首頁 探索 說明
登入
RISCI_ATOM
/
mastodon
镜像来自 https://github.com/tootsuite/mastodon.git
1
0
複刻 0
Files 問題管理 8 Wiki
目錄樹: de59e7e6a0
分支列表 標籤列表
mastodon
/
spec
/
controllers
/
api
/
base_controller_spec.rb

base_controller_spec.rb 2.3 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. class FakeService; end
    6. 

  6. 

  7. describe Api::BaseController do
    8. 

  8.   controller do
    9. 

  9.     def success
    10. 

  10.       head 200
    11. 

  11.     end
    12. 

  12. 

  13.     def error
    14. 

  14.       FakeService.new
    15. 

  15.     end
    16. 

  16.   end
    17. 

  17. 

  18.   describe 'forgery protection' do
    19. 

  19.     before do
    20. 

  20.       routes.draw { post 'success' => 'api/base#success' }
    21. 

  21.     end
    22. 

  22. 

  23.     it 'does not protect from forgery' do
    24. 

  24.       ActionController::Base.allow_forgery_protection = true
    25. 

  25.       post 'success'
    26. 

  26.       expect(response).to have_http_status(200)
    27. 

  27.     end
    28. 

  28.   end
    29. 

  29. 

  30.   describe 'non-functional accounts handling' do
    31. 

  31.     let(:user)  { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
    32. 

  32.     let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
    33. 

  33. 

  34.     controller do
    35. 

  35.       before_action :require_user!
    36. 

  36.     end
    37. 

  37. 

  38.     before do
    39. 

  39.       routes.draw { post 'success' => 'api/base#success' }
    40. 

  40.       allow(controller).to receive(:doorkeeper_token) { token }
    41. 

  41.     end
    42. 

  42. 

  43.     it 'returns http forbidden for unconfirmed accounts' do
    44. 

  44.       user.update(confirmed_at: nil)
    45. 

  45.       post 'success'
    46. 

  46.       expect(response).to have_http_status(403)
    47. 

  47.     end
    48. 

  48. 

  49.     it 'returns http forbidden for pending accounts' do
    50. 

  50.       user.update(approved: false)
    51. 

  51.       post 'success'
    52. 

  52.       expect(response).to have_http_status(403)
    53. 

  53.     end
    54. 

  54. 

  55.     it 'returns http forbidden for disabled accounts' do
    56. 

  56.       user.update(disabled: true)
    57. 

  57.       post 'success'
    58. 

  58.       expect(response).to have_http_status(403)
    59. 

  59.     end
    60. 

  60. 

  61.     it 'returns http forbidden for suspended accounts' do
    62. 

  62.       user.account.suspend!
    63. 

  63.       post 'success'
    64. 

  64.       expect(response).to have_http_status(403)
    65. 

  65.     end
    66. 

  66.   end
    67. 

  67. 

  68.   describe 'error handling' do
    69. 

  69.     ERRORS_WITH_CODES = {
    70. 

  70.       ActiveRecord::RecordInvalid => 422,
    71. 

  71.       Mastodon::ValidationError => 422,
    72. 

  72.       ActiveRecord::RecordNotFound => 404,
    73. 

  73.       Mastodon::UnexpectedResponseError => 503,
    74. 

  74.       HTTP::Error => 503,
    75. 

  75.       OpenSSL::SSL::SSLError => 503,
    76. 

  76.       Mastodon::NotPermittedError => 403,
    77. 

  77.     }
    78. 

  78. 

  79.     before do
    80. 

  80.       routes.draw { get 'error' => 'api/base#error' }
    81. 

  81.     end
    82. 

  82. 

  83.     ERRORS_WITH_CODES.each do |error, code|
    84. 

  84.       it "Handles error class of #{error}" do
    85. 

  85.         expect(FakeService).to receive(:new).and_raise(error)
    86. 

  86. 

  87.         get 'error'
    88. 

  88.         expect(response).to have_http_status(code)
    89. 

  89.       end
    90. 

  90.     end
    91. 

  91.   end
    92. 

  92. end
    93.