Merge remote-tracking branch 'parent/main' into upstream-20240610

spec/requests/api/v1/accounts/credentials_spec.rb

@@ -29,8 +29,8 @@ RSpec.describe 'credentials API' do
       })
     end
 
-    describe 'allows the read:me scope' do
-      let(:scopes) { 'read:me' }
+    describe 'allows the profile scope' do
+      let(:scopes) { 'profile' }
 
       it 'returns the response successfully' do
         subject

spec/requests/api/v1/admin/account_actions_spec.rb

@@ -10,10 +10,16 @@ RSpec.describe 'Account actions' do
   let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
 
   shared_examples 'a successful notification delivery' do
-    it 'notifies the user about the action taken' do
-      expect { subject }
-        .to have_enqueued_job(ActionMailer::MailDeliveryJob)
-        .with('UserMailer', 'warning', 'deliver_now!', args: [User, AccountWarning])
+    it 'notifies the user about the action taken', :sidekiq_inline do
+      emails = capture_emails { subject }
+
+      expect(emails.size)
+        .to eq(1)
+
+      expect(emails.first)
+        .to have_attributes(
+          to: contain_exactly(target_account.user.email)
+        )
     end
   end
 

spec/requests/api/v1/push/subscriptions_spec.rb

@@ -4,14 +4,18 @@ require 'rails_helper'
 
 describe 'API V1 Push Subscriptions' do
   let(:user) { Fabricate(:user) }
+  let(:endpoint) { 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX' }
+  let(:keys) do
+    {
+      p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
+      auth: 'eH_C8rq2raXqlcBVDa1gLg==',
+    }
+  end
   let(:create_payload) do
     {
       subscription: {
-        endpoint: 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX',
-        keys: {
-          p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
-          auth: 'eH_C8rq2raXqlcBVDa1gLg==',
-        },
+        endpoint: endpoint,
+        keys: keys,
       },
     }.with_indifferent_access
   end
@@ -36,6 +40,16 @@ describe 'API V1 Push Subscriptions' do
   let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
   let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
 
+  shared_examples 'validation error' do
+    it 'returns a validation error' do
+      subject
+
+      expect(response).to have_http_status(422)
+      expect(endpoint_push_subscriptions.count).to eq(0)
+      expect(endpoint_push_subscription).to be_nil
+    end
+  end
+
   describe 'POST /api/v1/push/subscription' do
     subject { post '/api/v1/push/subscription', params: create_payload, headers: headers }
 
@@ -63,6 +77,34 @@ describe 'API V1 Push Subscriptions' do
       expect(endpoint_push_subscriptions.count)
         .to eq(1)
     end
+
+    context 'with invalid endpoint URL' do
+      let(:endpoint) { 'app://example.foo' }
+
+      it_behaves_like 'validation error'
+    end
+
+    context 'with invalid p256dh key' do
+      let(:keys) do
+        {
+          p256dh: 'BEm_invalidf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
+          auth: 'eH_C8rq2raXqlcBVDa1gLg==',
+        }
+      end
+
+      it_behaves_like 'validation error'
+    end
+
+    context 'with invalid base64 p256dh key' do
+      let(:keys) do
+        {
+          p256dh: 'not base64',
+          auth: 'eH_C8rq2raXqlcBVDa1gLg==',
+        }
+      end
+
+      it_behaves_like 'validation error'
+    end
   end
 
   describe 'PUT /api/v1/push/subscription' do

spec/requests/api/v1/reports_spec.rb

@@ -33,30 +33,28 @@ RSpec.describe 'Reports' do
 
     it_behaves_like 'forbidden for wrong scope', 'read read:reports'
 
-    it 'creates a report', :aggregate_failures do
-      perform_enqueued_jobs do
-        emails = capture_emails { subject }
+    it 'creates a report', :aggregate_failures, :sidekiq_inline do
+      emails = capture_emails { subject }
 
-        expect(response).to have_http_status(200)
-        expect(body_as_json).to match(
-          a_hash_including(
-            status_ids: [status.id.to_s],
-            category: category,
-            comment: 'reasons'
-          )
+      expect(response).to have_http_status(200)
+      expect(body_as_json).to match(
+        a_hash_including(
+          status_ids: [status.id.to_s],
+          category: category,
+          comment: 'reasons'
         )
+      )
 
-        expect(target_account.targeted_reports).to_not be_empty
-        expect(target_account.targeted_reports.first.comment).to eq 'reasons'
+      expect(target_account.targeted_reports).to_not be_empty
+      expect(target_account.targeted_reports.first.comment).to eq 'reasons'
 
-        expect(emails.size)
-          .to eq(1)
-        expect(emails.first)
-          .to have_attributes(
-            to: contain_exactly(admin.email),
-            subject: eq(I18n.t('admin_mailer.new_report.subject', instance: Rails.configuration.x.local_domain, id: target_account.targeted_reports.first.id))
-          )
-      end
+      expect(emails.size)
+        .to eq(1)
+      expect(emails.first)
+        .to have_attributes(
+          to: contain_exactly(admin.email),
+          subject: eq(I18n.t('admin_mailer.new_report.subject', instance: Rails.configuration.x.local_domain, id: target_account.targeted_reports.first.id))
+        )
     end
 
     context 'when a status does not belong to the reported account' do

spec/requests/api/v1/timelines/link_spec.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'Link' do
+  let(:user)    { Fabricate(:user) }
+  let(:scopes)  { 'read:statuses' }
+  let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
+  let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
+
+  shared_examples 'a successful request to the link timeline' do
+    it 'returns the expected statuses successfully', :aggregate_failures do
+      subject
+
+      expect(response).to have_http_status(200)
+      expect(body_as_json.pluck(:id)).to match_array(expected_statuses.map { |status| status.id.to_s })
+    end
+  end
+
+  describe 'GET /api/v1/timelines/link' do
+    subject do
+      get '/api/v1/timelines/link', headers: headers, params: params
+    end
+
+    let(:url) { 'https://example.com/' }
+    let(:private_status) { Fabricate(:status, visibility: :private) }
+    let(:undiscoverable_status) { Fabricate(:status, account: Fabricate.build(:account, domain: nil, discoverable: false)) }
+    let(:local_status) { Fabricate(:status, account: Fabricate.build(:account, domain: nil, discoverable: true)) }
+    let(:remote_status) { Fabricate(:status, account: Fabricate.build(:account, domain: 'example.com', discoverable: true)) }
+    let(:params) { { url: url } }
+    let(:expected_statuses) { [local_status, remote_status] }
+    let(:preview_card) { Fabricate(:preview_card, url: url) }
+
+    before do
+      if preview_card.present?
+        preview_card.create_trend!(allowed: true)
+
+        [private_status, undiscoverable_status, remote_status, local_status].each do |status|
+          PreviewCardsStatus.create(status: status, preview_card: preview_card, url: url)
+        end
+      end
+    end
+
+    context 'when there is no preview card' do
+      let(:preview_card) { nil }
+
+      it 'returns http not found' do
+        subject
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    context 'when preview card is not trending' do
+      before do
+        preview_card.trend.destroy!
+      end
+
+      it 'returns http not found' do
+        subject
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    context 'when preview card is trending but not approved' do
+      before do
+        preview_card.trend.update(allowed: false)
+      end
+
+      it 'returns http not found' do
+        subject
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    context 'when the instance does not allow public preview' do
+      before do
+        Form::AdminSettings.new(timeline_preview: false).save
+      end
+
+      context 'when the user is not authenticated' do
+        let(:headers) { {} }
+
+        it 'returns http unauthorized' do
+          subject
+
+          expect(response).to have_http_status(401)
+        end
+      end
+
+      context 'when the user is authenticated' do
+        it_behaves_like 'a successful request to the link timeline'
+      end
+    end
+
+    context 'when the instance allows public preview' do
+      context 'with an authorized user' do
+        it_behaves_like 'a successful request to the link timeline'
+      end
+
+      context 'with an anonymous user' do
+        let(:headers) { {} }
+
+        it_behaves_like 'a successful request to the link timeline'
+      end
+
+      context 'with limit param' do
+        let(:params) { { limit: 1, url: url } }
+
+        it 'returns only the requested number of statuses', :aggregate_failures do
+          subject
+
+          expect(response).to have_http_status(200)
+          expect(body_as_json.size).to eq(params[:limit])
+        end
+
+        it 'sets the correct pagination headers', :aggregate_failures do
+          subject
+
+          expect(response)
+            .to include_pagination_headers(
+              prev: api_v1_timelines_link_url(limit: params[:limit], url: url, min_id: local_status.id),
+              next: api_v1_timelines_link_url(limit: params[:limit], url: url, max_id: local_status.id)
+            )
+        end
+      end
+    end
+  end
+end