1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.UserInviteToken
10 import Pleroma.Factory
12 describe "/api/pleroma/admin/user" do
14 admin = insert(:user, info: %{is_admin: true})
19 |> assign(:user, admin)
20 |> put_req_header("accept", "application/json")
21 |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}")
23 assert json_response(conn, 200) == user.nickname
27 admin = insert(:user, info: %{is_admin: true})
31 |> assign(:user, admin)
32 |> put_req_header("accept", "application/json")
33 |> post("/api/pleroma/admin/user", %{
35 "email" => "lain@example.org",
39 assert json_response(conn, 200) == "lain"
43 describe "/api/pleroma/admin/users/:nickname" do
44 test "Show", %{conn: conn} do
45 admin = insert(:user, info: %{is_admin: true})
50 |> assign(:user, admin)
51 |> get("/api/pleroma/admin/users/#{user.nickname}")
54 "deactivated" => false,
55 "id" => to_string(user.id),
57 "nickname" => user.nickname,
58 "roles" => %{"admin" => false, "moderator" => false},
62 assert expected == json_response(conn, 200)
65 test "when the user doesn't exist", %{conn: conn} do
66 admin = insert(:user, info: %{is_admin: true})
71 |> assign(:user, admin)
72 |> get("/api/pleroma/admin/users/#{user.nickname}")
74 assert "Not found" == json_response(conn, 404)
78 describe "/api/pleroma/admin/user/follow" do
79 test "allows to force-follow another user" do
80 admin = insert(:user, info: %{is_admin: true})
82 follower = insert(:user)
85 |> assign(:user, admin)
86 |> put_req_header("accept", "application/json")
87 |> post("/api/pleroma/admin/user/follow", %{
88 "follower" => follower.nickname,
89 "followed" => user.nickname
92 user = User.get_by_id(user.id)
93 follower = User.get_by_id(follower.id)
95 assert User.following?(follower, user)
99 describe "/api/pleroma/admin/user/unfollow" do
100 test "allows to force-unfollow another user" do
101 admin = insert(:user, info: %{is_admin: true})
103 follower = insert(:user)
105 User.follow(follower, user)
108 |> assign(:user, admin)
109 |> put_req_header("accept", "application/json")
110 |> post("/api/pleroma/admin/user/unfollow", %{
111 "follower" => follower.nickname,
112 "followed" => user.nickname
115 user = User.get_by_id(user.id)
116 follower = User.get_by_id(follower.id)
118 refute User.following?(follower, user)
122 describe "PUT /api/pleroma/admin/users/tag" do
124 admin = insert(:user, info: %{is_admin: true})
125 user1 = insert(:user, %{tags: ["x"]})
126 user2 = insert(:user, %{tags: ["y"]})
127 user3 = insert(:user, %{tags: ["unchanged"]})
131 |> assign(:user, admin)
132 |> put_req_header("accept", "application/json")
134 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
136 }&tags[]=foo&tags[]=bar"
139 %{conn: conn, user1: user1, user2: user2, user3: user3}
142 test "it appends specified tags to users with specified nicknames", %{
147 assert json_response(conn, :no_content)
148 assert User.get_by_id(user1.id).tags == ["x", "foo", "bar"]
149 assert User.get_by_id(user2.id).tags == ["y", "foo", "bar"]
152 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
153 assert json_response(conn, :no_content)
154 assert User.get_by_id(user3.id).tags == ["unchanged"]
158 describe "DELETE /api/pleroma/admin/users/tag" do
160 admin = insert(:user, info: %{is_admin: true})
161 user1 = insert(:user, %{tags: ["x"]})
162 user2 = insert(:user, %{tags: ["y", "z"]})
163 user3 = insert(:user, %{tags: ["unchanged"]})
167 |> assign(:user, admin)
168 |> put_req_header("accept", "application/json")
170 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
175 %{conn: conn, user1: user1, user2: user2, user3: user3}
178 test "it removes specified tags from users with specified nicknames", %{
183 assert json_response(conn, :no_content)
184 assert User.get_by_id(user1.id).tags == []
185 assert User.get_by_id(user2.id).tags == ["y"]
188 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
189 assert json_response(conn, :no_content)
190 assert User.get_by_id(user3.id).tags == ["unchanged"]
194 describe "/api/pleroma/admin/permission_group" do
195 test "GET is giving user_info" do
196 admin = insert(:user, info: %{is_admin: true})
200 |> assign(:user, admin)
201 |> put_req_header("accept", "application/json")
202 |> get("/api/pleroma/admin/permission_group/#{admin.nickname}")
204 assert json_response(conn, 200) == %{
206 "is_moderator" => false
210 test "/:right POST, can add to a permission group" do
211 admin = insert(:user, info: %{is_admin: true})
216 |> assign(:user, admin)
217 |> put_req_header("accept", "application/json")
218 |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin")
220 assert json_response(conn, 200) == %{
225 test "/:right DELETE, can remove from a permission group" do
226 admin = insert(:user, info: %{is_admin: true})
227 user = insert(:user, info: %{is_admin: true})
231 |> assign(:user, admin)
232 |> put_req_header("accept", "application/json")
233 |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin")
235 assert json_response(conn, 200) == %{
241 describe "PUT /api/pleroma/admin/activation_status" do
242 setup %{conn: conn} do
243 admin = insert(:user, info: %{is_admin: true})
247 |> assign(:user, admin)
248 |> put_req_header("accept", "application/json")
253 test "deactivates the user", %{conn: conn} do
258 |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false})
260 user = User.get_by_id(user.id)
261 assert user.info.deactivated == true
262 assert json_response(conn, :no_content)
265 test "activates the user", %{conn: conn} do
266 user = insert(:user, info: %{deactivated: true})
270 |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: true})
272 user = User.get_by_id(user.id)
273 assert user.info.deactivated == false
274 assert json_response(conn, :no_content)
277 test "returns 403 when requested by a non-admin", %{conn: conn} do
282 |> assign(:user, user)
283 |> put("/api/pleroma/admin/activation_status/#{user.nickname}", %{status: false})
285 assert json_response(conn, :forbidden)
289 describe "POST /api/pleroma/admin/email_invite, with valid config" do
291 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
292 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
293 Pleroma.Config.put([:instance, :registrations_open], false)
294 Pleroma.Config.put([:instance, :invites_enabled], true)
297 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
298 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
302 [user: insert(:user, info: %{is_admin: true})]
305 test "sends invitation and returns 204", %{conn: conn, user: user} do
306 recipient_email = "foo@bar.com"
307 recipient_name = "J. D."
311 |> assign(:user, user)
312 |> post("/api/pleroma/admin/email_invite?email=#{recipient_email}&name=#{recipient_name}")
314 assert json_response(conn, :no_content)
316 token_record = List.last(Pleroma.Repo.all(Pleroma.UserInviteToken))
318 refute token_record.used
320 notify_email = Pleroma.Config.get([:instance, :notify_email])
321 instance_name = Pleroma.Config.get([:instance, :name])
324 Pleroma.Emails.UserEmail.user_invitation_email(
331 Swoosh.TestAssertions.assert_email_sent(
332 from: {instance_name, notify_email},
333 to: {recipient_name, recipient_email},
334 html_body: email.html_body
338 test "it returns 403 if requested by a non-admin", %{conn: conn} do
339 non_admin_user = insert(:user)
343 |> assign(:user, non_admin_user)
344 |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
346 assert json_response(conn, :forbidden)
350 describe "POST /api/pleroma/admin/email_invite, with invalid config" do
352 [user: insert(:user, info: %{is_admin: true})]
355 test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
356 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
357 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
358 Pleroma.Config.put([:instance, :registrations_open], false)
359 Pleroma.Config.put([:instance, :invites_enabled], false)
362 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
363 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
369 |> assign(:user, user)
370 |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
372 assert json_response(conn, :internal_server_error)
375 test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
376 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
377 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
378 Pleroma.Config.put([:instance, :registrations_open], true)
379 Pleroma.Config.put([:instance, :invites_enabled], true)
382 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
383 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
389 |> assign(:user, user)
390 |> post("/api/pleroma/admin/email_invite?email=foo@bar.com&name=JD")
392 assert json_response(conn, :internal_server_error)
396 test "/api/pleroma/admin/invite_token" do
397 admin = insert(:user, info: %{is_admin: true})
401 |> assign(:user, admin)
402 |> put_req_header("accept", "application/json")
403 |> get("/api/pleroma/admin/invite_token")
405 assert conn.status == 200
408 test "/api/pleroma/admin/password_reset" do
409 admin = insert(:user, info: %{is_admin: true})
414 |> assign(:user, admin)
415 |> put_req_header("accept", "application/json")
416 |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}")
418 assert conn.status == 200
421 describe "GET /api/pleroma/admin/users" do
422 test "renders users array for the first page" do
423 admin = insert(:user, info: %{is_admin: true})
424 user = insert(:user, local: false, tags: ["foo", "bar"])
428 |> assign(:user, admin)
429 |> get("/api/pleroma/admin/users?page=1")
431 assert json_response(conn, 200) == %{
436 "deactivated" => admin.info.deactivated,
438 "nickname" => admin.nickname,
439 "roles" => %{"admin" => true, "moderator" => false},
444 "deactivated" => user.info.deactivated,
446 "nickname" => user.nickname,
447 "roles" => %{"admin" => false, "moderator" => false},
449 "tags" => ["foo", "bar"]
455 test "renders empty array for the second page" do
456 admin = insert(:user, info: %{is_admin: true})
461 |> assign(:user, admin)
462 |> get("/api/pleroma/admin/users?page=2")
464 assert json_response(conn, 200) == %{
471 test "regular search" do
472 admin = insert(:user, info: %{is_admin: true})
473 user = insert(:user, nickname: "bob")
477 |> assign(:user, admin)
478 |> get("/api/pleroma/admin/users?query=bo")
480 assert json_response(conn, 200) == %{
485 "deactivated" => user.info.deactivated,
487 "nickname" => user.nickname,
488 "roles" => %{"admin" => false, "moderator" => false},
496 test "regular search with page size" do
497 admin = insert(:user, info: %{is_admin: true})
498 user = insert(:user, nickname: "aalice")
499 user2 = insert(:user, nickname: "alice")
503 |> assign(:user, admin)
504 |> get("/api/pleroma/admin/users?query=a&page_size=1&page=1")
506 assert json_response(conn, 200) == %{
511 "deactivated" => user.info.deactivated,
513 "nickname" => user.nickname,
514 "roles" => %{"admin" => false, "moderator" => false},
523 |> assign(:user, admin)
524 |> get("/api/pleroma/admin/users?query=a&page_size=1&page=2")
526 assert json_response(conn, 200) == %{
531 "deactivated" => user2.info.deactivated,
533 "nickname" => user2.nickname,
534 "roles" => %{"admin" => false, "moderator" => false},
542 test "only local users" do
543 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
544 user = insert(:user, nickname: "bob")
546 insert(:user, nickname: "bobb", local: false)
550 |> assign(:user, admin)
551 |> get("/api/pleroma/admin/users?query=bo&filters=local")
553 assert json_response(conn, 200) == %{
558 "deactivated" => user.info.deactivated,
560 "nickname" => user.nickname,
561 "roles" => %{"admin" => false, "moderator" => false},
569 test "only local users with no query" do
570 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
571 user = insert(:user, nickname: "bob")
573 insert(:user, nickname: "bobb", local: false)
577 |> assign(:user, admin)
578 |> get("/api/pleroma/admin/users?filters=local")
580 assert json_response(conn, 200) == %{
585 "deactivated" => user.info.deactivated,
587 "nickname" => user.nickname,
588 "roles" => %{"admin" => false, "moderator" => false},
593 "deactivated" => admin.info.deactivated,
595 "nickname" => admin.nickname,
596 "roles" => %{"admin" => true, "moderator" => false},
604 test "it works with multiple filters" do
605 admin = insert(:user, nickname: "john", info: %{is_admin: true})
606 user = insert(:user, nickname: "bob", local: false, info: %{deactivated: true})
608 insert(:user, nickname: "ken", local: true, info: %{deactivated: true})
609 insert(:user, nickname: "bobb", local: false, info: %{deactivated: false})
613 |> assign(:user, admin)
614 |> get("/api/pleroma/admin/users?filters=deactivated,external")
616 assert json_response(conn, 200) == %{
621 "deactivated" => user.info.deactivated,
623 "nickname" => user.nickname,
624 "roles" => %{"admin" => false, "moderator" => false},
625 "local" => user.local,
633 test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
634 admin = insert(:user, info: %{is_admin: true})
639 |> assign(:user, admin)
640 |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
642 assert json_response(conn, 200) ==
644 "deactivated" => !user.info.deactivated,
646 "nickname" => user.nickname,
647 "roles" => %{"admin" => false, "moderator" => false},
653 describe "GET /api/pleroma/admin/invite_token" do
654 test "without options" do
655 admin = insert(:user, info: %{is_admin: true})
659 |> assign(:user, admin)
660 |> get("/api/pleroma/admin/invite_token")
662 token = json_response(conn, 200)
663 invite = UserInviteToken.find_by_token!(token)
665 refute invite.expires_at
666 refute invite.max_use
667 assert invite.invite_type == "one_time"
670 test "with expires_at" do
671 admin = insert(:user, info: %{is_admin: true})
675 |> assign(:user, admin)
676 |> get("/api/pleroma/admin/invite_token", %{
677 "invite" => %{"expires_at" => Date.to_string(Date.utc_today())}
680 token = json_response(conn, 200)
681 invite = UserInviteToken.find_by_token!(token)
684 assert invite.expires_at == Date.utc_today()
685 refute invite.max_use
686 assert invite.invite_type == "date_limited"
689 test "with max_use" do
690 admin = insert(:user, info: %{is_admin: true})
694 |> assign(:user, admin)
695 |> get("/api/pleroma/admin/invite_token", %{
696 "invite" => %{"max_use" => 150}
699 token = json_response(conn, 200)
700 invite = UserInviteToken.find_by_token!(token)
702 refute invite.expires_at
703 assert invite.max_use == 150
704 assert invite.invite_type == "reusable"
707 test "with max use and expires_at" do
708 admin = insert(:user, info: %{is_admin: true})
712 |> assign(:user, admin)
713 |> get("/api/pleroma/admin/invite_token", %{
714 "invite" => %{"max_use" => 150, "expires_at" => Date.to_string(Date.utc_today())}
717 token = json_response(conn, 200)
718 invite = UserInviteToken.find_by_token!(token)
720 assert invite.expires_at == Date.utc_today()
721 assert invite.max_use == 150
722 assert invite.invite_type == "reusable_date_limited"
726 describe "GET /api/pleroma/admin/invites" do
728 admin = insert(:user, info: %{is_admin: true})
732 |> assign(:user, admin)
733 |> get("/api/pleroma/admin/invites")
735 assert json_response(conn, 200) == %{"invites" => []}
738 test "with invite" do
739 admin = insert(:user, info: %{is_admin: true})
740 {:ok, invite} = UserInviteToken.create_invite()
744 |> assign(:user, admin)
745 |> get("/api/pleroma/admin/invites")
747 assert json_response(conn, 200) == %{
752 "invite_type" => "one_time",
754 "token" => invite.token,
763 describe "POST /api/pleroma/admin/revoke_invite" do
765 admin = insert(:user, info: %{is_admin: true})
766 {:ok, invite} = UserInviteToken.create_invite()
770 |> assign(:user, admin)
771 |> post("/api/pleroma/admin/revoke_invite", %{"token" => invite.token})
773 assert json_response(conn, 200) == %{
776 "invite_type" => "one_time",
778 "token" => invite.token,