From adfb141d1bb4e3f27da34e0866e37829c27bccda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Fri, 30 Sep 2022 02:35:09 +0200
Subject: [PATCH] Simplify URL validation in related content

We were using `Setting["url"]` to verify the content belonged to the
application URL, but we can use `root_url` instead.

Note that means we need to include the port when filling in forms in the
tests, since in tests URL helpers like `polymorphic_url` don't include
the port, but a port is automatically added when actually making the
request.
---
 app/controllers/related_contents_controller.rb |  4 ++--
 app/views/relationable/_form.html.erb          |  2 +-
 spec/shared/system/relationable.rb             | 13 ++++++-------
 spec/support/common_actions.rb                 |  6 +++++-
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/app/controllers/related_contents_controller.rb b/app/controllers/related_contents_controller.rb
index 2d8ecfa7e..3db7a5475 100644
--- a/app/controllers/related_contents_controller.rb
+++ b/app/controllers/related_contents_controller.rb
@@ -18,7 +18,7 @@ class RelatedContentsController < ApplicationController
     elsif related_content.duplicate?
       flash[:error] = t("related_content.error_duplicate")
     else
-      flash[:error] = t("related_content.error", url: Setting["url"])
+      flash[:error] = t("related_content.error", url: root_url)
     end
     redirect_to polymorphic_path(related_content.parent_relationable)
   end
@@ -41,7 +41,7 @@ class RelatedContentsController < ApplicationController
     end
 
     def valid_url?
-      params[:url].start_with?(Setting["url"])
+      params[:url].start_with?(root_url)
     end
 
     def child_relationable_params
diff --git a/app/views/relationable/_form.html.erb b/app/views/relationable/_form.html.erb
index 2fc1b69ae..4f2def3aa 100644
--- a/app/views/relationable/_form.html.erb
+++ b/app/views/relationable/_form.html.erb
@@ -13,7 +13,7 @@
     <div class="input-group-field">
       <%= text_field_tag :url, "",
                         "aria-describedby": "related_content_help_text",
-                        placeholder: t("related_content.placeholder", url: setting["url"]) %>
+                        placeholder: t("related_content.placeholder", url: root_url) %>
 
       <%= hidden_field_tag :relationable_klass, relationable.class.name %>
       <%= hidden_field_tag :relationable_id, relationable.id %>
diff --git a/spec/shared/system/relationable.rb b/spec/shared/system/relationable.rb
index 50246fb29..28612d413 100644
--- a/spec/shared/system/relationable.rb
+++ b/spec/shared/system/relationable.rb
@@ -6,7 +6,6 @@ shared_examples "relationable" do |relationable_model_name|
 
   before do
     integration_session.host = Capybara.app_host # TODO: remove after upgrading to Rails 6.1
-    Setting["url"] = Capybara.app_host
   end
 
   scenario "related contents are listed" do
@@ -40,7 +39,7 @@ shared_examples "relationable" do |relationable_model_name|
     expect(page).to have_css ".add-related-content[aria-expanded='true']"
 
     within("#related_content") do
-      fill_in "Link to related content", with: polymorphic_url(related1)
+      fill_in "Link to related content", with: polymorphic_url(related1, port: app_port)
       click_button "Add"
     end
 
@@ -57,7 +56,7 @@ shared_examples "relationable" do |relationable_model_name|
     click_button "Add related content"
 
     within("#related_content") do
-      fill_in "Link to related content", with: polymorphic_url(related2)
+      fill_in "Link to related content", with: polymorphic_url(related2, port: app_port)
       click_button "Add"
     end
 
@@ -77,7 +76,7 @@ shared_examples "relationable" do |relationable_model_name|
       click_button "Add"
     end
 
-    expect(page).to have_content "Link not valid. Remember to start with #{Capybara.app_host}."
+    expect(page).to have_content "Link not valid. Remember to start with #{app_host}/."
   end
 
   scenario "returns error when relating content URL to itself" do
@@ -87,7 +86,7 @@ shared_examples "relationable" do |relationable_model_name|
     click_button "Add related content"
 
     within("#related_content") do
-      fill_in "Link to related content", with: polymorphic_url(relationable)
+      fill_in "Link to related content", with: polymorphic_url(relationable, port: app_port)
       click_button "Add"
     end
 
@@ -111,7 +110,7 @@ shared_examples "relationable" do |relationable_model_name|
       click_button "Add related content"
 
       within("#related_content") do
-        fill_in "Link to related content", with: "#{Capybara.app_host}/mypath/#{related.id}"
+        fill_in "Link to related content", with: "#{app_host}/mypath/#{related.id}"
         click_button "Add"
       end
 
@@ -129,7 +128,7 @@ shared_examples "relationable" do |relationable_model_name|
     click_button "Add related content"
 
     within("#related_content") do
-      fill_in "url", with: polymorphic_url(related1)
+      fill_in "url", with: polymorphic_url(related1, port: app_port)
       click_button "Add"
     end
 
diff --git a/spec/support/common_actions.rb b/spec/support/common_actions.rb
index 84ae807a7..51da757f9 100644
--- a/spec/support/common_actions.rb
+++ b/spec/support/common_actions.rb
@@ -19,7 +19,11 @@ module CommonActions
   include Verifications
 
   def app_host
-    "#{Capybara.app_host}:#{Capybara::Server.ports.values.last}"
+    "#{Capybara.app_host}:#{app_port}"
+  end
+
+  def app_port
+    Capybara::Server.ports.values.last
   end
 
   def fill_in_signup_form(email = "manuela@consul.dev", password = "judgementday")