gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'parent/main' into upstream-20231204

Browse source
This commit is contained in:
KMY 2023-12-04 12:04:52 +09:00
commit 94c2396a34
179 changed files with 1036 additions and 775 deletions
Download patch file Download diff file Expand all files Collapse all files

299
spec/controllers/accounts_controller_spec.rb
View file

@ -1,299 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe AccountsController do
render_views
let(:account) { Fabricate(:account) }
describe 'unapproved account check' do
before { account.user.update(approved: false) }
it 'returns http not found' do
%w(html json rss).each do |format|
get :show, params: { username: account.username, format: format }
expect(response).to have_http_status(404)
end
end
end
describe 'permanently suspended account check' do
before do
account.suspend!
account.deletion_request.destroy
end
it 'returns http gone' do
%w(html json rss).each do |format|
get :show, params: { username: account.username, format: format }
expect(response).to have_http_status(410)
end
end
end
describe 'temporarily suspended account check' do
before { account.suspend! }
it 'returns appropriate http response code' do
{ html: 403, json: 200, rss: 403 }.each do |format, code|
get :show, params: { username: account.username, format: format }
expect(response).to have_http_status(code)
end
end
end
describe 'GET #show' do
context 'with existing statuses' do
let!(:status) { Fabricate(:status, account: account) }
let!(:status_reply) { Fabricate(:status, account: account, thread: Fabricate(:status)) }
let!(:status_self_reply) { Fabricate(:status, account: account, thread: status) }
let!(:status_media) { Fabricate(:status, account: account) }
let!(:status_pinned) { Fabricate(:status, account: account) }
let!(:status_private) { Fabricate(:status, account: account, visibility: :private) }
let!(:status_direct) { Fabricate(:status, account: account, visibility: :direct) }
let!(:status_reblog) { Fabricate(:status, account: account, reblog: Fabricate(:status)) }
before do
status_media.media_attachments << Fabricate(:media_attachment, account: account, type: :image)
account.pinned_statuses << status_pinned
account.pinned_statuses << status_private
end
context 'with HTML' do
let(:format) { 'html' }
shared_examples 'common HTML response' do
it 'returns a standard HTML response', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.headers['Link'].to_s).to include ActivityPub::TagManager.instance.uri_for(account)
expect(response).to render_template(:show)
end
end
context 'with a normal account in an HTML request' do
before do
get :show, params: { username: account.username, format: format }
end
it_behaves_like 'common HTML response'
end
context 'with replies' do
before do
allow(controller).to receive(:replies_requested?).and_return(true)
get :show, params: { username: account.username, format: format }
end
it_behaves_like 'common HTML response'
end
context 'with media' do
before do
allow(controller).to receive(:media_requested?).and_return(true)
get :show, params: { username: account.username, format: format }
end
it_behaves_like 'common HTML response'
end
context 'with tag' do
let(:tag) { Fabricate(:tag) }
let!(:status_tag) { Fabricate(:status, account: account) }
before do
allow(controller).to receive(:tag_requested?).and_return(true)
status_tag.tags << tag
get :show, params: { username: account.username, format: format, tag: tag.to_param }
end
it_behaves_like 'common HTML response'
end
end
context 'with JSON' do
let(:authorized_fetch_mode) { false }
let(:format) { 'json' }
before do
allow(controller).to receive(:authorized_fetch_mode?).and_return(authorized_fetch_mode)
end
context 'with a normal account in a JSON request' do
before do
get :show, params: { username: account.username, format: format }
end
it 'returns a JSON version of the account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.media_type).to eq 'application/activity+json'
expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
end
it_behaves_like 'cacheable response', expects_vary: 'Accept, Accept-Language, Cookie'
context 'with authorized fetch mode' do
let(:authorized_fetch_mode) { true }
it 'returns http unauthorized' do
expect(response).to have_http_status(401)
end
end
end
context 'when signed in' do
let(:user) { Fabricate(:user) }
before do
sign_in(user)
get :show, params: { username: account.username, format: format }
end
it 'returns a private JSON version of the account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to include 'private'
expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
end
end
context 'with signature' do
let(:remote_account) { Fabricate(:account, domain: 'example.com') }
before do
allow(controller).to receive(:signed_request_actor).and_return(remote_account)
get :show, params: { username: account.username, format: format }
end
it 'returns a JSON version of the account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.media_type).to eq 'application/activity+json'
expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
end
it_behaves_like 'cacheable response', expects_vary: 'Accept, Accept-Language, Cookie'
context 'with authorized fetch mode' do
let(:authorized_fetch_mode) { true }
it 'returns a private signature JSON version of the account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to include 'private'
expect(response.headers['Vary']).to include 'Signature'
expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
end
end
end
end
context 'with RSS' do
let(:format) { 'rss' }
context 'with a normal account in an RSS request' do
before do
get :show, params: { username: account.username, format: format }
end
it_behaves_like 'cacheable response', expects_vary: 'Accept, Accept-Language, Cookie'
it 'responds with correct statuses', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.body).to include_status_tag(status_media)
expect(response.body).to include_status_tag(status_self_reply)
expect(response.body).to include_status_tag(status)
expect(response.body).to_not include_status_tag(status_direct)
expect(response.body).to_not include_status_tag(status_private)
expect(response.body).to_not include_status_tag(status_reblog.reblog)
expect(response.body).to_not include_status_tag(status_reply)
end
end
context 'with replies' do
before do
allow(controller).to receive(:replies_requested?).and_return(true)
get :show, params: { username: account.username, format: format }
end
it_behaves_like 'cacheable response', expects_vary: 'Accept, Accept-Language, Cookie'
it 'responds with correct statuses with replies', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.body).to include_status_tag(status_media)
expect(response.body).to include_status_tag(status_reply)
expect(response.body).to include_status_tag(status_self_reply)
expect(response.body).to include_status_tag(status)
expect(response.body).to_not include_status_tag(status_direct)
expect(response.body).to_not include_status_tag(status_private)
expect(response.body).to_not include_status_tag(status_reblog.reblog)
end
end
context 'with media' do
before do
allow(controller).to receive(:media_requested?).and_return(true)
get :show, params: { username: account.username, format: format }
end
it_behaves_like 'cacheable response', expects_vary: 'Accept, Accept-Language, Cookie'
it 'responds with correct statuses with media', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.body).to include_status_tag(status_media)
expect(response.body).to_not include_status_tag(status_direct)
expect(response.body).to_not include_status_tag(status_private)
expect(response.body).to_not include_status_tag(status_reblog.reblog)
expect(response.body).to_not include_status_tag(status_reply)
expect(response.body).to_not include_status_tag(status_self_reply)
expect(response.body).to_not include_status_tag(status)
end
end
context 'with tag' do
let(:tag) { Fabricate(:tag) }
let!(:status_tag) { Fabricate(:status, account: account) }
before do
allow(controller).to receive(:tag_requested?).and_return(true)
status_tag.tags << tag
get :show, params: { username: account.username, format: format, tag: tag.to_param }
end
it_behaves_like 'cacheable response', expects_vary: 'Accept, Accept-Language, Cookie'
it 'responds with correct statuses with a tag', :aggregate_failures do
expect(response).to have_http_status(200)
expect(response.body).to include_status_tag(status_tag)
expect(response.body).to_not include_status_tag(status_direct)
expect(response.body).to_not include_status_tag(status_media)
expect(response.body).to_not include_status_tag(status_private)
expect(response.body).to_not include_status_tag(status_reblog.reblog)
expect(response.body).to_not include_status_tag(status_reply)
expect(response.body).to_not include_status_tag(status_self_reply)
expect(response.body).to_not include_status_tag(status)
end
end
end
end
end
def include_status_tag(status)
include ActivityPub::TagManager.instance.url_for(status)
end
end

6
spec/controllers/admin/account_moderation_notes_controller_spec.rb
View file

@ -20,7 +20,7 @@ RSpec.describe Admin::AccountModerationNotesController do
it 'successfully creates a note' do
expect { subject }.to change(AccountModerationNote, :count).by(1)
expect(subject).to redirect_to admin_account_path(target_account.id)
expect(response).to redirect_to admin_account_path(target_account.id)
end
end
@ -29,7 +29,7 @@ RSpec.describe Admin::AccountModerationNotesController do
it 'falls to create a note' do
expect { subject }.to_not change(AccountModerationNote, :count)
expect(subject).to render_template 'admin/accounts/show'
expect(response).to render_template 'admin/accounts/show'
end
end
end
@ -42,7 +42,7 @@ RSpec.describe Admin::AccountModerationNotesController do
it 'destroys note' do
expect { subject }.to change(AccountModerationNote, :count).by(-1)
expect(subject).to redirect_to admin_account_path(target_account.id)
expect(response).to redirect_to admin_account_path(target_account.id)
end
end
end

16
spec/controllers/admin/custom_emojis_controller_spec.rb
View file

@ -12,24 +12,24 @@ describe Admin::CustomEmojisController do
end
describe 'GET #index' do
subject { get :index }
before do
Fabricate(:custom_emoji)
end
it 'renders index page' do
expect(subject).to have_http_status 200
expect(subject).to render_template :index
get :index
expect(response).to have_http_status 200
expect(response).to render_template :index
end
end
describe 'GET #new' do
subject { get :new }
it 'renders new page' do
expect(subject).to have_http_status 200
expect(subject).to render_template :new
get :new
expect(response).to have_http_status 200
expect(response).to render_template :new
end
end

10
spec/controllers/admin/report_notes_controller_spec.rb
View file

@ -27,7 +27,7 @@ describe Admin::ReportNotesController do
it 'creates a report note and resolves report' do
expect { subject }.to change(ReportNote, :count).by(1)
expect(report.reload).to be_action_taken
expect(subject).to redirect_to admin_reports_path
expect(response).to redirect_to admin_reports_path
end
end
@ -37,7 +37,7 @@ describe Admin::ReportNotesController do
it 'creates a report note and does not resolve report' do
expect { subject }.to change(ReportNote, :count).by(1)
expect(report.reload).to_not be_action_taken
expect(subject).to redirect_to admin_report_path(report)
expect(response).to redirect_to admin_report_path(report)
end
end
end
@ -52,7 +52,7 @@ describe Admin::ReportNotesController do
it 'creates a report note and unresolves report' do
expect { subject }.to change(ReportNote, :count).by(1)
expect(report.reload).to_not be_action_taken
expect(subject).to redirect_to admin_report_path(report)
expect(response).to redirect_to admin_report_path(report)
end
end
@ -62,7 +62,7 @@ describe Admin::ReportNotesController do
it 'creates a report note and does not unresolve report' do
expect { subject }.to change(ReportNote, :count).by(1)
expect(report.reload).to be_action_taken
expect(subject).to redirect_to admin_report_path(report)
expect(response).to redirect_to admin_report_path(report)
end
end
end
@ -86,7 +86,7 @@ describe Admin::ReportNotesController do
it 'deletes note' do
expect { subject }.to change(ReportNote, :count).by(-1)
expect(subject).to redirect_to admin_report_path(report_note.report)
expect(response).to redirect_to admin_report_path(report_note.report)
end
end
end

2
spec/controllers/api/v1/accounts/familiar_followers_controller_spec.rb
View file

@ -28,7 +28,7 @@ describe Api::V1::Accounts::FamiliarFollowersController do
account_ids = [account_a, account_b, account_b, account_a, account_a].map { |a| a.id.to_s }
get :index, params: { id: account_ids }
expect(body_as_json.pluck(:id)).to eq [account_a.id.to_s, account_b.id.to_s]
expect(body_as_json.pluck(:id)).to contain_exactly(account_a.id.to_s, account_b.id.to_s)
end
end
end

48
spec/controllers/api/v2/search_controller_spec.rb
View file

@ -34,6 +34,26 @@ RSpec.describe Api::V2::SearchController do
expect(body_as_json[:accounts].pluck(:id)).to contain_exactly(bob.id.to_s, ana.id.to_s, tom.id.to_s)
end
context 'with truthy `resolve`' do
let(:params) { { q: 'test1', resolve: '1' } }
it 'returns http unauthorized' do
get :index, params: params
expect(response).to have_http_status(200)
end
end
context 'with `offset`' do
let(:params) { { q: 'test1', offset: 1 } }
it 'returns http unauthorized' do
get :index, params: params
expect(response).to have_http_status(200)
end
end
context 'with following=true' do
let(:params) { { q: 'test', type: 'accounts', following: 'true' } }
@ -48,6 +68,26 @@ RSpec.describe Api::V2::SearchController do
end
end
end
context 'when search raises syntax error' do
before { allow(Search).to receive(:new).and_raise(Mastodon::SyntaxError) }
it 'returns http unprocessable_entity' do
get :index, params: params
expect(response).to have_http_status(422)
end
end
context 'when search raises not found error' do
before { allow(Search).to receive(:new).and_raise(ActiveRecord::RecordNotFound) }
it 'returns http not_found' do
get :index, params: params
expect(response).to have_http_status(404)
end
end
end
end
@ -59,6 +99,12 @@ RSpec.describe Api::V2::SearchController do
get :index, params: search_params
end
context 'without a `q` param' do
it 'returns http bad_request' do
expect(response).to have_http_status(400)
end
end
context 'with a `q` shorter than 5 characters' do
let(:search_params) { { q: 'test' } }
@ -79,6 +125,7 @@ RSpec.describe Api::V2::SearchController do
it 'returns http unauthorized' do
expect(response).to have_http_status(401)
expect(response.body).to match('resolve remote resources')
end
end
@ -87,6 +134,7 @@ RSpec.describe Api::V2::SearchController do
it 'returns http unauthorized' do
expect(response).to have_http_status(401)
expect(response.body).to match('pagination is not supported')
end
end
end

4
spec/controllers/concerns/rate_limit_headers_spec.rb → spec/controllers/concerns/api/rate_limit_headers_spec.rb
View file

@ -2,9 +2,9 @@
require 'rails_helper'
describe RateLimitHeaders do
describe Api::RateLimitHeaders do
controller(ApplicationController) do
include RateLimitHeaders
include Api::RateLimitHeaders
def show
head 200

6
spec/controllers/concerns/challengable_concern_spec.rb
View file

@ -85,7 +85,7 @@ RSpec.describe ChallengableConcern do
before { get :foo }
it 'renders challenge' do
expect(response).to render_template('auth/challenges/new')
expect(response).to render_template('auth/challenges/new', layout: :auth)
end
# See Auth::ChallengesControllerSpec
@ -95,7 +95,7 @@ RSpec.describe ChallengableConcern do
before { post :bar }
it 'renders challenge' do
expect(response).to render_template('auth/challenges/new')
expect(response).to render_template('auth/challenges/new', layout: :auth)
end
it 'accepts correct password' do
@ -106,7 +106,7 @@ RSpec.describe ChallengableConcern do
it 'rejects wrong password' do
post :bar, params: { form_challenge: { current_password: 'dddfff888123' } }
expect(response.body).to render_template('auth/challenges/new')
expect(response.body).to render_template('auth/challenges/new', layout: :auth)
expect(session[:challenge_passed_at]).to be_nil
end
end

4
spec/controllers/concerns/export_controller_concern_spec.rb → spec/controllers/concerns/settings/export_controller_concern_spec.rb
View file

@ -2,9 +2,9 @@
require 'rails_helper'
describe ExportControllerConcern do
describe Settings::ExportControllerConcern do
controller(ApplicationController) do
include ExportControllerConcern
include Settings::ExportControllerConcern
def index
send_export_file

126
spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
View file

@ -20,37 +20,30 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
[true, false].each do |with_otp_secret|
let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: with_otp_secret ? 'oldotpsecret' : nil) }
describe 'GET #new' do
context 'when signed in and a new otp secret has been set in the session' do
subject do
sign_in user, scope: :user
get :new, session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' }
context 'when signed in' do
before { sign_in user, scope: :user }
describe 'GET #new' do
context 'when a new otp secret has been set in the session' do
subject do
get :new, session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' }
end
include_examples 'renders :new'
end
include_examples 'renders :new'
end
it 'redirects if a new otp_secret has not been set in the session' do
get :new, session: { challenge_passed_at: Time.now.utc }
it 'redirects if not signed in' do
get :new
expect(response).to redirect_to('/auth/sign_in')
end
it 'redirects if a new otp_secret has not been set in the session' do
sign_in user, scope: :user
get :new, session: { challenge_passed_at: Time.now.utc }
expect(response).to redirect_to('/settings/otp_authentication')
end
end
describe 'POST #create' do
context 'when signed in' do
before do
sign_in user, scope: :user
expect(response).to redirect_to('/settings/otp_authentication')
end
end
describe 'POST #create' do
describe 'when form_two_factor_confirmation parameter is not provided' do
it 'raises ActionController::ParameterMissing' do
post :create, params: {}, session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' }
expect(response).to have_http_status(400)
end
end
@ -58,69 +51,78 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
describe 'when creation succeeds' do
let!(:otp_backup_codes) { user.generate_otp_backup_codes! }
it 'renders page with success' do
before do
prepare_user_otp_generation
prepare_user_otp_consumption
prepare_user_otp_consumption_response(true)
allow(controller).to receive(:current_user).and_return(user)
end
expect do
post :create,
params: { form_two_factor_confirmation: { otp_attempt: '123456' } },
session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' }
end.to change { user.reload.otp_secret }.to 'thisisasecretforthespecofnewview'
it 'renders page with success' do
expect { post_create_with_options }
.to change { user.reload.otp_secret }.to 'thisisasecretforthespecofnewview'
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled'
expect(response).to have_http_status(200)
expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index')
end
def prepare_user_otp_generation
allow(user)
.to receive(:generate_otp_backup_codes!)
.and_return(otp_backup_codes)
end
def prepare_user_otp_consumption
options = { otp_secret: 'thisisasecretforthespecofnewview' }
allow(user)
.to receive(:validate_and_consume_otp!)
.with('123456', options)
.and_return(true)
end
end
describe 'when creation fails' do
subject do
options = { otp_secret: 'thisisasecretforthespecofnewview' }
allow(user)
.to receive(:validate_and_consume_otp!)
.with('123456', options)
.and_return(false)
allow(controller).to receive(:current_user).and_return(user)
expect do
post :create,
params: { form_two_factor_confirmation: { otp_attempt: '123456' } },
session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' }
end.to(not_change { user.reload.otp_secret })
expect { post_create_with_options }
.to(not_change { user.reload.otp_secret })
end
it 'renders the new view' do
before do
prepare_user_otp_consumption_response(false)
allow(controller).to receive(:current_user).and_return(user)
end
it 'renders page with error message' do
subject
expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?'
end
include_examples 'renders :new'
end
end
context 'when not signed in' do
it 'redirects if not signed in' do
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
expect(response).to redirect_to('/auth/sign_in')
private
def post_create_with_options
post :create,
params: { form_two_factor_confirmation: { otp_attempt: '123456' } },
session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' }
end
def prepare_user_otp_generation
allow(user)
.to receive(:generate_otp_backup_codes!)
.and_return(otp_backup_codes)
end
def prepare_user_otp_consumption_response(result)
options = { otp_secret: 'thisisasecretforthespecofnewview' }
allow(user)
.to receive(:validate_and_consume_otp!)
.with('123456', options)
.and_return(result)
end
end
end
end
context 'when not signed in' do
it 'redirects on POST to create' do
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
expect(response).to redirect_to('/auth/sign_in')
end
it 'redirects on GET to new' do
get :new
expect(response).to redirect_to('/auth/sign_in')
end
end
end