closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10234 Commits
4 Branches
567 MiB
Tree: cbd0ee1d07
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cbd0ee1d07'
${ noResults }
mastodon/spec/controllers/application_controller_spec.rb

342 lines
9.2 KiB
Raw Normal View History

single_user_mode? always returns boolean (#3215) This change also adds a specification for the method.
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Spec response for forgery (#3248) Remove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
single_user_mode? always returns boolean (#3215) This change also adds a specification for the method.
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
5 years ago
Lint pass (#8876)
5 years ago
Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
5 years ago
add admin setting for default search engine indexing (fix #11750) (#11804)
4 years ago
Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092
5 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Lint pass (#8876)
5 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Improve require_admin! and require_staff! filters (#7018) Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Improve require_admin! and require_staff! filters (#7018) Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
6 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use "match_array" only for order independent assertions (#3626)
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
Use "match_array" only for order independent assertions (#3626)
7 years ago
Cover ApplicationController more in spec (#3230)
7 years ago
single_user_mode? always returns boolean (#3215) This change also adds a specification for the method.
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe ApplicationController, type: :controller do
  6.   controller do
  7.     def success
  8.       head 200

  9.     end
  10. 

  11.     def routing_error
  12.       raise ActionController::RoutingError, ''
  13.     end
  14. 

  15.     def record_not_found
  16.       raise ActiveRecord::RecordNotFound, ''
  17.     end
  18. 

  19.     def invalid_authenticity_token
  20.       raise ActionController::InvalidAuthenticityToken, ''
  21.     end
  22.   end
  23. 

  24.   shared_examples 'respond_with_error' do |code|
  25.     it "returns http #{code} for http" do
  26.       subject
  27.       expect(response).to have_http_status(code)
  28.     end
  29. 

  30.     it "renders template for http" do
  31.       is_expected.to render_template("errors/#{code}", layout: 'error')
  32.     end
  33.   end
  34. 

  35.   context 'forgery' do
  36.     subject do
  37.       ActionController::Base.allow_forgery_protection = true
  38.       routes.draw { post 'success' => 'anonymous#success' }
  39.       post 'success'
  40.     end
  41. 

  42.     include_examples 'respond_with_error', 422

  43.   end
  44. 

  45.   describe 'helper_method :current_account' do
  46.     it 'returns nil if not signed in' do
  47.       expect(controller.view_context.current_account).to be_nil
  48.     end
  49. 

  50.     it 'returns account if signed in' do
  51.       account = Fabricate(:account)
  52.       sign_in(Fabricate(:user, account: account))
  53.       expect(controller.view_context.current_account).to eq account
  54.     end
  55.   end
  56. 

  57.   describe 'helper_method :single_user_mode?' do
  58.     it 'returns false if it is in single_user_mode but there is no account' do
  59.       allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  60.       expect(controller.view_context.single_user_mode?).to eq false
  61.     end
  62. 

  63.     it 'returns false if there is an account but it is not in single_user_mode' do
  64.       allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
  65.       Fabricate(:account)
  66.       expect(controller.view_context.single_user_mode?).to eq false
  67.     end
  68. 

  69.     it 'returns true if it is in single_user_mode and there is an account' do
  70.       allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  71.       Fabricate(:account)
  72.       expect(controller.view_context.single_user_mode?).to eq true
  73.     end
  74.   end
  75. 

  76.   describe 'helper_method :current_theme' do
  77.     it 'returns "default" when theme wasn\'t changed in admin settings' do
  78.       allow(Setting).to receive(:default_settings).and_return({ 'theme' => 'default' })
  79. 

  80.       expect(controller.view_context.current_theme).to eq 'default'
  81.     end
  82. 

  83.     it 'returns instances\'s theme when user is not signed in' do
  84.       allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  85. 

  86.       expect(controller.view_context.current_theme).to eq 'contrast'
  87.     end
  88. 

  89.     it 'returns instances\'s default theme when user didn\'t set theme' do
  90.       current_user = Fabricate(:user)
  91.       sign_in current_user
  92. 

  93.       allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  94.       allow(Setting).to receive(:[]).with('noindex').and_return false
  95. 

  96.       expect(controller.view_context.current_theme).to eq 'contrast'
  97.     end
  98. 

  99.     it 'returns user\'s theme when it is set' do
  100.       current_user = Fabricate(:user)
  101.       current_user.settings['theme'] = 'mastodon-light'
  102.       sign_in current_user
  103. 

  104.       allow(Setting).to receive(:[]).with('theme').and_return 'contrast'
  105. 

  106.       expect(controller.view_context.current_theme).to eq 'mastodon-light'
  107.     end
  108.   end
  109. 

  110.   context 'ActionController::RoutingError' do
  111.     subject do
  112.       routes.draw { get 'routing_error' => 'anonymous#routing_error' }
  113.       get 'routing_error'
  114.     end
  115. 

  116.     include_examples 'respond_with_error', 404

  117.   end
  118. 

  119.   context 'ActiveRecord::RecordNotFound' do
  120.     subject do
  121.       routes.draw { get 'record_not_found' => 'anonymous#record_not_found' }
  122.       get 'record_not_found'
  123.     end
  124. 

  125.     include_examples 'respond_with_error', 404

  126.   end
  127. 

  128.   context 'ActionController::InvalidAuthenticityToken' do
  129.     subject do
  130.       routes.draw { get 'invalid_authenticity_token' => 'anonymous#invalid_authenticity_token' }
  131.       get 'invalid_authenticity_token'
  132.     end
  133. 

  134.     include_examples 'respond_with_error', 422

  135.   end
  136. 

  137.   describe 'before_action :store_current_location' do
  138.     it 'stores location for user if it is not devise controller' do
  139.       routes.draw { get 'success' => 'anonymous#success' }
  140.       get 'success'
  141.       expect(controller.stored_location_for(:user)).to eq '/success'
  142.     end
  143. 

  144.     context do
  145.       controller Devise::SessionsController do
  146.       end
  147. 

  148.       it 'does not store location for user if it is devise controller' do
  149.         @request.env["devise.mapping"] = Devise.mappings[:user]
  150.         get 'create'
  151.         expect(controller.stored_location_for(:user)).to be_nil
  152.       end
  153.     end
  154.   end
  155. 

  156.   describe 'before_action :check_suspension' do
  157.     before do
  158.       routes.draw { get 'success' => 'anonymous#success' }
  159.     end
  160. 

  161.     it 'does nothing if not signed in' do
  162.       get 'success'
  163.       expect(response).to have_http_status(200)
  164.     end
  165. 

  166.     it 'does nothing if user who signed in is not suspended' do
  167.       sign_in(Fabricate(:user, account: Fabricate(:account, suspended: false)))
  168.       get 'success'
  169.       expect(response).to have_http_status(200)
  170.     end
  171. 

  172.     it 'redirects to account status page' do
  173.       sign_in(Fabricate(:user, account: Fabricate(:account, suspended: true)))
  174.       get 'success'
  175.       expect(response).to redirect_to(edit_user_registration_path)
  176.     end
  177.   end
  178. 

  179.   describe 'raise_not_found' do
  180.     it 'raises error' do
  181.       controller.params[:unmatched_route] = 'unmatched'
  182.       expect { controller.raise_not_found }.to raise_error(ActionController::RoutingError, 'No route matches unmatched')
  183.     end
  184.   end
  185. 

  186.   describe 'require_admin!' do
  187.     controller do
  188.       before_action :require_admin!
  189. 

  190.       def sucesss
  191.         head 200

  192.       end
  193.     end
  194. 

  195.     before do
  196.       routes.draw { get 'sucesss' => 'anonymous#sucesss' }
  197.     end
  198. 

  199.     it 'returns a 403 if current user is not admin' do
  200.       sign_in(Fabricate(:user, admin: false))
  201.       get 'sucesss'
  202.       expect(response).to have_http_status(403)
  203.     end
  204. 

  205.     it 'returns a 403 if current user is only a moderator' do
  206.       sign_in(Fabricate(:user, moderator: true))
  207.       get 'sucesss'
  208.       expect(response).to have_http_status(403)
  209.     end
  210. 

  211.     it 'does nothing if current user is admin' do
  212.       sign_in(Fabricate(:user, admin: true))
  213.       get 'sucesss'
  214.       expect(response).to have_http_status(200)
  215.     end
  216.   end
  217. 

  218.   describe 'require_staff!' do
  219.     controller do
  220.       before_action :require_staff!
  221. 

  222.       def sucesss
  223.         head 200

  224.       end
  225.     end
  226. 

  227.     before do
  228.       routes.draw { get 'sucesss' => 'anonymous#sucesss' }
  229.     end
  230. 

  231.     it 'returns a 403 if current user is not admin or moderator' do
  232.       sign_in(Fabricate(:user, admin: false, moderator: false))
  233.       get 'sucesss'
  234.       expect(response).to have_http_status(403)
  235.     end
  236. 

  237.     it 'does nothing if current user is moderator' do
  238.       sign_in(Fabricate(:user, moderator: true))
  239.       get 'sucesss'
  240.       expect(response).to have_http_status(200)
  241.     end
  242. 

  243.     it 'does nothing if current user is admin' do
  244.       sign_in(Fabricate(:user, admin: true))
  245.       get 'sucesss'
  246.       expect(response).to have_http_status(200)
  247.     end
  248.   end
  249. 

  250.   describe 'forbidden' do
  251.     controller do
  252.       def route_forbidden
  253.         forbidden
  254.       end
  255.     end
  256. 

  257.     subject do
  258.       routes.draw { get 'route_forbidden' => 'anonymous#route_forbidden' }
  259.       get 'route_forbidden'
  260.     end
  261. 

  262.     include_examples 'respond_with_error', 403

  263.   end
  264. 

  265.   describe 'not_found' do
  266.     controller do
  267.       def route_not_found
  268.         not_found
  269.       end
  270.     end
  271. 

  272.     subject do
  273.       routes.draw { get 'route_not_found' => 'anonymous#route_not_found' }
  274.       get 'route_not_found'
  275.     end
  276. 

  277.     include_examples 'respond_with_error', 404

  278.   end
  279. 

  280.   describe 'gone' do
  281.     controller do
  282.       def route_gone
  283.         gone
  284.       end
  285.     end
  286. 

  287.     subject do
  288.       routes.draw { get 'route_gone' => 'anonymous#route_gone' }
  289.       get 'route_gone'
  290.     end
  291. 

  292.     include_examples 'respond_with_error', 410

  293.   end
  294. 

  295.   describe 'unprocessable_entity' do
  296.     controller do
  297.       def route_unprocessable_entity
  298.         unprocessable_entity
  299.       end
  300.     end
  301. 

  302.     subject do
  303.       routes.draw { get 'route_unprocessable_entity' => 'anonymous#route_unprocessable_entity' }
  304.       get 'route_unprocessable_entity'
  305.     end
  306. 

  307.     include_examples 'respond_with_error', 422

  308.   end
  309. 

  310.   describe 'cache_collection' do
  311.     class C < ApplicationController
  312.       public :cache_collection
  313.     end
  314. 

  315.     shared_examples 'receives :with_includes' do |fabricator, klass|
  316.       it 'uses raw if it is not an ActiveRecord::Relation' do
  317.         record = Fabricate(fabricator)
  318.         expect(C.new.cache_collection([record], klass)).to eq [record]
  319.       end
  320.     end
  321. 

  322.     shared_examples 'cacheable' do |fabricator, klass|
  323.       include_examples 'receives :with_includes', fabricator, klass
  324. 

  325.       it 'calls cache_ids of raw if it is an ActiveRecord::Relation' do
  326.         record = Fabricate(fabricator)
  327.         relation = klass.none
  328.         allow(relation).to receive(:cache_ids).and_return([record])
  329.         expect(C.new.cache_collection(relation, klass)).to eq [record]
  330.       end
  331.     end
  332. 

  333.     it 'returns raw unless class responds to :with_includes' do
  334.       raw = Object.new
  335.       expect(C.new.cache_collection(raw, Object)).to eq raw
  336.     end
  337. 

  338.     context 'Status' do
  339.       include_examples 'cacheable', :status, Status
  340.     end
  341.   end
  342. end