diff --git a/Gemfile b/Gemfile index cab885cf3da..605f806ea96 100644 --- a/Gemfile +++ b/Gemfile @@ -16,7 +16,6 @@ group :development do # https://blog.arkency.com/how-to-get-burned-by-16-years-old-hack-in-2024/ gem "debase", ">= 0.2.5.beta2", platforms: %i[mri mingw x64_mingw] - gem "pry-rails" gem "web-console" end @@ -33,7 +32,7 @@ end group :development, :test do # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem - gem "debug", platforms: %i[ mri windows ], require: "debug/prelude" + gem "debug", platforms: %i[mri windows], require: "debug/prelude" # Static analysis for security vulnerabilities [https://brakemanscanner.org/] gem "brakeman", require: false diff --git a/app/controllers/file_pushes_controller.rb b/app/controllers/file_pushes_controller.rb index 1adf659649c..1ee428938ae 100644 --- a/app/controllers/file_pushes_controller.rb +++ b/app/controllers/file_pushes_controller.rb @@ -219,7 +219,7 @@ def preliminary end return else - @secret_url = helpers.secret_url(@push, with_retrieval_step: false) + @secret_url = helpers.secret_url(@push, with_retrieval_step: false, locale: params[:locale]) end respond_to do |format| diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 75c919da45e..0ef065093b8 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -230,7 +230,7 @@ def preliminary end return else - @secret_url = helpers.secret_url(@push, with_retrieval_step: false) + @secret_url = helpers.secret_url(@push, with_retrieval_step: false, locale: params[:locale]) end respond_to do |format| diff --git a/app/controllers/urls_controller.rb b/app/controllers/urls_controller.rb index 563ed1c4aa6..24d831f7a7d 100644 --- a/app/controllers/urls_controller.rb +++ b/app/controllers/urls_controller.rb @@ -229,7 +229,7 @@ def preliminary end return else - @secret_url = helpers.secret_url(@push, with_retrieval_step: false) + @secret_url = helpers.secret_url(@push, with_retrieval_step: false, locale: params[:locale]) end respond_to do |format| diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index c3df32ced9e..64d54413aa3 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -22,7 +22,7 @@ def current_controller?(names) # @param [Password, Url, FilePush] password - The push to generate a URL for # @param [Boolean] with_retrieval_step - Whether to include the retrieval step in the URL # @return [String] - The fully qualified URL - def secret_url(password, with_retrieval_step: true) + def secret_url(password, with_retrieval_step: true, locale: nil) raw_url = if password.retrieval_step && with_retrieval_step case password when Password @@ -50,9 +50,11 @@ def secret_url(password, with_retrieval_step: true) # Delete any existing ?locale= query parameter raw_url = raw_url.split("?").first + # Append the locale query parameter if params["push_locale"].present? && Settings.enabled_language_codes.include?(params["push_locale"]) - # Append the locale query parameter raw_url += "?locale=#{params["push_locale"]}" + elsif locale.present? && Settings.enabled_language_codes.include?(locale) + raw_url += "?locale=#{locale}" end # Support forced https links with FORCE_SSL env var diff --git a/test/integration/file_push/file_push_requested_locale_test.rb b/test/integration/file_push/file_push_requested_locale_test.rb new file mode 100644 index 00000000000..bf8b32a322d --- /dev/null +++ b/test/integration/file_push/file_push_requested_locale_test.rb @@ -0,0 +1,112 @@ +# frozen_string_literal: true + +require "test_helper" + +class FilePushReqLocaleTest < ActionDispatch::IntegrationTest + include Devise::Test::IntegrationHelpers + + setup do + Settings.enable_logins = true + Settings.enable_file_pushes = true + Rails.application.reload_routes! + @luca = users(:luca) + @luca.confirm + sign_in @luca + end + + teardown do + sign_out :user + end + + def test_requested_locale + get new_file_push_path + assert_response :success + + post file_pushes_path, params: { + file_push: { + payload: "Message", + passphrase: "asdf", + retrieval_step: true, + files: [ + fixture_file_upload("monkey.png", "image/jpeg") + ] + } + } + assert_response :redirect + + # Preview page + follow_redirect! + assert_response :success + assert_select "h2", "Your push has been created." + + # Retrieve the push with a locale + push_with_locale = request.url.sub("/preview", "") + "/r?locale=es" + get push_with_locale + assert_response :success + assert response.body.include?("\n") + + links = assert_select("a") + assert_equal 1, links.count + + push_with_locale = links.first.attributes["href"].value + get push_with_locale + + # Redirected to the passphrase page + assert_response :redirect + follow_redirect! + assert_response :success + assert response.body.include?("\n") + + # We should be on the passphrase page now + + # Validate passphrase form + forms = css_select "form" + assert_select "form input", 1 + + # Provide the value passphrase + post forms.first.attributes["action"].value, params: {passphrase: "asdf"} + assert_response :redirect + follow_redirect! + + # We should be on the password#show page now + assert_response :success + assert response.body.include?("\n") + end + + def test_requested_locale_without_passphrase + get new_file_push_path + assert_response :success + + post file_pushes_path, params: { + file_push: { + payload: "Message", + retrieval_step: true, + files: [ + fixture_file_upload("monkey.png", "image/jpeg") + ] + } + } + assert_response :redirect + + # Preview page + follow_redirect! + assert_response :success + assert_select "h2", "Your push has been created." + + # Retrieve the push with a locale + push_with_locale = request.url.sub("/preview", "") + "/r?locale=es" + get push_with_locale + assert_response :success + assert response.body.include?("\n") + + links = assert_select("a") + assert_equal 1, links.count + + push_with_locale = links.first.attributes["href"].value + get push_with_locale + + # We should be on the password#show page now + assert_response :success + assert response.body.include?("\n") + end +end diff --git a/test/integration/password/password_requested_locale_test.rb b/test/integration/password/password_requested_locale_test.rb new file mode 100644 index 00000000000..db33878a2d0 --- /dev/null +++ b/test/integration/password/password_requested_locale_test.rb @@ -0,0 +1,80 @@ +# frozen_string_literal: true + +require "test_helper" + +class PasswordReqLocaleTest < ActionDispatch::IntegrationTest + def test_requested_locale + get new_password_path + assert_response :success + + post passwords_path, params: {password: {payload: "testpw", passphrase: "asdf", retrieval_step: true}} + assert_response :redirect + + # Preview page + follow_redirect! + assert_response :success + assert_select "h2", "Your push has been created." + + # Retrieve the push with a locale + push_with_locale = request.url.sub("/preview", "") + "/r?locale=es" + get push_with_locale + assert_response :success + assert response.body.include?("\n") + + links = assert_select("a") + assert_equal 1, links.count + + push_with_locale = links.first.attributes["href"].value + get push_with_locale + + # Redirected to the passphrase page + assert_response :redirect + follow_redirect! + assert_response :success + assert response.body.include?("\n") + + # We should be on the passphrase page now + + # Validate passphrase form + forms = css_select "form" + assert_select "form input", 1 + + # Provide the value passphrase + post forms.first.attributes["action"].value, params: {passphrase: "asdf"} + assert_response :redirect + follow_redirect! + + # We should be on the password#show page now + assert_response :success + assert response.body.include?("\n") + end + + def test_requested_locale_without_passphrase + get new_password_path + assert_response :success + + post passwords_path, params: {password: {payload: "testpw", retrieval_step: true}} + assert_response :redirect + + # Preview page + follow_redirect! + assert_response :success + assert_select "h2", "Your push has been created." + + # Retrieve the push with a locale + push_with_locale = request.url.sub("/preview", "") + "/r?locale=es" + get push_with_locale + assert_response :success + assert response.body.include?("\n") + + links = assert_select("a") + assert_equal 1, links.count + + push_with_locale = links.first.attributes["href"].value + get push_with_locale + + # We should be on the password#show page now + assert_response :success + assert response.body.include?("\n") + end +end diff --git a/test/integration/url/url_requested_locale_test.rb b/test/integration/url/url_requested_locale_test.rb new file mode 100644 index 00000000000..9067eced39c --- /dev/null +++ b/test/integration/url/url_requested_locale_test.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: true + +require "test_helper" + +class UrlReqLocaleTest < ActionDispatch::IntegrationTest + include Devise::Test::IntegrationHelpers + + setup do + Settings.enable_logins = true + Settings.enable_url_pushes = true + Rails.application.reload_routes! + + @luca = users(:luca) + @luca.confirm + sign_in @luca + end + + teardown do + sign_out @luca + end + + def test_requested_locale + get new_url_path + assert_response :success + + post urls_path, params: {url: {payload: "https://the0x00.dev", passphrase: "asdf", retrieval_step: true}} + assert_response :redirect + + # Preview page + follow_redirect! + assert_response :success + assert_select "h2", "Your push has been created." + + # Retrieve the push with a locale + push_with_locale = request.url.sub("/preview", "") + "/r?locale=es" + get push_with_locale + assert_response :success + assert response.body.include?("\n") + + links = assert_select("a") + assert_equal 1, links.count + + push_with_locale = links.first.attributes["href"].value + get push_with_locale + + # Redirected to the passphrase page + assert_response :redirect + follow_redirect! + assert_response :success + assert response.body.include?("\n") + + # We should be on the passphrase page now + + # Validate passphrase form + forms = css_select "form" + assert_select "form input", 1 + + # Provide the value passphrase + post forms.first.attributes["action"].value, params: {passphrase: "asdf"} + assert_response :redirect + follow_redirect! + + # We should be then redirected to URL + assert_response :redirect + assert_equal "https://the0x00.dev", response.headers["Location"] + end + + def test_requested_locale_without_passphrase + get new_url_path + assert_response :success + + post urls_path, params: {url: {payload: "https://the0x00.dev", retrieval_step: true}} + assert_response :redirect + + # Preview page + follow_redirect! + assert_response :success + assert_select "h2", "Your push has been created." + + # Retrieve the push with a locale + push_with_locale = request.url.sub("/preview", "") + "/r?locale=es" + get push_with_locale + assert_response :success + assert response.body.include?("\n") + + links = assert_select("a") + assert_equal 1, links.count + + push_with_locale = links.first.attributes["href"].value + get push_with_locale + + # We should be then redirected to URL + assert_response :redirect + assert_equal "https://the0x00.dev", response.headers["Location"] + end +end