tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into glitch-soc/merge-upstream

Browse Source 
Conflicts:
- Gemfile
- Gemfile.lock
- app/controllers/about_controller.rb
- app/controllers/auth/sessions_controller.rb
This commit is contained in:
Thibaut Girka
2019-09-30 12:23:57 +02:00
parent febcdad2e2 3babf8464b
commit 16ff7c5627
352 changed files with 7151 additions and 2269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
spec/controllers/auth/challenges_controller_spec.rb Normal file
View File

@@ -0,0 +1,46 @@
# frozen_string_literal: true
require 'rails_helper'
describe Auth::ChallengesController, type: :controller do
render_views
let(:password) { 'foobar12345' }
let(:user) { Fabricate(:user, password: password) }
before do
sign_in user
end
describe 'POST #create' do
let(:return_to) { edit_user_registration_path }
context 'with correct password' do
before { post :create, params: { form_challenge: { return_to: return_to, current_password: password } } }
it 'redirects back' do
expect(response).to redirect_to(return_to)
end
it 'sets session' do
expect(session[:challenge_passed_at]).to_not be_nil
end
end
context 'with incorrect password' do
before { post :create, params: { form_challenge: { return_to: return_to, current_password: 'hhfggjjd562' } } }
it 'renders challenge' do
expect(response).to render_template('auth/challenges/new')
end
it 'displays error' do
expect(response.body).to include 'Invalid password'
end
it 'does not set session' do
expect(session[:challenge_passed_at]).to be_nil
end
end
end
end

2
spec/controllers/auth/sessions_controller_spec.rb
View File

@@ -80,7 +80,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
let(:user) do
account = Fabricate.build(:account, username: 'pam_user1')
account.save!(validate: false)
user = Fabricate(:user, email: 'pam@example.com', password: nil, account: account)
user = Fabricate(:user, email: 'pam@example.com', password: nil, account: account, external: true)
user
end

114
spec/controllers/concerns/challengable_concern_spec.rb Normal file
View File

@@ -0,0 +1,114 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe ChallengableConcern, type: :controller do
controller(ApplicationController) do
include ChallengableConcern
before_action :require_challenge!
def foo
render plain: 'foo'
end
def bar
render plain: 'bar'
end
end
before do
routes.draw do
get 'foo' => 'anonymous#foo'
post 'bar' => 'anonymous#bar'
end
end
context 'with a no-password user' do
let(:user) { Fabricate(:user, external: true, password: nil) }
before do
sign_in user
end
context 'for GET requests' do
before { get :foo }
it 'does not ask for password' do
expect(response.body).to eq 'foo'
end
end
context 'for POST requests' do
before { post :bar }
it 'does not ask for password' do
expect(response.body).to eq 'bar'
end
end
end
context 'with recent challenge in session' do
let(:password) { 'foobar12345' }
let(:user) { Fabricate(:user, password: password) }
before do
sign_in user
end
context 'for GET requests' do
before { get :foo, session: { challenge_passed_at: Time.now.utc } }
it 'does not ask for password' do
expect(response.body).to eq 'foo'
end
end
context 'for POST requests' do
before { post :bar, session: { challenge_passed_at: Time.now.utc } }
it 'does not ask for password' do
expect(response.body).to eq 'bar'
end
end
end
context 'with a password user' do
let(:password) { 'foobar12345' }
let(:user) { Fabricate(:user, password: password) }
before do
sign_in user
end
context 'for GET requests' do
before { get :foo }
it 'renders challenge' do
expect(response).to render_template('auth/challenges/new')
end
# See Auth::ChallengesControllerSpec
end
context 'for POST requests' do
before { post :bar }
it 'renders challenge' do
expect(response).to render_template('auth/challenges/new')
end
it 'accepts correct password' do
post :bar, params: { form_challenge: { current_password: password } }
expect(response.body).to eq 'bar'
expect(session[:challenge_passed_at]).to_not be_nil
end
it 'rejects wrong password' do
post :bar, params: { form_challenge: { current_password: 'dddfff888123' } }
expect(response.body).to render_template('auth/challenges/new')
expect(session[:challenge_passed_at]).to be_nil
end
end
end
end

14
spec/controllers/settings/migrations_controller_spec.rb
View File

@@ -21,6 +21,7 @@ describe Settings::MigrationsController do
let(:user) { Fabricate(:user, account: account) }
let(:account) { Fabricate(:account, moved_to_account: moved_to_account) }
before { sign_in user, scope: :user }
context 'when user does not have moved to account' do
@@ -32,7 +33,7 @@ describe Settings::MigrationsController do
end
end
context 'when user does not have moved to account' do
context 'when user has a moved to account' do
let(:moved_to_account) { Fabricate(:account) }
it 'renders show page' do
@@ -43,21 +44,22 @@ describe Settings::MigrationsController do
end
end
describe 'PUT #update' do
describe 'POST #create' do
context 'when user is not sign in' do
subject { put :update }
subject { post :create }
it_behaves_like 'authenticate user'
end
context 'when user is sign in' do
subject { put :update, params: { migration: { acct: acct } } }
subject { post :create, params: { account_migration: { acct: acct, current_password: '12345678' } } }
let(:user) { Fabricate(:user, password: '12345678') }
let(:user) { Fabricate(:user) }
before { sign_in user, scope: :user }
context 'when migration account is changed' do
let(:acct) { Fabricate(:account) }
let(:acct) { Fabricate(:account, also_known_as: [ActivityPub::TagManager.instance.uri_for(user.account)]) }
it 'updates moved to account' do
is_expected.to redirect_to settings_migration_path

10
spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
View File

@@ -24,7 +24,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
context 'when signed in' do
subject do
sign_in user, scope: :user
get :new
get :new, session: { challenge_passed_at: Time.now.utc }
end
include_examples 'renders :new'
@@ -37,7 +37,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
it 'redirects if user do not have otp_secret' do
sign_in user_without_otp_secret, scope: :user
get :new
get :new, session: { challenge_passed_at: Time.now.utc }
expect(response).to redirect_to('/settings/two_factor_authentication')
end
end
@@ -50,7 +50,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
describe 'when form_two_factor_confirmation parameter is not provided' do
it 'raises ActionController::ParameterMissing' do
post :create, params: {}
post :create, params: {}, session: { challenge_passed_at: Time.now.utc }
expect(response).to have_http_status(400)
end
end
@@ -68,7 +68,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
true
end
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, session: { challenge_passed_at: Time.now.utc }
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled'
@@ -85,7 +85,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
false
end
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, session: { challenge_passed_at: Time.now.utc }
end
it 'renders the new view' do

2
spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb
View File

@@ -15,7 +15,7 @@ describe Settings::TwoFactorAuthentication::RecoveryCodesController do
end
sign_in user, scope: :user
post :create
post :create, session: { challenge_passed_at: Time.now.utc }
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Recovery codes successfully regenerated'

2
spec/controllers/settings/two_factor_authentications_controller_spec.rb
View File

@@ -58,7 +58,7 @@ describe Settings::TwoFactorAuthenticationsController do
describe 'when creation succeeds' do
it 'updates user secret' do
before = user.otp_secret
post :create
post :create, session: { challenge_passed_at: Time.now.utc }
expect(user.reload.otp_secret).not_to eq(before)
expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path)

36
spec/controllers/well_known/nodeinfo_controller_spec.rb Normal file
View File

@@ -0,0 +1,36 @@
require 'rails_helper'
describe WellKnown::NodeInfoController, type: :controller do
render_views
describe 'GET #index' do
it 'returns json document pointing to node info' do
get :index
expect(response).to have_http_status(200)
expect(response.content_type).to eq 'application/json'
json = body_as_json
expect(json[:links]).to be_an Array
expect(json[:links][0][:rel]).to eq 'http://nodeinfo.diaspora.software/ns/schema/2.0'
expect(json[:links][0][:href]).to include 'nodeinfo/2.0'
end
end
describe 'GET #show' do
it 'returns json document with node info properties' do
get :show
expect(response).to have_http_status(200)
expect(response.content_type).to eq 'application/json'
json = body_as_json
expect(json[:version]).to eq '2.0'
expect(json[:usage]).to be_a Hash
expect(json[:software]).to be_a Hash
expect(json[:protocols]).to be_an Array
end
end
end