MetuFSS
/
metu.life
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove API authentication for public statuses (after review) (#1919)

Browse Source
master
happycoloredbanana 7 years ago committed by Eugen
parent 3ed219f907
commit 0a7588282a
2 changed files with 236 additions and 121 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      app/controllers/api/v1/statuses_controller.rb
  2. 350
      spec/controllers/api/v1/statuses_controller_spec.rb

7
app/controllers/api/v1/statuses_controller.rb
Unescape View File

@ -1,7 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
class Api::V1::StatusesController < ApiController class Api::V1::StatusesController < ApiController
before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] before_action :authorize_if_got_token, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
before_action -> { doorkeeper_authorize! :write }, only: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] before_action -> { doorkeeper_authorize! :write }, only: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
before_action :require_user!, except: [:show, :context, :card, :reblogged_by, :favourited_by] before_action :require_user!, except: [:show, :context, :card, :reblogged_by, :favourited_by]
before_action :set_status, only: [:show, :context, :card, :reblogged_by, :favourited_by] before_action :set_status, only: [:show, :context, :card, :reblogged_by, :favourited_by]
@ -114,4 +114,9 @@ class Api::V1::StatusesController < ApiController
def pagination_params(core_params) def pagination_params(core_params)
params.permit(:limit).merge(core_params) params.permit(:limit).merge(core_params)
end end
def authorize_if_got_token
request_token = Doorkeeper::OAuth::Token.from_request(request, *Doorkeeper.configuration.access_token_methods)
doorkeeper_authorize! :read if request_token
end
end end

350
spec/controllers/api/v1/statuses_controller_spec.rb
Unescape View File

@ -7,179 +7,289 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') } let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
let(:token) { double acceptable?: true, resource_owner_id: user.id, application: app } let(:token) { double acceptable?: true, resource_owner_id: user.id, application: app }
before do context 'with an oauth token' do
allow(controller).to receive(:doorkeeper_token) { token } before do
end allow(controller).to receive(:doorkeeper_token) { token }
end
describe 'GET #show' do describe 'GET #show' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
it 'returns http success' do it 'returns http success' do
get :show, params: { id: status.id } get :show, params: { id: status.id }
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end
end end
end
describe 'GET #context' do describe 'GET #context' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
Fabricate(:status, account: user.account, thread: status) Fabricate(:status, account: user.account, thread: status)
end end
it 'returns http success' do it 'returns http success' do
get :context, params: { id: status.id } get :context, params: { id: status.id }
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end
end end
end
describe 'GET #reblogged_by' do describe 'GET #reblogged_by' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :reblog, params: { id: status.id } post :reblog, params: { id: status.id }
end end
it 'returns http success' do it 'returns http success' do
get :reblogged_by, params: { id: status.id } get :reblogged_by, params: { id: status.id }
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end
end end
end
describe 'GET #favourited_by' do describe 'GET #favourited_by' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :favourite, params: { id: status.id } post :favourite, params: { id: status.id }
end end
it 'returns http success' do it 'returns http success' do
get :favourited_by, params: { id: status.id } get :favourited_by, params: { id: status.id }
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end
end end
end
describe 'POST #create' do describe 'POST #create' do
before do before do
post :create, params: { status: 'Hello world' } post :create, params: { status: 'Hello world' }
end end
it 'returns http success' do it 'returns http success' do
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end
end end
end
describe 'DELETE #destroy' do describe 'DELETE #destroy' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :destroy, params: { id: status.id } post :destroy, params: { id: status.id }
end end
it 'returns http success' do it 'returns http success' do
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end end
it 'removes the status' do it 'removes the status' do
expect(Status.find_by(id: status.id)).to be nil expect(Status.find_by(id: status.id)).to be nil
end
end end
end
describe 'POST #reblog' do describe 'POST #reblog' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :reblog, params: { id: status.id } post :reblog, params: { id: status.id }
end end
it 'returns http success' do it 'returns http success' do
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end end
it 'updates the reblogs count' do it 'updates the reblogs count' do
expect(status.reblogs.count).to eq 1 expect(status.reblogs.count).to eq 1
end end
it 'updates the reblogged attribute' do it 'updates the reblogged attribute' do
expect(user.account.reblogged?(status)).to be true expect(user.account.reblogged?(status)).to be true
end end
it 'return json with updated attributes' do it 'return json with updated attributes' do
hash_body = body_as_json hash_body = body_as_json
expect(hash_body[:reblog][:id]).to eq status.id expect(hash_body[:reblog][:id]).to eq status.id
expect(hash_body[:reblog][:reblogs_count]).to eq 1 expect(hash_body[:reblog][:reblogs_count]).to eq 1
expect(hash_body[:reblog][:reblogged]).to be true expect(hash_body[:reblog][:reblogged]).to be true
end
end end
end
describe 'POST #unreblog' do describe 'POST #unreblog' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :reblog, params: { id: status.id } post :reblog, params: { id: status.id }
post :unreblog, params: { id: status.id } post :unreblog, params: { id: status.id }
end end
it 'returns http success' do it 'returns http success' do
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end end
it 'updates the reblogs count' do it 'updates the reblogs count' do
expect(status.reblogs.count).to eq 0 expect(status.reblogs.count).to eq 0
end end
it 'updates the reblogged attribute' do it 'updates the reblogged attribute' do
expect(user.account.reblogged?(status)).to be false expect(user.account.reblogged?(status)).to be false
end
end end
end
describe 'POST #favourite' do describe 'POST #favourite' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :favourite, params: { id: status.id } post :favourite, params: { id: status.id }
end end
it 'returns http success' do it 'returns http success' do
expect(response).to have_http_status(:success) expect(response).to have_http_status(:success)
end end
it 'updates the favourites count' do it 'updates the favourites count' do
expect(status.favourites.count).to eq 1 expect(status.favourites.count).to eq 1
end end
it 'updates the favourited attribute' do it 'updates the favourited attribute' do
expect(user.account.favourited?(status)).to be true expect(user.account.favourited?(status)).to be true
end end
it 'return json with updated attributes' do it 'return json with updated attributes' do
hash_body = body_as_json hash_body = body_as_json
expect(hash_body[:id]).to eq status.id expect(hash_body[:id]).to eq status.id
expect(hash_body[:favourites_count]).to eq 1 expect(hash_body[:favourites_count]).to eq 1
expect(hash_body[:favourited]).to be true expect(hash_body[:favourited]).to be true
end
end end
end
describe 'POST #unfavourite' do describe 'POST #unfavourite' do
let(:status) { Fabricate(:status, account: user.account) } let(:status) { Fabricate(:status, account: user.account) }
before do before do
post :favourite, params: { id: status.id } post :favourite, params: { id: status.id }
post :unfavourite, params: { id: status.id } post :unfavourite, params: { id: status.id }
end
it 'returns http success' do
expect(response).to have_http_status(:success)
end
it 'updates the favourites count' do
expect(status.favourites.count).to eq 0
end
it 'updates the favourited attribute' do
expect(user.account.favourited?(status)).to be false
end
end end
end
it 'returns http success' do context 'without an oauth token' do
expect(response).to have_http_status(:success) before do
allow(controller).to receive(:doorkeeper_token) { nil }
end end
it 'updates the favourites count' do context 'with a private status' do
expect(status.favourites.count).to eq 0 let(:status) { Fabricate(:status, account: user.account, visibility: :private) }
describe 'GET #show' do
it 'returns http unautharized' do
get :show, params: { id: status.id }
expect(response).to have_http_status(:missing)
end
end
describe 'GET #context' do
before do
Fabricate(:status, account: user.account, thread: status)
end
it 'returns http unautharized' do
get :context, params: { id: status.id }
expect(response).to have_http_status(:missing)
end
end
describe 'GET #card' do
it 'returns http unautharized' do
get :card, params: { id: status.id }
expect(response).to have_http_status(:missing)
end
end
describe 'GET #reblogged_by' do
before do
post :reblog, params: { id: status.id }
end
it 'returns http unautharized' do
get :reblogged_by, params: { id: status.id }
expect(response).to have_http_status(:missing)
end
end
describe 'GET #favourited_by' do
before do
post :favourite, params: { id: status.id }
end
it 'returns http unautharized' do
get :favourited_by, params: { id: status.id }
expect(response).to have_http_status(:missing)
end
end
end end
it 'updates the favourited attribute' do context 'with a public status' do
expect(user.account.favourited?(status)).to be false let(:status) { Fabricate(:status, account: user.account, visibility: :public) }
describe 'GET #show' do
it 'returns http success' do
get :show, params: { id: status.id }
expect(response).to have_http_status(:success)
end
end
describe 'GET #context' do
before do
Fabricate(:status, account: user.account, thread: status)
end
it 'returns http success' do
get :context, params: { id: status.id }
expect(response).to have_http_status(:success)
end
end
describe 'GET #card' do
it 'returns http success' do
get :card, params: { id: status.id }
expect(response).to have_http_status(:success)
end
end
describe 'GET #reblogged_by' do
before do
post :reblog, params: { id: status.id }
end
it 'returns http success' do
get :reblogged_by, params: { id: status.id }
expect(response).to have_http_status(:success)
end
end
describe 'GET #favourited_by' do
before do
post :favourite, params: { id: status.id }
end
it 'returns http success' do
get :favourited_by, params: { id: status.id }
expect(response).to have_http_status(:success)
end
end
end end
end end
end end

Write Preview
Loading…
Cancel
Save