mirror
/
hometown
mirror of https://github.com/hometown-fork/hometown.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15613 Commits
16 Branches
215 Tags
370 MiB
Branch: hometown-dev
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'hometown-dev'
${ noResults }
hometown/spec/requests/statuses_spec.rb

500 lines
16 KiB
Raw Permalink Normal View History Unescape

Bringing Hometown up to date with mastodon/mastodon (#1371) This is a massive PR, so apologies for the poor performance viewing it! This merges in the content of Mastodon 4.3.0. *This PR isn't ready to deploy to production*, and I don't recommend trying it in a production environment. Since I started by merging 4.3.0, this will likely have reverted at least some of the content of the post-4.3.0 security patches in the 4.2.x series; those will be brought back as I merge in 4.4.0 and 4.5.0. I haven't yet tested this PR, so it may not actually run without additional tweaks. I'm putting it up now for discussion and so multiple people can test if we want. --- Here's a few notes on things I ran into and thoughts I had while working on it: * We may want to look at `server_banner.jsx,` where I ended up undoing the v3-style rewrite due to the new react component being used. I'm not sure what the current goal for it is. * I may not have 100% merged in all content from `status_action_bar` correctly. * There's a number of places where I updated the links for remote usernames, and they should be tested to make sure they work. They're all `<Permalink>` elements. I have in my notes that `status_content` might need double-checking. * I may also not have gotten the spoiler display right in `status_content`. * It looks like previous versions of Hometown had customizations to the `media_item` display, not all of which was preserved as-is due to surrounding rewrites. I'm not sure what the vision is and could use another set of eyes. * The character count rendering clashed with the newly-introduced handling of a character count variable upstream, and I'm not sure if the version I've got here 100% works or not. * The navigation bar was completely rewritten and no longer has the components Hometown was customizing; did I properly catch any replacements? Did we handle all links to accounts to make sure they go to the remote instance? * Polls: I reverted the single/multiple choice toggle because upstream has an actual proper UI for this that should be integrated in one of the versions we’re merging in. Please double-check that the current version looks fine to you. * The font icons will need double-checking. Hometown made some custom use of the font-awesome icons, while Mastodon 4.3.0 replaced font-awesome with something else. I may not have caught all places that font-awesome icons were being used. * We’ll want to make sure the post display is correct, including Hometown customizations, because the previous static post page has been replaced with the React one. --------- Co-authored-by: Claire <claire.github-309c@sitedethib.com> Co-authored-by: Matt Jankowski <matt@jankowski.online> Co-authored-by: Renaud Chaput <renchap@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: David Roetzel <david@roetzel.de> Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com> Co-authored-by: Jeong Arm <kjwonmail@gmail.com> Co-authored-by: Christian Schmidt <github@chsc.dk> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: GitHub Actions <noreply@github.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Darius Kazemi <darius.kazemi@gmail.com> Co-authored-by: diondiondion <mail@diondiondion.com> Co-authored-by: Echo <ChaosExAnima@users.noreply.github.com> Co-authored-by: Shugo Maeda <shugo.maeda@gmail.com> Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com> Co-authored-by: Shlee <github@shl.ee> Co-authored-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Co-authored-by: Jessica Stokes <hello@jessicastokes.net> Co-authored-by: PGray <77597544+PGrayCS@users.noreply.github.com>
3 weeks ago
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Statuses' do
describe 'GET /@:account_username/:id' do
let(:account) { Fabricate(:account) }
let(:status) { Fabricate(:status, account: account) }
context 'when signed out' do
context 'when account is permanently suspended' do
before do
account.suspend!
account.deletion_request.destroy
end
it 'returns http gone' do
get "/@#{account.username}/#{status.id}"
expect(response)
.to have_http_status(410)
end
end
context 'when account is temporarily suspended' do
before { account.suspend! }
it 'returns http forbidden' do
get "/@#{account.username}/#{status.id}"
expect(response)
.to have_http_status(403)
end
end
context 'when status is a reblog' do
let(:original_account) { Fabricate(:account, domain: 'example.com') }
let(:original_status) { Fabricate(:status, account: original_account, url: 'https://example.com/123') }
let(:status) { Fabricate(:status, account: account, reblog: original_status) }
it 'redirects to the original status' do
get "/@#{status.account.username}/#{status.id}"
expect(response)
.to redirect_to(original_status.url)
end
end
context 'when status visibility is public' do
subject { get short_account_status_path(account_username: account.username, id: status.id, format: format) }
let(:status) { Fabricate(:status, account: account, visibility: :public) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('public'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
.and have_cacheable_headers.with_vary('Accept, Accept-Language, Cookie')
expect(response.headers).to include(
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when status visibility is private' do
let(:status) { Fabricate(:status, account: account, visibility: :private) }
it 'returns http not found' do
get short_account_status_path(account_username: account.username, id: status.id)
expect(response)
.to have_http_status(404)
end
end
context 'when status visibility is direct' do
let(:status) { Fabricate(:status, account: account, visibility: :direct) }
it 'returns http not found' do
get short_account_status_path(account_username: account.username, id: status.id)
expect(response)
.to have_http_status(404)
end
end
end
context 'when signed in' do
subject { get short_account_status_path(account_username: account.username, id: status.id, format: format) }
let(:user) { Fabricate(:user) }
before { sign_in_with_session(user) }
context 'when account blocks user' do
before { account.block!(user.account) }
it 'returns http not found' do
get "/@#{status.account.username}/#{status.id}"
expect(response)
.to have_http_status(404)
end
end
context 'when status is public' do
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when status is private' do
let(:status) { Fabricate(:status, account: account, visibility: :private) }
context 'when user is authorized to see it' do
before { user.account.follow!(account) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
let(:format) { 'html' }
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
end
context 'when status is direct' do
let(:status) { Fabricate(:status, account: account, visibility: :direct) }
context 'when user is authorized to see it' do
before { Fabricate(:mention, account: user.account, status: status) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully' do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
let(:format) { 'html' }
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
end
private
def sign_in_with_session(user)
# The regular `sign_in` helper does not actually set session cookies
# The endpoint responses here rely on cookie/session checks to set cache privacy headers
# To enable that, perform a full sign in which will establish those cookies for subsequent spec requests
post user_session_path, params: { user: { email: user.email, password: user.password } }
end
end
context 'with "HTTP Signature" access signed by a remote account' do
subject do
get short_account_status_path(account_username: status.account.username, id: status.id, format: format),
headers: nil,
sign_with: remote_account
end
let(:format) { 'html' }
let(:remote_account) { Fabricate(:account, domain: 'host.example') }
context 'when account blocks the remote account' do
before { account.block!(remote_account) }
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
context 'when account domain blocks the domain of the remote account' do
before { account.block_domain!(remote_account.domain) }
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
context 'when status has public visibility' do
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
.and have_cacheable_headers.with_vary('Accept, Accept-Language, Cookie')
expect(response.headers).to include(
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
context 'with JSON and querying the new paths' do
subject do
get ap_account_status_path(account_id: status.account_id, id: status.id),
headers: { 'Accept' => 'application/activity+json' },
sign_with: remote_account
end
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
.and have_cacheable_headers.with_vary('Accept, Accept-Language, Cookie')
expect(response.headers).to include(
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when status has private visibility' do
let(:status) { Fabricate(:status, account: account, visibility: :private) }
context 'when user is authorized to see it' do
before { remote_account.follow!(account) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object successfully' do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
end
context 'when status is direct' do
let(:status) { Fabricate(:status, account: account, visibility: :direct) }
context 'when user is authorized to see it' do
before { Fabricate(:mention, account: remote_account, status: status) }
context 'with HTML' do
let(:format) { 'html' }
it 'renders status successfully', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Link' => include('activity+json')
)
expect(response.body)
.to include(status.text)
end
end
context 'with JSON' do
let(:format) { 'json' }
it 'renders ActivityPub Note object', :aggregate_failures do
subject
expect(response)
.to have_http_status(200)
expect(response.headers).to include(
'Vary' => 'Accept, Accept-Language, Cookie',
'Cache-Control' => include('private'),
'Content-Type' => include('application/activity+json'),
'Link' => include('activity+json')
)
expect(response.parsed_body)
.to include(content: include(status.text))
end
end
end
context 'when user is not authorized to see it' do
it 'returns http not found' do
subject
expect(response)
.to have_http_status(404)
end
end
end
end
end
end