Move `api/v2/admin/accounts` to request spec (#28950)

main-rebase-security-fix
Matt Jankowski 2024-01-26 12:41:13 -05:00 committed by GitHub
parent 7adcc0aae3
commit b6baab447d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 8 deletions

View File

@ -2,19 +2,14 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe Api::V2::Admin::AccountsController do RSpec.describe 'API V2 Admin Accounts' do
render_views
let(:role) { UserRole.find_by(name: 'Moderator') } let(:role) { UserRole.find_by(name: 'Moderator') }
let(:user) { Fabricate(:user, role: role) } let(:user) { Fabricate(:user, role: role) }
let(:scopes) { 'admin:read admin:write' } let(:scopes) { 'admin:read admin:write' }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
let(:account) { Fabricate(:account) } let(:account) { Fabricate(:account) }
before do
allow(controller).to receive(:doorkeeper_token) { token }
end
describe 'GET #index' do describe 'GET #index' do
let!(:remote_account) { Fabricate(:account, domain: 'example.org') } let!(:remote_account) { Fabricate(:account, domain: 'example.org') }
let!(:other_remote_account) { Fabricate(:account, domain: 'foo.bar') } let!(:other_remote_account) { Fabricate(:account, domain: 'foo.bar') }
@ -28,7 +23,8 @@ RSpec.describe Api::V2::Admin::AccountsController do
before do before do
pending_account.user.update(approved: false) pending_account.user.update(approved: false)
get :index, params: params
get '/api/v2/admin/accounts', params: params, headers: headers
end end
it_behaves_like 'forbidden for wrong scope', 'write:statuses' it_behaves_like 'forbidden for wrong scope', 'write:statuses'