From 6a4e2db661f47a318bbf93a07ba9f16f7bac3ee0 Mon Sep 17 00:00:00 2001
From: unarist <m.unarist@gmail.com>
Date: Sun, 3 Sep 2017 00:42:47 +0900
Subject: Raise an error for remote url in StatusFinder (#4776)

* Raise an error for remote url in StatusFinder

Previous implementation had allowed remote url with status id which also exists on local.

Then that bug leads /api/web/embed to return wrong embed url.

* Fix oembed_controller_spec
---
 spec/lib/status_finder_spec.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'spec/lib')

diff --git a/spec/lib/status_finder_spec.rb b/spec/lib/status_finder_spec.rb
index 5c2f2dbe8..3ef086736 100644
--- a/spec/lib/status_finder_spec.rb
+++ b/spec/lib/status_finder_spec.rb
@@ -34,6 +34,16 @@ describe StatusFinder do
       end
     end
 
+    context 'with a remote url even if id exists on local' do
+      let(:status) { Fabricate(:status) }
+      let(:url) { "https://example.com/users/test/statuses/#{status.id}" }
+      subject { described_class.new(url) }
+
+      it 'raises an error' do
+        expect { subject.status }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
     context 'with a plausible url' do
       let(:url) { 'https://example.com/users/test/updates/123/embed' }
       subject { described_class.new(url) }
-- 
cgit