Coverage for remote follows (#2694)

* Add coverage for create with empty acct value * Add coverage for create with webfinger failure * Add coverage for create with webfinger providing bad values * Add coverage for create when webfinger is good * Add coverage for session[:remote_follow] having data * Simplify how remote follow pulls acct from session * Remote follow behaves more like model * Move the discovery portions of remote follow out of controller * Check for suspended accounts
2017-05-01 18:44:23 -04:00
parent 7bffd16024
commit a4859446ab
3 changed files with 141 additions and 24 deletions
--- a/app/controllers/remote_follow_controller.rb
+++ b/app/controllers/remote_follow_controller.rb
@@ -4,34 +4,21 @@ class RemoteFollowController < ApplicationController
  layout 'public'

  before_action :set_account
-  before_action :check_account_suspension
+  before_action :gone, if: -> { @account.suspended? }

  def new
-    @remote_follow = RemoteFollow.new
-    @remote_follow.acct = session[:remote_follow] if session.key?(:remote_follow)
+    @remote_follow = RemoteFollow.new(session_params)
  end

  def create
    @remote_follow = RemoteFollow.new(resource_params)

    if @remote_follow.valid?
-      resource          = Goldfinger.finger("acct:#{@remote_follow.acct}")
-      redirect_url_link = resource&.link('http://ostatus.org/schema/1.0/subscribe')
-
-      if redirect_url_link.nil? || redirect_url_link.template.nil?
-        @remote_follow.errors.add(:acct, I18n.t('remote_follow.missing_resource'))
-        render(:new) && return
-      end
-
      session[:remote_follow] = @remote_follow.acct
-
-      redirect_to Addressable::Template.new(redirect_url_link.template).expand(uri: @account.to_webfinger_s).to_s
+      redirect_to @remote_follow.subscribe_address_for(@account)
    else
      render :new
    end
-  rescue Goldfinger::Error
-    @remote_follow.errors.add(:acct, I18n.t('remote_follow.missing_resource'))
-    render :new
  end

  private
@@ -40,11 +27,11 @@ class RemoteFollowController < ApplicationController
    params.require(:remote_follow).permit(:acct)
  end

+  def session_params
+    { acct: session[:remote_follow] }
+  end
+
  def set_account
    @account = Account.find_local!(params[:account_username])
  end
-
-  def check_account_suspension
-    head 410 if @account.suspended?
-  end
 end
--- a/app/models/remote_follow.rb
+++ b/app/models/remote_follow.rb
@@ -3,11 +3,47 @@
 class RemoteFollow
  include ActiveModel::Validations

-  attr_accessor :acct
-
-  validates :acct, presence: true
+  attr_accessor :acct, :addressable_template

  def initialize(attrs = {})
    @acct = attrs[:acct].strip unless attrs[:acct].nil?
  end
+
+  def valid?
+    populate_template
+    errors.empty?
+  end
+
+  def subscribe_address_for(account)
+    addressable_template.expand(uri: account.to_webfinger_s).to_s
+  end
+
+  private
+
+  def populate_template
+    if acct.blank? || redirect_url_link.nil? || redirect_url_link.template.nil?
+      missing_resource_error
+    else
+      @addressable_template = Addressable::Template.new(redirect_uri_template)
+    end
+  end
+
+  def redirect_uri_template
+    redirect_url_link.template
+  end
+
+  def redirect_url_link
+    acct_resource&.link('http://ostatus.org/schema/1.0/subscribe')
+  end
+
+  def acct_resource
+    @_acct_resource ||= Goldfinger.finger("acct:#{acct}")
+  rescue Goldfinger::Error
+    missing_resource_error
+    nil
+  end
+
+  def missing_resource_error
+    errors.add(:acct, I18n.t('remote_follow.missing_resource'))
+  end
 end
--- a/spec/controllers/remote_follow_controller_spec.rb
+++ b/spec/controllers/remote_follow_controller_spec.rb
@@ -6,11 +6,105 @@ describe RemoteFollowController do
  render_views

  describe '#new' do
-    it 'returns a success' do
+    it 'returns success when session is empty' do
      account = Fabricate(:account)
      get :new, params: { account_username: account.to_param }

      expect(response).to have_http_status(:success)
+      expect(response).to render_template(:new)
+      expect(assigns(:remote_follow).acct).to be_nil
+    end
+
+    it 'populates the remote follow with session data when session exists' do
+      session[:remote_follow] = 'user@example.com'
+      account = Fabricate(:account)
+      get :new, params: { account_username: account.to_param }
+
+      expect(response).to have_http_status(:success)
+      expect(response).to render_template(:new)
+      expect(assigns(:remote_follow).acct).to eq 'user@example.com'
+    end
+  end
+
+  describe '#create' do
+    before do
+      @account = Fabricate(:account, username: 'test_user')
+    end
+
+    context 'with a valid acct' do
+      context 'when webfinger values are wrong' do
+        it 'renders new when redirect url is nil' do
+          resource_with_nil_link = double(link: nil)
+          allow(Goldfinger).to receive(:finger).with('acct:user@example.com').and_return(resource_with_nil_link)
+          post :create, params: { account_username: @account.to_param, remote_follow: { acct: 'user@example.com' } }
+
+          expect(response).to render_template(:new)
+          expect(response.body).to include(I18n.t('remote_follow.missing_resource'))
+        end
+
+        it 'renders new when template is nil' do
+          link_with_nil_template = double(template: nil)
+          resource_with_link = double(link: link_with_nil_template)
+          allow(Goldfinger).to receive(:finger).with('acct:user@example.com').and_return(resource_with_link)
+          post :create, params: { account_username: @account.to_param, remote_follow: { acct: 'user@example.com' } }
+
+          expect(response).to render_template(:new)
+          expect(response.body).to include(I18n.t('remote_follow.missing_resource'))
+        end
+      end
+
+      context 'when webfinger values are good' do
+        before do
+          link_with_template = double(template: 'http://example.com/follow_me?acct={uri}')
+          resource_with_link = double(link: link_with_template)
+          allow(Goldfinger).to receive(:finger).with('acct:user@example.com').and_return(resource_with_link)
+          post :create, params: { account_username: @account.to_param, remote_follow: { acct: 'user@example.com' } }
+        end
+
+        it 'saves the session' do
+          expect(session[:remote_follow]).to eq 'user@example.com'
+        end
+
+        it 'redirects to the remote location' do
+          address = "http://example.com/follow_me?acct=acct%3Atest_user%40#{Rails.configuration.x.local_domain}"
+
+          expect(response).to redirect_to(address)
+        end
+      end
+    end
+
+    context 'with an invalid acct' do
+      it 'renders new when acct is missing' do
+        post :create, params: { account_username: @account.to_param, remote_follow: { acct: '' } }
+
+        expect(response).to render_template(:new)
+      end
+
+      it 'renders new with error when goldfinger fails' do
+        allow(Goldfinger).to receive(:finger).with('acct:user@example.com').and_raise(Goldfinger::Error)
+        post :create, params: { account_username: @account.to_param, remote_follow: { acct: 'user@example.com' } }
+
+        expect(response).to render_template(:new)
+        expect(response.body).to include(I18n.t('remote_follow.missing_resource'))
+      end
+    end
+  end
+
+  describe 'with a suspended account' do
+    before do
+      @account = Fabricate(:account, suspended: true)
+    end
+
+    it 'returns 410 gone on GET to #new' do
+      get :new, params: { account_username: @account.to_param }
+
+      expect(response).to have_http_status(:gone)
+    end
+
+    it 'returns 410 gone on POST to #create' do
+      post :create, params: { account_username: @account.to_param }
+
+      expect(response).to have_http_status(:gone)
    end
  end
 end