1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- # frozen_string_literal: true
- require 'rails_helper'
- class FakeService; end
- describe Api::BaseController do
- controller do
- def success
- head 200
- end
- def error
- FakeService.new
- end
- end
- describe 'forgery protection' do
- before do
- routes.draw { post 'success' => 'api/base#success' }
- end
- it 'does not protect from forgery' do
- ActionController::Base.allow_forgery_protection = true
- post 'success'
- expect(response).to have_http_status(200)
- end
- end
- describe 'non-functional accounts handling' do
- let(:user) { Fabricate(:user) }
- let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
- controller do
- before_action :require_user!
- end
- before do
- routes.draw { post 'success' => 'api/base#success' }
- allow(controller).to receive(:doorkeeper_token) { token }
- end
- it 'returns http forbidden for unconfirmed accounts' do
- user.update(confirmed_at: nil)
- post 'success'
- expect(response).to have_http_status(403)
- end
- it 'returns http forbidden for pending accounts' do
- user.update(approved: false)
- post 'success'
- expect(response).to have_http_status(403)
- end
- it 'returns http forbidden for disabled accounts' do
- user.update(disabled: true)
- post 'success'
- expect(response).to have_http_status(403)
- end
- it 'returns http forbidden for suspended accounts' do
- user.account.suspend!
- post 'success'
- expect(response).to have_http_status(403)
- end
- end
- describe 'error handling' do
- ERRORS_WITH_CODES = {
- ActiveRecord::RecordInvalid => 422,
- Mastodon::ValidationError => 422,
- ActiveRecord::RecordNotFound => 404,
- Mastodon::UnexpectedResponseError => 503,
- HTTP::Error => 503,
- OpenSSL::SSL::SSLError => 503,
- Mastodon::NotPermittedError => 403,
- }
- before do
- routes.draw { get 'error' => 'api/base#error' }
- end
- ERRORS_WITH_CODES.each do |error, code|
- it "Handles error class of #{error}" do
- expect(FakeService).to receive(:new).and_raise(error)
- get 'error'
- expect(response).to have_http_status(code)
- end
- end
- end
- end
|