techhub/mastodon
2
0
Fork 0
Code Activity

Convert "http signatures" portion of statuses controller spec to request spec (#33890)

Browse Source
This commit is contained in:
Matt Jankowski
2025-02-12 03:33:25 -05:00
committed by GitHub
parent aa10e8f399
commit 506a70d0d8
2 changed files with 180 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
spec/controllers/statuses_controller_spec.rb
View File

@@ -275,206 +275,5 @@ RSpec.describe StatusesController do
end
end
end
context 'with signature' do
let(:remote_account) { Fabricate(:account, domain: 'example.com') }
before do
allow(controller).to receive(:signed_request_actor).and_return(remote_account)
end
context 'when account blocks account' do
before do
account.block!(remote_account)
get :show, params: { account_username: status.account.username, id: status.id }
end
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
context 'when account domain blocks account' do
before do
account.block_domain!(remote_account.domain)
get :show, params: { account_username: status.account.username, id: status.id }
end
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
context 'when status is public' do
before do
get :show, params: { account_username: status.account.username, id: status.id, format: format }
end
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
expect(response)
.to have_http_status(200)
.and render_template(:show)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body).to include status.text
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
expect(response)
.to have_http_status(200)
.and have_cacheable_headers.with_vary('Accept, Accept-Language, Cookie')
expect(response.headers).to include(
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when status is private' do
let(:status) { Fabricate(:status, account: account, visibility: :private) }
context 'when user is authorized to see it' do
before do
remote_account.follow!(account)
get :show, params: { account_username: status.account.username, id: status.id, format: format }
end
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
expect(response)
.to have_http_status(200)
.and render_template(:show)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body).to include status.text
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully' do
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
before do
get :show, params: { account_username: status.account.username, id: status.id, format: format }
end
context 'with JSON' do
let(:format) { 'json' }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
context 'with HTML' do
let(:format) { 'html' }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
end
context 'when status is direct' do
let(:status) { Fabricate(:status, account: account, visibility: :direct) }
context 'when user is authorized to see it' do
before do
Fabricate(:mention, account: remote_account, status: status)
get :show, params: { account_username: status.account.username, id: status.id, format: format }
end
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
expect(response)
.to have_http_status(200)
.and render_template(:show)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body).to include status.text
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object', :aggregate_failures do
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
before do
get :show, params: { account_username: status.account.username, id: status.id, format: format }
end
context 'with JSON' do
let(:format) { 'json' }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
context 'with HTML' do
let(:format) { 'html' }
it 'returns http not found' do
expect(response).to have_http_status(404)
end
end
end
end
end
end
end

180
spec/requests/statuses_spec.rb
View File

@@ -63,5 +63,185 @@ RSpec.describe 'Statuses' do
end
end
end
context 'with "HTTP Signature" access signed by a remote account' do
subject do
get short_account_status_path(account_username: status.account.username, id: status.id, format: format),
headers: nil,
sign_with: remote_account
end
let(:format) { 'html' }
let(:remote_account) { Fabricate(:account, domain: 'host.example') }
context 'when account blocks the remote account' do
before { account.block!(remote_account) }
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
context 'when account domain blocks the domain of the remote account' do
before { account.block_domain!(remote_account.domain) }
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
context 'when status has public visibility' do
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
.and have_cacheable_headers.with_vary('Accept, Accept-Language, Cookie')
expect(response.headers).to include(
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when status has private visibility' do
let(:status) { Fabricate(:status, account: account, visibility: :private) }
context 'when user is authorized to see it' do
before { remote_account.follow!(account) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully' do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
end
context 'when status is direct' do
let(:status) { Fabricate(:status, account: account, visibility: :direct) }
context 'when user is authorized to see it' do
before { Fabricate(:mention, account: remote_account, status: status) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
end
end
end
end