Claire f09f5b35f2 Merge commit 'd97d31cce664281d868e4c661451687a301c97c8' into glitch-soc/merge-upstream
Conflicts:
- `app/models/account.rb`:
  Upstream refactored this file a bit, moving validation limits to constants.
  We already had a similar change, although with different constant names.
  Updated to match upstream's code.

The following files were also modified accordingly:
- `app/views/settings/profiles/show.html.haml`
- `spec/requests/api/v1/accounts/credentials_spec.rb`
2024-05-04 16:12:51 +02:00

127 lines
3.3 KiB
Ruby

# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'credentials API' do
let(:user) { Fabricate(:user, account_attributes: { discoverable: false, locked: true, indexable: false }) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:scopes) { 'read:accounts write:accounts' }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v1/accounts/verify_credentials' do
subject do
get '/api/v1/accounts/verify_credentials', headers: headers
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts'
it 'returns http success with expected content' do
subject
expect(response)
.to have_http_status(200)
expect(body_as_json).to include({
source: hash_including({
discoverable: false,
indexable: false,
}),
locked: true,
})
end
describe 'allows the read:me scope' do
let(:scopes) { 'read:me' }
it 'returns the response successfully' do
subject
expect(response).to have_http_status(200)
expect(body_as_json).to include({
locked: true,
})
end
end
end
describe 'PATCH /api/v1/accounts/update_credentials' do
subject do
patch '/api/v1/accounts/update_credentials', headers: headers, params: params
end
before { allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async) }
let(:params) do
{
avatar: fixture_file_upload('avatar.gif', 'image/gif'),
discoverable: true,
display_name: "Alice Isn't Dead",
header: fixture_file_upload('attachment.jpg', 'image/jpeg'),
indexable: true,
locked: false,
note: 'Hello!',
source: {
privacy: 'unlisted',
sensitive: true,
},
}
end
it_behaves_like 'forbidden for wrong scope', 'read read:accounts'
describe 'with empty source list' do
let(:params) { { display_name: "I'm a cat", source: {} } }
it 'returns http success' do
subject
expect(response).to have_http_status(200)
end
end
describe 'with invalid data' do
let(:params) { { note: "This is too long. #{'a' * Account::NOTE_LENGTH_LIMIT}" } }
it 'returns http unprocessable entity' do
subject
expect(response).to have_http_status(422)
end
end
it 'returns http success with updated JSON attributes' do
subject
expect(response)
.to have_http_status(200)
expect(body_as_json).to include({
source: hash_including({
discoverable: true,
indexable: true,
}),
locked: false,
})
expect(ActivityPub::UpdateDistributionWorker)
.to have_received(:perform_async).with(user.account_id)
end
def expect_account_updates
expect(user.account.reload)
.to have_attributes(
display_name: eq("Alice Isn't Dead"),
note: 'Hello!',
avatar: exist,
header: exist
)
end
def expect_user_updates
expect(user.reload)
.to have_attributes(
setting_default_privacy: eq('unlisted'),
setting_default_sensitive: be(true)
)
end
end
end