git.squeep.com Git - akkoma/blob - test/pleroma/web/admin_api/controllers/report_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
   6   use Pleroma.Web.ConnCase, async: true
   7
   8   import Pleroma.Factory
   9
  10   alias Pleroma.Activity
  11   alias Pleroma.ModerationLog
  12   alias Pleroma.Repo
  13   alias Pleroma.ReportNote
  14   alias Pleroma.Web.CommonAPI
  15
  16   setup do
  17     admin = insert(:user, is_admin: true)
  18     token = insert(:oauth_admin_token, user: admin)
  19
  20     conn =
  21       build_conn()
  22       |> assign(:user, admin)
  23       |> assign(:token, token)
  24
  25     {:ok, %{admin: admin, token: token, conn: conn}}
  26   end
  27
  28   describe "GET /api/pleroma/admin/reports/:id" do
  29     test "returns report by its id", %{conn: conn} do
  30       [reporter, target_user] = insert_pair(:user)
  31       activity = insert(:note_activity, user: target_user)
  32
  33       {:ok, %{id: report_id}} =
  34         CommonAPI.report(reporter, %{
  35           account_id: target_user.id,
  36           comment: "I feel offended",
  37           status_ids: [activity.id]
  38         })
  39
  40       conn
  41       |> put_req_header("content-type", "application/json")
  42       |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
  43         content: "this is an admin note"
  44       })
  45
  46       response =
  47         conn
  48         |> get("/api/pleroma/admin/reports/#{report_id}")
  49         |> json_response_and_validate_schema(:ok)
  50
  51       assert response["id"] == report_id
  52
  53       [notes] = response["notes"]
  54       assert notes["content"] == "this is an admin note"
  55     end
  56
  57     test "returns 404 when report id is invalid", %{conn: conn} do
  58       conn = get(conn, "/api/pleroma/admin/reports/test")
  59
  60       assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
  61     end
  62   end
  63
  64   describe "PATCH /api/pleroma/admin/reports" do
  65     setup do
  66       [reporter, target_user] = insert_pair(:user)
  67       activity = insert(:note_activity, user: target_user)
  68
  69       {:ok, %{id: report_id}} =
  70         CommonAPI.report(reporter, %{
  71           account_id: target_user.id,
  72           comment: "I feel offended",
  73           status_ids: [activity.id]
  74         })
  75
  76       {:ok, %{id: second_report_id}} =
  77         CommonAPI.report(reporter, %{
  78           account_id: target_user.id,
  79           comment: "I feel very offended",
  80           status_ids: [activity.id]
  81         })
  82
  83       %{
  84         id: report_id,
  85         second_report_id: second_report_id
  86       }
  87     end
  88
  89     test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
  90       read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
  91       write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
  92
  93       response =
  94         conn
  95         |> assign(:token, read_token)
  96         |> put_req_header("content-type", "application/json")
  97         |> patch("/api/pleroma/admin/reports", %{
  98           "reports" => [%{"state" => "resolved", "id" => id}]
  99         })
 100         |> json_response_and_validate_schema(403)
 101
 102       assert response == %{
 103                "error" => "Insufficient permissions: admin:write:reports."
 104              }
 105
 106       conn
 107       |> assign(:token, write_token)
 108       |> put_req_header("content-type", "application/json")
 109       |> patch("/api/pleroma/admin/reports", %{
 110         "reports" => [%{"state" => "resolved", "id" => id}]
 111       })
 112       |> json_response_and_validate_schema(:no_content)
 113     end
 114
 115     test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
 116       conn
 117       |> put_req_header("content-type", "application/json")
 118       |> patch("/api/pleroma/admin/reports", %{
 119         "reports" => [
 120           %{"state" => "resolved", "id" => id}
 121         ]
 122       })
 123       |> json_response_and_validate_schema(:no_content)
 124
 125       activity = Activity.get_by_id_with_user_actor(id)
 126       assert activity.data["state"] == "resolved"
 127
 128       log_entry = Repo.one(ModerationLog)
 129
 130       assert ModerationLog.get_log_entry_message(log_entry) ==
 131                "@#{admin.nickname} updated report ##{id} (on user @#{activity.user_actor.nickname}) with 'resolved' state"
 132     end
 133
 134     test "closes report", %{conn: conn, id: id, admin: admin} do
 135       conn
 136       |> put_req_header("content-type", "application/json")
 137       |> patch("/api/pleroma/admin/reports", %{
 138         "reports" => [
 139           %{"state" => "closed", "id" => id}
 140         ]
 141       })
 142       |> json_response_and_validate_schema(:no_content)
 143
 144       activity = Activity.get_by_id_with_user_actor(id)
 145       assert activity.data["state"] == "closed"
 146
 147       log_entry = Repo.one(ModerationLog)
 148
 149       assert ModerationLog.get_log_entry_message(log_entry) ==
 150                "@#{admin.nickname} updated report ##{id} (on user @#{activity.user_actor.nickname}) with 'closed' state"
 151     end
 152
 153     test "returns 400 when state is unknown", %{conn: conn, id: id} do
 154       conn =
 155         conn
 156         |> put_req_header("content-type", "application/json")
 157         |> patch("/api/pleroma/admin/reports", %{
 158           "reports" => [
 159             %{"state" => "test", "id" => id}
 160           ]
 161         })
 162
 163       assert "Unsupported state" =
 164                hd(json_response_and_validate_schema(conn, :bad_request))["error"]
 165     end
 166
 167     test "returns 404 when report is not exist", %{conn: conn} do
 168       conn =
 169         conn
 170         |> put_req_header("content-type", "application/json")
 171         |> patch("/api/pleroma/admin/reports", %{
 172           "reports" => [
 173             %{"state" => "closed", "id" => "test"}
 174           ]
 175         })
 176
 177       assert hd(json_response_and_validate_schema(conn, :bad_request))["error"] == "not_found"
 178     end
 179
 180     test "updates state of multiple reports", %{
 181       conn: conn,
 182       id: id,
 183       admin: admin,
 184       second_report_id: second_report_id
 185     } do
 186       conn
 187       |> put_req_header("content-type", "application/json")
 188       |> patch("/api/pleroma/admin/reports", %{
 189         "reports" => [
 190           %{"state" => "resolved", "id" => id},
 191           %{"state" => "closed", "id" => second_report_id}
 192         ]
 193       })
 194       |> json_response_and_validate_schema(:no_content)
 195
 196       activity = Activity.get_by_id_with_user_actor(id)
 197       second_activity = Activity.get_by_id_with_user_actor(second_report_id)
 198       assert activity.data["state"] == "resolved"
 199       assert second_activity.data["state"] == "closed"
 200
 201       [first_log_entry, second_log_entry] = Repo.all(ModerationLog)
 202
 203       assert ModerationLog.get_log_entry_message(first_log_entry) ==
 204                "@#{admin.nickname} updated report ##{id} (on user @#{activity.user_actor.nickname}) with 'resolved' state"
 205
 206       assert ModerationLog.get_log_entry_message(second_log_entry) ==
 207                "@#{admin.nickname} updated report ##{second_report_id} (on user @#{
 208                  second_activity.user_actor.nickname
 209                }) with 'closed' state"
 210     end
 211   end
 212
 213   describe "GET /api/pleroma/admin/reports" do
 214     test "returns empty response when no reports created", %{conn: conn} do
 215       response =
 216         conn
 217         |> get(report_path(conn, :index))
 218         |> json_response_and_validate_schema(:ok)
 219
 220       assert Enum.empty?(response["reports"])
 221       assert response["total"] == 0
 222     end
 223
 224     test "returns reports", %{conn: conn} do
 225       [reporter, target_user] = insert_pair(:user)
 226       activity = insert(:note_activity, user: target_user)
 227
 228       {:ok, %{id: report_id}} =
 229         CommonAPI.report(reporter, %{
 230           account_id: target_user.id,
 231           comment: "I feel offended",
 232           status_ids: [activity.id]
 233         })
 234
 235       response =
 236         conn
 237         |> get(report_path(conn, :index))
 238         |> json_response_and_validate_schema(:ok)
 239
 240       [report] = response["reports"]
 241
 242       assert length(response["reports"]) == 1
 243       assert report["id"] == report_id
 244
 245       assert response["total"] == 1
 246     end
 247
 248     test "returns reports with specified state", %{conn: conn} do
 249       [reporter, target_user] = insert_pair(:user)
 250       activity = insert(:note_activity, user: target_user)
 251
 252       {:ok, %{id: first_report_id}} =
 253         CommonAPI.report(reporter, %{
 254           account_id: target_user.id,
 255           comment: "I feel offended",
 256           status_ids: [activity.id]
 257         })
 258
 259       {:ok, %{id: second_report_id}} =
 260         CommonAPI.report(reporter, %{
 261           account_id: target_user.id,
 262           comment: "I don't like this user"
 263         })
 264
 265       CommonAPI.update_report_state(second_report_id, "closed")
 266
 267       response =
 268         conn
 269         |> get(report_path(conn, :index, %{state: "open"}))
 270         |> json_response_and_validate_schema(:ok)
 271
 272       assert [open_report] = response["reports"]
 273
 274       assert length(response["reports"]) == 1
 275       assert open_report["id"] == first_report_id
 276
 277       assert response["total"] == 1
 278
 279       response =
 280         conn
 281         |> get(report_path(conn, :index, %{state: "closed"}))
 282         |> json_response_and_validate_schema(:ok)
 283
 284       assert [closed_report] = response["reports"]
 285
 286       assert length(response["reports"]) == 1
 287       assert closed_report["id"] == second_report_id
 288
 289       assert response["total"] == 1
 290
 291       assert %{"total" => 0, "reports" => []} ==
 292                conn
 293                |> get(report_path(conn, :index, %{state: "resolved"}))
 294                |> json_response_and_validate_schema(:ok)
 295     end
 296
 297     test "returns 403 when requested by a non-admin" do
 298       user = insert(:user)
 299       token = insert(:oauth_token, user: user)
 300
 301       conn =
 302         build_conn()
 303         |> assign(:user, user)
 304         |> assign(:token, token)
 305         |> get("/api/pleroma/admin/reports")
 306
 307       assert json_response(conn, :forbidden) ==
 308                %{"error" => "User is not an admin."}
 309     end
 310
 311     test "returns 403 when requested by anonymous" do
 312       conn = get(build_conn(), "/api/pleroma/admin/reports")
 313
 314       assert json_response(conn, :forbidden) == %{
 315                "error" => "Invalid credentials."
 316              }
 317     end
 318   end
 319
 320   describe "POST /api/pleroma/admin/reports/:id/notes" do
 321     setup %{conn: conn, admin: admin} do
 322       [reporter, target_user] = insert_pair(:user)
 323       activity = insert(:note_activity, user: target_user)
 324
 325       {:ok, %{id: report_id}} =
 326         CommonAPI.report(reporter, %{
 327           account_id: target_user.id,
 328           comment: "I feel offended",
 329           status_ids: [activity.id]
 330         })
 331
 332       conn
 333       |> put_req_header("content-type", "application/json")
 334       |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
 335         content: "this is disgusting!"
 336       })
 337
 338       conn
 339       |> put_req_header("content-type", "application/json")
 340       |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
 341         content: "this is disgusting2!"
 342       })
 343
 344       %{
 345         admin_id: admin.id,
 346         report_id: report_id
 347       }
 348     end
 349
 350     test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
 351       assert [note, _] = Repo.all(ReportNote)
 352
 353       assert %{
 354                activity_id: ^report_id,
 355                content: "this is disgusting!",
 356                user_id: ^admin_id
 357              } = note
 358     end
 359
 360     test "it returns reports with notes", %{conn: conn, admin: admin} do
 361       conn = get(conn, "/api/pleroma/admin/reports")
 362
 363       response = json_response_and_validate_schema(conn, 200)
 364       notes = hd(response["reports"])["notes"]
 365       [note, _] = notes
 366
 367       assert note["user"]["nickname"] == admin.nickname
 368       assert note["content"] == "this is disgusting!"
 369       assert note["created_at"]
 370       assert response["total"] == 1
 371     end
 372
 373     test "it deletes the note", %{conn: conn, report_id: report_id} do
 374       assert ReportNote |> Repo.all() |> length() == 2
 375       assert [note, _] = Repo.all(ReportNote)
 376
 377       delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
 378
 379       assert ReportNote |> Repo.all() |> length() == 1
 380     end
 381   end
 382 end