closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8013 Commits
4 Branches
567 MiB
Tree: a57ac0723f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a57ac0723f'
${ noResults }
mastodon/spec/controllers/application_controller_spec.rb

365 lines
9.9 KiB
Raw Normal View History

single_user_mode? always returns boolean (#3215) This change also adds a specification for the method.
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Spec response for forgery (#3248) Remove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
7 years ago
Fix force_ssl conditional (#6201)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Fix force_ssl conditional (#6201)
6 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Fix force_ssl conditional (#6201)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Fix force_ssl conditional (#6201)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
single_user_mode? always returns boolean (#3215) This change also adds a specification for the method.
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
5 years ago
Lint pass (#8876)
5 years ago
Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
5 years ago
add admin setting for default search engine indexing (fix #11750) (#11804)
4 years ago
Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
5 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Lint pass (#8876)
5 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Improve require_admin! and require_staff! filters (#7018) Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Improve require_admin! and require_staff! filters (#7018) Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use "match_array" only for order independent assertions (#3626)
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use "match_array" only for order independent assertions (#3626)
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
single_user_mode? always returns boolean (#3215) This change also adds a specification for the method.
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe ApplicationController, type: :controller do
  6.   controller do
  7.     def success
  8.       head 200

  9.     end
  10. 

  11.     def routing_error
  12.       raise ActionController::RoutingError, ''
  13.     end
  14. 

  15.     def record_not_found
  16.       raise ActiveRecord::RecordNotFound, ''
  17.     end
  18. 

  19.     def invalid_authenticity_token
  20.       raise ActionController::InvalidAuthenticityToken, ''
  21.     end
  22.   end
  23. 

  24.   shared_examples 'respond_with_error' do |code|
  25.     it "returns http #{code} for any" do
  26.       subject
  27.       expect(response).to have_http_status(code)
  28.     end
  29. 

  30.     it "returns http #{code} for http" do
  31.       subject
  32.       expect(response).to have_http_status(code)
  33.     end
  34. 

  35.     it "renders template for http" do
  36.       is_expected.to render_template("errors/#{code}", layout: 'error')
  37.     end
  38.   end
  39. 

  40.   context 'forgery' do
  41.     subject do
  42.       ActionController::Base.allow_forgery_protection = true
  43.       routes.draw { post 'success' => 'anonymous#success' }
  44.       post 'success'
  45.     end
  46. 

  47.     include_examples 'respond_with_error', 422

  48.   end
  49. 

  50.   it "does not force ssl if Rails.env.production? is not 'true'" do
  51.     routes.draw { get 'success' => 'anonymous#success' }
  52.     allow(Rails.env).to receive(:production?).and_return(false)
  53.     get 'success'
  54.     expect(response).to have_http_status(200)
  55.   end
  56. 

  57.   it "forces ssl if Rails.env.production? is 'true'" do
  58.     routes.draw { get 'success' => 'anonymous#success' }
  59.     allow(Rails.env).to receive(:production?).and_return(true)
  60.     get 'success'
  61.     expect(response).to redirect_to('https://test.host/success')
  62.   end
  63. 

  64.   describe 'helper_method :current_account' do
  65.     it 'returns nil if not signed in' do
  66.       expect(controller.view_context.current_account).to be_nil
  67.     end
  68. 

  69.     it 'returns account if signed in' do
  70.       account = Fabricate(:account)
  71.       sign_in(Fabricate(:user, account: account))
  72.       expect(controller.view_context.current_account).to eq account
  73.     end
  74.   end
  75. 

  76.   describe 'helper_method :single_user_mode?' do
  77.     it 'returns false if it is in single_user_mode but there is no account' do
  78.       allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  79.       expect(controller.view_context.single_user_mode?).to eq false
  80.     end
  81. 

  82.     it 'returns false if there is an account but it is not in single_user_mode' do
  83.       allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
  84.       Fabricate(:account)
  85.       expect(controller.view_context.single_user_mode?).to eq false
  86.     end
  87. 

  88.     it 'returns true if it is in single_user_mode and there is an account' do
  89.       allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  90.       Fabricate(:account)
  91.       expect(controller.view_context.single_user_mode?).to eq true
  92.     end
  93.   end
  94. 

  95.   describe 'helper_method :current_theme' do
  96.     it 'returns "default" when theme wasn\'t changed in admin settings' do
  97.       allow(Setting).to receive(:default_settings).and_return({ 'theme' => 'default' })
  98. 

  99.       expect(controller.view_context.current_theme).to eq 'default'
  100.     end
  101. 

  102.     it 'returns instances\'s theme when user is not signed in' do
  103.       allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  104. 

  105.       expect(controller.view_context.current_theme).to eq 'contrast'
  106.     end
  107. 

  108.     it 'returns instances\'s default theme when user didn\'t set theme' do
  109.       current_user = Fabricate(:user)
  110.       sign_in current_user
  111. 

  112.       allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  113.       allow(Setting).to receive(:[]).with('noindex').and_return false
  114. 

  115.       expect(controller.view_context.current_theme).to eq 'contrast'
  116.     end
  117. 

  118.     it 'returns user\'s theme when it is set' do
  119.       current_user = Fabricate(:user)
  120.       current_user.settings['theme'] = 'mastodon-light'
  121.       sign_in current_user
  122. 

  123.       allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  124. 

  125.       expect(controller.view_context.current_theme).to eq 'mastodon-light'
  126.     end
  127.   end
  128. 

  129.   context 'ActionController::RoutingError' do
  130.     subject do
  131.       routes.draw { get 'routing_error' => 'anonymous#routing_error' }
  132.       get 'routing_error'
  133.     end
  134. 

  135.     include_examples 'respond_with_error', 404

  136.   end
  137. 

  138.   context 'ActiveRecord::RecordNotFound' do
  139.     subject do
  140.       routes.draw { get 'record_not_found' => 'anonymous#record_not_found' }
  141.       get 'record_not_found'
  142.     end
  143. 

  144.     include_examples 'respond_with_error', 404

  145.   end
  146. 

  147.   context 'ActionController::InvalidAuthenticityToken' do
  148.     subject do
  149.       routes.draw { get 'invalid_authenticity_token' => 'anonymous#invalid_authenticity_token' }
  150.       get 'invalid_authenticity_token'
  151.     end
  152. 

  153.     include_examples 'respond_with_error', 422

  154.   end
  155. 

  156.   describe 'before_action :store_current_location' do
  157.     it 'stores location for user if it is not devise controller' do
  158.       routes.draw { get 'success' => 'anonymous#success' }
  159.       get 'success'
  160.       expect(controller.stored_location_for(:user)).to eq '/success'
  161.     end
  162. 

  163.     context do
  164.       controller Devise::SessionsController do
  165.       end
  166. 

  167.       it 'does not store location for user if it is devise controller' do
  168.         @request.env["devise.mapping"] = Devise.mappings[:user]
  169.         get 'create'
  170.         expect(controller.stored_location_for(:user)).to be_nil
  171.       end
  172.     end
  173.   end
  174. 

  175.   describe 'before_action :check_suspension' do
  176.     before do
  177.       routes.draw { get 'success' => 'anonymous#success' }
  178.     end
  179. 

  180.     it 'does nothing if not signed in' do
  181.       get 'success'
  182.       expect(response).to have_http_status(200)
  183.     end
  184. 

  185.     it 'does nothing if user who signed in is not suspended' do
  186.       sign_in(Fabricate(:user, account: Fabricate(:account, suspended: false)))
  187.       get 'success'
  188.       expect(response).to have_http_status(200)
  189.     end
  190. 

  191.     it 'redirects to account status page' do
  192.       sign_in(Fabricate(:user, account: Fabricate(:account, suspended: true)))
  193.       get 'success'
  194.       expect(response).to redirect_to(edit_user_registration_path)
  195.     end
  196.   end
  197. 

  198.   describe 'raise_not_found' do
  199.     it 'raises error' do
  200.       controller.params[:unmatched_route] = 'unmatched'
  201.       expect { controller.raise_not_found }.to raise_error(ActionController::RoutingError, 'No route matches unmatched')
  202.     end
  203.   end
  204. 

  205.   describe 'require_admin!' do
  206.     controller do
  207.       before_action :require_admin!
  208. 

  209.       def sucesss
  210.         head 200

  211.       end
  212.     end
  213. 

  214.     before do
  215.       routes.draw { get 'sucesss' => 'anonymous#sucesss' }
  216.     end
  217. 

  218.     it 'returns a 403 if current user is not admin' do
  219.       sign_in(Fabricate(:user, admin: false))
  220.       get 'sucesss'
  221.       expect(response).to have_http_status(403)
  222.     end
  223. 

  224.     it 'returns a 403 if current user is only a moderator' do
  225.       sign_in(Fabricate(:user, moderator: true))
  226.       get 'sucesss'
  227.       expect(response).to have_http_status(403)
  228.     end
  229. 

  230.     it 'does nothing if current user is admin' do
  231.       sign_in(Fabricate(:user, admin: true))
  232.       get 'sucesss'
  233.       expect(response).to have_http_status(200)
  234.     end
  235.   end
  236. 

  237.   describe 'require_staff!' do
  238.     controller do
  239.       before_action :require_staff!
  240. 

  241.       def sucesss
  242.         head 200

  243.       end
  244.     end
  245. 

  246.     before do
  247.       routes.draw { get 'sucesss' => 'anonymous#sucesss' }
  248.     end
  249. 

  250.     it 'returns a 403 if current user is not admin or moderator' do
  251.       sign_in(Fabricate(:user, admin: false, moderator: false))
  252.       get 'sucesss'
  253.       expect(response).to have_http_status(403)
  254.     end
  255. 

  256.     it 'does nothing if current user is moderator' do
  257.       sign_in(Fabricate(:user, moderator: true))
  258.       get 'sucesss'
  259.       expect(response).to have_http_status(200)
  260.     end
  261. 

  262.     it 'does nothing if current user is admin' do
  263.       sign_in(Fabricate(:user, admin: true))
  264.       get 'sucesss'
  265.       expect(response).to have_http_status(200)
  266.     end
  267.   end
  268. 

  269.   describe 'forbidden' do
  270.     controller do
  271.       def route_forbidden
  272.         forbidden
  273.       end
  274.     end
  275. 

  276.     subject do
  277.       routes.draw { get 'route_forbidden' => 'anonymous#route_forbidden' }
  278.       get 'route_forbidden'
  279.     end
  280. 

  281.     include_examples 'respond_with_error', 403

  282.   end
  283. 

  284.   describe 'not_found' do
  285.     controller do
  286.       def route_not_found
  287.         not_found
  288.       end
  289.     end
  290. 

  291.     subject do
  292.       routes.draw { get 'route_not_found' => 'anonymous#route_not_found' }
  293.       get 'route_not_found'
  294.     end
  295. 

  296.     include_examples 'respond_with_error', 404

  297.   end
  298. 

  299.   describe 'gone' do
  300.     controller do
  301.       def route_gone
  302.         gone
  303.       end
  304.     end
  305. 

  306.     subject do
  307.       routes.draw { get 'route_gone' => 'anonymous#route_gone' }
  308.       get 'route_gone'
  309.     end
  310. 

  311.     include_examples 'respond_with_error', 410

  312.   end
  313. 

  314.   describe 'unprocessable_entity' do
  315.     controller do
  316.       def route_unprocessable_entity
  317.         unprocessable_entity
  318.       end
  319.     end
  320. 

  321.     subject do
  322.       routes.draw { get 'route_unprocessable_entity' => 'anonymous#route_unprocessable_entity' }
  323.       get 'route_unprocessable_entity'
  324.     end
  325. 

  326.     include_examples 'respond_with_error', 422

  327.   end
  328. 

  329.   describe 'cache_collection' do
  330.     class C < ApplicationController
  331.       public :cache_collection
  332.     end
  333. 

  334.     shared_examples 'receives :with_includes' do |fabricator, klass|
  335.       it 'uses raw if it is not an ActiveRecord::Relation' do
  336.         record = Fabricate(fabricator)
  337.         expect(C.new.cache_collection([record], klass)).to eq [record]
  338.       end
  339.     end
  340. 

  341.     shared_examples 'cacheable' do |fabricator, klass|
  342.       include_examples 'receives :with_includes', fabricator, klass
  343. 

  344.       it 'calls cache_ids of raw if it is an ActiveRecord::Relation' do
  345.         record = Fabricate(fabricator)
  346.         relation = klass.none
  347.         allow(relation).to receive(:cache_ids).and_return([record])
  348.         expect(C.new.cache_collection(relation, klass)).to eq [record]
  349.       end
  350.     end
  351. 

  352.     it 'returns raw unless class responds to :with_includes' do
  353.       raw = Object.new
  354.       expect(C.new.cache_collection(raw, Object)).to eq raw
  355.     end
  356. 

  357.     context 'Notification' do
  358.       include_examples 'cacheable', :notification, Notification
  359.     end
  360. 

  361.     context 'Status' do
  362.       include_examples 'cacheable', :status, Status
  363.     end
  364.   end
  365. end