Reject unconfirmed FASPs (#37926)

stable-4.4
David Roetzel 3 days ago
parent 7de301922b
commit b89d6e256b

@ -47,7 +47,7 @@ class Api::Fasp::BaseController < ApplicationController
provider = nil
Linzer.verify!(request.rack_request, no_older_than: 5.minutes) do |keyid|
provider = Fasp::Provider.find(keyid)
provider = Fasp::Provider.confirmed.find(keyid)
Linzer.new_ed25519_public_key(provider.provider_public_key_pem, keyid)
end

@ -34,6 +34,7 @@ class Fasp::Provider < ApplicationRecord
before_create :create_keypair
after_commit :update_remote_capabilities
scope :confirmed, -> { where(confirmed: true) }
scope :with_capability, lambda { |capability_name|
where('fasp_providers.capabilities @> ?::jsonb', "[{\"id\": \"#{capability_name}\", \"enabled\": true}]")
}

@ -6,34 +6,33 @@ RSpec.describe 'Api::Fasp::DataSharing::V0::BackfillRequests', feature: :fasp do
include ProviderRequestHelper
describe 'POST /api/fasp/data_sharing/v0/backfill_requests' do
let(:provider) { Fabricate(:fasp_provider) }
subject do
post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json
end
let(:provider) { Fabricate(:confirmed_fasp) }
let(:params) { { category: 'content', maxCount: 10 } }
let(:headers) do
request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_backfill_requests_url,
method: :post,
body: params)
end
it_behaves_like 'forbidden for unconfirmed provider'
context 'with valid parameters' do
it 'creates a new backfill request' do
params = { category: 'content', maxCount: 10 }
headers = request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_backfill_requests_url,
method: :post,
body: params)
expect do
post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json
end.to change(Fasp::BackfillRequest, :count).by(1)
expect { subject }.to change(Fasp::BackfillRequest, :count).by(1)
expect(response).to have_http_status(201)
end
end
context 'with invalid parameters' do
let(:params) { { category: 'unknown', maxCount: 10 } }
it 'does not create a backfill request' do
params = { category: 'unknown', maxCount: 10 }
headers = request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_backfill_requests_url,
method: :post,
body: params)
expect do
post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json
end.to_not change(Fasp::BackfillRequest, :count)
expect { subject }.to_not change(Fasp::BackfillRequest, :count)
expect(response).to have_http_status(422)
end
end

@ -6,15 +6,22 @@ RSpec.describe 'Api::Fasp::DataSharing::V0::Continuations', feature: :fasp do
include ProviderRequestHelper
describe 'POST /api/fasp/data_sharing/v0/backfill_requests/:id/continuations' do
let(:backfill_request) { Fabricate(:fasp_backfill_request) }
let(:provider) { backfill_request.fasp_provider }
subject do
post api_fasp_data_sharing_v0_backfill_request_continuation_path(backfill_request), headers:, as: :json
end
it 'queues a job to continue the given backfill request' do
headers = request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_backfill_request_continuation_url(backfill_request),
method: :post)
let(:provider) { Fabricate(:confirmed_fasp) }
let(:backfill_request) { Fabricate(:fasp_backfill_request, fasp_provider: provider) }
let(:headers) do
request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_backfill_request_continuation_url(backfill_request),
method: :post)
end
post api_fasp_data_sharing_v0_backfill_request_continuation_path(backfill_request), headers:, as: :json
it_behaves_like 'forbidden for unconfirmed provider'
it 'queues a job to continue the given backfill request' do
subject
expect(response).to have_http_status(204)
expect(Fasp::BackfillWorker).to have_enqueued_sidekiq_job(backfill_request.id)
end

@ -6,51 +6,57 @@ RSpec.describe 'Api::Fasp::DataSharing::V0::EventSubscriptions', feature: :fasp
include ProviderRequestHelper
describe 'POST /api/fasp/data_sharing/v0/event_subscriptions' do
let(:provider) { Fabricate(:fasp_provider) }
subject do
post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json
end
let(:provider) { Fabricate(:confirmed_fasp) }
let(:params) { { category: 'content', subscriptionType: 'lifecycle', maxBatchSize: 10 } }
let(:headers) do
request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_event_subscriptions_url,
method: :post,
body: params)
end
it_behaves_like 'forbidden for unconfirmed provider'
context 'with valid parameters' do
it 'creates a new subscription' do
params = { category: 'content', subscriptionType: 'lifecycle', maxBatchSize: 10 }
headers = request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_event_subscriptions_url,
method: :post,
body: params)
expect do
post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json
subject
end.to change(Fasp::Subscription, :count).by(1)
expect(response).to have_http_status(201)
end
end
context 'with invalid parameters' do
it 'does not create a subscription' do
params = { category: 'unknown' }
headers = request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_event_subscriptions_url,
method: :post,
body: params)
let(:params) { { category: 'unknown' } }
expect do
post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json
end.to_not change(Fasp::Subscription, :count)
it 'does not create a subscription' do
expect { subject }.to_not change(Fasp::Subscription, :count)
expect(response).to have_http_status(422)
end
end
end
describe 'DELETE /api/fasp/data_sharing/v0/event_subscriptions/:id' do
let(:subscription) { Fabricate(:fasp_subscription) }
let(:provider) { subscription.fasp_provider }
subject do
delete api_fasp_data_sharing_v0_event_subscription_path(subscription), headers:, as: :json
end
it 'deletes the subscription' do
headers = request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_event_subscription_url(subscription),
method: :delete)
let(:provider) { Fabricate(:confirmed_fasp) }
let!(:subscription) { Fabricate(:fasp_subscription, fasp_provider: provider) }
let(:headers) do
request_authentication_headers(provider,
url: api_fasp_data_sharing_v0_event_subscription_url(subscription),
method: :delete)
end
it_behaves_like 'forbidden for unconfirmed provider'
expect do
delete api_fasp_data_sharing_v0_event_subscription_path(subscription), headers:, as: :json
end.to change(Fasp::Subscription, :count).by(-1)
it 'deletes the subscription' do
expect { subject }.to change(Fasp::Subscription, :count).by(-1)
expect(response).to have_http_status(204)
end
end

@ -6,18 +6,23 @@ RSpec.describe 'Api::Fasp::Debug::V0::Callback::Responses', feature: :fasp do
include ProviderRequestHelper
describe 'POST /api/fasp/debug/v0/callback/responses' do
let(:provider) { Fabricate(:debug_fasp) }
subject do
post api_fasp_debug_v0_callback_responses_path, headers:, params: payload, as: :json
end
it 'create a record of the callback' do
payload = { test: 'call' }
headers = request_authentication_headers(provider,
url: api_fasp_debug_v0_callback_responses_url,
method: :post,
body: payload)
let(:provider) { Fabricate(:confirmed_fasp) }
let(:payload) { { test: 'call' } }
let(:headers) do
request_authentication_headers(provider,
url: api_fasp_debug_v0_callback_responses_url,
method: :post,
body: payload)
end
expect do
post api_fasp_debug_v0_callback_responses_path, headers:, params: payload, as: :json
end.to change(Fasp::DebugCallback, :count).by(1)
it_behaves_like 'forbidden for unconfirmed provider'
it 'create a record of the callback' do
expect { subject }.to change(Fasp::DebugCallback, :count).by(1)
expect(response).to have_http_status(201)
debug_callback = Fasp::DebugCallback.last

@ -0,0 +1,13 @@
# frozen_string_literal: true
RSpec.shared_examples 'forbidden for unconfirmed provider' do
context 'when the requesting provider is unconfirmed' do
let(:provider) { Fabricate(:fasp_provider) }
it 'returns http unauthorized' do
subject
expect(response).to have_http_status(401)
end
end
end

@ -6,10 +6,11 @@ RSpec.describe Fasp::AnnounceAccountLifecycleEventWorker do
include ProviderRequestHelper
let(:account_uri) { 'https://masto.example.com/accounts/1' }
let(:provider) { Fabricate(:confirmed_fasp) }
let(:subscription) do
Fabricate(:fasp_subscription, category: 'account')
Fabricate(:fasp_subscription, fasp_provider: provider, category: 'account')
end
let(:provider) { subscription.fasp_provider }
let!(:stubbed_request) do
stub_provider_request(provider,
method: :post,

@ -6,10 +6,11 @@ RSpec.describe Fasp::AnnounceContentLifecycleEventWorker do
include ProviderRequestHelper
let(:status_uri) { 'https://masto.example.com/status/1' }
let(:provider) { Fabricate(:confirmed_fasp) }
let(:subscription) do
Fabricate(:fasp_subscription)
Fabricate(:fasp_subscription, fasp_provider: provider)
end
let(:provider) { subscription.fasp_provider }
let!(:stubbed_request) do
stub_provider_request(provider,
method: :post,

@ -6,14 +6,15 @@ RSpec.describe Fasp::AnnounceTrendWorker do
include ProviderRequestHelper
let(:status) { Fabricate(:status) }
let(:provider) { Fabricate(:confirmed_fasp) }
let(:subscription) do
Fabricate(:fasp_subscription,
fasp_provider: provider,
category: 'content',
subscription_type: 'trends',
threshold_timeframe: 15,
threshold_likes: 2)
end
let(:provider) { subscription.fasp_provider }
let!(:stubbed_request) do
stub_provider_request(provider,
method: :post,

@ -5,8 +5,10 @@ require 'rails_helper'
RSpec.describe Fasp::BackfillWorker do
include ProviderRequestHelper
let(:backfill_request) { Fabricate(:fasp_backfill_request) }
let(:provider) { backfill_request.fasp_provider }
subject { described_class.new.perform(backfill_request.id) }
let(:provider) { Fabricate(:confirmed_fasp) }
let(:backfill_request) { Fabricate(:fasp_backfill_request, fasp_provider: provider) }
let(:status) { Fabricate(:status) }
let!(:stubbed_request) do
stub_provider_request(provider,

Loading…
Cancel
Save