From 10f51c9886123982bc9f2a95fba39dd1f24b9a05 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 9 Jun 2018 22:46:54 +0200 Subject: Fix domain hiding logic (#7765) * Send rejections to followers when user hides domain they're on * Use account domain blocks for "authorized followers" action Replace soft-blocking (block & unblock) behaviour with follow rejection * Split sync and async work of account domain blocking Do not create domain block when removing followers by domain, that is probably unexpected from the user's perspective. * Adjust confirmation message for domain block * yarn manage:translations --- ...after_block_domain_from_account_service_spec.rb | 25 ++++++++++++++++++++++ .../block_domain_from_account_service_spec.rb | 19 ---------------- 2 files changed, 25 insertions(+), 19 deletions(-) create mode 100644 spec/services/after_block_domain_from_account_service_spec.rb delete mode 100644 spec/services/block_domain_from_account_service_spec.rb (limited to 'spec') diff --git a/spec/services/after_block_domain_from_account_service_spec.rb b/spec/services/after_block_domain_from_account_service_spec.rb new file mode 100644 index 000000000..006e3f4d2 --- /dev/null +++ b/spec/services/after_block_domain_from_account_service_spec.rb @@ -0,0 +1,25 @@ +require 'rails_helper' + +RSpec.describe AfterBlockDomainFromAccountService, type: :service do + let!(:wolf) { Fabricate(:account, username: 'wolf', domain: 'evil.org', inbox_url: 'https://evil.org/inbox', protocol: :activitypub) } + let!(:alice) { Fabricate(:account, username: 'alice') } + + subject { AfterBlockDomainFromAccountService.new } + + before do + stub_jsonld_contexts! + allow(ActivityPub::DeliveryWorker).to receive(:perform_async) + end + + it 'purge followers from blocked domain' do + wolf.follow!(alice) + subject.call(alice, 'evil.org') + expect(wolf.following?(alice)).to be false + end + + it 'sends Reject->Follow to followers from blocked domain' do + wolf.follow!(alice) + subject.call(alice, 'evil.org') + expect(ActivityPub::DeliveryWorker).to have_received(:perform_async).once + end +end diff --git a/spec/services/block_domain_from_account_service_spec.rb b/spec/services/block_domain_from_account_service_spec.rb deleted file mode 100644 index 365c0a4ad..000000000 --- a/spec/services/block_domain_from_account_service_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -require 'rails_helper' - -RSpec.describe BlockDomainFromAccountService, type: :service do - let!(:wolf) { Fabricate(:account, username: 'wolf', domain: 'evil.org') } - let!(:alice) { Fabricate(:account, username: 'alice') } - - subject { BlockDomainFromAccountService.new } - - it 'creates domain block' do - subject.call(alice, 'evil.org') - expect(alice.domain_blocking?('evil.org')).to be true - end - - it 'purge followers from blocked domain' do - wolf.follow!(alice) - subject.call(alice, 'evil.org') - expect(wolf.following?(alice)).to be false - end -end -- cgit From 7086aa598b95257ddf9b268efb58bdad7572350c Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Sun, 10 Jun 2018 05:47:50 +0900 Subject: Add tests for intents_controller (#7763) --- app/controllers/intents_controller.rb | 19 +++++++++-- spec/controllers/intents_controller_spec.rb | 50 +++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 spec/controllers/intents_controller_spec.rb (limited to 'spec') diff --git a/app/controllers/intents_controller.rb b/app/controllers/intents_controller.rb index 504befd1f..56129d69a 100644 --- a/app/controllers/intents_controller.rb +++ b/app/controllers/intents_controller.rb @@ -1,9 +1,10 @@ # frozen_string_literal: true class IntentsController < ApplicationController - def show - uri = Addressable::URI.parse(params[:uri]) + before_action :check_uri + rescue_from Addressable::URI::InvalidURIError, with: :handle_invalid_uri + def show if uri.scheme == 'web+mastodon' case uri.host when 'follow' @@ -15,4 +16,18 @@ class IntentsController < ApplicationController not_found end + + private + + def check_uri + not_found if uri.blank? + end + + def handle_invalid_uri + not_found + end + + def uri + @uri ||= Addressable::URI.parse(params[:uri]) + end end diff --git a/spec/controllers/intents_controller_spec.rb b/spec/controllers/intents_controller_spec.rb new file mode 100644 index 000000000..3dde7f835 --- /dev/null +++ b/spec/controllers/intents_controller_spec.rb @@ -0,0 +1,50 @@ +require 'rails_helper' + +RSpec.describe IntentsController, type: :controller do + render_views + + let(:user) { Fabricate(:user) } + before { sign_in user, scope: :user } + + describe 'GET #show' do + subject { get :show, params: { uri: uri } } + + context 'when schema is web+mastodon' do + context 'when host is follow' do + let(:uri) { 'web+mastodon://follow?uri=test' } + + it { is_expected.to redirect_to authorize_follow_path(acct: 'test') } + end + + context 'when host is share' do + let(:uri) { 'web+mastodon://share?text=test' } + + it { is_expected.to redirect_to share_path(text: 'test') } + end + + context 'when host is none of the above' do + let(:uri) { 'web+mastodon://test' } + + it { is_expected.to have_http_status 404 } + end + end + + context 'when schema is not web+mastodon' do + let(:uri) { 'api+mastodon://test.com' } + + it { is_expected.to have_http_status 404 } + end + + context 'when uri param is blank' do + let(:uri) { '' } + + it { is_expected.to have_http_status 404 } + end + + context 'when uri is invalid' do + let(:uri) { 'invalid uri://test.com' } + + it { is_expected.to have_http_status 404 } + end + end +end -- cgit From 6151308c47efb0e05bcb2c54aa1693f5ff04da5c Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Tue, 12 Jun 2018 21:24:46 +0900 Subject: Add missing tests for admin/accounts_controller (#7791) --- spec/controllers/admin/accounts_controller_spec.rb | 224 ++++++++++++++++++++- 1 file changed, 219 insertions(+), 5 deletions(-) (limited to 'spec') diff --git a/spec/controllers/admin/accounts_controller_spec.rb b/spec/controllers/admin/accounts_controller_spec.rb index ff9dbbfb8..197e019fe 100644 --- a/spec/controllers/admin/accounts_controller_spec.rb +++ b/spec/controllers/admin/accounts_controller_spec.rb @@ -3,13 +3,11 @@ require 'rails_helper' RSpec.describe Admin::AccountsController, type: :controller do render_views - let(:user) { Fabricate(:user, admin: true) } - - before do - sign_in user, scope: :user - end + before { sign_in current_user, scope: :user } describe 'GET #index' do + let(:current_user) { Fabricate(:user, admin: true) } + around do |example| default_per_page = Account.default_per_page Account.paginates_per 1 @@ -68,6 +66,7 @@ RSpec.describe Admin::AccountsController, type: :controller do end describe 'GET #show' do + let(:current_user) { Fabricate(:user, admin: true) } let(:account) { Fabricate(:account, username: 'bob') } it 'returns http success' do @@ -75,4 +74,219 @@ RSpec.describe Admin::AccountsController, type: :controller do expect(response).to have_http_status(200) end end + + + describe 'POST #subscribe' do + subject { post :subscribe, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: admin) } + let(:account) { Fabricate(:account) } + + context 'when user is admin' do + let(:admin) { true } + + it { is_expected.to redirect_to admin_account_path(account.id) } + end + + context 'when user is not admin' do + let(:admin) { false } + + it { is_expected.to have_http_status :forbidden } + end + end + + describe 'POST #unsubscribe' do + subject { post :unsubscribe, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: admin) } + let(:account) { Fabricate(:account) } + + context 'when user is admin' do + let(:admin) { true } + + it { is_expected.to redirect_to admin_account_path(account.id) } + end + + context 'when user is not admin' do + let(:admin) { false } + + it { is_expected.to have_http_status :forbidden } + end + end + + describe 'POST #memorialize' do + subject { post :memorialize, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: current_user_admin) } + let(:account) { Fabricate(:account, user: user) } + let(:user) { Fabricate(:user, admin: target_user_admin) } + + context 'when user is admin' do + let(:current_user_admin) { true } + + context 'when target user is admin' do + let(:target_user_admin) { true } + + it 'fails to memorialize account' do + is_expected.to have_http_status :forbidden + expect(account.reload).not_to be_memorial + end + end + + context 'when target user is not admin' do + let(:target_user_admin) { false } + + it 'succeeds in memorializing account' do + is_expected.to redirect_to admin_account_path(account.id) + expect(account.reload).to be_memorial + end + end + end + + context 'when user is not admin' do + let(:current_user_admin) { false } + + context 'when target user is admin' do + let(:target_user_admin) { true } + + it 'fails to memorialize account' do + is_expected.to have_http_status :forbidden + expect(account.reload).not_to be_memorial + end + end + + context 'when target user is not admin' do + let(:target_user_admin) { false } + + it 'fails to memorialize account' do + is_expected.to have_http_status :forbidden + expect(account.reload).not_to be_memorial + end + end + end + end + + describe 'POST #enable' do + subject { post :enable, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: admin) } + let(:account) { Fabricate(:account, user: user) } + let(:user) { Fabricate(:user, disabled: true) } + + context 'when user is admin' do + let(:admin) { true } + + it 'succeeds in enabling account' do + is_expected.to redirect_to admin_account_path(account.id) + expect(user.reload).not_to be_disabled + end + end + + context 'when user is not admin' do + let(:admin) { false } + + it 'fails to enable account' do + is_expected.to have_http_status :forbidden + expect(user.reload).to be_disabled + end + end + end + + describe 'POST #disable' do + subject { post :disable, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: current_user_admin) } + let(:account) { Fabricate(:account, user: user) } + let(:user) { Fabricate(:user, disabled: false, admin: target_user_admin) } + + context 'when user is admin' do + let(:current_user_admin) { true } + + context 'when target user is admin' do + let(:target_user_admin) { true } + + it 'fails to disable account' do + is_expected.to have_http_status :forbidden + expect(user.reload).not_to be_disabled + end + end + + context 'when target user is not admin' do + let(:target_user_admin) { false } + + it 'succeeds in disabling account' do + is_expected.to redirect_to admin_account_path(account.id) + expect(user.reload).to be_disabled + end + end + end + + context 'when user is not admin' do + let(:current_user_admin) { false } + + context 'when target user is admin' do + let(:target_user_admin) { true } + + it 'fails to disable account' do + is_expected.to have_http_status :forbidden + expect(user.reload).not_to be_disabled + end + end + + context 'when target user is not admin' do + let(:target_user_admin) { false } + + it 'fails to disable account' do + is_expected.to have_http_status :forbidden + expect(user.reload).not_to be_disabled + end + end + end + end + + describe 'POST #redownload' do + subject { post :redownload, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: admin) } + let(:account) { Fabricate(:account) } + + context 'when user is admin' do + let(:admin) { true } + + it 'succeeds in redownloadin' do + is_expected.to redirect_to admin_account_path(account.id) + end + end + + context 'when user is not admin' do + let(:admin) { false } + + it 'fails to redownload' do + is_expected.to have_http_status :forbidden + end + end + end + + describe 'POST #remove_avatar' do + subject { post :remove_avatar, params: { id: account.id } } + + let(:current_user) { Fabricate(:user, admin: admin) } + let(:account) { Fabricate(:account) } + + context 'when user is admin' do + let(:admin) { true } + + it 'succeeds in removing avatar' do + is_expected.to redirect_to admin_account_path(account.id) + end + end + + context 'when user is not admin' do + let(:admin) { false } + + it 'fails to remove avatar' do + is_expected.to have_http_status :forbidden + end + end + end end -- cgit