闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

138 lines
3.3 KiB

  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe ApplicationController, type: :controller do
  4. controller do
  5. include SignatureVerification
  6. def success
  7. head 200
  8. end
  9. def alternative_success
  10. head 200
  11. end
  12. end
  13. before do
  14. routes.draw { match via: [:get, :post], 'success' => 'anonymous#success' }
  15. end
  16. context 'without signature header' do
  17. before do
  18. get :success
  19. end
  20. describe '#signed_request?' do
  21. it 'returns false' do
  22. expect(controller.signed_request?).to be false
  23. end
  24. end
  25. describe '#signed_request_account' do
  26. it 'returns nil' do
  27. expect(controller.signed_request_account).to be_nil
  28. end
  29. end
  30. end
  31. context 'with signature header' do
  32. let!(:author) { Fabricate(:account) }
  33. context 'without body' do
  34. before do
  35. get :success
  36. fake_request = Request.new(:get, request.url)
  37. fake_request.on_behalf_of(author)
  38. request.headers.merge!(fake_request.headers)
  39. end
  40. describe '#signed_request?' do
  41. it 'returns true' do
  42. expect(controller.signed_request?).to be true
  43. end
  44. end
  45. describe '#signed_request_account' do
  46. it 'returns an account' do
  47. expect(controller.signed_request_account).to eq author
  48. end
  49. it 'returns nil when path does not match' do
  50. request.path = '/alternative-path'
  51. expect(controller.signed_request_account).to be_nil
  52. end
  53. it 'returns nil when method does not match' do
  54. post :success
  55. expect(controller.signed_request_account).to be_nil
  56. end
  57. end
  58. end
  59. context 'with request older than a day' do
  60. before do
  61. get :success
  62. fake_request = Request.new(:get, request.url)
  63. fake_request.add_headers({ 'Date' => 2.days.ago.utc.httpdate })
  64. fake_request.on_behalf_of(author)
  65. request.headers.merge!(fake_request.headers)
  66. end
  67. describe '#signed_request?' do
  68. it 'returns true' do
  69. expect(controller.signed_request?).to be true
  70. end
  71. end
  72. describe '#signed_request_account' do
  73. it 'returns nil' do
  74. expect(controller.signed_request_account).to be_nil
  75. end
  76. end
  77. end
  78. context 'with body' do
  79. before do
  80. post :success, body: 'Hello world'
  81. fake_request = Request.new(:post, request.url, body: 'Hello world')
  82. fake_request.on_behalf_of(author)
  83. request.headers.merge!(fake_request.headers)
  84. end
  85. describe '#signed_request?' do
  86. it 'returns true' do
  87. expect(controller.signed_request?).to be true
  88. end
  89. end
  90. describe '#signed_request_account' do
  91. it 'returns an account' do
  92. expect(controller.signed_request_account).to eq author
  93. end
  94. it 'returns nil when path does not match' do
  95. request.path = '/alternative-path'
  96. expect(controller.signed_request_account).to be_nil
  97. end
  98. it 'returns nil when method does not match' do
  99. get :success
  100. expect(controller.signed_request_account).to be_nil
  101. end
  102. it 'returns nil when body has been tampered' do
  103. post :success, body: 'doo doo doo'
  104. expect(controller.signed_request_account).to be_nil
  105. end
  106. end
  107. end
  108. end
  109. end