about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/config/initializers/rack_attack_spec.rb82
-rw-r--r--spec/controllers/api/v1/admin/domain_allows_controller_spec.rb44
-rw-r--r--spec/controllers/api/v2/filters/keywords_controller_spec.rb (renamed from spec/controllers/api/v1/filters/keywords_controller_spec.rb)2
-rw-r--r--spec/controllers/api/v2/filters/statuses_controller_spec.rb (renamed from spec/controllers/api/v1/filters/statuses_controller_spec.rb)2
-rw-r--r--spec/fixtures/files/utf8-followers.txt1
-rw-r--r--spec/models/account/field_spec.rb16
-rw-r--r--spec/models/custom_emoji_filter_spec.rb4
-rw-r--r--spec/services/import_service_spec.rb23
8 files changed, 154 insertions, 20 deletions
diff --git a/spec/config/initializers/rack_attack_spec.rb b/spec/config/initializers/rack_attack_spec.rb
new file mode 100644
index 000000000..581021cb9
--- /dev/null
+++ b/spec/config/initializers/rack_attack_spec.rb
@@ -0,0 +1,82 @@
+require 'rails_helper'
+
+describe Rack::Attack do
+  include Rack::Test::Methods
+
+  def app
+    Rails.application
+  end
+
+  shared_examples 'throttled endpoint' do
+    context 'when the number of requests is lower than the limit' do
+      it 'does not change the request status' do
+        limit.times do
+          request.call
+          expect(last_response.status).to_not eq(429)
+        end
+      end
+    end
+
+    context 'when the number of requests is higher than the limit' do
+      it 'returns http too many requests' do
+        (limit * 2).times do |i|
+          request.call
+          expect(last_response.status).to eq(429) if i > limit
+        end
+      end
+    end
+  end
+
+  let(:remote_ip) { '1.2.3.5' }
+
+  describe 'throttle excessive sign-up requests by IP address' do
+    context 'through the website' do
+      let(:limit) { 25 }
+      let(:request) { ->() { post path, {}, 'REMOTE_ADDR' => remote_ip } }
+
+      context 'for exact path' do
+        let(:path)  { '/auth' }
+        it_behaves_like 'throttled endpoint'
+      end
+
+      context 'for path with format' do
+        let(:path)  { '/auth.html' }
+        it_behaves_like 'throttled endpoint'
+      end
+    end
+
+    context 'through the API' do
+      let(:limit) { 5 }
+      let(:request) { ->() { post path, {}, 'REMOTE_ADDR' => remote_ip } }
+
+      context 'for exact path' do
+        let(:path)  { '/api/v1/accounts' }
+        it_behaves_like 'throttled endpoint'
+      end
+
+      context 'for path with format' do
+        let(:path)  { '/api/v1/accounts.json' }
+
+        it 'returns http not found' do
+          request.call
+          expect(last_response.status).to eq(404)
+        end
+      end
+    end
+  end
+
+  describe 'throttle excessive sign-in requests by IP address' do
+    let(:limit) { 25 }
+    let(:request) { ->() { post path, {}, 'REMOTE_ADDR' => remote_ip } }
+
+    context 'for exact path' do
+      let(:path)  { '/auth/sign_in' }
+      it_behaves_like 'throttled endpoint'
+    end
+
+    context 'for path with format' do
+      let(:path)  { '/auth/sign_in.html' }
+      it_behaves_like 'throttled endpoint'
+    end
+  end
+end
diff --git a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb
index 26a391a60..8100363f6 100644
--- a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb
+++ b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb
@@ -94,25 +94,37 @@ RSpec.describe Api::V1::Admin::DomainAllowsController, type: :controller do
   describe 'POST #create' do
     let!(:domain_allow) { Fabricate(:domain_allow, domain: 'example.com') }
 
-    before do
-      post :create, params: { domain: 'foo.bar.com' }
-    end
-
-    it_behaves_like 'forbidden for wrong scope', 'write:statuses'
-    it_behaves_like 'forbidden for wrong role', ''
-    it_behaves_like 'forbidden for wrong role', 'Moderator'
-
-    it 'returns http success' do
-      expect(response).to have_http_status(200)
+    context do
+      before do
+        post :create, params: { domain: 'foo.bar.com' }
+      end
+
+      it_behaves_like 'forbidden for wrong scope', 'write:statuses'
+      it_behaves_like 'forbidden for wrong role', ''
+      it_behaves_like 'forbidden for wrong role', 'Moderator'
+
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      it 'returns expected domain name' do
+        json = body_as_json
+        expect(json[:domain]).to eq 'foo.bar.com'
+      end
+
+      it 'creates a domain block' do
+        expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil
+      end
     end
 
-    it 'returns expected domain name' do
-      json = body_as_json
-      expect(json[:domain]).to eq 'foo.bar.com'
-    end
+    context 'with invalid domain name' do
+      before do
+        post :create, params: { domain: 'foo bar' }
+      end
 
-    it 'creates a domain block' do
-      expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil
+      it 'returns http unprocessable entity' do
+        expect(response).to have_http_status(422)
+      end
     end
   end
 end
diff --git a/spec/controllers/api/v1/filters/keywords_controller_spec.rb b/spec/controllers/api/v2/filters/keywords_controller_spec.rb
index aecb4e41c..1201a4ca2 100644
--- a/spec/controllers/api/v1/filters/keywords_controller_spec.rb
+++ b/spec/controllers/api/v2/filters/keywords_controller_spec.rb
@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe Api::V1::Filters::KeywordsController, type: :controller do
+RSpec.describe Api::V2::Filters::KeywordsController, type: :controller do
   render_views
 
   let(:user)         { Fabricate(:user) }
diff --git a/spec/controllers/api/v1/filters/statuses_controller_spec.rb b/spec/controllers/api/v2/filters/statuses_controller_spec.rb
index 3b2399dd8..9740c1eb3 100644
--- a/spec/controllers/api/v1/filters/statuses_controller_spec.rb
+++ b/spec/controllers/api/v2/filters/statuses_controller_spec.rb
@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe Api::V1::Filters::StatusesController, type: :controller do
+RSpec.describe Api::V2::Filters::StatusesController, type: :controller do
   render_views
 
   let(:user)         { Fabricate(:user) }
diff --git a/spec/fixtures/files/utf8-followers.txt b/spec/fixtures/files/utf8-followers.txt
new file mode 100644
index 000000000..9d4fe3485
--- /dev/null
+++ b/spec/fixtures/files/utf8-followers.txt
@@ -0,0 +1 @@
+@nare@թութ.հայ
diff --git a/spec/models/account/field_spec.rb b/spec/models/account/field_spec.rb
index fcb2a884a..b4beec048 100644
--- a/spec/models/account/field_spec.rb
+++ b/spec/models/account/field_spec.rb
@@ -89,6 +89,14 @@ RSpec.describe Account::Field, type: :model do
           expect(subject.verifiable?).to be false
         end
       end
+      
+      context 'for text which is blank' do
+        let(:value) { '' }
+
+        it 'returns false' do
+          expect(subject.verifiable?).to be false
+        end
+      end
     end
 
     context 'for remote accounts' do
@@ -133,6 +141,14 @@ RSpec.describe Account::Field, type: :model do
           expect(subject.verifiable?).to be false
         end
       end
+      
+      context 'for text which is blank' do
+        let(:value) { '' }
+
+        it 'returns false' do
+          expect(subject.verifiable?).to be false
+        end
+      end
     end
   end
 end
diff --git a/spec/models/custom_emoji_filter_spec.rb b/spec/models/custom_emoji_filter_spec.rb
index d859f5c5f..2b1b5dc54 100644
--- a/spec/models/custom_emoji_filter_spec.rb
+++ b/spec/models/custom_emoji_filter_spec.rb
@@ -50,10 +50,10 @@ RSpec.describe CustomEmojiFilter do
       context 'else' do
         let(:params) { { else: 'else' } }
 
-        it 'raises RuntimeError' do
+        it 'raises Mastodon::InvalidParameterError' do
           expect do
             subject
-          end.to raise_error(RuntimeError, /Unknown filter: else/)
+          end.to raise_error(Mastodon::InvalidParameterError, /Unknown filter: else/)
         end
       end
     end
diff --git a/spec/services/import_service_spec.rb b/spec/services/import_service_spec.rb
index 764225aa7..e2d182920 100644
--- a/spec/services/import_service_spec.rb
+++ b/spec/services/import_service_spec.rb
@@ -172,6 +172,29 @@ RSpec.describe ImportService, type: :service do
     end
   end
 
+  # Based on the bug report 20571 where UTF-8 encoded domains were rejecting import of their users
+  #
+  # https://github.com/mastodon/mastodon/issues/20571
+  context 'utf-8 encoded domains' do
+    subject { ImportService.new }
+
+    let!(:nare)     { Fabricate(:account, username: 'nare', domain: 'թութ.հայ', locked: false, protocol: :activitypub, inbox_url: 'https://թութ.հայ/inbox') }
+
+    # Make sure to not actually go to the remote server
+    before do
+      stub_request(:post, "https://թութ.հայ/inbox").to_return(status: 200)
+    end
+
+    let(:csv) { attachment_fixture('utf8-followers.txt') }
+    let(:import) { Import.create(account: account, type: 'following', data: csv) }
+
+    it 'follows the listed account' do
+    expect(account.follow_requests.count).to eq 0
+      subject.call(import)
+      expect(account.follow_requests.count).to eq 1
+    end
+  end
+
   context 'import bookmarks' do
     subject { ImportService.new }
generated by cgit-pink (git 2.37.1) at 2024-07-01 12:28:11 +0000