gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'parent/main' into upstream-20240319

Browse source
This commit is contained in:
KMY 2024-03-19 09:15:20 +09:00
commit 76598bd542
496 changed files with 5795 additions and 3709 deletions
Download patch file Download diff file Expand all files Collapse all files

74
spec/requests/api/v1/accounts/credentials_spec.rb
View file

@ -15,15 +15,11 @@ RSpec.describe 'credentials API' do
it_behaves_like 'forbidden for wrong scope', 'write write:accounts'
it 'returns http success' do
subject
expect(response).to have_http_status(200)
end
it 'returns the expected content' do
it 'returns http success with expected content' do
subject
expect(response)
.to have_http_status(200)
expect(body_as_json).to include({
source: hash_including({
discoverable: false,
@ -34,24 +30,55 @@ RSpec.describe 'credentials API' do
end
end
describe 'POST /api/v1/accounts/update_credentials' do
describe 'PATCH /api/v1/accounts/update_credentials' do
subject do
patch '/api/v1/accounts/update_credentials', headers: headers, params: params
end
let(:params) { { discoverable: true, locked: false, indexable: true } }
before { allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async) }
let(:params) do
{
avatar: fixture_file_upload('avatar.gif', 'image/gif'),
discoverable: true,
display_name: "Alice Isn't Dead",
header: fixture_file_upload('attachment.jpg', 'image/jpeg'),
indexable: true,
locked: false,
note: 'Hello!',
source: {
privacy: 'unlisted',
sensitive: true,
},
}
end
it_behaves_like 'forbidden for wrong scope', 'read read:accounts'
it 'returns http success' do
subject
describe 'with empty source list' do
let(:params) { { display_name: "I'm a cat", source: {} } }
expect(response).to have_http_status(200)
it 'returns http success' do
subject
expect(response).to have_http_status(200)
end
end
it 'returns JSON with updated attributes' do
describe 'with invalid data' do
let(:params) { { note: 'This is too long. ' * 30 } }
it 'returns http unprocessable entity' do
subject
expect(response).to have_http_status(422)
end
end
it 'returns http success with updated JSON attributes' do
subject
expect(response)
.to have_http_status(200)
expect(body_as_json).to include({
source: hash_including({
discoverable: true,
@ -59,6 +86,27 @@ RSpec.describe 'credentials API' do
}),
locked: false,
})
expect(ActivityPub::UpdateDistributionWorker)
.to have_received(:perform_async).with(user.account_id)
end
def expect_account_updates
expect(user.account.reload)
.to have_attributes(
display_name: eq("Alice Isn't Dead"),
note: 'Hello!',
avatar: exist,
header: exist
)
end
def expect_user_updates
expect(user.reload)
.to have_attributes(
setting_default_privacy: eq('unlisted'),
setting_default_sensitive: be(true)
)
end
end
end

14
spec/requests/api/v1/blocks_spec.rb
View file

@ -38,16 +38,14 @@ RSpec.describe 'Blocks' do
expect(body_as_json.size).to eq(params[:limit])
end
it 'sets the correct pagination header for the prev path' do
it 'sets correct link header pagination' do
subject
expect(response.headers['Link'].find_link(%w(rel prev)).href).to eq(api_v1_blocks_url(limit: params[:limit], since_id: blocks.last.id))
end
it 'sets the correct pagination header for the next path' do
subject
expect(response.headers['Link'].find_link(%w(rel next)).href).to eq(api_v1_blocks_url(limit: params[:limit], max_id: blocks[1].id))
expect(response)
.to include_pagination_headers(
prev: api_v1_blocks_url(limit: params[:limit], since_id: blocks.last.id),
next: api_v1_blocks_url(limit: params[:limit], max_id: blocks.second.id)
)
end
end

11
spec/requests/api/v1/bookmarks_spec.rb
View file

@ -42,9 +42,14 @@ RSpec.describe 'Bookmarks' do
it 'paginates correctly', :aggregate_failures do
subject
expect(body_as_json.size).to eq(params[:limit])
expect(response.headers['Link'].find_link(%w(rel prev)).href).to eq(api_v1_bookmarks_url(limit: params[:limit], min_id: bookmarks.last.id))
expect(response.headers['Link'].find_link(%w(rel next)).href).to eq(api_v1_bookmarks_url(limit: params[:limit], max_id: bookmarks[1].id))
expect(body_as_json.size)
.to eq(params[:limit])
expect(response)
.to include_pagination_headers(
prev: api_v1_bookmarks_url(limit: params[:limit], min_id: bookmarks.last.id),
next: api_v1_bookmarks_url(limit: params[:limit], max_id: bookmarks.second.id)
)
end
end

14
spec/requests/api/v1/favourites_spec.rb
View file

@ -45,16 +45,14 @@ RSpec.describe 'Favourites' do
expect(body_as_json.size).to eq(params[:limit])
end
it 'sets the correct pagination header for the prev path' do
it 'sets the correct pagination headers' do
subject
expect(response.headers['Link'].find_link(%w(rel prev)).href).to eq(api_v1_favourites_url(limit: params[:limit], min_id: favourites.last.id))
end
it 'sets the correct pagination header for the next path' do
subject
expect(response.headers['Link'].find_link(%w(rel next)).href).to eq(api_v1_favourites_url(limit: params[:limit], max_id: favourites[1].id))
expect(response)
.to include_pagination_headers(
prev: api_v1_favourites_url(limit: params[:limit], min_id: favourites.last.id),
next: api_v1_favourites_url(limit: params[:limit], max_id: favourites.second.id)
)
end
end

14
spec/requests/api/v1/followed_tags_spec.rb
View file

@ -49,16 +49,14 @@ RSpec.describe 'Followed tags' do
expect(body_as_json.size).to eq(params[:limit])
end
it 'sets the correct pagination header for the prev path' do
it 'sets the correct pagination headers' do
subject
expect(response.headers['Link'].find_link(%w(rel prev)).href).to eq(api_v1_followed_tags_url(limit: params[:limit], since_id: tag_follows.last.id))
end
it 'sets the correct pagination header for the next path' do
subject
expect(response.headers['Link'].find_link(%w(rel next)).href).to eq(api_v1_followed_tags_url(limit: params[:limit], max_id: tag_follows.last.id))
expect(response)
.to include_pagination_headers(
prev: api_v1_followed_tags_url(limit: params[:limit], since_id: tag_follows.last.id),
next: api_v1_followed_tags_url(limit: params[:limit], max_id: tag_follows.last.id)
)
end
end
end

9
spec/requests/api/v1/mutes_spec.rb
View file

@ -44,10 +44,11 @@ RSpec.describe 'Mutes' do
it 'sets the correct pagination headers', :aggregate_failures do
subject
headers = response.headers['Link']
expect(headers.find_link(%w(rel prev)).href).to eq(api_v1_mutes_url(limit: params[:limit], since_id: mutes.last.id.to_s))
expect(headers.find_link(%w(rel next)).href).to eq(api_v1_mutes_url(limit: params[:limit], max_id: mutes.last.id.to_s))
expect(response)
.to include_pagination_headers(
prev: api_v1_mutes_url(limit: params[:limit], since_id: mutes.last.id),
next: api_v1_mutes_url(limit: params[:limit], max_id: mutes.last.id)
)
end
end

11
spec/requests/api/v1/notifications_spec.rb
View file

@ -98,9 +98,14 @@ RSpec.describe 'Notifications' do
notifications = user.account.notifications
expect(body_as_json.size).to eq(params[:limit])
expect(response.headers['Link'].find_link(%w(rel prev)).href).to eq(api_v1_notifications_url(limit: params[:limit], min_id: notifications.last.id.to_s))
expect(response.headers['Link'].find_link(%w(rel next)).href).to eq(api_v1_notifications_url(limit: params[:limit], max_id: notifications[2].id.to_s))
expect(body_as_json.size)
.to eq(params[:limit])
expect(response)
.to include_pagination_headers(
prev: api_v1_notifications_url(limit: params[:limit], min_id: notifications.last.id),
next: api_v1_notifications_url(limit: params[:limit], max_id: notifications[2].id)
)
end
end

9
spec/requests/api/v1/timelines/home_spec.rb
View file

@ -55,10 +55,11 @@ describe 'Home', :sidekiq_inline do
it 'sets the correct pagination headers', :aggregate_failures do
subject
headers = response.headers['Link']
expect(headers.find_link(%w(rel prev)).href).to eq(api_v1_timelines_home_url(limit: 1, min_id: ana.statuses.first.id.to_s))
expect(headers.find_link(%w(rel next)).href).to eq(api_v1_timelines_home_url(limit: 1, max_id: ana.statuses.first.id.to_s))
expect(response)
.to include_pagination_headers(
prev: api_v1_timelines_home_url(limit: params[:limit], min_id: ana.statuses.first.id),
next: api_v1_timelines_home_url(limit: params[:limit], max_id: ana.statuses.first.id)
)
end
end
end

9
spec/requests/api/v1/timelines/public_spec.rb
View file

@ -106,10 +106,11 @@ describe 'Public' do
it 'sets the correct pagination headers', :aggregate_failures do
subject
headers = response.headers['Link']
expect(headers.find_link(%w(rel prev)).href).to eq(api_v1_timelines_public_url(limit: 1, min_id: media_status.id.to_s))
expect(headers.find_link(%w(rel next)).href).to eq(api_v1_timelines_public_url(limit: 1, max_id: media_status.id.to_s))
expect(response)
.to include_pagination_headers(
prev: api_v1_timelines_public_url(limit: params[:limit], min_id: media_status.id),
next: api_v1_timelines_public_url(limit: params[:limit], max_id: media_status.id)
)
end
end
end

9
spec/requests/api/v1/timelines/tag_spec.rb
View file

@ -71,10 +71,11 @@ RSpec.describe 'Tag' do
it 'sets the correct pagination headers', :aggregate_failures do
subject
headers = response.headers['Link']
expect(headers.find_link(%w(rel prev)).href).to eq(api_v1_timelines_tag_url(limit: 1, min_id: love_status.id.to_s))
expect(headers.find_link(%w(rel next)).href).to eq(api_v1_timelines_tag_url(limit: 1, max_id: love_status.id.to_s))
expect(response)
.to include_pagination_headers(
prev: api_v1_timelines_tag_url(limit: params[:limit], min_id: love_status.id),
next: api_v1_timelines_tag_url(limit: params[:limit], max_id: love_status.id)
)
end
end

133
spec/requests/api/v2/filters/keywords_spec.rb Normal file
View file

@ -0,0 +1,133 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'API V2 Filters Keywords' do
let(:user) { Fabricate(:user) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:filter) { Fabricate(:custom_filter, account: user.account) }
let(:other_user) { Fabricate(:user) }
let(:other_filter) { Fabricate(:custom_filter, account: other_user.account) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v2/filters/:filter_id/keywords' do
let(:scopes) { 'read:filters' }
let!(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) }
it 'returns http success' do
get "/api/v2/filters/#{filter.id}/keywords", headers: headers
expect(response).to have_http_status(200)
expect(body_as_json)
.to contain_exactly(
include(id: keyword.id.to_s)
)
end
context "when trying to access another's user filters" do
it 'returns http not found' do
get "/api/v2/filters/#{other_filter.id}/keywords", headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v2/filters/:filter_id/keywords' do
let(:scopes) { 'write:filters' }
let(:filter_id) { filter.id }
before do
post "/api/v2/filters/#{filter_id}/keywords", headers: headers, params: { keyword: 'magic', whole_word: false }
end
it 'creates a filter', :aggregate_failures do
expect(response).to have_http_status(200)
json = body_as_json
expect(json[:keyword]).to eq 'magic'
expect(json[:whole_word]).to be false
filter = user.account.custom_filters.first
expect(filter).to_not be_nil
expect(filter.keywords.pluck(:keyword)).to eq ['magic']
end
context "when trying to add to another another's user filters" do
let(:filter_id) { other_filter.id }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
describe 'GET /api/v2/filters/keywords/:id' do
let(:scopes) { 'read:filters' }
let(:keyword) { Fabricate(:custom_filter_keyword, keyword: 'foo', whole_word: false, custom_filter: filter) }
before do
get "/api/v2/filters/keywords/#{keyword.id}", headers: headers
end
it 'responds with the keyword', :aggregate_failures do
expect(response).to have_http_status(200)
json = body_as_json
expect(json[:keyword]).to eq 'foo'
expect(json[:whole_word]).to be false
end
context "when trying to access another user's filter keyword" do
let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
describe 'PUT /api/v2/filters/keywords/:id' do
let(:scopes) { 'write:filters' }
let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) }
before do
put "/api/v2/filters/keywords/#{keyword.id}", headers: headers, params: { keyword: 'updated' }
end
it 'updates the keyword', :aggregate_failures do
expect(response).to have_http_status(200)
expect(keyword.reload.keyword).to eq 'updated'
end
context "when trying to update another user's filter keyword" do
let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
describe 'DELETE /api/v2/filters/keywords/:id' do
let(:scopes) { 'write:filters' }
let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) }
before do
delete "/api/v2/filters/keywords/#{keyword.id}", headers: headers
end
it 'destroys the keyword', :aggregate_failures do
expect(response).to have_http_status(200)
expect { keyword.reload }.to raise_error ActiveRecord::RecordNotFound
end
context "when trying to update another user's filter keyword" do
let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
end

109
spec/requests/api/v2/filters/statuses_spec.rb Normal file
View file

@ -0,0 +1,109 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'API V2 Filters Statuses' do
let(:user) { Fabricate(:user) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:filter) { Fabricate(:custom_filter, account: user.account) }
let(:other_user) { Fabricate(:user) }
let(:other_filter) { Fabricate(:custom_filter, account: other_user.account) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v2/filters/:filter_id/statuses' do
let(:scopes) { 'read:filters' }
let!(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) }
it 'returns http success' do
get "/api/v2/filters/#{filter.id}/statuses", headers: headers
expect(response).to have_http_status(200)
expect(body_as_json)
.to contain_exactly(
include(id: status_filter.id.to_s)
)
end
context "when trying to access another's user filters" do
it 'returns http not found' do
get "/api/v2/filters/#{other_filter.id}/statuses", headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST #create' do
let(:scopes) { 'write:filters' }
let(:filter_id) { filter.id }
let!(:status) { Fabricate(:status) }
before do
post "/api/v2/filters/#{filter_id}/statuses", headers: headers, params: { status_id: status.id }
end
it 'creates a filter', :aggregate_failures do
expect(response).to have_http_status(200)
json = body_as_json
expect(json[:status_id]).to eq status.id.to_s
filter = user.account.custom_filters.first
expect(filter).to_not be_nil
expect(filter.statuses.pluck(:status_id)).to eq [status.id]
end
context "when trying to add to another another's user filters" do
let(:filter_id) { other_filter.id }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
describe 'GET /api/v2/filters/statuses/:id' do
let(:scopes) { 'read:filters' }
let!(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) }
before do
get "/api/v2/filters/statuses/#{status_filter.id}", headers: headers
end
it 'responds with the filter', :aggregate_failures do
expect(response).to have_http_status(200)
json = body_as_json
expect(json[:status_id]).to eq status_filter.status_id.to_s
end
context "when trying to access another user's filter keyword" do
let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: other_filter) }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
describe 'DELETE /api/v2/filters/statuses/:id' do
let(:scopes) { 'write:filters' }
let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) }
before do
delete "/api/v2/filters/statuses/#{status_filter.id}", headers: headers
end
it 'destroys the filter', :aggregate_failures do
expect(response).to have_http_status(200)
expect { status_filter.reload }.to raise_error ActiveRecord::RecordNotFound
end
context "when trying to update another user's filter keyword" do
let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: other_filter) }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
end

22
spec/requests/cache_spec.rb
View file

@ -39,7 +39,7 @@ module TestEndpoints
/api/v1/accounts/lookup?acct=alice
/api/v1/statuses/110224538612341312
/api/v1/statuses/110224538612341312/context
/api/v1/polls/12345
/api/v1/polls/123456789
/api/v1/trends/statuses
/api/v1/directory
).freeze
@ -166,14 +166,18 @@ describe 'Caching behavior' do
ActionController::Base.allow_forgery_protection = old
end
let(:alice) { Fabricate(:account, username: 'alice') }
let(:user) { Fabricate(:user, role: UserRole.find_by(name: 'Moderator')) }
let(:alice) { Account.find_by(username: 'alice') }
let(:user) { User.find_by(email: 'user@host.example') }
let(:token) { Doorkeeper::AccessToken.find_by(resource_owner_id: user.id) }
before do
status = Fabricate(:status, account: alice, id: '110224538612341312')
Fabricate(:status, account: alice, id: '110224538643211312', visibility: :private)
before_all do
alice = Fabricate(:account, username: 'alice')
user = Fabricate(:user, email: 'user@host.example', role: UserRole.find_by(name: 'Moderator'))
status = Fabricate(:status, account: alice, id: 110_224_538_612_341_312)
Fabricate(:status, account: alice, id: 110_224_538_643_211_312, visibility: :private)
Fabricate(:invite, code: 'abcdef')
Fabricate(:poll, status: status, account: alice, id: '12345')
Fabricate(:poll, status: status, account: alice, id: 123_456_789)
Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read')
user.account.follow!(alice)
end
@ -321,8 +325,6 @@ describe 'Caching behavior' do
end
context 'with an auth token' do
let!(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
TestEndpoints::ALWAYS_CACHED.each do |endpoint|
describe endpoint do
before do
@ -585,8 +587,6 @@ describe 'Caching behavior' do
end
context 'with an auth token' do
let!(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
TestEndpoints::ALWAYS_CACHED.each do |endpoint|
describe endpoint do
before do

49
spec/requests/content_security_policy_spec.rb
View file

@ -3,25 +3,38 @@
require 'rails_helper'
describe 'Content-Security-Policy' do
it 'sets the expected CSP headers' do
allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
before { allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==') }
it 'sets the expected CSP headers' do
get '/'
expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
"base-uri 'none'",
"default-src 'none'",
"frame-ancestors 'none'",
"font-src 'self' https://cb6e6126.ngrok.io",
"img-src 'self' data: blob: https://cb6e6126.ngrok.io",
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
"media-src 'self' data: https://cb6e6126.ngrok.io",
"frame-src 'self' https:",
"manifest-src 'self' https://cb6e6126.ngrok.io",
"form-action 'self'",
"child-src 'self' blob: https://cb6e6126.ngrok.io",
"worker-src 'self' blob: https://cb6e6126.ngrok.io",
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000",
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
)
expect(response_csp_headers)
.to match_array(expected_csp_headers)
end
def response_csp_headers
response
.headers['Content-Security-Policy']
.split(';')
.map(&:strip)
end
def expected_csp_headers
<<~CSP.split("\n").map(&:strip)
base-uri 'none'
child-src 'self' blob: https://cb6e6126.ngrok.io
connect-src 'self' data: blob: https://cb6e6126.ngrok.io ws://cb6e6126.ngrok.io:4000
default-src 'none'
font-src 'self' https://cb6e6126.ngrok.io
form-action 'self'
frame-ancestors 'none'
frame-src 'self' https:
img-src 'self' data: blob: https://cb6e6126.ngrok.io
manifest-src 'self' https://cb6e6126.ngrok.io
media-src 'self' data: https://cb6e6126.ngrok.io
script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'
style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='
worker-src 'self' blob: https://cb6e6126.ngrok.io
CSP
end
end