1
0

base_controller_spec.rb 1.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe Api::BaseController do
  4. controller do
  5. def success
  6. head 200
  7. end
  8. def failure
  9. FakeService.new
  10. end
  11. end
  12. it 'returns private cache control headers by default' do
  13. routes.draw { get 'success' => 'api/base#success' }
  14. get :success
  15. expect(response.headers['Cache-Control']).to include('private, no-store')
  16. end
  17. describe 'forgery protection' do
  18. before do
  19. routes.draw { post 'success' => 'api/base#success' }
  20. end
  21. it 'does not protect from forgery' do
  22. ActionController::Base.allow_forgery_protection = true
  23. post :success
  24. expect(response).to have_http_status(200)
  25. end
  26. end
  27. describe 'non-functional accounts handling' do
  28. let(:user) { Fabricate(:user) }
  29. let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
  30. controller do
  31. before_action :require_user!
  32. end
  33. before do
  34. routes.draw { post 'success' => 'api/base#success' }
  35. allow(controller).to receive(:doorkeeper_token) { token }
  36. end
  37. it 'returns http forbidden for unconfirmed accounts' do
  38. user.update(confirmed_at: nil)
  39. post :success
  40. expect(response).to have_http_status(403)
  41. end
  42. it 'returns http forbidden for pending accounts' do
  43. user.update(approved: false)
  44. post :success
  45. expect(response).to have_http_status(403)
  46. end
  47. it 'returns http forbidden for disabled accounts' do
  48. user.update(disabled: true)
  49. post :success
  50. expect(response).to have_http_status(403)
  51. end
  52. it 'returns http forbidden for suspended accounts' do
  53. user.account.suspend!
  54. post :success
  55. expect(response).to have_http_status(403)
  56. end
  57. end
  58. end