2 files changed, 73 insertions, 10 deletions

diff --git a/spec/controllers/activitypub/follows_controller_spec.rb b/spec/controllers/activitypub/follows_controller_spec.rb
new file mode 100644
index 000000000..6026cd353
--- /dev/null
+++ b/spec/controllers/activitypub/follows_controller_spec.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ActivityPub::FollowsController, type: :controller do
+  let(:follow_request) { Fabricate(:follow_request, account: account) }
+
+  render_views
+
+  context 'with local account' do
+    let(:account) { Fabricate(:account, domain: nil) }
+
+    it 'returns follow request' do
+      signed_request = Request.new(:get, account_follow_url(account, follow_request))
+      signed_request.on_behalf_of(follow_request.target_account)
+      request.headers.merge! signed_request.headers
+
+      get :show, params: { id: follow_request, account_username: account.username }
+
+      expect(body_as_json[:id]).to eq ActivityPub::TagManager.instance.uri_for(follow_request)
+      expect(response).to have_http_status :success
+    end
+
+    it 'returns http 404 without signature' do
+      get :show, params: { id: follow_request, account_username: account.username }
+      expect(response).to have_http_status 404
+    end
+  end
+
+  context 'with remote account' do
+    let(:account) { Fabricate(:account, domain: Faker::Internet.domain_name) }
+
+    it 'returns http 404' do
+      signed_request = Request.new(:get, account_follow_url(account, follow_request))
+      signed_request.on_behalf_of(follow_request.target_account)
+      request.headers.merge! signed_request.headers
+
+      get :show, params: { id: follow_request, account_username: account.username }
+
+      expect(response).to have_http_status 404
+    end
+  end
+end
diff --git a/spec/controllers/auth/confirmations_controller_spec.rb b/spec/controllers/auth/confirmations_controller_spec.rb
index 2ec36c060..80a06c43a 100644
--- a/spec/controllers/auth/confirmations_controller_spec.rb
+++ b/spec/controllers/auth/confirmations_controller_spec.rb
@@ -12,20 +12,40 @@ describe Auth::ConfirmationsController, type: :controller do
   end
 
   describe 'GET #show' do
-    let!(:user) { Fabricate(:user, confirmation_token: 'foobar', confirmed_at: nil) }
+    context 'when user is unconfirmed' do
+      let!(:user) { Fabricate(:user, confirmation_token: 'foobar', confirmed_at: nil) }
 
-    before do
-      allow(BootstrapTimelineWorker).to receive(:perform_async)
-      @request.env['devise.mapping'] = Devise.mappings[:user]
-      get :show, params: { confirmation_token: 'foobar' }
-    end
+      before do
+        allow(BootstrapTimelineWorker).to receive(:perform_async)
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+        get :show, params: { confirmation_token: 'foobar' }
+      end
+
+      it 'redirects to login' do
+        expect(response).to redirect_to(new_user_session_path)
+      end
 
-    it 'redirects to login' do
-      expect(response).to redirect_to(new_user_session_path)
+      it 'queues up bootstrapping of home timeline' do
+        expect(BootstrapTimelineWorker).to have_received(:perform_async).with(user.account_id)
+      end
     end
 
-    it 'queues up bootstrapping of home timeline' do
-      expect(BootstrapTimelineWorker).to have_received(:perform_async).with(user.account_id)
+    context 'when user is updating email' do
+      let!(:user) { Fabricate(:user, confirmation_token: 'foobar', unconfirmed_email: 'new-email@example.com') }
+
+      before do
+        allow(BootstrapTimelineWorker).to receive(:perform_async)
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+        get :show, params: { confirmation_token: 'foobar' }
+      end
+
+      it 'redirects to login' do
+        expect(response).to redirect_to(new_user_session_path)
+      end
+
+      it 'does not queue up bootstrapping of home timeline' do
+        expect(BootstrapTimelineWorker).to_not have_received(:perform_async)
+      end
     end
   end
 end