From 1a78f16f460847274265a12a9555b3524892d7db Mon Sep 17 00:00:00 2001
From: Matijs van Zuijlen <matijs@matijs.net>
Date: Sat, 14 May 2022 19:24:53 +0200
Subject: [PATCH] Do not create article meta description for password-protected
 articles

---
 .../app/controllers/articles_controller.rb    |  5 ++++-
 .../controllers/articles_controller_spec.rb   | 19 +++++++++++++++++++
 spec/controllers/articles_controller_spec.rb  | 12 ++++++++++--
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/publify_core/app/controllers/articles_controller.rb b/publify_core/app/controllers/articles_controller.rb
index 30da1061cc..bfd12fdb87 100644
--- a/publify_core/app/controllers/articles_controller.rb
+++ b/publify_core/app/controllers/articles_controller.rb
@@ -166,7 +166,10 @@ def show_article
       format.html do
         @comment = Comment.new
         @page_title = this_blog.article_title_template.to_title(@article, this_blog, params)
-        @description = this_blog.article_desc_template.to_title(@article, this_blog, params)
+        if @article.password.blank?
+          @description = this_blog.article_desc_template.
+            to_title(@article, this_blog, params)
+        end
 
         @keywords = @article.tags.map(&:name).join(", ")
         render "articles/#{@article.post_type}"
diff --git a/publify_core/spec/controllers/articles_controller_spec.rb b/publify_core/spec/controllers/articles_controller_spec.rb
index 60b115847e..960aea3caa 100644
--- a/publify_core/spec/controllers/articles_controller_spec.rb
+++ b/publify_core/spec/controllers/articles_controller_spec.rb
@@ -483,6 +483,25 @@
           to raise_error ActiveRecord::RecordNotFound
       end
     end
+
+    context "when the article is password protected" do
+      render_views
+
+      let!(:blog) { create(:blog, permalink_format: "/%title%.html") }
+      let!(:article) do
+        create(:article, title: "Secretive", body: "protected foobar", password: "password")
+      end
+
+      it "shows a password form for the article" do
+        get :redirect, params: { from: "secretive.html" }
+        expect(response.body).to have_selector('input[id="article_password"]', count: 1)
+      end
+
+      it "does not include the article body anywhere" do
+        get :redirect, params: { from: "secretive.html" }
+        expect(response.body).not_to include article.body
+      end
+    end
   end
 
   describe "#check_password" do
diff --git a/spec/controllers/articles_controller_spec.rb b/spec/controllers/articles_controller_spec.rb
index 3c33562727..fed68d85bb 100644
--- a/spec/controllers/articles_controller_spec.rb
+++ b/spec/controllers/articles_controller_spec.rb
@@ -99,12 +99,20 @@
         end
 
         context "when the article is password protected" do
-          let(:article) { create(:article, password: "password") }
+          let(:article) do
+            create(:article, title: "Secretive", body: "protected foobar",
+                             password: "password")
+          end
 
-          it "article alone should be password protected" do
+          it "shows a password form for the article" do
             get :redirect, params: { from: from_param }
             expect(response.body).to have_selector('input[id="article_password"]', count: 1)
           end
+
+          it "does not include the article body anywhere" do
+            get :redirect, params: { from: from_param }
+            expect(response.body).not_to include article.body
+          end
         end
       end