gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'parent/main' into upstream-20240218

Browse source
This commit is contained in:
KMY 2024-02-18 14:39:40 +09:00
commit a1f88f6001
27 changed files with 131 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

31
spec/controllers/admin/disputes/appeals_controller_spec.rb
View file

@ -30,21 +30,19 @@ RSpec.describe Admin::Disputes::AppealsController do
end
describe 'POST #approve' do
subject { post :approve, params: { id: appeal.id } }
let(:current_user) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
before do
post :approve, params: { id: appeal.id }
end
it 'redirects back to the strike page and notifies target account about approved appeal', :sidekiq_inline do
subject
it 'unsuspends a suspended account' do
expect(target_account.reload.suspended?).to be false
end
expect(response)
.to redirect_to(disputes_strike_path(appeal.strike))
it 'redirects back to the strike page' do
expect(response).to redirect_to(disputes_strike_path(appeal.strike))
end
expect(target_account.reload)
.to_not be_suspended
it 'notifies target account about approved appeal', :sidekiq_inline do
expect(UserMailer.deliveries.size).to eq(1)
expect(UserMailer.deliveries.first.to.first).to eq(target_account.user.email)
expect(UserMailer.deliveries.first.subject).to eq(I18n.t('user_mailer.appeal_approved.subject', date: I18n.l(appeal.created_at)))
@ -52,17 +50,16 @@ RSpec.describe Admin::Disputes::AppealsController do
end
describe 'POST #reject' do
subject { post :reject, params: { id: appeal.id } }
let(:current_user) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
before do
post :reject, params: { id: appeal.id }
end
it 'redirects back to the strike page and notifies target account about rejected appeal', :sidekiq_inline do
subject
it 'redirects back to the strike page' do
expect(response).to redirect_to(disputes_strike_path(appeal.strike))
end
expect(response)
.to redirect_to(disputes_strike_path(appeal.strike))
it 'notifies target account about rejected appeal', :sidekiq_inline do
expect(UserMailer.deliveries.size).to eq(1)
expect(UserMailer.deliveries.first.to.first).to eq(target_account.user.email)
expect(UserMailer.deliveries.first.subject).to eq(I18n.t('user_mailer.appeal_rejected.subject', date: I18n.l(appeal.created_at)))

80
spec/controllers/auth/sessions_controller_spec.rb
View file

@ -57,11 +57,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: 'pam_user1', password: '123456' } }
end
it 'redirects to home' do
it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to be_instance_of(User)
end
end
@ -71,11 +69,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: 'pam_user1', password: 'WRONGPW' } }
end
it 'shows a login error' do
it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: I18n.t('activerecord.attributes.user.email'))
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil
end
end
@ -92,11 +88,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email, password: '123456' } }
end
it 'redirects to home' do
it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
end
@ -110,16 +104,16 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email, password: user.password } }
end
it 'redirects to home' do
it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
end
context 'when using a valid password on a previously-used account with a new IP address' do
subject { post :create, params: { user: { email: user.email, password: user.password } } }
let(:previous_ip) { '1.2.3.4' }
let(:current_ip) { '4.3.2.1' }
@ -127,18 +121,17 @@ RSpec.describe Auth::SessionsController do
Fabricate(:login_activity, user: user, ip: previous_ip)
allow(controller.request).to receive(:remote_ip).and_return(current_ip)
user.update(current_sign_in_at: 1.month.ago)
post :create, params: { user: { email: user.email, password: user.password } }
end
it 'redirects to home' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in and sends suspicious email and redirects home', :sidekiq_inline do
subject
it 'logs the user in' do
expect(controller.current_user).to eq user
end
expect(response)
.to redirect_to(root_path)
expect(controller.current_user)
.to eq user
it 'sends a suspicious sign-in mail', :sidekiq_inline do
expect(UserMailer.deliveries.size).to eq(1)
expect(UserMailer.deliveries.first.to.first).to eq(user.email)
expect(UserMailer.deliveries.first.subject).to eq(I18n.t('user_mailer.suspicious_sign_in.subject'))
@ -150,11 +143,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email.upcase, password: user.password } }
end
it 'redirects to home' do
it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
end
@ -164,11 +155,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email, password: 'wrongpw' } }
end
it 'shows a login error' do
it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: I18n.t('activerecord.attributes.user.email'))
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil
end
end
@ -270,7 +259,7 @@ RSpec.describe Auth::SessionsController do
travel_to '2023-12-20T10:00:00Z'
end
it 'does not log the user in' do
it 'does not log the user in, sets a flash message, and sends a suspicious sign in email', :sidekiq_inline do
Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do
post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user).to be_nil
@ -278,17 +267,10 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user).to be_nil
expect(flash[:alert]).to match I18n.t('users.rate_limited')
end
it 'sends a suspicious sign-in mail', :sidekiq_inline do
Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do
post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user).to be_nil
end
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user)
.to be_nil
expect(flash[:alert])
.to match I18n.t('users.rate_limited')
expect(UserMailer.deliveries.size).to eq(1)
expect(UserMailer.deliveries.first.to.first).to eq(user.email)
@ -301,11 +283,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end
it 'redirects to home' do
it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
end
@ -318,11 +298,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end
it 'shows a login error' do
it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('users.invalid_otp_token')
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil
end
end
@ -332,11 +310,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: recovery_codes.first } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end
it 'redirects to home' do
it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
end
@ -346,11 +322,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: 'wrongotp' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end
it 'shows a login error' do
it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('users.invalid_otp_token')
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil
end
end
@ -417,15 +391,11 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { credential: fake_credential } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end
it 'instructs the browser to redirect to home' do
it 'instructs the browser to redirect to home, logs the user in, and updates the sign count' do
expect(body_as_json[:redirect_path]).to eq(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user
end
it 'updates the sign count' do
expect(webauthn_credential.reload.sign_count).to eq(sign_count)
end
end

22
spec/controllers/disputes/appeals_controller_spec.rb
View file

@ -10,19 +10,17 @@ RSpec.describe Disputes::AppealsController do
let!(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
describe '#create' do
subject { post :create, params: params }
context 'with valid params' do
let(:current_user) { Fabricate(:user) }
let(:strike) { Fabricate(:account_warning, target_account: current_user.account) }
let(:params) { { strike_id: strike.id, appeal: { text: 'Foo' } } }
before do
post :create, params: { strike_id: strike.id, appeal: { text: 'Foo' } }
end
it 'notifies staff about new appeal and redirects back to strike page', :sidekiq_inline do
subject
it 'notifies staff about new appeal', :sidekiq_inline do
expect(ActionMailer::Base.deliveries.first.to).to eq([admin.email])
end
it 'redirects back to the strike page' do
expect(response).to redirect_to(disputes_strike_path(strike.id))
end
end
@ -30,16 +28,12 @@ RSpec.describe Disputes::AppealsController do
context 'with invalid params' do
let(:current_user) { Fabricate(:user) }
let(:strike) { Fabricate(:account_warning, target_account: current_user.account) }
let(:params) { { strike_id: strike.id, appeal: { text: '' } } }
before do
post :create, params: { strike_id: strike.id, appeal: { text: '' } }
end
it 'does not send email and renders strike show page', :sidekiq_inline do
subject
it 'does not send email', :sidekiq_inline do
expect(ActionMailer::Base.deliveries.size).to eq(0)
end
it 'renders the strike show page' do
expect(response).to render_template('disputes/strikes/show')
end
end

16
spec/controllers/instance_actors_controller_spec.rb
View file

@ -13,17 +13,19 @@ RSpec.describe InstanceActorsController do
end
it 'returns http success with correct media type, headers, and session values' do
expect(response).to have_http_status(200)
expect(response)
.to have_http_status(200)
.and have_attributes(
media_type: eq('application/activity+json'),
cookies: be_empty
)
expect(response.media_type).to eq 'application/activity+json'
expect(response.cookies).to be_empty
expect(response.headers['Set-Cookies']).to be_nil
expect(response.headers)
.to include('Cache-Control' => include('public'))
.and not_include('Set-Cookies')
expect(session).to be_empty
expect(response.headers['Cache-Control']).to include 'public'
expect(body_as_json)
.to include(:id, :type, :preferredUsername, :inbox, :publicKey, :inbox, :outbox, :url)
end