1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Conversation.Participation
13 alias Pleroma.ScheduledActivity
14 alias Pleroma.Tests.ObanHelpers
16 alias Pleroma.Web.ActivityPub.ActivityPub
17 alias Pleroma.Web.ActivityPub.Utils
18 alias Pleroma.Web.CommonAPI
19 alias Pleroma.Workers.ScheduledActivityWorker
21 import Pleroma.Factory
23 setup do: clear_config([:instance, :federating])
24 setup do: clear_config([:instance, :allow_relay])
25 setup do: clear_config([:rich_media, :enabled])
26 setup do: clear_config([:mrf, :policies])
27 setup do: clear_config([:mrf_keyword, :reject])
28 setup do: clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
29 setup do: clear_config([Pleroma.Uploaders.Local, :uploads], "uploads")
31 describe "posting statuses" do
32 setup do: oauth_access(["write:statuses"])
34 test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
35 clear_config([:instance, :federating], true)
36 Config.get([:instance, :allow_relay], true)
40 |> put_req_header("content-type", "application/json")
41 |> post("api/v1/statuses", %{
42 "content_type" => "text/plain",
43 "source" => "Pleroma FE",
44 "status" => "Hello world",
45 "visibility" => "public"
47 |> json_response_and_validate_schema(200)
49 assert response["reblogs_count"] == 0
50 ObanHelpers.perform_all()
54 |> get("api/v1/statuses/#{response["id"]}", %{})
55 |> json_response_and_validate_schema(200)
57 assert response["reblogs_count"] == 0
60 test "posting a status", %{conn: conn} do
61 idempotency_key = "Pikachu rocks!"
65 |> put_req_header("content-type", "application/json")
66 |> put_req_header("idempotency-key", idempotency_key)
67 |> post("/api/v1/statuses", %{
69 "spoiler_text" => "2hu",
73 assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} =
74 json_response_and_validate_schema(conn_one, 200)
76 assert Activity.get_by_id(id)
80 |> put_req_header("content-type", "application/json")
81 |> put_req_header("idempotency-key", idempotency_key)
82 |> post("/api/v1/statuses", %{
84 "spoiler_text" => "2hu",
88 # Idempotency plug response means detection fail
89 assert %{"id" => second_id} = json_response(conn_two, 200)
90 assert id == second_id
94 |> put_req_header("content-type", "application/json")
95 |> post("/api/v1/statuses", %{
97 "spoiler_text" => "2hu",
98 "sensitive" => "False"
101 assert %{"id" => third_id} = json_response_and_validate_schema(conn_three, 200)
102 refute id == third_id
104 # An activity that will expire:
106 expires_in = 2 * 60 * 60
108 expires_at = DateTime.add(DateTime.utc_now(), expires_in)
112 |> put_req_header("content-type", "application/json")
113 |> post("api/v1/statuses", %{
114 "status" => "oolong",
115 "expires_in" => expires_in
118 assert %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200)
120 assert Activity.get_by_id(fourth_id)
123 worker: Pleroma.Workers.PurgeExpiredActivity,
124 args: %{activity_id: fourth_id},
125 scheduled_at: expires_at
129 test "it fails to create a status if `expires_in` is less or equal than an hour", %{
135 assert %{"error" => "Expiry date is too soon"} =
137 |> put_req_header("content-type", "application/json")
138 |> post("api/v1/statuses", %{
139 "status" => "oolong",
140 "expires_in" => expires_in
142 |> json_response_and_validate_schema(422)
147 assert %{"error" => "Expiry date is too soon"} =
149 |> put_req_header("content-type", "application/json")
150 |> post("api/v1/statuses", %{
151 "status" => "oolong",
152 "expires_in" => expires_in
154 |> json_response_and_validate_schema(422)
157 test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do
158 clear_config([:mrf_keyword, :reject], ["GNO"])
159 clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy])
161 assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} =
163 |> put_req_header("content-type", "application/json")
164 |> post("api/v1/statuses", %{"status" => "GNO/Linux"})
165 |> json_response_and_validate_schema(422)
168 test "posting an undefined status with an attachment", %{user: user, conn: conn} do
170 content_type: "image/jpeg",
171 path: Path.absname("test/fixtures/image.jpg"),
172 filename: "an_image.jpg"
175 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
179 |> put_req_header("content-type", "application/json")
180 |> post("/api/v1/statuses", %{
181 "media_ids" => [to_string(upload.id)]
184 assert json_response_and_validate_schema(conn, 200)
187 test "replying to a status", %{user: user, conn: conn} do
188 {:ok, replied_to} = CommonAPI.post(user, %{status: "cofe"})
192 |> put_req_header("content-type", "application/json")
193 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
195 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
197 activity = Activity.get_by_id(id)
199 assert activity.data["context"] == replied_to.data["context"]
200 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
203 test "replying to a direct message with visibility other than direct", %{
207 {:ok, replied_to} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"})
209 Enum.each(["public", "private", "unlisted"], fn visibility ->
212 |> put_req_header("content-type", "application/json")
213 |> post("/api/v1/statuses", %{
214 "status" => "@#{user.nickname} hey",
215 "in_reply_to_id" => replied_to.id,
216 "visibility" => visibility
219 assert json_response_and_validate_schema(conn, 422) == %{
220 "error" => "The message visibility must be direct"
225 test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
228 |> put_req_header("content-type", "application/json")
229 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
231 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
232 assert Activity.get_by_id(id)
235 test "posting a sensitive status", %{conn: conn} do
238 |> put_req_header("content-type", "application/json")
239 |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
241 assert %{"content" => "cofe", "id" => id, "sensitive" => true} =
242 json_response_and_validate_schema(conn, 200)
244 assert Activity.get_by_id(id)
247 test "posting a fake status", %{conn: conn} do
250 |> put_req_header("content-type", "application/json")
251 |> post("/api/v1/statuses", %{
253 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
256 real_status = json_response_and_validate_schema(real_conn, 200)
259 assert Object.get_by_ap_id(real_status["uri"])
263 |> Map.put("id", nil)
264 |> Map.put("url", nil)
265 |> Map.put("uri", nil)
266 |> Map.put("created_at", nil)
267 |> Kernel.put_in(["pleroma", "context"], nil)
268 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
272 |> assign(:user, refresh_record(conn.assigns.user))
273 |> put_req_header("content-type", "application/json")
274 |> post("/api/v1/statuses", %{
276 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
280 fake_status = json_response_and_validate_schema(fake_conn, 200)
283 refute Object.get_by_ap_id(fake_status["uri"])
287 |> Map.put("id", nil)
288 |> Map.put("url", nil)
289 |> Map.put("uri", nil)
290 |> Map.put("created_at", nil)
291 |> Kernel.put_in(["pleroma", "context"], nil)
292 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
294 assert real_status == fake_status
297 test "fake statuses' preview card is not cached", %{conn: conn} do
298 clear_config([:rich_media, :enabled], true)
303 url: "https://example.com/twitter-card"
305 %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/twitter_card.html")}
308 apply(HttpRequestMock, :request, [env])
313 |> put_req_header("content-type", "application/json")
314 |> post("/api/v1/statuses", %{
315 "status" => "https://example.com/ogp",
321 |> put_req_header("content-type", "application/json")
322 |> post("/api/v1/statuses", %{
323 "status" => "https://example.com/twitter-card",
327 assert %{"card" => %{"title" => "The Rock"}} = json_response_and_validate_schema(conn1, 200)
329 assert %{"card" => %{"title" => "Small Island Developing States Photo Submission"}} =
330 json_response_and_validate_schema(conn2, 200)
333 test "posting a status with OGP link preview", %{conn: conn} do
334 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
335 clear_config([:rich_media, :enabled], true)
339 |> put_req_header("content-type", "application/json")
340 |> post("/api/v1/statuses", %{
341 "status" => "https://example.com/ogp"
344 assert %{"id" => id, "card" => %{"title" => "The Rock"}} =
345 json_response_and_validate_schema(conn, 200)
347 assert Activity.get_by_id(id)
350 test "posting a direct status", %{conn: conn} do
351 user2 = insert(:user)
352 content = "direct cofe @#{user2.nickname}"
356 |> put_req_header("content-type", "application/json")
357 |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
359 assert %{"id" => id} = response = json_response_and_validate_schema(conn, 200)
360 assert response["visibility"] == "direct"
361 assert response["pleroma"]["direct_conversation_id"]
362 assert activity = Activity.get_by_id(id)
363 assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id]
364 assert activity.data["to"] == [user2.ap_id]
365 assert activity.data["cc"] == []
368 test "discloses application metadata when enabled" do
369 user = insert(:user, disclose_client: true)
370 %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user)
372 %Pleroma.Web.OAuth.Token{
373 app: %Pleroma.Web.OAuth.App{
374 client_name: app_name,
381 |> put_req_header("content-type", "application/json")
382 |> post("/api/v1/statuses", %{
383 "status" => "cofe is my copilot"
387 "content" => "cofe is my copilot"
388 } = json_response_and_validate_schema(result, 200)
390 activity = result.assigns.activity.id
394 |> get("api/v1/statuses/#{activity}")
397 "content" => "cofe is my copilot",
400 "website" => ^app_website
402 } = json_response_and_validate_schema(result, 200)
405 test "hides application metadata when disabled" do
406 user = insert(:user, disclose_client: false)
407 %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user)
411 |> put_req_header("content-type", "application/json")
412 |> post("/api/v1/statuses", %{
413 "status" => "club mate is my wingman"
416 assert %{"content" => "club mate is my wingman"} =
417 json_response_and_validate_schema(result, 200)
419 activity = result.assigns.activity.id
423 |> get("api/v1/statuses/#{activity}")
426 "content" => "club mate is my wingman",
428 } = json_response_and_validate_schema(result, 200)
432 describe "posting scheduled statuses" do
433 setup do: oauth_access(["write:statuses"])
435 test "creates a scheduled activity", %{conn: conn} do
437 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
438 |> NaiveDateTime.to_iso8601()
443 |> put_req_header("content-type", "application/json")
444 |> post("/api/v1/statuses", %{
445 "status" => "scheduled",
446 "scheduled_at" => scheduled_at
449 assert %{"scheduled_at" => expected_scheduled_at} =
450 json_response_and_validate_schema(conn, 200)
452 assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at)
453 assert [] == Repo.all(Activity)
456 test "with expiration" do
457 %{conn: conn} = oauth_access(["write:statuses", "read:statuses"])
460 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
461 |> NaiveDateTime.to_iso8601()
464 assert %{"id" => status_id, "params" => %{"expires_in" => 300}} =
466 |> put_req_header("content-type", "application/json")
467 |> post("/api/v1/statuses", %{
468 "status" => "scheduled",
469 "scheduled_at" => scheduled_at,
472 |> json_response_and_validate_schema(200)
474 assert %{"id" => ^status_id, "params" => %{"expires_in" => 300}} =
476 |> put_req_header("content-type", "application/json")
477 |> get("/api/v1/scheduled_statuses/#{status_id}")
478 |> json_response_and_validate_schema(200)
481 test "ignores nil values", %{conn: conn} do
484 |> put_req_header("content-type", "application/json")
485 |> post("/api/v1/statuses", %{
486 "status" => "not scheduled",
487 "scheduled_at" => nil
490 assert result = json_response_and_validate_schema(conn, 200)
491 assert Activity.get_by_id(result["id"])
494 test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
496 NaiveDateTime.utc_now()
497 |> NaiveDateTime.add(:timer.minutes(120), :millisecond)
498 |> NaiveDateTime.to_iso8601()
502 content_type: "image/jpeg",
503 path: Path.absname("test/fixtures/image.jpg"),
504 filename: "an_image.jpg"
507 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
511 |> put_req_header("content-type", "application/json")
512 |> post("/api/v1/statuses", %{
513 "media_ids" => [to_string(upload.id)],
514 "status" => "scheduled",
515 "scheduled_at" => scheduled_at
518 assert %{"media_attachments" => [media_attachment]} =
519 json_response_and_validate_schema(conn, 200)
521 assert %{"type" => "image"} = media_attachment
524 test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
527 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
528 |> NaiveDateTime.to_iso8601()
533 |> put_req_header("content-type", "application/json")
534 |> post("/api/v1/statuses", %{
535 "status" => "not scheduled",
536 "scheduled_at" => scheduled_at
539 assert %{"content" => "not scheduled"} = json_response_and_validate_schema(conn, 200)
540 assert [] == Repo.all(ScheduledActivity)
543 test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
545 NaiveDateTime.utc_now()
546 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
547 |> NaiveDateTime.to_iso8601()
551 attrs = %{params: %{}, scheduled_at: today}
552 {:ok, _} = ScheduledActivity.create(user, attrs)
553 {:ok, _} = ScheduledActivity.create(user, attrs)
557 |> put_req_header("content-type", "application/json")
558 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
560 assert %{"error" => "daily limit exceeded"} == json_response_and_validate_schema(conn, 422)
563 test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
565 NaiveDateTime.utc_now()
566 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
567 |> NaiveDateTime.to_iso8601()
571 NaiveDateTime.utc_now()
572 |> NaiveDateTime.add(:timer.hours(36), :millisecond)
573 |> NaiveDateTime.to_iso8601()
576 attrs = %{params: %{}, scheduled_at: today}
577 {:ok, _} = ScheduledActivity.create(user, attrs)
578 {:ok, _} = ScheduledActivity.create(user, attrs)
579 {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
583 |> put_req_header("content-type", "application/json")
584 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
586 assert %{"error" => "total limit exceeded"} == json_response_and_validate_schema(conn, 422)
590 describe "posting polls" do
591 setup do: oauth_access(["write:statuses"])
593 test "posting a poll", %{conn: conn} do
594 time = NaiveDateTime.utc_now()
598 |> put_req_header("content-type", "application/json")
599 |> post("/api/v1/statuses", %{
600 "status" => "Who is the #bestgrill?",
602 "options" => ["Rei", "Asuka", "Misato"],
607 response = json_response_and_validate_schema(conn, 200)
609 assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
610 title in ["Rei", "Asuka", "Misato"]
613 assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
614 assert response["poll"]["expired"] == false
616 question = Object.get_by_id(response["poll"]["id"])
618 # closed contains utc timezone
619 assert question.data["closed"] =~ "Z"
622 test "option limit is enforced", %{conn: conn} do
623 limit = Config.get([:instance, :poll_limits, :max_options])
627 |> put_req_header("content-type", "application/json")
628 |> post("/api/v1/statuses", %{
630 "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
633 %{"error" => error} = json_response_and_validate_schema(conn, 422)
634 assert error == "Poll can't contain more than #{limit} options"
637 test "option character limit is enforced", %{conn: conn} do
638 limit = Config.get([:instance, :poll_limits, :max_option_chars])
642 |> put_req_header("content-type", "application/json")
643 |> post("/api/v1/statuses", %{
646 "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
651 %{"error" => error} = json_response_and_validate_schema(conn, 422)
652 assert error == "Poll options cannot be longer than #{limit} characters each"
655 test "minimal date limit is enforced", %{conn: conn} do
656 limit = Config.get([:instance, :poll_limits, :min_expiration])
660 |> put_req_header("content-type", "application/json")
661 |> post("/api/v1/statuses", %{
662 "status" => "imagine arbitrary limits",
664 "options" => ["this post was made by pleroma gang"],
665 "expires_in" => limit - 1
669 %{"error" => error} = json_response_and_validate_schema(conn, 422)
670 assert error == "Expiration date is too soon"
673 test "maximum date limit is enforced", %{conn: conn} do
674 limit = Config.get([:instance, :poll_limits, :max_expiration])
678 |> put_req_header("content-type", "application/json")
679 |> post("/api/v1/statuses", %{
680 "status" => "imagine arbitrary limits",
682 "options" => ["this post was made by pleroma gang"],
683 "expires_in" => limit + 1
687 %{"error" => error} = json_response_and_validate_schema(conn, 422)
688 assert error == "Expiration date is too far in the future"
691 test "scheduled poll", %{conn: conn} do
692 clear_config([ScheduledActivity, :enabled], true)
695 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
696 |> NaiveDateTime.to_iso8601()
699 %{"id" => scheduled_id} =
701 |> put_req_header("content-type", "application/json")
702 |> post("/api/v1/statuses", %{
703 "status" => "very cool poll",
705 "options" => ~w(a b c),
708 "scheduled_at" => scheduled_at
710 |> json_response_and_validate_schema(200)
712 assert {:ok, %{id: activity_id}} =
713 perform_job(ScheduledActivityWorker, %{
714 activity_id: scheduled_id
717 refute_enqueued(worker: ScheduledActivityWorker)
721 |> Repo.get(activity_id)
722 |> Object.normalize()
724 assert object.data["content"] == "very cool poll"
725 assert object.data["type"] == "Question"
726 assert length(object.data["oneOf"]) == 3
730 test "get a status" do
731 %{conn: conn} = oauth_access(["read:statuses"])
732 activity = insert(:note_activity)
734 conn = get(conn, "/api/v1/statuses/#{activity.id}")
736 assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
737 assert id == to_string(activity.id)
740 defp local_and_remote_activities do
741 local = insert(:note_activity)
742 remote = insert(:note_activity, local: false)
743 {:ok, local: local, remote: remote}
746 describe "status with restrict unauthenticated activities for local and remote" do
747 setup do: local_and_remote_activities()
749 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
751 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
753 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
754 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
756 assert json_response_and_validate_schema(res_conn, :not_found) == %{
757 "error" => "Record not found"
760 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
762 assert json_response_and_validate_schema(res_conn, :not_found) == %{
763 "error" => "Record not found"
767 test "if user is authenticated", %{local: local, remote: remote} do
768 %{conn: conn} = oauth_access(["read"])
769 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
770 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
772 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
773 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
777 describe "status with restrict unauthenticated activities for local" do
778 setup do: local_and_remote_activities()
780 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
782 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
783 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
785 assert json_response_and_validate_schema(res_conn, :not_found) == %{
786 "error" => "Record not found"
789 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
790 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
793 test "if user is authenticated", %{local: local, remote: remote} do
794 %{conn: conn} = oauth_access(["read"])
795 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
796 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
798 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
799 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
803 describe "status with restrict unauthenticated activities for remote" do
804 setup do: local_and_remote_activities()
806 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
808 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
809 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
810 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
812 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
814 assert json_response_and_validate_schema(res_conn, :not_found) == %{
815 "error" => "Record not found"
819 test "if user is authenticated", %{local: local, remote: remote} do
820 %{conn: conn} = oauth_access(["read"])
821 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
822 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
824 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
825 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
829 test "getting a status that doesn't exist returns 404" do
830 %{conn: conn} = oauth_access(["read:statuses"])
831 activity = insert(:note_activity)
833 conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}")
835 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
838 test "get a direct status" do
839 %{user: user, conn: conn} = oauth_access(["read:statuses"])
840 other_user = insert(:user)
843 CommonAPI.post(user, %{status: "@#{other_user.nickname}", visibility: "direct"})
847 |> assign(:user, user)
848 |> get("/api/v1/statuses/#{activity.id}")
850 [participation] = Participation.for_user(user)
852 res = json_response_and_validate_schema(conn, 200)
853 assert res["pleroma"]["direct_conversation_id"] == participation.id
856 test "get statuses by IDs" do
857 %{conn: conn} = oauth_access(["read:statuses"])
858 %{id: id1} = insert(:note_activity)
859 %{id: id2} = insert(:note_activity)
861 query_string = "ids[]=#{id1}&ids[]=#{id2}"
862 conn = get(conn, "/api/v1/statuses/?#{query_string}")
864 assert [%{"id" => ^id1}, %{"id" => ^id2}] =
865 Enum.sort_by(json_response_and_validate_schema(conn, :ok), & &1["id"])
868 describe "getting statuses by ids with restricted unauthenticated for local and remote" do
869 setup do: local_and_remote_activities()
871 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
873 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
875 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
876 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
878 assert json_response_and_validate_schema(res_conn, 200) == []
881 test "if user is authenticated", %{local: local, remote: remote} do
882 %{conn: conn} = oauth_access(["read"])
884 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
886 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
890 describe "getting statuses by ids with restricted unauthenticated for local" do
891 setup do: local_and_remote_activities()
893 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
895 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
896 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
898 remote_id = remote.id
899 assert [%{"id" => ^remote_id}] = json_response_and_validate_schema(res_conn, 200)
902 test "if user is authenticated", %{local: local, remote: remote} do
903 %{conn: conn} = oauth_access(["read"])
905 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
907 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
911 describe "getting statuses by ids with restricted unauthenticated for remote" do
912 setup do: local_and_remote_activities()
914 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
916 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
917 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
920 assert [%{"id" => ^local_id}] = json_response_and_validate_schema(res_conn, 200)
923 test "if user is authenticated", %{local: local, remote: remote} do
924 %{conn: conn} = oauth_access(["read"])
926 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
928 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
932 describe "deleting a status" do
933 test "when you created it" do
934 %{user: author, conn: conn} = oauth_access(["write:statuses"])
935 activity = insert(:note_activity, user: author)
936 object = Object.normalize(activity, fetch: false)
938 content = object.data["content"]
939 source = object.data["source"]
943 |> assign(:user, author)
944 |> delete("/api/v1/statuses/#{activity.id}")
945 |> json_response_and_validate_schema(200)
947 assert match?(%{"content" => ^content, "text" => ^source}, result)
949 refute Activity.get_by_id(activity.id)
952 test "when it doesn't exist" do
953 %{user: author, conn: conn} = oauth_access(["write:statuses"])
954 activity = insert(:note_activity, user: author)
958 |> assign(:user, author)
959 |> delete("/api/v1/statuses/#{String.downcase(activity.id)}")
961 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
964 test "when you didn't create it" do
965 %{conn: conn} = oauth_access(["write:statuses"])
966 activity = insert(:note_activity)
968 conn = delete(conn, "/api/v1/statuses/#{activity.id}")
970 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
972 assert Activity.get_by_id(activity.id) == activity
975 test "when you're an admin or moderator", %{conn: conn} do
976 activity1 = insert(:note_activity)
977 activity2 = insert(:note_activity)
978 admin = insert(:user, is_admin: true)
979 moderator = insert(:user, is_moderator: true)
983 |> assign(:user, admin)
984 |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
985 |> delete("/api/v1/statuses/#{activity1.id}")
987 assert %{} = json_response_and_validate_schema(res_conn, 200)
991 |> assign(:user, moderator)
992 |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
993 |> delete("/api/v1/statuses/#{activity2.id}")
995 assert %{} = json_response_and_validate_schema(res_conn, 200)
997 refute Activity.get_by_id(activity1.id)
998 refute Activity.get_by_id(activity2.id)
1002 describe "reblogging" do
1003 setup do: oauth_access(["write:statuses"])
1005 test "reblogs and returns the reblogged status", %{conn: conn} do
1006 activity = insert(:note_activity)
1010 |> put_req_header("content-type", "application/json")
1011 |> post("/api/v1/statuses/#{activity.id}/reblog")
1014 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1016 } = json_response_and_validate_schema(conn, 200)
1018 assert to_string(activity.id) == id
1021 test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do
1022 activity = insert(:note_activity)
1026 |> put_req_header("content-type", "application/json")
1027 |> post("/api/v1/statuses/#{String.downcase(activity.id)}/reblog")
1029 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
1032 test "reblogs privately and returns the reblogged status", %{conn: conn} do
1033 activity = insert(:note_activity)
1037 |> put_req_header("content-type", "application/json")
1039 "/api/v1/statuses/#{activity.id}/reblog",
1040 %{"visibility" => "private"}
1044 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1045 "reblogged" => true,
1046 "visibility" => "private"
1047 } = json_response_and_validate_schema(conn, 200)
1049 assert to_string(activity.id) == id
1052 test "reblogged status for another user" do
1053 activity = insert(:note_activity)
1054 user1 = insert(:user)
1055 user2 = insert(:user)
1056 user3 = insert(:user)
1057 {:ok, _} = CommonAPI.favorite(user2, activity.id)
1058 {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id)
1059 {:ok, reblog_activity1} = CommonAPI.repeat(activity.id, user1)
1060 {:ok, _} = CommonAPI.repeat(activity.id, user2)
1064 |> assign(:user, user3)
1065 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1066 |> get("/api/v1/statuses/#{reblog_activity1.id}")
1069 "reblog" => %{"id" => _id, "reblogged" => false, "reblogs_count" => 2},
1070 "reblogged" => false,
1071 "favourited" => false,
1072 "bookmarked" => false
1073 } = json_response_and_validate_schema(conn_res, 200)
1077 |> assign(:user, user2)
1078 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
1079 |> get("/api/v1/statuses/#{reblog_activity1.id}")
1082 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2},
1083 "reblogged" => true,
1084 "favourited" => true,
1085 "bookmarked" => true
1086 } = json_response_and_validate_schema(conn_res, 200)
1088 assert to_string(activity.id) == id
1091 test "author can reblog own private status", %{conn: conn, user: user} do
1092 {:ok, activity} = CommonAPI.post(user, %{status: "cofe", visibility: "private"})
1096 |> put_req_header("content-type", "application/json")
1097 |> post("/api/v1/statuses/#{activity.id}/reblog")
1100 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1101 "reblogged" => true,
1102 "visibility" => "private"
1103 } = json_response_and_validate_schema(conn, 200)
1105 assert to_string(activity.id) == id
1109 describe "unreblogging" do
1110 setup do: oauth_access(["write:statuses"])
1112 test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
1113 activity = insert(:note_activity)
1115 {:ok, _} = CommonAPI.repeat(activity.id, user)
1119 |> put_req_header("content-type", "application/json")
1120 |> post("/api/v1/statuses/#{activity.id}/unreblog")
1122 assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} =
1123 json_response_and_validate_schema(conn, 200)
1125 assert to_string(activity.id) == id
1128 test "returns 404 error when activity does not exist", %{conn: conn} do
1131 |> put_req_header("content-type", "application/json")
1132 |> post("/api/v1/statuses/foo/unreblog")
1134 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1138 describe "favoriting" do
1139 setup do: oauth_access(["write:favourites"])
1141 test "favs a status and returns it", %{conn: conn} do
1142 activity = insert(:note_activity)
1146 |> put_req_header("content-type", "application/json")
1147 |> post("/api/v1/statuses/#{activity.id}/favourite")
1149 assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
1150 json_response_and_validate_schema(conn, 200)
1152 assert to_string(activity.id) == id
1155 test "favoriting twice will just return 200", %{conn: conn} do
1156 activity = insert(:note_activity)
1159 |> put_req_header("content-type", "application/json")
1160 |> post("/api/v1/statuses/#{activity.id}/favourite")
1163 |> put_req_header("content-type", "application/json")
1164 |> post("/api/v1/statuses/#{activity.id}/favourite")
1165 |> json_response_and_validate_schema(200)
1168 test "returns 404 error for a wrong id", %{conn: conn} do
1171 |> put_req_header("content-type", "application/json")
1172 |> post("/api/v1/statuses/1/favourite")
1174 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1178 describe "unfavoriting" do
1179 setup do: oauth_access(["write:favourites"])
1181 test "unfavorites a status and returns it", %{user: user, conn: conn} do
1182 activity = insert(:note_activity)
1184 {:ok, _} = CommonAPI.favorite(user, activity.id)
1188 |> put_req_header("content-type", "application/json")
1189 |> post("/api/v1/statuses/#{activity.id}/unfavourite")
1191 assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
1192 json_response_and_validate_schema(conn, 200)
1194 assert to_string(activity.id) == id
1197 test "returns 404 error for a wrong id", %{conn: conn} do
1200 |> put_req_header("content-type", "application/json")
1201 |> post("/api/v1/statuses/1/unfavourite")
1203 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1207 describe "pinned statuses" do
1208 setup do: oauth_access(["write:accounts"])
1210 setup %{user: user} do
1211 {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
1213 %{activity: activity}
1216 setup do: clear_config([:instance, :max_pinned_statuses], 1)
1218 test "pin status", %{conn: conn, user: user, activity: activity} do
1221 assert %{"id" => ^id, "pinned" => true} =
1223 |> put_req_header("content-type", "application/json")
1224 |> post("/api/v1/statuses/#{activity.id}/pin")
1225 |> json_response_and_validate_schema(200)
1227 assert [%{"id" => ^id, "pinned" => true}] =
1229 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1230 |> json_response_and_validate_schema(200)
1233 test "non authenticated user", %{activity: activity} do
1235 |> put_req_header("content-type", "application/json")
1236 |> post("/api/v1/statuses/#{activity.id}/pin")
1237 |> json_response(403) == %{"error" => "Invalid credentials."}
1240 test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
1241 {:ok, dm} = CommonAPI.post(user, %{status: "test", visibility: "direct"})
1245 |> put_req_header("content-type", "application/json")
1246 |> post("/api/v1/statuses/#{dm.id}/pin")
1248 assert json_response_and_validate_schema(conn, 422) == %{
1249 "error" => "Non-public status cannot be pinned"
1253 test "pin by another user", %{activity: activity} do
1254 %{conn: conn} = oauth_access(["write:accounts"])
1257 |> put_req_header("content-type", "application/json")
1258 |> post("/api/v1/statuses/#{activity.id}/pin")
1259 |> json_response(422) == %{"error" => "Someone else's status cannot be pinned"}
1262 test "unpin status", %{conn: conn, user: user, activity: activity} do
1263 {:ok, _} = CommonAPI.pin(activity.id, user)
1264 user = refresh_record(user)
1266 id_str = to_string(activity.id)
1268 assert %{"id" => ^id_str, "pinned" => false} =
1270 |> assign(:user, user)
1271 |> post("/api/v1/statuses/#{activity.id}/unpin")
1272 |> json_response_and_validate_schema(200)
1276 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1277 |> json_response_and_validate_schema(200)
1280 test "/unpin: returns 404 error when activity doesn't exist", %{conn: conn} do
1282 |> put_req_header("content-type", "application/json")
1283 |> post("/api/v1/statuses/1/unpin")
1284 |> json_response_and_validate_schema(404) == %{"error" => "Record not found"}
1287 test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
1288 {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"})
1290 id_str_one = to_string(activity_one.id)
1292 assert %{"id" => ^id_str_one, "pinned" => true} =
1294 |> put_req_header("content-type", "application/json")
1295 |> post("/api/v1/statuses/#{id_str_one}/pin")
1296 |> json_response_and_validate_schema(200)
1298 user = refresh_record(user)
1300 assert %{"error" => "You have already pinned the maximum number of statuses"} =
1302 |> assign(:user, user)
1303 |> post("/api/v1/statuses/#{activity_two.id}/pin")
1304 |> json_response_and_validate_schema(400)
1307 test "on pin removes deletion job, on unpin reschedule deletion" do
1308 %{conn: conn} = oauth_access(["write:accounts", "write:statuses"])
1309 expires_in = 2 * 60 * 60
1311 expires_at = DateTime.add(DateTime.utc_now(), expires_in)
1313 assert %{"id" => id} =
1315 |> put_req_header("content-type", "application/json")
1316 |> post("api/v1/statuses", %{
1317 "status" => "oolong",
1318 "expires_in" => expires_in
1320 |> json_response_and_validate_schema(200)
1323 worker: Pleroma.Workers.PurgeExpiredActivity,
1324 args: %{activity_id: id},
1325 scheduled_at: expires_at
1328 assert %{"id" => ^id, "pinned" => true} =
1330 |> put_req_header("content-type", "application/json")
1331 |> post("/api/v1/statuses/#{id}/pin")
1332 |> json_response_and_validate_schema(200)
1335 worker: Pleroma.Workers.PurgeExpiredActivity,
1336 args: %{activity_id: id},
1337 scheduled_at: expires_at
1340 assert %{"id" => ^id, "pinned" => false} =
1342 |> put_req_header("content-type", "application/json")
1343 |> post("/api/v1/statuses/#{id}/unpin")
1344 |> json_response_and_validate_schema(200)
1347 worker: Pleroma.Workers.PurgeExpiredActivity,
1348 args: %{activity_id: id},
1349 scheduled_at: expires_at
1355 bookmarks_uri = "/api/v1/bookmarks"
1357 %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
1358 author = insert(:user)
1360 {:ok, activity1} = CommonAPI.post(author, %{status: "heweoo?"})
1361 {:ok, activity2} = CommonAPI.post(author, %{status: "heweoo!"})
1365 |> put_req_header("content-type", "application/json")
1366 |> post("/api/v1/statuses/#{activity1.id}/bookmark")
1368 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == true
1372 |> put_req_header("content-type", "application/json")
1373 |> post("/api/v1/statuses/#{activity2.id}/bookmark")
1375 assert json_response_and_validate_schema(response2, 200)["bookmarked"] == true
1377 bookmarks = get(conn, bookmarks_uri)
1380 json_response_and_validate_schema(response2, 200),
1381 json_response_and_validate_schema(response1, 200)
1383 json_response_and_validate_schema(bookmarks, 200)
1387 |> put_req_header("content-type", "application/json")
1388 |> post("/api/v1/statuses/#{activity1.id}/unbookmark")
1390 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == false
1392 bookmarks = get(conn, bookmarks_uri)
1394 assert [json_response_and_validate_schema(response2, 200)] ==
1395 json_response_and_validate_schema(bookmarks, 200)
1398 describe "conversation muting" do
1399 setup do: oauth_access(["write:mutes"])
1402 post_user = insert(:user)
1403 {:ok, activity} = CommonAPI.post(post_user, %{status: "HIE"})
1404 %{activity: activity}
1407 test "mute conversation", %{conn: conn, activity: activity} do
1408 id_str = to_string(activity.id)
1410 assert %{"id" => ^id_str, "muted" => true} =
1412 |> put_req_header("content-type", "application/json")
1413 |> post("/api/v1/statuses/#{activity.id}/mute")
1414 |> json_response_and_validate_schema(200)
1417 test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
1418 {:ok, _} = CommonAPI.add_mute(user, activity)
1422 |> put_req_header("content-type", "application/json")
1423 |> post("/api/v1/statuses/#{activity.id}/mute")
1425 assert json_response_and_validate_schema(conn, 400) == %{
1426 "error" => "conversation is already muted"
1430 test "unmute conversation", %{conn: conn, user: user, activity: activity} do
1431 {:ok, _} = CommonAPI.add_mute(user, activity)
1433 id_str = to_string(activity.id)
1435 assert %{"id" => ^id_str, "muted" => false} =
1437 # |> assign(:user, user)
1438 |> post("/api/v1/statuses/#{activity.id}/unmute")
1439 |> json_response_and_validate_schema(200)
1443 test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do
1444 user1 = insert(:user)
1445 user2 = insert(:user)
1446 user3 = insert(:user)
1448 {:ok, replied_to} = CommonAPI.post(user1, %{status: "cofe"})
1450 # Reply to status from another user
1453 |> assign(:user, user2)
1454 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
1455 |> put_req_header("content-type", "application/json")
1456 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
1458 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn1, 200)
1460 activity = Activity.get_by_id_with_object(id)
1462 assert Object.normalize(activity, fetch: false).data["inReplyTo"] ==
1463 Object.normalize(replied_to, fetch: false).data["id"]
1465 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
1467 # Reblog from the third user
1470 |> assign(:user, user3)
1471 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
1472 |> put_req_header("content-type", "application/json")
1473 |> post("/api/v1/statuses/#{activity.id}/reblog")
1475 assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
1476 json_response_and_validate_schema(conn2, 200)
1478 assert to_string(activity.id) == id
1480 # Getting third user status
1483 |> assign(:user, user3)
1484 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1485 |> get("api/v1/timelines/home")
1487 [reblogged_activity] = json_response_and_validate_schema(conn3, 200)
1489 assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
1491 replied_to_user = User.get_by_ap_id(replied_to.data["actor"])
1492 assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id
1495 describe "GET /api/v1/statuses/:id/favourited_by" do
1496 setup do: oauth_access(["read:accounts"])
1498 setup %{user: user} do
1499 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1501 %{activity: activity}
1504 test "returns users who have favorited the status", %{conn: conn, activity: activity} do
1505 other_user = insert(:user)
1506 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1510 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1511 |> json_response_and_validate_schema(:ok)
1513 [%{"id" => id}] = response
1515 assert id == other_user.id
1518 test "returns empty array when status has not been favorited yet", %{
1524 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1525 |> json_response_and_validate_schema(:ok)
1527 assert Enum.empty?(response)
1530 test "does not return users who have favorited the status but are blocked", %{
1531 conn: %{assigns: %{user: user}} = conn,
1534 other_user = insert(:user)
1535 {:ok, _user_relationship} = User.block(user, other_user)
1537 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1541 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1542 |> json_response_and_validate_schema(:ok)
1544 assert Enum.empty?(response)
1547 test "does not fail on an unauthenticated request", %{activity: activity} do
1548 other_user = insert(:user)
1549 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1553 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1554 |> json_response_and_validate_schema(:ok)
1556 [%{"id" => id}] = response
1557 assert id == other_user.id
1560 test "requires authentication for private posts", %{user: user} do
1561 other_user = insert(:user)
1564 CommonAPI.post(user, %{
1565 status: "@#{other_user.nickname} wanna get some #cofe together?",
1566 visibility: "direct"
1569 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1571 favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
1574 |> get(favourited_by_url)
1575 |> json_response_and_validate_schema(404)
1579 |> assign(:user, other_user)
1580 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1583 |> assign(:token, nil)
1584 |> get(favourited_by_url)
1585 |> json_response_and_validate_schema(404)
1589 |> get(favourited_by_url)
1590 |> json_response_and_validate_schema(200)
1592 [%{"id" => id}] = response
1593 assert id == other_user.id
1596 test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do
1597 clear_config([:instance, :show_reactions], false)
1599 other_user = insert(:user)
1600 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1604 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1605 |> json_response_and_validate_schema(:ok)
1607 assert Enum.empty?(response)
1611 describe "GET /api/v1/statuses/:id/reblogged_by" do
1612 setup do: oauth_access(["read:accounts"])
1614 setup %{user: user} do
1615 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1617 %{activity: activity}
1620 test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
1621 other_user = insert(:user)
1622 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1626 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1627 |> json_response_and_validate_schema(:ok)
1629 [%{"id" => id}] = response
1631 assert id == other_user.id
1634 test "returns empty array when status has not been reblogged yet", %{
1640 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1641 |> json_response_and_validate_schema(:ok)
1643 assert Enum.empty?(response)
1646 test "does not return users who have reblogged the status but are blocked", %{
1647 conn: %{assigns: %{user: user}} = conn,
1650 other_user = insert(:user)
1651 {:ok, _user_relationship} = User.block(user, other_user)
1653 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1657 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1658 |> json_response_and_validate_schema(:ok)
1660 assert Enum.empty?(response)
1663 test "does not return users who have reblogged the status privately", %{
1666 other_user = insert(:user)
1667 {:ok, activity} = CommonAPI.post(other_user, %{status: "my secret post"})
1669 {:ok, _} = CommonAPI.repeat(activity.id, other_user, %{visibility: "private"})
1673 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1674 |> json_response_and_validate_schema(:ok)
1676 assert Enum.empty?(response)
1679 test "does not fail on an unauthenticated request", %{activity: activity} do
1680 other_user = insert(:user)
1681 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1685 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1686 |> json_response_and_validate_schema(:ok)
1688 [%{"id" => id}] = response
1689 assert id == other_user.id
1692 test "requires authentication for private posts", %{user: user} do
1693 other_user = insert(:user)
1696 CommonAPI.post(user, %{
1697 status: "@#{other_user.nickname} wanna get some #cofe together?",
1698 visibility: "direct"
1702 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1703 |> json_response_and_validate_schema(404)
1707 |> assign(:user, other_user)
1708 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1709 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1710 |> json_response_and_validate_schema(200)
1712 assert [] == response
1717 user = insert(:user)
1719 {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
1720 {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
1721 {:ok, %{id: id3}} = CommonAPI.post(user, %{status: "3", in_reply_to_status_id: id2})
1722 {:ok, %{id: id4}} = CommonAPI.post(user, %{status: "4", in_reply_to_status_id: id3})
1723 {:ok, %{id: id5}} = CommonAPI.post(user, %{status: "5", in_reply_to_status_id: id4})
1727 |> get("/api/v1/statuses/#{id3}/context")
1728 |> json_response_and_validate_schema(:ok)
1731 "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}],
1732 "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}]
1736 test "context when restrict_unauthenticated is on" do
1737 user = insert(:user)
1738 remote_user = insert(:user, local: false)
1740 {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
1741 {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
1744 CommonAPI.post(remote_user, %{status: "3", in_reply_to_status_id: id2, local: false})
1748 |> get("/api/v1/statuses/#{id2}/context")
1749 |> json_response_and_validate_schema(:ok)
1752 "ancestors" => [%{"id" => ^id1}],
1753 "descendants" => [%{"id" => ^id3}]
1756 clear_config([:restrict_unauthenticated, :activities, :local], true)
1760 |> get("/api/v1/statuses/#{id2}/context")
1761 |> json_response_and_validate_schema(:ok)
1769 test "favorites paginate correctly" do
1770 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1771 other_user = insert(:user)
1772 {:ok, first_post} = CommonAPI.post(other_user, %{status: "bla"})
1773 {:ok, second_post} = CommonAPI.post(other_user, %{status: "bla"})
1774 {:ok, third_post} = CommonAPI.post(other_user, %{status: "bla"})
1776 {:ok, _first_favorite} = CommonAPI.favorite(user, third_post.id)
1777 {:ok, _second_favorite} = CommonAPI.favorite(user, first_post.id)
1778 {:ok, third_favorite} = CommonAPI.favorite(user, second_post.id)
1782 |> get("/api/v1/favourites?limit=1")
1784 assert [%{"id" => post_id}] = json_response_and_validate_schema(result, 200)
1785 assert post_id == second_post.id
1787 # Using the header for pagination works correctly
1788 [next, _] = get_resp_header(result, "link") |> hd() |> String.split(", ")
1789 [_, max_id] = Regex.run(~r/max_id=([^&]+)/, next)
1791 assert max_id == third_favorite.id
1795 |> get("/api/v1/favourites?max_id=#{max_id}")
1797 assert [%{"id" => first_post_id}, %{"id" => third_post_id}] =
1798 json_response_and_validate_schema(result, 200)
1800 assert first_post_id == first_post.id
1801 assert third_post_id == third_post.id
1804 test "returns the favorites of a user" do
1805 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1806 other_user = insert(:user)
1808 {:ok, _} = CommonAPI.post(other_user, %{status: "bla"})
1809 {:ok, activity} = CommonAPI.post(other_user, %{status: "trees are happy"})
1811 {:ok, last_like} = CommonAPI.favorite(user, activity.id)
1813 first_conn = get(conn, "/api/v1/favourites")
1815 assert [status] = json_response_and_validate_schema(first_conn, 200)
1816 assert status["id"] == to_string(activity.id)
1818 assert [{"link", _link_header}] =
1819 Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end)
1821 # Honours query params
1822 {:ok, second_activity} =
1823 CommonAPI.post(other_user, %{
1824 status: "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful."
1827 {:ok, _} = CommonAPI.favorite(user, second_activity.id)
1829 second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like.id}")
1831 assert [second_status] = json_response_and_validate_schema(second_conn, 200)
1832 assert second_status["id"] == to_string(second_activity.id)
1834 third_conn = get(conn, "/api/v1/favourites?limit=0")
1836 assert [] = json_response_and_validate_schema(third_conn, 200)
1839 test "expires_at is nil for another user" do
1840 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1841 expires_at = DateTime.add(DateTime.utc_now(), 1_000_000)
1842 {:ok, activity} = CommonAPI.post(user, %{status: "foobar", expires_in: 1_000_000})
1844 assert %{"pleroma" => %{"expires_at" => a_expires_at}} =
1846 |> get("/api/v1/statuses/#{activity.id}")
1847 |> json_response_and_validate_schema(:ok)
1849 {:ok, a_expires_at, 0} = DateTime.from_iso8601(a_expires_at)
1850 assert DateTime.diff(expires_at, a_expires_at) == 0
1852 %{conn: conn} = oauth_access(["read:statuses"])
1854 assert %{"pleroma" => %{"expires_at" => nil}} =
1856 |> get("/api/v1/statuses/#{activity.id}")
1857 |> json_response_and_validate_schema(:ok)
1860 describe "local-only statuses" do
1861 test "posting a local only status" do
1862 %{user: _user, conn: conn} = oauth_access(["write:statuses"])
1866 |> put_req_header("content-type", "application/json")
1867 |> post("/api/v1/statuses", %{
1869 "visibility" => "local"
1872 local = Utils.as_local_public()
1874 assert %{"content" => "cofe", "id" => id, "visibility" => "local"} =
1875 json_response_and_validate_schema(conn_one, 200)
1877 assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id)
1880 test "other users can read local-only posts" do
1881 user = insert(:user)
1882 %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
1884 {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
1888 |> get("/api/v1/statuses/#{activity.id}")
1889 |> json_response_and_validate_schema(:ok)
1891 assert received["id"] == activity.id
1894 test "anonymous users cannot see local-only posts" do
1895 user = insert(:user)
1897 {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
1901 |> get("/api/v1/statuses/#{activity.id}")
1902 |> json_response_and_validate_schema(:not_found)
1906 describe "muted reactions" do
1908 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1910 other_user = insert(:user)
1911 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1913 {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
1914 User.mute(user, other_user)
1918 |> get("/api/v1/statuses/?ids[]=#{activity.id}")
1919 |> json_response_and_validate_schema(200)
1924 "emoji_reactions" => []
1931 |> get("/api/v1/statuses/?ids[]=#{activity.id}&with_muted=true")
1932 |> json_response_and_validate_schema(200)
1937 "emoji_reactions" => [%{"count" => 1, "me" => false, "name" => "🎅"}]
1944 # %{conn: conn, user: user, token: token} = oauth_access(["read:statuses"])
1945 %{conn: conn, user: user, token: _token} = oauth_access(["read:statuses"])
1947 other_user = insert(:user)
1948 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1950 {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
1951 User.mute(user, other_user)
1955 |> get("/api/v1/statuses/#{activity.id}")
1956 |> json_response_and_validate_schema(200)
1960 "emoji_reactions" => []
1966 |> get("/api/v1/statuses/#{activity.id}?with_muted=true")
1967 |> json_response_and_validate_schema(200)
1971 "emoji_reactions" => [%{"count" => 1, "me" => false, "name" => "🎅"}]
1977 describe "posting quotes" do
1978 setup do: oauth_access(["write:statuses"])
1980 test "posting a quote", %{conn: conn} do
1981 user = insert(:user)
1982 {:ok, quoted_status} = CommonAPI.post(user, %{status: "tell me, for whom do you fight?"})
1986 |> put_req_header("content-type", "application/json")
1987 |> post("/api/v1/statuses", %{
1988 "status" => "Hmph, how very glib",
1989 "quote_id" => quoted_status.id
1992 response = json_response_and_validate_schema(conn, 200)
1994 assert response["quote_id"] == quoted_status.id
1995 assert response["quote"]["id"] == quoted_status.id
1996 assert response["quote"]["content"] == quoted_status.object.data["content"]
1999 test "posting a quote, quoting a status that isn't public", %{conn: conn} do
2000 user = insert(:user)
2002 Enum.each(["private", "local", "direct"], fn visibility ->
2003 {:ok, quoted_status} =
2004 CommonAPI.post(user, %{
2005 status: "tell me, for whom do you fight?",
2006 visibility: visibility
2009 assert %{"error" => "You can only quote public or unlisted statuses"} =
2011 |> put_req_header("content-type", "application/json")
2012 |> post("/api/v1/statuses", %{
2013 "status" => "Hmph, how very glib",
2014 "quote_id" => quoted_status.id
2016 |> json_response_and_validate_schema(422)
2020 test "posting a quote, after quote, the status gets deleted", %{conn: conn} do
2021 user = insert(:user)
2023 {:ok, quoted_status} =
2024 CommonAPI.post(user, %{status: "tell me, for whom do you fight?", visibility: "public"})
2028 |> put_req_header("content-type", "application/json")
2029 |> post("/api/v1/statuses", %{
2030 "status" => "I fight for eorzea!",
2031 "quote_id" => quoted_status.id
2033 |> json_response_and_validate_schema(200)
2035 {:ok, _} = CommonAPI.delete(quoted_status.id, user)
2039 |> get("/api/v1/statuses/#{resp["id"]}")
2040 |> json_response_and_validate_schema(200)
2042 assert is_nil(resp["quote"])
2045 test "posting a quote of a deleted status", %{conn: conn} do
2046 user = insert(:user)
2048 {:ok, quoted_status} =
2049 CommonAPI.post(user, %{status: "tell me, for whom do you fight?", visibility: "public"})
2051 {:ok, _} = CommonAPI.delete(quoted_status.id, user)
2053 assert %{"error" => _} =
2055 |> put_req_header("content-type", "application/json")
2056 |> post("/api/v1/statuses", %{
2057 "status" => "I fight for eorzea!",
2058 "quote_id" => quoted_status.id
2060 |> json_response_and_validate_schema(422)
2063 test "posting a quote of a status that doesn't exist", %{conn: conn} do
2064 assert %{"error" => "You can't quote a status that doesn't exist"} =
2066 |> put_req_header("content-type", "application/json")
2067 |> post("/api/v1/statuses", %{
2068 "status" => "I fight for eorzea!",
2069 "quote_id" => "oops"
2071 |> json_response_and_validate_schema(422)