From b4fb766b23f4b50b51a366f55b451770ece3153a Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 11 May 2018 11:49:12 +0200
Subject: Add REST API for Web Push Notifications subscriptions (#7445)

- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
---
 .../api/v1/push/subscriptions_controller_spec.rb   | 83 ++++++++++++++++++++++
 .../api/web/push_subscriptions_controller_spec.rb  | 16 ++---
 spec/models/web/push_subscription_spec.rb          | 12 ----
 3 files changed, 91 insertions(+), 20 deletions(-)
 create mode 100644 spec/controllers/api/v1/push/subscriptions_controller_spec.rb

(limited to 'spec')

diff --git a/spec/controllers/api/v1/push/subscriptions_controller_spec.rb b/spec/controllers/api/v1/push/subscriptions_controller_spec.rb
new file mode 100644
index 000000000..01146294f
--- /dev/null
+++ b/spec/controllers/api/v1/push/subscriptions_controller_spec.rb
@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe Api::V1::Push::SubscriptionsController do
+  render_views
+
+  let(:user)  { Fabricate(:user) }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'push') }
+
+  before do
+    allow(controller).to receive(:doorkeeper_token) { token }
+  end
+
+  let(:create_payload) do
+    {
+      subscription: {
+        endpoint: 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX',
+        keys: {
+          p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
+          auth: 'eH_C8rq2raXqlcBVDa1gLg==',
+        },
+      }
+    }.with_indifferent_access
+  end
+
+  let(:alerts_payload) do
+    {
+      data: {
+        alerts: {
+          follow: true,
+          favourite: false,
+          reblog: true,
+          mention: false,
+        }
+      }
+    }.with_indifferent_access
+  end
+
+  describe 'POST #create' do
+    it 'saves push subscriptions' do
+      post :create, params: create_payload
+
+      push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
+
+      expect(push_subscription.endpoint).to eq(create_payload[:subscription][:endpoint])
+      expect(push_subscription.key_p256dh).to eq(create_payload[:subscription][:keys][:p256dh])
+      expect(push_subscription.key_auth).to eq(create_payload[:subscription][:keys][:auth])
+      expect(push_subscription.user_id).to eq user.id
+      expect(push_subscription.access_token_id).to eq token.id
+    end
+
+    it 'replaces old subscription on repeat calls' do
+      post :create, params: create_payload
+      post :create, params: create_payload
+
+      expect(Web::PushSubscription.where(endpoint: create_payload[:subscription][:endpoint]).count).to eq 1
+    end
+  end
+
+  describe 'PUT #update' do
+    it 'changes alert settings' do
+      post :create, params: create_payload
+      put :update, params: alerts_payload
+
+      push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
+
+      expect(push_subscription.data.dig('alerts', 'follow')).to eq(alerts_payload[:data][:alerts][:follow].to_s)
+      expect(push_subscription.data.dig('alerts', 'favourite')).to eq(alerts_payload[:data][:alerts][:favourite].to_s)
+      expect(push_subscription.data.dig('alerts', 'reblog')).to eq(alerts_payload[:data][:alerts][:reblog].to_s)
+      expect(push_subscription.data.dig('alerts', 'mention')).to eq(alerts_payload[:data][:alerts][:mention].to_s)
+    end
+  end
+
+  describe 'DELETE #destroy' do
+    it 'removes the subscription' do
+      post :create, params: create_payload
+      delete :destroy
+
+      expect(Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])).to be_nil
+    end
+  end
+end
diff --git a/spec/controllers/api/web/push_subscriptions_controller_spec.rb b/spec/controllers/api/web/push_subscriptions_controller_spec.rb
index bbf94c5c6..381cdeab9 100644
--- a/spec/controllers/api/web/push_subscriptions_controller_spec.rb
+++ b/spec/controllers/api/web/push_subscriptions_controller_spec.rb
@@ -59,10 +59,10 @@ describe Api::Web::PushSubscriptionsController do
 
         push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
 
-        expect(push_subscription.data['follow']).to eq(alerts_payload[:data][:follow])
-        expect(push_subscription.data['favourite']).to eq(alerts_payload[:data][:favourite])
-        expect(push_subscription.data['reblog']).to eq(alerts_payload[:data][:reblog])
-        expect(push_subscription.data['mention']).to eq(alerts_payload[:data][:mention])
+        expect(push_subscription.data['alerts']['follow']).to eq(alerts_payload[:data][:alerts][:follow].to_s)
+        expect(push_subscription.data['alerts']['favourite']).to eq(alerts_payload[:data][:alerts][:favourite].to_s)
+        expect(push_subscription.data['alerts']['reblog']).to eq(alerts_payload[:data][:alerts][:reblog].to_s)
+        expect(push_subscription.data['alerts']['mention']).to eq(alerts_payload[:data][:alerts][:mention].to_s)
       end
     end
   end
@@ -81,10 +81,10 @@ describe Api::Web::PushSubscriptionsController do
 
       push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
 
-      expect(push_subscription.data['follow']).to eq(alerts_payload[:data][:follow])
-      expect(push_subscription.data['favourite']).to eq(alerts_payload[:data][:favourite])
-      expect(push_subscription.data['reblog']).to eq(alerts_payload[:data][:reblog])
-      expect(push_subscription.data['mention']).to eq(alerts_payload[:data][:mention])
+      expect(push_subscription.data['alerts']['follow']).to eq(alerts_payload[:data][:alerts][:follow].to_s)
+      expect(push_subscription.data['alerts']['favourite']).to eq(alerts_payload[:data][:alerts][:favourite].to_s)
+      expect(push_subscription.data['alerts']['reblog']).to eq(alerts_payload[:data][:alerts][:reblog].to_s)
+      expect(push_subscription.data['alerts']['mention']).to eq(alerts_payload[:data][:alerts][:mention].to_s)
     end
   end
 end
diff --git a/spec/models/web/push_subscription_spec.rb b/spec/models/web/push_subscription_spec.rb
index 574da55ac..c6665611c 100644
--- a/spec/models/web/push_subscription_spec.rb
+++ b/spec/models/web/push_subscription_spec.rb
@@ -2,20 +2,8 @@ require 'rails_helper'
 
 RSpec.describe Web::PushSubscription, type: :model do
   let(:alerts) { { mention: true, reblog: false, follow: true, follow_request: false, favourite: true } }
-  let(:payload_no_alerts) { Web::PushSubscription.new(id: 1, endpoint: 'a', key_p256dh: 'c', key_auth: 'd').as_payload }
-  let(:payload_alerts) { Web::PushSubscription.new(id: 1, endpoint: 'a', key_p256dh: 'c', key_auth: 'd', data: { alerts: alerts }).as_payload }
   let(:push_subscription) { Web::PushSubscription.new(data: { alerts: alerts }) }
 
-  describe '#as_payload' do
-    it 'only returns id and endpoint' do
-      expect(payload_no_alerts.keys).to eq [:id, :endpoint]
-    end
-
-    it 'returns alerts if set' do
-      expect(payload_alerts.keys).to eq [:id, :endpoint, :alerts]
-    end
-  end
-
   describe '#pushable?' do
     it 'obeys alert settings' do
       expect(push_subscription.send(:pushable?, Notification.new(activity_type: 'Mention'))).to eq true
-- 
cgit 


From 50491e0d92acea90e7a83d2ab0e9a1b271daa8a8 Mon Sep 17 00:00:00 2001
From: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com>
Date: Fri, 11 May 2018 20:14:33 +0900
Subject: Add tests for invites controller (#7441)

* Add tests for invites controller

* Small refactoring and fix for invites controller
---
 app/controllers/invites_controller.rb       | 12 ++++--
 spec/controllers/invites_controller_spec.rb | 67 +++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 spec/controllers/invites_controller_spec.rb

(limited to 'spec')

diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 38d6c8d73..8e87c63cf 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -8,9 +8,9 @@ class InvitesController < ApplicationController
   before_action :authenticate_user!
 
   def index
-    authorize :invite, :create?
+    authorize :invite, :index?
 
-    @invites = Invite.where(user: current_user)
+    @invites = invites
     @invite  = Invite.new(expires_in: 1.day.to_i)
   end
 
@@ -23,13 +23,13 @@ class InvitesController < ApplicationController
     if @invite.save
       redirect_to invites_path
     else
-      @invites = Invite.where(user: current_user)
+      @invites = invites
       render :index
     end
   end
 
   def destroy
-    @invite = Invite.where(user: current_user).find(params[:id])
+    @invite = invites.find(params[:id])
     authorize @invite, :destroy?
     @invite.expire!
     redirect_to invites_path
@@ -37,6 +37,10 @@ class InvitesController < ApplicationController
 
   private
 
+  def invites
+    Invite.where(user: current_user)
+  end
+
   def resource_params
     params.require(:invite).permit(:max_uses, :expires_in)
   end
diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb
new file mode 100644
index 000000000..c5c6cb651
--- /dev/null
+++ b/spec/controllers/invites_controller_spec.rb
@@ -0,0 +1,67 @@
+require 'rails_helper'
+
+describe InvitesController do
+  render_views
+
+  before do
+    sign_in user
+  end
+
+  describe 'GET #index' do
+    subject { get :index }
+
+    let!(:invite) { Fabricate(:invite, user: user) }
+
+    context 'when user is a staff' do
+      let(:user) { Fabricate(:user, moderator: true, admin: false) }
+
+      it 'renders index page' do
+        expect(subject).to render_template :index
+        expect(assigns(:invites)).to include invite
+        expect(assigns(:invites).count).to eq 1
+      end
+    end
+
+    context 'when user is not a staff' do
+      let(:user) { Fabricate(:user, moderator: false, admin: false) }
+
+      it 'returns 403' do
+        expect(subject).to have_http_status 403
+      end
+    end
+  end
+
+  describe 'POST #create' do
+    subject { post :create, params: { invite: { max_uses: '10', expires_in: 1800 } } }
+
+    context 'when user is an admin' do
+      let(:user) { Fabricate(:user, moderator: false, admin: true) }
+
+      it 'succeeds to create a invite' do
+        expect{ subject }.to change { Invite.count }.by(1)
+        expect(subject).to redirect_to invites_path
+        expect(Invite.last).to have_attributes(user_id: user.id, max_uses: 10)
+      end
+    end
+
+    context 'when user is not an admin' do
+      let(:user) { Fabricate(:user, moderator: true, admin: false) }
+
+      it 'returns 403' do
+        expect(subject).to have_http_status 403
+      end
+    end
+  end
+
+  describe 'DELETE #create' do
+    subject { delete :destroy, params: { id: invite.id } }
+
+    let!(:invite) { Fabricate(:invite, user: user, expires_at: nil) }
+    let(:user) { Fabricate(:user, moderator: false, admin: true) }
+
+    it 'expires invite' do
+      expect(subject).to redirect_to invites_path
+      expect(invite.reload).to be_expired
+    end
+  end
+end
-- 
cgit