test/controllers/api/user_blocks_controller_test.rb

   1 require "test_helper"
   2
   3 module Api
   4   class UserBlocksControllerTest < ActionDispatch::IntegrationTest
   5     def test_routes
   6       assert_routing(
   7         { :path => "/api/0.6/user_blocks", :method => :post },
   8         { :controller => "api/user_blocks", :action => "create" }
   9       )
  10       assert_routing(
  11         { :path => "/api/0.6/user_blocks/1", :method => :get },
  12         { :controller => "api/user_blocks", :action => "show", :id => "1" }
  13       )
  14       assert_routing(
  15         { :path => "/api/0.6/user_blocks/1.json", :method => :get },
  16         { :controller => "api/user_blocks", :action => "show", :id => "1", :format => "json" }
  17       )
  18     end
  19
  20     def test_show
  21       blocked_user = create(:user)
  22       creator_user = create(:moderator_user)
  23       block = create(:user_block, :user => blocked_user, :creator => creator_user, :reason => "because running tests")
  24
  25       get api_user_block_path(block)
  26       assert_response :success
  27       assert_select "osm>user_block", 1 do
  28         assert_select ">@id", block.id.to_s
  29         assert_select ">user", 1
  30         assert_select ">user>@uid", blocked_user.id.to_s
  31         assert_select ">creator", 1
  32         assert_select ">creator>@uid", creator_user.id.to_s
  33         assert_select ">revoker", 0
  34         assert_select ">reason", 1
  35         assert_select ">reason", "because running tests"
  36       end
  37
  38       get api_user_block_path(block, :format => "json")
  39       assert_response :success
  40       js = ActiveSupport::JSON.decode(@response.body)
  41       assert_not_nil js
  42       assert_equal block.id, js["user_block"]["id"]
  43     end
  44
  45     def test_show_not_found
  46       get api_user_block_path(123)
  47       assert_response :not_found
  48       assert_equal "text/plain", @response.media_type
  49     end
  50
  51     def test_create_no_permission
  52       blocked_user = create(:user)
  53       assert_empty blocked_user.blocks
  54
  55       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1)
  56       assert_response :unauthorized
  57       assert_empty blocked_user.blocks
  58
  59       regular_creator_user = create(:user)
  60       auth_header = bearer_authorization_header(regular_creator_user, :scopes => %w[read_prefs])
  61       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
  62       assert_response :forbidden
  63       assert_empty blocked_user.blocks
  64
  65       auth_header = bearer_authorization_header(regular_creator_user, :scopes => %w[read_prefs write_blocks])
  66       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
  67       assert_response :forbidden
  68       assert_empty blocked_user.blocks
  69
  70       moderator_creator_user = create(:moderator_user)
  71       auth_header = bearer_authorization_header(moderator_creator_user, :scopes => %w[read_prefs])
  72       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
  73       assert_response :forbidden
  74       assert_empty blocked_user.blocks
  75     end
  76
  77     def test_create_invalid_because_no_user
  78       blocked_user = create(:user, :deleted)
  79       assert_empty blocked_user.blocks
  80
  81       creator_user = create(:moderator_user)
  82       auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
  83       post api_user_blocks_path(:reason => "because", :period => 1), :headers => auth_header
  84       assert_response :bad_request
  85       assert_equal "text/plain", @response.media_type
  86       assert_equal "No user was given", @response.body
  87
  88       assert_empty blocked_user.blocks
  89     end
  90
  91     def test_create_invalid_because_user_is_unknown
  92       creator_user = create(:moderator_user)
  93       auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
  94       post api_user_blocks_path(:user => 0, :reason => "because", :period => 1), :headers => auth_header
  95       assert_response :not_found
  96       assert_equal "text/plain", @response.media_type
  97     end
  98
  99     def test_create_invalid_because_user_is_deleted
 100       blocked_user = create(:user, :deleted)
 101       assert_empty blocked_user.blocks
 102
 103       creator_user = create(:moderator_user)
 104       auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
 105       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
 106       assert_response :not_found
 107       assert_equal "text/plain", @response.media_type
 108
 109       assert_empty blocked_user.blocks
 110     end
 111
 112     def test_create_invalid_because_missing_reason
 113       create_with_params_and_assert_bad_request("No reason was given", :period => "10")
 114     end
 115
 116     def test_create_invalid_because_missing_period
 117       create_with_params_and_assert_bad_request("No period was given", :reason => "because")
 118     end
 119
 120     def test_create_invalid_because_non_numeric_period
 121       create_with_params_and_assert_bad_request("Period should be a number of hours", :reason => "because", :period => "one hour")
 122     end
 123
 124     def test_create_invalid_because_negative_period
 125       create_with_params_and_assert_bad_request("Period must be between 0 and #{UserBlock::PERIODS.max}", :reason => "go away", :period => "-1")
 126     end
 127
 128     def test_create_invalid_because_excessive_period
 129       create_with_params_and_assert_bad_request("Period must be between 0 and #{UserBlock::PERIODS.max}", :reason => "go away", :period => "10000000")
 130     end
 131
 132     def test_create_invalid_because_unknown_needs_view
 133       create_with_params_and_assert_bad_request("Needs_view must be true if provided", :reason => "because", :period => "1", :needs_view => "maybe")
 134     end
 135
 136     def test_create_success
 137       blocked_user = create(:user)
 138       creator_user = create(:moderator_user)
 139
 140       assert_empty blocked_user.blocks
 141       auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
 142       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
 143       assert_response :success
 144       assert_equal 1, blocked_user.blocks.length
 145
 146       block = blocked_user.blocks.take
 147       assert_predicate block, :active?
 148       assert_equal "because", block.reason
 149       assert_equal creator_user, block.creator
 150
 151       assert_equal "application/xml", @response.media_type
 152       assert_select "osm>user_block", 1 do
 153         assert_select ">@id", block.id.to_s
 154         assert_select ">@needs_view", "false"
 155         assert_select ">user", 1
 156         assert_select ">user>@uid", blocked_user.id.to_s
 157         assert_select ">creator", 1
 158         assert_select ">creator>@uid", creator_user.id.to_s
 159         assert_select ">revoker", 0
 160         assert_select ">reason", 1
 161         assert_select ">reason", "because"
 162       end
 163     end
 164
 165     def test_create_success_with_needs_view
 166       blocked_user = create(:user)
 167       creator_user = create(:moderator_user)
 168
 169       assert_empty blocked_user.blocks
 170       auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
 171       post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => "1", :needs_view => "true"), :headers => auth_header
 172       assert_response :success
 173       assert_equal 1, blocked_user.blocks.length
 174
 175       block = blocked_user.blocks.take
 176       assert_predicate block, :active?
 177       assert_equal "because", block.reason
 178       assert_equal creator_user, block.creator
 179
 180       assert_equal "application/xml", @response.media_type
 181       assert_select "osm>user_block", 1 do
 182         assert_select ">@id", block.id.to_s
 183         assert_select ">@needs_view", "true"
 184         assert_select ">user", 1
 185         assert_select ">user>@uid", blocked_user.id.to_s
 186         assert_select ">creator", 1
 187         assert_select ">creator>@uid", creator_user.id.to_s
 188         assert_select ">revoker", 0
 189         assert_select ">reason", 1
 190         assert_select ">reason", "because"
 191       end
 192     end
 193
 194     private
 195
 196     def create_with_params_and_assert_bad_request(message, **params)
 197       blocked_user = create(:user)
 198       assert_empty blocked_user.blocks
 199
 200       moderator_creator_user = create(:moderator_user)
 201       auth_header = bearer_authorization_header(moderator_creator_user, :scopes => %w[read_prefs write_blocks])
 202
 203       post api_user_blocks_path({ :user => blocked_user.id }.merge(params)), :headers => auth_header
 204       assert_response :bad_request
 205       assert_equal "text/plain", @response.media_type
 206       assert_equal message, @response.body
 207
 208       assert_empty blocked_user.blocks
 209     end
 210   end
 211 end