1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.UserControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 import Pleroma.Factory
13 alias Pleroma.ModerationLog
15 alias Pleroma.Tests.ObanHelpers
18 alias Pleroma.Web.ActivityPub.Relay
19 alias Pleroma.Web.CommonAPI
20 alias Pleroma.Web.MediaProxy
23 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
29 admin = insert(:user, is_admin: true)
30 token = insert(:oauth_admin_token, user: admin)
34 |> assign(:user, admin)
35 |> assign(:token, token)
37 {:ok, %{admin: admin, token: token, conn: conn}}
40 test "with valid `admin_token` query parameter, skips OAuth scopes check" do
41 clear_config([:admin_token], "password123")
45 conn = get(build_conn(), "/api/pleroma/admin/users/#{user.nickname}?admin_token=password123")
47 assert json_response(conn, 200)
50 describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
51 setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
53 test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
56 url = "/api/pleroma/admin/users/#{user.nickname}"
58 good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
59 good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
60 good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
62 bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
63 bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
66 for good_token <- [good_token1, good_token2, good_token3] do
69 |> assign(:user, admin)
70 |> assign(:token, good_token)
73 assert json_response(conn, 200)
76 for good_token <- [good_token1, good_token2, good_token3] do
80 |> assign(:token, good_token)
83 assert json_response(conn, :forbidden)
86 for bad_token <- [bad_token1, bad_token2, bad_token3] do
89 |> assign(:user, admin)
90 |> assign(:token, bad_token)
93 assert json_response(conn, :forbidden)
98 describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
99 setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
101 test "GET /api/pleroma/admin/users/:nickname requires " <>
102 "read:accounts or admin:read:accounts or broader scope",
105 url = "/api/pleroma/admin/users/#{user.nickname}"
107 good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
108 good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
109 good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
110 good_token4 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
111 good_token5 = insert(:oauth_token, user: admin, scopes: ["read"])
113 good_tokens = [good_token1, good_token2, good_token3, good_token4, good_token5]
115 bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts:partial"])
116 bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
119 for good_token <- good_tokens do
122 |> assign(:user, admin)
123 |> assign(:token, good_token)
126 assert json_response(conn, 200)
129 for good_token <- good_tokens do
132 |> assign(:user, nil)
133 |> assign(:token, good_token)
136 assert json_response(conn, :forbidden)
139 for bad_token <- [bad_token1, bad_token2, bad_token3] do
142 |> assign(:user, admin)
143 |> assign(:token, bad_token)
146 assert json_response(conn, :forbidden)
151 describe "DELETE /api/pleroma/admin/users" do
152 test "single user", %{admin: admin, conn: conn} do
153 clear_config([:instance, :federating], true)
157 avatar: %{"url" => [%{"href" => "https://someurl"}]},
158 banner: %{"url" => [%{"href" => "https://somebanner"}]},
163 # Create some activities to check they got deleted later
164 follower = insert(:user)
165 {:ok, _} = CommonAPI.post(user, %{status: "test"})
166 {:ok, _, _, _} = CommonAPI.follow(user, follower)
167 {:ok, _, _, _} = CommonAPI.follow(follower, user)
168 user = Repo.get(User, user.id)
169 assert user.note_count == 1
170 assert user.follower_count == 1
171 assert user.following_count == 1
172 refute user.deactivated
174 with_mock Pleroma.Web.Federator,
175 publish: fn _ -> nil end,
176 perform: fn _, _ -> nil end do
179 |> put_req_header("accept", "application/json")
180 |> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")
182 ObanHelpers.perform_all()
184 assert User.get_by_nickname(user.nickname).deactivated
186 log_entry = Repo.one(ModerationLog)
188 assert ModerationLog.get_log_entry_message(log_entry) ==
189 "@#{admin.nickname} deleted users: @#{user.nickname}"
191 assert json_response(conn, 200) == [user.nickname]
193 user = Repo.get(User, user.id)
194 assert user.deactivated
196 assert user.avatar == %{}
197 assert user.banner == %{}
198 assert user.note_count == 0
199 assert user.follower_count == 0
200 assert user.following_count == 0
201 assert user.bio == ""
202 assert user.name == nil
204 assert called(Pleroma.Web.Federator.publish(:_))
208 test "multiple users", %{admin: admin, conn: conn} do
209 user_one = insert(:user)
210 user_two = insert(:user)
214 |> put_req_header("accept", "application/json")
215 |> delete("/api/pleroma/admin/users", %{
216 nicknames: [user_one.nickname, user_two.nickname]
219 log_entry = Repo.one(ModerationLog)
221 assert ModerationLog.get_log_entry_message(log_entry) ==
222 "@#{admin.nickname} deleted users: @#{user_one.nickname}, @#{user_two.nickname}"
224 response = json_response(conn, 200)
225 assert response -- [user_one.nickname, user_two.nickname] == []
229 describe "/api/pleroma/admin/users" do
230 test "Create", %{conn: conn} do
233 |> put_req_header("accept", "application/json")
234 |> post("/api/pleroma/admin/users", %{
237 "nickname" => "lain",
238 "email" => "lain@example.org",
242 "nickname" => "lain2",
243 "email" => "lain2@example.org",
249 response = json_response(conn, 200) |> Enum.map(&Map.get(&1, "type"))
250 assert response == ["success", "success"]
252 log_entry = Repo.one(ModerationLog)
254 assert ["lain", "lain2"] -- Enum.map(log_entry.data["subjects"], & &1["nickname"]) == []
257 test "Cannot create user with existing email", %{conn: conn} do
262 |> put_req_header("accept", "application/json")
263 |> post("/api/pleroma/admin/users", %{
266 "nickname" => "lain",
267 "email" => user.email,
273 assert json_response(conn, 409) == [
277 "email" => user.email,
280 "error" => "email has already been taken",
286 test "Cannot create user with existing nickname", %{conn: conn} do
291 |> put_req_header("accept", "application/json")
292 |> post("/api/pleroma/admin/users", %{
295 "nickname" => user.nickname,
296 "email" => "someuser@plerama.social",
302 assert json_response(conn, 409) == [
306 "email" => "someuser@plerama.social",
307 "nickname" => user.nickname
309 "error" => "nickname has already been taken",
315 test "Multiple user creation works in transaction", %{conn: conn} do
320 |> put_req_header("accept", "application/json")
321 |> post("/api/pleroma/admin/users", %{
324 "nickname" => "newuser",
325 "email" => "newuser@pleroma.social",
329 "nickname" => "lain",
330 "email" => user.email,
336 assert json_response(conn, 409) == [
340 "email" => user.email,
343 "error" => "email has already been taken",
349 "email" => "newuser@pleroma.social",
350 "nickname" => "newuser"
357 assert User.get_by_nickname("newuser") === nil
361 describe "/api/pleroma/admin/users/:nickname" do
362 test "Show", %{conn: conn} do
365 conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")
367 assert user_response(user) == json_response(conn, 200)
370 test "when the user doesn't exist", %{conn: conn} do
373 conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")
375 assert %{"error" => "Not found"} == json_response(conn, 404)
379 describe "/api/pleroma/admin/users/follow" do
380 test "allows to force-follow another user", %{admin: admin, conn: conn} do
382 follower = insert(:user)
385 |> put_req_header("accept", "application/json")
386 |> post("/api/pleroma/admin/users/follow", %{
387 "follower" => follower.nickname,
388 "followed" => user.nickname
391 user = User.get_cached_by_id(user.id)
392 follower = User.get_cached_by_id(follower.id)
394 assert User.following?(follower, user)
396 log_entry = Repo.one(ModerationLog)
398 assert ModerationLog.get_log_entry_message(log_entry) ==
399 "@#{admin.nickname} made @#{follower.nickname} follow @#{user.nickname}"
403 describe "/api/pleroma/admin/users/unfollow" do
404 test "allows to force-unfollow another user", %{admin: admin, conn: conn} do
406 follower = insert(:user)
408 User.follow(follower, user)
411 |> put_req_header("accept", "application/json")
412 |> post("/api/pleroma/admin/users/unfollow", %{
413 "follower" => follower.nickname,
414 "followed" => user.nickname
417 user = User.get_cached_by_id(user.id)
418 follower = User.get_cached_by_id(follower.id)
420 refute User.following?(follower, user)
422 log_entry = Repo.one(ModerationLog)
424 assert ModerationLog.get_log_entry_message(log_entry) ==
425 "@#{admin.nickname} made @#{follower.nickname} unfollow @#{user.nickname}"
429 describe "GET /api/pleroma/admin/users" do
430 test "renders users array for the first page", %{conn: conn, admin: admin} do
431 user = insert(:user, local: false, tags: ["foo", "bar"])
432 user2 = insert(:user, approval_pending: true, registration_reason: "I'm a chill dude")
434 conn = get(conn, "/api/pleroma/admin/users?page=1")
440 %{"roles" => %{"admin" => true, "moderator" => false}}
442 user_response(user, %{"local" => false, "tags" => ["foo", "bar"]}),
447 "approval_pending" => true,
448 "registration_reason" => "I'm a chill dude",
449 "actor_type" => "Person"
453 |> Enum.sort_by(& &1["nickname"])
455 assert json_response(conn, 200) == %{
462 test "pagination works correctly with service users", %{conn: conn} do
463 service1 = User.get_or_create_service_actor_by_ap_id(Web.base_url() <> "/meido", "meido")
465 insert_list(25, :user)
467 assert %{"count" => 26, "page_size" => 10, "users" => users1} =
469 |> get("/api/pleroma/admin/users?page=1&filters=", %{page_size: "10"})
470 |> json_response(200)
472 assert Enum.count(users1) == 10
473 assert service1 not in users1
475 assert %{"count" => 26, "page_size" => 10, "users" => users2} =
477 |> get("/api/pleroma/admin/users?page=2&filters=", %{page_size: "10"})
478 |> json_response(200)
480 assert Enum.count(users2) == 10
481 assert service1 not in users2
483 assert %{"count" => 26, "page_size" => 10, "users" => users3} =
485 |> get("/api/pleroma/admin/users?page=3&filters=", %{page_size: "10"})
486 |> json_response(200)
488 assert Enum.count(users3) == 6
489 assert service1 not in users3
492 test "renders empty array for the second page", %{conn: conn} do
495 conn = get(conn, "/api/pleroma/admin/users?page=2")
497 assert json_response(conn, 200) == %{
504 test "regular search", %{conn: conn} do
505 user = insert(:user, nickname: "bob")
507 conn = get(conn, "/api/pleroma/admin/users?query=bo")
509 assert json_response(conn, 200) == %{
512 "users" => [user_response(user, %{"local" => true})]
516 test "search by domain", %{conn: conn} do
517 user = insert(:user, nickname: "nickname@domain.com")
520 conn = get(conn, "/api/pleroma/admin/users?query=domain.com")
522 assert json_response(conn, 200) == %{
525 "users" => [user_response(user)]
529 test "search by full nickname", %{conn: conn} do
530 user = insert(:user, nickname: "nickname@domain.com")
533 conn = get(conn, "/api/pleroma/admin/users?query=nickname@domain.com")
535 assert json_response(conn, 200) == %{
538 "users" => [user_response(user)]
542 test "search by display name", %{conn: conn} do
543 user = insert(:user, name: "Display name")
546 conn = get(conn, "/api/pleroma/admin/users?name=display")
548 assert json_response(conn, 200) == %{
551 "users" => [user_response(user)]
555 test "search by email", %{conn: conn} do
556 user = insert(:user, email: "email@example.com")
559 conn = get(conn, "/api/pleroma/admin/users?email=email@example.com")
561 assert json_response(conn, 200) == %{
564 "users" => [user_response(user)]
568 test "regular search with page size", %{conn: conn} do
569 user = insert(:user, nickname: "aalice")
570 user2 = insert(:user, nickname: "alice")
572 conn1 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=1")
574 assert json_response(conn1, 200) == %{
577 "users" => [user_response(user)]
580 conn2 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=2")
582 assert json_response(conn2, 200) == %{
585 "users" => [user_response(user2)]
589 test "only local users" do
590 admin = insert(:user, is_admin: true, nickname: "john")
591 token = insert(:oauth_admin_token, user: admin)
592 user = insert(:user, nickname: "bob")
594 insert(:user, nickname: "bobb", local: false)
598 |> assign(:user, admin)
599 |> assign(:token, token)
600 |> get("/api/pleroma/admin/users?query=bo&filters=local")
602 assert json_response(conn, 200) == %{
605 "users" => [user_response(user)]
609 test "only local users with no query", %{conn: conn, admin: old_admin} do
610 admin = insert(:user, is_admin: true, nickname: "john")
611 user = insert(:user, nickname: "bob")
613 insert(:user, nickname: "bobb", local: false)
615 conn = get(conn, "/api/pleroma/admin/users?filters=local")
620 user_response(admin, %{
621 "roles" => %{"admin" => true, "moderator" => false}
623 user_response(old_admin, %{
624 "deactivated" => false,
625 "roles" => %{"admin" => true, "moderator" => false}
628 |> Enum.sort_by(& &1["nickname"])
630 assert json_response(conn, 200) == %{
637 test "only unconfirmed users", %{conn: conn} do
638 sad_user = insert(:user, nickname: "sadboy", is_confirmed: false)
639 old_user = insert(:user, nickname: "oldboy", is_confirmed: false)
641 insert(:user, nickname: "happyboy", approval_pending: false)
642 insert(:user, is_confirmed: true)
646 |> get("/api/pleroma/admin/users?filters=unconfirmed")
647 |> json_response(200)
650 Enum.map([old_user, sad_user], fn user ->
651 user_response(user, %{
652 "is_confirmed" => false,
653 "approval_pending" => false
656 |> Enum.sort_by(& &1["nickname"])
658 assert result == %{"count" => 2, "page_size" => 50, "users" => users}
661 test "only unapproved users", %{conn: conn} do
665 approval_pending: true,
666 registration_reason: "Plz let me in!"
669 insert(:user, nickname: "happyboy", approval_pending: false)
671 conn = get(conn, "/api/pleroma/admin/users?filters=need_approval")
676 %{"approval_pending" => true, "registration_reason" => "Plz let me in!"}
680 assert json_response(conn, 200) == %{
687 test "load only admins", %{conn: conn, admin: admin} do
688 second_admin = insert(:user, is_admin: true)
692 conn = get(conn, "/api/pleroma/admin/users?filters=is_admin")
696 user_response(admin, %{
697 "deactivated" => false,
698 "roles" => %{"admin" => true, "moderator" => false}
700 user_response(second_admin, %{
701 "deactivated" => false,
702 "roles" => %{"admin" => true, "moderator" => false}
705 |> Enum.sort_by(& &1["nickname"])
707 assert json_response(conn, 200) == %{
714 test "load only moderators", %{conn: conn} do
715 moderator = insert(:user, is_moderator: true)
719 conn = get(conn, "/api/pleroma/admin/users?filters=is_moderator")
721 assert json_response(conn, 200) == %{
725 user_response(moderator, %{
726 "deactivated" => false,
727 "roles" => %{"admin" => false, "moderator" => true}
733 test "load users with actor_type is Person", %{admin: admin, conn: conn} do
734 insert(:user, actor_type: "Service")
735 insert(:user, actor_type: "Application")
737 user1 = insert(:user)
738 user2 = insert(:user)
742 |> get(user_path(conn, :list), %{actor_types: ["Person"]})
743 |> json_response(200)
747 user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}}),
748 user_response(user1),
751 |> Enum.sort_by(& &1["nickname"])
753 assert response == %{"count" => 3, "page_size" => 50, "users" => users}
756 test "load users with actor_type is Person and Service", %{admin: admin, conn: conn} do
757 user_service = insert(:user, actor_type: "Service")
758 insert(:user, actor_type: "Application")
760 user1 = insert(:user)
761 user2 = insert(:user)
765 |> get(user_path(conn, :list), %{actor_types: ["Person", "Service"]})
766 |> json_response(200)
770 user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}}),
771 user_response(user1),
772 user_response(user2),
773 user_response(user_service, %{"actor_type" => "Service"})
775 |> Enum.sort_by(& &1["nickname"])
777 assert response == %{"count" => 4, "page_size" => 50, "users" => users}
780 test "load users with actor_type is Service", %{conn: conn} do
781 user_service = insert(:user, actor_type: "Service")
782 insert(:user, actor_type: "Application")
788 |> get(user_path(conn, :list), %{actor_types: ["Service"]})
789 |> json_response(200)
791 users = [user_response(user_service, %{"actor_type" => "Service"})]
793 assert response == %{"count" => 1, "page_size" => 50, "users" => users}
796 test "load users with tags list", %{conn: conn} do
797 user1 = insert(:user, tags: ["first"])
798 user2 = insert(:user, tags: ["second"])
802 conn = get(conn, "/api/pleroma/admin/users?tags[]=first&tags[]=second")
806 user_response(user1, %{"tags" => ["first"]}),
807 user_response(user2, %{"tags" => ["second"]})
809 |> Enum.sort_by(& &1["nickname"])
811 assert json_response(conn, 200) == %{
818 test "`active` filters out users pending approval", %{token: token} do
819 insert(:user, approval_pending: true)
820 %{id: user_id} = insert(:user, approval_pending: false)
821 %{id: admin_id} = token.user
825 |> assign(:user, token.user)
826 |> assign(:token, token)
827 |> get("/api/pleroma/admin/users?filters=active")
833 %{"id" => ^admin_id},
836 } = json_response(conn, 200)
839 test "it works with multiple filters" do
840 admin = insert(:user, nickname: "john", is_admin: true)
841 token = insert(:oauth_admin_token, user: admin)
842 user = insert(:user, nickname: "bob", local: false, deactivated: true)
844 insert(:user, nickname: "ken", local: true, deactivated: true)
845 insert(:user, nickname: "bobb", local: false, deactivated: false)
849 |> assign(:user, admin)
850 |> assign(:token, token)
851 |> get("/api/pleroma/admin/users?filters=deactivated,external")
853 assert json_response(conn, 200) == %{
856 "users" => [user_response(user)]
860 test "it omits relay user", %{admin: admin, conn: conn} do
861 assert %User{} = Relay.get_actor()
863 conn = get(conn, "/api/pleroma/admin/users")
865 assert json_response(conn, 200) == %{
869 user_response(admin, %{"roles" => %{"admin" => true, "moderator" => false}})
875 test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
876 user_one = insert(:user, deactivated: true)
877 user_two = insert(:user, deactivated: true)
882 "/api/pleroma/admin/users/activate",
883 %{nicknames: [user_one.nickname, user_two.nickname]}
886 response = json_response(conn, 200)
887 assert Enum.map(response["users"], & &1["deactivated"]) == [false, false]
889 log_entry = Repo.one(ModerationLog)
891 assert ModerationLog.get_log_entry_message(log_entry) ==
892 "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
895 test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
896 user_one = insert(:user, deactivated: false)
897 user_two = insert(:user, deactivated: false)
902 "/api/pleroma/admin/users/deactivate",
903 %{nicknames: [user_one.nickname, user_two.nickname]}
906 response = json_response(conn, 200)
907 assert Enum.map(response["users"], & &1["deactivated"]) == [true, true]
909 log_entry = Repo.one(ModerationLog)
911 assert ModerationLog.get_log_entry_message(log_entry) ==
912 "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
915 test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
916 user_one = insert(:user, approval_pending: true)
917 user_two = insert(:user, approval_pending: true)
922 "/api/pleroma/admin/users/approve",
923 %{nicknames: [user_one.nickname, user_two.nickname]}
926 response = json_response(conn, 200)
927 assert Enum.map(response["users"], & &1["approval_pending"]) == [false, false]
929 log_entry = Repo.one(ModerationLog)
931 assert ModerationLog.get_log_entry_message(log_entry) ==
932 "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
935 test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
938 conn = patch(conn, "/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
940 assert json_response(conn, 200) ==
943 %{"deactivated" => !user.deactivated}
946 log_entry = Repo.one(ModerationLog)
948 assert ModerationLog.get_log_entry_message(log_entry) ==
949 "@#{admin.nickname} deactivated users: @#{user.nickname}"
952 defp user_response(user, attrs \\ %{}) do
954 "deactivated" => user.deactivated,
956 "email" => user.email,
957 "nickname" => user.nickname,
958 "roles" => %{"admin" => false, "moderator" => false},
959 "local" => user.local,
961 "avatar" => User.avatar_url(user) |> MediaProxy.url(),
962 "display_name" => HTML.strip_tags(user.name || user.nickname),
963 "is_confirmed" => true,
964 "approval_pending" => false,
966 "registration_reason" => nil,
967 "actor_type" => "Person"