1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.UserInviteToken
10 import Pleroma.Factory
12 describe "/api/pleroma/admin/user" do
14 admin = insert(:user, info: %{is_admin: true})
19 |> assign(:user, admin)
20 |> put_req_header("accept", "application/json")
21 |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}")
23 assert json_response(conn, 200) == user.nickname
27 admin = insert(:user, info: %{is_admin: true})
31 |> assign(:user, admin)
32 |> put_req_header("accept", "application/json")
33 |> post("/api/pleroma/admin/user", %{
35 "email" => "lain@example.org",
39 assert json_response(conn, 200) == "lain"
43 describe "/api/pleroma/admin/users/:nickname" do
44 test "Show", %{conn: conn} do
45 admin = insert(:user, info: %{is_admin: true})
50 |> assign(:user, admin)
51 |> get("/api/pleroma/admin/users/#{user.nickname}")
54 "deactivated" => false,
55 "id" => to_string(user.id),
57 "nickname" => user.nickname,
58 "roles" => %{"admin" => false, "moderator" => false},
62 assert expected == json_response(conn, 200)
65 test "when the user doesn't exist", %{conn: conn} do
66 admin = insert(:user, info: %{is_admin: true})
71 |> assign(:user, admin)
72 |> get("/api/pleroma/admin/users/#{user.nickname}")
74 assert "Not found" == json_response(conn, 404)
78 describe "/api/pleroma/admin/user/follow" do
79 test "allows to force-follow another user" do
80 admin = insert(:user, info: %{is_admin: true})
82 follower = insert(:user)
85 |> assign(:user, admin)
86 |> put_req_header("accept", "application/json")
87 |> post("/api/pleroma/admin/user/follow", %{
88 "follower" => follower.nickname,
89 "followed" => user.nickname
92 user = User.get_by_id(user.id)
93 follower = User.get_by_id(follower.id)
95 assert User.following?(follower, user)
99 describe "/api/pleroma/admin/user/unfollow" do
100 test "allows to force-unfollow another user" do
101 admin = insert(:user, info: %{is_admin: true})
103 follower = insert(:user)
105 User.follow(follower, user)
108 |> assign(:user, admin)
109 |> put_req_header("accept", "application/json")
110 |> post("/api/pleroma/admin/user/unfollow", %{
111 "follower" => follower.nickname,
112 "followed" => user.nickname
115 user = User.get_by_id(user.id)
116 follower = User.get_by_id(follower.id)
118 refute User.following?(follower, user)
122 describe "PUT /api/pleroma/admin/users/tag" do
124 admin = insert(:user, info: %{is_admin: true})
125 user1 = insert(:user, %{tags: ["x"]})
126 user2 = insert(:user, %{tags: ["y"]})
127 user3 = insert(:user, %{tags: ["unchanged"]})
131 |> assign(:user, admin)
132 |> put_req_header("accept", "application/json")
134 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
136 }&tags[]=foo&tags[]=bar"
139 %{conn: conn, user1: user1, user2: user2, user3: user3}
142 test "it appends specified tags to users with specified nicknames", %{
147 assert json_response(conn, :no_content)
148 assert User.get_by_id(user1.id).tags == ["x", "foo", "bar"]
149 assert User.get_by_id(user2.id).tags == ["y", "foo", "bar"]
152 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
153 assert json_response(conn, :no_content)
154 assert User.get_by_id(user3.id).tags == ["unchanged"]
158 describe "DELETE /api/pleroma/admin/users/tag" do
160 admin = insert(:user, info: %{is_admin: true})
161 user1 = insert(:user, %{tags: ["x"]})
162 user2 = insert(:user, %{tags: ["y", "z"]})
163 user3 = insert(:user, %{tags: ["unchanged"]})
167 |> assign(:user, admin)
168 |> put_req_header("accept", "application/json")
170 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
175 %{conn: conn, user1: user1, user2: user2, user3: user3}
178 test "it removes specified tags from users with specified nicknames", %{
183 assert json_response(conn, :no_content)
184 assert User.get_by_id(user1.id).tags == []
185 assert User.get_by_id(user2.id).tags == ["y"]
188 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
189 assert json_response(conn, :no_content)
190 assert User.get_by_id(user3.id).tags == ["unchanged"]
194 describe "/api/pleroma/admin/permission_group" do
195 test "GET is giving user_info" do
196 admin = insert(:user, info: %{is_admin: true})
200 |> assign(:user, admin)
201 |> put_req_header("accept", "application/json")
202 |> get("/api/pleroma/admin/permission_group/#{admin.nickname}")
204 assert json_response(conn, 200) == %{
206 "is_moderator" => false
210 test "/:right POST, can add to a permission group" do
211 admin = insert(:user, info: %{is_admin: true})
216 |> assign(:user, admin)
217 |> put_req_header("accept", "application/json")
218 |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin")
220 assert json_response(conn, 200) == %{
225 test "/:right DELETE, can remove from a permission group" do
226 admin = insert(:user, info: %{is_admin: true})
227 user = insert(:user, info: %{is_admin: true})
231 |> assign(:user, admin)
232 |> put_req_header("accept", "application/json")
233 |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin")
235 assert json_response(conn, 200) == %{
241 describe "PUT /api/pleroma/admin/activation_status" do
242 setup %{conn: conn} do
243 admin = insert(:user, info: %{is_admin: true})
247 |> assign(:user, admin)
248 |> put_req_header("accept", "application/json")
253 test "deactivates the user", %{conn: conn} do
258 |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false})
260 user = User.get_by_id(user.id)
261 assert user.info.deactivated == true
262 assert json_response(conn, :no_content)
265 test "activates the user", %{conn: conn} do
266 user = insert(:user, info: %{deactivated: true})
270 |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: true})
272 user = User.get_by_id(user.id)
273 assert user.info.deactivated == false
274 assert json_response(conn, :no_content)
277 test "returns 403 when requested by a non-admin", %{conn: conn} do
282 |> assign(:user, user)
283 |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false})
285 assert json_response(conn, :forbidden)
289 describe "POST /api/pleroma/admin/email_invite, with valid config" do
291 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
292 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
293 Pleroma.Config.put([:instance, :registrations_open], false)
294 Pleroma.Config.put([:instance, :invites_enabled], true)
297 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
298 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
302 [user: insert(:user, info: %{is_admin: true})]
305 test "sends invitation and returns 204", %{conn: conn, user: user} do
306 recipient_email = "foo@bar.com"
307 recipient_name = "J. D."
311 |> assign(:user, user)
312 |> post("/api/pleroma/admin/email_invite?email=#{recipient_email}&name=#{recipient_name}")
314 assert json_response(conn, :no_content)
316 token_record = List.last(Pleroma.Repo.all(Pleroma.UserInviteToken))
318 refute token_record.used
320 Swoosh.TestAssertions.assert_email_sent(
321 Pleroma.UserEmail.user_invitation_email(
330 test "it returns 403 if requested by a non-admin", %{conn: conn} do
331 non_admin_user = insert(:user)
335 |> assign(:user, non_admin_user)
336 |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
338 assert json_response(conn, :forbidden)
342 describe "POST /api/pleroma/admin/email_invite, with invalid config" do
344 [user: insert(:user, info: %{is_admin: true})]
347 test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
348 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
349 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
350 Pleroma.Config.put([:instance, :registrations_open], false)
351 Pleroma.Config.put([:instance, :invites_enabled], false)
354 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
355 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
361 |> assign(:user, user)
362 |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
364 assert json_response(conn, :internal_server_error)
367 test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
368 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
369 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
370 Pleroma.Config.put([:instance, :registrations_open], true)
371 Pleroma.Config.put([:instance, :invites_enabled], true)
374 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
375 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
381 |> assign(:user, user)
382 |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
384 assert json_response(conn, :internal_server_error)
388 test "/api/pleroma/admin/invite_token" do
389 admin = insert(:user, info: %{is_admin: true})
393 |> assign(:user, admin)
394 |> put_req_header("accept", "application/json")
395 |> get("/api/pleroma/admin/invite_token")
397 assert conn.status == 200
400 test "/api/pleroma/admin/password_reset" do
401 admin = insert(:user, info: %{is_admin: true})
406 |> assign(:user, admin)
407 |> put_req_header("accept", "application/json")
408 |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}")
410 assert conn.status == 200
413 describe "GET /api/pleroma/admin/users" do
414 test "renders users array for the first page" do
415 admin = insert(:user, info: %{is_admin: true})
416 user = insert(:user, local: false, tags: ["foo", "bar"])
420 |> assign(:user, admin)
421 |> get("/api/pleroma/admin/users?page=1")
423 assert json_response(conn, 200) == %{
428 "deactivated" => admin.info.deactivated,
430 "nickname" => admin.nickname,
431 "roles" => %{"admin" => true, "moderator" => false},
436 "deactivated" => user.info.deactivated,
438 "nickname" => user.nickname,
439 "roles" => %{"admin" => false, "moderator" => false},
441 "tags" => ["foo", "bar"]
447 test "renders empty array for the second page" do
448 admin = insert(:user, info: %{is_admin: true})
453 |> assign(:user, admin)
454 |> get("/api/pleroma/admin/users?page=2")
456 assert json_response(conn, 200) == %{
463 test "regular search" do
464 admin = insert(:user, info: %{is_admin: true})
465 user = insert(:user, nickname: "bob")
469 |> assign(:user, admin)
470 |> get("/api/pleroma/admin/users?query=bo")
472 assert json_response(conn, 200) == %{
477 "deactivated" => user.info.deactivated,
479 "nickname" => user.nickname,
480 "roles" => %{"admin" => false, "moderator" => false},
488 test "regular search with page size" do
489 admin = insert(:user, info: %{is_admin: true})
490 user = insert(:user, nickname: "aalice")
491 user2 = insert(:user, nickname: "alice")
495 |> assign(:user, admin)
496 |> get("/api/pleroma/admin/users?query=a&page_size=1&page=1")
498 assert json_response(conn, 200) == %{
503 "deactivated" => user.info.deactivated,
505 "nickname" => user.nickname,
506 "roles" => %{"admin" => false, "moderator" => false},
515 |> assign(:user, admin)
516 |> get("/api/pleroma/admin/users?query=a&page_size=1&page=2")
518 assert json_response(conn, 200) == %{
523 "deactivated" => user2.info.deactivated,
525 "nickname" => user2.nickname,
526 "roles" => %{"admin" => false, "moderator" => false},
534 test "only local users" do
535 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
536 user = insert(:user, nickname: "bob")
538 insert(:user, nickname: "bobb", local: false)
542 |> assign(:user, admin)
543 |> get("/api/pleroma/admin/users?query=bo&filters=local")
545 assert json_response(conn, 200) == %{
550 "deactivated" => user.info.deactivated,
552 "nickname" => user.nickname,
553 "roles" => %{"admin" => false, "moderator" => false},
561 test "only local users with no query" do
562 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
563 user = insert(:user, nickname: "bob")
565 insert(:user, nickname: "bobb", local: false)
569 |> assign(:user, admin)
570 |> get("/api/pleroma/admin/users?filters=local")
572 assert json_response(conn, 200) == %{
577 "deactivated" => user.info.deactivated,
579 "nickname" => user.nickname,
580 "roles" => %{"admin" => false, "moderator" => false},
585 "deactivated" => admin.info.deactivated,
587 "nickname" => admin.nickname,
588 "roles" => %{"admin" => true, "moderator" => false},
596 test "it works with multiple filters" do
597 admin = insert(:user, nickname: "john", info: %{is_admin: true})
598 user = insert(:user, nickname: "bob", local: false, info: %{deactivated: true})
600 insert(:user, nickname: "ken", local: true, info: %{deactivated: true})
601 insert(:user, nickname: "bobb", local: false, info: %{deactivated: false})
605 |> assign(:user, admin)
606 |> get("/api/pleroma/admin/users?filters=deactivated,external")
608 assert json_response(conn, 200) == %{
613 "deactivated" => user.info.deactivated,
615 "nickname" => user.nickname,
616 "roles" => %{"admin" => false, "moderator" => false},
617 "local" => user.local,
625 test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
626 admin = insert(:user, info: %{is_admin: true})
631 |> assign(:user, admin)
632 |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
634 assert json_response(conn, 200) ==
636 "deactivated" => !user.info.deactivated,
638 "nickname" => user.nickname,
639 "roles" => %{"admin" => false, "moderator" => false},
645 describe "GET /api/pleroma/admin/invite_token" do
646 test "without options" do
647 admin = insert(:user, info: %{is_admin: true})
651 |> assign(:user, admin)
652 |> get("/api/pleroma/admin/invite_token")
654 token = json_response(conn, 200)
655 invite = UserInviteToken.find_by_token!(token)
657 refute invite.expires_at
658 refute invite.max_use
659 assert invite.invite_type == "one_time"
662 test "with expires_at" do
663 admin = insert(:user, info: %{is_admin: true})
667 |> assign(:user, admin)
668 |> get("/api/pleroma/admin/invite_token", %{
669 "invite" => %{"expires_at" => Date.to_string(Date.utc_today())}
672 token = json_response(conn, 200)
673 invite = UserInviteToken.find_by_token!(token)
676 assert invite.expires_at == Date.utc_today()
677 refute invite.max_use
678 assert invite.invite_type == "date_limited"
681 test "with max_use" do
682 admin = insert(:user, info: %{is_admin: true})
686 |> assign(:user, admin)
687 |> get("/api/pleroma/admin/invite_token", %{
688 "invite" => %{"max_use" => 150}
691 token = json_response(conn, 200)
692 invite = UserInviteToken.find_by_token!(token)
694 refute invite.expires_at
695 assert invite.max_use == 150
696 assert invite.invite_type == "reusable"
699 test "with max use and expires_at" do
700 admin = insert(:user, info: %{is_admin: true})
704 |> assign(:user, admin)
705 |> get("/api/pleroma/admin/invite_token", %{
706 "invite" => %{"max_use" => 150, "expires_at" => Date.to_string(Date.utc_today())}
709 token = json_response(conn, 200)
710 invite = UserInviteToken.find_by_token!(token)
712 assert invite.expires_at == Date.utc_today()
713 assert invite.max_use == 150
714 assert invite.invite_type == "reusable_date_limited"
718 describe "GET /api/pleroma/admin/invites" do
720 admin = insert(:user, info: %{is_admin: true})
724 |> assign(:user, admin)
725 |> get("/api/pleroma/admin/invites")
727 assert json_response(conn, 200) == %{"invites" => []}
730 test "with invite" do
731 admin = insert(:user, info: %{is_admin: true})
732 {:ok, invite} = UserInviteToken.create_invite()
736 |> assign(:user, admin)
737 |> get("/api/pleroma/admin/invites")
739 assert json_response(conn, 200) == %{
744 "invite_type" => "one_time",
746 "token" => invite.token,
755 describe "POST /api/pleroma/admin/revoke_invite" do
757 admin = insert(:user, info: %{is_admin: true})
758 {:ok, invite} = UserInviteToken.create_invite()
762 |> assign(:user, admin)
763 |> post("/api/pleroma/admin/revoke_invite", %{"token" => invite.token})
765 assert json_response(conn, 200) == %{
768 "invite_type" => "one_time",
770 "token" => invite.token,