From fbea3a64cc57ad51dd8bb71a26b303413655686b Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Tue, 18 Feb 2025 06:43:49 -0500 Subject: [PATCH] Convert `statuses` spec controller->system/request (#33921) --- spec/controllers/statuses_controller_spec.rb | 192 ------------------- spec/requests/statuses_spec.rb | 166 +++++++++++++++- spec/system/statuses_spec.rb | 15 ++ 3 files changed, 179 insertions(+), 194 deletions(-) delete mode 100644 spec/controllers/statuses_controller_spec.rb create mode 100644 spec/system/statuses_spec.rb diff --git a/spec/controllers/statuses_controller_spec.rb b/spec/controllers/statuses_controller_spec.rb deleted file mode 100644 index 9f45afe693..0000000000 --- a/spec/controllers/statuses_controller_spec.rb +++ /dev/null @@ -1,192 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -RSpec.describe StatusesController do - render_views - - describe 'GET #show' do - let(:account) { Fabricate(:account) } - let(:status) { Fabricate(:status, account: account) } - - context 'when signed-in' do - let(:user) { Fabricate(:user) } - - before do - sign_in(user) - end - - context 'when status is public' do - before do - get :show, params: { account_username: status.account.username, id: status.id, format: format } - end - - context 'with HTML' do - let(:format) { 'html' } - - it 'renders status successfully', :aggregate_failures do - expect(response) - .to have_http_status(200) - .and render_template(:show) - expect(response.headers).to include( - 'Vary' => 'Accept, Accept-Language, Cookie', - 'Cache-Control' => include('private'), - 'Link' => include('activity+json') - ) - expect(response.body).to include status.text - end - end - - context 'with JSON' do - let(:format) { 'json' } - - it 'renders ActivityPub Note object successfully', :aggregate_failures do - expect(response) - .to have_http_status(200) - expect(response.headers).to include( - 'Vary' => 'Accept, Accept-Language, Cookie', - 'Cache-Control' => include('private'), - 'Content-Type' => include('application/activity+json'), - 'Link' => include('activity+json') - ) - expect(response.parsed_body) - .to include(content: include(status.text)) - end - end - end - - context 'when status is private' do - let(:status) { Fabricate(:status, account: account, visibility: :private) } - - context 'when user is authorized to see it' do - before do - user.account.follow!(account) - get :show, params: { account_username: status.account.username, id: status.id, format: format } - end - - context 'with HTML' do - let(:format) { 'html' } - - it 'renders status successfully', :aggregate_failures do - expect(response) - .to have_http_status(200) - .and render_template(:show) - - expect(response.headers).to include( - 'Vary' => 'Accept, Accept-Language, Cookie', - 'Cache-Control' => include('private'), - 'Link' => include('activity+json') - ) - expect(response.body).to include status.text - end - end - - context 'with JSON' do - let(:format) { 'json' } - - it 'renders ActivityPub Note object successfully', :aggregate_failures do - expect(response) - .to have_http_status(200) - expect(response.headers).to include( - 'Vary' => 'Accept, Accept-Language, Cookie', - 'Cache-Control' => include('private'), - 'Content-Type' => include('application/activity+json'), - 'Link' => include('activity+json') - ) - expect(response.parsed_body) - .to include(content: include(status.text)) - end - end - end - - context 'when user is not authorized to see it' do - before do - get :show, params: { account_username: status.account.username, id: status.id, format: format } - end - - context 'with JSON' do - let(:format) { 'json' } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - - context 'with HTML' do - let(:format) { 'html' } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - end - - context 'when status is direct' do - let(:status) { Fabricate(:status, account: account, visibility: :direct) } - - context 'when user is authorized to see it' do - before do - Fabricate(:mention, account: user.account, status: status) - get :show, params: { account_username: status.account.username, id: status.id, format: format } - end - - context 'with HTML' do - let(:format) { 'html' } - - it 'renders status successfully', :aggregate_failures do - expect(response) - .to have_http_status(200) - .and render_template(:show) - expect(response.headers).to include( - 'Vary' => 'Accept, Accept-Language, Cookie', - 'Cache-Control' => include('private'), - 'Link' => include('activity+json') - ) - expect(response.body).to include status.text - end - end - - context 'with JSON' do - let(:format) { 'json' } - - it 'renders ActivityPub Note object successfully' do - expect(response) - .to have_http_status(200) - expect(response.headers).to include( - 'Vary' => 'Accept, Accept-Language, Cookie', - 'Cache-Control' => include('private'), - 'Content-Type' => include('application/activity+json'), - 'Link' => include('activity+json') - ) - expect(response.parsed_body) - .to include(content: include(status.text)) - end - end - end - - context 'when user is not authorized to see it' do - before do - get :show, params: { account_username: status.account.username, id: status.id, format: format } - end - - context 'with JSON' do - let(:format) { 'json' } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - - context 'with HTML' do - let(:format) { 'html' } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - end - end - end -end diff --git a/spec/requests/statuses_spec.rb b/spec/requests/statuses_spec.rb index e3bf15540a..a5e4482dfa 100644 --- a/spec/requests/statuses_spec.rb +++ b/spec/requests/statuses_spec.rb @@ -59,7 +59,6 @@ RSpec.describe 'Statuses' do expect(response) .to have_http_status(200) - .and render_template(:show) expect(response.headers).to include( 'Vary' => 'Accept, Accept-Language, Cookie', 'Cache-Control' => include('public'), @@ -114,9 +113,11 @@ RSpec.describe 'Statuses' do end context 'when signed in' do + subject { get short_account_status_path(account_username: account.username, id: status.id, format: format) } + let(:user) { Fabricate(:user) } - before { sign_in(user) } + before { sign_in_with_session(user) } context 'when account blocks user' do before { account.block!(user.account) } @@ -128,6 +129,167 @@ RSpec.describe 'Statuses' do .to have_http_status(404) end end + + context 'when status is public' do + context 'with HTML' do + let(:format) { 'html' } + + it 'renders status successfully', :aggregate_failures do + subject + + expect(response) + .to have_http_status(200) + expect(response.headers).to include( + 'Vary' => 'Accept, Accept-Language, Cookie', + 'Cache-Control' => include('private'), + 'Link' => include('activity+json') + ) + expect(response.body) + .to include(status.text) + end + end + + context 'with JSON' do + let(:format) { 'json' } + + it 'renders ActivityPub Note object successfully', :aggregate_failures do + subject + + expect(response) + .to have_http_status(200) + expect(response.headers).to include( + 'Vary' => 'Accept, Accept-Language, Cookie', + 'Cache-Control' => include('private'), + 'Content-Type' => include('application/activity+json'), + 'Link' => include('activity+json') + ) + expect(response.parsed_body) + .to include(content: include(status.text)) + end + end + end + + context 'when status is private' do + let(:status) { Fabricate(:status, account: account, visibility: :private) } + + context 'when user is authorized to see it' do + before { user.account.follow!(account) } + + context 'with HTML' do + let(:format) { 'html' } + + it 'renders status successfully', :aggregate_failures do + subject + + expect(response) + .to have_http_status(200) + + expect(response.headers).to include( + 'Vary' => 'Accept, Accept-Language, Cookie', + 'Cache-Control' => include('private'), + 'Link' => include('activity+json') + ) + expect(response.body) + .to include(status.text) + end + end + + context 'with JSON' do + let(:format) { 'json' } + + it 'renders ActivityPub Note object successfully', :aggregate_failures do + subject + + expect(response) + .to have_http_status(200) + expect(response.headers).to include( + 'Vary' => 'Accept, Accept-Language, Cookie', + 'Cache-Control' => include('private'), + 'Content-Type' => include('application/activity+json'), + 'Link' => include('activity+json') + ) + expect(response.parsed_body) + .to include(content: include(status.text)) + end + end + end + + context 'when user is not authorized to see it' do + let(:format) { 'html' } + + it 'returns http not found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + + context 'when status is direct' do + let(:status) { Fabricate(:status, account: account, visibility: :direct) } + + context 'when user is authorized to see it' do + before { Fabricate(:mention, account: user.account, status: status) } + + context 'with HTML' do + let(:format) { 'html' } + + it 'renders status successfully', :aggregate_failures do + subject + + expect(response) + .to have_http_status(200) + expect(response.headers).to include( + 'Vary' => 'Accept, Accept-Language, Cookie', + 'Cache-Control' => include('private'), + 'Link' => include('activity+json') + ) + expect(response.body) + .to include(status.text) + end + end + + context 'with JSON' do + let(:format) { 'json' } + + it 'renders ActivityPub Note object successfully' do + subject + + expect(response) + .to have_http_status(200) + expect(response.headers).to include( + 'Vary' => 'Accept, Accept-Language, Cookie', + 'Cache-Control' => include('private'), + 'Content-Type' => include('application/activity+json'), + 'Link' => include('activity+json') + ) + expect(response.parsed_body) + .to include(content: include(status.text)) + end + end + end + + context 'when user is not authorized to see it' do + let(:format) { 'html' } + + it 'returns http not found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + + private + + def sign_in_with_session(user) + # The regular `sign_in` helper does not actually set session cookies + # The endpoint responses here rely on cookie/session checks to set cache privacy headers + # To enable that, perform a full sign in which will establish those cookies for subsequent spec requests + post user_session_path, params: { user: { email: user.email, password: user.password } } + end end context 'with "HTTP Signature" access signed by a remote account' do diff --git a/spec/system/statuses_spec.rb b/spec/system/statuses_spec.rb new file mode 100644 index 0000000000..704cae03f2 --- /dev/null +++ b/spec/system/statuses_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Status page' do + let(:status) { Fabricate :status } + + it 'visits the status page and renders the web app' do + visit short_account_status_path(account_username: status.account.username, id: status.id) + + expect(page) + .to have_css('noscript', text: /Mastodon/) + .and have_css('body', class: 'app-body') + end +end