Merge commit 'f826a95f6e' into kb_migration

2023-07-25 15:09:10 +09:00 · 2023-07-25 15:09:10 +09:00 · 4b65740722
commit 4b65740722
parent 5233e68f13 f826a95f6e
211 changed files with 628 additions and 599 deletions
--- a/spec/lib/vacuum/applications_vacuum_spec.rb
+++ b/spec/lib/vacuum/applications_vacuum_spec.rb
@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Vacuum::ApplicationsVacuum do
+  subject { described_class.new }
+
+  describe '#perform' do
+    let!(:app_with_token)  { Fabricate(:application, created_at: 1.month.ago) }
+    let!(:app_with_grant)  { Fabricate(:application, created_at: 1.month.ago) }
+    let!(:app_with_signup) { Fabricate(:application, created_at: 1.month.ago) }
+    let!(:app_with_owner)  { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) }
+    let!(:unused_app)      { Fabricate(:application, created_at: 1.month.ago) }
+    let!(:recent_app)      { Fabricate(:application, created_at: 1.hour.ago) }
+
+    let!(:active_access_token) { Fabricate(:access_token, application: app_with_token) }
+    let!(:active_access_grant) { Fabricate(:access_grant, application: app_with_grant) }
+    let!(:user) { Fabricate(:user, created_by_application: app_with_signup) }
+
+    before do
+      subject.perform
+    end
+
+    it 'does not delete applications with valid access tokens' do
+      expect { app_with_token.reload }.to_not raise_error
+    end
+
+    it 'does not delete applications with valid access grants' do
+      expect { app_with_grant.reload }.to_not raise_error
+    end
+
+    it 'does not delete applications that were used to create users' do
+      expect { app_with_signup.reload }.to_not raise_error
+    end
+
+    it 'does not delete owned applications' do
+      expect { app_with_owner.reload }.to_not raise_error
+    end
+
+    it 'does not delete applications registered less than a day ago' do
+      expect { recent_app.reload }.to_not raise_error
+    end
+
+    it 'deletes unused applications' do
+      expect { unused_app.reload }.to raise_error ActiveRecord::RecordNotFound
+    end
+  end
+end
--- a/spec/requests/content_security_policy_spec.rb
+++ b/spec/requests/content_security_policy_spec.rb
@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'Content-Security-Policy' do
+  it 'sets the expected CSP headers' do
+    allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
+
+    get '/'
+    expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
+      "base-uri 'none'",
+      "default-src 'none'",
+      "frame-ancestors 'none'",
+      "font-src 'self' https://cb6e6126.ngrok.io",
+      "img-src 'self' https: data: blob: https://cb6e6126.ngrok.io",
+      "style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
+      "media-src 'self' https: data: https://cb6e6126.ngrok.io",
+      "frame-src 'self' https:",
+      "manifest-src 'self' https://cb6e6126.ngrok.io",
+      "form-action 'self'",
+      "child-src 'self' blob: https://cb6e6126.ngrok.io",
+      "worker-src 'self' blob: https://cb6e6126.ngrok.io",
+      "connect-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io ws://localhost:4000",
+      "script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
+    )
+  end
+end