/
request_spec.rb
291 lines (231 loc) · 9.58 KB
/
request_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
# frozen_string_literal: true
require 'rails_helper'
require 'securerandom'
describe Request do
subject { described_class.new(:get, url) }
let(:url) { 'http://example.com' }
describe '#headers' do
it 'returns user agent' do
expect(subject.headers['User-Agent']).to be_present
end
it 'returns the date header' do
expect(subject.headers['Date']).to be_present
end
it 'returns the host header' do
expect(subject.headers['Host']).to be_present
end
it 'does not return virtual request-target header' do
expect(subject.headers['(request-target)']).to be_nil
end
end
describe '#on_behalf_of' do
it 'when used, adds signature header' do
subject.on_behalf_of(Fabricate(:account))
expect(subject.headers['Signature']).to be_present
end
end
describe '#add_headers' do
it 'adds headers to the request' do
subject.add_headers('Test' => 'Foo')
expect(subject.headers['Test']).to eq 'Foo'
end
end
describe '#perform' do
context 'with valid host' do
before { stub_request(:get, 'http://example.com') }
it 'executes a HTTP request' do
expect { |block| subject.perform(&block) }.to yield_control
expect(a_request(:get, 'http://example.com')).to have_been_made.once
end
it 'executes a HTTP request when the first address is private' do
resolver = instance_double(Resolv::DNS)
allow(resolver).to receive(:getaddresses).with('example.com').and_return(%w(0.0.0.0 2001:4860:4860::8844))
allow(resolver).to receive(:timeouts=).and_return(nil)
allow(Resolv::DNS).to receive(:open).and_yield(resolver)
expect { |block| subject.perform(&block) }.to yield_control
expect(a_request(:get, 'http://example.com')).to have_been_made.once
end
it 'sets headers' do
expect { |block| subject.perform(&block) }.to yield_control
expect(a_request(:get, 'http://example.com').with(headers: subject.headers)).to have_been_made
end
it 'closes underlying connection' do
expect_any_instance_of(HTTP::Client).to receive(:close)
expect { |block| subject.perform(&block) }.to yield_control
end
it 'returns response which implements body_with_limit' do
subject.perform do |response|
expect(response).to respond_to :body_with_limit
end
end
end
context 'with private host' do
around do |example|
WebMock.disable!
example.run
WebMock.enable!
end
it 'raises Mastodon::ValidationError' do
resolver = instance_double(Resolv::DNS)
allow(resolver).to receive(:getaddresses).with('example.com').and_return(%w(0.0.0.0 2001:db8::face))
allow(resolver).to receive(:timeouts=).and_return(nil)
allow(Resolv::DNS).to receive(:open).and_yield(resolver)
expect { subject.perform }.to raise_error Mastodon::ValidationError
end
end
context 'with bare domain URL' do
let(:url) { 'http://example.com' }
before do
stub_request(:get, 'http://example.com')
end
it 'normalizes path' do
subject.perform do |response|
expect(response.request.uri.path).to eq '/'
end
end
it 'normalizes path used for request signing' do
subject.perform
headers = subject.instance_variable_get(:@headers)
expect(headers[Request::REQUEST_TARGET]).to eq 'get /'
end
it 'normalizes path used in request line' do
subject.perform do |response|
expect(response.request.headline).to eq 'GET / HTTP/1.1'
end
end
end
context 'with unnormalized URL' do
let(:url) { 'HTTP://EXAMPLE.com:80/foo%41%3A?bar=%41%3A#baz' }
before do
stub_request(:get, 'http://example.com/foo%41%3A?bar=%41%3A')
end
it 'normalizes scheme' do
subject.perform do |response|
expect(response.request.uri.scheme).to eq 'http'
end
end
it 'normalizes host' do
subject.perform do |response|
expect(response.request.uri.authority).to eq 'example.com'
end
end
it 'does not modify path' do
subject.perform do |response|
expect(response.request.uri.path).to eq '/foo%41%3A'
end
end
it 'does not modify query string' do
subject.perform do |response|
expect(response.request.uri.query).to eq 'bar=%41%3A'
end
end
it 'does not modify path used for request signing' do
subject.perform
headers = subject.instance_variable_get(:@headers)
expect(headers[Request::REQUEST_TARGET]).to eq 'get /foo%41%3A'
end
it 'does not modify path used in request line' do
subject.perform do |response|
expect(response.request.headline).to eq 'GET /foo%41%3A?bar=%41%3A HTTP/1.1'
end
end
it 'strips fragment' do
subject.perform do |response|
expect(response.request.uri.fragment).to be_nil
end
end
end
context 'with non-ASCII URL' do
let(:url) { 'http://éxample.com:81/föo?bär=1' }
before do
stub_request(:get, 'http://xn--xample-9ua.com:81/f%C3%B6o?b%C3%A4r=1')
end
it 'IDN-encodes host' do
subject.perform do |response|
expect(response.request.uri.authority).to eq 'xn--xample-9ua.com:81'
end
end
it 'IDN-encodes host in Host header' do
subject.perform do |response|
expect(response.request.headers['Host']).to eq 'xn--xample-9ua.com'
end
end
it 'percent-escapes path used for request signing' do
subject.perform
headers = subject.instance_variable_get(:@headers)
expect(headers[Request::REQUEST_TARGET]).to eq 'get /f%C3%B6o'
end
it 'normalizes path used in request line' do
subject.perform do |response|
expect(response.request.headline).to eq 'GET /f%C3%B6o?b%C3%A4r=1 HTTP/1.1'
end
end
end
context 'with redirecting URL' do
let(:url) { 'http://example.com/foo' }
before do
stub_request(:get, 'http://example.com/foo').to_return(status: 302, headers: { 'Location' => 'HTTPS://EXAMPLE.net/Bar' })
stub_request(:get, 'https://example.net/Bar').to_return(body: 'Lorem ipsum')
end
it 'resolves redirect' do
subject.perform do |response|
expect(response.body.to_s).to eq 'Lorem ipsum'
end
expect(a_request(:get, 'https://example.net/Bar')).to have_been_made
end
it 'normalizes destination scheme' do
subject.perform do |response|
expect(response.request.uri.scheme).to eq 'https'
end
end
it 'normalizes destination host' do
subject.perform do |response|
expect(response.request.uri.authority).to eq 'example.net'
end
end
it 'does modify path' do
subject.perform do |response|
expect(response.request.uri.path).to eq '/Bar'
end
end
end
end
describe "response's body_with_limit method" do
it 'rejects body more than 1 megabyte by default' do
stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes))
expect { subject.perform(&:body_with_limit) }.to raise_error Mastodon::LengthValidationError
end
it 'accepts body less than 1 megabyte by default' do
stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.kilobytes))
expect { subject.perform(&:body_with_limit) }.to_not raise_error
end
it 'rejects body by given size' do
stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.kilobytes))
expect { subject.perform { |response| response.body_with_limit(1.kilobyte) } }.to raise_error Mastodon::LengthValidationError
end
it 'rejects too large chunked body' do
stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Transfer-Encoding' => 'chunked' })
expect { subject.perform(&:body_with_limit) }.to raise_error Mastodon::LengthValidationError
end
it 'rejects too large monolithic body' do
stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Content-Length' => 2.megabytes })
expect { subject.perform(&:body_with_limit) }.to raise_error Mastodon::LengthValidationError
end
it 'truncates large monolithic body' do
stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Content-Length' => 2.megabytes })
expect(subject.perform { |response| response.truncated_body.bytesize }).to be < 2.megabytes
end
it 'uses binary encoding if Content-Type does not tell encoding' do
stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html' })
expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::BINARY
end
it 'uses binary encoding if Content-Type tells unknown encoding' do
stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html; charset=unknown' })
expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::BINARY
end
it 'uses encoding specified by Content-Type' do
stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html; charset=UTF-8' })
expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::UTF_8
end
end
end