Startseite Erkunden Hilfe
Registrieren Anmelden
bida
/
bastodon
7
0
Fork 0
Dateien Issues 9 Pull-Requests 0 Wiki
Struktur: 1416745a2b
Branches Tags
bastodon
/
spec
/
controllers
/
api
/
base_controller_spec.rb

base_controller_spec.rb 2.5 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. describe Api::BaseController do
    6. 

  6.   before do
    7. 

  7.     stub_const('FakeService', Class.new)
    8. 

  8.   end
    9. 

  9. 

  10.   controller do
    11. 

  11.     def success
    12. 

  12.       head 200
    13. 

  13.     end
    14. 

  14. 

  15.     def error
    16. 

  16.       FakeService.new
    17. 

  17.     end
    18. 

  18.   end
    19. 

  19. 

  20.   it 'returns private cache control headers by default' do
    21. 

  21.     routes.draw { get 'success' => 'api/base#success' }
    22. 

  22.     get :success
    23. 

  23.     expect(response.headers['Cache-Control']).to include('private, no-store')
    24. 

  24.   end
    25. 

  25. 

  26.   describe 'forgery protection' do
    27. 

  27.     before do
    28. 

  28.       routes.draw { post 'success' => 'api/base#success' }
    29. 

  29.     end
    30. 

  30. 

  31.     it 'does not protect from forgery' do
    32. 

  32.       ActionController::Base.allow_forgery_protection = true
    33. 

  33.       post 'success'
    34. 

  34.       expect(response).to have_http_status(200)
    35. 

  35.     end
    36. 

  36.   end
    37. 

  37. 

  38.   describe 'non-functional accounts handling' do
    39. 

  39.     let(:user)  { Fabricate(:user) }
    40. 

  40.     let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
    41. 

  41. 

  42.     controller do
    43. 

  43.       before_action :require_user!
    44. 

  44.     end
    45. 

  45. 

  46.     before do
    47. 

  47.       routes.draw { post 'success' => 'api/base#success' }
    48. 

  48.       allow(controller).to receive(:doorkeeper_token) { token }
    49. 

  49.     end
    50. 

  50. 

  51.     it 'returns http forbidden for unconfirmed accounts' do
    52. 

  52.       user.update(confirmed_at: nil)
    53. 

  53.       post 'success'
    54. 

  54.       expect(response).to have_http_status(403)
    55. 

  55.     end
    56. 

  56. 

  57.     it 'returns http forbidden for pending accounts' do
    58. 

  58.       user.update(approved: false)
    59. 

  59.       post 'success'
    60. 

  60.       expect(response).to have_http_status(403)
    61. 

  61.     end
    62. 

  62. 

  63.     it 'returns http forbidden for disabled accounts' do
    64. 

  64.       user.update(disabled: true)
    65. 

  65.       post 'success'
    66. 

  66.       expect(response).to have_http_status(403)
    67. 

  67.     end
    68. 

  68. 

  69.     it 'returns http forbidden for suspended accounts' do
    70. 

  70.       user.account.suspend!
    71. 

  71.       post 'success'
    72. 

  72.       expect(response).to have_http_status(403)
    73. 

  73.     end
    74. 

  74.   end
    75. 

  75. 

  76.   describe 'error handling' do
    77. 

  77.     before do
    78. 

  78.       routes.draw { get 'error' => 'api/base#error' }
    79. 

  79.     end
    80. 

  80. 

  81.     {
    82. 

  82.       ActiveRecord::RecordInvalid => 422,
    83. 

  83.       Mastodon::ValidationError => 422,
    84. 

  84.       ActiveRecord::RecordNotFound => 404,
    85. 

  85.       Mastodon::UnexpectedResponseError => 503,
    86. 

  86.       HTTP::Error => 503,
    87. 

  87.       OpenSSL::SSL::SSLError => 503,
    88. 

  88.       Mastodon::NotPermittedError => 403,
    89. 

  89.     }.each do |error, code|
    90. 

  90.       it "Handles error class of #{error}" do
    91. 

  91.         allow(FakeService).to receive(:new).and_raise(error)
    92. 

  92. 

  93.         get 'error'
    94. 

  94.         expect(response).to have_http_status(code)
    95. 

  95.         expect(FakeService).to have_received(:new)
    96. 

  96.       end
    97. 

  97.     end
    98. 

  98.   end
    99. 

  99. end
    100.