diff options
author | Brian Conry <bconry@bestpractical.com> | 2022-03-24 20:58:44 +0300 |
---|---|---|
committer | sunnavy <sunnavy@bestpractical.com> | 2022-07-08 01:11:26 +0300 |
commit | 9989a718bda8e332bc53dca920aa9d2d0c35d656 (patch) | |
tree | ca6a6b5e0b74c738b414dd722f5d418b00735943 /t | |
parent | c3109bff157801c09c5faec0d2ed3f18516b2707 (diff) |
Block ticket create/update on invalid recipients
The prior behavior was to proceed with the ticket create or update,
excluding the recipients that did not look like email addresses and
could not be resolved to a principal, and without letting the user know
that some intended recipients had been omitted.
The new behavior is to block the action and give the user a message
explaining that no user could be found for what they entered.
Diffstat (limited to 't')
-rw-r--r-- | t/web/ticket_role_input.t | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/t/web/ticket_role_input.t b/t/web/ticket_role_input.t index e4fa7fc448..e6ebc2af39 100644 --- a/t/web/ticket_role_input.t +++ b/t/web/ticket_role_input.t @@ -3,6 +3,14 @@ use warnings; use RT::Test tests => undef; +# having this set overrides checking against individual configured addresses, +# and the Test default value can't match something that also looks like an email address +RT->Config->Set('RTAddressRegexp', undef); +is( RT->Config->Get('RTAddressRegexp'), undef, 'global RTAddressRegexp is not set'); + +RT->Config->Set('CommentAddress', 'rt-comment@example.com'); +is( RT->Config->Get('CommentAddress'), 'rt-comment@example.com', 'global comment address set'); + my ( $baseurl, $m ) = RT::Test->started_ok; ok $m->login, 'logged in as root'; my $root = RT::User->new( RT->SystemUser ); @@ -26,6 +34,8 @@ ok( $group_admin_user->id, 'created group admin user' ); my $queue = RT::Test->load_or_create_queue( Name => 'General' ); ok $queue->id, 'loaded queue General'; +# test the success cases + diag "Test ticket create page"; { $m->goto_create_ticket( $queue ); @@ -170,4 +180,73 @@ diag "Test ticket bulk update page"; } } +# make sure that any warnings from the preceeding (which shouldn't happen) don't affect the tests that follow +$m->no_warnings_ok; + +# test the failure cases +ok( $queue->SetCorrespondAddress('rt-general@example.com'), 'Set queue correspond address' ); + +diag "Test ticket create page (failures)"; +{ + $m->goto_create_ticket( $queue ); + $m->submit_form_ok( + { + form_name => 'TicketCreate', + fields => { + Subject => 'test input errors on create', + Content => 'test content', + Requestors => 'sybil, group:think, rt-general@example.com, rt-comment@example.com', + Cc => 'sybil, group:think, rt-general@example.com, rt-comment@example.com', + AdminCc => 'sybil, group:think, rt-general@example.com, rt-comment@example.com', + }, + button => 'SubmitTicket', + }, + 'submit form TicketCreate' + ); + + $m->next_warning_like( qr/^Couldn't load (?:user from value sybil|group from value group:think), Couldn't find row$/, 'found expected warning' ) for 1 .. 6; + + foreach my $role (qw(Requestor Cc AdminCc)) { + $m->text_like( qr/Couldn't add 'sybil' as $role/, "expected user warning: sybil $role" ); + $m->text_like( qr/Couldn't add 'group:think' as $role/, "expected user warning: group:think $role" ); + + $m->text_like( qr/rt-general\@example.com is an address RT receives mail at. Adding it as a '$role' would create a mail loop/, "expected user warning: rt-general\@example.com $role" ); + $m->text_like( qr/rt-comment\@example.com is an address RT receives mail at. Adding it as a '$role' would create a mail loop/, "expected user warning: rt-comment\@example.com $role" ); + } +} + +diag "Test ticket update page (failures)"; +{ + my $ticket = RT::Test->create_ticket( + Queue => $queue, + Subject => 'test inputs on update', + Content => 'test content', + ); + $m->goto_ticket( $ticket->id, 'Update' ); + + $m->submit_form_ok( + { + form_name => 'TicketUpdate', + fields => { + UpdateContent => 'test content', + UpdateCc => 'sybil, group:think, rt-general@example.com, rt-comment@example.com', + UpdateBcc => 'sybil, group:think, rt-general@example.com, rt-comment@example.com', + }, + button => 'SubmitTicket', + }, + 'submit form TicketCreate' + ); + + $m->next_warning_like( qr/^Couldn't load (?:user from value sybil|group from value group:think), Couldn't find row$/, 'found expected warning' ) for 1 .. 4; + + foreach my $role (qw(Cc Bcc)) { + $m->text_like( qr/Couldn't add 'sybil' to 'One-time $role'/, "expected user warning: sybil $role" ); + $m->text_like( qr/Couldn't add 'group:think' to 'One-time $role'/, "expected user warning: group:think $role" ); + + $m->text_like( qr/rt-general\@example.com is an address RT receives mail at. Adding it as a 'One-time $role' would create a mail loop/, "expected user warning: rt-general\@example.com $role" ); + $m->text_like( qr/rt-comment\@example.com is an address RT receives mail at. Adding it as a 'One-time $role' would create a mail loop/, "expected user warning: rt-comment\@example.com $role" ); + } +} + + done_testing; |