1
0

application_controller_spec.rb 9.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe ApplicationController, type: :controller do
  4. controller do
  5. def success
  6. head 200
  7. end
  8. def routing_error
  9. raise ActionController::RoutingError, ''
  10. end
  11. def record_not_found
  12. raise ActiveRecord::RecordNotFound, ''
  13. end
  14. def invalid_authenticity_token
  15. raise ActionController::InvalidAuthenticityToken, ''
  16. end
  17. end
  18. shared_examples 'respond_with_error' do |code|
  19. it "returns http #{code} for any" do
  20. subject
  21. expect(response).to have_http_status(code)
  22. end
  23. it "returns http #{code} for http" do
  24. subject
  25. expect(response).to have_http_status(code)
  26. end
  27. it "renders template for http" do
  28. is_expected.to render_template("errors/#{code}", layout: 'error')
  29. end
  30. end
  31. context 'forgery' do
  32. subject do
  33. ActionController::Base.allow_forgery_protection = true
  34. routes.draw { post 'success' => 'anonymous#success' }
  35. post 'success'
  36. end
  37. include_examples 'respond_with_error', 422
  38. end
  39. it "does not force ssl if Rails.env.production? is not 'true'" do
  40. routes.draw { get 'success' => 'anonymous#success' }
  41. allow(Rails.env).to receive(:production?).and_return(false)
  42. get 'success'
  43. expect(response).to have_http_status(200)
  44. end
  45. it "forces ssl if Rails.env.production? is 'true'" do
  46. routes.draw { get 'success' => 'anonymous#success' }
  47. allow(Rails.env).to receive(:production?).and_return(true)
  48. get 'success'
  49. expect(response).to redirect_to('https://test.host/success')
  50. end
  51. describe 'helper_method :current_account' do
  52. it 'returns nil if not signed in' do
  53. expect(controller.view_context.current_account).to be_nil
  54. end
  55. it 'returns account if signed in' do
  56. account = Fabricate(:account)
  57. sign_in(Fabricate(:user, account: account))
  58. expect(controller.view_context.current_account).to eq account
  59. end
  60. end
  61. describe 'helper_method :single_user_mode?' do
  62. it 'returns false if it is in single_user_mode but there is no account' do
  63. allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  64. expect(controller.view_context.single_user_mode?).to eq false
  65. end
  66. it 'returns false if there is an account but it is not in single_user_mode' do
  67. allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
  68. Fabricate(:account)
  69. expect(controller.view_context.single_user_mode?).to eq false
  70. end
  71. it 'returns true if it is in single_user_mode and there is an account' do
  72. allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  73. Fabricate(:account)
  74. expect(controller.view_context.single_user_mode?).to eq true
  75. end
  76. end
  77. describe 'helper_method :current_theme' do
  78. it 'returns "default" when theme wasn\'t changed in admin settings' do
  79. allow(Setting).to receive(:default_settings).and_return({ 'theme' => 'default' })
  80. expect(controller.view_context.current_theme).to eq 'default'
  81. end
  82. it 'returns instances\'s theme when user is not signed in' do
  83. allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  84. expect(controller.view_context.current_theme).to eq 'contrast'
  85. end
  86. it 'returns instances\'s default theme when user didn\'t set theme' do
  87. current_user = Fabricate(:user)
  88. sign_in current_user
  89. allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  90. allow(Setting).to receive(:[]).with('noindex').and_return false
  91. expect(controller.view_context.current_theme).to eq 'contrast'
  92. end
  93. it 'returns user\'s theme when it is set' do
  94. current_user = Fabricate(:user)
  95. current_user.settings['theme'] = 'mastodon-light'
  96. sign_in current_user
  97. allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  98. expect(controller.view_context.current_theme).to eq 'mastodon-light'
  99. end
  100. end
  101. context 'ActionController::RoutingError' do
  102. subject do
  103. routes.draw { get 'routing_error' => 'anonymous#routing_error' }
  104. get 'routing_error'
  105. end
  106. include_examples 'respond_with_error', 404
  107. end
  108. context 'ActiveRecord::RecordNotFound' do
  109. subject do
  110. routes.draw { get 'record_not_found' => 'anonymous#record_not_found' }
  111. get 'record_not_found'
  112. end
  113. include_examples 'respond_with_error', 404
  114. end
  115. context 'ActionController::InvalidAuthenticityToken' do
  116. subject do
  117. routes.draw { get 'invalid_authenticity_token' => 'anonymous#invalid_authenticity_token' }
  118. get 'invalid_authenticity_token'
  119. end
  120. include_examples 'respond_with_error', 422
  121. end
  122. describe 'before_action :store_current_location' do
  123. it 'stores location for user if it is not devise controller' do
  124. routes.draw { get 'success' => 'anonymous#success' }
  125. get 'success'
  126. expect(controller.stored_location_for(:user)).to eq '/success'
  127. end
  128. context do
  129. controller Devise::SessionsController do
  130. end
  131. it 'does not store location for user if it is devise controller' do
  132. @request.env["devise.mapping"] = Devise.mappings[:user]
  133. get 'create'
  134. expect(controller.stored_location_for(:user)).to be_nil
  135. end
  136. end
  137. end
  138. describe 'before_action :check_suspension' do
  139. before do
  140. routes.draw { get 'success' => 'anonymous#success' }
  141. end
  142. it 'does nothing if not signed in' do
  143. get 'success'
  144. expect(response).to have_http_status(200)
  145. end
  146. it 'does nothing if user who signed in is not suspended' do
  147. sign_in(Fabricate(:user, account: Fabricate(:account, suspended: false)))
  148. get 'success'
  149. expect(response).to have_http_status(200)
  150. end
  151. it 'redirects to account status page' do
  152. sign_in(Fabricate(:user, account: Fabricate(:account, suspended: true)))
  153. get 'success'
  154. expect(response).to redirect_to(edit_user_registration_path)
  155. end
  156. end
  157. describe 'raise_not_found' do
  158. it 'raises error' do
  159. controller.params[:unmatched_route] = 'unmatched'
  160. expect { controller.raise_not_found }.to raise_error(ActionController::RoutingError, 'No route matches unmatched')
  161. end
  162. end
  163. describe 'require_admin!' do
  164. controller do
  165. before_action :require_admin!
  166. def sucesss
  167. head 200
  168. end
  169. end
  170. before do
  171. routes.draw { get 'sucesss' => 'anonymous#sucesss' }
  172. end
  173. it 'returns a 403 if current user is not admin' do
  174. sign_in(Fabricate(:user, admin: false))
  175. get 'sucesss'
  176. expect(response).to have_http_status(403)
  177. end
  178. it 'returns a 403 if current user is only a moderator' do
  179. sign_in(Fabricate(:user, moderator: true))
  180. get 'sucesss'
  181. expect(response).to have_http_status(403)
  182. end
  183. it 'does nothing if current user is admin' do
  184. sign_in(Fabricate(:user, admin: true))
  185. get 'sucesss'
  186. expect(response).to have_http_status(200)
  187. end
  188. end
  189. describe 'require_staff!' do
  190. controller do
  191. before_action :require_staff!
  192. def sucesss
  193. head 200
  194. end
  195. end
  196. before do
  197. routes.draw { get 'sucesss' => 'anonymous#sucesss' }
  198. end
  199. it 'returns a 403 if current user is not admin or moderator' do
  200. sign_in(Fabricate(:user, admin: false, moderator: false))
  201. get 'sucesss'
  202. expect(response).to have_http_status(403)
  203. end
  204. it 'does nothing if current user is moderator' do
  205. sign_in(Fabricate(:user, moderator: true))
  206. get 'sucesss'
  207. expect(response).to have_http_status(200)
  208. end
  209. it 'does nothing if current user is admin' do
  210. sign_in(Fabricate(:user, admin: true))
  211. get 'sucesss'
  212. expect(response).to have_http_status(200)
  213. end
  214. end
  215. describe 'forbidden' do
  216. controller do
  217. def route_forbidden
  218. forbidden
  219. end
  220. end
  221. subject do
  222. routes.draw { get 'route_forbidden' => 'anonymous#route_forbidden' }
  223. get 'route_forbidden'
  224. end
  225. include_examples 'respond_with_error', 403
  226. end
  227. describe 'not_found' do
  228. controller do
  229. def route_not_found
  230. not_found
  231. end
  232. end
  233. subject do
  234. routes.draw { get 'route_not_found' => 'anonymous#route_not_found' }
  235. get 'route_not_found'
  236. end
  237. include_examples 'respond_with_error', 404
  238. end
  239. describe 'gone' do
  240. controller do
  241. def route_gone
  242. gone
  243. end
  244. end
  245. subject do
  246. routes.draw { get 'route_gone' => 'anonymous#route_gone' }
  247. get 'route_gone'
  248. end
  249. include_examples 'respond_with_error', 410
  250. end
  251. describe 'unprocessable_entity' do
  252. controller do
  253. def route_unprocessable_entity
  254. unprocessable_entity
  255. end
  256. end
  257. subject do
  258. routes.draw { get 'route_unprocessable_entity' => 'anonymous#route_unprocessable_entity' }
  259. get 'route_unprocessable_entity'
  260. end
  261. include_examples 'respond_with_error', 422
  262. end
  263. describe 'cache_collection' do
  264. class C < ApplicationController
  265. public :cache_collection
  266. end
  267. shared_examples 'receives :with_includes' do |fabricator, klass|
  268. it 'uses raw if it is not an ActiveRecord::Relation' do
  269. record = Fabricate(fabricator)
  270. expect(C.new.cache_collection([record], klass)).to eq [record]
  271. end
  272. end
  273. shared_examples 'cacheable' do |fabricator, klass|
  274. include_examples 'receives :with_includes', fabricator, klass
  275. it 'calls cache_ids of raw if it is an ActiveRecord::Relation' do
  276. record = Fabricate(fabricator)
  277. relation = klass.none
  278. allow(relation).to receive(:cache_ids).and_return([record])
  279. expect(C.new.cache_collection(relation, klass)).to eq [record]
  280. end
  281. end
  282. it 'returns raw unless class responds to :with_includes' do
  283. raw = Object.new
  284. expect(C.new.cache_collection(raw, Object)).to eq raw
  285. end
  286. context 'Notification' do
  287. include_examples 'cacheable', :notification, Notification
  288. end
  289. context 'Status' do
  290. include_examples 'cacheable', :status, Status
  291. end
  292. end
  293. end