From c128146c35a755c24ae5c17d61521dddff8e0fa8 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 28 Feb 2023 17:06:05 +0100 Subject: [PATCH] Add tests --- .../collections_controller_spec.rb | 21 +++++++ .../activitypub/inboxes_controller_spec.rb | 21 +++++++ .../activitypub/outboxes_controller_spec.rb | 21 +++++++ .../activitypub/replies_controller_spec.rb | 25 ++++++++ .../application_controller_spec.rb | 18 +++++- .../auth/registrations_controller_spec.rb | 9 +++ .../auth/sessions_controller_spec.rb | 13 ++++ .../account_controller_concern_spec.rb | 24 ++++++- .../following_accounts_controller_spec.rb | 63 +++++++++++++++++++ .../settings/deletes_controller_spec.rb | 17 +++++ spec/controllers/statuses_controller_spec.rb | 25 ++++++++ spec/fabricators/account_fabricator.rb | 3 +- spec/requests/accounts_spec.rb | 27 ++++++++ spec/requests/well_known/webfinger_spec.rb | 27 +++++++- spec/services/account_search_service_spec.rb | 17 +++++ spec/services/notify_service_spec.rb | 5 ++ 16 files changed, 328 insertions(+), 8 deletions(-) diff --git a/spec/controllers/activitypub/collections_controller_spec.rb b/spec/controllers/activitypub/collections_controller_spec.rb index 11ef03c8425..0a81610327e 100644 --- a/spec/controllers/activitypub/collections_controller_spec.rb +++ b/spec/controllers/activitypub/collections_controller_spec.rb @@ -60,6 +60,27 @@ RSpec.describe ActivityPub::CollectionsController do expect(response).to have_http_status(403) end end + + context 'when account is permanently deleted' do + before do + account.mark_deleted! + account.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + before do + account.mark_deleted! + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end end context 'with signature' do diff --git a/spec/controllers/activitypub/inboxes_controller_spec.rb b/spec/controllers/activitypub/inboxes_controller_spec.rb index feca543cb7c..64c9d181200 100644 --- a/spec/controllers/activitypub/inboxes_controller_spec.rb +++ b/spec/controllers/activitypub/inboxes_controller_spec.rb @@ -46,6 +46,27 @@ RSpec.describe ActivityPub::InboxesController do expect(response).to have_http_status(202) end end + + context 'when account is permanently deleted' do + before do + account.mark_deleted! + account.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + before do + account.mark_deleted! + end + + it 'returns http accepted' do + expect(response).to have_http_status(202) + end + end end end diff --git a/spec/controllers/activitypub/outboxes_controller_spec.rb b/spec/controllers/activitypub/outboxes_controller_spec.rb index ead231f29fb..53edb45b2b3 100644 --- a/spec/controllers/activitypub/outboxes_controller_spec.rb +++ b/spec/controllers/activitypub/outboxes_controller_spec.rb @@ -63,6 +63,27 @@ RSpec.describe ActivityPub::OutboxesController do expect(response).to have_http_status(403) end end + + context 'when account is permanently deleted' do + before do + account.mark_deleted! + account.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + before do + account.mark_deleted! + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end end context 'with page requested' do diff --git a/spec/controllers/activitypub/replies_controller_spec.rb b/spec/controllers/activitypub/replies_controller_spec.rb index db7f60d3f87..9dacef3421b 100644 --- a/spec/controllers/activitypub/replies_controller_spec.rb +++ b/spec/controllers/activitypub/replies_controller_spec.rb @@ -64,6 +64,31 @@ RSpec.describe ActivityPub::RepliesController do end end + context 'when account is permanently deleted' do + let(:parent_visibility) { :public } + + before do + status.account.mark_deleted! + status.account.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + let(:parent_visibility) { :public } + + before do + status.account.mark_deleted! + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end + context 'when status is public' do let(:parent_visibility) { :public } let(:json) { body_as_json } diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index f595e8ca19e..ab349ef8fc0 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -129,7 +129,7 @@ describe ApplicationController do include_examples 'respond_with_error', 422 end - describe 'before_action :check_suspension' do + describe 'before_action :require_functional!' do before do routes.draw { get 'success' => 'anonymous#success' } end @@ -139,17 +139,29 @@ describe ApplicationController do expect(response).to have_http_status(200) end - it 'does nothing if user who signed in is not suspended' do + it 'does nothing if user who signed in is functional' do sign_in(Fabricate(:account, suspended: false).user) get 'success' expect(response).to have_http_status(200) end - it 'redirects to account status page' do + it 'redirects to account status page if the account is suspended' do sign_in(Fabricate(:account, suspended: true).user) get 'success' expect(response).to redirect_to(edit_user_registration_path) end + + it 'redirects to account status page if the account is pending deletion' do + sign_in(Fabricate(:account, deleted: true).user) + get 'success' + expect(response).to redirect_to(edit_user_registration_path) + end + + it 'redirects to account status page if the account is unconfirmed' do + sign_in(Fabricate(:user, confirmed_at: nil)) + get 'success' + expect(response).to redirect_to(edit_user_registration_path) + end end describe 'raise_not_found' do diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb index 75ab2876523..ccc126e4a11 100644 --- a/spec/controllers/auth/registrations_controller_spec.rb +++ b/spec/controllers/auth/registrations_controller_spec.rb @@ -134,6 +134,15 @@ RSpec.describe Auth::RegistrationsController do expect(response).to have_http_status(403) end end + + context 'when deleted' do + let(:user) { Fabricate(:user, account_attributes: { username: 'test', deleted_at: Time.now.utc }) } + + it 'returns http forbidden' do + put :update + expect(response).to have_http_status(403) + end + end end describe 'GET #new' do diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index e78554ec7dc..5a34aab5009 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -48,6 +48,19 @@ RSpec.describe Auth::SessionsController do expect(response).to redirect_to(new_user_session_path) end end + + context 'with a deleted user' do + before do + user.account.mark_deleted! + end + + it 'redirects to home after sign out' do + sign_in(user, scope: :user) + delete :destroy + + expect(response).to redirect_to(new_user_session_path) + end + end end describe 'POST #create' do diff --git a/spec/controllers/concerns/account_controller_concern_spec.rb b/spec/controllers/concerns/account_controller_concern_spec.rb index 6eb970dedbb..663988c45e4 100644 --- a/spec/controllers/concerns/account_controller_concern_spec.rb +++ b/spec/controllers/concerns/account_controller_concern_spec.rb @@ -32,7 +32,7 @@ describe AccountControllerConcern do end end - context 'when account is suspended' do + context 'when account is permanently suspended' do it 'returns http gone' do account = Fabricate(:account, suspended: true) get 'success', params: { account_username: account.username } @@ -40,14 +40,32 @@ describe AccountControllerConcern do end end - context 'when account is deleted by owner' do + context 'when account is temporarily suspended' do + it 'returns http forbidden' do + account = Fabricate(:account) + account.suspend! + get 'success', params: { account_username: account.username } + expect(response).to have_http_status(403) + end + end + + context 'when account is permanently deleted' do it 'returns http gone' do - account = Fabricate(:account, suspended: true, user: nil) + account = Fabricate(:account, deleted: true) get 'success', params: { account_username: account.username } expect(response).to have_http_status(410) end end + context 'when account is pending deletion' do + it 'returns http forbidden' do + account = Fabricate(:account) + account.mark_deleted! + get 'success', params: { account_username: account.username } + expect(response).to have_http_status(403) + end + end + context 'when account is not suspended' do let(:account) { Fabricate(:account, username: 'username') } diff --git a/spec/controllers/following_accounts_controller_spec.rb b/spec/controllers/following_accounts_controller_spec.rb index 7bb78fb4204..4c31d720c61 100644 --- a/spec/controllers/following_accounts_controller_spec.rb +++ b/spec/controllers/following_accounts_controller_spec.rb @@ -36,6 +36,27 @@ describe FollowingAccountsController do expect(response).to have_http_status(403) end end + + context 'when account is permanently deleted' do + before do + alice.mark_deleted! + alice.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + before do + alice.mark_deleted! + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end end context 'when format is json' do @@ -79,6 +100,27 @@ describe FollowingAccountsController do expect(response).to have_http_status(403) end end + + context 'when account is permanently deleted' do + before do + alice.mark_deleted! + alice.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + before do + alice.mark_deleted! + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end end context 'without page' do @@ -127,6 +169,27 @@ describe FollowingAccountsController do expect(response).to have_http_status(403) end end + + context 'when account is permanently deleted' do + before do + alice.mark_deleted! + alice.deletion_request.destroy + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is pending deletion' do + before do + alice.mark_deleted! + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end end end end diff --git a/spec/controllers/settings/deletes_controller_spec.rb b/spec/controllers/settings/deletes_controller_spec.rb index e2bc19f9795..902b2bab25f 100644 --- a/spec/controllers/settings/deletes_controller_spec.rb +++ b/spec/controllers/settings/deletes_controller_spec.rb @@ -27,6 +27,15 @@ describe Settings::DeletesController do expect(response.headers['Cache-Control']).to include('private, no-store') end end + + context 'when already deleted' do + let(:user) { Fabricate(:user, account_attributes: { deleted_at: Time.now.utc }) } + + it 'returns http forbidden' do + get :show + expect(response).to have_http_status(403) + end + end end context 'when not signed in' do @@ -64,6 +73,14 @@ describe Settings::DeletesController do expect(response).to have_http_status(403) end end + + context 'when already deleted' do + let(:user) { Fabricate(:user, account_attributes: { deleted_at: Time.now.utc }) } + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end end context 'with incorrect password' do diff --git a/spec/controllers/statuses_controller_spec.rb b/spec/controllers/statuses_controller_spec.rb index fe40ee6de17..f57e01b29d9 100644 --- a/spec/controllers/statuses_controller_spec.rb +++ b/spec/controllers/statuses_controller_spec.rb @@ -34,6 +34,31 @@ describe StatusesController do end end + context 'when account is permanently deleted' do + before do + account.mark_deleted! + account.deletion_request.destroy + + get :show, params: { account_username: account.username, id: status.id } + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + + context 'when account is temporarily deleted' do + before do + account.mark_deleted! + + get :show, params: { account_username: account.username, id: status.id } + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end + context 'when status is a reblog' do let(:original_account) { Fabricate(:account, domain: 'example.com') } let(:original_status) { Fabricate(:status, account: original_account, url: 'https://example.com/123') } diff --git a/spec/fabricators/account_fabricator.rb b/spec/fabricators/account_fabricator.rb index 534b8ae843d..eec859f8e81 100644 --- a/spec/fabricators/account_fabricator.rb +++ b/spec/fabricators/account_fabricator.rb @@ -5,13 +5,14 @@ public_key = keypair.public_key.to_pem private_key = keypair.to_pem Fabricator(:account) do - transient :suspended, :silenced + transient :suspended, :silenced, :deleted username { sequence(:username) { |i| "#{Faker::Internet.user_name(separators: %w(_))}#{i}" } } last_webfingered_at { Time.now.utc } public_key { public_key } private_key { private_key } suspended_at { |attrs| attrs[:suspended] ? Time.now.utc : nil } silenced_at { |attrs| attrs[:silenced] ? Time.now.utc : nil } + deleted_at { |attrs| attrs[:deleted] ? Time.now.utc : nil } user { |attrs| attrs[:domain].nil? ? Fabricate.build(:user, account: nil) : nil } uri { |attrs| attrs[:domain].nil? ? '' : "https://#{attrs[:domain]}/users/#{attrs[:username]}" } discoverable true diff --git a/spec/requests/accounts_spec.rb b/spec/requests/accounts_spec.rb index bf067cdc38a..d330ebff974 100644 --- a/spec/requests/accounts_spec.rb +++ b/spec/requests/accounts_spec.rb @@ -44,6 +44,33 @@ describe 'Accounts show response' do end end + describe 'permanently deleted account check' do + before do + account.mark_deleted! + account.deletion_request.destroy + end + + it 'returns appropriate http response code' do + { html: 410, json: 410, rss: 410 }.each do |format, code| + get short_account_path(username: account.username), as: format + + expect(response).to have_http_status(code) + end + end + end + + describe 'pending deletion account check' do + before { account.mark_deleted! } + + it 'returns appropriate http response code' do + { html: 403, json: 403, rss: 403 }.each do |format, code| + get short_account_path(username: account.username), as: format + + expect(response).to have_http_status(code) + end + end + end + describe 'GET to short username paths' do context 'with existing statuses' do let!(:status) { Fabricate(:status, account: account) } diff --git a/spec/requests/well_known/webfinger_spec.rb b/spec/requests/well_known/webfinger_spec.rb index 0aafdf56244..ecd3e8bf534 100644 --- a/spec/requests/well_known/webfinger_spec.rb +++ b/spec/requests/well_known/webfinger_spec.rb @@ -53,7 +53,18 @@ describe 'The /.well-known/webfinger endpoint' do it_behaves_like 'a successful response' end - context 'when an account is permanently suspended or deleted' do + context 'when an account is pending deletion' do + let(:resource) { alice.to_webfinger_s } + + before do + alice.mark_deleted! + perform_request! + end + + it_behaves_like 'a successful response' + end + + context 'when an account is permanently suspended' do let(:resource) { alice.to_webfinger_s } before do @@ -67,6 +78,20 @@ describe 'The /.well-known/webfinger endpoint' do end end + context 'when an account is permanently deleted' do + let(:resource) { alice.to_webfinger_s } + + before do + alice.mark_deleted! + alice.deletion_request.destroy + perform_request! + end + + it 'returns http gone' do + expect(response).to have_http_status(410) + end + end + context 'when an account is not found' do let(:resource) { 'acct:not@existing.com' } diff --git a/spec/services/account_search_service_spec.rb b/spec/services/account_search_service_spec.rb index 5ec08859031..6910dd5e929 100644 --- a/spec/services/account_search_service_spec.rb +++ b/spec/services/account_search_service_spec.rb @@ -78,6 +78,15 @@ describe AccountSearchService do expect(results).to eq [partial] end + it 'returns the fuzzy match first, and does not return deleted exacts' do + partial = Fabricate(:account, username: 'exactness') + Fabricate(:account, username: 'exact', deleted: true) + results = subject.call('exact', nil, limit: 10) + + expect(results.size).to eq 1 + expect(results).to eq [partial] + end + it 'does not return suspended remote accounts' do Fabricate(:account, username: 'a', domain: 'remote', display_name: 'e', suspended: true) results = subject.call('a@example.com', nil, limit: 2) @@ -85,5 +94,13 @@ describe AccountSearchService do expect(results.size).to eq 0 expect(results).to eq [] end + + it 'does not return deleted remote accounts' do + Fabricate(:account, username: 'a', domain: 'remote', display_name: 'e', deleted: true) + results = subject.call('a@example.com', nil, limit: 2) + + expect(results.size).to eq 0 + expect(results).to eq [] + end end end diff --git a/spec/services/notify_service_spec.rb b/spec/services/notify_service_spec.rb index 514f634d7fd..a85379bd3d8 100644 --- a/spec/services/notify_service_spec.rb +++ b/spec/services/notify_service_spec.rb @@ -50,6 +50,11 @@ RSpec.describe NotifyService do expect { subject }.to_not change(Notification, :count) end + it 'does not notify when recipient is deleted' do + recipient.mark_deleted! + expect { subject }.to_not change(Notification, :count) + end + describe 'reblogs' do let(:status) { Fabricate(:status, account: Fabricate(:account)) } let(:activity) { Fabricate(:status, account: sender, reblog: status) }