From 85b882df142dcc6c264aa42509e68c1d6d98c3e8 Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Tue, 25 Jul 2017 12:50:23 +0200 Subject: [PATCH] Add unit tests the verify correct `dataType` in `jQuery.ajax` request when loading Console app state. --- .../console/public/src/__tests__/app.js | 84 +++++++++++++++++++ src/core_plugins/console/public/src/app.js | 14 +++- 2 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 src/core_plugins/console/public/src/__tests__/app.js diff --git a/src/core_plugins/console/public/src/__tests__/app.js b/src/core_plugins/console/public/src/__tests__/app.js new file mode 100644 index 0000000000000..50b8763020229 --- /dev/null +++ b/src/core_plugins/console/public/src/__tests__/app.js @@ -0,0 +1,84 @@ +import sinon from 'sinon'; +import $ from 'jquery'; + +import history from '../history'; +import mappings from '../mappings'; +import init from '../app'; + +describe('app initialization', () => { + const sandbox = sinon.sandbox.create(); + + let inputMock, outputMock; + let ajaxDoneStub; + beforeEach(() => { + ajaxDoneStub = sinon.stub(); + sandbox.stub($, 'ajax').returns({ done: ajaxDoneStub }); + sandbox.stub(history, 'getSavedEditorState'); + sandbox.stub(mappings, 'startRetrievingAutoCompleteInfo'); + + inputMock = { + update: sinon.stub(), + moveToNextRequestEdge: sinon.stub(), + highlightCurrentRequestsAndUpdateActionBar: sinon.stub(), + updateActionsBar: sinon.stub(), + getSession: sinon.stub().returns({ on() {} }) + }; + + outputMock = { + update: sinon.stub() + }; + }); + + afterEach(() => { + sandbox.restore(); + }); + + it('correctly loads state from any external HTTPS links.', () => { + const mockContent = {}; + ajaxDoneStub.yields(mockContent); + + init(inputMock, outputMock, 'https://state.link.com/content'); + + sinon.assert.calledOnce($.ajax); + sinon.assert.calledWithExactly($.ajax, { + url: 'https://state.link.com/content', + dataType: 'text', + kbnXsrfToken: false + }); + + sinon.assert.calledTwice(inputMock.moveToNextRequestEdge); + sinon.assert.calledWithExactly(inputMock.moveToNextRequestEdge, true); + sinon.assert.calledOnce(inputMock.highlightCurrentRequestsAndUpdateActionBar); + sinon.assert.calledOnce(inputMock.updateActionsBar); + sinon.assert.calledOnce(inputMock.update); + sinon.assert.calledWithExactly(inputMock.update, sinon.match.same(mockContent)); + + sinon.assert.calledOnce(outputMock.update); + sinon.assert.calledWithExactly(outputMock.update, ''); + }); + + it('correctly loads state from GitHub API HTTPS links.', () => { + const mockContent = {}; + ajaxDoneStub.yields(mockContent); + + init(inputMock, outputMock, 'https://api.github.com/content'); + + sinon.assert.calledOnce($.ajax); + sinon.assert.calledWithExactly($.ajax, { + url: 'https://api.github.com/content', + dataType: 'text', + kbnXsrfToken: false, + headers: { Accept: "application/vnd.github.v3.raw" } + }); + + sinon.assert.calledTwice(inputMock.moveToNextRequestEdge); + sinon.assert.calledWithExactly(inputMock.moveToNextRequestEdge, true); + sinon.assert.calledOnce(inputMock.highlightCurrentRequestsAndUpdateActionBar); + sinon.assert.calledOnce(inputMock.updateActionsBar); + sinon.assert.calledOnce(inputMock.update); + sinon.assert.calledWithExactly(inputMock.update, sinon.match.same(mockContent)); + + sinon.assert.calledOnce(outputMock.update); + sinon.assert.calledWithExactly(outputMock.update, ''); + }); +}); diff --git a/src/core_plugins/console/public/src/app.js b/src/core_plugins/console/public/src/app.js index bda49cc2a2551..cdfb159eaab3d 100644 --- a/src/core_plugins/console/public/src/app.js +++ b/src/core_plugins/console/public/src/app.js @@ -27,11 +27,19 @@ export default function init(input, output, sourceLocation = 'stored') { } } else if (/^https?:\/\//.test(sourceLocation)) { - var loadFrom = { url: sourceLocation, dataType: "text", kbnXsrfToken: false }; + const loadFrom = { + url: sourceLocation, + // Having dataType here is required as it doesn't allow jQuery to `eval` content + // coming from the external source thereby preventing XSS attack. + dataType: 'text', + kbnXsrfToken: false + }; + if (/https?:\/\/api.github.com/.test(sourceLocation)) { - loadFrom.headers = { Accept: "application/vnd.github.v3.raw" }; + loadFrom.headers = { Accept: 'application/vnd.github.v3.raw' }; } - $.ajax(loadFrom).done(function (data) { + + $.ajax(loadFrom).done((data) => { resetToValues(data); input.moveToNextRequestEdge(true); input.highlightCurrentRequestsAndUpdateActionBar();