berserker
/
microblog
2
0
Fork 1
Code Issues 12 Pull Requests Projects Releases Wiki Activity

Migrate to request specs in `/api/v1/admin/accounts` (#25563)

Browse Source
local
Daniel M Brasil 7 months ago committed by GitHub
parent f5bc1f20e2
commit d9caa6ed24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 401 additions and 176 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .rubocop_todo.yml
  2. 174
      spec/controllers/api/v1/admin/accounts_controller_spec.rb
  3. 401
      spec/requests/api/v1/admin/accounts_spec.rb

2
.rubocop_todo.yml
Unescape View File

@ -178,7 +178,6 @@ RSpec/LetSetup:
- 'spec/controllers/admin/reports/actions_controller_spec.rb'
- 'spec/controllers/admin/statuses_controller_spec.rb'
- 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
- 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
- 'spec/controllers/api/v1/filters_controller_spec.rb'
- 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
- 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
@ -415,7 +414,6 @@ Rails/SkipsModelValidations:
- 'lib/mastodon/cli/accounts.rb'
- 'lib/mastodon/cli/main.rb'
- 'lib/mastodon/cli/maintenance.rb'
- 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
- 'spec/lib/activitypub/activity/follow_spec.rb'
- 'spec/services/follow_service_spec.rb'
- 'spec/services/update_account_service_spec.rb'

174
spec/controllers/api/v1/admin/accounts_controller_spec.rb
Unescape View File

@ -1,174 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe Api::V1::Admin::AccountsController do
render_views
let(:role) { UserRole.find_by(name: 'Moderator') }
let(:user) { Fabricate(:user, role: role) }
let(:scopes) { 'admin:read admin:write' }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:account) { Fabricate(:account) }
before do
allow(controller).to receive(:doorkeeper_token) { token }
end
describe 'GET #index' do
let!(:remote_account) { Fabricate(:account, domain: 'example.org') }
let!(:other_remote_account) { Fabricate(:account, domain: 'foo.bar') }
let!(:suspended_account) { Fabricate(:account, suspended: true) }
let!(:suspended_remote) { Fabricate(:account, domain: 'foo.bar', suspended: true) }
let!(:disabled_account) { Fabricate(:user, disabled: true).account }
let!(:pending_account) { Fabricate(:user, approved: false).account }
let!(:admin_account) { user.account }
let(:params) { {} }
before do
pending_account.user.update(approved: false)
get :index, params: params
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
[
[{ active: 'true', local: 'true', staff: 'true' }, [:admin_account]],
[{ by_domain: 'example.org', remote: 'true' }, [:remote_account]],
[{ suspended: 'true' }, [:suspended_account]],
[{ disabled: 'true' }, [:disabled_account]],
[{ pending: 'true' }, [:pending_account]],
].each do |params, expected_results|
context "when called with #{params.inspect}" do
let(:params) { params }
it "returns the correct accounts (#{expected_results.inspect})", :aggregate_failures do
expect(response).to have_http_status(200)
json = body_as_json
expect(json.map { |a| a[:id].to_i }).to eq(expected_results.map { |symbol| send(symbol).id })
end
end
end
end
describe 'GET #show' do
before do
get :show, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'returns http success' do
expect(response).to have_http_status(200)
end
end
describe 'POST #approve' do
before do
account.user.update(approved: false)
post :approve, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'approves user', :aggregate_failures do
expect(response).to have_http_status(200)
expect(account.reload.user_approved?).to be true
log_item = Admin::ActionLog.last
expect(log_item).to_not be_nil
expect(log_item.action).to eq :approve
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end
describe 'POST #reject' do
before do
account.user.update(approved: false)
post :reject, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'removes user', :aggregate_failures do
expect(response).to have_http_status(200)
expect(User.where(id: account.user.id).count).to eq 0
log_item = Admin::ActionLog.last
expect(log_item).to_not be_nil
expect(log_item.action).to eq :reject
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end
describe 'POST #enable' do
before do
account.user.update(disabled: true)
post :enable, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'enables user', :aggregate_failures do
expect(response).to have_http_status(200)
expect(account.reload.user_disabled?).to be false
end
end
describe 'POST #unsuspend' do
before do
account.suspend!
post :unsuspend, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'unsuspends account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(account.reload.suspended?).to be false
end
end
describe 'POST #unsensitive' do
before do
account.touch(:sensitized_at)
post :unsensitive, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'unsensitizes account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(account.reload.sensitized?).to be false
end
end
describe 'POST #unsilence' do
before do
account.touch(:silenced_at)
post :unsilence, params: { id: account.id }
end
it_behaves_like 'forbidden for wrong scope', 'write:statuses'
it_behaves_like 'forbidden for wrong role', ''
it 'unsilences account', :aggregate_failures do
expect(response).to have_http_status(200)
expect(account.reload.silenced?).to be false
end
end
end

401
spec/requests/api/v1/admin/accounts_spec.rb
Unescape View File

@ -0,0 +1,401 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Accounts' do
let(:role) { UserRole.find_by(name: 'Admin') }
let(:user) { Fabricate(:user, role: role) }
let(:scopes) { 'admin:read:accounts admin:write:accounts' }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe 'GET /api/v1/admin/accounts' do
subject do
get '/api/v1/admin/accounts', headers: headers, params: params
end
shared_examples 'a successful request' do
it 'returns the correct accounts', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json.pluck(:id)).to match_array(expected_results.map { |a| a.id.to_s })
end
end
let!(:remote_account) { Fabricate(:account, domain: 'example.org') }
let!(:suspended_account) { Fabricate(:account, suspended: true) }
let!(:disabled_account) { Fabricate(:user, disabled: true).account }
let!(:pending_account) { Fabricate(:user, approved: false).account }
let!(:admin_account) { user.account }
let(:params) { {} }
it_behaves_like 'forbidden for wrong scope', 'read read:accounts admin:write admin:write:accounts'
it_behaves_like 'forbidden for wrong role', ''
context 'when requesting active local staff accounts' do
let(:expected_results) { [admin_account] }
let(:params) { { active: 'true', local: 'true', staff: 'true' } }
it_behaves_like 'a successful request'
end
context 'when requesting remote accounts from a specified domain' do
let(:expected_results) { [remote_account] }
let(:params) { { by_domain: 'example.org', remote: 'true' } }
before do
Fabricate(:account, domain: 'foo.bar')
end
it_behaves_like 'a successful request'
end
context 'when requesting suspended accounts' do
let(:expected_results) { [suspended_account] }
let(:params) { { suspended: 'true' } }
before do
Fabricate(:account, domain: 'foo.bar', suspended: true)
end
it_behaves_like 'a successful request'
end
context 'when requesting disabled accounts' do
let(:expected_results) { [disabled_account] }
let(:params) { { disabled: 'true' } }
it_behaves_like 'a successful request'
end
context 'when requesting pending accounts' do
let(:expected_results) { [pending_account] }
let(:params) { { pending: 'true' } }
before do
pending_account.user.update(approved: false)
end
it_behaves_like 'a successful request'
end
context 'when no parameter is given' do
let(:expected_results) { [disabled_account, pending_account, admin_account] }
it_behaves_like 'a successful request'
end
context 'with limit param' do
let(:params) { { limit: 2 } }
it 'returns only the requested number of accounts', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json.size).to eq(params[:limit])
end
end
end
describe 'GET /api/v1/admin/accounts/:id' do
subject do
get "/api/v1/admin/accounts/#{account.id}", headers: headers
end
let(:account) { Fabricate(:account) }
it_behaves_like 'forbidden for wrong scope', 'read read:accounts admin:write admin:write:accounts'
it_behaves_like 'forbidden for wrong role', ''
it 'returns the requested account successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(body_as_json).to match(
a_hash_including(id: account.id.to_s, username: account.username, email: account.user.email)
)
end
context 'when the account is not found' do
it 'returns http not found' do
get '/api/v1/admin/accounts/-1', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v1/admin/accounts/:id/approve' do
subject do
post "/api/v1/admin/accounts/#{account.id}/approve", headers: headers
end
let(:account) { Fabricate(:account) }
context 'when the account is pending' do
before do
account.user.update(approved: false)
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'approves the user successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(account.reload.user_approved?).to be(true)
end
it 'logs action', :aggregate_failures do
subject
log_item = Admin::ActionLog.last
expect(log_item).to be_present
expect(log_item.action).to eq :approve
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end
context 'when the account is already approved' do
it 'returns http forbidden' do
subject
expect(response).to have_http_status(403)
end
end
context 'when the account is not found' do
it 'returns http not found' do
post '/api/v1/admin/accounts/-1/approve', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v1/admin/accounts/:id/reject' do
subject do
post "/api/v1/admin/accounts/#{account.id}/reject", headers: headers
end
let(:account) { Fabricate(:account) }
context 'when the account is pending' do
before do
account.user.update(approved: false)
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'removes the user successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(User.where(id: account.user.id)).to_not exist
end
it 'logs action', :aggregate_failures do
subject
log_item = Admin::ActionLog.last
expect(log_item).to be_present
expect(log_item.action).to eq :reject
expect(log_item.account_id).to eq user.account_id
expect(log_item.target_id).to eq account.user.id
end
end
context 'when account is already approved' do
it 'returns http forbidden' do
subject
expect(response).to have_http_status(403)
end
end
context 'when the account is not found' do
it 'returns http not found' do
post '/api/v1/admin/accounts/-1/reject', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v1/admin/accounts/:id/enable' do
subject do
post "/api/v1/admin/accounts/#{account.id}/enable", headers: headers
end
let(:account) { Fabricate(:account) }
before do
account.user.update(disabled: true)
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'enables the user successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(account.reload.user_disabled?).to be false
end
context 'when the account is not found' do
it 'returns http not found' do
post '/api/v1/admin/accounts/-1/enable', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v1/admin/accounts/:id/unsuspend' do
subject do
post "/api/v1/admin/accounts/#{account.id}/unsuspend", headers: headers
end
let(:account) { Fabricate(:account) }
context 'when the account is suspended' do
before do
account.suspend!
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'unsuspends the account successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(account.reload.suspended?).to be false
end
end
context 'when the account is not suspended' do
it 'returns http forbidden' do
subject
expect(response).to have_http_status(403)
end
end
context 'when the account is not found' do
it 'returns http not found' do
post '/api/v1/admin/accounts/-1/unsuspend', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v1/admin/accounts/:id/unsensitive' do
subject do
post "/api/v1/admin/accounts/#{account.id}/unsensitive", headers: headers
end
let(:account) { Fabricate(:account) }
before do
account.update(sensitized_at: 10.days.ago)
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'unsensitizes the account successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(account.reload.sensitized?).to be false
end
context 'when the account is not found' do
it 'returns http not found' do
post '/api/v1/admin/accounts/-1/unsensitive', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'POST /api/v1/admin/accounts/:id/unsilence' do
subject do
post "/api/v1/admin/accounts/#{account.id}/unsilence", headers: headers
end
let(:account) { Fabricate(:account) }
before do
account.update(silenced_at: 3.days.ago)
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'unsilences the account successfully', :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(account.reload.silenced?).to be false
end
context 'when the account is not found' do
it 'returns http not found' do
post '/api/v1/admin/accounts/-1/unsilence', headers: headers
expect(response).to have_http_status(404)
end
end
end
describe 'DELETE /api/v1/admin/accounts/:id' do
subject do
delete "/api/v1/admin/accounts/#{account.id}", headers: headers
end
let(:account) { Fabricate(:account) }
context 'when account is suspended' do
before do
account.suspend!
end
it_behaves_like 'forbidden for wrong scope', 'write write:accounts read admin:read'
it_behaves_like 'forbidden for wrong role', ''
it 'deletes the account successfully', :aggregate_failures do
allow(Admin::AccountDeletionWorker).to receive(:perform_async)
subject
expect(response).to have_http_status(200)
expect(Admin::AccountDeletionWorker).to have_received(:perform_async).with(account.id).once
end
end
context 'when account is not suspended' do
it 'returns http forbidden' do
subject
expect(response).to have_http_status(403)
end
end
context 'when the account is not found' do
it 'returns http not found' do
delete '/api/v1/admin/accounts/-1', headers: headers
expect(response).to have_http_status(404)
end
end
end
end
Write Preview
Loading…
Cancel
Save