gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'parent/stable-4.2' into kb-draft-5.19-lts

Browse source
This commit is contained in:
KMY 2024-05-30 23:25:06 +09:00
commit c2a19f8a81
47 changed files with 493 additions and 236 deletions
Download patch file Download diff file Expand all files Collapse all files

42
spec/config/initializers/rack_attack_spec.rb
View file

@ -103,4 +103,46 @@ describe Rack::Attack, type: :request do
it_behaves_like 'throttled endpoint'
end
end
describe 'throttle excessive oauth application registration requests by IP address' do
let(:throttle) { 'throttle_oauth_application_registrations/ip' }
let(:limit) { 5 }
let(:period) { 10.minutes }
let(:path) { '/api/v1/apps' }
let(:params) do
{
client_name: 'Throttle Test',
redirect_uris: 'urn:ietf:wg:oauth:2.0:oob',
scopes: 'read',
}
end
let(:request) { -> { post path, params: params, headers: { 'REMOTE_ADDR' => remote_ip } } }
it_behaves_like 'throttled endpoint'
end
describe 'throttle excessive password change requests by account' do
let(:user) { Fabricate(:user, email: 'user@host.example') }
let(:limit) { 10 }
let(:period) { 10.minutes }
let(:request) { -> { put path, headers: { 'REMOTE_ADDR' => remote_ip } } }
let(:path) { '/auth' }
before do
sign_in user, scope: :user
# Unfortunately, devise's `sign_in` helper causes the `session` to be
# loaded in the next request regardless of whether it's actually accessed
# by the client code.
#
# So, we make an extra query to clear issue a session cookie instead.
#
# A less resource-intensive way to deal with that would be to generate the
# session cookie manually, but this seems pretty involved.
get '/'
end
it_behaves_like 'throttled endpoint'
end
end

28
spec/controllers/api/v1/featured_tags/suggestions_controller_spec.rb
View file

@ -7,17 +7,39 @@ describe Api::V1::FeaturedTags::SuggestionsController do
let(:user) { Fabricate(:user) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:accounts') }
let(:account) { Fabricate(:account) }
let(:account) { Fabricate(:account, user: user) }
before do
allow(controller).to receive(:doorkeeper_token) { token }
end
describe 'GET #index' do
it 'returns http success' do
let!(:unused_featured_tag) { Fabricate(:tag, name: 'unused_featured_tag') }
let!(:used_tag) { Fabricate(:tag, name: 'used_tag') }
let!(:used_featured_tag) { Fabricate(:tag, name: 'used_featured_tag') }
before do
_unused_tag = Fabricate(:tag, name: 'unused_tag')
# Make relevant tags used by account
status = Fabricate(:status, account: account)
status.tags << used_tag
status.tags << used_featured_tag
# Feature the relevant tags
Fabricate :featured_tag, account: account, name: unused_featured_tag.name
Fabricate :featured_tag, account: account, name: used_featured_tag.name
end
it 'returns http success and recently used but not featured tags', :aggregate_failures do
get :index, params: { account_id: account.id, limit: 2 }
expect(response).to have_http_status(200)
expect(response)
.to have_http_status(200)
expect(body_as_json)
.to contain_exactly(
include(name: used_tag.name)
)
end
end
end

35
spec/controllers/application_controller_spec.rb
View file

@ -221,39 +221,4 @@ describe ApplicationController do
include_examples 'respond_with_error', 422
end
describe 'cache_collection' do
subject do
Class.new(ApplicationController) do
public :cache_collection
end
end
shared_examples 'receives :with_includes' do |fabricator, klass|
it 'uses raw if it is not an ActiveRecord::Relation' do
record = Fabricate(fabricator)
expect(subject.new.cache_collection([record], klass)).to eq [record]
end
end
shared_examples 'cacheable' do |fabricator, klass|
include_examples 'receives :with_includes', fabricator, klass
it 'calls cache_ids of raw if it is an ActiveRecord::Relation' do
record = Fabricate(fabricator)
relation = klass.none
allow(relation).to receive(:cache_ids).and_return([record])
expect(subject.new.cache_collection(relation, klass)).to eq [record]
end
end
it 'returns raw unless class responds to :with_includes' do
raw = Object.new
expect(subject.new.cache_collection(raw, Object)).to eq raw
end
context 'with a Status' do
include_examples 'cacheable', :status, Status
end
end
end

2
spec/fabricators/featured_tag_fabricator.rb
View file

@ -2,6 +2,6 @@
Fabricator(:featured_tag) do
account { Fabricate.build(:account) }
tag { Fabricate.build(:tag) }
tag { nil }
name { sequence(:name) { |i| "Tag#{i}" } }
end

50
spec/lib/activitypub/parser/status_parser_spec.rb Normal file
View file

@ -0,0 +1,50 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe ActivityPub::Parser::StatusParser do
subject { described_class.new(json) }
let(:sender) { Fabricate(:account, followers_url: 'http://example.com/followers', domain: 'example.com', uri: 'https://example.com/actor') }
let(:follower) { Fabricate(:account, username: 'bob') }
let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: [ActivityPub::TagManager.instance.uri_for(sender), '#foo'].join,
type: 'Create',
actor: ActivityPub::TagManager.instance.uri_for(sender),
object: object_json,
}.with_indifferent_access
end
let(:object_json) do
{
id: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
type: 'Note',
to: [
'https://www.w3.org/ns/activitystreams#Public',
ActivityPub::TagManager.instance.uri_for(follower),
],
content: '@bob lorem ipsum',
contentMap: {
EN: '@bob lorem ipsum',
},
published: 1.hour.ago.utc.iso8601,
updated: 1.hour.ago.utc.iso8601,
tag: {
type: 'Mention',
href: ActivityPub::TagManager.instance.uri_for(follower),
},
}
end
it 'correctly parses status' do
expect(subject).to have_attributes(
text: '@bob lorem ipsum',
uri: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
reply: false,
language: :en
)
end
end

48
spec/lib/vacuum/applications_vacuum_spec.rb
View file

@ -1,48 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe Vacuum::ApplicationsVacuum do
subject { described_class.new }
describe '#perform' do
let!(:app_with_token) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_grant) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_signup) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_owner) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) }
let!(:unused_app) { Fabricate(:application, created_at: 1.month.ago) }
let!(:recent_app) { Fabricate(:application, created_at: 1.hour.ago) }
let!(:active_access_token) { Fabricate(:access_token, application: app_with_token) }
let!(:active_access_grant) { Fabricate(:access_grant, application: app_with_grant) }
let!(:user) { Fabricate(:user, created_by_application: app_with_signup) }
before do
subject.perform
end
it 'does not delete applications with valid access tokens' do
expect { app_with_token.reload }.to_not raise_error
end
it 'does not delete applications with valid access grants' do
expect { app_with_grant.reload }.to_not raise_error
end
it 'does not delete applications that were used to create users' do
expect { app_with_signup.reload }.to_not raise_error
end
it 'does not delete owned applications' do
expect { app_with_owner.reload }.to_not raise_error
end
it 'does not delete applications registered less than a day ago' do
expect { recent_app.reload }.to_not raise_error
end
it 'deletes unused applications' do
expect { unused_app.reload }.to raise_error ActiveRecord::RecordNotFound
end
end
end

40
spec/models/concerns/account_interactions_spec.rb
View file

@ -252,6 +252,24 @@ describe AccountInteractions do
end
end
describe '#block_idna_domain!' do
subject do
[
account.block_domain!(idna_domain),
account.block_domain!(punycode_domain),
]
end
let(:idna_domain) { '대한민국.한국' }
let(:punycode_domain) { 'xn--3e0bs9hfvinn1a.xn--3e0b707e' }
it 'creates single AccountDomainBlock' do
expect do
expect(subject).to all(be_a AccountDomainBlock)
end.to change { account.domain_blocks.count }.by 1
end
end
describe '#unfollow!' do
subject { account.unfollow!(target_account) }
@ -347,6 +365,28 @@ describe AccountInteractions do
end
end
describe '#unblock_idna_domain!' do
subject { account.unblock_domain!(punycode_domain) }
let(:idna_domain) { '대한민국.한국' }
let(:punycode_domain) { 'xn--3e0bs9hfvinn1a.xn--3e0b707e' }
context 'when blocking the domain' do
it 'returns destroyed AccountDomainBlock' do
account_domain_block = Fabricate(:account_domain_block, domain: idna_domain)
account.domain_blocks << account_domain_block
expect(subject).to be_a AccountDomainBlock
expect(subject).to be_destroyed
end
end
context 'when unblocking idna domain' do
it 'returns nil' do
expect(subject).to be_nil
end
end
end
describe '#following?' do
subject { account.following?(target_account) }

1
spec/models/home_feed_spec.rb
View file

@ -27,7 +27,6 @@ RSpec.describe HomeFeed do
results = subject.get(3)
expect(results.map(&:id)).to eq [3, 2]
expect(results.first.attributes.keys).to eq %w(id updated_at)
end
end

6
spec/models/user_spec.rb
View file

@ -39,6 +39,12 @@ RSpec.describe User do
expect(user.valid?).to be true
end
it 'is valid with a localhost e-mail address' do
user = Fabricate.build(:user, email: 'admin@localhost')
user.valid?
expect(user.valid?).to be true
end
it 'cleans out invalid locale' do
user = Fabricate.build(:user, locale: 'toto')
expect(user.valid?).to be true

95
spec/requests/api/v1/admin/domain_blocks_spec.rb
View file

@ -49,6 +49,7 @@ RSpec.describe 'Domain Blocks' do
{
id: domain_block.id.to_s,
domain: domain_block.domain,
digest: domain_block.domain_digest,
created_at: domain_block.created_at.strftime('%Y-%m-%dT%H:%M:%S.%LZ'),
severity: domain_block.severity.to_s,
reject_media: domain_block.reject_media,
@ -65,6 +66,7 @@ RSpec.describe 'Domain Blocks' do
{
id: domain_block.id.to_s,
domain: domain_block.domain,
digest: domain_block.domain_digest,
created_at: domain_block.created_at.strftime('%Y-%m-%dT%H:%M:%S.%LZ'),
severity: domain_block.severity.to_s,
reject_media: domain_block.reject_media,
@ -109,28 +111,6 @@ RSpec.describe 'Domain Blocks' do
let!(:domain_block) { Fabricate(:domain_block) }
let(:expected_response) do
{
id: domain_block.id.to_s,
domain: domain_block.domain,
created_at: domain_block.created_at.strftime('%Y-%m-%dT%H:%M:%S.%LZ'),
severity: domain_block.severity.to_s,
reject_media: domain_block.reject_media,
reject_reports: domain_block.reject_reports,
private_comment: domain_block.private_comment,
public_comment: domain_block.public_comment,
obfuscate: domain_block.obfuscate,
reject_favourite: domain_block.reject_favourite,
reject_hashtag: domain_block.reject_hashtag,
detect_invalid_subscription: domain_block.detect_invalid_subscription,
reject_new_follow: domain_block.reject_new_follow,
reject_reply: domain_block.reject_reply,
reject_reply_exclude_followers: domain_block.reject_reply_exclude_followers,
reject_send_sensitive: domain_block.reject_send_sensitive,
reject_straight_follow: domain_block.reject_straight_follow,
}
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it_behaves_like 'forbidden for wrong role', 'Moderator'
@ -141,10 +121,31 @@ RSpec.describe 'Domain Blocks' do
expect(response).to have_http_status(200)
end
it 'returns the expected domain block content' do
it 'returns the expected domain block content' do # rubocop:disable RSpec/ExampleLength
subject
expect(body_as_json).to eq(expected_response)
expect(body_as_json).to eq(
{
id: domain_block.id.to_s,
domain: domain_block.domain,
digest: domain_block.domain_digest,
created_at: domain_block.created_at.strftime('%Y-%m-%dT%H:%M:%S.%LZ'),
severity: domain_block.severity.to_s,
reject_media: domain_block.reject_media,
reject_reports: domain_block.reject_reports,
private_comment: domain_block.private_comment,
public_comment: domain_block.public_comment,
obfuscate: domain_block.obfuscate,
reject_favourite: domain_block.reject_favourite,
reject_hashtag: domain_block.reject_hashtag,
detect_invalid_subscription: domain_block.detect_invalid_subscription,
reject_new_follow: domain_block.reject_new_follow,
reject_reply: domain_block.reject_reply,
reject_reply_exclude_followers: domain_block.reject_reply_exclude_followers,
reject_send_sensitive: domain_block.reject_send_sensitive,
reject_straight_follow: domain_block.reject_straight_follow,
}
)
end
context 'when the requested domain block does not exist' do
@ -167,14 +168,10 @@ RSpec.describe 'Domain Blocks' do
it_behaves_like 'forbidden for wrong role', ''
it_behaves_like 'forbidden for wrong role', 'Moderator'
it 'returns http success' do
it 'creates a domain block with the expected domain name and severity', :aggregate_failures do
subject
expect(response).to have_http_status(200)
end
it 'returns expected domain name and severity' do
subject
body = body_as_json
@ -192,7 +189,44 @@ RSpec.describe 'Domain Blocks' do
expect(DomainBlock.find_by(domain: 'foo.bar.com')).to be_present
end
context 'when a stricter domain block already exists' do
context 'when a looser domain block already exists on a higher level domain' do
let(:params) { { domain: 'foo.bar.com', severity: :suspend } }
before do
Fabricate(:domain_block, domain: 'bar.com', severity: :silence)
end
it 'creates a domain block with the expected domain name and severity', :aggregate_failures do
subject
body = body_as_json
expect(response).to have_http_status(200)
expect(body).to match a_hash_including(
{
domain: 'foo.bar.com',
severity: 'suspend',
}
)
expect(DomainBlock.find_by(domain: 'foo.bar.com')).to be_present
end
end
context 'when a domain block already exists on the same domain' do
before do
Fabricate(:domain_block, domain: 'foo.bar.com', severity: :silence)
end
it 'returns existing domain block in error', :aggregate_failures do
subject
expect(response).to have_http_status(422)
expect(body_as_json[:existing_domain_block][:domain]).to eq('foo.bar.com')
end
end
context 'when a stricter domain block already exists on a higher level domain' do
before do
Fabricate(:domain_block, domain: 'bar.com', severity: :suspend)
end
@ -246,6 +280,7 @@ RSpec.describe 'Domain Blocks' do
{
id: domain_block.id.to_s,
domain: domain_block.domain,
digest: domain_block.domain_digest,
severity: 'suspend',
}
)

8
spec/services/notify_service_spec.rb
View file

@ -76,10 +76,10 @@ RSpec.describe NotifyService, type: :service do
end
context 'when the message chain is initiated by recipient, but without a mention to the sender, even if the sender sends multiple messages in a row' do
let(:reply_to) { Fabricate(:status, account: recipient) }
let!(:mention) { Fabricate(:mention, account: sender, status: reply_to) }
let(:dummy_reply) { Fabricate(:status, account: sender, visibility: :direct, thread: reply_to) }
let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender, visibility: :direct, thread: dummy_reply)) }
let(:public_status) { Fabricate(:status, account: recipient) }
let(:intermediate_reply) { Fabricate(:status, account: sender, thread: public_status, visibility: :direct) }
let!(:intermediate_mention) { Fabricate(:mention, account: sender, status: intermediate_reply) }
let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender, visibility: :direct, thread: intermediate_reply)) }
it 'does not notify' do
expect { subject }.to_not change(Notification, :count)

7
spec/services/post_status_service_spec.rb
View file

@ -54,6 +54,13 @@ RSpec.describe PostStatusService, type: :service do
it 'does not change statuses count' do
expect { subject.call(account, text: 'Hi future!', scheduled_at: future, thread: previous_status) }.to_not(change { [account.statuses_count, previous_status.replies_count] })
end
it 'returns existing status when used twice with idempotency key' do
account = Fabricate(:account)
status1 = subject.call(account, text: 'test', idempotency: 'meepmeep', scheduled_at: future)
status2 = subject.call(account, text: 'test', idempotency: 'meepmeep', scheduled_at: future)
expect(status2.id).to eq status1.id
end
end
it 'creates response to the original status of boost' do