1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Conversation.Participation
13 alias Pleroma.ScheduledActivity
14 alias Pleroma.Tests.ObanHelpers
16 alias Pleroma.Web.ActivityPub.ActivityPub
17 alias Pleroma.Web.ActivityPub.Utils
18 alias Pleroma.Web.CommonAPI
20 import Pleroma.Factory
22 setup do: clear_config([:instance, :federating])
23 setup do: clear_config([:instance, :allow_relay])
24 setup do: clear_config([:rich_media, :enabled])
25 setup do: clear_config([:mrf, :policies])
26 setup do: clear_config([:mrf_keyword, :reject])
28 describe "posting statuses" do
29 setup do: oauth_access(["write:statuses"])
31 test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
32 clear_config([:instance, :federating], true)
33 Config.get([:instance, :allow_relay], true)
37 |> put_req_header("content-type", "application/json")
38 |> post("api/v1/statuses", %{
39 "content_type" => "text/plain",
40 "source" => "Pleroma FE",
41 "status" => "Hello world",
42 "visibility" => "public"
44 |> json_response_and_validate_schema(200)
46 assert response["reblogs_count"] == 0
47 ObanHelpers.perform_all()
51 |> get("api/v1/statuses/#{response["id"]}", %{})
52 |> json_response_and_validate_schema(200)
54 assert response["reblogs_count"] == 0
57 test "posting a status", %{conn: conn} do
58 idempotency_key = "Pikachu rocks!"
62 |> put_req_header("content-type", "application/json")
63 |> put_req_header("idempotency-key", idempotency_key)
64 |> post("/api/v1/statuses", %{
66 "spoiler_text" => "2hu",
70 assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} =
71 json_response_and_validate_schema(conn_one, 200)
73 assert Activity.get_by_id(id)
77 |> put_req_header("content-type", "application/json")
78 |> put_req_header("idempotency-key", idempotency_key)
79 |> post("/api/v1/statuses", %{
81 "spoiler_text" => "2hu",
85 # Idempotency plug response means detection fail
86 assert %{"id" => second_id} = json_response(conn_two, 200)
87 assert id == second_id
91 |> put_req_header("content-type", "application/json")
92 |> post("/api/v1/statuses", %{
94 "spoiler_text" => "2hu",
95 "sensitive" => "False"
98 assert %{"id" => third_id} = json_response_and_validate_schema(conn_three, 200)
101 # An activity that will expire:
103 expires_in = 2 * 60 * 60
105 expires_at = DateTime.add(DateTime.utc_now(), expires_in)
109 |> put_req_header("content-type", "application/json")
110 |> post("api/v1/statuses", %{
111 "status" => "oolong",
112 "expires_in" => expires_in
115 assert %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200)
117 assert Activity.get_by_id(fourth_id)
120 worker: Pleroma.Workers.PurgeExpiredActivity,
121 args: %{activity_id: fourth_id},
122 scheduled_at: expires_at
126 test "it fails to create a status if `expires_in` is less or equal than an hour", %{
132 assert %{"error" => "Expiry date is too soon"} =
134 |> put_req_header("content-type", "application/json")
135 |> post("api/v1/statuses", %{
136 "status" => "oolong",
137 "expires_in" => expires_in
139 |> json_response_and_validate_schema(422)
144 assert %{"error" => "Expiry date is too soon"} =
146 |> put_req_header("content-type", "application/json")
147 |> post("api/v1/statuses", %{
148 "status" => "oolong",
149 "expires_in" => expires_in
151 |> json_response_and_validate_schema(422)
154 test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do
155 clear_config([:mrf_keyword, :reject], ["GNO"])
156 clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy])
158 assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} =
160 |> put_req_header("content-type", "application/json")
161 |> post("api/v1/statuses", %{"status" => "GNO/Linux"})
162 |> json_response_and_validate_schema(422)
165 test "posting an undefined status with an attachment", %{user: user, conn: conn} do
167 content_type: "image/jpeg",
168 path: Path.absname("test/fixtures/image.jpg"),
169 filename: "an_image.jpg"
172 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
176 |> put_req_header("content-type", "application/json")
177 |> post("/api/v1/statuses", %{
178 "media_ids" => [to_string(upload.id)]
181 assert json_response_and_validate_schema(conn, 200)
184 test "replying to a status", %{user: user, conn: conn} do
185 {:ok, replied_to} = CommonAPI.post(user, %{status: "cofe"})
189 |> put_req_header("content-type", "application/json")
190 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
192 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
194 activity = Activity.get_by_id(id)
196 assert activity.data["context"] == replied_to.data["context"]
197 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
200 test "replying to a direct message with visibility other than direct", %{
204 {:ok, replied_to} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"})
206 Enum.each(["public", "private", "unlisted"], fn visibility ->
209 |> put_req_header("content-type", "application/json")
210 |> post("/api/v1/statuses", %{
211 "status" => "@#{user.nickname} hey",
212 "in_reply_to_id" => replied_to.id,
213 "visibility" => visibility
216 assert json_response_and_validate_schema(conn, 422) == %{
217 "error" => "The message visibility must be direct"
222 test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
225 |> put_req_header("content-type", "application/json")
226 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
228 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
229 assert Activity.get_by_id(id)
232 test "posting a sensitive status", %{conn: conn} do
235 |> put_req_header("content-type", "application/json")
236 |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
238 assert %{"content" => "cofe", "id" => id, "sensitive" => true} =
239 json_response_and_validate_schema(conn, 200)
241 assert Activity.get_by_id(id)
244 test "posting a fake status", %{conn: conn} do
247 |> put_req_header("content-type", "application/json")
248 |> post("/api/v1/statuses", %{
250 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
253 real_status = json_response_and_validate_schema(real_conn, 200)
256 assert Object.get_by_ap_id(real_status["uri"])
260 |> Map.put("id", nil)
261 |> Map.put("url", nil)
262 |> Map.put("uri", nil)
263 |> Map.put("created_at", nil)
264 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
268 |> assign(:user, refresh_record(conn.assigns.user))
269 |> put_req_header("content-type", "application/json")
270 |> post("/api/v1/statuses", %{
272 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
276 fake_status = json_response_and_validate_schema(fake_conn, 200)
279 refute Object.get_by_ap_id(fake_status["uri"])
283 |> Map.put("id", nil)
284 |> Map.put("url", nil)
285 |> Map.put("uri", nil)
286 |> Map.put("created_at", nil)
287 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
289 assert real_status == fake_status
292 test "fake statuses' preview card is not cached", %{conn: conn} do
293 clear_config([:rich_media, :enabled], true)
298 url: "https://example.com/twitter-card"
300 %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/twitter_card.html")}
303 apply(HttpRequestMock, :request, [env])
308 |> put_req_header("content-type", "application/json")
309 |> post("/api/v1/statuses", %{
310 "status" => "https://example.com/ogp",
316 |> put_req_header("content-type", "application/json")
317 |> post("/api/v1/statuses", %{
318 "status" => "https://example.com/twitter-card",
322 assert %{"card" => %{"title" => "The Rock"}} = json_response_and_validate_schema(conn1, 200)
324 assert %{"card" => %{"title" => "Small Island Developing States Photo Submission"}} =
325 json_response_and_validate_schema(conn2, 200)
328 test "posting a status with OGP link preview", %{conn: conn} do
329 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
330 clear_config([:rich_media, :enabled], true)
334 |> put_req_header("content-type", "application/json")
335 |> post("/api/v1/statuses", %{
336 "status" => "https://example.com/ogp"
339 assert %{"id" => id, "card" => %{"title" => "The Rock"}} =
340 json_response_and_validate_schema(conn, 200)
342 assert Activity.get_by_id(id)
345 test "posting a direct status", %{conn: conn} do
346 user2 = insert(:user)
347 content = "direct cofe @#{user2.nickname}"
351 |> put_req_header("content-type", "application/json")
352 |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
354 assert %{"id" => id} = response = json_response_and_validate_schema(conn, 200)
355 assert response["visibility"] == "direct"
356 assert response["pleroma"]["direct_conversation_id"]
357 assert activity = Activity.get_by_id(id)
358 assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id]
359 assert activity.data["to"] == [user2.ap_id]
360 assert activity.data["cc"] == []
363 test "discloses application metadata when enabled" do
364 user = insert(:user, disclose_client: true)
365 %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user)
367 %Pleroma.Web.OAuth.Token{
368 app: %Pleroma.Web.OAuth.App{
369 client_name: app_name,
376 |> put_req_header("content-type", "application/json")
377 |> post("/api/v1/statuses", %{
378 "status" => "cofe is my copilot"
382 "content" => "cofe is my copilot"
383 } = json_response_and_validate_schema(result, 200)
385 activity = result.assigns.activity.id
389 |> get("api/v1/statuses/#{activity}")
392 "content" => "cofe is my copilot",
395 "website" => ^app_website
397 } = json_response_and_validate_schema(result, 200)
400 test "hides application metadata when disabled" do
401 user = insert(:user, disclose_client: false)
402 %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user)
406 |> put_req_header("content-type", "application/json")
407 |> post("/api/v1/statuses", %{
408 "status" => "club mate is my wingman"
411 assert %{"content" => "club mate is my wingman"} =
412 json_response_and_validate_schema(result, 200)
414 activity = result.assigns.activity.id
418 |> get("api/v1/statuses/#{activity}")
421 "content" => "club mate is my wingman",
423 } = json_response_and_validate_schema(result, 200)
427 describe "posting scheduled statuses" do
428 setup do: oauth_access(["write:statuses"])
430 test "creates a scheduled activity", %{conn: conn} do
432 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
433 |> NaiveDateTime.to_iso8601()
438 |> put_req_header("content-type", "application/json")
439 |> post("/api/v1/statuses", %{
440 "status" => "scheduled",
441 "scheduled_at" => scheduled_at
444 assert %{"scheduled_at" => expected_scheduled_at} =
445 json_response_and_validate_schema(conn, 200)
447 assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at)
448 assert [] == Repo.all(Activity)
451 test "with expiration" do
452 %{conn: conn} = oauth_access(["write:statuses", "read:statuses"])
455 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
456 |> NaiveDateTime.to_iso8601()
459 assert %{"id" => status_id, "params" => %{"expires_in" => 300}} =
461 |> put_req_header("content-type", "application/json")
462 |> post("/api/v1/statuses", %{
463 "status" => "scheduled",
464 "scheduled_at" => scheduled_at,
467 |> json_response_and_validate_schema(200)
469 assert %{"id" => ^status_id, "params" => %{"expires_in" => 300}} =
471 |> put_req_header("content-type", "application/json")
472 |> get("/api/v1/scheduled_statuses/#{status_id}")
473 |> json_response_and_validate_schema(200)
476 test "ignores nil values", %{conn: conn} do
479 |> put_req_header("content-type", "application/json")
480 |> post("/api/v1/statuses", %{
481 "status" => "not scheduled",
482 "scheduled_at" => nil
485 assert result = json_response_and_validate_schema(conn, 200)
486 assert Activity.get_by_id(result["id"])
489 test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
491 NaiveDateTime.utc_now()
492 |> NaiveDateTime.add(:timer.minutes(120), :millisecond)
493 |> NaiveDateTime.to_iso8601()
497 content_type: "image/jpeg",
498 path: Path.absname("test/fixtures/image.jpg"),
499 filename: "an_image.jpg"
502 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
506 |> put_req_header("content-type", "application/json")
507 |> post("/api/v1/statuses", %{
508 "media_ids" => [to_string(upload.id)],
509 "status" => "scheduled",
510 "scheduled_at" => scheduled_at
513 assert %{"media_attachments" => [media_attachment]} =
514 json_response_and_validate_schema(conn, 200)
516 assert %{"type" => "image"} = media_attachment
519 test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
522 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
523 |> NaiveDateTime.to_iso8601()
528 |> put_req_header("content-type", "application/json")
529 |> post("/api/v1/statuses", %{
530 "status" => "not scheduled",
531 "scheduled_at" => scheduled_at
534 assert %{"content" => "not scheduled"} = json_response_and_validate_schema(conn, 200)
535 assert [] == Repo.all(ScheduledActivity)
538 test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
540 NaiveDateTime.utc_now()
541 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
542 |> NaiveDateTime.to_iso8601()
546 attrs = %{params: %{}, scheduled_at: today}
547 {:ok, _} = ScheduledActivity.create(user, attrs)
548 {:ok, _} = ScheduledActivity.create(user, attrs)
552 |> put_req_header("content-type", "application/json")
553 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
555 assert %{"error" => "daily limit exceeded"} == json_response_and_validate_schema(conn, 422)
558 test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
560 NaiveDateTime.utc_now()
561 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
562 |> NaiveDateTime.to_iso8601()
566 NaiveDateTime.utc_now()
567 |> NaiveDateTime.add(:timer.hours(36), :millisecond)
568 |> NaiveDateTime.to_iso8601()
571 attrs = %{params: %{}, scheduled_at: today}
572 {:ok, _} = ScheduledActivity.create(user, attrs)
573 {:ok, _} = ScheduledActivity.create(user, attrs)
574 {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
578 |> put_req_header("content-type", "application/json")
579 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
581 assert %{"error" => "total limit exceeded"} == json_response_and_validate_schema(conn, 422)
585 describe "posting polls" do
586 setup do: oauth_access(["write:statuses"])
588 test "posting a poll", %{conn: conn} do
589 time = NaiveDateTime.utc_now()
593 |> put_req_header("content-type", "application/json")
594 |> post("/api/v1/statuses", %{
595 "status" => "Who is the #bestgrill?",
597 "options" => ["Rei", "Asuka", "Misato"],
602 response = json_response_and_validate_schema(conn, 200)
604 assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
605 title in ["Rei", "Asuka", "Misato"]
608 assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
609 assert response["poll"]["expired"] == false
611 question = Object.get_by_id(response["poll"]["id"])
613 # closed contains utc timezone
614 assert question.data["closed"] =~ "Z"
617 test "option limit is enforced", %{conn: conn} do
618 limit = Config.get([:instance, :poll_limits, :max_options])
622 |> put_req_header("content-type", "application/json")
623 |> post("/api/v1/statuses", %{
625 "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
628 %{"error" => error} = json_response_and_validate_schema(conn, 422)
629 assert error == "Poll can't contain more than #{limit} options"
632 test "option character limit is enforced", %{conn: conn} do
633 limit = Config.get([:instance, :poll_limits, :max_option_chars])
637 |> put_req_header("content-type", "application/json")
638 |> post("/api/v1/statuses", %{
641 "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
646 %{"error" => error} = json_response_and_validate_schema(conn, 422)
647 assert error == "Poll options cannot be longer than #{limit} characters each"
650 test "minimal date limit is enforced", %{conn: conn} do
651 limit = Config.get([:instance, :poll_limits, :min_expiration])
655 |> put_req_header("content-type", "application/json")
656 |> post("/api/v1/statuses", %{
657 "status" => "imagine arbitrary limits",
659 "options" => ["this post was made by pleroma gang"],
660 "expires_in" => limit - 1
664 %{"error" => error} = json_response_and_validate_schema(conn, 422)
665 assert error == "Expiration date is too soon"
668 test "maximum date limit is enforced", %{conn: conn} do
669 limit = Config.get([:instance, :poll_limits, :max_expiration])
673 |> put_req_header("content-type", "application/json")
674 |> post("/api/v1/statuses", %{
675 "status" => "imagine arbitrary limits",
677 "options" => ["this post was made by pleroma gang"],
678 "expires_in" => limit + 1
682 %{"error" => error} = json_response_and_validate_schema(conn, 422)
683 assert error == "Expiration date is too far in the future"
686 test "scheduled poll", %{conn: conn} do
687 clear_config([ScheduledActivity, :enabled], true)
690 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
691 |> NaiveDateTime.to_iso8601()
694 %{"id" => scheduled_id} =
696 |> put_req_header("content-type", "application/json")
697 |> post("/api/v1/statuses", %{
698 "status" => "very cool poll",
700 "options" => ~w(a b c),
703 "scheduled_at" => scheduled_at
705 |> json_response_and_validate_schema(200)
707 assert {:ok, %{id: activity_id}} =
708 perform_job(Pleroma.Workers.ScheduledActivityWorker, %{
709 activity_id: scheduled_id
712 assert Repo.all(Oban.Job) == []
716 |> Repo.get(activity_id)
717 |> Object.normalize()
719 assert object.data["content"] == "very cool poll"
720 assert object.data["type"] == "Question"
721 assert length(object.data["oneOf"]) == 3
725 test "get a status" do
726 %{conn: conn} = oauth_access(["read:statuses"])
727 activity = insert(:note_activity)
729 conn = get(conn, "/api/v1/statuses/#{activity.id}")
731 assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
732 assert id == to_string(activity.id)
735 defp local_and_remote_activities do
736 local = insert(:note_activity)
737 remote = insert(:note_activity, local: false)
738 {:ok, local: local, remote: remote}
741 describe "status with restrict unauthenticated activities for local and remote" do
742 setup do: local_and_remote_activities()
744 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
746 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
748 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
749 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
751 assert json_response_and_validate_schema(res_conn, :not_found) == %{
752 "error" => "Record not found"
755 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
757 assert json_response_and_validate_schema(res_conn, :not_found) == %{
758 "error" => "Record not found"
762 test "if user is authenticated", %{local: local, remote: remote} do
763 %{conn: conn} = oauth_access(["read"])
764 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
765 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
767 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
768 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
772 describe "status with restrict unauthenticated activities for local" do
773 setup do: local_and_remote_activities()
775 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
777 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
778 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
780 assert json_response_and_validate_schema(res_conn, :not_found) == %{
781 "error" => "Record not found"
784 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
785 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
788 test "if user is authenticated", %{local: local, remote: remote} do
789 %{conn: conn} = oauth_access(["read"])
790 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
791 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
793 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
794 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
798 describe "status with restrict unauthenticated activities for remote" do
799 setup do: local_and_remote_activities()
801 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
803 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
804 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
805 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
807 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
809 assert json_response_and_validate_schema(res_conn, :not_found) == %{
810 "error" => "Record not found"
814 test "if user is authenticated", %{local: local, remote: remote} do
815 %{conn: conn} = oauth_access(["read"])
816 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
817 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
819 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
820 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
824 test "getting a status that doesn't exist returns 404" do
825 %{conn: conn} = oauth_access(["read:statuses"])
826 activity = insert(:note_activity)
828 conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}")
830 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
833 test "get a direct status" do
834 %{user: user, conn: conn} = oauth_access(["read:statuses"])
835 other_user = insert(:user)
838 CommonAPI.post(user, %{status: "@#{other_user.nickname}", visibility: "direct"})
842 |> assign(:user, user)
843 |> get("/api/v1/statuses/#{activity.id}")
845 [participation] = Participation.for_user(user)
847 res = json_response_and_validate_schema(conn, 200)
848 assert res["pleroma"]["direct_conversation_id"] == participation.id
851 test "get statuses by IDs" do
852 %{conn: conn} = oauth_access(["read:statuses"])
853 %{id: id1} = insert(:note_activity)
854 %{id: id2} = insert(:note_activity)
856 query_string = "ids[]=#{id1}&ids[]=#{id2}"
857 conn = get(conn, "/api/v1/statuses/?#{query_string}")
859 assert [%{"id" => ^id1}, %{"id" => ^id2}] =
860 Enum.sort_by(json_response_and_validate_schema(conn, :ok), & &1["id"])
863 describe "getting statuses by ids with restricted unauthenticated for local and remote" do
864 setup do: local_and_remote_activities()
866 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
868 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
870 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
871 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
873 assert json_response_and_validate_schema(res_conn, 200) == []
876 test "if user is authenticated", %{local: local, remote: remote} do
877 %{conn: conn} = oauth_access(["read"])
879 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
881 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
885 describe "getting statuses by ids with restricted unauthenticated for local" do
886 setup do: local_and_remote_activities()
888 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
890 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
891 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
893 remote_id = remote.id
894 assert [%{"id" => ^remote_id}] = json_response_and_validate_schema(res_conn, 200)
897 test "if user is authenticated", %{local: local, remote: remote} do
898 %{conn: conn} = oauth_access(["read"])
900 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
902 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
906 describe "getting statuses by ids with restricted unauthenticated for remote" do
907 setup do: local_and_remote_activities()
909 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
911 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
912 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
915 assert [%{"id" => ^local_id}] = json_response_and_validate_schema(res_conn, 200)
918 test "if user is authenticated", %{local: local, remote: remote} do
919 %{conn: conn} = oauth_access(["read"])
921 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
923 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
927 describe "deleting a status" do
928 test "when you created it" do
929 %{user: author, conn: conn} = oauth_access(["write:statuses"])
930 activity = insert(:note_activity, user: author)
931 object = Object.normalize(activity, fetch: false)
933 content = object.data["content"]
934 source = object.data["source"]
938 |> assign(:user, author)
939 |> delete("/api/v1/statuses/#{activity.id}")
940 |> json_response_and_validate_schema(200)
942 assert match?(%{"content" => ^content, "text" => ^source}, result)
944 refute Activity.get_by_id(activity.id)
947 test "when it doesn't exist" do
948 %{user: author, conn: conn} = oauth_access(["write:statuses"])
949 activity = insert(:note_activity, user: author)
953 |> assign(:user, author)
954 |> delete("/api/v1/statuses/#{String.downcase(activity.id)}")
956 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
959 test "when you didn't create it" do
960 %{conn: conn} = oauth_access(["write:statuses"])
961 activity = insert(:note_activity)
963 conn = delete(conn, "/api/v1/statuses/#{activity.id}")
965 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
967 assert Activity.get_by_id(activity.id) == activity
970 test "when you're an admin or moderator", %{conn: conn} do
971 activity1 = insert(:note_activity)
972 activity2 = insert(:note_activity)
973 admin = insert(:user, is_admin: true)
974 moderator = insert(:user, is_moderator: true)
978 |> assign(:user, admin)
979 |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
980 |> delete("/api/v1/statuses/#{activity1.id}")
982 assert %{} = json_response_and_validate_schema(res_conn, 200)
986 |> assign(:user, moderator)
987 |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
988 |> delete("/api/v1/statuses/#{activity2.id}")
990 assert %{} = json_response_and_validate_schema(res_conn, 200)
992 refute Activity.get_by_id(activity1.id)
993 refute Activity.get_by_id(activity2.id)
997 describe "reblogging" do
998 setup do: oauth_access(["write:statuses"])
1000 test "reblogs and returns the reblogged status", %{conn: conn} do
1001 activity = insert(:note_activity)
1005 |> put_req_header("content-type", "application/json")
1006 |> post("/api/v1/statuses/#{activity.id}/reblog")
1009 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1011 } = json_response_and_validate_schema(conn, 200)
1013 assert to_string(activity.id) == id
1016 test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do
1017 activity = insert(:note_activity)
1021 |> put_req_header("content-type", "application/json")
1022 |> post("/api/v1/statuses/#{String.downcase(activity.id)}/reblog")
1024 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
1027 test "reblogs privately and returns the reblogged status", %{conn: conn} do
1028 activity = insert(:note_activity)
1032 |> put_req_header("content-type", "application/json")
1034 "/api/v1/statuses/#{activity.id}/reblog",
1035 %{"visibility" => "private"}
1039 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1040 "reblogged" => true,
1041 "visibility" => "private"
1042 } = json_response_and_validate_schema(conn, 200)
1044 assert to_string(activity.id) == id
1047 test "reblogged status for another user" do
1048 activity = insert(:note_activity)
1049 user1 = insert(:user)
1050 user2 = insert(:user)
1051 user3 = insert(:user)
1052 {:ok, _} = CommonAPI.favorite(user2, activity.id)
1053 {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id)
1054 {:ok, reblog_activity1} = CommonAPI.repeat(activity.id, user1)
1055 {:ok, _} = CommonAPI.repeat(activity.id, user2)
1059 |> assign(:user, user3)
1060 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1061 |> get("/api/v1/statuses/#{reblog_activity1.id}")
1064 "reblog" => %{"id" => _id, "reblogged" => false, "reblogs_count" => 2},
1065 "reblogged" => false,
1066 "favourited" => false,
1067 "bookmarked" => false
1068 } = json_response_and_validate_schema(conn_res, 200)
1072 |> assign(:user, user2)
1073 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
1074 |> get("/api/v1/statuses/#{reblog_activity1.id}")
1077 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2},
1078 "reblogged" => true,
1079 "favourited" => true,
1080 "bookmarked" => true
1081 } = json_response_and_validate_schema(conn_res, 200)
1083 assert to_string(activity.id) == id
1086 test "author can reblog own private status", %{conn: conn, user: user} do
1087 {:ok, activity} = CommonAPI.post(user, %{status: "cofe", visibility: "private"})
1091 |> put_req_header("content-type", "application/json")
1092 |> post("/api/v1/statuses/#{activity.id}/reblog")
1095 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1096 "reblogged" => true,
1097 "visibility" => "private"
1098 } = json_response_and_validate_schema(conn, 200)
1100 assert to_string(activity.id) == id
1104 describe "unreblogging" do
1105 setup do: oauth_access(["write:statuses"])
1107 test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
1108 activity = insert(:note_activity)
1110 {:ok, _} = CommonAPI.repeat(activity.id, user)
1114 |> put_req_header("content-type", "application/json")
1115 |> post("/api/v1/statuses/#{activity.id}/unreblog")
1117 assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} =
1118 json_response_and_validate_schema(conn, 200)
1120 assert to_string(activity.id) == id
1123 test "returns 404 error when activity does not exist", %{conn: conn} do
1126 |> put_req_header("content-type", "application/json")
1127 |> post("/api/v1/statuses/foo/unreblog")
1129 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1133 describe "favoriting" do
1134 setup do: oauth_access(["write:favourites"])
1136 test "favs a status and returns it", %{conn: conn} do
1137 activity = insert(:note_activity)
1141 |> put_req_header("content-type", "application/json")
1142 |> post("/api/v1/statuses/#{activity.id}/favourite")
1144 assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
1145 json_response_and_validate_schema(conn, 200)
1147 assert to_string(activity.id) == id
1150 test "favoriting twice will just return 200", %{conn: conn} do
1151 activity = insert(:note_activity)
1154 |> put_req_header("content-type", "application/json")
1155 |> post("/api/v1/statuses/#{activity.id}/favourite")
1158 |> put_req_header("content-type", "application/json")
1159 |> post("/api/v1/statuses/#{activity.id}/favourite")
1160 |> json_response_and_validate_schema(200)
1163 test "returns 404 error for a wrong id", %{conn: conn} do
1166 |> put_req_header("content-type", "application/json")
1167 |> post("/api/v1/statuses/1/favourite")
1169 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1173 describe "unfavoriting" do
1174 setup do: oauth_access(["write:favourites"])
1176 test "unfavorites a status and returns it", %{user: user, conn: conn} do
1177 activity = insert(:note_activity)
1179 {:ok, _} = CommonAPI.favorite(user, activity.id)
1183 |> put_req_header("content-type", "application/json")
1184 |> post("/api/v1/statuses/#{activity.id}/unfavourite")
1186 assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
1187 json_response_and_validate_schema(conn, 200)
1189 assert to_string(activity.id) == id
1192 test "returns 404 error for a wrong id", %{conn: conn} do
1195 |> put_req_header("content-type", "application/json")
1196 |> post("/api/v1/statuses/1/unfavourite")
1198 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1202 describe "pinned statuses" do
1203 setup do: oauth_access(["write:accounts"])
1205 setup %{user: user} do
1206 {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
1208 %{activity: activity}
1211 setup do: clear_config([:instance, :max_pinned_statuses], 1)
1213 test "pin status", %{conn: conn, user: user, activity: activity} do
1216 assert %{"id" => ^id, "pinned" => true} =
1218 |> put_req_header("content-type", "application/json")
1219 |> post("/api/v1/statuses/#{activity.id}/pin")
1220 |> json_response_and_validate_schema(200)
1222 assert [%{"id" => ^id, "pinned" => true}] =
1224 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1225 |> json_response_and_validate_schema(200)
1228 test "non authenticated user", %{activity: activity} do
1230 |> put_req_header("content-type", "application/json")
1231 |> post("/api/v1/statuses/#{activity.id}/pin")
1232 |> json_response(403) == %{"error" => "Invalid credentials."}
1235 test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
1236 {:ok, dm} = CommonAPI.post(user, %{status: "test", visibility: "direct"})
1240 |> put_req_header("content-type", "application/json")
1241 |> post("/api/v1/statuses/#{dm.id}/pin")
1243 assert json_response_and_validate_schema(conn, 422) == %{
1244 "error" => "Non-public status cannot be pinned"
1248 test "pin by another user", %{activity: activity} do
1249 %{conn: conn} = oauth_access(["write:accounts"])
1252 |> put_req_header("content-type", "application/json")
1253 |> post("/api/v1/statuses/#{activity.id}/pin")
1254 |> json_response(422) == %{"error" => "Someone else's status cannot be pinned"}
1257 test "unpin status", %{conn: conn, user: user, activity: activity} do
1258 {:ok, _} = CommonAPI.pin(activity.id, user)
1259 user = refresh_record(user)
1261 id_str = to_string(activity.id)
1263 assert %{"id" => ^id_str, "pinned" => false} =
1265 |> assign(:user, user)
1266 |> post("/api/v1/statuses/#{activity.id}/unpin")
1267 |> json_response_and_validate_schema(200)
1271 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1272 |> json_response_and_validate_schema(200)
1275 test "/unpin: returns 404 error when activity doesn't exist", %{conn: conn} do
1277 |> put_req_header("content-type", "application/json")
1278 |> post("/api/v1/statuses/1/unpin")
1279 |> json_response_and_validate_schema(404) == %{"error" => "Record not found"}
1282 test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
1283 {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"})
1285 id_str_one = to_string(activity_one.id)
1287 assert %{"id" => ^id_str_one, "pinned" => true} =
1289 |> put_req_header("content-type", "application/json")
1290 |> post("/api/v1/statuses/#{id_str_one}/pin")
1291 |> json_response_and_validate_schema(200)
1293 user = refresh_record(user)
1295 assert %{"error" => "You have already pinned the maximum number of statuses"} =
1297 |> assign(:user, user)
1298 |> post("/api/v1/statuses/#{activity_two.id}/pin")
1299 |> json_response_and_validate_schema(400)
1302 test "on pin removes deletion job, on unpin reschedule deletion" do
1303 %{conn: conn} = oauth_access(["write:accounts", "write:statuses"])
1304 expires_in = 2 * 60 * 60
1306 expires_at = DateTime.add(DateTime.utc_now(), expires_in)
1308 assert %{"id" => id} =
1310 |> put_req_header("content-type", "application/json")
1311 |> post("api/v1/statuses", %{
1312 "status" => "oolong",
1313 "expires_in" => expires_in
1315 |> json_response_and_validate_schema(200)
1318 worker: Pleroma.Workers.PurgeExpiredActivity,
1319 args: %{activity_id: id},
1320 scheduled_at: expires_at
1323 assert %{"id" => ^id, "pinned" => true} =
1325 |> put_req_header("content-type", "application/json")
1326 |> post("/api/v1/statuses/#{id}/pin")
1327 |> json_response_and_validate_schema(200)
1330 worker: Pleroma.Workers.PurgeExpiredActivity,
1331 args: %{activity_id: id},
1332 scheduled_at: expires_at
1335 assert %{"id" => ^id, "pinned" => false} =
1337 |> put_req_header("content-type", "application/json")
1338 |> post("/api/v1/statuses/#{id}/unpin")
1339 |> json_response_and_validate_schema(200)
1342 worker: Pleroma.Workers.PurgeExpiredActivity,
1343 args: %{activity_id: id},
1344 scheduled_at: expires_at
1351 clear_config([:rich_media, :enabled], true)
1353 oauth_access(["read:statuses"])
1356 test "returns rich-media card", %{conn: conn, user: user} do
1357 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
1359 {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp"})
1362 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1363 "provider_name" => "example.com",
1364 "provider_url" => "https://example.com",
1365 "title" => "The Rock",
1367 "url" => "https://example.com/ogp",
1369 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
1372 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1373 "title" => "The Rock",
1374 "type" => "video.movie",
1375 "url" => "https://example.com/ogp",
1377 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer."
1384 |> get("/api/v1/statuses/#{activity.id}/card")
1385 |> json_response_and_validate_schema(200)
1387 assert response == card_data
1389 # works with private posts
1391 CommonAPI.post(user, %{status: "https://example.com/ogp", visibility: "direct"})
1395 |> get("/api/v1/statuses/#{activity.id}/card")
1396 |> json_response_and_validate_schema(200)
1398 assert response_two == card_data
1401 test "replaces missing description with an empty string", %{conn: conn, user: user} do
1402 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
1404 {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp-missing-data"})
1408 |> get("/api/v1/statuses/#{activity.id}/card")
1409 |> json_response_and_validate_schema(:ok)
1411 assert response == %{
1413 "title" => "Pleroma",
1414 "description" => "",
1416 "provider_name" => "example.com",
1417 "provider_url" => "https://example.com",
1418 "url" => "https://example.com/ogp-missing-data",
1421 "title" => "Pleroma",
1422 "type" => "website",
1423 "url" => "https://example.com/ogp-missing-data"
1431 bookmarks_uri = "/api/v1/bookmarks"
1433 %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
1434 author = insert(:user)
1436 {:ok, activity1} = CommonAPI.post(author, %{status: "heweoo?"})
1437 {:ok, activity2} = CommonAPI.post(author, %{status: "heweoo!"})
1441 |> put_req_header("content-type", "application/json")
1442 |> post("/api/v1/statuses/#{activity1.id}/bookmark")
1444 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == true
1448 |> put_req_header("content-type", "application/json")
1449 |> post("/api/v1/statuses/#{activity2.id}/bookmark")
1451 assert json_response_and_validate_schema(response2, 200)["bookmarked"] == true
1453 bookmarks = get(conn, bookmarks_uri)
1456 json_response_and_validate_schema(response2, 200),
1457 json_response_and_validate_schema(response1, 200)
1459 json_response_and_validate_schema(bookmarks, 200)
1463 |> put_req_header("content-type", "application/json")
1464 |> post("/api/v1/statuses/#{activity1.id}/unbookmark")
1466 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == false
1468 bookmarks = get(conn, bookmarks_uri)
1470 assert [json_response_and_validate_schema(response2, 200)] ==
1471 json_response_and_validate_schema(bookmarks, 200)
1474 describe "conversation muting" do
1475 setup do: oauth_access(["write:mutes"])
1478 post_user = insert(:user)
1479 {:ok, activity} = CommonAPI.post(post_user, %{status: "HIE"})
1480 %{activity: activity}
1483 test "mute conversation", %{conn: conn, activity: activity} do
1484 id_str = to_string(activity.id)
1486 assert %{"id" => ^id_str, "muted" => true} =
1488 |> put_req_header("content-type", "application/json")
1489 |> post("/api/v1/statuses/#{activity.id}/mute")
1490 |> json_response_and_validate_schema(200)
1493 test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
1494 {:ok, _} = CommonAPI.add_mute(user, activity)
1498 |> put_req_header("content-type", "application/json")
1499 |> post("/api/v1/statuses/#{activity.id}/mute")
1501 assert json_response_and_validate_schema(conn, 400) == %{
1502 "error" => "conversation is already muted"
1506 test "unmute conversation", %{conn: conn, user: user, activity: activity} do
1507 {:ok, _} = CommonAPI.add_mute(user, activity)
1509 id_str = to_string(activity.id)
1511 assert %{"id" => ^id_str, "muted" => false} =
1513 # |> assign(:user, user)
1514 |> post("/api/v1/statuses/#{activity.id}/unmute")
1515 |> json_response_and_validate_schema(200)
1519 test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do
1520 user1 = insert(:user)
1521 user2 = insert(:user)
1522 user3 = insert(:user)
1524 {:ok, replied_to} = CommonAPI.post(user1, %{status: "cofe"})
1526 # Reply to status from another user
1529 |> assign(:user, user2)
1530 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
1531 |> put_req_header("content-type", "application/json")
1532 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
1534 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn1, 200)
1536 activity = Activity.get_by_id_with_object(id)
1538 assert Object.normalize(activity, fetch: false).data["inReplyTo"] ==
1539 Object.normalize(replied_to, fetch: false).data["id"]
1541 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
1543 # Reblog from the third user
1546 |> assign(:user, user3)
1547 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
1548 |> put_req_header("content-type", "application/json")
1549 |> post("/api/v1/statuses/#{activity.id}/reblog")
1551 assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
1552 json_response_and_validate_schema(conn2, 200)
1554 assert to_string(activity.id) == id
1556 # Getting third user status
1559 |> assign(:user, user3)
1560 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1561 |> get("api/v1/timelines/home")
1563 [reblogged_activity] = json_response_and_validate_schema(conn3, 200)
1565 assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
1567 replied_to_user = User.get_by_ap_id(replied_to.data["actor"])
1568 assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id
1571 describe "GET /api/v1/statuses/:id/favourited_by" do
1572 setup do: oauth_access(["read:accounts"])
1574 setup %{user: user} do
1575 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1577 %{activity: activity}
1580 test "returns users who have favorited the status", %{conn: conn, activity: activity} do
1581 other_user = insert(:user)
1582 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1586 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1587 |> json_response_and_validate_schema(:ok)
1589 [%{"id" => id}] = response
1591 assert id == other_user.id
1594 test "returns empty array when status has not been favorited yet", %{
1600 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1601 |> json_response_and_validate_schema(:ok)
1603 assert Enum.empty?(response)
1606 test "does not return users who have favorited the status but are blocked", %{
1607 conn: %{assigns: %{user: user}} = conn,
1610 other_user = insert(:user)
1611 {:ok, _user_relationship} = User.block(user, other_user)
1613 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1617 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1618 |> json_response_and_validate_schema(:ok)
1620 assert Enum.empty?(response)
1623 test "does not fail on an unauthenticated request", %{activity: activity} do
1624 other_user = insert(:user)
1625 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1629 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1630 |> json_response_and_validate_schema(:ok)
1632 [%{"id" => id}] = response
1633 assert id == other_user.id
1636 test "requires authentication for private posts", %{user: user} do
1637 other_user = insert(:user)
1640 CommonAPI.post(user, %{
1641 status: "@#{other_user.nickname} wanna get some #cofe together?",
1642 visibility: "direct"
1645 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1647 favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
1650 |> get(favourited_by_url)
1651 |> json_response_and_validate_schema(404)
1655 |> assign(:user, other_user)
1656 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1659 |> assign(:token, nil)
1660 |> get(favourited_by_url)
1661 |> json_response_and_validate_schema(404)
1665 |> get(favourited_by_url)
1666 |> json_response_and_validate_schema(200)
1668 [%{"id" => id}] = response
1669 assert id == other_user.id
1672 test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do
1673 clear_config([:instance, :show_reactions], false)
1675 other_user = insert(:user)
1676 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1680 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1681 |> json_response_and_validate_schema(:ok)
1683 assert Enum.empty?(response)
1687 describe "GET /api/v1/statuses/:id/reblogged_by" do
1688 setup do: oauth_access(["read:accounts"])
1690 setup %{user: user} do
1691 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1693 %{activity: activity}
1696 test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
1697 other_user = insert(:user)
1698 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1702 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1703 |> json_response_and_validate_schema(:ok)
1705 [%{"id" => id}] = response
1707 assert id == other_user.id
1710 test "returns empty array when status has not been reblogged yet", %{
1716 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1717 |> json_response_and_validate_schema(:ok)
1719 assert Enum.empty?(response)
1722 test "does not return users who have reblogged the status but are blocked", %{
1723 conn: %{assigns: %{user: user}} = conn,
1726 other_user = insert(:user)
1727 {:ok, _user_relationship} = User.block(user, other_user)
1729 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1733 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1734 |> json_response_and_validate_schema(:ok)
1736 assert Enum.empty?(response)
1739 test "does not return users who have reblogged the status privately", %{
1742 other_user = insert(:user)
1743 {:ok, activity} = CommonAPI.post(other_user, %{status: "my secret post"})
1745 {:ok, _} = CommonAPI.repeat(activity.id, other_user, %{visibility: "private"})
1749 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1750 |> json_response_and_validate_schema(:ok)
1752 assert Enum.empty?(response)
1755 test "does not fail on an unauthenticated request", %{activity: activity} do
1756 other_user = insert(:user)
1757 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1761 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1762 |> json_response_and_validate_schema(:ok)
1764 [%{"id" => id}] = response
1765 assert id == other_user.id
1768 test "requires authentication for private posts", %{user: user} do
1769 other_user = insert(:user)
1772 CommonAPI.post(user, %{
1773 status: "@#{other_user.nickname} wanna get some #cofe together?",
1774 visibility: "direct"
1778 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1779 |> json_response_and_validate_schema(404)
1783 |> assign(:user, other_user)
1784 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1785 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1786 |> json_response_and_validate_schema(200)
1788 assert [] == response
1793 user = insert(:user)
1795 {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
1796 {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
1797 {:ok, %{id: id3}} = CommonAPI.post(user, %{status: "3", in_reply_to_status_id: id2})
1798 {:ok, %{id: id4}} = CommonAPI.post(user, %{status: "4", in_reply_to_status_id: id3})
1799 {:ok, %{id: id5}} = CommonAPI.post(user, %{status: "5", in_reply_to_status_id: id4})
1803 |> get("/api/v1/statuses/#{id3}/context")
1804 |> json_response_and_validate_schema(:ok)
1807 "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}],
1808 "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}]
1812 test "favorites paginate correctly" do
1813 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1814 other_user = insert(:user)
1815 {:ok, first_post} = CommonAPI.post(other_user, %{status: "bla"})
1816 {:ok, second_post} = CommonAPI.post(other_user, %{status: "bla"})
1817 {:ok, third_post} = CommonAPI.post(other_user, %{status: "bla"})
1819 {:ok, _first_favorite} = CommonAPI.favorite(user, third_post.id)
1820 {:ok, _second_favorite} = CommonAPI.favorite(user, first_post.id)
1821 {:ok, third_favorite} = CommonAPI.favorite(user, second_post.id)
1825 |> get("/api/v1/favourites?limit=1")
1827 assert [%{"id" => post_id}] = json_response_and_validate_schema(result, 200)
1828 assert post_id == second_post.id
1830 # Using the header for pagination works correctly
1831 [next, _] = get_resp_header(result, "link") |> hd() |> String.split(", ")
1832 [_, max_id] = Regex.run(~r/max_id=([^&]+)/, next)
1834 assert max_id == third_favorite.id
1838 |> get("/api/v1/favourites?max_id=#{max_id}")
1840 assert [%{"id" => first_post_id}, %{"id" => third_post_id}] =
1841 json_response_and_validate_schema(result, 200)
1843 assert first_post_id == first_post.id
1844 assert third_post_id == third_post.id
1847 test "returns the favorites of a user" do
1848 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1849 other_user = insert(:user)
1851 {:ok, _} = CommonAPI.post(other_user, %{status: "bla"})
1852 {:ok, activity} = CommonAPI.post(other_user, %{status: "trees are happy"})
1854 {:ok, last_like} = CommonAPI.favorite(user, activity.id)
1856 first_conn = get(conn, "/api/v1/favourites")
1858 assert [status] = json_response_and_validate_schema(first_conn, 200)
1859 assert status["id"] == to_string(activity.id)
1861 assert [{"link", _link_header}] =
1862 Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end)
1864 # Honours query params
1865 {:ok, second_activity} =
1866 CommonAPI.post(other_user, %{
1867 status: "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful."
1870 {:ok, _} = CommonAPI.favorite(user, second_activity.id)
1872 second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like.id}")
1874 assert [second_status] = json_response_and_validate_schema(second_conn, 200)
1875 assert second_status["id"] == to_string(second_activity.id)
1877 third_conn = get(conn, "/api/v1/favourites?limit=0")
1879 assert [] = json_response_and_validate_schema(third_conn, 200)
1882 test "expires_at is nil for another user" do
1883 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1884 expires_at = DateTime.add(DateTime.utc_now(), 1_000_000)
1885 {:ok, activity} = CommonAPI.post(user, %{status: "foobar", expires_in: 1_000_000})
1887 assert %{"pleroma" => %{"expires_at" => a_expires_at}} =
1889 |> get("/api/v1/statuses/#{activity.id}")
1890 |> json_response_and_validate_schema(:ok)
1892 {:ok, a_expires_at, 0} = DateTime.from_iso8601(a_expires_at)
1893 assert DateTime.diff(expires_at, a_expires_at) == 0
1895 %{conn: conn} = oauth_access(["read:statuses"])
1897 assert %{"pleroma" => %{"expires_at" => nil}} =
1899 |> get("/api/v1/statuses/#{activity.id}")
1900 |> json_response_and_validate_schema(:ok)
1903 test "posting a local only status" do
1904 %{user: _user, conn: conn} = oauth_access(["write:statuses"])
1908 |> put_req_header("content-type", "application/json")
1909 |> post("/api/v1/statuses", %{
1911 "visibility" => "local"
1914 local = Utils.as_local_public()
1916 assert %{"content" => "cofe", "id" => id, "visibility" => "local"} =
1917 json_response_and_validate_schema(conn_one, 200)
1919 assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id)
1922 describe "muted reactions" do
1924 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1926 other_user = insert(:user)
1927 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1929 {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
1930 User.mute(user, other_user)
1934 |> get("/api/v1/statuses/?ids[]=#{activity.id}")
1935 |> json_response_and_validate_schema(200)
1940 "emoji_reactions" => []
1947 |> get("/api/v1/statuses/?ids[]=#{activity.id}&with_muted=true")
1948 |> json_response_and_validate_schema(200)
1953 "emoji_reactions" => [%{"count" => 1, "me" => false, "name" => "🎅"}]
1960 # %{conn: conn, user: user, token: token} = oauth_access(["read:statuses"])
1961 %{conn: conn, user: user, token: _token} = oauth_access(["read:statuses"])
1963 other_user = insert(:user)
1964 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1966 {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
1967 User.mute(user, other_user)
1971 |> get("/api/v1/statuses/#{activity.id}")
1972 |> json_response_and_validate_schema(200)
1976 "emoji_reactions" => []
1982 |> get("/api/v1/statuses/#{activity.id}?with_muted=true")
1983 |> json_response_and_validate_schema(200)
1987 "emoji_reactions" => [%{"count" => 1, "me" => false, "name" => "🎅"}]