gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'parent/main' into upstream-20240531

Browse source
This commit is contained in:
KMY 2024-05-31 08:27:09 +09:00
commit 13ad383039
101 changed files with 1486 additions and 1232 deletions
Download patch file Download diff file Expand all files Collapse all files

49
spec/config/initializers/rack/attack_spec.rb
View file

@ -56,7 +56,7 @@ describe Rack::Attack, type: :request do
end
def throttle_count
described_class.cache.read("#{counter_prefix}:#{throttle}:#{remote_ip}") || 0
described_class.cache.read("#{counter_prefix}:#{throttle}:#{discriminator}") || 0
end
def counter_prefix
@ -64,11 +64,12 @@ describe Rack::Attack, type: :request do
end
def increment_counter
described_class.cache.count("#{throttle}:#{remote_ip}", period)
described_class.cache.count("#{throttle}:#{discriminator}", period)
end
end
let(:remote_ip) { '1.2.3.5' }
let(:discriminator) { remote_ip }
describe 'throttle excessive sign-up requests by IP address' do
context 'when accessed through the website' do
@ -131,4 +132,48 @@ describe Rack::Attack, type: :request do
it_behaves_like 'throttled endpoint'
end
end
describe 'throttle excessive oauth application registration requests by IP address' do
let(:throttle) { 'throttle_oauth_application_registrations/ip' }
let(:limit) { 5 }
let(:period) { 10.minutes }
let(:path) { '/api/v1/apps' }
let(:params) do
{
client_name: 'Throttle Test',
redirect_uris: 'urn:ietf:wg:oauth:2.0:oob',
scopes: 'read',
}
end
let(:request) { -> { post path, params: params, headers: { 'REMOTE_ADDR' => remote_ip } } }
it_behaves_like 'throttled endpoint'
end
describe 'throttle excessive password change requests by account' do
let(:user) { Fabricate(:user, email: 'user@host.example') }
let(:throttle) { 'throttle_password_change/account' }
let(:limit) { 10 }
let(:period) { 10.minutes }
let(:request) { -> { put path, headers: { 'REMOTE_ADDR' => remote_ip } } }
let(:path) { '/auth' }
let(:discriminator) { user.id }
before do
sign_in user, scope: :user
# Unfortunately, devise's `sign_in` helper causes the `session` to be
# loaded in the next request regardless of whether it's actually accessed
# by the client code.
#
# So, we make an extra query to clear issue a session cookie instead.
#
# A less resource-intensive way to deal with that would be to generate the
# session cookie manually, but this seems pretty involved.
get '/'
end
it_behaves_like 'throttled endpoint'
end
end

48
spec/lib/vacuum/applications_vacuum_spec.rb
View file

@ -1,48 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe Vacuum::ApplicationsVacuum do
subject { described_class.new }
describe '#perform' do
let!(:app_with_token) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_grant) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_signup) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_owner) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) }
let!(:unused_app) { Fabricate(:application, created_at: 1.month.ago) }
let!(:recent_app) { Fabricate(:application, created_at: 1.hour.ago) }
before do
Fabricate(:access_token, application: app_with_token)
Fabricate(:access_grant, application: app_with_grant)
Fabricate(:user, created_by_application: app_with_signup)
subject.perform
end
it 'does not delete applications with valid access tokens' do
expect { app_with_token.reload }.to_not raise_error
end
it 'does not delete applications with valid access grants' do
expect { app_with_grant.reload }.to_not raise_error
end
it 'does not delete applications that were used to create users' do
expect { app_with_signup.reload }.to_not raise_error
end
it 'does not delete owned applications' do
expect { app_with_owner.reload }.to_not raise_error
end
it 'does not delete applications registered less than a day ago' do
expect { recent_app.reload }.to_not raise_error
end
it 'deletes unused applications' do
expect { unused_app.reload }.to raise_error ActiveRecord::RecordNotFound
end
end
end

4
spec/requests/api/v1/accounts_spec.rb
View file

@ -8,13 +8,13 @@ describe '/api/v1/accounts' do
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v1/accounts?ids[]=:id' do
describe 'GET /api/v1/accounts?id[]=:id' do
let(:account) { Fabricate(:account) }
let(:other_account) { Fabricate(:account) }
let(:scopes) { 'read:accounts' }
it 'returns expected response' do
get '/api/v1/accounts', headers: headers, params: { ids: [account.id, other_account.id, 123_123] }
get '/api/v1/accounts', headers: headers, params: { id: [account.id, other_account.id, 123_123] }
expect(response).to have_http_status(200)
expect(body_as_json).to contain_exactly(

4
spec/requests/api/v1/statuses_spec.rb
View file

@ -9,13 +9,13 @@ describe '/api/v1/statuses' do
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: client_app, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v1/statuses?ids[]=:id' do
describe 'GET /api/v1/statuses?id[]=:id' do
let(:status) { Fabricate(:status) }
let(:other_status) { Fabricate(:status) }
let(:scopes) { 'read:statuses' }
it 'returns expected response' do
get '/api/v1/statuses', headers: headers, params: { ids: [status.id, other_status.id, 123_123] }
get '/api/v1/statuses', headers: headers, params: { id: [status.id, other_status.id, 123_123] }
expect(response).to have_http_status(200)
expect(body_as_json).to contain_exactly(

2
spec/requests/api/v2/instance_spec.rb
View file

@ -45,7 +45,7 @@ describe 'Instances' do
),
statuses: include(
max_characters: StatusLengthValidator::MAX_CHARS,
max_media_attachments: 4 # TODO, move to constant somewhere
max_media_attachments: Status::MEDIA_ATTACHMENTS_LIMIT
),
polls: include(
max_options: PollValidator::MAX_OPTIONS

13
spec/services/notify_service_spec.rb
View file

@ -309,6 +309,19 @@ RSpec.describe NotifyService do
expect(subject.filter?).to be false
end
end
context 'when the sender is mentioned in an unrelated message chain' do
before do
original_status = Fabricate(:status, visibility: :direct)
intermediary_status = Fabricate(:status, visibility: :direct, thread: original_status)
notification.target_status.update(thread: intermediary_status)
Fabricate(:mention, status: original_status, account: notification.from_account)
end
it 'returns true' do
expect(subject.filter?).to be true
end
end
end
end
end

5
spec/services/post_status_service_spec.rb
View file

@ -586,14 +586,15 @@ RSpec.describe PostStatusService do
expect(media.reload.status).to be_nil
end
it 'does not allow attaching more than 4 files' do
it 'does not allow attaching more files than configured limit' do
stub_const('Status::MEDIA_ATTACHMENTS_LIMIT', 1)
account = Fabricate(:account)
expect do
subject.call(
account,
text: 'test status update',
media_ids: Array.new(5) { Fabricate(:media_attachment, account: account) }.map(&:id)
media_ids: Array.new(2) { Fabricate(:media_attachment, account: account) }.map(&:id)
)
end.to raise_error(
Mastodon::ValidationError,

4
spec/validators/status_pin_validator_spec.rb
View file

@ -45,8 +45,8 @@ RSpec.describe StatusPinValidator do
end
end
context 'when pin.account.status_pins.count > 4 && pin.account.local?' do
let(:count) { 5 }
context 'when pin account is local and has too many pins' do
let(:count) { described_class::PIN_LIMIT + 1 }
let(:local) { true }
it 'calls errors.add' do