git.squeep.com Git - akkoma/blob - test/pleroma/web/mastodon_api/update_credentials_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
   6   alias Pleroma.Repo
   7   alias Pleroma.User
   8
   9   use Pleroma.Web.ConnCase
  10
  11   import Mock
  12   import Pleroma.Factory
  13
  14   setup do: clear_config([:instance, :max_account_fields])
  15
  16   describe "updating credentials" do
  17     setup do: oauth_access(["write:accounts"])
  18     setup :request_content_type
  19
  20     test "sets user settings in a generic way", %{conn: conn} do
  21       res_conn =
  22         patch(conn, "/api/v1/accounts/update_credentials", %{
  23           "pleroma_settings_store" => %{
  24             pleroma_fe: %{
  25               theme: "bla"
  26             }
  27           }
  28         })
  29
  30       assert user_data = json_response_and_validate_schema(res_conn, 200)
  31       assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
  32
  33       user = Repo.get(User, user_data["id"])
  34
  35       res_conn =
  36         conn
  37         |> assign(:user, user)
  38         |> patch("/api/v1/accounts/update_credentials", %{
  39           "pleroma_settings_store" => %{
  40             masto_fe: %{
  41               theme: "bla"
  42             }
  43           }
  44         })
  45
  46       assert user_data = json_response_and_validate_schema(res_conn, 200)
  47
  48       assert user_data["pleroma"]["settings_store"] ==
  49                %{
  50                  "pleroma_fe" => %{"theme" => "bla"},
  51                  "masto_fe" => %{"theme" => "bla"}
  52                }
  53
  54       user = Repo.get(User, user_data["id"])
  55
  56       clear_config([:instance, :federating], true)
  57
  58       with_mock Pleroma.Web.Federator,
  59         publish: fn _activity -> :ok end do
  60         res_conn =
  61           conn
  62           |> assign(:user, user)
  63           |> patch("/api/v1/accounts/update_credentials", %{
  64             "pleroma_settings_store" => %{
  65               masto_fe: %{
  66                 theme: "blub"
  67               }
  68             }
  69           })
  70
  71         assert user_data = json_response_and_validate_schema(res_conn, 200)
  72
  73         assert user_data["pleroma"]["settings_store"] ==
  74                  %{
  75                    "pleroma_fe" => %{"theme" => "bla"},
  76                    "masto_fe" => %{"theme" => "blub"}
  77                  }
  78
  79         assert_called(Pleroma.Web.Federator.publish(:_))
  80       end
  81     end
  82
  83     test "updates the user's bio", %{conn: conn} do
  84       user2 = insert(:user)
  85
  86       raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
  87
  88       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
  89
  90       assert user_data = json_response_and_validate_schema(conn, 200)
  91
  92       assert user_data["note"] ==
  93                ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
  94                  user2.id
  95                }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
  96
  97       assert user_data["source"]["note"] == raw_bio
  98
  99       user = Repo.get(User, user_data["id"])
 100
 101       assert user.raw_bio == raw_bio
 102     end
 103
 104     test "updates the user's locking status", %{conn: conn} do
 105       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
 106
 107       assert user_data = json_response_and_validate_schema(conn, 200)
 108       assert user_data["locked"] == true
 109     end
 110
 111     test "updates the user's chat acceptance status", %{conn: conn} do
 112       conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
 113
 114       assert user_data = json_response_and_validate_schema(conn, 200)
 115       assert user_data["pleroma"]["accepts_chat_messages"] == false
 116     end
 117
 118     test "updates the user's allow_following_move", %{user: user, conn: conn} do
 119       assert user.allow_following_move == true
 120
 121       conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
 122
 123       assert refresh_record(user).allow_following_move == false
 124       assert user_data = json_response_and_validate_schema(conn, 200)
 125       assert user_data["pleroma"]["allow_following_move"] == false
 126     end
 127
 128     test "updates the user's default scope", %{conn: conn} do
 129       conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
 130
 131       assert user_data = json_response_and_validate_schema(conn, 200)
 132       assert user_data["source"]["privacy"] == "unlisted"
 133     end
 134
 135     test "updates the user's privacy", %{conn: conn} do
 136       conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
 137
 138       assert user_data = json_response_and_validate_schema(conn, 200)
 139       assert user_data["source"]["privacy"] == "unlisted"
 140     end
 141
 142     test "updates the user's hide_followers status", %{conn: conn} do
 143       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
 144
 145       assert user_data = json_response_and_validate_schema(conn, 200)
 146       assert user_data["pleroma"]["hide_followers"] == true
 147     end
 148
 149     test "updates the user's discoverable status", %{conn: conn} do
 150       assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
 151                conn
 152                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
 153                |> json_response_and_validate_schema(:ok)
 154
 155       assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
 156                conn
 157                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
 158                |> json_response_and_validate_schema(:ok)
 159     end
 160
 161     test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
 162       conn =
 163         patch(conn, "/api/v1/accounts/update_credentials", %{
 164           hide_followers_count: "true",
 165           hide_follows_count: "true"
 166         })
 167
 168       assert user_data = json_response_and_validate_schema(conn, 200)
 169       assert user_data["pleroma"]["hide_followers_count"] == true
 170       assert user_data["pleroma"]["hide_follows_count"] == true
 171     end
 172
 173     test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
 174       response =
 175         conn
 176         |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
 177         |> json_response_and_validate_schema(200)
 178
 179       assert response["pleroma"]["skip_thread_containment"] == true
 180       assert refresh_record(user).skip_thread_containment
 181     end
 182
 183     test "updates the user's hide_follows status", %{conn: conn} do
 184       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
 185
 186       assert user_data = json_response_and_validate_schema(conn, 200)
 187       assert user_data["pleroma"]["hide_follows"] == true
 188     end
 189
 190     test "updates the user's hide_favorites status", %{conn: conn} do
 191       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
 192
 193       assert user_data = json_response_and_validate_schema(conn, 200)
 194       assert user_data["pleroma"]["hide_favorites"] == true
 195     end
 196
 197     test "updates the user's show_role status", %{conn: conn} do
 198       conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
 199
 200       assert user_data = json_response_and_validate_schema(conn, 200)
 201       assert user_data["source"]["pleroma"]["show_role"] == false
 202     end
 203
 204     test "updates the user's no_rich_text status", %{conn: conn} do
 205       conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
 206
 207       assert user_data = json_response_and_validate_schema(conn, 200)
 208       assert user_data["source"]["pleroma"]["no_rich_text"] == true
 209     end
 210
 211     test "updates the user's name", %{conn: conn} do
 212       conn =
 213         patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
 214
 215       assert user_data = json_response_and_validate_schema(conn, 200)
 216       assert user_data["display_name"] == "markorepairs"
 217
 218       update_activity = Repo.one(Pleroma.Activity)
 219       assert update_activity.data["type"] == "Update"
 220       assert update_activity.data["object"]["name"] == "markorepairs"
 221     end
 222
 223     test "updates the user's avatar", %{user: user, conn: conn} do
 224       new_avatar = %Plug.Upload{
 225         content_type: "image/jpeg",
 226         path: Path.absname("test/fixtures/image.jpg"),
 227         filename: "an_image.jpg"
 228       }
 229
 230       assert user.avatar == %{}
 231
 232       res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
 233
 234       assert user_response = json_response_and_validate_schema(res, 200)
 235       assert user_response["avatar"] != User.avatar_url(user)
 236
 237       user = User.get_by_id(user.id)
 238       refute user.avatar == %{}
 239
 240       # Also resets it
 241       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
 242
 243       user = User.get_by_id(user.id)
 244       assert user.avatar == nil
 245     end
 246
 247     test "updates the user's banner", %{user: user, conn: conn} do
 248       new_header = %Plug.Upload{
 249         content_type: "image/jpeg",
 250         path: Path.absname("test/fixtures/image.jpg"),
 251         filename: "an_image.jpg"
 252       }
 253
 254       res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
 255
 256       assert user_response = json_response_and_validate_schema(res, 200)
 257       assert user_response["header"] != User.banner_url(user)
 258
 259       # Also resets it
 260       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
 261
 262       user = User.get_by_id(user.id)
 263       assert user.banner == nil
 264     end
 265
 266     test "updates the user's background", %{conn: conn, user: user} do
 267       new_header = %Plug.Upload{
 268         content_type: "image/jpeg",
 269         path: Path.absname("test/fixtures/image.jpg"),
 270         filename: "an_image.jpg"
 271       }
 272
 273       res =
 274         patch(conn, "/api/v1/accounts/update_credentials", %{
 275           "pleroma_background_image" => new_header
 276         })
 277
 278       assert user_response = json_response_and_validate_schema(res, 200)
 279       assert user_response["pleroma"]["background_image"]
 280       #
 281       # Also resets it
 282       _res =
 283         patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
 284
 285       user = User.get_by_id(user.id)
 286       assert user.background == nil
 287     end
 288
 289     test "requires 'write:accounts' permission" do
 290       token1 = insert(:oauth_token, scopes: ["read"])
 291       token2 = insert(:oauth_token, scopes: ["write", "follow"])
 292
 293       for token <- [token1, token2] do
 294         conn =
 295           build_conn()
 296           |> put_req_header("content-type", "multipart/form-data")
 297           |> put_req_header("authorization", "Bearer #{token.token}")
 298           |> patch("/api/v1/accounts/update_credentials", %{})
 299
 300         if token == token1 do
 301           assert %{"error" => "Insufficient permissions: write:accounts."} ==
 302                    json_response_and_validate_schema(conn, 403)
 303         else
 304           assert json_response_and_validate_schema(conn, 200)
 305         end
 306       end
 307     end
 308
 309     test "updates profile emojos", %{user: user, conn: conn} do
 310       note = "*sips :blank:*"
 311       name = "I am :firefox:"
 312
 313       ret_conn =
 314         patch(conn, "/api/v1/accounts/update_credentials", %{
 315           "note" => note,
 316           "display_name" => name
 317         })
 318
 319       assert json_response_and_validate_schema(ret_conn, 200)
 320
 321       conn = get(conn, "/api/v1/accounts/#{user.id}")
 322
 323       assert user_data = json_response_and_validate_schema(conn, 200)
 324
 325       assert user_data["note"] == note
 326       assert user_data["display_name"] == name
 327       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
 328     end
 329
 330     test "update fields", %{conn: conn} do
 331       fields = [
 332         %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
 333         %{"name" => "link.io", "value" => "cofe.io"}
 334       ]
 335
 336       account_data =
 337         conn
 338         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 339         |> json_response_and_validate_schema(200)
 340
 341       assert account_data["fields"] == [
 342                %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
 343                %{
 344                  "name" => "link.io",
 345                  "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
 346                }
 347              ]
 348
 349       assert account_data["source"]["fields"] == [
 350                %{
 351                  "name" => "<a href=\"http://google.com\">foo</a>",
 352                  "value" => "<script>bar</script>"
 353                },
 354                %{"name" => "link.io", "value" => "cofe.io"}
 355              ]
 356     end
 357
 358     test "emojis in fields labels", %{conn: conn} do
 359       fields = [
 360         %{"name" => ":firefox:", "value" => "is best 2hu"},
 361         %{"name" => "they wins", "value" => ":blank:"}
 362       ]
 363
 364       account_data =
 365         conn
 366         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 367         |> json_response_and_validate_schema(200)
 368
 369       assert account_data["fields"] == [
 370                %{"name" => ":firefox:", "value" => "is best 2hu"},
 371                %{"name" => "they wins", "value" => ":blank:"}
 372              ]
 373
 374       assert account_data["source"]["fields"] == [
 375                %{"name" => ":firefox:", "value" => "is best 2hu"},
 376                %{"name" => "they wins", "value" => ":blank:"}
 377              ]
 378
 379       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
 380     end
 381
 382     test "update fields via x-www-form-urlencoded", %{conn: conn} do
 383       fields =
 384         [
 385           "fields_attributes[1][name]=link",
 386           "fields_attributes[1][value]=http://cofe.io",
 387           "fields_attributes[0][name]=foo",
 388           "fields_attributes[0][value]=bar"
 389         ]
 390         |> Enum.join("&")
 391
 392       account =
 393         conn
 394         |> put_req_header("content-type", "application/x-www-form-urlencoded")
 395         |> patch("/api/v1/accounts/update_credentials", fields)
 396         |> json_response_and_validate_schema(200)
 397
 398       assert account["fields"] == [
 399                %{"name" => "foo", "value" => "bar"},
 400                %{
 401                  "name" => "link",
 402                  "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
 403                }
 404              ]
 405
 406       assert account["source"]["fields"] == [
 407                %{"name" => "foo", "value" => "bar"},
 408                %{"name" => "link", "value" => "http://cofe.io"}
 409              ]
 410     end
 411
 412     test "update fields with empty name", %{conn: conn} do
 413       fields = [
 414         %{"name" => "foo", "value" => ""},
 415         %{"name" => "", "value" => "bar"}
 416       ]
 417
 418       account =
 419         conn
 420         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 421         |> json_response_and_validate_schema(200)
 422
 423       assert account["fields"] == [
 424                %{"name" => "foo", "value" => ""}
 425              ]
 426     end
 427
 428     test "update fields when invalid request", %{conn: conn} do
 429       name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
 430       value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
 431
 432       long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
 433       long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
 434
 435       fields = [%{"name" => "foo", "value" => long_value}]
 436
 437       assert %{"error" => "Invalid request"} ==
 438                conn
 439                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 440                |> json_response_and_validate_schema(403)
 441
 442       fields = [%{"name" => long_name, "value" => "bar"}]
 443
 444       assert %{"error" => "Invalid request"} ==
 445                conn
 446                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 447                |> json_response_and_validate_schema(403)
 448
 449       Pleroma.Config.put([:instance, :max_account_fields], 1)
 450
 451       fields = [
 452         %{"name" => "foo", "value" => "bar"},
 453         %{"name" => "link", "value" => "cofe.io"}
 454       ]
 455
 456       assert %{"error" => "Invalid request"} ==
 457                conn
 458                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 459                |> json_response_and_validate_schema(403)
 460     end
 461   end
 462
 463   describe "Mark account as bot" do
 464     setup do: oauth_access(["write:accounts"])
 465     setup :request_content_type
 466
 467     test "changing actor_type to Service makes account a bot", %{conn: conn} do
 468       account =
 469         conn
 470         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
 471         |> json_response_and_validate_schema(200)
 472
 473       assert account["bot"]
 474       assert account["source"]["pleroma"]["actor_type"] == "Service"
 475     end
 476
 477     test "changing actor_type to Person makes account a human", %{conn: conn} do
 478       account =
 479         conn
 480         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
 481         |> json_response_and_validate_schema(200)
 482
 483       refute account["bot"]
 484       assert account["source"]["pleroma"]["actor_type"] == "Person"
 485     end
 486
 487     test "changing actor_type to Application causes error", %{conn: conn} do
 488       response =
 489         conn
 490         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
 491         |> json_response_and_validate_schema(403)
 492
 493       assert %{"error" => "Invalid request"} == response
 494     end
 495
 496     test "changing bot field to true changes actor_type to Service", %{conn: conn} do
 497       account =
 498         conn
 499         |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
 500         |> json_response_and_validate_schema(200)
 501
 502       assert account["bot"]
 503       assert account["source"]["pleroma"]["actor_type"] == "Service"
 504     end
 505
 506     test "changing bot field to false changes actor_type to Person", %{conn: conn} do
 507       account =
 508         conn
 509         |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
 510         |> json_response_and_validate_schema(200)
 511
 512       refute account["bot"]
 513       assert account["source"]["pleroma"]["actor_type"] == "Person"
 514     end
 515
 516     test "actor_type field has a higher priority than bot", %{conn: conn} do
 517       account =
 518         conn
 519         |> patch("/api/v1/accounts/update_credentials", %{
 520           actor_type: "Person",
 521           bot: "true"
 522         })
 523         |> json_response_and_validate_schema(200)
 524
 525       refute account["bot"]
 526       assert account["source"]["pleroma"]["actor_type"] == "Person"
 527     end
 528   end
 529 end