1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Activity
12 alias Pleroma.ModerationLog
14 alias Pleroma.ReportNote
15 alias Pleroma.Web.CommonAPI
18 admin = insert(:user, is_admin: true)
19 token = insert(:oauth_admin_token, user: admin)
23 |> assign(:user, admin)
24 |> assign(:token, token)
26 {:ok, %{admin: admin, token: token, conn: conn}}
29 describe "GET /api/pleroma/admin/reports/:id" do
30 test "returns report by its id", %{conn: conn} do
31 [reporter, target_user] = insert_pair(:user)
32 activity = insert(:note_activity, user: target_user)
34 {:ok, %{id: report_id}} =
35 CommonAPI.report(reporter, %{
36 account_id: target_user.id,
37 comment: "I feel offended",
38 status_ids: [activity.id]
43 |> get("/api/pleroma/admin/reports/#{report_id}")
44 |> json_response_and_validate_schema(:ok)
46 assert response["id"] == report_id
49 test "returns 404 when report id is invalid", %{conn: conn} do
50 conn = get(conn, "/api/pleroma/admin/reports/test")
52 assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
56 describe "PATCH /api/pleroma/admin/reports" do
58 [reporter, target_user] = insert_pair(:user)
59 activity = insert(:note_activity, user: target_user)
61 {:ok, %{id: report_id}} =
62 CommonAPI.report(reporter, %{
63 account_id: target_user.id,
64 comment: "I feel offended",
65 status_ids: [activity.id]
68 {:ok, %{id: second_report_id}} =
69 CommonAPI.report(reporter, %{
70 account_id: target_user.id,
71 comment: "I feel very offended",
72 status_ids: [activity.id]
77 second_report_id: second_report_id
81 test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
82 read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
83 write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
87 |> assign(:token, read_token)
88 |> put_req_header("content-type", "application/json")
89 |> patch("/api/pleroma/admin/reports", %{
90 "reports" => [%{"state" => "resolved", "id" => id}]
92 |> json_response_and_validate_schema(403)
95 "error" => "Insufficient permissions: admin:write:reports."
99 |> assign(:token, write_token)
100 |> put_req_header("content-type", "application/json")
101 |> patch("/api/pleroma/admin/reports", %{
102 "reports" => [%{"state" => "resolved", "id" => id}]
104 |> json_response_and_validate_schema(:no_content)
107 test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
109 |> put_req_header("content-type", "application/json")
110 |> patch("/api/pleroma/admin/reports", %{
112 %{"state" => "resolved", "id" => id}
115 |> json_response_and_validate_schema(:no_content)
117 activity = Activity.get_by_id(id)
118 assert activity.data["state"] == "resolved"
120 log_entry = Repo.one(ModerationLog)
122 assert ModerationLog.get_log_entry_message(log_entry) ==
123 "@#{admin.nickname} updated report ##{id} with 'resolved' state"
126 test "closes report", %{conn: conn, id: id, admin: admin} do
128 |> put_req_header("content-type", "application/json")
129 |> patch("/api/pleroma/admin/reports", %{
131 %{"state" => "closed", "id" => id}
134 |> json_response_and_validate_schema(:no_content)
136 activity = Activity.get_by_id(id)
137 assert activity.data["state"] == "closed"
139 log_entry = Repo.one(ModerationLog)
141 assert ModerationLog.get_log_entry_message(log_entry) ==
142 "@#{admin.nickname} updated report ##{id} with 'closed' state"
145 test "returns 400 when state is unknown", %{conn: conn, id: id} do
148 |> put_req_header("content-type", "application/json")
149 |> patch("/api/pleroma/admin/reports", %{
151 %{"state" => "test", "id" => id}
155 assert "Unsupported state" =
156 hd(json_response_and_validate_schema(conn, :bad_request))["error"]
159 test "returns 404 when report is not exist", %{conn: conn} do
162 |> put_req_header("content-type", "application/json")
163 |> patch("/api/pleroma/admin/reports", %{
165 %{"state" => "closed", "id" => "test"}
169 assert hd(json_response_and_validate_schema(conn, :bad_request))["error"] == "not_found"
172 test "updates state of multiple reports", %{
176 second_report_id: second_report_id
179 |> put_req_header("content-type", "application/json")
180 |> patch("/api/pleroma/admin/reports", %{
182 %{"state" => "resolved", "id" => id},
183 %{"state" => "closed", "id" => second_report_id}
186 |> json_response_and_validate_schema(:no_content)
188 activity = Activity.get_by_id(id)
189 second_activity = Activity.get_by_id(second_report_id)
190 assert activity.data["state"] == "resolved"
191 assert second_activity.data["state"] == "closed"
193 [first_log_entry, second_log_entry] = Repo.all(ModerationLog)
195 assert ModerationLog.get_log_entry_message(first_log_entry) ==
196 "@#{admin.nickname} updated report ##{id} with 'resolved' state"
198 assert ModerationLog.get_log_entry_message(second_log_entry) ==
199 "@#{admin.nickname} updated report ##{second_report_id} with 'closed' state"
203 describe "GET /api/pleroma/admin/reports" do
204 test "returns empty response when no reports created", %{conn: conn} do
207 |> get(report_path(conn, :index))
208 |> json_response_and_validate_schema(:ok)
210 assert Enum.empty?(response["reports"])
211 assert response["total"] == 0
214 test "returns reports", %{conn: conn} do
215 [reporter, target_user] = insert_pair(:user)
216 activity = insert(:note_activity, user: target_user)
218 {:ok, %{id: report_id}} =
219 CommonAPI.report(reporter, %{
220 account_id: target_user.id,
221 comment: "I feel offended",
222 status_ids: [activity.id]
227 |> get(report_path(conn, :index))
228 |> json_response_and_validate_schema(:ok)
230 [report] = response["reports"]
232 assert length(response["reports"]) == 1
233 assert report["id"] == report_id
235 assert response["total"] == 1
238 test "returns reports with specified state", %{conn: conn} do
239 [reporter, target_user] = insert_pair(:user)
240 activity = insert(:note_activity, user: target_user)
242 {:ok, %{id: first_report_id}} =
243 CommonAPI.report(reporter, %{
244 account_id: target_user.id,
245 comment: "I feel offended",
246 status_ids: [activity.id]
249 {:ok, %{id: second_report_id}} =
250 CommonAPI.report(reporter, %{
251 account_id: target_user.id,
252 comment: "I don't like this user"
255 CommonAPI.update_report_state(second_report_id, "closed")
259 |> get(report_path(conn, :index, %{state: "open"}))
260 |> json_response_and_validate_schema(:ok)
262 assert [open_report] = response["reports"]
264 assert length(response["reports"]) == 1
265 assert open_report["id"] == first_report_id
267 assert response["total"] == 1
271 |> get(report_path(conn, :index, %{state: "closed"}))
272 |> json_response_and_validate_schema(:ok)
274 assert [closed_report] = response["reports"]
276 assert length(response["reports"]) == 1
277 assert closed_report["id"] == second_report_id
279 assert response["total"] == 1
281 assert %{"total" => 0, "reports" => []} ==
283 |> get(report_path(conn, :index, %{state: "resolved"}))
284 |> json_response_and_validate_schema(:ok)
287 test "returns 403 when requested by a non-admin" do
289 token = insert(:oauth_token, user: user)
293 |> assign(:user, user)
294 |> assign(:token, token)
295 |> get("/api/pleroma/admin/reports")
297 assert json_response(conn, :forbidden) ==
298 %{"error" => "User is not an admin."}
301 test "returns 403 when requested by anonymous" do
302 conn = get(build_conn(), "/api/pleroma/admin/reports")
304 assert json_response(conn, :forbidden) == %{
305 "error" => "Invalid credentials."
310 describe "POST /api/pleroma/admin/reports/:id/notes" do
311 setup %{conn: conn, admin: admin} do
312 [reporter, target_user] = insert_pair(:user)
313 activity = insert(:note_activity, user: target_user)
315 {:ok, %{id: report_id}} =
316 CommonAPI.report(reporter, %{
317 account_id: target_user.id,
318 comment: "I feel offended",
319 status_ids: [activity.id]
323 |> put_req_header("content-type", "application/json")
324 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
325 content: "this is disgusting!"
329 |> put_req_header("content-type", "application/json")
330 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
331 content: "this is disgusting2!"
340 test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
341 assert [note, _] = Repo.all(ReportNote)
344 activity_id: ^report_id,
345 content: "this is disgusting!",
350 test "it returns reports with notes", %{conn: conn, admin: admin} do
351 conn = get(conn, "/api/pleroma/admin/reports")
353 response = json_response_and_validate_schema(conn, 200)
354 notes = hd(response["reports"])["notes"]
357 assert note["user"]["nickname"] == admin.nickname
358 assert note["content"] == "this is disgusting!"
359 assert note["created_at"]
360 assert response["total"] == 1
363 test "it deletes the note", %{conn: conn, report_id: report_id} do
364 assert ReportNote |> Repo.all() |> length() == 2
365 assert [note, _] = Repo.all(ReportNote)
367 delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
369 assert ReportNote |> Repo.all() |> length() == 1