3 files changed, 107 insertions, 9 deletions
diff --git a/spec/controllers/api/v1/emails/confirmations_controller_spec.rb b/spec/controllers/api/v1/emails/confirmations_controller_spec.rb
new file mode 100644
index 000000000..15ac31cbc
--- /dev/null
+++ b/spec/controllers/api/v1/emails/confirmations_controller_spec.rb
@@ -0,0 +1,64 @@
+require 'rails_helper'
+
+RSpec.describe Api::V1::Emails::ConfirmationsController, type: :controller do
+  let(:confirmed_at) { nil }
+  let(:user)         { Fabricate(:user, confirmed_at: confirmed_at) }
+  let(:app)          { Fabricate(:application) }
+  let(:token)        { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes, application: app) }
+  let(:scopes)       { 'write' }
+
+  describe '#create' do
+    context 'with an oauth token' do
+      before do
+        allow(controller).to receive(:doorkeeper_token) { token }
+      end
+
+      context 'from a random app' do
+        it 'returns http forbidden' do
+          post :create
+          expect(response).to have_http_status(:forbidden)
+        end
+      end
+
+      context 'from an app that created the account' do
+        before do
+          user.update(created_by_application: token.application)
+        end
+
+        context 'when the account is already confirmed' do
+          let(:confirmed_at) { Time.now.utc }
+
+          it 'returns http forbidden' do
+            post :create
+            expect(response).to have_http_status(:forbidden)
+          end
+
+          context 'but user changed e-mail and has not confirmed it' do
+            before do
+              user.update(email: 'foo@bar.com')
+            end
+
+            it 'returns http success' do
+              post :create
+              expect(response).to have_http_status(:success)
+            end
+          end
+        end
+
+        context 'when the account is unconfirmed' do
+          it 'returns http success' do
+            post :create
+            expect(response).to have_http_status(:success)
+          end
+        end
+      end
+    end
+
+    context 'without an oauth token' do
+      it 'returns http unauthorized' do
+        post :create
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+end
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
index 86c2a9c52..217a8f2f8 100644
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@@ -60,9 +60,7 @@ RSpec.configure do |config|
 
   config.after :each do
     Rails.cache.clear
-
-    keys = Redis.current.keys
-    Redis.current.del(keys) if keys.any?
+    Redis.current.del(Redis.current.keys)
   end
 end
 
diff --git a/spec/services/activitypub/fetch_remote_status_service_spec.rb b/spec/services/activitypub/fetch_remote_status_service_spec.rb
index 94574aa7f..68816e554 100644
--- a/spec/services/activitypub/fetch_remote_status_service_spec.rb
+++ b/spec/services/activitypub/fetch_remote_status_service_spec.rb
@@ -3,9 +3,11 @@ require 'rails_helper'
 RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do
   include ActionView::Helpers::TextHelper
 
-  let(:sender) { Fabricate(:account) }
-  let(:recipient) { Fabricate(:account) }
-  let(:valid_domain) { Rails.configuration.x.local_domain }
+  let!(:sender) { Fabricate(:account).tap { |account| account.update(uri: ActivityPub::TagManager.instance.uri_for(account)) } }
+  let!(:recipient) { Fabricate(:account) }
+  let!(:valid_domain) { Rails.configuration.x.local_domain }
+
+  let(:existing_status) { nil }
 
   let(:note) do
     {
@@ -19,11 +21,13 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do
 
   subject { described_class.new }
 
+  before do
+    stub_request(:head, 'https://example.com/watch?v=12345').to_return(status: 404, body: '')
+  end
+
   describe '#call' do
     before do
-      sender.update(uri: ActivityPub::TagManager.instance.uri_for(sender))
-
-      stub_request(:head, 'https://example.com/watch?v=12345').to_return(status: 404, body: '')
+      existing_status
       subject.call(object[:id], prefetched_body: Oj.dump(object))
     end
 
@@ -186,5 +190,37 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do
         expect(sender.statuses.first).to be_nil
       end
     end
+
+    context 'when status already exists' do
+      let(:existing_status) { Fabricate(:status, account: sender, text: 'Foo', uri: note[:id]) }
+
+      context 'with a Note object' do
+        let(:object) { note }
+
+        it 'updates status' do
+          existing_status.reload
+          expect(existing_status.text).to eq 'Lorem ipsum'
+          expect(existing_status.edits).to_not be_empty
+        end
+      end
+
+      context 'with a Create activity' do
+        let(:object) do
+          {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            id: "https://#{valid_domain}/@foo/1234/create",
+            type: 'Create',
+            actor: ActivityPub::TagManager.instance.uri_for(sender),
+            object: note,
+          }
+        end
+
+        it 'updates status' do
+          existing_status.reload
+          expect(existing_status.text).to eq 'Lorem ipsum'
+          expect(existing_status.edits).to_not be_empty
+        end
+      end
+    end
   end
 end