1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.UserInviteToken
10 import Pleroma.Factory
12 describe "/api/pleroma/admin/users" do
14 admin = insert(:user, info: %{is_admin: true})
19 |> assign(:user, admin)
20 |> put_req_header("accept", "application/json")
21 |> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")
23 assert json_response(conn, 200) == user.nickname
27 admin = insert(:user, info: %{is_admin: true})
31 |> assign(:user, admin)
32 |> put_req_header("accept", "application/json")
33 |> post("/api/pleroma/admin/users", %{
37 "email" => "lain@example.org",
41 "nickname" => "lain2",
42 "email" => "lain2@example.org",
48 assert json_response(conn, 200) == [
52 "email" => "lain@example.org",
60 "email" => "lain2@example.org",
68 test "Cannot create user with exisiting email" do
69 admin = insert(:user, info: %{is_admin: true})
74 |> assign(:user, admin)
75 |> put_req_header("accept", "application/json")
76 |> post("/api/pleroma/admin/users", %{
80 "email" => user.email,
86 assert json_response(conn, 409) == [
90 "email" => user.email,
93 "error" => "email has already been taken",
99 test "Cannot create user with exisiting nickname" do
100 admin = insert(:user, info: %{is_admin: true})
105 |> assign(:user, admin)
106 |> put_req_header("accept", "application/json")
107 |> post("/api/pleroma/admin/users", %{
110 "nickname" => user.nickname,
111 "email" => "someuser@plerama.social",
117 assert json_response(conn, 409) == [
121 "email" => "someuser@plerama.social",
122 "nickname" => user.nickname
124 "error" => "nickname has already been taken",
130 test "Multiple user creation works in transaction" do
131 admin = insert(:user, info: %{is_admin: true})
136 |> assign(:user, admin)
137 |> put_req_header("accept", "application/json")
138 |> post("/api/pleroma/admin/users", %{
141 "nickname" => "newuser",
142 "email" => "newuser@pleroma.social",
146 "nickname" => "lain",
147 "email" => user.email,
153 assert json_response(conn, 409) == [
157 "email" => user.email,
160 "error" => "email has already been taken",
166 "email" => "newuser@pleroma.social",
167 "nickname" => "newuser"
174 assert User.get_by_nickname("newuser") === nil
178 describe "/api/pleroma/admin/users/:nickname" do
179 test "Show", %{conn: conn} do
180 admin = insert(:user, info: %{is_admin: true})
185 |> assign(:user, admin)
186 |> get("/api/pleroma/admin/users/#{user.nickname}")
189 "deactivated" => false,
190 "id" => to_string(user.id),
192 "nickname" => user.nickname,
193 "roles" => %{"admin" => false, "moderator" => false},
197 assert expected == json_response(conn, 200)
200 test "when the user doesn't exist", %{conn: conn} do
201 admin = insert(:user, info: %{is_admin: true})
206 |> assign(:user, admin)
207 |> get("/api/pleroma/admin/users/#{user.nickname}")
209 assert "Not found" == json_response(conn, 404)
213 describe "/api/pleroma/admin/users/follow" do
214 test "allows to force-follow another user" do
215 admin = insert(:user, info: %{is_admin: true})
217 follower = insert(:user)
220 |> assign(:user, admin)
221 |> put_req_header("accept", "application/json")
222 |> post("/api/pleroma/admin/users/follow", %{
223 "follower" => follower.nickname,
224 "followed" => user.nickname
227 user = User.get_cached_by_id(user.id)
228 follower = User.get_cached_by_id(follower.id)
230 assert User.following?(follower, user)
234 describe "/api/pleroma/admin/users/unfollow" do
235 test "allows to force-unfollow another user" do
236 admin = insert(:user, info: %{is_admin: true})
238 follower = insert(:user)
240 User.follow(follower, user)
243 |> assign(:user, admin)
244 |> put_req_header("accept", "application/json")
245 |> post("/api/pleroma/admin/users/unfollow", %{
246 "follower" => follower.nickname,
247 "followed" => user.nickname
250 user = User.get_cached_by_id(user.id)
251 follower = User.get_cached_by_id(follower.id)
253 refute User.following?(follower, user)
257 describe "PUT /api/pleroma/admin/users/tag" do
259 admin = insert(:user, info: %{is_admin: true})
260 user1 = insert(:user, %{tags: ["x"]})
261 user2 = insert(:user, %{tags: ["y"]})
262 user3 = insert(:user, %{tags: ["unchanged"]})
266 |> assign(:user, admin)
267 |> put_req_header("accept", "application/json")
269 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
271 }&tags[]=foo&tags[]=bar"
274 %{conn: conn, user1: user1, user2: user2, user3: user3}
277 test "it appends specified tags to users with specified nicknames", %{
282 assert json_response(conn, :no_content)
283 assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"]
284 assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"]
287 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
288 assert json_response(conn, :no_content)
289 assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
293 describe "DELETE /api/pleroma/admin/users/tag" do
295 admin = insert(:user, info: %{is_admin: true})
296 user1 = insert(:user, %{tags: ["x"]})
297 user2 = insert(:user, %{tags: ["y", "z"]})
298 user3 = insert(:user, %{tags: ["unchanged"]})
302 |> assign(:user, admin)
303 |> put_req_header("accept", "application/json")
305 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
310 %{conn: conn, user1: user1, user2: user2, user3: user3}
313 test "it removes specified tags from users with specified nicknames", %{
318 assert json_response(conn, :no_content)
319 assert User.get_cached_by_id(user1.id).tags == []
320 assert User.get_cached_by_id(user2.id).tags == ["y"]
323 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
324 assert json_response(conn, :no_content)
325 assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
329 describe "/api/pleroma/admin/users/:nickname/permission_group" do
330 test "GET is giving user_info" do
331 admin = insert(:user, info: %{is_admin: true})
335 |> assign(:user, admin)
336 |> put_req_header("accept", "application/json")
337 |> get("/api/pleroma/admin/users/#{admin.nickname}/permission_group/")
339 assert json_response(conn, 200) == %{
341 "is_moderator" => false
345 test "/:right POST, can add to a permission group" do
346 admin = insert(:user, info: %{is_admin: true})
351 |> assign(:user, admin)
352 |> put_req_header("accept", "application/json")
353 |> post("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
355 assert json_response(conn, 200) == %{
360 test "/:right DELETE, can remove from a permission group" do
361 admin = insert(:user, info: %{is_admin: true})
362 user = insert(:user, info: %{is_admin: true})
366 |> assign(:user, admin)
367 |> put_req_header("accept", "application/json")
368 |> delete("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
370 assert json_response(conn, 200) == %{
376 describe "PUT /api/pleroma/admin/users/:nickname/activation_status" do
377 setup %{conn: conn} do
378 admin = insert(:user, info: %{is_admin: true})
382 |> assign(:user, admin)
383 |> put_req_header("accept", "application/json")
388 test "deactivates the user", %{conn: conn} do
393 |> put("/api/pleroma/admin/users/#{user.nickname}/activation_status", %{status: false})
395 user = User.get_cached_by_id(user.id)
396 assert user.info.deactivated == true
397 assert json_response(conn, :no_content)
400 test "activates the user", %{conn: conn} do
401 user = insert(:user, info: %{deactivated: true})
405 |> put("/api/pleroma/admin/users/#{user.nickname}/activation_status", %{status: true})
407 user = User.get_cached_by_id(user.id)
408 assert user.info.deactivated == false
409 assert json_response(conn, :no_content)
412 test "returns 403 when requested by a non-admin", %{conn: conn} do
417 |> assign(:user, user)
418 |> put("/api/pleroma/admin/users/#{user.nickname}/activation_status", %{status: false})
420 assert json_response(conn, :forbidden)
424 describe "POST /api/pleroma/admin/email_invite, with valid config" do
426 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
427 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
428 Pleroma.Config.put([:instance, :registrations_open], false)
429 Pleroma.Config.put([:instance, :invites_enabled], true)
432 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
433 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
437 [user: insert(:user, info: %{is_admin: true})]
440 test "sends invitation and returns 204", %{conn: conn, user: user} do
441 recipient_email = "foo@bar.com"
442 recipient_name = "J. D."
446 |> assign(:user, user)
448 "/api/pleroma/admin/users/email_invite?email=#{recipient_email}&name=#{recipient_name}"
451 assert json_response(conn, :no_content)
453 token_record = List.last(Pleroma.Repo.all(Pleroma.UserInviteToken))
455 refute token_record.used
457 notify_email = Pleroma.Config.get([:instance, :notify_email])
458 instance_name = Pleroma.Config.get([:instance, :name])
461 Pleroma.Emails.UserEmail.user_invitation_email(
468 Swoosh.TestAssertions.assert_email_sent(
469 from: {instance_name, notify_email},
470 to: {recipient_name, recipient_email},
471 html_body: email.html_body
475 test "it returns 403 if requested by a non-admin", %{conn: conn} do
476 non_admin_user = insert(:user)
480 |> assign(:user, non_admin_user)
481 |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
483 assert json_response(conn, :forbidden)
487 describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
489 [user: insert(:user, info: %{is_admin: true})]
492 test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
493 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
494 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
495 Pleroma.Config.put([:instance, :registrations_open], false)
496 Pleroma.Config.put([:instance, :invites_enabled], false)
499 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
500 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
506 |> assign(:user, user)
507 |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
509 assert json_response(conn, :internal_server_error)
512 test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
513 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
514 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
515 Pleroma.Config.put([:instance, :registrations_open], true)
516 Pleroma.Config.put([:instance, :invites_enabled], true)
519 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
520 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
526 |> assign(:user, user)
527 |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
529 assert json_response(conn, :internal_server_error)
533 test "/api/pleroma/admin/invite_token" do
534 admin = insert(:user, info: %{is_admin: true})
538 |> assign(:user, admin)
539 |> put_req_header("accept", "application/json")
540 |> get("/api/pleroma/admin/invite_token")
542 assert conn.status == 200
545 test "/api/pleroma/admin/users/:nickname/password_reset" do
546 admin = insert(:user, info: %{is_admin: true})
551 |> assign(:user, admin)
552 |> put_req_header("accept", "application/json")
553 |> get("/api/pleroma/admin/users/#{user.nickname}/password_reset")
555 assert conn.status == 200
558 describe "GET /api/pleroma/admin/users" do
560 admin = insert(:user, info: %{is_admin: true})
564 |> assign(:user, admin)
566 {:ok, conn: conn, admin: admin}
569 test "renders users array for the first page", %{conn: conn, admin: admin} do
570 user = insert(:user, local: false, tags: ["foo", "bar"])
571 conn = get(conn, "/api/pleroma/admin/users?page=1")
573 assert json_response(conn, 200) == %{
578 "deactivated" => admin.info.deactivated,
580 "nickname" => admin.nickname,
581 "roles" => %{"admin" => true, "moderator" => false},
586 "deactivated" => user.info.deactivated,
588 "nickname" => user.nickname,
589 "roles" => %{"admin" => false, "moderator" => false},
591 "tags" => ["foo", "bar"]
597 test "renders empty array for the second page", %{conn: conn} do
600 conn = get(conn, "/api/pleroma/admin/users?page=2")
602 assert json_response(conn, 200) == %{
609 test "regular search", %{conn: conn} do
610 user = insert(:user, nickname: "bob")
612 conn = get(conn, "/api/pleroma/admin/users?query=bo")
614 assert json_response(conn, 200) == %{
619 "deactivated" => user.info.deactivated,
621 "nickname" => user.nickname,
622 "roles" => %{"admin" => false, "moderator" => false},
630 test "search by domain", %{conn: conn} do
631 user = insert(:user, nickname: "nickname@domain.com")
634 conn = get(conn, "/api/pleroma/admin/users?query=domain.com")
636 assert json_response(conn, 200) == %{
641 "deactivated" => user.info.deactivated,
643 "nickname" => user.nickname,
644 "roles" => %{"admin" => false, "moderator" => false},
652 test "search by full nickname", %{conn: conn} do
653 user = insert(:user, nickname: "nickname@domain.com")
656 conn = get(conn, "/api/pleroma/admin/users?query=nickname@domain.com")
658 assert json_response(conn, 200) == %{
663 "deactivated" => user.info.deactivated,
665 "nickname" => user.nickname,
666 "roles" => %{"admin" => false, "moderator" => false},
674 test "search by display name", %{conn: conn} do
675 user = insert(:user, name: "Display name")
678 conn = get(conn, "/api/pleroma/admin/users?name=display")
680 assert json_response(conn, 200) == %{
685 "deactivated" => user.info.deactivated,
687 "nickname" => user.nickname,
688 "roles" => %{"admin" => false, "moderator" => false},
696 test "search by email", %{conn: conn} do
697 user = insert(:user, email: "email@example.com")
700 conn = get(conn, "/api/pleroma/admin/users?email=email@example.com")
702 assert json_response(conn, 200) == %{
707 "deactivated" => user.info.deactivated,
709 "nickname" => user.nickname,
710 "roles" => %{"admin" => false, "moderator" => false},
718 test "regular search with page size", %{conn: conn} do
719 user = insert(:user, nickname: "aalice")
720 user2 = insert(:user, nickname: "alice")
722 conn1 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=1")
724 assert json_response(conn1, 200) == %{
729 "deactivated" => user.info.deactivated,
731 "nickname" => user.nickname,
732 "roles" => %{"admin" => false, "moderator" => false},
739 conn2 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=2")
741 assert json_response(conn2, 200) == %{
746 "deactivated" => user2.info.deactivated,
748 "nickname" => user2.nickname,
749 "roles" => %{"admin" => false, "moderator" => false},
757 test "only local users" do
758 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
759 user = insert(:user, nickname: "bob")
761 insert(:user, nickname: "bobb", local: false)
765 |> assign(:user, admin)
766 |> get("/api/pleroma/admin/users?query=bo&filters=local")
768 assert json_response(conn, 200) == %{
773 "deactivated" => user.info.deactivated,
775 "nickname" => user.nickname,
776 "roles" => %{"admin" => false, "moderator" => false},
784 test "only local users with no query", %{admin: old_admin} do
785 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
786 user = insert(:user, nickname: "bob")
788 insert(:user, nickname: "bobb", local: false)
792 |> assign(:user, admin)
793 |> get("/api/pleroma/admin/users?filters=local")
795 assert json_response(conn, 200) == %{
800 "deactivated" => user.info.deactivated,
802 "nickname" => user.nickname,
803 "roles" => %{"admin" => false, "moderator" => false},
808 "deactivated" => admin.info.deactivated,
810 "nickname" => admin.nickname,
811 "roles" => %{"admin" => true, "moderator" => false},
816 "deactivated" => false,
817 "id" => old_admin.id,
819 "nickname" => old_admin.nickname,
820 "roles" => %{"admin" => true, "moderator" => false},
827 test "load only admins", %{conn: conn, admin: admin} do
828 second_admin = insert(:user, info: %{is_admin: true})
832 conn = get(conn, "/api/pleroma/admin/users?filters=is_admin")
834 assert json_response(conn, 200) == %{
839 "deactivated" => false,
841 "nickname" => admin.nickname,
842 "roles" => %{"admin" => true, "moderator" => false},
843 "local" => admin.local,
847 "deactivated" => false,
848 "id" => second_admin.id,
849 "nickname" => second_admin.nickname,
850 "roles" => %{"admin" => true, "moderator" => false},
851 "local" => second_admin.local,
858 test "load only moderators", %{conn: conn} do
859 moderator = insert(:user, info: %{is_moderator: true})
863 conn = get(conn, "/api/pleroma/admin/users?filters=is_moderator")
865 assert json_response(conn, 200) == %{
870 "deactivated" => false,
871 "id" => moderator.id,
872 "nickname" => moderator.nickname,
873 "roles" => %{"admin" => false, "moderator" => true},
874 "local" => moderator.local,
881 test "load users with tags list", %{conn: conn} do
882 user1 = insert(:user, tags: ["first"])
883 user2 = insert(:user, tags: ["second"])
887 conn = get(conn, "/api/pleroma/admin/users?tags[]=first&tags[]=second")
889 assert json_response(conn, 200) == %{
894 "deactivated" => false,
896 "nickname" => user1.nickname,
897 "roles" => %{"admin" => false, "moderator" => false},
898 "local" => user1.local,
902 "deactivated" => false,
904 "nickname" => user2.nickname,
905 "roles" => %{"admin" => false, "moderator" => false},
906 "local" => user2.local,
913 test "it works with multiple filters" do
914 admin = insert(:user, nickname: "john", info: %{is_admin: true})
915 user = insert(:user, nickname: "bob", local: false, info: %{deactivated: true})
917 insert(:user, nickname: "ken", local: true, info: %{deactivated: true})
918 insert(:user, nickname: "bobb", local: false, info: %{deactivated: false})
922 |> assign(:user, admin)
923 |> get("/api/pleroma/admin/users?filters=deactivated,external")
925 assert json_response(conn, 200) == %{
930 "deactivated" => user.info.deactivated,
932 "nickname" => user.nickname,
933 "roles" => %{"admin" => false, "moderator" => false},
934 "local" => user.local,
942 test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
943 admin = insert(:user, info: %{is_admin: true})
948 |> assign(:user, admin)
949 |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
951 assert json_response(conn, 200) ==
953 "deactivated" => !user.info.deactivated,
955 "nickname" => user.nickname,
956 "roles" => %{"admin" => false, "moderator" => false},
962 describe "GET /api/pleroma/admin/users/invite_token" do
964 admin = insert(:user, info: %{is_admin: true})
968 |> assign(:user, admin)
973 test "without options", %{conn: conn} do
974 conn = get(conn, "/api/pleroma/admin/users/invite_token")
976 token = json_response(conn, 200)
977 invite = UserInviteToken.find_by_token!(token)
979 refute invite.expires_at
980 refute invite.max_use
981 assert invite.invite_type == "one_time"
984 test "with expires_at", %{conn: conn} do
986 get(conn, "/api/pleroma/admin/users/invite_token", %{
987 "invite" => %{"expires_at" => Date.to_string(Date.utc_today())}
990 token = json_response(conn, 200)
991 invite = UserInviteToken.find_by_token!(token)
994 assert invite.expires_at == Date.utc_today()
995 refute invite.max_use
996 assert invite.invite_type == "date_limited"
999 test "with max_use", %{conn: conn} do
1001 get(conn, "/api/pleroma/admin/users/invite_token", %{
1002 "invite" => %{"max_use" => 150}
1005 token = json_response(conn, 200)
1006 invite = UserInviteToken.find_by_token!(token)
1008 refute invite.expires_at
1009 assert invite.max_use == 150
1010 assert invite.invite_type == "reusable"
1013 test "with max use and expires_at", %{conn: conn} do
1015 get(conn, "/api/pleroma/admin/users/invite_token", %{
1016 "invite" => %{"max_use" => 150, "expires_at" => Date.to_string(Date.utc_today())}
1019 token = json_response(conn, 200)
1020 invite = UserInviteToken.find_by_token!(token)
1022 assert invite.expires_at == Date.utc_today()
1023 assert invite.max_use == 150
1024 assert invite.invite_type == "reusable_date_limited"
1028 describe "GET /api/pleroma/admin/users/invites" do
1030 admin = insert(:user, info: %{is_admin: true})
1034 |> assign(:user, admin)
1039 test "no invites", %{conn: conn} do
1040 conn = get(conn, "/api/pleroma/admin/users/invites")
1042 assert json_response(conn, 200) == %{"invites" => []}
1045 test "with invite", %{conn: conn} do
1046 {:ok, invite} = UserInviteToken.create_invite()
1048 conn = get(conn, "/api/pleroma/admin/users/invites")
1050 assert json_response(conn, 200) == %{
1053 "expires_at" => nil,
1055 "invite_type" => "one_time",
1057 "token" => invite.token,
1066 describe "POST /api/pleroma/admin/users/revoke_invite" do
1067 test "with token" do
1068 admin = insert(:user, info: %{is_admin: true})
1069 {:ok, invite} = UserInviteToken.create_invite()
1073 |> assign(:user, admin)
1074 |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
1076 assert json_response(conn, 200) == %{
1077 "expires_at" => nil,
1079 "invite_type" => "one_time",
1081 "token" => invite.token,