2023-02-22 02:55:31 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-04-13 14:09:07 +03:00
|
|
|
require 'rails_helper'
|
|
|
|
|
2023-05-04 06:49:53 +03:00
|
|
|
describe WellKnown::WebfingerController do
|
2023-08-31 14:46:27 +03:00
|
|
|
include RoutingHelper
|
|
|
|
|
2017-04-13 14:09:07 +03:00
|
|
|
render_views
|
|
|
|
|
|
|
|
describe 'GET #show' do
|
2023-05-02 18:42:42 +03:00
|
|
|
subject(:perform_show!) do
|
2023-02-20 06:24:14 +02:00
|
|
|
get :show, params: { resource: resource }, format: :json
|
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
let(:alternate_domains) { [] }
|
|
|
|
let(:alice) { Fabricate(:account, username: 'alice') }
|
|
|
|
let(:resource) { nil }
|
|
|
|
|
|
|
|
around(:each) do |example|
|
|
|
|
tmp = Rails.configuration.x.alternate_domains
|
|
|
|
Rails.configuration.x.alternate_domains = alternate_domains
|
|
|
|
example.run
|
|
|
|
Rails.configuration.x.alternate_domains = tmp
|
2017-05-29 19:04:37 +03:00
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
shared_examples 'a successful response' do
|
|
|
|
it 'returns http success' do
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end
|
|
|
|
|
2021-07-03 22:13:47 +03:00
|
|
|
it 'does not set a Vary header' do
|
|
|
|
expect(response.headers['Vary']).to be_nil
|
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
it 'returns application/jrd+json' do
|
2021-03-17 11:09:55 +02:00
|
|
|
expect(response.media_type).to eq 'application/jrd+json'
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns links for the account' do
|
|
|
|
json = body_as_json
|
|
|
|
expect(json[:subject]).to eq 'acct:alice@cb6e6126.ngrok.io'
|
|
|
|
expect(json[:aliases]).to include('https://cb6e6126.ngrok.io/@alice', 'https://cb6e6126.ngrok.io/users/alice')
|
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'when an account exists' do
|
|
|
|
let(:resource) { alice.to_webfinger_s }
|
2017-04-13 14:09:07 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
before do
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
2017-07-15 04:01:39 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
it_behaves_like 'a successful response'
|
2017-05-29 19:04:37 +03:00
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'when an account is temporarily suspended' do
|
|
|
|
let(:resource) { alice.to_webfinger_s }
|
2017-04-13 14:09:07 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
before do
|
|
|
|
alice.suspend!
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'a successful response'
|
2017-04-13 14:09:07 +03:00
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'when an account is permanently suspended or deleted' do
|
|
|
|
let(:resource) { alice.to_webfinger_s }
|
|
|
|
|
|
|
|
before do
|
|
|
|
alice.suspend!
|
|
|
|
alice.deletion_request.destroy
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
it 'returns http gone' do
|
|
|
|
expect(response).to have_http_status(410)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when an account is not found' do
|
|
|
|
let(:resource) { 'acct:not@existing.com' }
|
2017-05-22 16:40:04 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
before do
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
2017-07-15 04:01:39 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
it 'returns http not found' do
|
|
|
|
expect(response).to have_http_status(404)
|
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'with an alternate domain' do
|
|
|
|
let(:alternate_domains) { ['foo.org'] }
|
|
|
|
|
|
|
|
before do
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when an account exists' do
|
|
|
|
let(:resource) do
|
|
|
|
username, = alice.to_webfinger_s.split('@')
|
|
|
|
"#{username}@foo.org"
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'a successful response'
|
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'when the domain is wrong' do
|
|
|
|
let(:resource) do
|
|
|
|
username, = alice.to_webfinger_s.split('@')
|
|
|
|
"#{username}@bar.org"
|
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
it 'returns http not found' do
|
|
|
|
expect(response).to have_http_status(404)
|
|
|
|
end
|
|
|
|
end
|
2017-05-22 16:40:04 +03:00
|
|
|
end
|
2020-05-15 00:28:06 +03:00
|
|
|
|
2023-05-02 18:42:42 +03:00
|
|
|
context 'when the old name scheme is used to query the instance actor' do
|
|
|
|
let(:resource) do
|
|
|
|
"#{Rails.configuration.x.local_domain}@#{Rails.configuration.x.local_domain}"
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
perform_show!
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http success' do
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not set a Vary header' do
|
|
|
|
expect(response.headers['Vary']).to be_nil
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns application/jrd+json' do
|
|
|
|
expect(response.media_type).to eq 'application/jrd+json'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns links for the internal account' do
|
|
|
|
json = body_as_json
|
|
|
|
expect(json[:subject]).to eq 'acct:mastodon.internal@cb6e6126.ngrok.io'
|
|
|
|
expect(json[:aliases]).to eq ['https://cb6e6126.ngrok.io/actor']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'with no resource parameter' do
|
|
|
|
let(:resource) { nil }
|
|
|
|
|
|
|
|
before do
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http bad request' do
|
|
|
|
expect(response).to have_http_status(400)
|
|
|
|
end
|
2020-05-15 00:28:06 +03:00
|
|
|
end
|
|
|
|
|
2020-11-08 01:28:39 +02:00
|
|
|
context 'with a nonsense parameter' do
|
|
|
|
let(:resource) { 'df/:dfkj' }
|
|
|
|
|
|
|
|
before do
|
2023-05-02 18:42:42 +03:00
|
|
|
perform_show!
|
2020-11-08 01:28:39 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http bad request' do
|
|
|
|
expect(response).to have_http_status(400)
|
|
|
|
end
|
2020-05-15 00:28:06 +03:00
|
|
|
end
|
2023-08-31 14:46:27 +03:00
|
|
|
|
|
|
|
context 'when an account has an avatar' do
|
|
|
|
let(:alice) { Fabricate(:account, username: 'alice', avatar: attachment_fixture('attachment.jpg')) }
|
|
|
|
let(:resource) { alice.to_webfinger_s }
|
|
|
|
|
|
|
|
it 'returns avatar in response' do
|
|
|
|
perform_show!
|
|
|
|
|
|
|
|
avatar_link = get_avatar_link(body_as_json)
|
|
|
|
expect(avatar_link).to_not be_nil
|
|
|
|
expect(avatar_link[:type]).to eq alice.avatar.content_type
|
|
|
|
expect(avatar_link[:href]).to eq full_asset_url(alice.avatar)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with limited federation mode' do
|
|
|
|
before do
|
|
|
|
allow(Rails.configuration.x).to receive(:limited_federation_mode).and_return(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not return avatar in response' do
|
|
|
|
perform_show!
|
|
|
|
|
|
|
|
avatar_link = get_avatar_link(body_as_json)
|
|
|
|
expect(avatar_link).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
|
|
|
|
around do |example|
|
|
|
|
ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
|
|
|
|
example.run
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not return avatar in response' do
|
|
|
|
perform_show!
|
|
|
|
|
|
|
|
avatar_link = get_avatar_link(body_as_json)
|
|
|
|
expect(avatar_link).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when an account does not have an avatar' do
|
|
|
|
let(:alice) { Fabricate(:account, username: 'alice', avatar: nil) }
|
|
|
|
let(:resource) { alice.to_webfinger_s }
|
|
|
|
|
|
|
|
before do
|
|
|
|
perform_show!
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not return avatar in response' do
|
|
|
|
avatar_link = get_avatar_link(body_as_json)
|
|
|
|
expect(avatar_link).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def get_avatar_link(json)
|
|
|
|
json[:links].find { |link| link[:rel] == 'http://webfinger.net/rel/avatar' }
|
2017-04-13 14:09:07 +03:00
|
|
|
end
|
|
|
|
end
|