diff options
| -rw-r--r-- | app/controllers/intents_controller.rb | 19 | ||||
| -rw-r--r-- | spec/controllers/intents_controller_spec.rb | 50 |
2 files changed, 67 insertions, 2 deletions
diff --git a/app/controllers/intents_controller.rb b/app/controllers/intents_controller.rb index 504befd1f..56129d69a 100644 --- a/app/controllers/intents_controller.rb +++ b/app/controllers/intents_controller.rb @@ -1,9 +1,10 @@ # frozen_string_literal: true class IntentsController < ApplicationController - def show - uri = Addressable::URI.parse(params[:uri]) + before_action :check_uri + rescue_from Addressable::URI::InvalidURIError, with: :handle_invalid_uri + def show if uri.scheme == 'web+mastodon' case uri.host when 'follow' @@ -15,4 +16,18 @@ class IntentsController < ApplicationController not_found end + + private + + def check_uri + not_found if uri.blank? + end + + def handle_invalid_uri + not_found + end + + def uri + @uri ||= Addressable::URI.parse(params[:uri]) + end end diff --git a/spec/controllers/intents_controller_spec.rb b/spec/controllers/intents_controller_spec.rb new file mode 100644 index 000000000..3dde7f835 --- /dev/null +++ b/spec/controllers/intents_controller_spec.rb @@ -0,0 +1,50 @@ +require 'rails_helper' + +RSpec.describe IntentsController, type: :controller do + render_views + + let(:user) { Fabricate(:user) } + before { sign_in user, scope: :user } + + describe 'GET #show' do + subject { get :show, params: { uri: uri } } + + context 'when schema is web+mastodon' do + context 'when host is follow' do + let(:uri) { 'web+mastodon://follow?uri=test' } + + it { is_expected.to redirect_to authorize_follow_path(acct: 'test') } + end + + context 'when host is share' do + let(:uri) { 'web+mastodon://share?text=test' } + + it { is_expected.to redirect_to share_path(text: 'test') } + end + + context 'when host is none of the above' do + let(:uri) { 'web+mastodon://test' } + + it { is_expected.to have_http_status 404 } + end + end + + context 'when schema is not web+mastodon' do + let(:uri) { 'api+mastodon://test.com' } + + it { is_expected.to have_http_status 404 } + end + + context 'when uri param is blank' do + let(:uri) { '' } + + it { is_expected.to have_http_status 404 } + end + + context 'when uri is invalid' do + let(:uri) { 'invalid uri://test.com' } + + it { is_expected.to have_http_status 404 } + end + end +end |