1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
6 use Pleroma.DataCase, async: false
9 alias Pleroma.UserRelationship
10 alias Pleroma.Web.CommonAPI
11 alias Pleroma.Web.MastodonAPI.AccountView
13 import Pleroma.Factory
18 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
22 test "Represent a user account" do
24 "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
29 ap_id: "https://example.com/users/chikichikibanban",
32 background: background_image,
33 nickname: "shp@shitposter.club",
34 name: ":karjalanpiirakka: shp",
36 "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
37 inserted_at: ~N[2017-08-15 15:47:06.597036],
38 emoji: %{"karjalanpiirakka" => "/file.png"},
39 raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
40 also_known_as: ["https://shitposter.zone/users/shp"]
43 insert(:instance, %{host: "example.com", nodeinfo: %{version: "2.1"}})
46 id: to_string(user.id),
49 display_name: user.name,
51 created_at: "2017-08-15T15:47:06.000Z",
55 note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f '&<>"",
66 avatar: "http://localhost:4001/images/avi.png",
67 avatar_static: "http://localhost:4001/images/avi.png",
68 header: "http://localhost:4001/images/banner.png",
69 header_static: "http://localhost:4001/images/banner.png",
72 static_url: "/file.png",
74 shortcode: "karjalanpiirakka",
75 visible_in_picker: false
81 note: "valid html. a\nb\nc\nd\nf '&<>\"",
89 fqn: "shp@shitposter.club",
93 also_known_as: ["https://shitposter.zone/users/shp"],
94 background_image: "https://example.com/images/asuka_hospital.png",
101 hide_favorites: true,
102 hide_followers: false,
104 hide_followers_count: false,
105 hide_follows_count: false,
107 skip_thread_containment: false
111 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
114 describe "nodeinfo" do
117 user: insert(:user, ap_id: "https://somewhere.example.com/users/chikichikibanban"),
120 host: "somewhere.example.com",
121 favicon: "https://example.com/favicon.ico"
126 test "is embedded in the account view", %{user: user} do
130 name: "somewhere.example.com",
134 favicon: "https://example.com/favicon.ico"
137 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
140 test "uses local nodeinfo for local users" do
154 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
158 describe "favicon" do
161 user: insert(:user, ap_id: "https://example.com/users/chikichikibanban"),
163 insert(:instance, %{host: "example.com", favicon: "https://example.com/favicon.ico"})
167 test "is parsed when :instance_favicons is enabled", %{user: user} do
168 clear_config([:instances_favicons, :enabled], true)
172 favicon: "https://example.com/favicon.ico"
174 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
177 test "is nil when we have no instance", %{user: user} do
178 user = %{user | ap_id: "https://wowee.example.com/users/2"}
180 assert %{pleroma: %{favicon: nil}} =
181 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
185 test "Represent the user account for the account owner" do
188 notification_settings = %{
189 block_from_strangers: false,
190 hide_notification_contents: false
193 privacy = user.default_scope
196 pleroma: %{notification_settings: ^notification_settings, allow_following_move: true},
197 source: %{privacy: ^privacy}
198 } = AccountView.render("show.json", %{user: user, for: user})
201 test "Represent a Service(bot) account" do
206 actor_type: "Service",
207 nickname: "shp@shitposter.club",
208 inserted_at: ~N[2017-08-15 15:47:06.597036]
212 id: to_string(user.id),
215 display_name: user.name,
217 created_at: "2017-08-15T15:47:06.000Z",
223 avatar: "http://localhost:4001/images/avi.png",
224 avatar_static: "http://localhost:4001/images/avi.png",
225 header: "http://localhost:4001/images/banner.png",
226 header_static: "http://localhost:4001/images/banner.png",
234 actor_type: "Service",
239 fqn: "shp@shitposter.club",
244 favicon: "http://localhost:4001/favicon.png",
245 nodeinfo: %{version: "2.0"}
251 background_image: nil,
252 favicon: "http://localhost:4001/favicon.png",
258 hide_favorites: true,
259 hide_followers: false,
261 hide_followers_count: false,
262 hide_follows_count: false,
264 skip_thread_containment: false
269 Pleroma.Web.Nodeinfo.NodeinfoController,
270 raw_nodeinfo: fn -> %{version: "2.0"} end
273 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
277 test "Represent a Funkwhale channel" do
279 User.get_or_fetch_by_ap_id(
280 "https://channels.tests.funkwhale.audio/federation/actors/compositions"
284 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
286 assert represented.acct == "compositions@channels.tests.funkwhale.audio"
287 assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
290 test "Represent a deactivated user for an admin" do
291 admin = insert(:user, is_admin: true)
292 deactivated_user = insert(:user, is_active: false)
293 represented = AccountView.render("show.json", %{user: deactivated_user, for: admin})
294 assert represented[:pleroma][:deactivated] == true
297 test "Represent a smaller mention" do
301 id: to_string(user.id),
303 username: user.nickname,
307 assert expected == AccountView.render("mention.json", %{user: user})
310 test "demands :for or :skip_visibility_check option for account rendering" do
311 clear_config([:restrict_unauthenticated, :profiles, :local], false)
316 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
317 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
319 assert %{id: ^user_id} =
320 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
322 assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
323 AccountView.render("show.json", %{user: user})
327 describe "relationship" do
328 defp test_relationship_rendering(user, other_user, expected_result) do
329 opts = %{user: user, target: other_user, relationships: nil}
330 assert expected_result == AccountView.render("relationship.json", opts)
332 relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
333 opts = Map.put(opts, :relationships, relationships_opt)
334 assert expected_result == AccountView.render("relationship.json", opts)
336 assert [expected_result] ==
337 AccountView.render("relationships.json", %{user: user, targets: [other_user]})
346 muting_notifications: false,
350 domain_blocking: false,
351 showing_reblogs: true,
356 test "represent a relationship for the following and followed user" do
358 other_user = insert(:user)
360 {:ok, user, other_user} = User.follow(user, other_user)
361 {:ok, other_user, user} = User.follow(other_user, user)
362 {:ok, _subscription} = User.subscribe(user, other_user)
363 {:ok, _user_relationships} = User.mute(user, other_user, %{notifications: true})
364 {:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, other_user)
373 muting_notifications: true,
376 showing_reblogs: false,
377 id: to_string(other_user.id)
381 test_relationship_rendering(user, other_user, expected)
384 test "represent a relationship for the blocking and blocked user" do
386 other_user = insert(:user)
388 {:ok, user, other_user} = User.follow(user, other_user)
389 {:ok, _subscription} = User.subscribe(user, other_user)
390 {:ok, _user_relationship} = User.block(user, other_user)
391 {:ok, _user_relationship} = User.block(other_user, user)
396 %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
399 test_relationship_rendering(user, other_user, expected)
402 test "represent a relationship for the user blocking a domain" do
404 other_user = insert(:user, ap_id: "https://bad.site/users/other_user")
406 {:ok, user} = User.block_domain(user, "bad.site")
411 %{domain_blocking: true, blocking: false, id: to_string(other_user.id)}
414 test_relationship_rendering(user, other_user, expected)
417 test "represent a relationship for the user with a pending follow request" do
419 other_user = insert(:user, is_locked: true)
421 {:ok, user, other_user, _} = CommonAPI.follow(user, other_user)
422 user = User.get_cached_by_id(user.id)
423 other_user = User.get_cached_by_id(other_user.id)
428 %{requested: true, following: false, id: to_string(other_user.id)}
431 test_relationship_rendering(user, other_user, expected)
435 test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
436 user = insert(:user, pleroma_settings_store: %{fe: "test"})
439 AccountView.render("show.json", %{user: user, for: user, with_pleroma_settings: true})
441 assert result.pleroma.settings_store == %{:fe => "test"}
443 result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
444 assert result.pleroma[:settings_store] == nil
446 result = AccountView.render("show.json", %{user: user, for: user})
447 assert result.pleroma[:settings_store] == nil
450 test "doesn't sanitize display names" do
451 user = insert(:user, name: "<marquee> username </marquee>")
452 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
453 assert result.display_name == "<marquee> username </marquee>"
456 test "never display nil user follow counts" do
457 user = insert(:user, following_count: 0, follower_count: 0)
458 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
460 assert result.following_count == 0
461 assert result.followers_count == 0
464 describe "hiding follows/following" do
465 test "shows when follows/followers stats are hidden and sets follow/follower count to 0" do
468 hide_followers: true,
469 hide_followers_count: true,
471 hide_follows_count: true
474 other_user = insert(:user)
475 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
476 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
481 pleroma: %{hide_follows_count: true, hide_followers_count: true}
482 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
485 test "shows when follows/followers are hidden" do
486 user = insert(:user, hide_followers: true, hide_follows: true)
487 other_user = insert(:user)
488 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
489 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
494 pleroma: %{hide_follows: true, hide_followers: true}
495 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
498 test "shows actual follower/following count to the account owner" do
499 user = insert(:user, hide_followers: true, hide_follows: true)
500 other_user = insert(:user)
501 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
503 assert User.following?(user, other_user)
504 assert Pleroma.FollowingRelationship.follower_count(other_user) == 1
505 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
510 } = AccountView.render("show.json", %{user: user, for: user})
513 test "shows unread_conversation_count only to the account owner" do
515 other_user = insert(:user)
518 CommonAPI.post(other_user, %{
519 status: "Hey @#{user.nickname}.",
523 user = User.get_cached_by_ap_id(user.ap_id)
525 assert AccountView.render("show.json", %{user: user, for: other_user})[:pleroma][
526 :unread_conversation_count
529 assert AccountView.render("show.json", %{user: user, for: user})[:pleroma][
530 :unread_conversation_count
534 test "shows unread_count only to the account owner" do
536 insert_list(7, :notification, user: user, activity: insert(:note_activity))
537 other_user = insert(:user)
539 user = User.get_cached_by_ap_id(user.ap_id)
541 assert AccountView.render(
543 %{user: user, for: other_user}
544 )[:pleroma][:unread_notifications_count] == nil
546 assert AccountView.render(
548 %{user: user, for: user}
549 )[:pleroma][:unread_notifications_count] == 7
552 test "shows email only to the account owner" do
554 other_user = insert(:user)
556 user = User.get_cached_by_ap_id(user.ap_id)
558 assert AccountView.render(
560 %{user: user, for: other_user}
561 )[:pleroma][:email] == nil
563 assert AccountView.render(
565 %{user: user, for: user}
566 )[:pleroma][:email] == user.email
570 describe "follow requests counter" do
571 test "shows zero when no follow requests are pending" do
574 assert %{follow_requests_count: 0} =
575 AccountView.render("show.json", %{user: user, for: user})
577 other_user = insert(:user)
578 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
580 assert %{follow_requests_count: 0} =
581 AccountView.render("show.json", %{user: user, for: user})
584 test "shows non-zero when follow requests are pending" do
585 user = insert(:user, is_locked: true)
587 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
589 other_user = insert(:user)
590 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
592 assert %{locked: true, follow_requests_count: 1} =
593 AccountView.render("show.json", %{user: user, for: user})
596 test "decreases when accepting a follow request" do
597 user = insert(:user, is_locked: true)
599 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
601 other_user = insert(:user)
602 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
604 assert %{locked: true, follow_requests_count: 1} =
605 AccountView.render("show.json", %{user: user, for: user})
607 {:ok, _other_user} = CommonAPI.accept_follow_request(other_user, user)
609 assert %{locked: true, follow_requests_count: 0} =
610 AccountView.render("show.json", %{user: user, for: user})
613 test "decreases when rejecting a follow request" do
614 user = insert(:user, is_locked: true)
616 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
618 other_user = insert(:user)
619 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
621 assert %{locked: true, follow_requests_count: 1} =
622 AccountView.render("show.json", %{user: user, for: user})
624 {:ok, _other_user} = CommonAPI.reject_follow_request(other_user, user)
626 assert %{locked: true, follow_requests_count: 0} =
627 AccountView.render("show.json", %{user: user, for: user})
630 test "shows non-zero when historical unapproved requests are present" do
631 user = insert(:user, is_locked: true)
633 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
635 other_user = insert(:user)
636 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
638 {:ok, user} = User.update_and_set_cache(user, %{is_locked: false})
640 assert %{locked: false, follow_requests_count: 1} =
641 AccountView.render("show.json", %{user: user, for: user})
645 test "uses mediaproxy urls when it's enabled (regardless of media preview proxy state)" do
646 clear_config([:media_proxy, :enabled], true)
647 clear_config([:media_preview_proxy, :enabled])
651 avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
652 banner: %{"url" => [%{"href" => "https://evil.website/banner.png"}]},
653 emoji: %{"joker_smile" => "https://evil.website/society.png"}
656 insert(:instance, %{host: "localhost", favicon: "https://evil.website/favicon.png"})
658 with media_preview_enabled <- [false, true] do
659 clear_config([:media_preview_proxy, :enabled], media_preview_enabled)
661 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
663 {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
664 String.starts_with?(url, Pleroma.Web.Endpoint.url())
666 {:akkoma, %{instance: %{favicon: favicon_url}}} ->
667 String.starts_with?(favicon_url, Pleroma.Web.Endpoint.url())
670 Enum.all?(emojis, fn %{url: url, static_url: static_url} ->
671 String.starts_with?(url, Pleroma.Web.Endpoint.url()) &&
672 String.starts_with?(static_url, Pleroma.Web.Endpoint.url())
682 test "returns nil in the instance field when no instance is held locally" do
683 user = insert(:user, ap_id: "https://example.com/users/1")
684 view = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
685 assert view[:akkoma][:instance] == nil