tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge commit '5b457961fc1189a71599dc6c06b3f159b195a455' into glitch-soc/merge-upstream

Browse Source 
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Upstream fixed an issue that was not present in glitch-soc.
  Kept our version.
This commit is contained in:
Claire
2023-07-30 13:49:35 +02:00
parent 7635c67450 5b457961fc
commit 42f36aa55a
10 changed files with 116 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/lib/vacuum/applications_vacuum_spec.rb
View File

@@ -6,43 +6,43 @@ RSpec.describe Vacuum::ApplicationsVacuum do
subject { described_class.new }
describe '#perform' do
let!(:app1) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app2) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app3) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app4) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) }
let!(:app5) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app6) { Fabricate(:application, created_at: 1.hour.ago) }
let!(:app_with_token) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_grant) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_signup) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app_with_owner) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) }
let!(:unused_app) { Fabricate(:application, created_at: 1.month.ago) }
let!(:recent_app) { Fabricate(:application, created_at: 1.hour.ago) }
let!(:active_access_token) { Fabricate(:access_token, application: app1) }
let!(:active_access_grant) { Fabricate(:access_grant, application: app2) }
let!(:user) { Fabricate(:user, created_by_application: app3) }
let!(:active_access_token) { Fabricate(:access_token, application: app_with_token) }
let!(:active_access_grant) { Fabricate(:access_grant, application: app_with_grant) }
let!(:user) { Fabricate(:user, created_by_application: app_with_signup) }
before do
subject.perform
end
it 'does not delete applications with valid access tokens' do
expect { app1.reload }.to_not raise_error
expect { app_with_token.reload }.to_not raise_error
end
it 'does not delete applications with valid access grants' do
expect { app2.reload }.to_not raise_error
expect { app_with_grant.reload }.to_not raise_error
end
it 'does not delete applications that were used to create users' do
expect { app3.reload }.to_not raise_error
expect { app_with_signup.reload }.to_not raise_error
end
it 'does not delete owned applications' do
expect { app4.reload }.to_not raise_error
expect { app_with_owner.reload }.to_not raise_error
end
it 'does not delete applications registered less than a day ago' do
expect { app6.reload }.to_not raise_error
expect { recent_app.reload }.to_not raise_error
end
it 'deletes unused applications' do
expect { app5.reload }.to raise_error ActiveRecord::RecordNotFound
expect { unused_app.reload }.to raise_error ActiveRecord::RecordNotFound
end
end
end

27
spec/requests/content_security_policy_spec.rb Normal file
View File

@@ -0,0 +1,27 @@
# frozen_string_literal: true
require 'rails_helper'
describe 'Content-Security-Policy' do
it 'sets the expected CSP headers' do
allow(SecureRandom).to receive(:base64).with(16).and_return('ZbA+JmE7+bK8F5qvADZHuQ==')
get '/'
expect(response.headers['Content-Security-Policy'].split(';').map(&:strip)).to contain_exactly(
"base-uri 'none'",
"default-src 'none'",
"frame-ancestors 'none'",
"font-src 'self' https://cb6e6126.ngrok.io",
"img-src 'self' https: data: blob: https://cb6e6126.ngrok.io",
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
"media-src 'self' https: data: https://cb6e6126.ngrok.io",
"frame-src 'self' https:",
"manifest-src 'self' https://cb6e6126.ngrok.io",
"form-action 'self'",
"child-src 'self' blob: https://cb6e6126.ngrok.io",
"worker-src 'self' blob: https://cb6e6126.ngrok.io",
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io ws://localhost:4000",
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
)
end
end