projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'mastoapi-non-html-strings' into 'develop'
[akkoma] / test / web / mastodon_api / controllers / account_controller / update_credentials_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
6 alias Pleroma.Repo
7 alias Pleroma.User
8
9 use Pleroma.Web.ConnCase
10
11 import Pleroma.Factory
12 clear_config([:instance, :max_account_fields])
13
14 describe "updating credentials" do
15 setup do: oauth_access(["write:accounts"])
16
17 test "sets user settings in a generic way", %{conn: conn} do
18 res_conn =
19 patch(conn, "/api/v1/accounts/update_credentials", %{
20 "pleroma_settings_store" => %{
21 pleroma_fe: %{
22 theme: "bla"
23 }
24 }
25 })
26
27 assert user_data = json_response(res_conn, 200)
28 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
29
30 user = Repo.get(User, user_data["id"])
31
32 res_conn =
33 conn
34 |> assign(:user, user)
35 |> patch("/api/v1/accounts/update_credentials", %{
36 "pleroma_settings_store" => %{
37 masto_fe: %{
38 theme: "bla"
39 }
40 }
41 })
42
43 assert user_data = json_response(res_conn, 200)
44
45 assert user_data["pleroma"]["settings_store"] ==
46 %{
47 "pleroma_fe" => %{"theme" => "bla"},
48 "masto_fe" => %{"theme" => "bla"}
49 }
50
51 user = Repo.get(User, user_data["id"])
52
53 res_conn =
54 conn
55 |> assign(:user, user)
56 |> patch("/api/v1/accounts/update_credentials", %{
57 "pleroma_settings_store" => %{
58 masto_fe: %{
59 theme: "blub"
60 }
61 }
62 })
63
64 assert user_data = json_response(res_conn, 200)
65
66 assert user_data["pleroma"]["settings_store"] ==
67 %{
68 "pleroma_fe" => %{"theme" => "bla"},
69 "masto_fe" => %{"theme" => "blub"}
70 }
71 end
72
73 test "updates the user's bio", %{conn: conn} do
74 user2 = insert(:user)
75
76 conn =
77 patch(conn, "/api/v1/accounts/update_credentials", %{
78 "note" => "I drink #cofe with @#{user2.nickname}"
79 })
80
81 assert user_data = json_response(conn, 200)
82
83 assert user_data["note"] ==
84 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{
85 user2.id
86 }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span>)
87 end
88
89 test "updates the user's locking status", %{conn: conn} do
90 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
91
92 assert user_data = json_response(conn, 200)
93 assert user_data["locked"] == true
94 end
95
96 test "updates the user's allow_following_move", %{user: user, conn: conn} do
97 assert user.allow_following_move == true
98
99 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
100
101 assert refresh_record(user).allow_following_move == false
102 assert user_data = json_response(conn, 200)
103 assert user_data["pleroma"]["allow_following_move"] == false
104 end
105
106 test "updates the user's default scope", %{conn: conn} do
107 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
108
109 assert user_data = json_response(conn, 200)
110 assert user_data["source"]["privacy"] == "cofe"
111 end
112
113 test "updates the user's hide_followers status", %{conn: conn} do
114 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
115
116 assert user_data = json_response(conn, 200)
117 assert user_data["pleroma"]["hide_followers"] == true
118 end
119
120 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
121 conn =
122 patch(conn, "/api/v1/accounts/update_credentials", %{
123 hide_followers_count: "true",
124 hide_follows_count: "true"
125 })
126
127 assert user_data = json_response(conn, 200)
128 assert user_data["pleroma"]["hide_followers_count"] == true
129 assert user_data["pleroma"]["hide_follows_count"] == true
130 end
131
132 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
133 response =
134 conn
135 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
136 |> json_response(200)
137
138 assert response["pleroma"]["skip_thread_containment"] == true
139 assert refresh_record(user).skip_thread_containment
140 end
141
142 test "updates the user's hide_follows status", %{conn: conn} do
143 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
144
145 assert user_data = json_response(conn, 200)
146 assert user_data["pleroma"]["hide_follows"] == true
147 end
148
149 test "updates the user's hide_favorites status", %{conn: conn} do
150 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
151
152 assert user_data = json_response(conn, 200)
153 assert user_data["pleroma"]["hide_favorites"] == true
154 end
155
156 test "updates the user's show_role status", %{conn: conn} do
157 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
158
159 assert user_data = json_response(conn, 200)
160 assert user_data["source"]["pleroma"]["show_role"] == false
161 end
162
163 test "updates the user's no_rich_text status", %{conn: conn} do
164 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
165
166 assert user_data = json_response(conn, 200)
167 assert user_data["source"]["pleroma"]["no_rich_text"] == true
168 end
169
170 test "updates the user's name", %{conn: conn} do
171 conn =
172 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
173
174 assert user_data = json_response(conn, 200)
175 assert user_data["display_name"] == "markorepairs"
176 end
177
178 test "updates the user's avatar", %{user: user, conn: conn} do
179 new_avatar = %Plug.Upload{
180 content_type: "image/jpg",
181 path: Path.absname("test/fixtures/image.jpg"),
182 filename: "an_image.jpg"
183 }
184
185 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
186
187 assert user_response = json_response(conn, 200)
188 assert user_response["avatar"] != User.avatar_url(user)
189 end
190
191 test "updates the user's banner", %{user: user, conn: conn} do
192 new_header = %Plug.Upload{
193 content_type: "image/jpg",
194 path: Path.absname("test/fixtures/image.jpg"),
195 filename: "an_image.jpg"
196 }
197
198 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
199
200 assert user_response = json_response(conn, 200)
201 assert user_response["header"] != User.banner_url(user)
202 end
203
204 test "updates the user's background", %{conn: conn} do
205 new_header = %Plug.Upload{
206 content_type: "image/jpg",
207 path: Path.absname("test/fixtures/image.jpg"),
208 filename: "an_image.jpg"
209 }
210
211 conn =
212 patch(conn, "/api/v1/accounts/update_credentials", %{
213 "pleroma_background_image" => new_header
214 })
215
216 assert user_response = json_response(conn, 200)
217 assert user_response["pleroma"]["background_image"]
218 end
219
220 test "requires 'write:accounts' permission" do
221 token1 = insert(:oauth_token, scopes: ["read"])
222 token2 = insert(:oauth_token, scopes: ["write", "follow"])
223
224 for token <- [token1, token2] do
225 conn =
226 build_conn()
227 |> put_req_header("authorization", "Bearer #{token.token}")
228 |> patch("/api/v1/accounts/update_credentials", %{})
229
230 if token == token1 do
231 assert %{"error" => "Insufficient permissions: write:accounts."} ==
232 json_response(conn, 403)
233 else
234 assert json_response(conn, 200)
235 end
236 end
237 end
238
239 test "updates profile emojos", %{user: user, conn: conn} do
240 note = "*sips :blank:*"
241 name = "I am :firefox:"
242
243 ret_conn =
244 patch(conn, "/api/v1/accounts/update_credentials", %{
245 "note" => note,
246 "display_name" => name
247 })
248
249 assert json_response(ret_conn, 200)
250
251 conn = get(conn, "/api/v1/accounts/#{user.id}")
252
253 assert user_data = json_response(conn, 200)
254
255 assert user_data["note"] == note
256 assert user_data["display_name"] == name
257 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
258 end
259
260 test "update fields", %{conn: conn} do
261 fields = [
262 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
263 %{"name" => "link", "value" => "cofe.io"}
264 ]
265
266 account_data =
267 conn
268 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
269 |> json_response(200)
270
271 assert account_data["fields"] == [
272 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
273 %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
274 ]
275
276 assert account_data["source"]["fields"] == [
277 %{
278 "name" => "<a href=\"http://google.com\">foo</a>",
279 "value" => "<script>bar</script>"
280 },
281 %{"name" => "link", "value" => "cofe.io"}
282 ]
283
284 fields =
285 [
286 "fields_attributes[1][name]=link",
287 "fields_attributes[1][value]=cofe.io",
288 "fields_attributes[0][name]=<a href=\"http://google.com\">foo</a>",
289 "fields_attributes[0][value]=bar"
290 ]
291 |> Enum.join("&")
292
293 account =
294 conn
295 |> put_req_header("content-type", "application/x-www-form-urlencoded")
296 |> patch("/api/v1/accounts/update_credentials", fields)
297 |> json_response(200)
298
299 assert account["fields"] == [
300 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
301 %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
302 ]
303
304 assert account["source"]["fields"] == [
305 %{
306 "name" => "<a href=\"http://google.com\">foo</a>",
307 "value" => "bar"
308 },
309 %{"name" => "link", "value" => "cofe.io"}
310 ]
311
312 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
313 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
314
315 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
316
317 fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
318
319 assert %{"error" => "Invalid request"} ==
320 conn
321 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
322 |> json_response(403)
323
324 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
325
326 fields = [%{"name" => long_name, "value" => "bar"}]
327
328 assert %{"error" => "Invalid request"} ==
329 conn
330 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
331 |> json_response(403)
332
333 Pleroma.Config.put([:instance, :max_account_fields], 1)
334
335 fields = [
336 %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
337 %{"name" => "link", "value" => "cofe.io"}
338 ]
339
340 assert %{"error" => "Invalid request"} ==
341 conn
342 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
343 |> json_response(403)
344
345 fields = [
346 %{"name" => "foo", "value" => ""},
347 %{"name" => "", "value" => "bar"}
348 ]
349
350 account =
351 conn
352 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
353 |> json_response(200)
354
355 assert account["fields"] == [
356 %{"name" => "foo", "value" => ""}
357 ]
358 end
359 end
360 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git