Allow to dereference Follow object for ActivityPub (#5772)

* Allow to dereference Follow object for ActivityPub

* Accept IRI as object representation for Accept activity

1 files changed, 43 insertions, 0 deletions

diff --git a/spec/controllers/activitypub/follows_controller_spec.rb b/spec/controllers/activitypub/follows_controller_spec.rb
new file mode 100644
index 000000000..6026cd353
--- /dev/null
+++ b/spec/controllers/activitypub/follows_controller_spec.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ActivityPub::FollowsController, type: :controller do
+  let(:follow_request) { Fabricate(:follow_request, account: account) }
+
+  render_views
+
+  context 'with local account' do
+    let(:account) { Fabricate(:account, domain: nil) }
+
+    it 'returns follow request' do
+      signed_request = Request.new(:get, account_follow_url(account, follow_request))
+      signed_request.on_behalf_of(follow_request.target_account)
+      request.headers.merge! signed_request.headers
+
+      get :show, params: { id: follow_request, account_username: account.username }
+
+      expect(body_as_json[:id]).to eq ActivityPub::TagManager.instance.uri_for(follow_request)
+      expect(response).to have_http_status :success
+    end
+
+    it 'returns http 404 without signature' do
+      get :show, params: { id: follow_request, account_username: account.username }
+      expect(response).to have_http_status 404
+    end
+  end
+
+  context 'with remote account' do
+    let(:account) { Fabricate(:account, domain: Faker::Internet.domain_name) }
+
+    it 'returns http 404' do
+      signed_request = Request.new(:get, account_follow_url(account, follow_request))
+      signed_request.on_behalf_of(follow_request.target_account)
+      request.headers.merge! signed_request.headers
+
+      get :show, params: { id: follow_request, account_username: account.username }
+
+      expect(response).to have_http_status 404
+    end
+  end
+end