From 3134691948aeacb16b7386ed77bbea4581beec40 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 8 Nov 2020 00:28:39 +0100
Subject: Add support for reversible suspensions through ActivityPub (#14989)

---
 spec/controllers/account_follow_controller_spec.rb |  48 +++++-
 .../account_unfollow_controller_spec.rb            |  48 +++++-
 spec/controllers/accounts_controller_spec.rb       |  68 ++++++++-
 .../activitypub/collections_controller_spec.rb     |  32 +++-
 .../followers_synchronizations_controller_spec.rb  |  31 +++-
 .../activitypub/inboxes_controller_spec.rb         |  27 ++++
 .../activitypub/outboxes_controller_spec.rb        |  58 +++++--
 .../activitypub/replies_controller_spec.rb         |  39 ++++-
 .../api/v1/admin/accounts_controller_spec.rb       |   2 +-
 .../follower_accounts_controller_spec.rb           |  63 ++++++++
 .../following_accounts_controller_spec.rb          |  63 ++++++++
 spec/controllers/remote_follow_controller_spec.rb  |  33 +++-
 spec/controllers/statuses_controller_spec.rb       |  38 ++++-
 .../well_known/webfinger_controller_spec.rb        | 169 +++++++++++++--------
 14 files changed, 591 insertions(+), 128 deletions(-)

(limited to 'spec/controllers')

diff --git a/spec/controllers/account_follow_controller_spec.rb b/spec/controllers/account_follow_controller_spec.rb
index 9a93e1ebe..d33cd0499 100644
--- a/spec/controllers/account_follow_controller_spec.rb
+++ b/spec/controllers/account_follow_controller_spec.rb
@@ -16,17 +16,49 @@ describe AccountFollowController do
       allow(service).to receive(:call)
     end
 
-    it 'does not create for user who is not signed in' do
-      subject
-      expect(FollowService).not_to receive(:new)
+    context 'when account is permanently suspended' do
+      before do
+        alice.suspend!
+        alice.deletion_request.destroy
+        subject
+      end
+
+      it 'returns http gone' do
+        expect(response).to have_http_status(410)
+      end
+    end
+
+    context 'when account is temporarily suspended' do
+      before do
+        alice.suspend!
+        subject
+      end
+
+      it 'returns http forbidden' do
+        expect(response).to have_http_status(403)
+      end
+    end
+
+    context 'when signed out' do
+      before do
+        subject
+      end
+
+      it 'does not follow' do
+        expect(FollowService).not_to receive(:new)
+      end
     end
 
-    it 'redirects to account path' do
-      sign_in(user)
-      subject
+    context 'when signed in' do
+      before do
+        sign_in(user)
+        subject
+      end
 
-      expect(service).to have_received(:call).with(user.account, alice, with_rate_limit: true)
-      expect(response).to redirect_to(account_path(alice))
+      it 'redirects to account path' do
+        expect(service).to have_received(:call).with(user.account, alice, with_rate_limit: true)
+        expect(response).to redirect_to(account_path(alice))
+      end
     end
   end
 end
diff --git a/spec/controllers/account_unfollow_controller_spec.rb b/spec/controllers/account_unfollow_controller_spec.rb
index bdebcfa94..a11f7aa68 100644
--- a/spec/controllers/account_unfollow_controller_spec.rb
+++ b/spec/controllers/account_unfollow_controller_spec.rb
@@ -16,17 +16,49 @@ describe AccountUnfollowController do
       allow(service).to receive(:call)
     end
 
-    it 'does not create for user who is not signed in' do
-      subject
-      expect(UnfollowService).not_to receive(:new)
+    context 'when account is permanently suspended' do
+      before do
+        alice.suspend!
+        alice.deletion_request.destroy
+        subject
+      end
+
+      it 'returns http gone' do
+        expect(response).to have_http_status(410)
+      end
+    end
+
+    context 'when account is temporarily suspended' do
+      before do
+        alice.suspend!
+        subject
+      end
+
+      it 'returns http forbidden' do
+        expect(response).to have_http_status(403)
+      end
+    end
+
+    context 'when signed out' do
+      before do
+        subject
+      end
+
+      it 'does not unfollow' do
+        expect(UnfollowService).not_to receive(:new)
+      end
     end
 
-    it 'redirects to account path' do
-      sign_in(user)
-      subject
+    context 'when signed in' do
+      before do
+        sign_in(user)
+        subject
+      end
 
-      expect(service).to have_received(:call).with(user.account, alice)
-      expect(response).to redirect_to(account_path(alice))
+      it 'redirects to account path' do
+        expect(service).to have_received(:call).with(user.account, alice)
+        expect(response).to redirect_to(account_path(alice))
+      end
     end
   end
 end
diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb
index b04f4650b..f7d0b1af5 100644
--- a/spec/controllers/accounts_controller_spec.rb
+++ b/spec/controllers/accounts_controller_spec.rb
@@ -48,10 +48,17 @@ RSpec.describe AccountsController, type: :controller do
           expect(response).to have_http_status(404)
         end
       end
+    end
+
+    context 'as HTML' do
+      let(:format) { 'html' }
 
-      context 'when account is suspended' do
+      it_behaves_like 'preliminary checks'
+
+      context 'when account is permanently suspended' do
         before do
           account.suspend!
+          account.deletion_request.destroy
         end
 
         it 'returns http gone' do
@@ -59,12 +66,17 @@ RSpec.describe AccountsController, type: :controller do
           expect(response).to have_http_status(410)
         end
       end
-    end
 
-    context 'as HTML' do
-      let(:format) { 'html' }
+      context 'when account is temporarily suspended' do
+        before do
+          account.suspend!
+        end
 
-      it_behaves_like 'preliminary checks'
+        it 'returns http forbidden' do
+          get :show, params: { username: account.username, format: format }
+          expect(response).to have_http_status(403)
+        end
+      end
 
       shared_examples 'common response characteristics' do
         it 'returns http success' do
@@ -325,6 +337,29 @@ RSpec.describe AccountsController, type: :controller do
 
       it_behaves_like 'preliminary checks'
 
+      context 'when account is suspended permanently' do
+        before do
+          account.suspend!
+          account.deletion_request.destroy
+        end
+
+        it 'returns http gone' do
+          get :show, params: { username: account.username, format: format }
+          expect(response).to have_http_status(410)
+        end
+      end
+
+      context 'when account is suspended temporarily' do
+        before do
+          account.suspend!
+        end
+
+        it 'returns http success' do
+          get :show, params: { username: account.username, format: format }
+          expect(response).to have_http_status(200)
+        end
+      end
+
       context do
         before do
           get :show, params: { username: account.username, format: format }
@@ -435,6 +470,29 @@ RSpec.describe AccountsController, type: :controller do
 
       it_behaves_like 'preliminary checks'
 
+      context 'when account is permanently suspended' do
+        before do
+          account.suspend!
+          account.deletion_request.destroy
+        end
+
+        it 'returns http gone' do
+          get :show, params: { username: account.username, format: format }
+          expect(response).to have_http_status(410)
+        end
+      end
+
+      context 'when account is temporarily suspended' do
+        before do
+          account.suspend!
+        end
+
+        it 'returns http forbidden' do
+          get :show, params: { username: account.username, format: format }
+          expect(response).to have_http_status(403)
+        end
+      end
+
       shared_examples 'common response characteristics' do
         it 'returns http success' do
           expect(response).to have_http_status(200)
diff --git a/spec/controllers/activitypub/collections_controller_spec.rb b/spec/controllers/activitypub/collections_controller_spec.rb
index 89939d1d2..ac661e5e1 100644
--- a/spec/controllers/activitypub/collections_controller_spec.rb
+++ b/spec/controllers/activitypub/collections_controller_spec.rb
@@ -13,6 +13,7 @@ RSpec.describe ActivityPub::CollectionsController, type: :controller do
     end
 
     it 'does not set sessions' do
+      response
       expect(session).to be_empty
     end
 
@@ -34,9 +35,8 @@ RSpec.describe ActivityPub::CollectionsController, type: :controller do
       context 'without signature' do
         let(:remote_account) { nil }
 
-        before do
-          get :show, params: { id: 'featured', account_username: account.username }
-        end
+        subject(:response) { get :show, params: { id: 'featured', account_username: account.username } }
+        subject(:body) { body_as_json }
 
         it 'returns http success' do
           expect(response).to have_http_status(200)
@@ -49,9 +49,29 @@ RSpec.describe ActivityPub::CollectionsController, type: :controller do
         it_behaves_like 'cachable response'
 
         it 'returns orderedItems with pinned statuses' do
-          json = body_as_json
-          expect(json[:orderedItems]).to be_an Array
-          expect(json[:orderedItems].size).to eq 2
+          expect(body[:orderedItems]).to be_an Array
+          expect(body[:orderedItems].size).to eq 2
+        end
+
+        context 'when account is permanently suspended' do
+          before do
+            account.suspend!
+            account.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            account.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
         end
       end
 
diff --git a/spec/controllers/activitypub/followers_synchronizations_controller_spec.rb b/spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
index a24d3f8e0..88f4554c2 100644
--- a/spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
+++ b/spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
@@ -32,9 +32,8 @@ RSpec.describe ActivityPub::FollowersSynchronizationsController, type: :controll
     context 'with signature from example.com' do
       let(:remote_account) { Fabricate(:account, domain: 'example.com', uri: 'https://example.com/instance') }
 
-      before do
-        get :show, params: { account_username: account.username }
-      end
+      subject(:response) { get :show, params: { account_username: account.username } }
+      subject(:body) { body_as_json }
 
       it 'returns http success' do
         expect(response).to have_http_status(200)
@@ -45,14 +44,34 @@ RSpec.describe ActivityPub::FollowersSynchronizationsController, type: :controll
       end
 
       it 'returns orderedItems with followers from example.com' do
-        json = body_as_json
-        expect(json[:orderedItems]).to be_an Array
-        expect(json[:orderedItems].sort).to eq [follower_1.uri, follower_2.uri]
+        expect(body[:orderedItems]).to be_an Array
+        expect(body[:orderedItems].sort).to eq [follower_1.uri, follower_2.uri]
       end
 
       it 'returns private Cache-Control header' do
         expect(response.headers['Cache-Control']).to eq 'max-age=0, private'
       end
+
+      context 'when account is permanently suspended' do
+        before do
+          account.suspend!
+          account.deletion_request.destroy
+        end
+
+        it 'returns http gone' do
+          expect(response).to have_http_status(410)
+        end
+      end
+
+      context 'when account is temporarily suspended' do
+        before do
+          account.suspend!
+        end
+
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
     end
   end
 end
diff --git a/spec/controllers/activitypub/inboxes_controller_spec.rb b/spec/controllers/activitypub/inboxes_controller_spec.rb
index e5c004611..973ad83bb 100644
--- a/spec/controllers/activitypub/inboxes_controller_spec.rb
+++ b/spec/controllers/activitypub/inboxes_controller_spec.rb
@@ -20,6 +20,33 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do
       it 'returns http accepted' do
         expect(response).to have_http_status(202)
       end
+
+      context 'for a specific account' do
+        let(:account) { Fabricate(:account) }
+
+        subject(:response) { post :create, params: { account_username: account.username }, body: '{}' }
+
+        context 'when account is permanently suspended' do
+          before do
+            account.suspend!
+            account.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            account.suspend!
+          end
+
+          it 'returns http accepted' do
+            expect(response).to have_http_status(202)
+          end
+        end
+      end
     end
 
     context 'with Collection-Synchronization header' do
diff --git a/spec/controllers/activitypub/outboxes_controller_spec.rb b/spec/controllers/activitypub/outboxes_controller_spec.rb
index 1baf5a623..84e3a8956 100644
--- a/spec/controllers/activitypub/outboxes_controller_spec.rb
+++ b/spec/controllers/activitypub/outboxes_controller_spec.rb
@@ -10,6 +10,7 @@ RSpec.describe ActivityPub::OutboxesController, type: :controller do
     end
 
     it 'does not set sessions' do
+      response
       expect(session).to be_empty
     end
 
@@ -34,9 +35,8 @@ RSpec.describe ActivityPub::OutboxesController, type: :controller do
     context 'without signature' do
       let(:remote_account) { nil }
 
-      before do
-        get :show, params: { account_username: account.username, page: page }
-      end
+      subject(:response) { get :show, params: { account_username: account.username, page: page } }
+      subject(:body) { body_as_json }
 
       context 'with page not requested' do
         let(:page) { nil }
@@ -50,11 +50,31 @@ RSpec.describe ActivityPub::OutboxesController, type: :controller do
         end
 
         it 'returns totalItems' do
-          json = body_as_json
-          expect(json[:totalItems]).to eq 4
+          expect(body[:totalItems]).to eq 4
         end
 
         it_behaves_like 'cachable response'
+
+        context 'when account is permanently suspended' do
+          before do
+            account.suspend!
+            account.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            account.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
+        end
       end
 
       context 'with page requested' do
@@ -69,13 +89,33 @@ RSpec.describe ActivityPub::OutboxesController, type: :controller do
         end
 
         it 'returns orderedItems with public or unlisted statuses' do
-          json = body_as_json
-          expect(json[:orderedItems]).to be_an Array
-          expect(json[:orderedItems].size).to eq 2
-          expect(json[:orderedItems].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true
+          expect(body[:orderedItems]).to be_an Array
+          expect(body[:orderedItems].size).to eq 2
+          expect(body[:orderedItems].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true
         end
 
         it_behaves_like 'cachable response'
+
+        context 'when account is permanently suspended' do
+          before do
+            account.suspend!
+            account.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            account.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
+        end
       end
     end
 
diff --git a/spec/controllers/activitypub/replies_controller_spec.rb b/spec/controllers/activitypub/replies_controller_spec.rb
index ed383864d..250259752 100644
--- a/spec/controllers/activitypub/replies_controller_spec.rb
+++ b/spec/controllers/activitypub/replies_controller_spec.rb
@@ -14,6 +14,7 @@ RSpec.describe ActivityPub::RepliesController, type: :controller do
     end
 
     it 'does not set sessions' do
+      response
       expect(session).to be_empty
     end
 
@@ -36,8 +37,32 @@ RSpec.describe ActivityPub::RepliesController, type: :controller do
 
   describe 'GET #index' do
     context 'with no signature' do
-      before do
-        get :index, params: { account_username: status.account.username, status_id: status.id }
+      subject(:response) { get :index, params: { account_username: status.account.username, status_id: status.id } }
+      subject(:body) { body_as_json }
+
+      context 'when account is permanently suspended' do
+        let(:parent_visibility) { :public }
+
+        before do
+          status.account.suspend!
+          status.account.deletion_request.destroy
+        end
+
+        it 'returns http gone' do
+          expect(response).to have_http_status(410)
+        end
+      end
+
+      context 'when account is temporarily suspended' do
+        let(:parent_visibility) { :public }
+
+        before do
+          status.account.suspend!
+        end
+
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
       end
 
       context 'when status is public' do
@@ -54,12 +79,10 @@ RSpec.describe ActivityPub::RepliesController, type: :controller do
         it_behaves_like 'cachable response'
 
         it 'returns items with account\'s own replies' do
-          json = body_as_json
-
-          expect(json[:first]).to be_a Hash
-          expect(json[:first][:items]).to be_an Array
-          expect(json[:first][:items].size).to eq 1
-          expect(json[:first][:items].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true
+          expect(body[:first]).to be_a Hash
+          expect(body[:first][:items]).to be_an Array
+          expect(body[:first][:items].size).to eq 1
+          expect(body[:first][:items].all? { |item| item[:to].include?(ActivityPub::TagManager::COLLECTIONS[:public]) || item[:cc].include?(ActivityPub::TagManager::COLLECTIONS[:public]) }).to be true
         end
       end
 
diff --git a/spec/controllers/api/v1/admin/accounts_controller_spec.rb b/spec/controllers/api/v1/admin/accounts_controller_spec.rb
index 89cadb222..f6be35f7f 100644
--- a/spec/controllers/api/v1/admin/accounts_controller_spec.rb
+++ b/spec/controllers/api/v1/admin/accounts_controller_spec.rb
@@ -111,7 +111,7 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
 
   describe 'POST #unsuspend' do
     before do
-      account.touch(:suspended_at)
+      account.suspend!
       post :unsuspend, params: { id: account.id }
     end
 
diff --git a/spec/controllers/follower_accounts_controller_spec.rb b/spec/controllers/follower_accounts_controller_spec.rb
index 34a0cf3f4..f6d55f693 100644
--- a/spec/controllers/follower_accounts_controller_spec.rb
+++ b/spec/controllers/follower_accounts_controller_spec.rb
@@ -14,6 +14,27 @@ describe FollowerAccountsController do
     context 'when format is html' do
       subject(:response) { get :index, params: { account_username: alice.username, format: :html } }
 
+      context 'when account is permanently suspended' do
+        before do
+          alice.suspend!
+          alice.deletion_request.destroy
+        end
+
+        it 'returns http gone' do
+          expect(response).to have_http_status(410)
+        end
+      end
+
+      context 'when account is temporarily suspended' do
+        before do
+          alice.suspend!
+        end
+
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
+
       it 'assigns follows' do
         expect(response).to have_http_status(200)
 
@@ -48,6 +69,27 @@ describe FollowerAccountsController do
           expect(body['totalItems']).to eq 2
           expect(body['partOf']).to be_present
         end
+
+        context 'when account is permanently suspended' do
+          before do
+            alice.suspend!
+            alice.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            alice.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
+        end
       end
 
       context 'without page' do
@@ -58,6 +100,27 @@ describe FollowerAccountsController do
           expect(body['totalItems']).to eq 2
           expect(body['partOf']).to be_blank
         end
+
+        context 'when account is permanently suspended' do
+          before do
+            alice.suspend!
+            alice.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            alice.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
+        end
       end
     end
   end
diff --git a/spec/controllers/following_accounts_controller_spec.rb b/spec/controllers/following_accounts_controller_spec.rb
index e9a1f597d..0fc0967a6 100644
--- a/spec/controllers/following_accounts_controller_spec.rb
+++ b/spec/controllers/following_accounts_controller_spec.rb
@@ -14,6 +14,27 @@ describe FollowingAccountsController do
     context 'when format is html' do
       subject(:response) { get :index, params: { account_username: alice.username, format: :html } }
 
+      context 'when account is permanently suspended' do
+        before do
+          alice.suspend!
+          alice.deletion_request.destroy
+        end
+
+        it 'returns http gone' do
+          expect(response).to have_http_status(410)
+        end
+      end
+
+      context 'when account is temporarily suspended' do
+        before do
+          alice.suspend!
+        end
+
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
+
       it 'assigns follows' do
         expect(response).to have_http_status(200)
 
@@ -48,6 +69,27 @@ describe FollowingAccountsController do
           expect(body['totalItems']).to eq 2
           expect(body['partOf']).to be_present
         end
+
+        context 'when account is permanently suspended' do
+          before do
+            alice.suspend!
+            alice.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            alice.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
+        end
       end
 
       context 'without page' do
@@ -58,6 +100,27 @@ describe FollowingAccountsController do
           expect(body['totalItems']).to eq 2
           expect(body['partOf']).to be_blank
         end
+
+        context 'when account is permanently suspended' do
+          before do
+            alice.suspend!
+            alice.deletion_request.destroy
+          end
+
+          it 'returns http gone' do
+            expect(response).to have_http_status(410)
+          end
+        end
+
+        context 'when account is temporarily suspended' do
+          before do
+            alice.suspend!
+          end
+
+          it 'returns http forbidden' do
+            expect(response).to have_http_status(403)
+          end
+        end
       end
     end
   end
diff --git a/spec/controllers/remote_follow_controller_spec.rb b/spec/controllers/remote_follow_controller_spec.rb
index 7312dde58..01d43f48c 100644
--- a/spec/controllers/remote_follow_controller_spec.rb
+++ b/spec/controllers/remote_follow_controller_spec.rb
@@ -94,21 +94,42 @@ describe RemoteFollowController do
     end
   end
 
-  describe 'with a suspended account' do
+  context 'with a permanently suspended account' do
     before do
-      @account = Fabricate(:account, suspended: true)
+      @account = Fabricate(:account)
+      @account.suspend!
+      @account.deletion_request.destroy
     end
 
-    it 'returns 410 gone on GET to #new' do
+    it 'returns http gone on GET to #new' do
       get :new, params: { account_username: @account.to_param }
 
-      expect(response).to have_http_status(:gone)
+      expect(response).to have_http_status(410)
     end
 
-    it 'returns 410 gone on POST to #create' do
+    it 'returns http gone on POST to #create' do
       post :create, params: { account_username: @account.to_param }
 
-      expect(response).to have_http_status(:gone)
+      expect(response).to have_http_status(410)
+    end
+  end
+
+  context 'with a temporarily suspended account' do
+    before do
+      @account = Fabricate(:account)
+      @account.suspend!
+    end
+
+    it 'returns http forbidden on GET to #new' do
+      get :new, params: { account_username: @account.to_param }
+
+      expect(response).to have_http_status(403)
+    end
+
+    it 'returns http forbidden on POST to #create' do
+      post :create, params: { account_username: @account.to_param }
+
+      expect(response).to have_http_status(403)
     end
   end
 end
diff --git a/spec/controllers/statuses_controller_spec.rb b/spec/controllers/statuses_controller_spec.rb
index cd6e1e607..9986efa51 100644
--- a/spec/controllers/statuses_controller_spec.rb
+++ b/spec/controllers/statuses_controller_spec.rb
@@ -24,10 +24,11 @@ describe StatusesController do
     let(:account) { Fabricate(:account) }
     let(:status)  { Fabricate(:status, account: account) }
 
-    context 'when account is suspended' do
-      let(:account) { Fabricate(:account, suspended: true) }
-
+    context 'when account is permanently suspended' do
       before do
+        account.suspend!
+        account.deletion_request.destroy
+
         get :show, params: { account_username: account.username, id: status.id }
       end
 
@@ -36,6 +37,18 @@ describe StatusesController do
       end
     end
 
+    context 'when account is temporarily suspended' do
+      before do
+        account.suspend!
+
+        get :show, params: { account_username: account.username, id: status.id }
+      end
+
+      it 'returns http forbidden' do
+        expect(response).to have_http_status(403)
+      end
+    end
+
     context 'when status is a reblog' do
       let(:original_account) { Fabricate(:account, domain: 'example.com') }
       let(:original_status) { Fabricate(:status, account: original_account, url: 'https://example.com/123') }
@@ -676,10 +689,11 @@ describe StatusesController do
     let(:account) { Fabricate(:account) }
     let(:status)  { Fabricate(:status, account: account) }
 
-    context 'when account is suspended' do
-      let(:account) { Fabricate(:account, suspended: true) }
-
+    context 'when account is permanently suspended' do
       before do
+        account.suspend!
+        account.deletion_request.destroy
+
         get :activity, params: { account_username: account.username, id: status.id }
       end
 
@@ -688,6 +702,18 @@ describe StatusesController do
       end
     end
 
+    context 'when account is temporarily suspended' do
+      before do
+        account.suspend!
+
+        get :activity, params: { account_username: account.username, id: status.id }
+      end
+
+      it 'returns http forbidden' do
+        expect(response).to have_http_status(403)
+      end
+    end
+
     context 'when status is public' do
       pending
     end
diff --git a/spec/controllers/well_known/webfinger_controller_spec.rb b/spec/controllers/well_known/webfinger_controller_spec.rb
index 46f63185b..cf7005b0e 100644
--- a/spec/controllers/well_known/webfinger_controller_spec.rb
+++ b/spec/controllers/well_known/webfinger_controller_spec.rb
@@ -4,95 +4,134 @@ describe WellKnown::WebfingerController, type: :controller do
   render_views
 
   describe 'GET #show' do
-    let(:alice) do
-      Fabricate(:account, username: 'alice')
+    let(:alternate_domains) { [] }
+    let(:alice) { Fabricate(:account, username: 'alice') }
+    let(:resource) { nil }
+
+    around(:each) do |example|
+      tmp = Rails.configuration.x.alternate_domains
+      Rails.configuration.x.alternate_domains = alternate_domains
+      example.run
+      Rails.configuration.x.alternate_domains = tmp
     end
 
-    before do
-      alice.private_key = <<-PEM
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDHgPoPJlrfMZrVcuF39UbVssa8r4ObLP3dYl9Y17Mgp5K4mSYD
-R/Y2ag58tSi6ar2zM3Ze3QYsNfTq0NqN1g89eAu0MbSjWqpOsgntRPJiFuj3hai2
-X2Im8TBrkiM/UyfTRgn8q8WvMoKbXk8Lu6nqv420eyqhhLxfUoCpxuem1QIDAQAB
-AoGBAIKsOh2eM7spVI8mdgQKheEG/iEsnPkQ2R8ehfE9JzjmSbXbqghQJDaz9NU+
-G3Uu4R31QT0VbCudE9SSA/UPFl82GeQG4QLjrSE+PSjSkuslgSXelJHfAJ+ycGax
-ajtPyiQD0e4c2loagHNHPjqK9OhHx9mFnZWmoagjlZ+mQGEpAkEA8GtqfS65IaRQ
-uVhMzpp25rF1RWOwaaa+vBPkd7pGdJEQGFWkaR/a9UkU+2C4ZxGBkJDP9FApKVQI
-RANEwN3/hwJBANRuw5+es6BgBv4PD387IJvuruW2oUtYP+Lb2Z5k77J13hZTr0db
-Oo9j1UbbR0/4g+vAcsDl4JD9c/9LrGYEpcMCQBon9Yvs+2M3lziy7JhFoc3zXIjS
-Ea1M4M9hcqe78lJYPeIH3z04o/+vlcLLgQRlmSz7NESmO/QtGkEcAezhuh0CQHji
-pzO4LeO/gXslut3eGcpiYuiZquOjToecMBRwv+5AIKd367Che4uJdh6iPcyGURvh
-IewfZFFdyZqnx20ui90CQQC1W2rK5Y30wAunOtSLVA30TLK/tKrTppMC3corjKlB
-FTX8IvYBNTbpEttc1VCf/0ccnNpfb0CrFNSPWxRj7t7D
------END RSA PRIVATE KEY-----
-PEM
-
-      alice.public_key = <<-PEM
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHgPoPJlrfMZrVcuF39UbVssa8
-r4ObLP3dYl9Y17Mgp5K4mSYDR/Y2ag58tSi6ar2zM3Ze3QYsNfTq0NqN1g89eAu0
-MbSjWqpOsgntRPJiFuj3hai2X2Im8TBrkiM/UyfTRgn8q8WvMoKbXk8Lu6nqv420
-eyqhhLxfUoCpxuem1QIDAQAB
------END PUBLIC KEY-----
-PEM
-
-      alice.save!
+    subject do
+      get :show, params: { resource: resource }, format: :json
     end
 
-    around(:each) do |example|
-      before = Rails.configuration.x.alternate_domains
-      example.run
-      Rails.configuration.x.alternate_domains = before
+    shared_examples 'a successful response' do
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      it 'returns application/jrd+json' do
+        expect(response.content_type).to eq 'application/jrd+json'
+      end
+
+      it 'returns links for the account' do
+        json = body_as_json
+        expect(json[:subject]).to eq 'acct:alice@cb6e6126.ngrok.io'
+        expect(json[:aliases]).to include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice')
+      end
     end
 
-    it 'returns JSON when account can be found' do
-      get :show, params: { resource: alice.to_webfinger_s }, format: :json
+    context 'when an account exists' do
+      let(:resource) { alice.to_webfinger_s }
 
-      json = body_as_json
+      before do
+        subject
+      end
 
-      expect(response).to have_http_status(200)
-      expect(response.content_type).to eq 'application/jrd+json'
-      expect(json[:subject]).to eq 'acct:alice@cb6e6126.ngrok.io'
-      expect(json[:aliases]).to include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice')
+      it_behaves_like 'a successful response'
     end
 
-    it 'returns http not found when account cannot be found' do
-      get :show, params: { resource: 'acct:not@existing.com' }, format: :json
+    context 'when an account is temporarily suspended' do
+      let(:resource) { alice.to_webfinger_s }
 
-      expect(response).to have_http_status(:not_found)
+      before do
+        alice.suspend!
+        subject
+      end
+
+      it_behaves_like 'a successful response'
     end
 
-    it 'returns JSON when account can be found with alternate domains' do
-      Rails.configuration.x.alternate_domains = ['foo.org']
-      username, = alice.to_webfinger_s.split('@')
+    context 'when an account is permanently suspended or deleted' do
+      let(:resource) { alice.to_webfinger_s }
+
+      before do
+        alice.suspend!
+        alice.deletion_request.destroy
+        subject
+      end
 
-      get :show, params: { resource: "#{username}@foo.org" }, format: :json
+      it 'returns http gone' do
+        expect(response).to have_http_status(410)
+      end
+    end
+
+    context 'when an account is not found' do
+      let(:resource) { 'acct:not@existing.com' }
 
-      json = body_as_json
+      before do
+        subject
+      end
 
-      expect(response).to have_http_status(200)
-      expect(response.content_type).to eq 'application/jrd+json'
-      expect(json[:subject]).to eq 'acct:alice@cb6e6126.ngrok.io'
-      expect(json[:aliases]).to include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice')
+      it 'returns http not found' do
+        expect(response).to have_http_status(404)
+      end
     end
 
-    it 'returns http not found when account can not be found with alternate domains' do
-      Rails.configuration.x.alternate_domains = ['foo.org']
-      username, = alice.to_webfinger_s.split('@')
+    context 'with an alternate domain' do
+      let(:alternate_domains) { ['foo.org'] }
+
+      before do
+        subject
+      end
+
+      context 'when an account exists' do
+        let(:resource) do
+          username, = alice.to_webfinger_s.split('@')
+          "#{username}@foo.org"
+        end
+
+        it_behaves_like 'a successful response'
+      end
 
-      get :show, params: { resource: "#{username}@bar.org" }, format: :json
+      context 'when the domain is wrong' do
+        let(:resource) do
+          username, = alice.to_webfinger_s.split('@')
+          "#{username}@bar.org"
+        end
 
-      expect(response).to have_http_status(:not_found)
+        it 'returns http not found' do
+          expect(response).to have_http_status(404)
+        end
+      end
     end
 
-    it 'returns http bad request when not given a resource parameter' do
-      get :show, params: { }, format: :json
-      expect(response).to have_http_status(:bad_request)
+    context 'with no resource parameter' do
+      let(:resource) { nil }
+
+      before do
+        subject
+      end
+
+      it 'returns http bad request' do
+        expect(response).to have_http_status(400)
+      end
     end
 
-    it 'returns http bad request when given a nonsense parameter' do
-      get :show, params: { resource: 'df/:dfkj' }
-      expect(response).to have_http_status(:bad_request)
+    context 'with a nonsense parameter' do
+      let(:resource) { 'df/:dfkj' }
+
+      before do
+        subject
+      end
+
+      it 'returns http bad request' do
+        expect(response).to have_http_status(400)
+      end
     end
   end
 end
-- 
cgit