accounts_controller_spec.rb 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469
  1. require 'rails_helper'
  2. RSpec.describe AccountsController, type: :controller do
  3. render_views
  4. let(:account) { Fabricate(:account) }
  5. shared_examples 'cacheable response' do
  6. it 'does not set cookies' do
  7. expect(response.cookies).to be_empty
  8. expect(response.headers['Set-Cookies']).to be nil
  9. end
  10. it 'does not set sessions' do
  11. expect(session).to be_empty
  12. end
  13. it 'returns public Cache-Control header' do
  14. expect(response.headers['Cache-Control']).to include 'public'
  15. end
  16. end
  17. describe 'GET #show' do
  18. let(:format) { 'html' }
  19. let!(:status) { Fabricate(:status, account: account) }
  20. let!(:status_reply) { Fabricate(:status, account: account, thread: Fabricate(:status)) }
  21. let!(:status_self_reply) { Fabricate(:status, account: account, thread: status) }
  22. let!(:status_media) { Fabricate(:status, account: account) }
  23. let!(:status_pinned) { Fabricate(:status, account: account) }
  24. let!(:status_private) { Fabricate(:status, account: account, visibility: :private) }
  25. let!(:status_direct) { Fabricate(:status, account: account, visibility: :direct) }
  26. let!(:status_reblog) { Fabricate(:status, account: account, reblog: Fabricate(:status)) }
  27. before do
  28. status_media.media_attachments << Fabricate(:media_attachment, account: account, type: :image)
  29. account.pinned_statuses << status_pinned
  30. account.pinned_statuses << status_private
  31. end
  32. shared_examples 'preliminary checks' do
  33. context 'when account is not approved' do
  34. before do
  35. account.user.update(approved: false)
  36. end
  37. it 'returns http not found' do
  38. get :show, params: { username: account.username, format: format }
  39. expect(response).to have_http_status(404)
  40. end
  41. end
  42. end
  43. context 'as HTML' do
  44. let(:format) { 'html' }
  45. it_behaves_like 'preliminary checks'
  46. context 'when account is permanently suspended' do
  47. before do
  48. account.suspend!
  49. account.deletion_request.destroy
  50. end
  51. it 'returns http gone' do
  52. get :show, params: { username: account.username, format: format }
  53. expect(response).to have_http_status(410)
  54. end
  55. end
  56. context 'when account is temporarily suspended' do
  57. before do
  58. account.suspend!
  59. end
  60. it 'returns http forbidden' do
  61. get :show, params: { username: account.username, format: format }
  62. expect(response).to have_http_status(403)
  63. end
  64. end
  65. shared_examples 'common response characteristics' do
  66. it 'returns http success' do
  67. expect(response).to have_http_status(200)
  68. end
  69. it 'returns Link header' do
  70. expect(response.headers['Link'].to_s).to include ActivityPub::TagManager.instance.uri_for(account)
  71. end
  72. it 'renders show template' do
  73. expect(response).to render_template(:show)
  74. end
  75. end
  76. context do
  77. before do
  78. get :show, params: { username: account.username, format: format }
  79. end
  80. it_behaves_like 'common response characteristics'
  81. end
  82. context 'with replies' do
  83. before do
  84. allow(controller).to receive(:replies_requested?).and_return(true)
  85. get :show, params: { username: account.username, format: format }
  86. end
  87. it_behaves_like 'common response characteristics'
  88. end
  89. context 'with media' do
  90. before do
  91. allow(controller).to receive(:media_requested?).and_return(true)
  92. get :show, params: { username: account.username, format: format }
  93. end
  94. it_behaves_like 'common response characteristics'
  95. end
  96. context 'with tag' do
  97. let(:tag) { Fabricate(:tag) }
  98. let!(:status_tag) { Fabricate(:status, account: account) }
  99. before do
  100. allow(controller).to receive(:tag_requested?).and_return(true)
  101. status_tag.tags << tag
  102. get :show, params: { username: account.username, format: format, tag: tag.to_param }
  103. end
  104. it_behaves_like 'common response characteristics'
  105. end
  106. end
  107. context 'as JSON' do
  108. let(:authorized_fetch_mode) { false }
  109. let(:format) { 'json' }
  110. before do
  111. allow(controller).to receive(:authorized_fetch_mode?).and_return(authorized_fetch_mode)
  112. end
  113. it_behaves_like 'preliminary checks'
  114. context 'when account is suspended permanently' do
  115. before do
  116. account.suspend!
  117. account.deletion_request.destroy
  118. end
  119. it 'returns http gone' do
  120. get :show, params: { username: account.username, format: format }
  121. expect(response).to have_http_status(410)
  122. end
  123. end
  124. context 'when account is suspended temporarily' do
  125. before do
  126. account.suspend!
  127. end
  128. it 'returns http success' do
  129. get :show, params: { username: account.username, format: format }
  130. expect(response).to have_http_status(200)
  131. end
  132. end
  133. context do
  134. before do
  135. get :show, params: { username: account.username, format: format }
  136. end
  137. it 'returns http success' do
  138. expect(response).to have_http_status(200)
  139. end
  140. it 'returns application/activity+json' do
  141. expect(response.media_type).to eq 'application/activity+json'
  142. end
  143. it_behaves_like 'cacheable response'
  144. it 'renders account' do
  145. json = body_as_json
  146. expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
  147. end
  148. context 'in authorized fetch mode' do
  149. let(:authorized_fetch_mode) { true }
  150. it 'returns http unauthorized' do
  151. expect(response).to have_http_status(401)
  152. end
  153. end
  154. end
  155. context 'when signed in' do
  156. let(:user) { Fabricate(:user) }
  157. before do
  158. sign_in(user)
  159. get :show, params: { username: account.username, format: format }
  160. end
  161. it 'returns http success' do
  162. expect(response).to have_http_status(200)
  163. end
  164. it 'returns application/activity+json' do
  165. expect(response.media_type).to eq 'application/activity+json'
  166. end
  167. it 'returns public Cache-Control header' do
  168. expect(response.headers['Cache-Control']).to include 'public'
  169. end
  170. it 'renders account' do
  171. json = body_as_json
  172. expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
  173. end
  174. end
  175. context 'with signature' do
  176. let(:remote_account) { Fabricate(:account, domain: 'example.com') }
  177. before do
  178. allow(controller).to receive(:signed_request_actor).and_return(remote_account)
  179. get :show, params: { username: account.username, format: format }
  180. end
  181. it 'returns http success' do
  182. expect(response).to have_http_status(200)
  183. end
  184. it 'returns application/activity+json' do
  185. expect(response.media_type).to eq 'application/activity+json'
  186. end
  187. it_behaves_like 'cacheable response'
  188. it 'renders account' do
  189. json = body_as_json
  190. expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
  191. end
  192. context 'in authorized fetch mode' do
  193. let(:authorized_fetch_mode) { true }
  194. it 'returns http success' do
  195. expect(response).to have_http_status(200)
  196. end
  197. it 'returns application/activity+json' do
  198. expect(response.media_type).to eq 'application/activity+json'
  199. end
  200. it 'returns private Cache-Control header' do
  201. expect(response.headers['Cache-Control']).to include 'private'
  202. end
  203. it 'returns Vary header with Signature' do
  204. expect(response.headers['Vary']).to include 'Signature'
  205. end
  206. it 'renders account' do
  207. json = body_as_json
  208. expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
  209. end
  210. end
  211. end
  212. end
  213. context 'as RSS' do
  214. let(:format) { 'rss' }
  215. it_behaves_like 'preliminary checks'
  216. context 'when account is permanently suspended' do
  217. before do
  218. account.suspend!
  219. account.deletion_request.destroy
  220. end
  221. it 'returns http gone' do
  222. get :show, params: { username: account.username, format: format }
  223. expect(response).to have_http_status(410)
  224. end
  225. end
  226. context 'when account is temporarily suspended' do
  227. before do
  228. account.suspend!
  229. end
  230. it 'returns http forbidden' do
  231. get :show, params: { username: account.username, format: format }
  232. expect(response).to have_http_status(403)
  233. end
  234. end
  235. shared_examples 'common response characteristics' do
  236. it 'returns http success' do
  237. expect(response).to have_http_status(200)
  238. end
  239. it_behaves_like 'cacheable response'
  240. end
  241. context do
  242. before do
  243. get :show, params: { username: account.username, format: format }
  244. end
  245. it_behaves_like 'common response characteristics'
  246. it 'renders public status' do
  247. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status))
  248. end
  249. it 'renders self-reply' do
  250. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_self_reply))
  251. end
  252. it 'renders status with media' do
  253. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_media))
  254. end
  255. it 'does not render reblog' do
  256. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reblog.reblog))
  257. end
  258. it 'does not render private status' do
  259. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_private))
  260. end
  261. it 'does not render direct status' do
  262. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_direct))
  263. end
  264. it 'does not render reply to someone else' do
  265. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reply))
  266. end
  267. end
  268. context 'with replies' do
  269. before do
  270. allow(controller).to receive(:replies_requested?).and_return(true)
  271. get :show, params: { username: account.username, format: format }
  272. end
  273. it_behaves_like 'common response characteristics'
  274. it 'renders public status' do
  275. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status))
  276. end
  277. it 'renders self-reply' do
  278. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_self_reply))
  279. end
  280. it 'renders status with media' do
  281. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_media))
  282. end
  283. it 'does not render reblog' do
  284. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reblog.reblog))
  285. end
  286. it 'does not render private status' do
  287. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_private))
  288. end
  289. it 'does not render direct status' do
  290. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_direct))
  291. end
  292. it 'renders reply to someone else' do
  293. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_reply))
  294. end
  295. end
  296. context 'with media' do
  297. before do
  298. allow(controller).to receive(:media_requested?).and_return(true)
  299. get :show, params: { username: account.username, format: format }
  300. end
  301. it_behaves_like 'common response characteristics'
  302. it 'does not render public status' do
  303. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status))
  304. end
  305. it 'does not render self-reply' do
  306. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_self_reply))
  307. end
  308. it 'renders status with media' do
  309. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_media))
  310. end
  311. it 'does not render reblog' do
  312. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reblog.reblog))
  313. end
  314. it 'does not render private status' do
  315. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_private))
  316. end
  317. it 'does not render direct status' do
  318. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_direct))
  319. end
  320. it 'does not render reply to someone else' do
  321. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reply))
  322. end
  323. end
  324. context 'with tag' do
  325. let(:tag) { Fabricate(:tag) }
  326. let!(:status_tag) { Fabricate(:status, account: account) }
  327. before do
  328. allow(controller).to receive(:tag_requested?).and_return(true)
  329. status_tag.tags << tag
  330. get :show, params: { username: account.username, format: format, tag: tag.to_param }
  331. end
  332. it_behaves_like 'common response characteristics'
  333. it 'does not render public status' do
  334. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status))
  335. end
  336. it 'does not render self-reply' do
  337. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_self_reply))
  338. end
  339. it 'does not render status with media' do
  340. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_media))
  341. end
  342. it 'does not render reblog' do
  343. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reblog.reblog))
  344. end
  345. it 'does not render private status' do
  346. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_private))
  347. end
  348. it 'does not render direct status' do
  349. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_direct))
  350. end
  351. it 'does not render reply to someone else' do
  352. expect(response.body).to_not include(ActivityPub::TagManager.instance.url_for(status_reply))
  353. end
  354. it 'renders status with tag' do
  355. expect(response.body).to include(ActivityPub::TagManager.instance.url_for(status_tag))
  356. end
  357. end
  358. end
  359. end
  360. end