Merge pull request #156 from azul/bugfix/5548-hide-signup-forms-without-js0.5.1-rc2

hide srp forms when no js is available
author: azul <azul@riseup.net> 2014-05-09 11:03:53 +0200
committer: azul <azul@riseup.net> 2014-05-09 11:03:53 +0200
commit: 726244f1c6bb72fb53a257c084dfbdf7b9c2b03c (patch)
tree: 1f4bf66497851265a62081124a4ff5b23d0cd09e
parent: cf6aa0a6c8852424e39e4785a1bd783ab475376b (diff)
parent: 616313b406e561b45a73e34f54fd5fc7595f9658 (diff)
7 files changed, 30 insertions, 8 deletions
diff --git a/app/assets/javascripts/users.js b/app/assets/javascripts/users.js
index fa20399..e6c2fcc 100644
--- a/app/assets/javascripts/users.js
+++ b/app/assets/javascripts/users.js
@@ -160,6 +160,8 @@
 //
 
   $(document).ready(function() {
+    $('.hidden.js-show').removeClass('hidden');
+    $('.js-show').show();
     $('#new_user').submit(prevent_default);
     $('#new_user').submit(clear_field_errors);
     $('#new_user').submit(validate_password_length);
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index f56faab..1b2dc5d 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,7 +1,7 @@
 module UsersHelper
 
   def user_form_class(*classes)
-    (classes + ['user', 'form', (@user.new_record? ? 'new' : 'edit')]).compact.join(' ')
+    (classes + ['user', 'hidden', 'js-show', (@user.new_record? ? 'new' : 'edit')]).compact.join(' ')
   end
 
   def wrapped(item, options = {})
diff --git a/app/views/sessions/new.html.haml b/app/views/sessions/new.html.haml
index 6f3b324..bb7e4bd 100644
--- a/app/views/sessions/new.html.haml
+++ b/app/views/sessions/new.html.haml
@@ -1,9 +1,9 @@
 .span1
 .span9
-  = render :partial => 'users/warnings'
   %h2=t :login
   .lead=t :login_info
-  = simple_form_for [:api, @session], :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f|
+  = render :partial => 'users/warnings'
+  = simple_form_for [:api, @session], validate: true, html: { id: :new_session, class: 'form-horizontal hidden js-show', style: "display:none;" } do |f|
     = f.input :login, :required => false, :label => t(:username), :input_html => { :id => :srp_username }
     = f.input :password, :required => false, :input_html => { :id => :srp_password }
     = f.button :wrapped, value: t(:login), cancel: home_path
diff --git a/app/views/users/_warnings.html.haml b/app/views/users/_warnings.html.haml
index 79ab103..baf80a4 100644
--- a/app/views/users/_warnings.html.haml
+++ b/app/views/users/_warnings.html.haml
@@ -9,4 +9,4 @@
     document.getElementById('cookie_warning').style.display = 'block';
   } else {
     document.getElementById('cookie_warning').style.display = 'none';
-  }
-\ No newline at end of file
+  }
diff --git a/app/views/users/new.html.haml b/app/views/users/new.html.haml
index 3478989..bc36068 100644
--- a/app/views/users/new.html.haml
+++ b/app/views/users/new.html.haml
@@ -1,14 +1,18 @@
 -#
--# This form is handled entirely by javascript, so take care when changing element ids.
+-# This form is handled entirely by javascript
+-# Please take care when changing element ids.
+-# 
+-# The form is hidden when no js is available 
+-# to prevent submission in the clear.
 -#
 
-- form_options = {:url => '/not-used', :html => {:id =>  'new_user', :class => user_form_class('form-horizontal')}, :validate => true}
+- form_options = {url: '/not-used', html: {id: 'new_user', class: user_form_class('form-horizontal'), style: 'display:none'}, validate: true}
 
 .span1
 .span9
-  = render :partial => 'warnings'
   %h2=t :signup
   .lead=t :signup_info
+  = render :partial => 'warnings'
   = simple_form_for(@user, form_options) do |f|
     = f.input :login, :label => t(:username), :required => false, :input_html => { :id => :srp_username }
     = f.input :password,              :required => false, :validate => true, :input_html => { :id => :srp_password }
diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb
index 6d5f7f9..4e11520 100644
--- a/test/integration/browser/account_test.rb
+++ b/test/integration/browser/account_test.rb
@@ -123,6 +123,20 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_content?("server failed")
   end
 
+  test "does not render signup form without js" do
+    Capybara.current_driver = :rack_test # no js
+    visit '/signup'
+    assert page.has_no_content?("Username")
+    assert page.has_no_content?("Password")
+  end
+
+  test "does not render login form without js" do
+    Capybara.current_driver = :rack_test # no js
+    visit '/login'
+    assert page.has_no_content?("Username")
+    assert page.has_no_content?("Password")
+  end
+
   def attempt_login(username, password)
     click_on 'Log In'
     fill_in 'Username', with: username
diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb
index 2885c3a..9cae8cb 100644
--- a/test/support/browser_integration_test.rb
+++ b/test/support/browser_integration_test.rb
@@ -60,7 +60,6 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest
   end
 
   def save_state
-    page.save_screenshot screenshot_path
     File.open(logfile_path, 'w') do |test_log|
       test_log.puts self.class.name
       test_log.puts "========================="
@@ -76,6 +75,9 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest
       test_log.puts "------------------------"
       test_log.puts `tail log/test.log -n 200`
     end
+    page.save_screenshot screenshot_path
+  # some drivers do not support screenshots
+  rescue Capybara::NotSupportedByDriverError
   end
 
 end
author	azul <azul@riseup.net>	2014-05-09 11:03:53 +0200
committer	azul <azul@riseup.net>	2014-05-09 11:03:53 +0200
commit	726244f1c6bb72fb53a257c084dfbdf7b9c2b03c (patch)
tree	1f4bf66497851265a62081124a4ff5b23d0cd09e
parent	cf6aa0a6c8852424e39e4785a1bd783ab475376b (diff)
parent	616313b406e561b45a73e34f54fd5fc7595f9658 (diff)