From b4fb766b23f4b50b51a366f55b451770ece3153a Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 11 May 2018 11:49:12 +0200
Subject: Add REST API for Web Push Notifications subscriptions (#7445)
- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
---
.../api/v1/push/subscriptions_controller.rb | 50 ++++++++++++++++++++++
.../api/web/push_subscriptions_controller.rb | 11 ++---
app/controllers/shares_controller.rb | 1 +
3 files changed, 57 insertions(+), 5 deletions(-)
create mode 100644 app/controllers/api/v1/push/subscriptions_controller.rb
(limited to 'app/controllers')
diff --git a/app/controllers/api/v1/push/subscriptions_controller.rb b/app/controllers/api/v1/push/subscriptions_controller.rb
new file mode 100644
index 000000000..5038cc03c
--- /dev/null
+++ b/app/controllers/api/v1/push/subscriptions_controller.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+class Api::V1::Push::SubscriptionsController < Api::BaseController
+ before_action -> { doorkeeper_authorize! :push }
+ before_action :require_user!
+ before_action :set_web_push_subscription
+
+ def create
+ @web_subscription&.destroy!
+
+ @web_subscription = ::Web::PushSubscription.create!(
+ endpoint: subscription_params[:endpoint],
+ key_p256dh: subscription_params[:keys][:p256dh],
+ key_auth: subscription_params[:keys][:auth],
+ data: data_params,
+ user_id: current_user.id,
+ access_token_id: doorkeeper_token.id
+ )
+
+ render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
+ end
+
+ def update
+ raise ActiveRecord::RecordNotFound if @web_subscription.nil?
+
+ @web_subscription.update!(data: data_params)
+
+ render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
+ end
+
+ def destroy
+ @web_subscription&.destroy!
+ render_empty
+ end
+
+ private
+
+ def set_web_push_subscription
+ @web_subscription = ::Web::PushSubscription.find_by(access_token_id: doorkeeper_token.id)
+ end
+
+ def subscription_params
+ params.require(:subscription).permit(:endpoint, keys: [:auth, :p256dh])
+ end
+
+ def data_params
+ return {} if params[:data].blank?
+ params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
+ end
+end
diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb
index 249e7c186..fe8e42580 100644
--- a/app/controllers/api/web/push_subscriptions_controller.rb
+++ b/app/controllers/api/web/push_subscriptions_controller.rb
@@ -31,22 +31,23 @@ class Api::Web::PushSubscriptionsController < Api::Web::BaseController
endpoint: subscription_params[:endpoint],
key_p256dh: subscription_params[:keys][:p256dh],
key_auth: subscription_params[:keys][:auth],
- data: data
+ data: data,
+ user_id: active_session.user_id,
+ access_token_id: active_session.access_token_id
)
active_session.update!(web_push_subscription: web_subscription)
- render json: web_subscription.as_payload
+ render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
end
def update
params.require([:id])
web_subscription = ::Web::PushSubscription.find(params[:id])
-
web_subscription.update!(data: data_params)
- render json: web_subscription.as_payload
+ render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
end
private
@@ -56,6 +57,6 @@ class Api::Web::PushSubscriptionsController < Api::Web::BaseController
end
def data_params
- @data_params ||= params.require(:data).permit(:alerts)
+ @data_params ||= params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
end
end
diff --git a/app/controllers/shares_controller.rb b/app/controllers/shares_controller.rb
index 3ec831a72..9ef1e0749 100644
--- a/app/controllers/shares_controller.rb
+++ b/app/controllers/shares_controller.rb
@@ -15,6 +15,7 @@ class SharesController < ApplicationController
def initial_state_params
text = [params[:title], params[:text], params[:url]].compact.join(' ')
+
{
settings: Web::Setting.find_by(user: current_user)&.data || {},
push_subscription: current_account.user.web_push_subscription(current_session),
--
cgit
From 50491e0d92acea90e7a83d2ab0e9a1b271daa8a8 Mon Sep 17 00:00:00 2001
From: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com>
Date: Fri, 11 May 2018 20:14:33 +0900
Subject: Add tests for invites controller (#7441)
* Add tests for invites controller
* Small refactoring and fix for invites controller
---
app/controllers/invites_controller.rb | 12 ++++--
spec/controllers/invites_controller_spec.rb | 67 +++++++++++++++++++++++++++++
2 files changed, 75 insertions(+), 4 deletions(-)
create mode 100644 spec/controllers/invites_controller_spec.rb
(limited to 'app/controllers')
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 38d6c8d73..8e87c63cf 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -8,9 +8,9 @@ class InvitesController < ApplicationController
before_action :authenticate_user!
def index
- authorize :invite, :create?
+ authorize :invite, :index?
- @invites = Invite.where(user: current_user)
+ @invites = invites
@invite = Invite.new(expires_in: 1.day.to_i)
end
@@ -23,13 +23,13 @@ class InvitesController < ApplicationController
if @invite.save
redirect_to invites_path
else
- @invites = Invite.where(user: current_user)
+ @invites = invites
render :index
end
end
def destroy
- @invite = Invite.where(user: current_user).find(params[:id])
+ @invite = invites.find(params[:id])
authorize @invite, :destroy?
@invite.expire!
redirect_to invites_path
@@ -37,6 +37,10 @@ class InvitesController < ApplicationController
private
+ def invites
+ Invite.where(user: current_user)
+ end
+
def resource_params
params.require(:invite).permit(:max_uses, :expires_in)
end
diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb
new file mode 100644
index 000000000..c5c6cb651
--- /dev/null
+++ b/spec/controllers/invites_controller_spec.rb
@@ -0,0 +1,67 @@
+require 'rails_helper'
+
+describe InvitesController do
+ render_views
+
+ before do
+ sign_in user
+ end
+
+ describe 'GET #index' do
+ subject { get :index }
+
+ let!(:invite) { Fabricate(:invite, user: user) }
+
+ context 'when user is a staff' do
+ let(:user) { Fabricate(:user, moderator: true, admin: false) }
+
+ it 'renders index page' do
+ expect(subject).to render_template :index
+ expect(assigns(:invites)).to include invite
+ expect(assigns(:invites).count).to eq 1
+ end
+ end
+
+ context 'when user is not a staff' do
+ let(:user) { Fabricate(:user, moderator: false, admin: false) }
+
+ it 'returns 403' do
+ expect(subject).to have_http_status 403
+ end
+ end
+ end
+
+ describe 'POST #create' do
+ subject { post :create, params: { invite: { max_uses: '10', expires_in: 1800 } } }
+
+ context 'when user is an admin' do
+ let(:user) { Fabricate(:user, moderator: false, admin: true) }
+
+ it 'succeeds to create a invite' do
+ expect{ subject }.to change { Invite.count }.by(1)
+ expect(subject).to redirect_to invites_path
+ expect(Invite.last).to have_attributes(user_id: user.id, max_uses: 10)
+ end
+ end
+
+ context 'when user is not an admin' do
+ let(:user) { Fabricate(:user, moderator: true, admin: false) }
+
+ it 'returns 403' do
+ expect(subject).to have_http_status 403
+ end
+ end
+ end
+
+ describe 'DELETE #create' do
+ subject { delete :destroy, params: { id: invite.id } }
+
+ let!(:invite) { Fabricate(:invite, user: user, expires_at: nil) }
+ let(:user) { Fabricate(:user, moderator: false, admin: true) }
+
+ it 'expires invite' do
+ expect(subject).to redirect_to invites_path
+ expect(invite.reload).to be_expired
+ end
+ end
+end
--
cgit
From 352bae8c3ef2aca41de4aacb85d5e036a1d2bace Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Fri, 11 May 2018 13:20:58 +0200
Subject: Update session activation time (fixes #5605) (#7408)
---
app/controllers/application_controller.rb | 1 +
.../concerns/session_tracking_concern.rb | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+)
create mode 100644 app/controllers/concerns/session_tracking_concern.rb
(limited to 'app/controllers')
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 588526447..5b22f17c6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
include Localized
include UserTrackingConcern
+ include SessionTrackingConcern
helper_method :current_account
helper_method :current_session
diff --git a/app/controllers/concerns/session_tracking_concern.rb b/app/controllers/concerns/session_tracking_concern.rb
new file mode 100644
index 000000000..45361b019
--- /dev/null
+++ b/app/controllers/concerns/session_tracking_concern.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module SessionTrackingConcern
+ extend ActiveSupport::Concern
+
+ UPDATE_SIGN_IN_HOURS = 24
+
+ included do
+ before_action :set_session_activity
+ end
+
+ private
+
+ def set_session_activity
+ return unless session_needs_update?
+ current_session.touch
+ end
+
+ def session_needs_update?
+ !current_session.nil? && current_session.updated_at < UPDATE_SIGN_IN_HOURS.hours.ago
+ end
+end
--
cgit