gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'parent/main' into upstream-20231120

Browse source
This commit is contained in:
KMY 2023-11-20 12:50:02 +09:00
commit abec232dd7
85 changed files with 1314 additions and 458 deletions
Download patch file Download diff file Expand all files Collapse all files

53
spec/requests/api/v1/accounts_show_spec.rb
View file

@ -1,53 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
describe 'GET /api/v1/accounts/{account_id}' do
it 'returns account entity as 200 OK' do
account = Fabricate(:account)
get "/api/v1/accounts/#{account.id}"
aggregate_failures do
expect(response).to have_http_status(200)
expect(body_as_json[:id]).to eq(account.id.to_s)
end
end
it 'returns 404 if account not found' do
get '/api/v1/accounts/1'
aggregate_failures do
expect(response).to have_http_status(404)
expect(body_as_json[:error]).to eq('Record not found')
end
end
context 'when with token' do
it 'returns account entity as 200 OK if token is valid' do
account = Fabricate(:account)
user = Fabricate(:user, account: account)
token = Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:accounts').token
get "/api/v1/accounts/#{account.id}", headers: { Authorization: "Bearer #{token}" }
aggregate_failures do
expect(response).to have_http_status(200)
expect(body_as_json[:id]).to eq(account.id.to_s)
end
end
it 'returns 403 if scope of token is invalid' do
account = Fabricate(:account)
user = Fabricate(:user, account: account)
token = Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:statuses').token
get "/api/v1/accounts/#{account.id}", headers: { Authorization: "Bearer #{token}" }
aggregate_failures do
expect(response).to have_http_status(403)
expect(body_as_json[:error]).to eq('This action is outside the authorized scopes')
end
end
end
end

391
spec/requests/api/v1/accounts_spec.rb Normal file
View file

@ -0,0 +1,391 @@
# frozen_string_literal: true
require 'rails_helper'
describe '/api/v1/accounts' do
let(:user) { Fabricate(:user) }
let(:scopes) { '' }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v1/accounts/:id' do
context 'when logged out' do
let(:account) { Fabricate(:account) }
it 'returns account entity as 200 OK', :aggregate_failures do
get "/api/v1/accounts/#{account.id}"
expect(response).to have_http_status(200)
expect(body_as_json[:id]).to eq(account.id.to_s)
end
end
context 'when the account does not exist' do
it 'returns http not found' do
get '/api/v1/accounts/1'
expect(response).to have_http_status(404)
expect(body_as_json[:error]).to eq('Record not found')
end
end
context 'when logged in' do
subject do
get "/api/v1/accounts/#{account.id}", headers: headers
end
let(:account) { Fabricate(:account) }
let(:scopes) { 'read:accounts' }
it 'returns account entity as 200 OK', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json[:id]).to eq(account.id.to_s)
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
end
end
describe 'POST /api/v1/accounts' do
subject do
post '/api/v1/accounts', headers: headers, params: { username: 'test', password: '12345678', email: 'hello@world.tld', agreement: agreement }
end
let(:client_app) { Fabricate(:application) }
let(:token) { Doorkeeper::AccessToken.find_or_create_for(application: client_app, resource_owner: nil, scopes: 'read write', use_refresh_token: false) }
let(:agreement) { nil }
context 'when given truthy agreement' do
let(:agreement) { 'true' }
it 'creates a user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json[:access_token]).to_not be_blank
user = User.find_by(email: 'hello@world.tld')
expect(user).to_not be_nil
expect(user.created_by_application_id).to eq client_app.id
end
end
context 'when given no agreement' do
it 'returns http unprocessable entity' do
subject
expect(response).to have_http_status(422)
end
end
end
describe 'POST /api/v1/accounts/:id/follow' do
let(:scopes) { 'write:follows' }
let(:my_actor_type) { 'Person' }
let(:lock_follow_from_bot) { false }
let(:other_account) { Fabricate(:account, username: 'bob', locked: locked) }
context 'when posting to an other account' do
subject do
post "/api/v1/accounts/#{other_account.id}/follow", headers: headers
end
before do
other_account.user.settings['lock_follow_from_bot'] = lock_follow_from_bot
other_account.user.save!
user.account.update!(actor_type: my_actor_type)
end
context 'with unlocked account' do
let(:locked) { false }
it 'creates a following relation between user and target user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
json = body_as_json
expect(json[:following]).to be true
expect(json[:requested]).to be false
expect(user.account.following?(other_account)).to be true
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
context 'with locked account' do
let(:locked) { true }
it 'creates a follow request relation between user and target user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
json = body_as_json
expect(json[:following]).to be false
expect(json[:requested]).to be true
expect(user.account.requested?(other_account)).to be true
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
context 'with unlocked account from bot' do
let(:locked) { false }
let(:lock_follow_from_bot) { true }
let(:my_actor_type) { 'Service' }
it 'returns http success' do
subject
expect(response).to have_http_status(200)
end
it 'returns JSON with following=false and requested=true' do
subject
json = body_as_json
expect(json[:following]).to be false
expect(json[:requested]).to be true
end
it 'creates a follow request relation between user and target user' do
subject
expect(user.account.requested?(other_account)).to be true
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
end
context 'when modifying follow options' do
let(:locked) { false }
before do
user.account.follow!(other_account, reblogs: false, notify: false)
end
it 'changes reblogs option' do
post "/api/v1/accounts/#{other_account.id}/follow", headers: headers, params: { reblogs: true }
expect(body_as_json).to include({
following: true,
showing_reblogs: true,
notifying: false,
})
end
it 'changes notify option' do
post "/api/v1/accounts/#{other_account.id}/follow", headers: headers, params: { notify: true }
expect(body_as_json).to include({
following: true,
showing_reblogs: false,
notifying: true,
})
end
it 'changes languages option' do
post "/api/v1/accounts/#{other_account.id}/follow", headers: headers, params: { languages: %w(en es) }
expect(body_as_json).to include({
following: true,
showing_reblogs: false,
notifying: false,
languages: match_array(%w(en es)),
})
end
end
end
describe 'POST /api/v1/accounts/:id/unfollow' do
subject do
post "/api/v1/accounts/#{other_account.id}/unfollow", headers: headers
end
let(:scopes) { 'write:follows' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.follow!(other_account)
end
it 'removes the following relation between user and target user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.following?(other_account)).to be false
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/remove_from_followers' do
subject do
post "/api/v1/accounts/#{other_account.id}/remove_from_followers", headers: headers
end
let(:scopes) { 'write:follows' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
other_account.follow!(user.account)
end
it 'removes the followed relation between user and target user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.followed_by?(other_account)).to be false
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/block' do
subject do
post "/api/v1/accounts/#{other_account.id}/block", headers: headers
end
let(:scopes) { 'write:blocks' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.follow!(other_account)
end
it 'creates a blocking relation', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.following?(other_account)).to be false
expect(user.account.blocking?(other_account)).to be true
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/unblock' do
subject do
post "/api/v1/accounts/#{other_account.id}/unblock", headers: headers
end
let(:scopes) { 'write:blocks' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.block!(other_account)
end
it 'removes the blocking relation between user and target user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.blocking?(other_account)).to be false
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/mute' do
subject do
post "/api/v1/accounts/#{other_account.id}/mute", headers: headers
end
let(:scopes) { 'write:mutes' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.follow!(other_account)
end
it 'mutes notifications', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.following?(other_account)).to be true
expect(user.account.muting?(other_account)).to be true
expect(user.account.muting_notifications?(other_account)).to be true
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/mute with notifications set to false' do
subject do
post "/api/v1/accounts/#{other_account.id}/mute", headers: headers, params: { notifications: false }
end
let(:scopes) { 'write:mutes' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.follow!(other_account)
end
it 'does not mute notifications', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.following?(other_account)).to be true
expect(user.account.muting?(other_account)).to be true
expect(user.account.muting_notifications?(other_account)).to be false
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/mute with nonzero duration set' do
subject do
post "/api/v1/accounts/#{other_account.id}/mute", headers: headers, params: { duration: 300 }
end
let(:scopes) { 'write:mutes' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.follow!(other_account)
end
it 'mutes notifications', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.following?(other_account)).to be true
expect(user.account.muting?(other_account)).to be true
expect(user.account.muting_notifications?(other_account)).to be true
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
describe 'POST /api/v1/accounts/:id/unmute' do
subject do
post "/api/v1/accounts/#{other_account.id}/unmute", headers: headers
end
let(:scopes) { 'write:mutes' }
let(:other_account) { Fabricate(:account, username: 'bob') }
before do
user.account.mute!(other_account)
end
it 'removes the muting relation between user and target user', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.account.muting?(other_account)).to be false
end
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
end
end

12
spec/requests/api/v1/admin/account_actions_spec.rb
View file

@ -8,18 +8,12 @@ RSpec.describe 'Account actions' do
let(:scopes) { 'admin:write admin:write:accounts' }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
let(:mailer) { instance_double(ActionMailer::MessageDelivery, deliver_later!: nil) }
before do
allow(UserMailer).to receive(:warning).with(target_account.user, anything).and_return(mailer)
end
shared_examples 'a successful notification delivery' do
it 'notifies the user about the action taken' do
subject
expect(UserMailer).to have_received(:warning).with(target_account.user, anything).once
expect(mailer).to have_received(:deliver_later!).once
expect { subject }
.to have_enqueued_job(ActionMailer::MailDeliveryJob)
.with('UserMailer', 'warning', 'deliver_now!', args: [User, AccountWarning])
end
end

340
spec/requests/api/v1/statuses_spec.rb Normal file
View file

@ -0,0 +1,340 @@
# frozen_string_literal: true
require 'rails_helper'
describe '/api/v1/statuses' do
context 'with an oauth token' do
let(:user) { Fabricate(:user) }
let(:client_app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: client_app, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v1/statuses/:id' do
subject do
get "/api/v1/statuses/#{status.id}", headers: headers
end
let(:scopes) { 'read:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
it_behaves_like 'forbidden for wrong scope', 'write write:statuses'
it 'returns http success' do
subject
expect(response).to have_http_status(200)
end
context 'when post includes filtered terms' do
let(:status) { Fabricate(:status, text: 'this toot is about that banned word') }
before do
user.account.custom_filters.create!(phrase: 'filter1', context: %w(home), action: :hide, keywords_attributes: [{ keyword: 'banned' }, { keyword: 'irrelevant' }])
end
it 'returns filter information', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json[:filtered][0]).to include({
filter: a_hash_including({
id: user.account.custom_filters.first.id.to_s,
title: 'filter1',
filter_action: 'hide',
}),
keyword_matches: ['banned'],
})
end
end
context 'when post is explicitly filtered' do
let(:status) { Fabricate(:status, text: 'hello world') }
before do
filter = user.account.custom_filters.create!(phrase: 'filter1', context: %w(home), action: :hide)
filter.statuses.create!(status_id: status.id)
end
it 'returns filter information', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json[:filtered][0]).to include({
filter: a_hash_including({
id: user.account.custom_filters.first.id.to_s,
title: 'filter1',
filter_action: 'hide',
}),
status_matches: [status.id.to_s],
})
end
end
context 'when reblog includes filtered terms' do
let(:status) { Fabricate(:status, reblog: Fabricate(:status, text: 'this toot is about that banned word')) }
before do
user.account.custom_filters.create!(phrase: 'filter1', context: %w(home), action: :hide, keywords_attributes: [{ keyword: 'banned' }, { keyword: 'irrelevant' }])
end
it 'returns filter information', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json[:reblog][:filtered][0]).to include({
filter: a_hash_including({
id: user.account.custom_filters.first.id.to_s,
title: 'filter1',
filter_action: 'hide',
}),
keyword_matches: ['banned'],
})
end
end
end
describe 'GET /api/v1/statuses/:id/context' do
let(:scopes) { 'read:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
let!(:thread) { Fabricate(:status, account: user.account, thread: status) }
it 'returns http success' do
get :context, params: { id: status.id }
expect(response).to have_http_status(200)
end
context 'when has also reference' do
before do
Fabricate(:status_reference, status: thread, target_status: status)
end
it 'returns unique ancestors' do
get :context, params: { id: thread.id }
status_ids = body_as_json[:ancestors].map { |ref| ref[:id].to_i }
expect(status_ids).to eq [status.id]
end
it 'returns unique references' do
get :context, params: { id: thread.id, with_reference: true }
ancestor_status_ids = body_as_json[:ancestors].map { |ref| ref[:id].to_i }
reference_status_ids = body_as_json[:references].map { |ref| ref[:id].to_i }
expect(ancestor_status_ids).to eq [status.id]
expect(reference_status_ids).to eq []
end
end
end
context 'with reference' do
let(:status) { Fabricate(:status, account: user.account) }
let(:scopes) { 'read:statuses' }
let(:referred) { Fabricate(:status) }
let(:referred_private) { Fabricate(:status, visibility: :private) }
let(:referred_private_following) { Fabricate(:status, visibility: :private) }
before do
user.account.follow!(referred_private_following.account)
Fabricate(:status_reference, status: status, target_status: referred)
Fabricate(:status_reference, status: status, target_status: referred_private)
Fabricate(:status_reference, status: status, target_status: referred_private_following)
end
it 'returns http success' do
get "/api/v1/statuses/#{status.id}/context", headers: headers
expect(response).to have_http_status(200)
end
it 'returns empty references' do
get :context, params: { id: status.id }
status_ids = body_as_json[:references].map { |ref| ref[:id].to_i }
expect(status_ids).to eq []
end
it 'contains referred status' do
get :context, params: { id: status.id }
status_ids = body_as_json[:ancestors].map { |ref| ref[:id].to_i }
expect(status_ids).to include referred.id
expect(status_ids).to include referred_private_following.id
end
it 'does not contain private status' do
get :context, params: { id: status.id }
status_ids = body_as_json[:ancestors].map { |ref| ref[:id].to_i }
expect(status_ids).to_not include referred_private.id
end
context 'when with_reference is enabled' do
it 'returns http success' do
get :context, params: { id: status.id, with_reference: true }
expect(response).to have_http_status(200)
end
it 'returns empty ancestors' do
get :context, params: { id: status.id, with_reference: true }
status_ids = body_as_json[:ancestors].map { |ref| ref[:id].to_i }
expect(status_ids).to eq []
end
it 'contains referred status' do
get :context, params: { id: status.id, with_reference: true }
status_ids = body_as_json[:references].map { |ref| ref[:id].to_i }
expect(status_ids).to include referred.id
end
end
end
describe 'POST /api/v1/statuses' do
subject do
post '/api/v1/statuses', headers: headers, params: params
end
let(:scopes) { 'write:statuses' }
let(:params) { { status: 'Hello world' } }
it_behaves_like 'forbidden for wrong scope', 'read read:statuses'
context 'with a basic status body' do
it 'returns rate limit headers', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
expect(response.headers['X-RateLimit-Remaining']).to eq (RateLimiter::FAMILIES[:statuses][:limit] - 1).to_s
end
end
context 'with a safeguard' do
let!(:alice) { Fabricate(:account, username: 'alice') }
let!(:bob) { Fabricate(:account, username: 'bob') }
let(:params) { { status: '@alice hm, @bob is really annoying lately', allowed_mentions: [alice.id] } }
it 'returns serialized extra accounts in body', :aggregate_failures do
subject
expect(response).to have_http_status(422)
expect(body_as_json[:unexpected_accounts].map { |a| a.slice(:id, :acct) }).to eq [{ id: bob.id.to_s, acct: bob.acct }]
end
end
context 'with missing parameters' do
let(:params) { {} }
it 'returns rate limit headers', :aggregate_failures do
subject
expect(response).to have_http_status(422)
expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
end
end
context 'when exceeding rate limit' do
before do
rate_limiter = RateLimiter.new(user.account, family: :statuses)
300.times { rate_limiter.record! }
end
it 'returns rate limit headers', :aggregate_failures do
subject
expect(response).to have_http_status(429)
expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
expect(response.headers['X-RateLimit-Remaining']).to eq '0'
end
end
end
describe 'DELETE /api/v1/statuses/:id' do
subject do
delete "/api/v1/statuses/#{status.id}", headers: headers
end
let(:scopes) { 'write:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
it_behaves_like 'forbidden for wrong scope', 'read read:statuses'
it 'removes the status', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(Status.find_by(id: status.id)).to be_nil
end
end
describe 'PUT /api/v1/statuses/:id' do
subject do
put "/api/v1/statuses/#{status.id}", headers: headers, params: { status: 'I am updated' }
end
let(:scopes) { 'write:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
it_behaves_like 'forbidden for wrong scope', 'read read:statuses'
it 'updates the status', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(status.reload.text).to eq 'I am updated'
end
end
end
context 'without an oauth token' do
context 'with a private status' do
let(:status) { Fabricate(:status, visibility: :private) }
describe 'GET /api/v1/statuses/:id' do
it 'returns http unauthorized' do
get "/api/v1/statuses/#{status.id}"
expect(response).to have_http_status(404)
end
end
describe 'GET /api/v1/statuses/:id/context' do
before do
Fabricate(:status, thread: status)
end
it 'returns http unauthorized' do
get "/api/v1/statuses/#{status.id}/context"
expect(response).to have_http_status(404)
end
end
end
context 'with a public status' do
let(:status) { Fabricate(:status, visibility: :public) }
describe 'GET /api/v1/statuses/:id' do
it 'returns http success' do
get "/api/v1/statuses/#{status.id}"
expect(response).to have_http_status(200)
end
end
describe 'GET /api/v1/statuses/:id/context' do
before do
Fabricate(:status, thread: status)
end
it 'returns http success' do
get "/api/v1/statuses/#{status.id}/context"
expect(response).to have_http_status(200)
end
end
end
end
end