From 98b8f924d705bb305d2f8a1774f3cbdc35a6a851 Mon Sep 17 00:00:00 2001
From: Simona Stefan <simonastefan@users.noreply.github.com>
Date: Fri, 17 Jan 2020 17:49:35 +0200
Subject: [PATCH 01/10] Remove double tag node association causing warnings
 (#6268)

---
 app/models/tag.rb | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/app/models/tag.rb b/app/models/tag.rb
index 634c88f215..a291dece45 100644
--- a/app/models/tag.rb
+++ b/app/models/tag.rb
@@ -7,16 +7,6 @@ class Tag < ApplicationRecord
   has_many :node_tag, foreign_key: 'tid'
 
   # we're not really using the filter_by_type stuff here:
-  has_many :node, through: :drupal_node_tag do
-    def filter_by_type(type, limit = 10)
-      where(status: 1, type: type)
-        .limit(limit)
-        .order('created DESC')
-    end
-  end
-
-  # the following probably never gets used; tag.node will use the above definition.
-  # also, we're not really using the filter_by_type stuff here:
   has_many :node, through: :node_tag do
     def filter_by_type(type, limit = 10)
       where(status: 1, type: type)

From 1bd9aac3f4f2015170bc04e1151138cbe846dfef Mon Sep 17 00:00:00 2001
From: Vladimir Mikulic <35997844+VladimirMikulic@users.noreply.github.com>
Date: Fri, 17 Jan 2020 10:50:12 -0500
Subject: [PATCH 02/10] REFACTOR: post_test.rb [Travis optimization] (#7275)

The most important improvement is the removal of assert_page_reloads statement.
This block of code never executed and just delayed Travis for ~1min every build.

The second improvement is the addition of the "setup" function.
Instead of writing login logic in every test, now before every test the
"setup" function will run and log in the user.

Part of #7272
---
 test/system/post_test.rb | 52 +++++++++-------------------------------
 1 file changed, 11 insertions(+), 41 deletions(-)

diff --git a/test/system/post_test.rb b/test/system/post_test.rb
index 1b1bd0914b..3a8ff11a62 100644
--- a/test/system/post_test.rb
+++ b/test/system/post_test.rb
@@ -5,14 +5,17 @@ class PostTest < ApplicationSystemTestCase
   include ActiveJob::TestHelper
   Capybara.default_max_wait_time = 60
 
-  test 'posting from the editor' do
+  def setup
     visit '/'
 
-    click_on 'Login'
-    fill_in("username-login", with: "Bob")
+    find(".nav-link.loginToggle").click()
+    fill_in("username-login", with: "jeff")
     fill_in("password-signup", with: "secretive")
-    click_on "Log in"
 
+    find(".login-modal-form #login-button").click()
+  end
+
+  test 'posting from the editor' do
     visit '/post'
 
     fill_in("title-input", with: "My new post")
@@ -20,27 +23,17 @@ class PostTest < ApplicationSystemTestCase
     el = find(".wk-wysiwyg") # rich text input
     el.set("All about this interesting stuff")
 
-    assert_page_reloads do
 
-      find('.ple-publish').click
-      assert_selector('h1', text: "My new post")
-      assert_selector('#content', text: "All about this interesting stuff")
-      assert_selector('.alert-success', text: "×\nSuccess! Thank you for contributing open research, and thanks for your patience while your post is approved by community moderators and we'll email you when it is published. In the meantime, if you have more to contribute, feel free to do so.")
-
-    end
+    find('.ple-publish').click()
 
+    assert_selector('h1', text: "My new post")
+    assert_selector('#content', text: "All about this interesting stuff")
+    assert_selector('.alert-success', text: "×\nResearch note published. Get the word out on the discussion lists!")
   end
 
   test 'adding tags to the post' do
     visit '/wiki/wiki-page-path/comments'
 
-    find('a[data-target="#loginModal"]', text: 'Login').click()
-
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-
-    find(".login-modal-form #login-button").click()
-
     find('a#tags-open').click()
 
     find('.tag-input').set('nature').native.send_keys(:return)
@@ -53,13 +46,6 @@ class PostTest < ApplicationSystemTestCase
   test 'removing tags from the post' do
     visit '/wiki/wiki-page-path/comments'
 
-    find('a[data-target="#loginModal"]', text: 'Login').click()
-
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-
-    find(".login-modal-form #login-button").click()
-
     find('a#tags-open').click()
 
     find('.tag-input').set('nature').native.send_keys(:return)
@@ -75,13 +61,6 @@ class PostTest < ApplicationSystemTestCase
   test 'like button on the post' do
     visit '/wiki/wiki-page-path/comments'
 
-    find('a[data-target="#loginModal"]', text: 'Login').click()
-
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-
-    click_on 'Log in'
-
     like_button = find('.btn-like').click();
 
     # Make sure that star is toggled
@@ -109,11 +88,7 @@ def assert_page_does_not_reload(message = "page should not reload")
 
   test "edit wiki" do
     visit '/wiki/wiki-page-path/'
-    click_on "Login"
 
-    fill_in 'user_session[username]', with: 'jeff'
-    fill_in 'user_session[password]', with: 'secretive'
-    click_on "Log in"
     find('a.btn-circle:first-of-type .fa-pencil').click()
     fill_in("body", with: "Test for editing wikis!")
 
@@ -131,11 +106,6 @@ def assert_page_does_not_reload(message = "page should not reload")
     Capybara.ignore_hidden_elements = false
     visit '/wiki/new'
 
-    find('.login-page-form #username-login').set('jeff')
-    find('.login-page-form #password-signup').set('secretive')
-
-    find('.login-page-form #login-button').click()
-
     # Upload the image
     drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png")
 

From 9a5ffcd2d0bbee749b5c25e0c14dd7f669cb6037 Mon Sep 17 00:00:00 2001
From: Suyash Choudhary <57896905+sssash18@users.noreply.github.com>
Date: Fri, 17 Jan 2020 22:28:29 +0530
Subject: [PATCH 03/10] Test for spamaway (#7276)

* Added 'spamaway_textarea blank error' test

* Added empty line between the test

* Added 'do'
---
 test/integration/signup_flow_test.rb | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/test/integration/signup_flow_test.rb b/test/integration/signup_flow_test.rb
index eaa97b9e3b..deaad82f78 100644
--- a/test/integration/signup_flow_test.rb
+++ b/test/integration/signup_flow_test.rb
@@ -80,6 +80,26 @@ def setup
     assert response.body.include? 'errors prohibited this user from being saved'
     assert response.body.include? 'Email should look like an email address.'
   end
+  
+  test 'spamaway text area not blank error message' do
+    post '/register', params: {
+      user: {
+         username: "newuser",
+         email: @new_user[:email],
+         password: @new_user[:password],
+         password_confirmation: @new_user[:password]
+      },
+      spamaway: {
+        statement1: @spamaway[:statement1],
+        statement2: @spamaway[:statement2],
+        statement3: @spamaway[:statement3],
+        statement4: @spamaway[:statement4],
+        follow_instructions: "Not_Blank"
+       }
+     } 
+    assert response.body.include? '1 error prohibited this user from being saved'
+    assert response.body.include? 'Spam detection Please read the instructions in the last box carefully.'
+  end
 
   private
 

From 4e8ce69e8a880e5079b818a4027750182cfaf099 Mon Sep 17 00:00:00 2001
From: nicoleiocana <44947175+nicoleiocana@users.noreply.github.com>
Date: Fri, 17 Jan 2020 08:59:32 -0800
Subject: [PATCH 04/10] Fix 'Posting from tag pages not tagging properly #6592'
 (#7278)

---
 app/views/tag/show.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/tag/show.html.erb b/app/views/tag/show.html.erb
index c38b1c5115..b6ad38eff3 100644
--- a/app/views/tag/show.html.erb
+++ b/app/views/tag/show.html.erb
@@ -25,7 +25,7 @@
       <div class="tag-buttons">
         <div class="btn-group" role="group">
           <% if current_user && current_user.following(params[:id]) %>
-            <a rel="tooltip" title="<%= t('sidebar._post_button.share_your_work') %>" data-placement="bottom" href="/post?tags=<%= params[:id] %>" class="btn btn-primary requireLogin">New post <i class="fa fa-plus fa-white"></i></a>
+            <a rel="tooltip" title="<%= t('sidebar._post_button.share_your_work') %>" data-placement="bottom" href="/post?tags=<%= @title %>" class="btn btn-primary requireLogin">New post <i class="fa fa-plus fa-white"></i></a>
           <% else %>
             <a class="btn btn-primary requireLogin" target="_blank" href="/subscribe/tag/<%= params[:id] %>"> Follow</a>
               <% if @related_tags %>

From 834fa15566ca811fb3ab45441655db12460885ef Mon Sep 17 00:00:00 2001
From: Ajit Mujumdar <38528640+imajit@users.noreply.github.com>
Date: Fri, 17 Jan 2020 23:28:51 +0530
Subject: [PATCH 05/10] Fixes #7263   At location button to dashboard sidebar
 (#7265)

* Fixes #7263 At location button to dashboard sidebar

* Fixes #7263 At location button to dashboard sidebar

* Trying new code to fix issue
---
 app/views/sidebar/_dashboard.html.erb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/views/sidebar/_dashboard.html.erb b/app/views/sidebar/_dashboard.html.erb
index 69bca8c0d8..0252f2c010 100644
--- a/app/views/sidebar/_dashboard.html.erb
+++ b/app/views/sidebar/_dashboard.html.erb
@@ -16,8 +16,17 @@
       </div>
     </div>
   </div>
+  
+<% if current_user %>
+  <div style="margin: 2.2rem 0;">
+    <a class="btn btn-lg btn-outline-secondary blurred-location-input" submit_to="/profile/tags/create/<%= current_user.uid %>"><i class="fa fa-map-marker" style="color:#c40;"></i> Add your location</a>
+    <p style="font-size: smaller; margin: 0.3rem 0;">
+      Add your location to see work near you<br>
+      <a href="https://publiclab.org/location-privacy" target="_blank">About location privacy »</a>
+    </p>
+  </div>
+<% end %>
 
-<br><br>
 <ul class="nav nav-tabs">
   <li class="nav-item" style="width:49%;">
     <a class="nav-link active lists-tab" href="#ask-question" data-toggle="tab">

From ed479030a16748e2edf34a94affb73b43dd21fea Mon Sep 17 00:00:00 2001
From: Vladimir Mikulic <35997844+VladimirMikulic@users.noreply.github.com>
Date: Fri, 17 Jan 2020 15:35:21 -0500
Subject: [PATCH 06/10] ADD: Rich text editor image upload system tests (#7273)

Part of #5316
---
 test/application_system_test_case.rb |  4 +--
 test/system/comment_test.rb          |  2 +-
 test/system/post_test.rb             |  2 +-
 test/system/rich_text_editor_test.rb | 45 ++++++++++++++++++++++++++++
 4 files changed, 49 insertions(+), 4 deletions(-)
 create mode 100644 test/system/rich_text_editor_test.rb

diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index c1d6af0ced..7284e44c85 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -6,7 +6,7 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   driven_by :selenium, using: :chrome, screen_size: [1400, 1400], options: { desired_capabilities: caps }
 
   # https://web.archive.org/web/20170730200309/http://blog.paulrugelhiatt.com/rails/testing/capybara/dropzonejs/2014/12/29/test-dropzonejs-file-uploads-with-capybara.html
-  def drop_in_dropzone(file_path)
+  def drop_in_dropzone(file_path, dropzoneSelector)
     # Generate a fake input element
     page.execute_script <<-JS
       fakeFileInput = window.$('<input/>').attr(
@@ -29,7 +29,7 @@ def drop_in_dropzone(file_path)
         value: new FakeDataTransferObject(fileToDrop)
       });
 
-      var dropzoneArea = document.querySelector('.dropzone');
+      var dropzoneArea = document.querySelector('#{dropzoneSelector}');
       // Transfer the image to the dropzone area
       dropzoneArea.files = dataTransfer.files;
       // Emit the fake "drop" event
diff --git a/test/system/comment_test.rb b/test/system/comment_test.rb
index 350c80d40c..44c3ee18e6 100644
--- a/test/system/comment_test.rb
+++ b/test/system/comment_test.rb
@@ -110,7 +110,7 @@ def setup
     reply_preview_button = page.all('#post_comment')[0]
 
     # Upload the image
-    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png")
+    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png", ".dropzone")
 
     # Wait for image upload to finish
     wait_for_ajax
diff --git a/test/system/post_test.rb b/test/system/post_test.rb
index 3a8ff11a62..4943274b30 100644
--- a/test/system/post_test.rb
+++ b/test/system/post_test.rb
@@ -107,7 +107,7 @@ def assert_page_does_not_reload(message = "page should not reload")
     visit '/wiki/new'
 
     # Upload the image
-    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png")
+    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png", ".dropzone")
 
     # Wait for image upload to finish
     wait_for_ajax
diff --git a/test/system/rich_text_editor_test.rb b/test/system/rich_text_editor_test.rb
new file mode 100644
index 0000000000..e6d3e58f50
--- /dev/null
+++ b/test/system/rich_text_editor_test.rb
@@ -0,0 +1,45 @@
+require "application_system_test_case"
+# https://guides.rubyonrails.org/testing.html#implementing-a-system-test
+
+class RichTextEditorTest < ApplicationSystemTestCase
+  Capybara.default_max_wait_time = 60
+
+  def setup
+    visit '/'
+
+    find('.nav-link.loginToggle').click()
+    fill_in('username-login', with: 'jeff')
+    fill_in('password-signup', with: 'secretive')
+
+    find('.login-modal-form #login-button').click()
+  end
+
+  test 'thumbnail image drag and drop upload' do
+    visit '/post'
+
+    # Upload the image
+    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png", '.ple-drag-drop')
+
+    # Wait for image upload to finish
+    wait_for_ajax
+
+    is_image_url_undefined  = page.evaluate_script("$('.ple-drag-drop').attr('style').includes('url(\"undefined\"')")
+
+    # Make sure that image has been uploaded
+    assert_equal( is_image_url_undefined, false )
+  end
+
+  test 'main textarea image drag and drop upload' do
+    visit '/post'
+
+    # Upload the image
+    drop_in_dropzone("#{Rails.root.to_s}/public/images/pl.png", '.wk-container-drop')
+
+    # Wait for image upload to finish
+    wait_for_ajax
+
+    # Make sure that image has been uploaded
+    page.assert_selector('.wk-wysiwyg img', count: 1)
+  end
+
+end

From a175adcb2c42b5347cb48bb2b505ed45142dd941 Mon Sep 17 00:00:00 2001
From: Natalie St Jean <49460529+nstjean@users.noreply.github.com>
Date: Fri, 17 Jan 2020 16:48:13 -0500
Subject: [PATCH 07/10] remove top margin to blurred-location-modal
 modal-content (#7284)

---
 app/assets/stylesheets/location.css | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/assets/stylesheets/location.css b/app/assets/stylesheets/location.css
index b5f1ee32ba..76903a0366 100644
--- a/app/assets/stylesheets/location.css
+++ b/app/assets/stylesheets/location.css
@@ -20,6 +20,9 @@
   margin: 0;
 }
 
+#blurred-location-modal .modal-content {
+  margin-top: 0;
+}
 #blurred-location-modal .small-description {
   font-size: 0.9rem;
   color: #808080;

From bfaef3d4bbcdc561ace7fae9d80d40f4a4303778 Mon Sep 17 00:00:00 2001
From: Pankil Panchal <panch.pankil99@gmail.com>
Date: Sat, 18 Jan 2020 04:41:06 +0530
Subject: [PATCH 08/10] [fixed] issue #7269 (#7280)

* [fixed] issue #7269

* [fixed] failing test cases for #7269

* [fixed] failing test cases for #7269
---
 app/controllers/admin_controller.rb       | 1 -
 test/integration/moderate_and_ban_test.rb | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 06ae7ecdb8..3ab5f69194 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -274,7 +274,6 @@ def moderate
     user = User.find params[:id]
     if logged_in_as(['admin', 'moderator'])
       user.moderate
-      flash[:notice] = 'The user has been moderated.'
     else
       flash[:error] = 'Only moderators can moderate other users.'
     end
diff --git a/test/integration/moderate_and_ban_test.rb b/test/integration/moderate_and_ban_test.rb
index b798dbc753..38b9ab31c1 100644
--- a/test/integration/moderate_and_ban_test.rb
+++ b/test/integration/moderate_and_ban_test.rb
@@ -114,7 +114,7 @@ class ModerateAndBanTest < ActionDispatch::IntegrationTest
 
     assert_response :redirect
     follow_redirect!
-    assert_equal flash[:notice], 'The user has been moderated.'
+    assert_equal I18n.t('users_controller.user_has_been_moderated'), flash[:warning]
     u = User.find(u.id)
     assert_equal 5, u.status
 

From a36435748eb4753a067d2685057d2817a2ba7cae Mon Sep 17 00:00:00 2001
From: Vladimir Mikulic <35997844+VladimirMikulic@users.noreply.github.com>
Date: Fri, 17 Jan 2020 22:22:40 -0500
Subject: [PATCH 09/10] ADD: Comment HTML sanitization and tests for it (#7282)

Unit tests:
 - "sanitizing comment body for XSS"
 - "should close incomplete tags"

Resolves #3630 #3553
---
 app/models/comment.rb                    |  9 +++++-
 test/functional/notes_controller_test.rb |  6 ++--
 test/unit/comment_test.rb                | 39 +++++++++++++++++++++++-
 3 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/app/models/comment.rb b/app/models/comment.rb
index 6078bc18ce..19b90a08c9 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -473,7 +473,14 @@ def render_body
     if !trimmed_content? && parsed.present?
       body = parsed[:body] + COMMENT_FILTER + parsed[:boundary] + parsed[:quote]
     end
-    body
+
+    allowed_tags = %w(a acronym b strong i em li ul ol h1 h2 h3 h4 h5 h6 blockquote br cite sub sup ins p iframe del hr img input code table thead tbody tr th td span dl dt dd div)
+
+    # Sanitize the HTML (remove malicious attributes, unallowed tags...)
+    sanitized_body = ActionController::Base.helpers.sanitize(body, tags: allowed_tags)
+
+    # Properly parse HTML (close incomplete tags...)
+    Nokogiri::HTML::DocumentFragment.parse(sanitized_body).to_html
   end
 
   def self.find_by_tag_and_author(tagname, userid)
diff --git a/test/functional/notes_controller_test.rb b/test/functional/notes_controller_test.rb
index 56a08f56b3..d069cd79a1 100644
--- a/test/functional/notes_controller_test.rb
+++ b/test/functional/notes_controller_test.rb
@@ -677,7 +677,7 @@ def teardown
     assert (notes & expected).present?
     assert !(notes & questions).present?
   end
-  
+
     test 'first note in /liked endpoint should be highest liked' do
     get :liked
     notes = assigns(:notes)
@@ -696,7 +696,7 @@ def teardown
     actual = notes.first
     assert expected == actual.created
   end
-     
+
   test 'first three posts in /liked should be sorted by likes' do
     get :liked
     # gets first notes
@@ -704,7 +704,7 @@ def teardown
      # sort_by is from lowest to highest so it needs to be reversed
     assert notes.sort_by { |note| note.cached_likes }.reverse ==  notes
   end
-   
+
   test 'should choose I18n for notes controller' do
     available_testing_locales.each do |lang|
       old_controller = @controller
diff --git a/test/unit/comment_test.rb b/test/unit/comment_test.rb
index 09e778b1b2..4fe938770a 100644
--- a/test/unit/comment_test.rb
+++ b/test/unit/comment_test.rb
@@ -260,12 +260,15 @@ def setup
     comment = Comment.new({
       comment: "Thank you! On Tuesday, 3 July 2018, 11:20:57 PM IST, RP <rp@email.com> wrote:  Here you go."
     })
+
     parsed = comment.parse_quoted_text
+    output = comment.render_body
+
     assert_equal "Thank you! ", parsed[:body]
     assert_equal "On Tuesday, 3 July 2018, 11:20:57 PM IST, RP <rp@email.com> wrote:", parsed[:boundary]
     assert_equal "  Here you go.", parsed[:quote]
     assert_equal "Thank you! ", comment.scrub_quoted_text
-    assert_equal "Thank you! <!-- @@$$%% Trimmed Content @@$$%% -->On Tuesday, 3 July 2018, 11:20:57 PM IST, RP <rp@email.com> wrote:  Here you go.", comment.render_body
+    assert_equal output, "Thank you! On Tuesday, 3 July 2018, 11:20:57 PM IST, RP  wrote:  Here you go."
   end
 
   test 'should give the domain of gmail correctly' do
@@ -313,4 +316,38 @@ def setup
   test 'find comments using tagname and user id' do
     assert_equal('Admin comment', Comment.find_by_tag_and_author("awesome", 5).first.comment)
   end
+
+  test 'sanitizing comment body for XSS' do
+    comment = Comment.new
+    comment.comment = "<img src=x onerror=prompt(133)>" # inserting executable javascript into a comment
+    assert comment.save
+
+    output = comment.render_body
+
+    # Ensure that malicious attributes have been removed
+    assert_equal [], output.scan('src=x')
+    assert_equal [], output.scan('onerror=prompt')
+
+    # Ensure all the OK attributes are preserved, for a wide range of comment types:
+    comment.comment = "<iframe src='/hello' width='100' height='100' border='0'></iframe><p style='color:red;' class='nice' id='cool' title='sweet'></p>"
+    assert comment.save
+    output = comment.render_body
+
+    assert_equal [], output.scan("src='/hello' width='100' height='100' border='0'")
+    assert_equal [], output.scan("class='nice' id='cool' title='sweet'")
+  end
+
+  test 'should close incomplete tags' do
+    comment = Comment.new
+
+    # <iframe> is not closed (</iframe>)
+    comment.comment = "Let’s see how this works with images or an embedded video.\n\n&nbsp;\n\n![](cid:image001.jpg@01D45C10.01D90920)\n\n&nbsp;\n\n\\<iframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/Kt\\_MSMpxy7Y\" frameborder=\"0\" allow=\"autoplay; encrypted-media\" allowfullscreen\\>\\\n\n&nbsp;\n\nIs \\ ***markdown** \\* parsed?\n\n&nbsp;\n\n1. 1. Number 1\n\n2. 4. Number 4\n\n3. 3. Number 3\n\n&nbsp;"
+
+    assert comment.save
+    output = comment.render_body
+
+    # Make sure that <iframe> is closed (</iframe>)
+    assert_not_equal [], output.scan('<iframe width="560" height="315" src="https://www.youtube.com/embed/Kt%5C_MSMpxy7Y">\</iframe>')
+  end
+
 end

From 15bcb3199f3d58ba3db2579b65dd3ad86acb2565 Mon Sep 17 00:00:00 2001
From: Uzay-G <52892257+Uzay-G@users.noreply.github.com>
Date: Sat, 18 Jan 2020 11:52:33 +0100
Subject: [PATCH 10/10] ADD: Testing for rich and markdown wiki editors (#7288)

* add tests for wiki editors

* fix test names
---
 test/editor_test.rb | 81 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 test/editor_test.rb

diff --git a/test/editor_test.rb b/test/editor_test.rb
new file mode 100644
index 0000000000..838bc50461
--- /dev/null
+++ b/test/editor_test.rb
@@ -0,0 +1,81 @@
+require "application_system_test_case"
+
+class EditorTest < ApplicationSystemTestCase
+
+  def setup
+    visit '/'
+
+    click_on 'Login'
+
+    fill_in("username-login", with: "palpatine")
+    fill_in("password-signup", with: "secretive")
+    click_on "Log in"
+  end
+
+  test "check that rich wiki editor functions correctly" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Try the beta inline Rich Wiki editor.'").click()
+    first("div.inline-section").hover()
+
+    # click edit btn
+    using_wait_time(2) { first("a.inline-edit-btn").click() }
+
+    find("div.wk-wysiwyg").set("wiki text")
+
+    click_on "Save"
+    page.assert_selector("p", text: "wiki text")
+  end
+
+  test "check that markdown wiki editor functions correctly" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Edit this wiki page.'").click()
+
+    find("#text-input").set("wiki text")
+    find("a#publish").click()
+
+    page.assert_selector("p", text: "wiki text")
+  end
+
+  test "check rich editor features are functional" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Try the beta inline Rich Wiki editor.'").click()
+    first("div.inline-section").hover()
+
+    using_wait_time(2) { first("a.inline-edit-btn").click() }
+
+    # test the following features
+    ["bold", "italic", "code", "heading"].each do |element|
+      # clicking on the button generates the element with dummy text
+      find("button.woofmark-command-#{element}").click()
+      # these keys are called to deselect the previous elements
+      find("div.wk-wysiwyg").native.send_key(:arrow_left, :enter)
+    end
+
+    click_on "Save"
+
+    # assert that the features have worked and that the correct wiki elements are displayed
+    page.assert_selector("strong", text: "strong text")
+    page.assert_selector("h1", text: "Heading Text")
+    page.assert_selector("em", text: "emphasized text")
+    page.assert_selector("code", text: "code goes here")
+  end
+
+  test "check markdown editor features are functional" do
+    visit "/wiki/wiki-page-path"
+    find("a[data-original-title='Edit this wiki page.']").click()
+
+    # test the following features
+    ["**strong text**", "_emphasized text_", "`code goes here`", "# Heading Text"].each do |element|
+      find("#text-input").native.send_keys(element)
+      find("#text-input").native.send_keys(:enter)
+    end
+
+    find("a#publish").click()
+
+    # assert that the features have worked and that the correct wiki elements are displayed
+    page.assert_selector("strong", text: "strong text")
+    page.assert_selector("h1", text: "Heading Text")
+    page.assert_selector("em", text: "emphasized text")
+    page.assert_selector("code", text: "code goes here")
+  end
+end