diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2022-10-26 12:10:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-26 12:10:02 +0200 |
| commit | 1ae508bf2faae016b88d15e273b0dc01de4fd7af (patch) | |
| tree | 40e95ee7917ae867179b725bd88b34f911d07b7f /spec/controllers/api | |
| parent | 8f073818568b78b4adb858feb928b0da237d066a (diff) | |
Change unauthenticated search to not support pagination in REST API (#19326)
- Only exact search matches for queries with < 5 characters - Do not support queries with `offset` (pagination) - Return HTTP 401 on truthy `resolve` instead of overriding to false
Diffstat (limited to 'spec/controllers/api')
| -rw-r--r-- | spec/controllers/api/v2/search_controller_spec.rb | 62 |
1 files changed, 54 insertions, 8 deletions
diff --git a/spec/controllers/api/v2/search_controller_spec.rb b/spec/controllers/api/v2/search_controller_spec.rb index fa20e1e51..d417ea58c 100644 --- a/spec/controllers/api/v2/search_controller_spec.rb +++ b/spec/controllers/api/v2/search_controller_spec.rb @@ -5,18 +5,64 @@ require 'rails_helper' RSpec.describe Api::V2::SearchController, type: :controller do render_views - let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:search') } + context 'with token' do + let(:user) { Fabricate(:user) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:search') } - before do - allow(controller).to receive(:doorkeeper_token) { token } + before do + allow(controller).to receive(:doorkeeper_token) { token } + end + + describe 'GET #index' do + before do + get :index, params: { q: 'test' } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + end end - describe 'GET #index' do - it 'returns http success' do - get :index, params: { q: 'test' } + context 'without token' do + describe 'GET #index' do + let(:search_params) {} + + before do + get :index, params: search_params + end + + context 'with a `q` shorter than 5 characters' do + let(:search_params) { { q: 'test' } } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + end + + context 'with a `q` equal to or longer than 5 characters' do + let(:search_params) { { q: 'test1' } } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + context 'with truthy `resolve`' do + let(:search_params) { { q: 'test1', resolve: '1' } } + + it 'returns http unauthorized' do + expect(response).to have_http_status(401) + end + end + + context 'with `offset`' do + let(:search_params) { { q: 'test1', offset: 1 } } - expect(response).to have_http_status(200) + it 'returns http unauthorized' do + expect(response).to have_http_status(401) + end + end + end end end end |