Spec coverage for missing `q` param and error conditions in `api/v2/search` controller (#27842)

pull/2532/head
Matt Jankowski 2023-11-30 08:59:46 -05:00 committed by GitHub
parent a8473f582d
commit e7c340a634
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 75 additions and 4 deletions

View File

@ -8,6 +8,11 @@ class Api::V2::SearchController < Api::BaseController
before_action -> { authorize_if_got_token! :read, :'read:search' } before_action -> { authorize_if_got_token! :read, :'read:search' }
before_action :validate_search_params! before_action :validate_search_params!
with_options unless: :user_signed_in? do
before_action :query_pagination_error, if: :pagination_requested?
before_action :remote_resolve_error, if: :remote_resolve_requested?
end
def index def index
@search = Search.new(search_results) @search = Search.new(search_results)
render json: @search, serializer: REST::SearchSerializer render json: @search, serializer: REST::SearchSerializer
@ -21,12 +26,22 @@ class Api::V2::SearchController < Api::BaseController
def validate_search_params! def validate_search_params!
params.require(:q) params.require(:q)
end
return if user_signed_in? def query_pagination_error
render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401
end
return render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401 if params[:offset].present? def remote_resolve_error
render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401
end
render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401 if truthy_param?(:resolve) def remote_resolve_requested?
truthy_param?(:resolve)
end
def pagination_requested?
params[:offset].present?
end end
def search_results def search_results
@ -34,7 +49,15 @@ class Api::V2::SearchController < Api::BaseController
params[:q], params[:q],
current_account, current_account,
limit_param(RESULTS_LIMIT), limit_param(RESULTS_LIMIT),
search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed), following: truthy_param?(:following)) combined_search_params
)
end
def combined_search_params
search_params.merge(
resolve: truthy_param?(:resolve),
exclude_unreviewed: truthy_param?(:exclude_unreviewed),
following: truthy_param?(:following)
) )
end end

View File

@ -34,6 +34,26 @@ RSpec.describe Api::V2::SearchController do
expect(body_as_json[:accounts].pluck(:id)).to contain_exactly(bob.id.to_s, ana.id.to_s, tom.id.to_s) expect(body_as_json[:accounts].pluck(:id)).to contain_exactly(bob.id.to_s, ana.id.to_s, tom.id.to_s)
end end
context 'with truthy `resolve`' do
let(:params) { { q: 'test1', resolve: '1' } }
it 'returns http unauthorized' do
get :index, params: params
expect(response).to have_http_status(200)
end
end
context 'with `offset`' do
let(:params) { { q: 'test1', offset: 1 } }
it 'returns http unauthorized' do
get :index, params: params
expect(response).to have_http_status(200)
end
end
context 'with following=true' do context 'with following=true' do
let(:params) { { q: 'test', type: 'accounts', following: 'true' } } let(:params) { { q: 'test', type: 'accounts', following: 'true' } }
@ -48,6 +68,26 @@ RSpec.describe Api::V2::SearchController do
end end
end end
end end
context 'when search raises syntax error' do
before { allow(Search).to receive(:new).and_raise(Mastodon::SyntaxError) }
it 'returns http unprocessable_entity' do
get :index, params: params
expect(response).to have_http_status(422)
end
end
context 'when search raises not found error' do
before { allow(Search).to receive(:new).and_raise(ActiveRecord::RecordNotFound) }
it 'returns http not_found' do
get :index, params: params
expect(response).to have_http_status(404)
end
end
end end
end end
@ -59,6 +99,12 @@ RSpec.describe Api::V2::SearchController do
get :index, params: search_params get :index, params: search_params
end end
context 'without a `q` param' do
it 'returns http bad_request' do
expect(response).to have_http_status(400)
end
end
context 'with a `q` shorter than 5 characters' do context 'with a `q` shorter than 5 characters' do
let(:search_params) { { q: 'test' } } let(:search_params) { { q: 'test' } }
@ -79,6 +125,7 @@ RSpec.describe Api::V2::SearchController do
it 'returns http unauthorized' do it 'returns http unauthorized' do
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
expect(response.body).to match('resolve remote resources')
end end
end end
@ -87,6 +134,7 @@ RSpec.describe Api::V2::SearchController do
it 'returns http unauthorized' do it 'returns http unauthorized' do
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
expect(response.body).to match('pagination is not supported')
end end
end end
end end