1
0

base_controller_spec.rb 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe Api::BaseController do
  4. controller do
  5. def success
  6. head 200
  7. end
  8. end
  9. it 'returns private cache control headers by default' do
  10. routes.draw { get 'success' => 'api/base#success' }
  11. get :success
  12. expect(response.headers['Cache-Control']).to include('private, no-store')
  13. end
  14. describe 'forgery protection' do
  15. before do
  16. routes.draw { post 'success' => 'api/base#success' }
  17. end
  18. it 'does not protect from forgery' do
  19. ActionController::Base.allow_forgery_protection = true
  20. post :success
  21. expect(response).to have_http_status(200)
  22. end
  23. end
  24. describe 'non-functional accounts handling' do
  25. let(:user) { Fabricate(:user) }
  26. let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
  27. controller do
  28. before_action :require_user!
  29. end
  30. before do
  31. routes.draw { post 'success' => 'api/base#success' }
  32. allow(controller).to receive(:doorkeeper_token) { token }
  33. end
  34. it 'returns http forbidden for unconfirmed accounts' do
  35. user.update(confirmed_at: nil)
  36. post :success
  37. expect(response).to have_http_status(403)
  38. end
  39. it 'returns http forbidden for pending accounts' do
  40. user.update(approved: false)
  41. post :success
  42. expect(response).to have_http_status(403)
  43. end
  44. it 'returns http forbidden for disabled accounts' do
  45. user.update(disabled: true)
  46. post :success
  47. expect(response).to have_http_status(403)
  48. end
  49. it 'returns http forbidden for suspended accounts' do
  50. user.account.suspend!
  51. post :success
  52. expect(response).to have_http_status(403)
  53. end
  54. end
  55. end