diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2020-05-03 21:20:42 +0200 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2020-05-03 21:23:49 +0200 |
| commit | a22e6a368333f3563f8d8d56d8e98d02088e82dc (patch) | |
| tree | 4146f9e8afe4257c6f33bc695a3cfbfb89aa81b6 /spec/controllers/activitypub/replies_controller_spec.rb | |
| parent | 9c61dadc0db7009853c6b2345a02c3b219022929 (diff) | |
| parent | e223fd8c6190661237ea43e7773e47513c48fd46 (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `app/controllers/statuses_controller.rb`: Upstream disabled the embed controller for reblogs. Not a real conflict, but glitch-soc has an extra line to deal with its theming system. Ported upstream changes. - `app/javascript/packs/public.js`: Upstream made changes to get rid of most inline CSS, this changes javascript for public pages, which in glitch are split between different files. Ported those changes. - `app/models/status.rb`: Upstream changed the block check in `Status#permitted_for` to include domain-block checks. Not a real conflict with glitch-soc, but our scope is slightly different, as our scope for unauthenticated access do not include instance-local toots. Ported upstream changes. - `app/serializers/rest/instance_serializer.rb`: Not a real conflict, upstream added a new field to the instance serializer, the conflict is one line above since we added more of that. Ported upstream changes. - `app/views/settings/profiles/show.html.haml`: Upstream got rid of most inline CSS and moved hidden elements to data attributes in the process, in fields were we have different values. Ported upstream changes while keeping our glitch-specific values. - `app/views/statuses/_simple_status.html.haml`: Upstream got rid of inline CSS on an HAML line we treat differently, stripping empty text nodes. Ported upstream changes to the style attribute, keeping the empty text node stripping behavior.
Diffstat (limited to 'spec/controllers/activitypub/replies_controller_spec.rb')
| -rw-r--r-- | spec/controllers/activitypub/replies_controller_spec.rb | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/spec/controllers/activitypub/replies_controller_spec.rb b/spec/controllers/activitypub/replies_controller_spec.rb new file mode 100644 index 000000000..a5ed14180 --- /dev/null +++ b/spec/controllers/activitypub/replies_controller_spec.rb @@ -0,0 +1,196 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe ActivityPub::RepliesController, type: :controller do + let(:status) { Fabricate(:status, visibility: parent_visibility) } + let(:remote_account) { nil } + + before do + allow(controller).to receive(:signed_request_account).and_return(remote_account) + + Fabricate(:status, thread: status, visibility: :public) + Fabricate(:status, thread: status, visibility: :public) + Fabricate(:status, thread: status, visibility: :private) + Fabricate(:status, account: status.account, thread: status, visibility: :public) + Fabricate(:status, account: status.account, thread: status, visibility: :private) + end + + describe 'GET #index' do + context 'with no signature' do + before do + get :index, params: { account_username: status.account.username, status_id: status.id } + end + + context 'when status is public' do + let(:parent_visibility) { :public } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns application/activity+json' do + expect(response.content_type).to eq 'application/activity+json' + end + + it 'returns public Cache-Control header' do + expect(response.headers['Cache-Control']).to include 'public' + end + + it 'returns items with account\'s own replies' do + json = body_as_json + + expect(json[:first]).to be_a Hash + expect(json[:first][:items]).to be_an Array + expect(json[:first][:items].size).to eq 1 + expect(json[:first][:items].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true + end + end + + context 'when status is private' do + let(:parent_visibility) { :private } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when status is direct' do + let(:parent_visibility) { :direct } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + context 'with signature' do + let(:remote_account) { Fabricate(:account, domain: 'example.com') } + let(:only_other_accounts) { nil } + + context do + before do + get :index, params: { account_username: status.account.username, status_id: status.id, only_other_accounts: only_other_accounts } + end + + context 'when status is public' do + let(:parent_visibility) { :public } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns application/activity+json' do + expect(response.content_type).to eq 'application/activity+json' + end + + it 'returns public Cache-Control header' do + expect(response.headers['Cache-Control']).to include 'public' + end + + context 'without only_other_accounts' do + it 'returns items with account\'s own replies' do + json = body_as_json + + expect(json[:first]).to be_a Hash + expect(json[:first][:items]).to be_an Array + expect(json[:first][:items].size).to eq 1 + expect(json[:first][:items].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true + end + end + + context 'with only_other_accounts' do + let(:only_other_accounts) { 'true' } + + it 'returns items with other public or unlisted replies' do + json = body_as_json + + expect(json[:first]).to be_a Hash + expect(json[:first][:items]).to be_an Array + expect(json[:first][:items].size).to eq 2 + expect(json[:first][:items].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true + end + end + end + + context 'when status is private' do + let(:parent_visibility) { :private } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when status is direct' do + let(:parent_visibility) { :direct } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + context 'when signed request account is blocked' do + before do + status.account.block!(remote_account) + get :index, params: { account_username: status.account.username, status_id: status.id } + end + + context 'when status is public' do + let(:parent_visibility) { :public } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when status is private' do + let(:parent_visibility) { :private } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when status is direct' do + let(:parent_visibility) { :direct } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + context 'when signed request account is domain blocked' do + before do + status.account.block_domain!(remote_account.domain) + get :index, params: { account_username: status.account.username, status_id: status.id } + end + + context 'when status is public' do + let(:parent_visibility) { :public } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when status is private' do + let(:parent_visibility) { :private } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + + context 'when status is direct' do + let(:parent_visibility) { :direct } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + end + end +end |