mirror of
https://gitlab.com/gitlab-org/gitlab-foss.git
synced 2025-07-25 16:03:48 +00:00
108 lines
3.8 KiB
Ruby
108 lines
3.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe CustomEmoji do
|
|
describe 'Associations' do
|
|
it { is_expected.to belong_to(:namespace).inverse_of(:custom_emoji) }
|
|
it { is_expected.to belong_to(:creator).inverse_of(:created_custom_emoji) }
|
|
it { is_expected.to have_db_column(:file) }
|
|
it { is_expected.to validate_presence_of(:creator) }
|
|
it { is_expected.to validate_length_of(:name).is_at_most(36) }
|
|
it { is_expected.to validate_presence_of(:name) }
|
|
it { is_expected.to have_db_column(:external) }
|
|
end
|
|
|
|
describe 'exclusion of duplicated emoji' do
|
|
let(:group) { create(:group, :private) }
|
|
|
|
it 'disallows emoji names of built-in emoji' do
|
|
emoji_name = TanukiEmoji.index.all.sample.name until emoji_name && emoji_name.size < 36
|
|
new_emoji = build(:custom_emoji, name: emoji_name, group: group)
|
|
|
|
expect(new_emoji).not_to be_valid
|
|
expect(new_emoji.errors.messages).to eq(name: ["#{emoji_name} is already being used for another emoji"])
|
|
end
|
|
|
|
it 'disallows very long invalid emoji name without regular expression backtracking issues' do
|
|
new_emoji = build(:custom_emoji, name: ('a' * 10000) + '!', group: group)
|
|
|
|
Timeout.timeout(1) do
|
|
expect(new_emoji).not_to be_valid
|
|
expect(new_emoji.errors.messages).to eq(name: ["is too long (maximum is 36 characters)", "is invalid"])
|
|
end
|
|
end
|
|
|
|
it 'disallows duplicate custom emoji names within namespace' do
|
|
old_emoji = create(:custom_emoji, group: group)
|
|
new_emoji = build(:custom_emoji, name: old_emoji.name, namespace: old_emoji.namespace, group: group)
|
|
|
|
expect(new_emoji).not_to be_valid
|
|
expect(new_emoji.errors.messages).to eq(name: ["has already been taken"])
|
|
end
|
|
|
|
it 'disallows non http and https file value' do
|
|
emoji = build(:custom_emoji, name: 'new-name', group: group, file: 'ftp://some-url.in')
|
|
|
|
expect(emoji).not_to be_valid
|
|
expect(emoji.errors.messages).to eq(file: ["is blocked: Only allowed schemes are http, https"])
|
|
end
|
|
end
|
|
|
|
describe '#for_resource' do
|
|
let_it_be(:group) { create(:group) }
|
|
let_it_be(:custom_emoji) { create(:custom_emoji, namespace: group) }
|
|
|
|
context 'when group is nil' do
|
|
let_it_be(:group) { nil }
|
|
|
|
it { expect(described_class.for_resource(group)).to eq([]) }
|
|
end
|
|
|
|
context 'when resource is a project' do
|
|
let_it_be(:project) { create(:project) }
|
|
|
|
it { expect(described_class.for_resource(project)).to eq([]) }
|
|
end
|
|
|
|
it { expect(described_class.for_resource(group)).to eq([custom_emoji]) }
|
|
end
|
|
|
|
describe '#for_namespaces' do
|
|
let_it_be(:group) { create(:group) }
|
|
let_it_be(:custom_emoji) { create(:custom_emoji, namespace: group, name: 'flying_parrot') }
|
|
|
|
it { expect(described_class.for_namespaces([group.id])).to eq([custom_emoji]) }
|
|
|
|
it "does not add sql injections in the query" do
|
|
query = described_class.for_namespaces(
|
|
["96 THEN (SELECT 1 FROM pg_sleep(5) LIMIT 1) ELSE (SELECT 1 FROM pg_sleep(1) LIMIT 1) END --;"]).to_sql
|
|
|
|
expect(query).not_to include("pg_sleep")
|
|
end
|
|
|
|
context 'with subgroup' do
|
|
let_it_be(:subgroup) { create(:group, parent: group) }
|
|
let_it_be(:subgroup_emoji) { create(:custom_emoji, namespace: subgroup, name: 'flying_parrot') }
|
|
|
|
it { expect(described_class.for_namespaces([subgroup.id, group.id])).to eq([subgroup_emoji]) }
|
|
end
|
|
end
|
|
|
|
describe '#url' do
|
|
before do
|
|
stub_asset_proxy_setting(
|
|
enabled: true,
|
|
secret_key: 'shared-secret',
|
|
url: 'https://assets.example.com'
|
|
)
|
|
end
|
|
|
|
it 'uses the asset proxy' do
|
|
emoji = build(:custom_emoji, name: 'gitlab', file: "http://example.com/test.png")
|
|
|
|
expect(emoji.url).to eq("https://assets.example.com/08df250eeeef1a8cf2c761475ac74c5065105612/687474703a2f2f6578616d706c652e636f6d2f746573742e706e67")
|
|
end
|
|
end
|
|
end
|