autonomic-cooperative/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
.github
app
bin
config
db
docs
lib
log
nanobox
public
spec
controllers
activitypub
admin
api
auth
concerns
account_controller_concern_spec.rb
export_controller_concern_spec.rb
localized_spec.rb
obfuscate_filename_spec.rb
rate_limit_headers_spec.rb
signature_verification_spec.rb
user_tracking_concern_spec.rb
oauth
settings
well_known
about_controller_spec.rb
account_follow_controller_spec.rb
account_unfollow_controller_spec.rb
accounts_controller_spec.rb
application_controller_spec.rb
authorize_follows_controller_spec.rb
follower_accounts_controller_spec.rb
following_accounts_controller_spec.rb
home_controller_spec.rb
manifests_controller_spec.rb
media_controller_spec.rb
remote_follow_controller_spec.rb
statuses_controller_spec.rb
stream_entries_controller_spec.rb
tags_controller_spec.rb
fabricators
features
fixtures
helpers
lib
mailers
models
policies
presenters
requests
routing
services
support
validators
views
workers
rails_helper.rb
spec_helper.rb
streaming
vendor
.babelrc
.buildpacks
.codeclimate.yml
.dockerignore
.editorconfig
.env.nanobox
.env.production.sample
.env.test
.env.vagrant
.eslintignore
.eslintrc.yml
.foreman
.gitattributes
.gitignore
.haml-lint.yml
.nanoignore
.nvmrc
.postcssrc.yml
.profile
.rspec
.rubocop.yml
.ruby-version
.scss-lint.yml
.slugignore
.travis.yml
.yarnclean
AUTHORS.md
Aptfile
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Capfile
Dockerfile
Gemfile
Gemfile.lock
LICENSE
Procfile
Procfile.dev
README.md
Rakefile
Vagrantfile
app.json
boxfile.yml
config.ru
docker-compose.yml
jest.config.js
package.json
scalingo.json
yarn.lock
f5ed5f386020a08e8a659f4a6d25d2b875852be8
hometown/spec/controllers/concerns/signature_verification_spec.rb

115 lines
2.7 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require 'rails_helper'
describe ApplicationController, type: :controller do
controller do
include SignatureVerification
def success
head 200
end
def alternative_success
head 200
end
end
before do
routes.draw { match via: [:get, :post], 'success' => 'anonymous#success' }
end
context 'without signature header' do
before do
get :success
end
describe '#signed_request?' do
it 'returns false' do
expect(controller.signed_request?).to be false
end
end
describe '#signed_request_account' do
it 'returns nil' do
expect(controller.signed_request_account).to be_nil
end
end
end
context 'with signature header' do
let!(:author) { Fabricate(:account) }
context 'without body' do
before do
get :success
fake_request = Request.new(:get, request.url)
fake_request.on_behalf_of(author)
request.headers.merge!(fake_request.headers)
end
describe '#signed_request?' do
it 'returns true' do
expect(controller.signed_request?).to be true
end
end
describe '#signed_request_account' do
it 'returns an account' do
expect(controller.signed_request_account).to eq author
end
it 'returns nil when path does not match' do
request.path = '/alternative-path'
expect(controller.signed_request_account).to be_nil
end
it 'returns nil when method does not match' do
post :success
expect(controller.signed_request_account).to be_nil
end
end
end
context 'with body' do
before do
post :success, body: 'Hello world'
fake_request = Request.new(:post, request.url, body: 'Hello world')
fake_request.on_behalf_of(author)
request.headers.merge!(fake_request.headers)
end
describe '#signed_request?' do
it 'returns true' do
expect(controller.signed_request?).to be true
end
end
describe '#signed_request_account' do
it 'returns an account' do
expect(controller.signed_request_account).to eq author
end
it 'returns nil when path does not match' do
request.path = '/alternative-path'
expect(controller.signed_request_account).to be_nil
end
it 'returns nil when method does not match' do
get :success
expect(controller.signed_request_account).to be_nil
end
it 'returns nil when body has been tampered' do
request.headers['RAW_POST_DATA'] = 'doo doo doo'
expect(controller.signed_request_account).to be_nil
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink