123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'test_helper'
- class NotificationFactoryRendererTest < ActiveSupport::TestCase
- # RSpec incoming!
- def described_class
- NotificationFactory::Renderer
- end
- group = Group.new(name: 'Users')
- owner = User.new(firstname: 'Owner<b>xxx</b>', lastname: 'Agent1<b>yyy</b>')
- current_user = User.new(firstname: 'CurrentUser<b>xxx</b>', lastname: 'Agent2<b>yyy</b>')
- state = Ticket::State.new(name: 'new')
- ticket = Ticket.new(
- id: 1,
- title: '<b>Welcome to Zammad!</b>',
- group: group,
- owner: owner,
- state: state,
- created_by: current_user,
- updated_by: current_user,
- created_at: Time.zone.parse('2016-11-12 12:00:00 UTC'),
- updated_at: Time.zone.parse('2016-11-12 14:00:00 UTC'),
- )
- article_html1 = Ticket::Article.new(
- body: 'test <b>hello</b><br>some new line',
- content_type: 'text/html',
- )
- article_plain1 = Ticket::Article.new(
- body: "test <b>hello</b>\nsome new line",
- content_type: 'text/plain',
- )
- article_plain2 = Ticket::Article.new(
- body: "test <b>hello</b>\nsome new line",
- )
- test 'replace object attribute' do
- template = "\#{ticket.title}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "\#{ticket.created_at}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('11/12/2016 1:00 pm (Europe/Berlin)', result)
- template = "\#{ticket.created_by.firstname}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('CurrentUser<b>xxx</b>', result)
- template = "\#{ticket.updated_at}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('11/12/2016 3:00 pm (Europe/Berlin)', result)
- template = "\#{ticket.updated_by.firstname}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('CurrentUser<b>xxx</b>', result)
- template = "\#{ticket.owner.firstname}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('Owner<b>xxx</b>', result)
- template = "\#{ticket. title}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "\#{ticket.\n title}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "\#{ticket.\t title}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "\#{ticket.\t\n title\t}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "\#{ticket.\" title\t}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "\#{<a href=\"/test123\">ticket.\" title</a>}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML(ticket.title), result)
- template = "some test<br>\#{article.body}"
- result = described_class.new(
- objects: {
- article: article_html1,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('some test<br>> test hello<br>> some new line<br>', result)
- result = described_class.new(
- objects: {
- article: article_plain1,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('some test<br>> test <b>hello</b><br>> some new line<br>', result)
- result = described_class.new(
- objects: {
- article: article_plain2,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('some test<br>> test <b>hello</b><br>> some new line<br>', result)
- end
- test 'config' do
- setting = 'fqdn'
- template = "\#{config.#{setting}}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(Setting.get(setting), result)
- setting1 = 'fqdn'
- setting2 = 'product_name'
- template = "some \#{config.#{setting1}} and \#{config.#{setting2}}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal("some #{Setting.get(setting1)} and #{Setting.get(setting2)}", result)
- setting1 = 'fqdn'
- setting2 = 'product_name'
- template = "some \#{ config.#{setting1}} and \#{\tconfig.#{setting2}}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal("some #{Setting.get(setting1)} and #{Setting.get(setting2)}", result)
- end
- test 'translation' do
- # template = "<%= t 'new' %>"
- template = "\#{t('new')}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'de-de',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('neu', result)
- template = "some text \#{t('new')} and \#{t('open')}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'de-de',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('some text neu and offen', result)
- template = "some text \#{t('new') } and \#{ t('open')}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'de-de',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('some text neu and offen', result)
- template = "some text \#{\nt('new') } and \#{ t('open')\t}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'de-de',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('some text neu and offen', result)
- end
- test 'chained function calls' do
- template = "\#{t(ticket.state.name)}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'de-de',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal('neu', result)
- end
- test 'not existing object and attribute' do
- template = "\#{}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{no such object}'), result)
- template = "\#{notexsiting.notexsiting}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{notexsiting / no such object}'), result)
- template = "\#{ticket.notexsiting}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.notexsiting / no such method}'), result)
- template = "\#{ticket.}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket. / no such method}'), result)
- template = "\#{ticket.title.notexsiting}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.title.notexsiting / no such method}'), result)
- template = "\#{ticket.notexsiting.notexsiting}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.notexsiting / no such method}'), result)
- template = "\#{notexsiting}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{notexsiting / no such object}'), result)
- template = "\#{notexsiting.}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{notexsiting / no such object}'), result)
- template = "\#{string}"
- result = described_class.new(
- objects: {
- string: 'some string',
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('some string'), result)
- template = "\#{fixum}"
- result = described_class.new(
- objects: {
- fixum: 123,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('123'), result)
- template = "\#{float}"
- result = described_class.new(
- objects: {
- float: 123.99,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('123.99'), result)
- end
- test 'data key validation' do
- template = "\#{ticket.title `echo 1`}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.title`echo1` / not allowed}'), result)
- template = "\#{ticket.destroy}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.destroy / not allowed}'), result)
- template = "\#{ticket.save}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.save / not allowed}'), result)
- template = "\#{ticket.update}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.update / not allowed}'), result)
- template = "\#{ticket.create}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.create / not allowed}'), result)
- template = "\#{ticket.delete}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.delete / not allowed}'), result)
- template = "\#{ticket.remove}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.remove / not allowed}'), result)
- template = "\#{ticket.drop}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.drop / not allowed}'), result)
- template = "\#{ticket.create}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.create / not allowed}'), result)
- template = "\#{ticket.new}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.new / not allowed}'), result)
- template = "\#{ticket.update_att}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.update_att / not allowed}'), result)
- template = "\#{ticket.all}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.all / not allowed}'), result)
- template = "\#{ticket.find}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.find / not allowed}'), result)
- template = "\#{ticket.where}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.where / not allowed}'), result)
- template = "\#{ticket. destroy}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('#{ticket.destroy / not allowed}'), result)
- template = "\#{ticket.\n destroy}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML("\#{ticket.destroy / not allowed}"), result)
- template = "\#{ticket.\t destroy}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML("\#{ticket.destroy / not allowed}"), result)
- template = "\#{ticket.\r destroy}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML("\#{ticket.destroy / not allowed}"), result)
- end
- test 'methods with single Integer parameter' do
- template = "\#{ticket.title.first(3)}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('<b>'), result)
- template = "\#{ticket.title.last(4)}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML('</b>'), result)
- template = "\#{ticket.title.slice(3, 4)}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal(CGI.escapeHTML("\#{ticket.title.slice(3,4) / invalid parameter: 3,4}"), result)
- template = "\#{ticket.title.first('some invalid parameter')}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal("\#{ticket.title.first(someinvalidparameter) / invalid parameter: someinvalidparameter}", result)
- template = "\#{ticket.title.chomp(`cat /etc/passwd`)}"
- result = described_class.new(
- objects: {
- ticket: ticket,
- },
- locale: 'en-us',
- timezone: 'Europe/Berlin',
- template: template,
- ).render
- assert_equal("\#{ticket.title.chomp(`cat/etc/passwd`) / not allowed}", result)
- end
- end
|