From de4815afda0809bf999519aabda1cd14c67278da Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Mon, 20 May 2024 12:06:51 +0200
Subject: [PATCH] Add more tests for self-destruct mode (#30374)

---
 spec/helpers/self_destruct_helper_spec.rb | 70 +++++++++++++++++
 spec/requests/self_destruct_spec.rb       | 92 +++++++++++++++++++++++
 2 files changed, 162 insertions(+)
 create mode 100644 spec/helpers/self_destruct_helper_spec.rb
 create mode 100644 spec/requests/self_destruct_spec.rb

diff --git a/spec/helpers/self_destruct_helper_spec.rb b/spec/helpers/self_destruct_helper_spec.rb
new file mode 100644
index 0000000000..09d7347eee
--- /dev/null
+++ b/spec/helpers/self_destruct_helper_spec.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe SelfDestructHelper do
+  describe 'self_destruct?' do
+    context 'when SELF_DESTRUCT is unset' do
+      it 'returns false' do
+        expect(helper.self_destruct?).to be false
+      end
+    end
+
+    context 'when SELF_DESTRUCT is set to an invalid value' do
+      around do |example|
+        ClimateControl.modify SELF_DESTRUCT: 'true' do
+          example.run
+        end
+      end
+
+      it 'returns false' do
+        expect(helper.self_destruct?).to be false
+      end
+    end
+
+    context 'when SELF_DESTRUCT is set to value signed for the wrong purpose' do
+      around do |example|
+        ClimateControl.modify(
+          SELF_DESTRUCT: Rails.application.message_verifier('foo').generate('example.com'),
+          LOCAL_DOMAIN: 'example.com'
+        ) do
+          example.run
+        end
+      end
+
+      it 'returns false' do
+        expect(helper.self_destruct?).to be false
+      end
+    end
+
+    context 'when SELF_DESTRUCT is set to value signed for the wrong domain' do
+      around do |example|
+        ClimateControl.modify(
+          SELF_DESTRUCT: Rails.application.message_verifier('self-destruct').generate('foo.com'),
+          LOCAL_DOMAIN: 'example.com'
+        ) do
+          example.run
+        end
+      end
+
+      it 'returns false' do
+        expect(helper.self_destruct?).to be false
+      end
+    end
+
+    context 'when SELF_DESTRUCT is set to a correctly-signed value' do
+      around do |example|
+        ClimateControl.modify(
+          SELF_DESTRUCT: Rails.application.message_verifier('self-destruct').generate('example.com'),
+          LOCAL_DOMAIN: 'example.com'
+        ) do
+          example.run
+        end
+      end
+
+      it 'returns true' do
+        expect(helper.self_destruct?).to be true
+      end
+    end
+  end
+end
diff --git a/spec/requests/self_destruct_spec.rb b/spec/requests/self_destruct_spec.rb
new file mode 100644
index 0000000000..f71a2325e2
--- /dev/null
+++ b/spec/requests/self_destruct_spec.rb
@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'Self-destruct mode' do
+  before do
+    allow(SelfDestructHelper).to receive(:self_destruct?).and_return(true)
+  end
+
+  shared_examples 'generic logged out request' do |path|
+    it 'returns 410 gone and mentions self-destruct' do
+      get path, headers: { 'Accept' => 'text/html' }
+
+      expect(response).to have_http_status(410)
+      expect(response.body).to include(I18n.t('self_destruct.title'))
+    end
+  end
+
+  shared_examples 'accessible logged-in endpoint' do |path|
+    it 'returns 200 ok' do
+      get path
+
+      expect(response).to have_http_status(200)
+    end
+  end
+
+  shared_examples 'ActivityPub request' do |path|
+    context 'without signature' do
+      it 'returns 410 gone' do
+        get path, headers: {
+          'Accept' => 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+        }
+
+        expect(response).to have_http_status(410)
+      end
+    end
+
+    context 'with invalid signature' do
+      it 'returns 410 gone' do
+        get path, headers: {
+          'Accept' => 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+          'Signature' => 'keyId="https://remote.domain/users/bob#main-key",algorithm="rsa-sha256",headers="date host (request-target)",signature="bar"',
+        }
+
+        expect(response).to have_http_status(410)
+      end
+    end
+  end
+
+  context 'when requesting various unavailable endpoints' do
+    it_behaves_like 'generic logged out request', '/'
+    it_behaves_like 'generic logged out request', '/about'
+    it_behaves_like 'generic logged out request', '/public'
+  end
+
+  context 'when requesting a suspended account' do
+    let(:suspended) { Fabricate(:account, username: 'suspended') }
+
+    before do
+      suspended.suspend!
+    end
+
+    it_behaves_like 'generic logged out request', '/@suspended'
+    it_behaves_like 'ActivityPub request', '/users/suspended'
+    it_behaves_like 'ActivityPub request', '/users/suspended/followers'
+    it_behaves_like 'ActivityPub request', '/users/suspended/outbox'
+  end
+
+  context 'when requesting a non-suspended account' do
+    before do
+      Fabricate(:account, username: 'bob')
+    end
+
+    it_behaves_like 'generic logged out request', '/@bob'
+    it_behaves_like 'ActivityPub request', '/users/bob'
+    it_behaves_like 'ActivityPub request', '/users/bob/followers'
+    it_behaves_like 'ActivityPub request', '/users/bob/outbox'
+  end
+
+  context 'when accessing still-enabled endpoints when logged in' do
+    let(:user) { Fabricate(:user) }
+
+    before do
+      sign_in(user)
+    end
+
+    it_behaves_like 'accessible logged-in endpoint', '/auth/edit'
+    it_behaves_like 'accessible logged-in endpoint', '/settings/export'
+    it_behaves_like 'accessible logged-in endpoint', '/settings/login_activities'
+    it_behaves_like 'accessible logged-in endpoint', '/settings/exports/follows.csv'
+  end
+end