From 92658f0fb0cf6cb582126f41f7132bde80f77657 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Sun, 6 Feb 2022 15:31:03 +0100
Subject: [PATCH] Fix instance actor not being dereferenceable (#17457)

* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
---
 app/controllers/instance_actors_controller.rb |  1 +
 .../instance_actors_controller_spec.rb        | 55 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 spec/controllers/instance_actors_controller_spec.rb

diff --git a/app/controllers/instance_actors_controller.rb b/app/controllers/instance_actors_controller.rb
index b3b5476e2..0853897f2 100644
--- a/app/controllers/instance_actors_controller.rb
+++ b/app/controllers/instance_actors_controller.rb
@@ -3,6 +3,7 @@
 class InstanceActorsController < ApplicationController
   include AccountControllerConcern
 
+  skip_before_action :check_account_confirmation
   skip_around_action :set_locale
 
   def show
diff --git a/spec/controllers/instance_actors_controller_spec.rb b/spec/controllers/instance_actors_controller_spec.rb
new file mode 100644
index 000000000..f64a7d2ca
--- /dev/null
+++ b/spec/controllers/instance_actors_controller_spec.rb
@@ -0,0 +1,55 @@
+require 'rails_helper'
+
+RSpec.describe InstanceActorsController, type: :controller do
+  describe 'GET #show' do
+    context 'as JSON' do
+      let(:format) { 'json' }
+
+      shared_examples 'shared behavior' do
+        before do
+          get :show, params: { format: format }
+        end
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns application/activity+json' do
+          expect(response.media_type).to eq 'application/activity+json'
+        end
+
+        it 'does not set cookies' do
+          expect(response.cookies).to be_empty
+          expect(response.headers['Set-Cookies']).to be nil
+        end
+
+        it 'does not set sessions' do
+          expect(session).to be_empty
+        end
+
+        it 'returns public Cache-Control header' do
+          expect(response.headers['Cache-Control']).to include 'public'
+        end
+
+        it 'renders account' do
+          json = body_as_json
+          expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :inbox, :outbox, :url)
+        end
+      end
+
+      before do
+        allow(controller).to receive(:authorized_fetch_mode?).and_return(authorized_fetch_mode)
+      end
+
+      context 'without authorized fetch mode' do
+        let(:authorized_fetch_mode) { false }
+        it_behaves_like 'shared behavior'
+      end
+
+      context 'with authorized fetch mode' do
+        let(:authorized_fetch_mode) { true }
+        it_behaves_like 'shared behavior'
+      end
+    end
+  end
+end