notification_factory_renderer_test.rb 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545
  1. # encoding: utf-8
  2. require 'test_helper'
  3. class NotificationFactoryRendererTest < ActiveSupport::TestCase
  4. # RSpec incoming!
  5. def described_class
  6. NotificationFactory::Renderer
  7. end
  8. group = Group.new(name: 'Users')
  9. owner = User.new(firstname: 'Notification<b>xxx</b>', lastname: 'Agent1<b>yyy</b>')
  10. current_user = User.new(firstname: 'CurrentUser<b>xxx</b>', lastname: 'Agent2<b>yyy</b>')
  11. recipient = User.new(firstname: 'Recipient<b>xxx</b>', lastname: 'Customer1<b>yyy</b>')
  12. state = Ticket::State.new(name: 'new')
  13. ticket = Ticket.new(
  14. id: 1,
  15. title: '<b>Welcome to Zammad!</b>',
  16. group: group,
  17. owner: owner,
  18. state: state,
  19. created_at: Time.zone.parse('2016-11-12 12:00:00 UTC'),
  20. updated_at: Time.zone.parse('2016-11-12 14:00:00 UTC'),
  21. )
  22. article_html1 = Ticket::Article.new(
  23. body: 'test <b>hello</b><br>some new line',
  24. content_type: 'text/html',
  25. )
  26. article_plain1 = Ticket::Article.new(
  27. body: "test <b>hello</b>\nsome new line",
  28. content_type: 'text/plain',
  29. )
  30. article_plain2 = Ticket::Article.new(
  31. body: "test <b>hello</b>\nsome new line",
  32. )
  33. test 'replace object attribute' do
  34. template = "\#{ticket.title}"
  35. result = described_class.new(
  36. {
  37. ticket: ticket,
  38. },
  39. 'en-us',
  40. template,
  41. ).render
  42. assert_equal(CGI.escapeHTML(ticket.title), result)
  43. template = "\#{ticket.created_at}"
  44. result = described_class.new(
  45. {
  46. ticket: ticket,
  47. },
  48. 'en-us',
  49. template,
  50. ).render
  51. assert_equal(ticket.created_at.to_s, result)
  52. template = "\#{ticket.updated_at}"
  53. result = described_class.new(
  54. {
  55. ticket: ticket,
  56. },
  57. 'en-us',
  58. template,
  59. ).render
  60. assert_equal(ticket.updated_at.to_s, result)
  61. template = "\#{ticket. title}"
  62. result = described_class.new(
  63. {
  64. ticket: ticket,
  65. },
  66. 'en-us',
  67. template,
  68. ).render
  69. assert_equal(CGI.escapeHTML(ticket.title), result)
  70. template = "\#{ticket.\n title}"
  71. result = described_class.new(
  72. {
  73. ticket: ticket,
  74. },
  75. 'en-us',
  76. template,
  77. ).render
  78. assert_equal(CGI.escapeHTML(ticket.title), result)
  79. template = "\#{ticket.\t title}"
  80. result = described_class.new(
  81. {
  82. ticket: ticket,
  83. },
  84. 'en-us',
  85. template,
  86. ).render
  87. assert_equal(CGI.escapeHTML(ticket.title), result)
  88. template = "\#{ticket.\t\n title\t}"
  89. result = described_class.new(
  90. {
  91. ticket: ticket,
  92. },
  93. 'en-us',
  94. template,
  95. ).render
  96. assert_equal(CGI.escapeHTML(ticket.title), result)
  97. template = "\#{ticket.\" title\t}"
  98. result = described_class.new(
  99. {
  100. ticket: ticket,
  101. },
  102. 'en-us',
  103. template,
  104. ).render
  105. assert_equal(CGI.escapeHTML(ticket.title), result)
  106. template = "some test<br>\#{article.body}"
  107. result = described_class.new(
  108. {
  109. article: article_html1,
  110. },
  111. 'en-us',
  112. template,
  113. ).render
  114. assert_equal('some test<br>&gt; test hello<br>&gt; some new line<br>', result)
  115. result = described_class.new(
  116. {
  117. article: article_plain1,
  118. },
  119. 'en-us',
  120. template,
  121. ).render
  122. assert_equal('some test<br>&gt; test &lt;b&gt;hello&lt;/b&gt;<br>&gt; some new line<br>', result)
  123. result = described_class.new(
  124. {
  125. article: article_plain2,
  126. },
  127. 'en-us',
  128. template,
  129. ).render
  130. assert_equal('some test<br>&gt; test &lt;b&gt;hello&lt;/b&gt;<br>&gt; some new line<br>', result)
  131. end
  132. test 'config' do
  133. setting = 'fqdn'
  134. template = "\#{config.#{setting}}"
  135. result = described_class.new(
  136. {
  137. ticket: ticket,
  138. },
  139. 'en-us',
  140. template,
  141. ).render
  142. assert_equal(Setting.get(setting), result)
  143. setting1 = 'fqdn'
  144. setting2 = 'product_name'
  145. template = "some \#{config.#{setting1}} and \#{config.#{setting2}}"
  146. result = described_class.new(
  147. {
  148. ticket: ticket,
  149. },
  150. 'en-us',
  151. template,
  152. ).render
  153. assert_equal("some #{Setting.get(setting1)} and #{Setting.get(setting2)}", result)
  154. setting1 = 'fqdn'
  155. setting2 = 'product_name'
  156. template = "some \#{ config.#{setting1}} and \#{\tconfig.#{setting2}}"
  157. result = described_class.new(
  158. {
  159. ticket: ticket,
  160. },
  161. 'en-us',
  162. template,
  163. ).render
  164. assert_equal("some #{Setting.get(setting1)} and #{Setting.get(setting2)}", result)
  165. end
  166. test 'translation' do
  167. #template = "<%= t 'new' %>"
  168. template = "\#{t('new')}"
  169. result = described_class.new(
  170. {
  171. ticket: ticket,
  172. },
  173. 'de-de',
  174. template,
  175. ).render
  176. assert_equal('neu', result)
  177. template = "some text \#{t('new')} and \#{t('open')}"
  178. result = described_class.new(
  179. {
  180. ticket: ticket,
  181. },
  182. 'de-de',
  183. template,
  184. ).render
  185. assert_equal('some text neu and offen', result)
  186. template = "some text \#{t('new') } and \#{ t('open')}"
  187. result = described_class.new(
  188. {
  189. ticket: ticket,
  190. },
  191. 'de-de',
  192. template,
  193. ).render
  194. assert_equal('some text neu and offen', result)
  195. template = "some text \#{\nt('new') } and \#{ t('open')\t}"
  196. result = described_class.new(
  197. {
  198. ticket: ticket,
  199. },
  200. 'de-de',
  201. template,
  202. ).render
  203. assert_equal('some text neu and offen', result)
  204. end
  205. test 'chained function calls' do
  206. template = "\#{t(ticket.state.name)}"
  207. result = described_class.new(
  208. {
  209. ticket: ticket,
  210. },
  211. 'de-de',
  212. template,
  213. ).render
  214. assert_equal('neu', result)
  215. end
  216. test 'not existing object and attribute' do
  217. template = "\#{}"
  218. result = described_class.new(
  219. {
  220. ticket: ticket,
  221. },
  222. 'en-us',
  223. template,
  224. ).render
  225. assert_equal(CGI.escapeHTML('#{no such object}'), result)
  226. template = "\#{notexsiting.notexsiting}"
  227. result = described_class.new(
  228. {
  229. ticket: ticket,
  230. },
  231. 'en-us',
  232. template,
  233. ).render
  234. assert_equal(CGI.escapeHTML('#{notexsiting / no such object}'), result)
  235. template = "\#{ticket.notexsiting}"
  236. result = described_class.new(
  237. {
  238. ticket: ticket,
  239. },
  240. 'en-us',
  241. template,
  242. ).render
  243. assert_equal(CGI.escapeHTML('#{ticket.notexsiting / no such method}'), result)
  244. template = "\#{ticket.}"
  245. result = described_class.new(
  246. {
  247. ticket: ticket,
  248. },
  249. 'en-us',
  250. template,
  251. ).render
  252. assert_equal(CGI.escapeHTML('#{ticket. / no such method}'), result)
  253. template = "\#{ticket.title.notexsiting}"
  254. result = described_class.new(
  255. {
  256. ticket: ticket,
  257. },
  258. 'en-us',
  259. template,
  260. ).render
  261. assert_equal(CGI.escapeHTML('#{ticket.title.notexsiting / no such method}'), result)
  262. template = "\#{ticket.notexsiting.notexsiting}"
  263. result = described_class.new(
  264. {
  265. ticket: ticket,
  266. },
  267. 'en-us',
  268. template,
  269. ).render
  270. assert_equal(CGI.escapeHTML('#{ticket.notexsiting / no such method}'), result)
  271. template = "\#{notexsiting}"
  272. result = described_class.new(
  273. {
  274. ticket: ticket,
  275. },
  276. 'en-us',
  277. template,
  278. ).render
  279. assert_equal(CGI.escapeHTML('#{notexsiting / no such object}'), result)
  280. template = "\#{notexsiting.}"
  281. result = described_class.new(
  282. {
  283. ticket: ticket,
  284. },
  285. 'en-us',
  286. template,
  287. ).render
  288. assert_equal(CGI.escapeHTML('#{notexsiting / no such object}'), result)
  289. template = "\#{string}"
  290. result = described_class.new(
  291. {
  292. string: 'some string',
  293. },
  294. 'en-us',
  295. template,
  296. ).render
  297. assert_equal(CGI.escapeHTML('some string'), result)
  298. template = "\#{fixum}"
  299. result = described_class.new(
  300. {
  301. fixum: 123,
  302. },
  303. 'en-us',
  304. template,
  305. ).render
  306. assert_equal(CGI.escapeHTML('123'), result)
  307. template = "\#{float}"
  308. result = described_class.new(
  309. {
  310. float: 123.99,
  311. },
  312. 'en-us',
  313. template,
  314. ).render
  315. assert_equal(CGI.escapeHTML('123.99'), result)
  316. end
  317. test 'data key validation' do
  318. template = "\#{ticket.title `echo 1`}"
  319. result = described_class.new(
  320. {
  321. ticket: ticket,
  322. },
  323. 'en-us',
  324. template,
  325. ).render
  326. assert_equal(CGI.escapeHTML('#{ticket.title`echo1` / not allowed}'), result)
  327. template = "\#{ticket.destroy}"
  328. result = described_class.new(
  329. {
  330. ticket: ticket,
  331. },
  332. 'en-us',
  333. template,
  334. ).render
  335. assert_equal(CGI.escapeHTML('#{ticket.destroy / not allowed}'), result)
  336. template = "\#{ticket.save}"
  337. result = described_class.new(
  338. {
  339. ticket: ticket,
  340. },
  341. 'en-us',
  342. template,
  343. ).render
  344. assert_equal(CGI.escapeHTML('#{ticket.save / not allowed}'), result)
  345. template = "\#{ticket.update}"
  346. result = described_class.new(
  347. {
  348. ticket: ticket,
  349. },
  350. 'en-us',
  351. template,
  352. ).render
  353. assert_equal(CGI.escapeHTML('#{ticket.update / not allowed}'), result)
  354. template = "\#{ticket.create}"
  355. result = described_class.new(
  356. {
  357. ticket: ticket,
  358. },
  359. 'en-us',
  360. template,
  361. ).render
  362. assert_equal(CGI.escapeHTML('#{ticket.create / not allowed}'), result)
  363. template = "\#{ticket.delete}"
  364. result = described_class.new(
  365. {
  366. ticket: ticket,
  367. },
  368. 'en-us',
  369. template,
  370. ).render
  371. assert_equal(CGI.escapeHTML('#{ticket.delete / not allowed}'), result)
  372. template = "\#{ticket.remove}"
  373. result = described_class.new(
  374. {
  375. ticket: ticket,
  376. },
  377. 'en-us',
  378. template,
  379. ).render
  380. assert_equal(CGI.escapeHTML('#{ticket.remove / not allowed}'), result)
  381. template = "\#{ticket.drop}"
  382. result = described_class.new(
  383. {
  384. ticket: ticket,
  385. },
  386. 'en-us',
  387. template,
  388. ).render
  389. assert_equal(CGI.escapeHTML('#{ticket.drop / not allowed}'), result)
  390. template = "\#{ticket.create}"
  391. result = described_class.new(
  392. {
  393. ticket: ticket,
  394. },
  395. 'en-us',
  396. template,
  397. ).render
  398. assert_equal(CGI.escapeHTML('#{ticket.create / not allowed}'), result)
  399. template = "\#{ticket.new}"
  400. result = described_class.new(
  401. {
  402. ticket: ticket,
  403. },
  404. 'en-us',
  405. template,
  406. ).render
  407. assert_equal(CGI.escapeHTML('#{ticket.new / not allowed}'), result)
  408. template = "\#{ticket.update_att}"
  409. result = described_class.new(
  410. {
  411. ticket: ticket,
  412. },
  413. 'en-us',
  414. template,
  415. ).render
  416. assert_equal(CGI.escapeHTML('#{ticket.update_att / not allowed}'), result)
  417. template = "\#{ticket.all}"
  418. result = described_class.new(
  419. {
  420. ticket: ticket,
  421. },
  422. 'en-us',
  423. template,
  424. ).render
  425. assert_equal(CGI.escapeHTML('#{ticket.all / not allowed}'), result)
  426. template = "\#{ticket.find}"
  427. result = described_class.new(
  428. {
  429. ticket: ticket,
  430. },
  431. 'en-us',
  432. template,
  433. ).render
  434. assert_equal(CGI.escapeHTML('#{ticket.find / not allowed}'), result)
  435. template = "\#{ticket.where}"
  436. result = described_class.new(
  437. {
  438. ticket: ticket,
  439. },
  440. 'en-us',
  441. template,
  442. ).render
  443. assert_equal(CGI.escapeHTML('#{ticket.where / not allowed}'), result)
  444. template = "\#{ticket. destroy}"
  445. result = described_class.new(
  446. {
  447. ticket: ticket,
  448. },
  449. 'en-us',
  450. template,
  451. ).render
  452. assert_equal(CGI.escapeHTML('#{ticket.destroy / not allowed}'), result)
  453. template = "\#{ticket.\n destroy}"
  454. result = described_class.new(
  455. {
  456. ticket: ticket,
  457. },
  458. 'en-us',
  459. template,
  460. ).render
  461. assert_equal(CGI.escapeHTML("\#{ticket.destroy / not allowed}"), result)
  462. template = "\#{ticket.\t destroy}"
  463. result = described_class.new(
  464. {
  465. ticket: ticket,
  466. },
  467. 'en-us',
  468. template,
  469. ).render
  470. assert_equal(CGI.escapeHTML("\#{ticket.destroy / not allowed}"), result)
  471. template = "\#{ticket.\r destroy}"
  472. result = described_class.new(
  473. {
  474. ticket: ticket,
  475. },
  476. 'en-us',
  477. template,
  478. ).render
  479. assert_equal(CGI.escapeHTML("\#{ticket.destroy / not allowed}"), result)
  480. end
  481. end