Clean up the dialog unit tests.

* Further use of the testExpectGetFailure, testExpectGetSuccess, testRelativeURLNotAllowed and testMustBeAbsolutePath

Clean up the dialog unit tests.
* Further use of the testExpectGetFailure, testExpectGetSuccess, testRelativeURLNotAllowed and testMustBeAbsolutePath
1d1c7dd8 · Shane Tomlinson · 0292f841 · 1d1c7dd8
Commit 1d1c7dd8 authored 12 years ago by Shane Tomlinson
--- a/resources/static/test/cases/dialog/js/modules/dialog.js
+++ b/resources/static/test/cases/dialog/js/modules/dialog.js
@@ -72,13 +72,13 @@
    });
  }
-  function testExpectGetFailure(options, expectedErrorMessage) {
+  function testExpectGetFailure(options, expectedErrorMessage, domain) {
    _.extend(options, {
      ready: function() {
        testMessageNotExpected("kpi_data");
        testMessageNotExpected("start");
-        var retval = controller.get(HTTPS_TEST_DOMAIN, options);
+        var retval = controller.get(domain || HTTPS_TEST_DOMAIN, options);
        if (expectedErrorMessage) {
          equal(retval, expectedErrorMessage, "expected error: " + expectedErrorMessage);
@@ -87,6 +87,9 @@
          ok(retval, "error message returned");
        }
+        // If a parameter is not properly escaped, scriptRun will be true.
+        equal(typeof window.scriptRun, "undefined", "script was not run");
        testErrorVisible();
        start();
      }
@@ -102,7 +105,7 @@
    testExpectGetFailure(options, "must be an absolute path: (" + path + ")");
  }
-  function testExpectGetSuccess(options, expected) {
+  function testExpectGetSuccess(options, expected, domain, done) {
    createController({
      ready: function() {
        var startInfo;
@@ -110,11 +113,14 @@
          startInfo = info;
        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, options);
+        var retval = controller.get(domain || HTTPS_TEST_DOMAIN, options);
        testHelpers.testObjectValuesEqual(startInfo, expected);
        equal(typeof retval, "undefined", "no error expected");
        testErrorNotVisible();
+        done && done();
        start();
      }
    });
@@ -263,154 +269,66 @@
  asyncTest("get with relative termsOfService & valid privacyPolicy - print error screen", function() {
-    createController({
+    testRelativeURLNotAllowed({
-      ready: function() {
+      termsOfService: "relative.html",
-        mediator.subscribe("start", function(msg, info) {
+      privacyPolicy: "/privacy.html"
-          ok(false, "start should not have been called");
+    }, "relative.html");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "relative.html",
-          privacyPolicy: "/privacy.html"
-        });
-        equal(retval, "relative urls not allowed: (relative.html)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with script containing termsOfService - print error screen", function() {
-    createController({
+    var URL = "relative.html<script>window.scriptRun=true;</script>";
-      ready: function() {
+    testRelativeURLNotAllowed({
-        mediator.subscribe("start", function(msg, info) {
+      termsOfService: URL,
-          ok(false, "start should not have been called");
+      privacyPolicy: "/privacy.html"
-        });
+    }, URL);
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "relative.html<script>window.scriptRun=true;</script>",
-          privacyPolicy: "/privacy.html"
-        });
-        // If termsOfService is not properly escaped, scriptRun will be true.
-        equal(typeof window.scriptRun, "undefined", "script was not run");
-        equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with valid termsOfService & relative privacyPolicy - print error screen", function() {
-    createController({
+    var URL = "relative.html";
-      ready: function() {
+    testRelativeURLNotAllowed({
-        mediator.subscribe("start", function(msg, info) {
+      termsOfService: "/tos.html",
-          ok(false, "start should not have been called");
+      privacyPolicy: URL
-        });
+    }, URL);
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "/tos.html",
-          privacyPolicy: "relative.html"
-        });
-        equal(retval, "relative urls not allowed: (relative.html)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with valid termsOfService & privacyPolicy='/' - print error screen", function() {
+    var URL = "/";
    testRelativeURLNotAllowed({
      termsOfService: "/tos.html",
-      privacyPolicy: "/"
+      privacyPolicy: URL
-    }, "/");
+    }, URL);
  });
  asyncTest("get with valid termsOfService='/' and valid privacyPolicy - print error screen", function() {
+    var URL = "/"
    testRelativeURLNotAllowed({
-      termsOfService: "/",
+      termsOfService: URL,
      privacyPolicy: "/privacy.html"
-    }, "/");
+    }, URL);
  });
  asyncTest("get with script containing privacyPolicy - print error screen", function() {
-    createController({
+    var URL = "relative.html<script>window.scriptRun=true;</script>";
-      ready: function() {
+    testRelativeURLNotAllowed({
-        mediator.subscribe("start", function(msg, info) {
+      termsOfService: "/tos.html",
-          ok(false, "start should not have been called");
+      privacyPolicy: URL
-        });
+    }, URL);
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "/tos.html",
-          privacyPolicy: "relative.html<script>window.scriptRun=true;</script>"
-        });
-        // If privacyPolicy is not properly escaped, scriptRun will be true.
-        equal(typeof window.scriptRun, "undefined", "script was not run");
-        equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
-  });
-  asyncTest("get with privacyPolicy - print error screen", function() {
-    createController({
-      ready: function() {
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "/tos.html",
-          privacyPolicy: "relative.html<script>window.scriptRun=true;</script>"
-        });
-        // If privacyPolicy is not properly escaped, scriptRun will be true.
-        equal(typeof window.scriptRun, "undefined", "script was not run");
-        equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with javascript protocol for privacyPolicy - print error screen", function() {
-    createController({
+    var URL = "javascript:alert(1)";
-      ready: function() {
+    testRelativeURLNotAllowed({
-        mediator.subscribe("start", function(msg, info) {
+      termsOfService: "/tos.html",
-          ok(false, "start should not have been called");
+      privacyPolicy: URL
-        });
+    }, URL);
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "/tos.html",
-          privacyPolicy: "javascript:alert(1)"
-        });
-        equal(retval, "relative urls not allowed: (javascript:alert(1))", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with invalid httpg protocol for privacyPolicy - print error screen", function() {
-    createController({
+    var URL = "httpg://testdomain.com/privacy.html";
-      ready: function() {
+    testRelativeURLNotAllowed({
-        mediator.subscribe("start", function(msg, info) {
+      termsOfService: "/tos.html",
-          ok(false, "start should not have been called");
+      privacyPolicy: URL
-        });
+    }, URL);
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          termsOfService: "/tos.html",
-          privacyPolicy: "httpg://testdomain.com/privacy.html"
-        });
-        equal(retval, "relative urls not allowed: (httpg://testdomain.com/privacy.html)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
@@ -420,8 +338,8 @@
      privacyPolicy: "/privacy.html"
    },
    {
-      termsOfService: HTTP_TEST_DOMAIN + "/tos.html",
+      termsOfService: HTTPS_TEST_DOMAIN + "/tos.html",
-      privacyPolicy: HTTP_TEST_DOMAIN + "/privacy.html"
+      privacyPolicy: HTTPS_TEST_DOMAIN + "/privacy.html"
    });
  });
@@ -456,159 +374,51 @@
      privacyURL: "/privacy_deprecated.html"
    },
    {
-      termsOfService: HTTP_TEST_DOMAIN + "/tos.html",
+      termsOfService: HTTPS_TEST_DOMAIN + "/tos.html",
-      privacyPolicy: HTTP_TEST_DOMAIN + "/privacy.html"
+      privacyPolicy: HTTPS_TEST_DOMAIN + "/privacy.html"
    });
  });
  asyncTest("get with relative siteLogo - not allowed", function() {
-    createController({
+    var URL = "logo.png";
-      ready: function() {
+    testMustBeAbsolutePath({ siteLogo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          siteLogo: "logo.png",
-        });
-        equal(retval, "must be an absolute path: (logo.png)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with javascript: siteLogo - not allowed", function() {
-    createController({
+    var URL = "javascript:alert('xss')";
-      ready: function() {
+    testMustBeAbsolutePath({ siteLogo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          siteLogo: "javascript:alert('xss')",
-        });
-        equal(retval, "must be an absolute path: (javascript:alert('xss'))", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with data-uri: siteLogo - not allowed", function() {
-    createController({
+    var URL = "data:image/png,FAKEDATA";
-      ready: function() {
+    testMustBeAbsolutePath({ siteLogo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          siteLogo: "data:image/png,FAKEDATA",
-        });
-        equal(retval, "must be an absolute path: (data:image/png,FAKEDATA)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with http: siteLogo - not allowed", function() {
-    createController({
+    var URL = HTTP_TEST_DOMAIN + "://logo.png";
-      ready: function() {
+    testMustBeAbsolutePath({ siteLogo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          siteLogo: HTTP_TEST_DOMAIN + "://logo.png",
-        });
-        equal(retval, "must be an absolute path: (" + HTTP_TEST_DOMAIN + "://logo.png)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with https: siteLogo - not allowed", function() {
-    createController({
+    var URL = HTTPS_TEST_DOMAIN + "://logo.png";
-      ready: function() {
+    testMustBeAbsolutePath({ siteLogo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          siteLogo: HTTPS_TEST_DOMAIN + "://logo.png",
-        });
-        equal(retval, "must be an absolute path: (" + HTTPS_TEST_DOMAIN + "://logo.png)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with absolute path and http RP - not allowed", function() {
-    createController({
+    var siteLogo = '/i/card.png';
-      ready: function() {
+    testExpectGetFailure({ siteLogo: siteLogo }, "only https sites can specify a siteLogo", HTTP_TEST_DOMAIN);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var siteLogo = '/i/card.png';
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          siteLogo: siteLogo
-        });
-        equal(retval, "only https sites can specify a siteLogo", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with absolute path that is too long - not allowed", function() {
-    createController({
+    var siteLogo = '/' + testHelpers.generateString(bid.PATH_MAX_LENGTH);
-      ready: function() {
+    testExpectGetFailure({ siteLogo: siteLogo }, "path portion of a url must be < " + bid.PATH_MAX_LENGTH + " characters");
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        // create a logo path that is one character too long
-        var siteLogo = '/' + testHelpers.generateString(bid.PATH_MAX_LENGTH);
-        var retval = controller.get(HTTPS_TEST_DOMAIN, {
-          siteLogo: siteLogo
-        });
-        equal(retval, "path portion of a url must be < " + bid.PATH_MAX_LENGTH + " characters");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with absolute path causing too long of a URL - not allowed", function() {
-    createController({
+    var shortHTTPSDomain = "https://test.com";
-      ready: function() {
+    // create a URL that is one character too long
-        mediator.subscribe("start", function(msg, info) {
+    var siteLogo = '/' + testHelpers.generateString(bid.URL_MAX_LENGTH - shortHTTPSDomain.length);
-          ok(false, "start should not have been called");
+    testExpectGetFailure({ siteLogo: siteLogo }, "urls must be < " + bid.URL_MAX_LENGTH + " characters");
-        });
-        var shortHTTPSDomain = "https://test.com";
-        // create a URL that is one character too long
-        var siteLogo = '/' + testHelpers.generateString(bid.URL_MAX_LENGTH - shortHTTPSDomain.length);
-        var retval = controller.get(shortHTTPSDomain, {
-          siteLogo: siteLogo
-        });
-        equal(retval, "urls must be < " + bid.URL_MAX_LENGTH + " characters");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with absolute path and https RP - allowed URL but is properly escaped", function() {
@@ -635,82 +445,36 @@
  });
  asyncTest("get with a scheme-relative siteLogo URL - not allowed", function() {
-    createController({
+    var URL = "//example.com/image.png";
-      ready: function() {
+    testMustBeAbsolutePath({ siteLogo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "start should not have been called");
-        });
-        var retval = controller.get(HTTPS_TEST_DOMAIN, {
-          siteLogo: "//example.com/image.png"
-        });
-        equal(retval, "must be an absolute path: (//example.com/image.png)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with siteLogo='/' URL - not allowed", function() {
    testMustBeAbsolutePath({ siteLogo: "/" }, "/");
  });
-  asyncTest("get with fully qualified URL for returnTo - not allowed", function() {
+  asyncTest("get with fully qualified returnTo - not allowed", function() {
-    createController({
+    var URL = HTTPS_TEST_DOMAIN + "/path";
-      ready: function() {
+    testMustBeAbsolutePath({ returnTo: URL }, URL);
-        var URL = HTTP_TEST_DOMAIN + "/path";
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "unexpected start");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          returnTo: URL
-        });
-        equal(retval, "must be an absolute path: (" + URL + ")", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with a scheme-relative returnTo URL - not allowed", function() {
-    createController({
+    var URL = '//example.com/return';
-      ready: function() {
+    testMustBeAbsolutePath({ returnTo: URL }, URL);
-        mediator.subscribe("start", function(msg, info) {
-          ok(false, "unexpected start");
-        });
-        var retval = controller.get(HTTP_TEST_DOMAIN, {
-          returnTo: '//example.com/return'
-        });
-        equal(retval, "must be an absolute path: (//example.com/return)", "expected error");
-        testErrorVisible();
-        start();
-      }
-    });
  });
  asyncTest("get with absolute path returnTo - allowed", function() {
-    createController({
+    testExpectGetSuccess({ returnTo: "/path"}, {}, undefined, function() {
-      ready: function() {
+      equal(user.getReturnTo(),
-        mediator.subscribe("start", function(msg, info) {
+        HTTPS_TEST_DOMAIN + "/path", "returnTo correctly set");
-          equal(user.getReturnTo(), HTTPS_TEST_DOMAIN + "/path", "returnTo correctly set");
-          start();
-        });
-        var retval = controller.get(HTTPS_TEST_DOMAIN, {
-          returnTo: "/path"
-        });
-      }
    });
  });
  asyncTest("get with returnTo='/' - allowed", function() {
-    testExpectGetSuccess({ returnTo: "/"}, {});
+    testExpectGetSuccess({ returnTo: "/"}, {}, undefined, function() {
+      equal(user.getReturnTo(),
+        HTTPS_TEST_DOMAIN + "/", "returnTo correctly set");
+    });
  });
  asyncTest("get with valid rp_api - allowed", function() {