1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Activity
11 alias Pleroma.ModerationLog
13 alias Pleroma.ReportNote
14 alias Pleroma.Web.CommonAPI
17 admin = insert(:user, is_admin: true)
18 token = insert(:oauth_admin_token, user: admin)
22 |> assign(:user, admin)
23 |> assign(:token, token)
25 {:ok, %{admin: admin, token: token, conn: conn}}
28 describe "GET /api/pleroma/admin/reports/:id" do
29 test "returns report by its id", %{conn: conn} do
30 [reporter, target_user] = insert_pair(:user)
31 activity = insert(:note_activity, user: target_user)
33 {:ok, %{id: report_id}} =
34 CommonAPI.report(reporter, %{
35 account_id: target_user.id,
36 comment: "I feel offended",
37 status_ids: [activity.id]
41 |> put_req_header("content-type", "application/json")
42 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
43 content: "this is an admin note"
48 |> get("/api/pleroma/admin/reports/#{report_id}")
49 |> json_response_and_validate_schema(:ok)
51 assert response["id"] == report_id
53 [notes] = response["notes"]
54 assert notes["content"] == "this is an admin note"
57 test "returns 404 when report id is invalid", %{conn: conn} do
58 conn = get(conn, "/api/pleroma/admin/reports/test")
60 assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
64 describe "PATCH /api/pleroma/admin/reports" do
66 [reporter, target_user] = insert_pair(:user)
67 activity = insert(:note_activity, user: target_user)
69 {:ok, %{id: report_id}} =
70 CommonAPI.report(reporter, %{
71 account_id: target_user.id,
72 comment: "I feel offended",
73 status_ids: [activity.id]
76 {:ok, %{id: second_report_id}} =
77 CommonAPI.report(reporter, %{
78 account_id: target_user.id,
79 comment: "I feel very offended",
80 status_ids: [activity.id]
85 second_report_id: second_report_id
89 test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
90 read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
91 write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
95 |> assign(:token, read_token)
96 |> put_req_header("content-type", "application/json")
97 |> patch("/api/pleroma/admin/reports", %{
98 "reports" => [%{"state" => "resolved", "id" => id}]
100 |> json_response_and_validate_schema(403)
102 assert response == %{
103 "error" => "Insufficient permissions: admin:write:reports."
107 |> assign(:token, write_token)
108 |> put_req_header("content-type", "application/json")
109 |> patch("/api/pleroma/admin/reports", %{
110 "reports" => [%{"state" => "resolved", "id" => id}]
112 |> json_response_and_validate_schema(:no_content)
115 test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
117 |> put_req_header("content-type", "application/json")
118 |> patch("/api/pleroma/admin/reports", %{
120 %{"state" => "resolved", "id" => id}
123 |> json_response_and_validate_schema(:no_content)
125 activity = Activity.get_by_id(id)
126 assert activity.data["state"] == "resolved"
128 log_entry = Repo.one(ModerationLog)
130 assert ModerationLog.get_log_entry_message(log_entry) ==
131 "@#{admin.nickname} updated report ##{id} with 'resolved' state"
134 test "closes report", %{conn: conn, id: id, admin: admin} do
136 |> put_req_header("content-type", "application/json")
137 |> patch("/api/pleroma/admin/reports", %{
139 %{"state" => "closed", "id" => id}
142 |> json_response_and_validate_schema(:no_content)
144 activity = Activity.get_by_id(id)
145 assert activity.data["state"] == "closed"
147 log_entry = Repo.one(ModerationLog)
149 assert ModerationLog.get_log_entry_message(log_entry) ==
150 "@#{admin.nickname} updated report ##{id} with 'closed' state"
153 test "returns 400 when state is unknown", %{conn: conn, id: id} do
156 |> put_req_header("content-type", "application/json")
157 |> patch("/api/pleroma/admin/reports", %{
159 %{"state" => "test", "id" => id}
163 assert "Unsupported state" =
164 hd(json_response_and_validate_schema(conn, :bad_request))["error"]
167 test "returns 404 when report is not exist", %{conn: conn} do
170 |> put_req_header("content-type", "application/json")
171 |> patch("/api/pleroma/admin/reports", %{
173 %{"state" => "closed", "id" => "test"}
177 assert hd(json_response_and_validate_schema(conn, :bad_request))["error"] == "not_found"
180 test "updates state of multiple reports", %{
184 second_report_id: second_report_id
187 |> put_req_header("content-type", "application/json")
188 |> patch("/api/pleroma/admin/reports", %{
190 %{"state" => "resolved", "id" => id},
191 %{"state" => "closed", "id" => second_report_id}
194 |> json_response_and_validate_schema(:no_content)
196 activity = Activity.get_by_id(id)
197 second_activity = Activity.get_by_id(second_report_id)
198 assert activity.data["state"] == "resolved"
199 assert second_activity.data["state"] == "closed"
201 [first_log_entry, second_log_entry] = Repo.all(ModerationLog)
203 assert ModerationLog.get_log_entry_message(first_log_entry) ==
204 "@#{admin.nickname} updated report ##{id} with 'resolved' state"
206 assert ModerationLog.get_log_entry_message(second_log_entry) ==
207 "@#{admin.nickname} updated report ##{second_report_id} with 'closed' state"
211 describe "GET /api/pleroma/admin/reports" do
212 test "returns empty response when no reports created", %{conn: conn} do
215 |> get(report_path(conn, :index))
216 |> json_response_and_validate_schema(:ok)
218 assert Enum.empty?(response["reports"])
219 assert response["total"] == 0
222 test "returns reports", %{conn: conn} do
223 [reporter, target_user] = insert_pair(:user)
224 activity = insert(:note_activity, user: target_user)
226 {:ok, %{id: report_id}} =
227 CommonAPI.report(reporter, %{
228 account_id: target_user.id,
229 comment: "I feel offended",
230 status_ids: [activity.id]
235 |> get(report_path(conn, :index))
236 |> json_response_and_validate_schema(:ok)
238 [report] = response["reports"]
240 assert length(response["reports"]) == 1
241 assert report["id"] == report_id
243 assert response["total"] == 1
246 test "returns reports with specified state", %{conn: conn} do
247 [reporter, target_user] = insert_pair(:user)
248 activity = insert(:note_activity, user: target_user)
250 {:ok, %{id: first_report_id}} =
251 CommonAPI.report(reporter, %{
252 account_id: target_user.id,
253 comment: "I feel offended",
254 status_ids: [activity.id]
257 {:ok, %{id: second_report_id}} =
258 CommonAPI.report(reporter, %{
259 account_id: target_user.id,
260 comment: "I don't like this user"
263 CommonAPI.update_report_state(second_report_id, "closed")
267 |> get(report_path(conn, :index, %{state: "open"}))
268 |> json_response_and_validate_schema(:ok)
270 assert [open_report] = response["reports"]
272 assert length(response["reports"]) == 1
273 assert open_report["id"] == first_report_id
275 assert response["total"] == 1
279 |> get(report_path(conn, :index, %{state: "closed"}))
280 |> json_response_and_validate_schema(:ok)
282 assert [closed_report] = response["reports"]
284 assert length(response["reports"]) == 1
285 assert closed_report["id"] == second_report_id
287 assert response["total"] == 1
289 assert %{"total" => 0, "reports" => []} ==
291 |> get(report_path(conn, :index, %{state: "resolved"}))
292 |> json_response_and_validate_schema(:ok)
295 test "returns 403 when requested by a non-admin" do
297 token = insert(:oauth_token, user: user)
301 |> assign(:user, user)
302 |> assign(:token, token)
303 |> get("/api/pleroma/admin/reports")
305 assert json_response(conn, :forbidden) ==
306 %{"error" => "User is not an admin."}
309 test "returns 403 when requested by anonymous" do
310 conn = get(build_conn(), "/api/pleroma/admin/reports")
312 assert json_response(conn, :forbidden) == %{
313 "error" => "Invalid credentials."
318 describe "POST /api/pleroma/admin/reports/:id/notes" do
319 setup %{conn: conn, admin: admin} do
320 [reporter, target_user] = insert_pair(:user)
321 activity = insert(:note_activity, user: target_user)
323 {:ok, %{id: report_id}} =
324 CommonAPI.report(reporter, %{
325 account_id: target_user.id,
326 comment: "I feel offended",
327 status_ids: [activity.id]
331 |> put_req_header("content-type", "application/json")
332 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
333 content: "this is disgusting!"
337 |> put_req_header("content-type", "application/json")
338 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
339 content: "this is disgusting2!"
348 test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
349 assert [note, _] = Repo.all(ReportNote)
352 activity_id: ^report_id,
353 content: "this is disgusting!",
358 test "it returns reports with notes", %{conn: conn, admin: admin} do
359 conn = get(conn, "/api/pleroma/admin/reports")
361 response = json_response_and_validate_schema(conn, 200)
362 notes = hd(response["reports"])["notes"]
365 assert note["user"]["nickname"] == admin.nickname
366 assert note["content"] == "this is disgusting!"
367 assert note["created_at"]
368 assert response["total"] == 1
371 test "it deletes the note", %{conn: conn, report_id: report_id} do
372 assert ReportNote |> Repo.all() |> length() == 2
373 assert [note, _] = Repo.all(ReportNote)
375 delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
377 assert ReportNote |> Repo.all() |> length() == 1