diff --git a/Gemfile b/Gemfile index 523a8aa59b..d26de4893a 100644 --- a/Gemfile +++ b/Gemfile @@ -176,7 +176,7 @@ gem 'openproject-token', '~> 1.0.1' gem 'plaintext', '0.1.0' group :test do - gem 'rack-test', '~> 0.6.3' + gem 'rack-test', '~> 1.0.0' gem 'shoulda-context', '~> 1.2' gem 'launchy', '~> 2.4.3' diff --git a/Gemfile.lock b/Gemfile.lock index cccaa2f058..7e0ecbab3e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -413,8 +413,8 @@ GEM rack rack-protection (2.0.1) rack - rack-test (0.6.3) - rack (>= 1.0) + rack-test (1.0.0) + rack (>= 1.0, < 3) rack_session_access (0.2.0) builder (>= 2.0.0) rack (>= 1.0.0) @@ -687,7 +687,7 @@ DEPENDENCIES rabl (~> 0.13.0) rack-attack (~> 5.2.0) rack-protection (~> 2.0.0) - rack-test (~> 0.6.3) + rack-test (~> 1.0.0) rack_session_access rails (~> 5.1.5) rails-angular-xss! diff --git a/spec/requests/api/v3/queries/query_resource_spec.rb b/spec/requests/api/v3/queries/query_resource_spec.rb index e399330584..cf035a7424 100644 --- a/spec/requests/api/v3/queries/query_resource_spec.rb +++ b/spec/requests/api/v3/queries/query_resource_spec.rb @@ -95,7 +95,7 @@ describe 'API v3 Query resource', type: :request, content_type: :json do let(:path) do filter = [project: { operator: "=", values: [project.id.to_s] }].to_json - "#{api_v3_paths.queries}?filters=#{filter}" + "#{api_v3_paths.queries}?filters=#{URI::escape(filter)}" end let(:prepare) do @@ -126,7 +126,7 @@ describe 'API v3 Query resource', type: :request, content_type: :json do let(:path) do filter = [project: { operator: "!*", values: [] }].to_json - "#{api_v3_paths.queries}?filters=#{filter}" + "#{api_v3_paths.queries}?filters=#{URI::escape(filter)}" end let(:prepare) do diff --git a/spec/requests/api/v3/watcher_resource_spec.rb b/spec/requests/api/v3/watcher_resource_spec.rb index dc3a89d963..bf84204210 100644 --- a/spec/requests/api/v3/watcher_resource_spec.rb +++ b/spec/requests/api/v3/watcher_resource_spec.rb @@ -34,29 +34,29 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do include API::V3::Utilities::PathHelper let(:project) { FactoryGirl.create(:project, identifier: 'test_project', is_public: false) } - let(:current_user) { + let(:current_user) do FactoryGirl.create :user, member_in_project: project, member_through_role: role - } + end let(:role) { FactoryGirl.create(:role, permissions: permissions) } let(:permissions) { [] } let(:view_work_packages_role) { FactoryGirl.create(:role, permissions: [:view_work_packages]) } let(:work_package) { FactoryGirl.create(:work_package, project: project) } - let(:available_watcher) { + let(:available_watcher) do FactoryGirl.create :user, firstname: 'Something', lastname: 'Strange', member_in_project: project, member_through_role: view_work_packages_role - } + end - let(:watching_user) { + let(:watching_user) do FactoryGirl.create :user, member_in_project: project, member_through_role: view_work_packages_role - } - let(:existing_watcher) { + end + let(:existing_watcher) do FactoryGirl.create(:watcher, watchable: work_package, user: watching_user) - } + end subject(:response) { last_response } @@ -67,7 +67,7 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do describe '#get' do let(:get_path) { api_v3_paths.work_package_watchers work_package.id } - let(:permissions) { [:view_work_packages, :view_work_package_watchers] } + let(:permissions) { %i[view_work_packages view_work_package_watchers] } before do get get_path @@ -90,14 +90,14 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do describe '#post' do let(:post_path) { api_v3_paths.work_package_watchers work_package.id } - let(:post_body) { + let(:post_body) do { user: { href: api_v3_paths.user(new_watcher.id) } }.to_json - } + end let(:new_watcher) { available_watcher } - let(:permissions) { [:add_work_package_watchers, :view_work_packages] } + let(:permissions) { %i[add_work_package_watchers view_work_packages] } before do post post_path, post_body, 'CONTENT_TYPE' => 'application/json' @@ -133,11 +133,11 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do end context 'when the user does not exist' do - let(:post_body) { + let(:post_body) do { user: { href: api_v3_paths.user(99999) } }.to_json - } + end it_behaves_like 'not found' end @@ -177,7 +177,7 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do end context 'authorized user' do - let(:permissions) { [:delete_work_package_watchers, :view_work_packages] } + let(:permissions) { %i[delete_work_package_watchers view_work_packages] } it 'should respond with 204' do expect(subject.status).to eq(204) @@ -226,11 +226,11 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do end describe '#available_watchers' do - let(:permissions) { [:add_work_package_watchers, :view_work_packages] } + let(:permissions) { %i[add_work_package_watchers view_work_packages] } let(:available_watchers_path) { api_v3_paths.available_watchers work_package.id } - let(:returned_user_ids) { + let(:returned_user_ids) do JSON.parse(subject.body)['_embedded']['elements'].map {|user| user['id'] } - } + end before do available_watcher @@ -252,11 +252,12 @@ describe 'API v3 Watcher resource', type: :request, content_type: :json do end describe 'searching for a user' do - let(:available_watchers_path) { + let(:available_watchers_path) do path = api_v3_paths.available_watchers work_package.id filters = %([{ "name": { "operator": "~", "values": ["#{query}"] } }]) - "#{path}?filters=#{filters}" - } + + "#{path}?filters=#{URI::escape(filters)}" + end context 'that does not exist' do let(:query) { 'asdfasdfasdfasdf' }