Merge commit '591df1f205c654381203b56d46498efc62370776' into glitch-soc/merge-upstream

spec/requests/activitypub/quote_authorizations_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'ActivityPub QuoteAuthorization endpoint' do
+  let(:account) { Fabricate(:account, domain: nil) }
+  let(:status) { Fabricate :status, account: account }
+  let(:quote) { Fabricate(:quote, quoted_status: status, state: :accepted) }
+
+  before { Fabricate :favourite, status: status }
+
+  describe 'GET /accounts/:account_username/quote_authorizations/:quote_id' do
+    context 'with an accepted quote' do
+      it 'returns http success and activity json' do
+        get account_quote_authorization_url(quote.quoted_account, quote)
+
+        expect(response)
+          .to have_http_status(200)
+        expect(response.media_type)
+          .to eq 'application/activity+json'
+
+        expect(response.parsed_body)
+          .to include(type: 'QuoteAuthorization')
+      end
+    end
+
+    context 'with an incorrect quote authorization URL' do
+      it 'returns http not found' do
+        get account_quote_authorization_url(quote.account, quote)
+
+        expect(response)
+          .to have_http_status(404)
+      end
+    end
+
+    context 'with a rejected quote' do
+      before do
+        quote.reject!
+      end
+
+      it 'returns http not found' do
+        get account_quote_authorization_url(quote.quoted_account, quote)
+
+        expect(response)
+          .to have_http_status(404)
+      end
+    end
+  end
+end

spec/requests/api/v1/statuses/quotes_spec.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'API V1 Statuses Quotes' do
+  let(:user) { Fabricate(:user) }
+  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
+
+  describe 'GET /api/v1/statuses/:status_id/quotes' do
+    subject do
+      get "/api/v1/statuses/#{status.id}/quotes", headers: headers, params: { limit: 2 }
+    end
+
+    let(:scopes) { 'read:statuses' }
+
+    let(:status) { Fabricate(:status, account: user.account) }
+    let!(:accepted_quote) { Fabricate(:quote, quoted_status: status, state: :accepted) }
+    let!(:rejected_quote) { Fabricate(:quote, quoted_status: status, state: :rejected) }
+    let!(:pending_quote) { Fabricate(:quote, quoted_status: status, state: :pending) }
+    let!(:another_accepted_quote) { Fabricate(:quote, quoted_status: status, state: :accepted) }
+
+    context 'with an OAuth token' do
+      let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
+
+      it_behaves_like 'forbidden for wrong scope', 'write write:statuses'
+
+      it 'returns http success and statuses quoting this post' do
+        subject
+
+        expect(response)
+          .to have_http_status(200)
+          .and include_pagination_headers(
+            prev: api_v1_status_quotes_url(limit: 2, since_id: another_accepted_quote.id),
+            next: api_v1_status_quotes_url(limit: 2, max_id: accepted_quote.id)
+          )
+        expect(response.content_type)
+          .to start_with('application/json')
+
+        expect(response.parsed_body)
+          .to contain_exactly(
+            include(id: accepted_quote.status.id.to_s),
+            include(id: another_accepted_quote.status.id.to_s)
+          )
+
+        expect(response.parsed_body)
+          .to_not include(
+            include(id: rejected_quote.status.id.to_s),
+            include(id: pending_quote.status.id.to_s)
+          )
+      end
+
+      context 'with a different user than the post owner' do
+        let(:status) { Fabricate(:status) }
+
+        it 'returns http forbidden' do
+          subject
+
+          expect(response).to have_http_status(403)
+          expect(response.content_type)
+            .to start_with('application/json')
+        end
+      end
+    end
+
+    context 'without an OAuth token' do
+      let(:headers) { {} }
+
+      it 'returns http unauthorized' do
+        subject
+
+        expect(response).to have_http_status(401)
+        expect(response.content_type)
+          .to start_with('application/json')
+      end
+    end
+  end
+
+  describe 'POST /api/v1/statuses/:status_id/quotes/:id/revoke' do
+    subject do
+      post "/api/v1/statuses/#{status.id}/quotes/#{quote.status.id}/revoke", headers: headers
+    end
+
+    let(:scopes) { 'write:statuses' }
+
+    let(:status) { Fabricate(:status, account: user.account) }
+    let!(:quote) { Fabricate(:quote, quoted_status: status, state: :accepted) }
+
+    context 'with an OAuth token' do
+      let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
+
+      it_behaves_like 'forbidden for wrong scope', 'read read:statuses'
+
+      context 'with a different user than the post owner' do
+        let(:status) { Fabricate(:status) }
+
+        it 'returns http forbidden' do
+          subject
+
+          expect(response).to have_http_status(403)
+          expect(response.content_type)
+            .to start_with('application/json')
+        end
+      end
+
+      it 'revokes the quote and returns HTTP success' do
+        expect { subject }
+          .to change { quote.reload.state }.from('accepted').to('revoked')
+
+        expect(response)
+          .to have_http_status(200)
+      end
+    end
+
+    context 'without an OAuth token' do
+      let(:headers) { {} }
+
+      it 'returns http unauthorized' do
+        subject
+
+        expect(response).to have_http_status(401)
+        expect(response.content_type)
+          .to start_with('application/json')
+      end
+    end
+  end
+end