiki elements are displayed
+    page.assert_selector("strong", text: "strong text")
+    page.assert_selector("h1", text: "Heading Text")
+    page.assert_selector("em", text: "emphasized text")
+    page.assert_selector("code", text: "code goes here")
+  end
+
+  test "check markdown editor features are functional" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Edit this wiki page.']").click()
+
+    # test the following features
+    ["**strong text**", "_emphasized text_", "`code goes here`", "# Heading Text"].each do |element|
+      find("#text-input").native.send_keys(element)
+      find("#text-input").native.send_keys(:enter)
+    end
+
+    find("a#publish").click()
+
+    # assert that the features have worked and that the correct wiki elements are displayed
+    page.assert_selector("strong", text: "strong text")
+    page.assert_selector("h1", text: "Heading Text")
+    page.assert_selector("em", text: "emphasized text")
+    page.assert_selector("code", text: "code goes here")
+  end
+end

test/functional/notes_controller_test.rb

@@ -677,7 +677,7 @@ def teardown
     assert (notes & expected).present?
     assert !(notes & questions).present?
   end
-  
+
     test 'first note in /liked endpoint should be highest liked' do
     get :liked
     notes = assigns(:notes)
@@ -696,15 +696,15 @@ def teardown
     actual = notes.first
     assert expected == actual.created
   end
-     
+
   test 'first three posts in /liked should be sorted by likes' do
     get :liked
     # gets first notes
     notes = assigns(:notes)[0...3]
      # sort_by is from lowest to highest so it needs to be reversed
     assert notes.sort_by { |note| note.cached_likes }.reverse ==  notes
   end
-   
+
   test 'should choose I18n for notes controller' do
     available_testing_locales.each do |lang|
       old_controller = @controller

test/integration/moderate_and_ban_test.rb

@@ -114,7 +114,7 @@ class ModerateAndBanTest < ActionDispatch::IntegrationTest
 
     assert_response :redirect
     follow_redirect!
-    assert_equal flash[:notice], 'The user has been moderated.'
+    assert_equal I18n.t('users_controller.user_has_been_moderated'), flash[:warning]
     u = User.find(u.id)
     assert_equal 5, u.status
 

test/integration/signup_flow_test.rb

@@ -80,6 +80,26 @@ def setup
     assert response.body.include? 'errors prohibited this user from being saved'
     assert response.body.include? 'Email should look like an email address.'
   end
+
+  test 'spamaway text area not blank error message' do
+    post '/register', params: {
+      user: {
+         username: "newuser",
+         email: @new_user[:email],
+         password: @new_user[:password],
+         password_confirmation: @new_user[:password]
+      },
+      spamaway: {
+        statement1: @spamaway[:statement1],
+        statement2: @spamaway[:statement2],
+        statement3: @spamaway[:statement3],
+        statement4: @spamaway[:statement4],
+        follow_instructions: "Not_Blank"
+       }
+     } 
+    assert response.body.include? '1 error prohibited this user from being saved'
+    assert response.body.include? 'Spam detection Please read the instructions in the last box carefully.'
+  end
 
   private
 

test/system/comment_test.rb

@@ -110,7 +110,7 @@ def setup
     reply_preview_button = page.all('#post_comment')[0]
 
     # Upload the image
-    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png")
+    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png", ".dropzone")
 
     # Wait for image upload to finish
     wait_for_ajax

test/system/post_test.rb

@@ -5,42 +5,35 @@ class PostTest < ApplicationSystemTestCase
   include ActiveJob::TestHelper
   Capybara.default_max_wait_time = 60
 
-  test 'posting from the editor' do
+  def setup
     visit '/'
 
-    click_on 'Login'
-    fill_in("username-login", with: "Bob")
+    find(".nav-link.loginToggle").click()
+    fill_in("username-login", with: "jeff")
     fill_in("password-signup", with: "secretive")
-    click_on "Log in"
 
+    find(".login-modal-form #login-button").click()
+  end
+
+  test 'posting from the editor' do
     visit '/post'
 
     fill_in("title-input", with: "My new post")
 
     el = find(".wk-wysiwyg") # rich text input
     el.set("All about this interesting stuff")
 
-    assert_page_reloads do
 
-      find('.ple-publish').click
-      assert_selector('h1', text: "My new post")
-      assert_selector('#content', text: "All about this interesting stuff")
-      assert_selector('.alert-success', text: "×\nSuccess! Thank you for contributing open research, and thanks for your patience while your post is approved by community moderators and we'll email you when it is published. In the meantime, if you have more to contribute, feel free to do so.")
-
-    end
+    find('.ple-publish').click()
 
+    assert_selector('h1', text: "My new post")
+    assert_selector('#content', text: "All about this interesting stuff")
+    assert_selector('.alert-success', text: "×\nResearch note published. Get the word out on the discussion lists!")
   end
 
   test 'adding tags to the post' do
     visit '/wiki/wiki-page-path/comments'
 
-    find('a[data-target="#loginModal"]', text: 'Login').click()
-
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-
-    find(".login-modal-form #login-button").click()
-
     find('a#tags-open').click()
 
     find('.tag-input').set('nature').native.send_keys(:return)
@@ -53,13 +46,6 @@ class PostTest < ApplicationSystemTestCase
   test 'removing tags from the post' do
     visit '/wiki/wiki-page-path/comments'
 
-    find('a[data-target="#loginModal"]', text: 'Login').click()
-
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-
-    find(".login-modal-form #login-button").click()
-
     find('a#tags-open').click()
 
     find('.tag-input').set('nature').native.send_keys(:return)
@@ -75,13 +61,6 @@ class PostTest < ApplicationSystemTestCase
   test 'like button on the post' do
     visit '/wiki/wiki-page-path/comments'
 
-    find('a[data-target="#loginModal"]', text: 'Login').click()
-
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-
-    click_on 'Log in'
-
     like_button = find('.btn-like').click();
 
     # Make sure that star is toggled
@@ -109,11 +88,7 @@ def assert_page_does_not_reload(message = "page should not reload")
 
   test "edit wiki" do
     visit '/wiki/wiki-page-path/'
-    click_on "Login"
 
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-    click_on "Log in"
     find('a.btn-circle:first-of-type .fa-pencil').click()
     fill_in("body", with: "Test for editing wikis!")
 
@@ -131,13 +106,8 @@ def assert_page_does_not_reload(message = "page should not reload")
     Capybara.ignore_hidden_elements = false
     visit '/wiki/new'
 
-    find('.login-page-form #username-login').set('jeff')
-    find('.login-page-form #password-signup').set('secretive')
-
-    find('.login-page-form #login-button').click()
-
     # Upload the image
-    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png")
+    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png", ".dropzone")
 
     # Wait for image upload to finish
     wait_for_ajax