diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2019-07-23 10:17:06 +0200 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2019-07-23 10:51:07 +0200 |
| commit | 444796b69b0cd2c7b4b95d3b3119e0b7a503f682 (patch) | |
| tree | 6607b9d27817f66a1395bcfaea609198015f8973 /spec/controllers/api/base_controller_spec.rb | |
| parent | 6db5669818cce459b9bb916665541b7b8f5d5155 (diff) | |
| parent | ab3126e7a23125b033ec198cfd83c2178338442c (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - app/controllers/application_controller.rb - app/controllers/auth/confirmations_controller.rb - app/controllers/auth/sessions_controller.rb - app/controllers/settings/deletes_controller.rb - app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
Diffstat (limited to 'spec/controllers/api/base_controller_spec.rb')
| -rw-r--r-- | spec/controllers/api/base_controller_spec.rb | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/spec/controllers/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb index 750ccc8cf..05a42d1c1 100644 --- a/spec/controllers/api/base_controller_spec.rb +++ b/spec/controllers/api/base_controller_spec.rb @@ -15,7 +15,7 @@ describe Api::BaseController do end end - describe 'Forgery protection' do + describe 'forgery protection' do before do routes.draw { post 'success' => 'api/base#success' } end @@ -27,7 +27,45 @@ describe Api::BaseController do end end - describe 'Error handling' do + describe 'non-functional accounts handling' do + let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') } + + controller do + before_action :require_user! + end + + before do + routes.draw { post 'success' => 'api/base#success' } + allow(controller).to receive(:doorkeeper_token) { token } + end + + it 'returns http forbidden for unconfirmed accounts' do + user.update(confirmed_at: nil) + post 'success' + expect(response).to have_http_status(403) + end + + it 'returns http forbidden for pending accounts' do + user.update(approved: false) + post 'success' + expect(response).to have_http_status(403) + end + + it 'returns http forbidden for disabled accounts' do + user.update(disabled: true) + post 'success' + expect(response).to have_http_status(403) + end + + it 'returns http forbidden for suspended accounts' do + user.account.suspend! + post 'success' + expect(response).to have_http_status(403) + end + end + + describe 'error handling' do ERRORS_WITH_CODES = { ActiveRecord::RecordInvalid => 422, Mastodon::ValidationError => 422, |