mastodon/spec/requests/api/v1/timelines/link_spec.rb

# frozen_string_literal: true

require 'rails_helper'

RSpec.describe 'Link' do
  let(:user)    { Fabricate(:user) }
  let(:scopes)  { 'read:statuses' }
  let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
  let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }

  shared_examples 'a successful request to the link timeline' do
    it 'returns the expected statuses successfully', :aggregate_failures do
      subject

      expect(response).to have_http_status(200)
      expect(body_as_json.pluck(:id)).to match_array(expected_statuses.map { |status| status.id.to_s })
    end
  end

  describe 'GET /api/v1/timelines/link' do
    subject do
      get '/api/v1/timelines/link', headers: headers, params: params
    end

    let(:url) { 'https://example.com/' }
    let(:private_status) { Fabricate(:status, visibility: :private) }
    let(:undiscoverable_status) { Fabricate(:status, account: Fabricate.build(:account, domain: nil, discoverable: false)) }
    let(:local_status) { Fabricate(:status, account: Fabricate.build(:account, domain: nil, discoverable: true)) }
    let(:remote_status) { Fabricate(:status, account: Fabricate.build(:account, domain: 'example.com', discoverable: true)) }
    let(:params) { { url: url } }
    let(:expected_statuses) { [local_status, remote_status] }
    let(:preview_card) { Fabricate(:preview_card, url: url) }

    before do
      if preview_card.present?
        preview_card.create_trend!(allowed: true)

        [private_status, undiscoverable_status, remote_status, local_status].each do |status|
          PreviewCardsStatus.create(status: status, preview_card: preview_card, url: url)
        end
      end
    end

    it_behaves_like 'forbidden for wrong scope', 'profile'

    context 'when there is no preview card' do
      let(:preview_card) { nil }

      it 'returns http not found' do
        subject

        expect(response).to have_http_status(404)
      end
    end

    context 'when preview card is not trending' do
      before do
        preview_card.trend.destroy!
      end

      it 'returns http not found' do
        subject

        expect(response).to have_http_status(404)
      end
    end

    context 'when preview card is trending but not approved' do
      before do
        preview_card.trend.update(allowed: false)
      end

      it 'returns http not found' do
        subject

        expect(response).to have_http_status(404)
      end
    end

    context 'when the instance does not allow public preview' do
      before do
        Form::AdminSettings.new(timeline_preview: false).save
      end

      it_behaves_like 'forbidden for wrong scope', 'profile'

      context 'without an authentication token' do
        let(:headers) { {} }

        it 'returns http unprocessable entity' do
          subject

          expect(response).to have_http_status(422)
        end
      end

      context 'with an application access token, not bound to a user' do
        let(:token) { Fabricate(:accessible_access_token, resource_owner_id: nil, scopes: scopes) }

        it 'returns http unprocessable entity' do
          subject

          expect(response).to have_http_status(422)
        end
      end

      context 'when the user is authenticated' do
        it_behaves_like 'a successful request to the link timeline'
      end
    end

    context 'when the instance allows public preview' do
      context 'with an authorized user' do
        it_behaves_like 'a successful request to the link timeline'
      end

      context 'with an anonymous user' do
        let(:headers) { {} }

        it_behaves_like 'a successful request to the link timeline'
      end

      context 'with limit param' do
        let(:params) { { limit: 1, url: url } }

        it 'returns only the requested number of statuses', :aggregate_failures do
          subject

          expect(response).to have_http_status(200)
          expect(body_as_json.size).to eq(params[:limit])
        end

        it 'sets the correct pagination headers', :aggregate_failures do
          subject

          expect(response)
            .to include_pagination_headers(
              prev: api_v1_timelines_link_url(limit: params[:limit], url: url, min_id: local_status.id),
              next: api_v1_timelines_link_url(limit: params[:limit], url: url, max_id: local_status.id)
            )
        end
      end
    end
  end
end
Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 10:43:04 +02:00			`# frozen_string_literal: true`

			`require 'rails_helper'`

Enable "zero monkey patching" mode in RSpec (#31614) 2024-09-04 07:12:25 +02:00			`RSpec.describe 'Link' do`
Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 10:43:04 +02:00			`let(:user) { Fabricate(:user) }`
			`let(:scopes) { 'read:statuses' }`
			`let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }`
			`let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }`

			`shared_examples 'a successful request to the link timeline' do`
			`it 'returns the expected statuses successfully', :aggregate_failures do`
			`subject`

			`expect(response).to have_http_status(200)`
			`expect(body_as_json.pluck(:id)).to match_array(expected_statuses.map { \|status\| status.id.to_s })`
			`end`
			`end`

			`describe 'GET /api/v1/timelines/link' do`
			`subject do`
			`get '/api/v1/timelines/link', headers: headers, params: params`
			`end`

			`let(:url) { 'https://example.com/' }`
			`let(:private_status) { Fabricate(:status, visibility: :private) }`
			`let(:undiscoverable_status) { Fabricate(:status, account: Fabricate.build(:account, domain: nil, discoverable: false)) }`
			`let(:local_status) { Fabricate(:status, account: Fabricate.build(:account, domain: nil, discoverable: true)) }`
			`let(:remote_status) { Fabricate(:status, account: Fabricate.build(:account, domain: 'example.com', discoverable: true)) }`
			`let(:params) { { url: url } }`
			`let(:expected_statuses) { [local_status, remote_status] }`
			`let(:preview_card) { Fabricate(:preview_card, url: url) }`

			`before do`
			`if preview_card.present?`
			`preview_card.create_trend!(allowed: true)`

			`[private_status, undiscoverable_status, remote_status, local_status].each do \|status\|`
			`PreviewCardsStatus.create(status: status, preview_card: preview_card, url: url)`
			`end`
			`end`
			`end`

Merge pull request from GHSA-58x8-3qxw-6hm7 * Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses` 2024-07-04 16:26:49 +02:00			`it_behaves_like 'forbidden for wrong scope', 'profile'`

Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 10:43:04 +02:00			`context 'when there is no preview card' do`
			`let(:preview_card) { nil }`

			`it 'returns http not found' do`
			`subject`

			`expect(response).to have_http_status(404)`
			`end`
			`end`

			`context 'when preview card is not trending' do`
			`before do`
			`preview_card.trend.destroy!`
			`end`

			`it 'returns http not found' do`
			`subject`

			`expect(response).to have_http_status(404)`
			`end`
			`end`

			`context 'when preview card is trending but not approved' do`
			`before do`
			`preview_card.trend.update(allowed: false)`
			`end`

			`it 'returns http not found' do`
			`subject`

			`expect(response).to have_http_status(404)`
			`end`
			`end`

			`context 'when the instance does not allow public preview' do`
			`before do`
			`Form::AdminSettings.new(timeline_preview: false).save`
			`end`

Merge pull request from GHSA-58x8-3qxw-6hm7 * Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses` 2024-07-04 16:26:49 +02:00			`it_behaves_like 'forbidden for wrong scope', 'profile'`

			`context 'without an authentication token' do`
Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 10:43:04 +02:00			`let(:headers) { {} }`

Merge pull request from GHSA-58x8-3qxw-6hm7 * Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses` 2024-07-04 16:26:49 +02:00			`it 'returns http unprocessable entity' do`
			`subject`

			`expect(response).to have_http_status(422)`
			`end`
			`end`

			`context 'with an application access token, not bound to a user' do`
			`let(:token) { Fabricate(:accessible_access_token, resource_owner_id: nil, scopes: scopes) }`

			`it 'returns http unprocessable entity' do`
Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 10:43:04 +02:00			`subject`

Merge pull request from GHSA-58x8-3qxw-6hm7 * Fix insufficient permission checking for public timeline endpoints Note that this changes unauthenticated access failure code from 401 to 422 * Add more tests for public timelines * Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses` 2024-07-04 16:26:49 +02:00			`expect(response).to have_http_status(422)`
Add timeline of public posts about a trending link to REST API (#30381) 2024-06-06 10:43:04 +02:00			`end`
			`end`

			`context 'when the user is authenticated' do`
			`it_behaves_like 'a successful request to the link timeline'`
			`end`
			`end`

			`context 'when the instance allows public preview' do`
			`context 'with an authorized user' do`
			`it_behaves_like 'a successful request to the link timeline'`
			`end`

			`context 'with an anonymous user' do`
			`let(:headers) { {} }`

			`it_behaves_like 'a successful request to the link timeline'`
			`end`

			`context 'with limit param' do`
			`let(:params) { { limit: 1, url: url } }`

			`it 'returns only the requested number of statuses', :aggregate_failures do`
			`subject`

			`expect(response).to have_http_status(200)`
			`expect(body_as_json.size).to eq(params[:limit])`
			`end`

			`it 'sets the correct pagination headers', :aggregate_failures do`
			`subject`

			`expect(response)`
			`.to include_pagination_headers(`
			`prev: api_v1_timelines_link_url(limit: params[:limit], url: url, min_id: local_status.id),`
			`next: api_v1_timelines_link_url(limit: params[:limit], url: url, max_id: local_status.id)`
			`)`
			`end`
			`end`
			`end`
			`end`
			`end`