RISCI_ATOM
/
mastodon
огледало от https://github.com/tootsuite/mastodon.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257
							# frozen_string_literal: true

require 'rails_helper'

RSpec.describe 'The /.well-known/webfinger endpoint' do
  subject(:perform_request!) { get webfinger_url(resource: resource) }

  let(:alternate_domains) { [] }
  let(:alice) { Fabricate(:account, username: 'alice') }
  let(:resource) { nil }

  around do |example|
    tmp = Rails.configuration.x.alternate_domains
    Rails.configuration.x.alternate_domains = alternate_domains
    example.run
    Rails.configuration.x.alternate_domains = tmp
  end

  shared_examples 'a successful response' do
    it 'returns http success with correct media type and headers and body json' do
      expect(response).to have_http_status(200)

      expect(response.headers['Vary']).to eq('Origin')

      expect(response.media_type).to eq 'application/jrd+json'

      expect(response.parsed_body)
        .to include(
          subject: eq('acct:alice@cb6e6126.ngrok.io'),
          aliases: include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice')
        )
    end
  end

  context 'when an account exists' do
    let(:resource) { alice.to_webfinger_s }

    before do
      perform_request!
    end

    it_behaves_like 'a successful response'
  end

  context 'when an account is temporarily suspended' do
    let(:resource) { alice.to_webfinger_s }

    before do
      alice.suspend!
      perform_request!
    end

    it_behaves_like 'a successful response'
  end

  context 'when an account is permanently suspended or deleted' do
    let(:resource) { alice.to_webfinger_s }

    before do
      alice.suspend!
      alice.deletion_request.destroy
      perform_request!
    end

    it 'returns http gone' do
      expect(response).to have_http_status(410)
    end
  end

  context 'when an account is not found' do
    let(:resource) { 'acct:not@existing.com' }

    before do
      perform_request!
    end

    it 'returns http not found' do
      expect(response).to have_http_status(404)
    end
  end

  context 'with an alternate domain' do
    let(:alternate_domains) { ['foo.org'] }

    before do
      perform_request!
    end

    context 'when an account exists' do
      let(:resource) do
        username, = alice.to_webfinger_s.split('@')
        "#{username}@foo.org"
      end

      it_behaves_like 'a successful response'
    end

    context 'when the domain is wrong' do
      let(:resource) do
        username, = alice.to_webfinger_s.split('@')
        "#{username}@bar.org"
      end

      it 'returns http not found' do
        expect(response).to have_http_status(404)
      end
    end
  end

  context 'when the old name scheme is used to query the instance actor' do
    let(:resource) do
      "#{Rails.configuration.x.local_domain}@#{Rails.configuration.x.local_domain}"
    end

    before do
      perform_request!
    end

    it 'returns http success' do
      expect(response).to have_http_status(200)
    end

    it 'sets only a Vary Origin header' do
      expect(response.headers['Vary']).to eq('Origin')
    end

    it 'returns application/jrd+json' do
      expect(response.media_type).to eq 'application/jrd+json'
    end

    it 'returns links for the internal account' do
      expect(response.parsed_body)
        .to include(
          subject: 'acct:mastodon.internal@cb6e6126.ngrok.io',
          aliases: ['https://cb6e6126.ngrok.io/actor']
        )
    end
  end

  context 'with no resource parameter' do
    let(:resource) { nil }

    before do
      perform_request!
    end

    it 'returns http bad request' do
      expect(response).to have_http_status(400)
    end
  end

  context 'with a nonsense parameter' do
    let(:resource) { 'df/:dfkj' }

    before do
      perform_request!
    end

    it 'returns http bad request' do
      expect(response).to have_http_status(400)
    end
  end

  context 'when an account has an avatar' do
    let(:alice) { Fabricate(:account, username: 'alice', avatar: attachment_fixture('attachment.jpg')) }
    let(:resource) { alice.to_webfinger_s }

    it 'returns avatar in response' do
      perform_request!

      expect(response_avatar_link)
        .to be_present
        .and include(
          type: eq(alice.avatar.content_type),
          href: eq(Addressable::URI.new(host: Rails.configuration.x.local_domain, path: alice.avatar.to_s, scheme: 'https').to_s)
        )
    end

    context 'with limited federation mode' do
      before do
        allow(Rails.configuration.x).to receive(:limited_federation_mode).and_return(true)
      end

      it 'does not return avatar in response' do
        perform_request!

        expect(response_avatar_link)
          .to be_nil
      end
    end

    context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
      around do |example|
        ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
          example.run
        end
      end

      it 'does not return avatar in response' do
        perform_request!

        expect(response_avatar_link)
          .to be_nil
      end
    end
  end

  context 'when an account does not have an avatar' do
    let(:alice) { Fabricate(:account, username: 'alice', avatar: nil) }
    let(:resource) { alice.to_webfinger_s }

    before do
      perform_request!
    end

    it 'does not return avatar in response' do
      expect(response_avatar_link)
        .to be_nil
    end
  end

  context 'with different headers' do
    describe 'requested with standard accepts headers' do
      it 'returns a json response' do
        get webfinger_url(resource: alice.to_webfinger_s)

        expect(response).to have_http_status(200)
        expect(response.media_type).to eq 'application/jrd+json'
      end
    end

    describe 'asking for json format' do
      it 'returns a json response for json format' do
        get webfinger_url(resource: alice.to_webfinger_s, format: :json)

        expect(response).to have_http_status(200)
        expect(response.media_type).to eq 'application/jrd+json'
      end

      it 'returns a json response for json accept header' do
        headers = { 'HTTP_ACCEPT' => 'application/jrd+json' }
        get webfinger_url(resource: alice.to_webfinger_s), headers: headers

        expect(response).to have_http_status(200)
        expect(response.media_type).to eq 'application/jrd+json'
      end
    end
  end

  private

  def response_avatar_link
    response
      .parsed_body[:links]
      .find { |link| link[:rel] == 'http://webfinger.net/rel/avatar' }
  end
end