Merge branch 'develop' into 'remove-twitter-api'

[akkoma] / test / web / mastodon_api / controllers / account_controller / update_credentials_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
  alias Pleroma.Repo
  alias Pleroma.User

  use Pleroma.Web.ConnCase

  import Pleroma.Factory

  setup do: clear_config([:instance, :max_account_fields])

  describe "updating credentials" do
    setup do: oauth_access(["write:accounts"])
    setup :request_content_type

    test "sets user settings in a generic way", %{conn: conn} do
      res_conn =
        patch(conn, "/api/v1/accounts/update_credentials", %{
          "pleroma_settings_store" => %{
            pleroma_fe: %{
              theme: "bla"
            }
          }
        })

      assert user_data = json_response_and_validate_schema(res_conn, 200)
      assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}

      user = Repo.get(User, user_data["id"])

      res_conn =
        conn
        |> assign(:user, user)
        |> patch("/api/v1/accounts/update_credentials", %{
          "pleroma_settings_store" => %{
            masto_fe: %{
              theme: "bla"
            }
          }
        })

      assert user_data = json_response_and_validate_schema(res_conn, 200)

      assert user_data["pleroma"]["settings_store"] ==
               %{
                 "pleroma_fe" => %{"theme" => "bla"},
                 "masto_fe" => %{"theme" => "bla"}
               }

      user = Repo.get(User, user_data["id"])

      res_conn =
        conn
        |> assign(:user, user)
        |> patch("/api/v1/accounts/update_credentials", %{
          "pleroma_settings_store" => %{
            masto_fe: %{
              theme: "blub"
            }
          }
        })

      assert user_data = json_response_and_validate_schema(res_conn, 200)

      assert user_data["pleroma"]["settings_store"] ==
               %{
                 "pleroma_fe" => %{"theme" => "bla"},
                 "masto_fe" => %{"theme" => "blub"}
               }
    end

    test "updates the user's bio", %{conn: conn} do
      user2 = insert(:user)

      conn =
        patch(conn, "/api/v1/accounts/update_credentials", %{
          "note" => "I drink #cofe with @#{user2.nickname}\n\nsuya.."
        })

      assert user_data = json_response_and_validate_schema(conn, 200)

      assert user_data["note"] ==
               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
                 user2.id
               }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
    end

    test "updates the user's locking status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["locked"] == true
    end

    test "updates the user's allow_following_move", %{user: user, conn: conn} do
      assert user.allow_following_move == true

      conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})

      assert refresh_record(user).allow_following_move == false
      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["pleroma"]["allow_following_move"] == false
    end

    test "updates the user's default scope", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["source"]["privacy"] == "unlisted"
    end

    test "updates the user's hide_followers status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["pleroma"]["hide_followers"] == true
    end

    test "updates the user's discoverable status", %{conn: conn} do
      assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
               conn
               |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
               |> json_response_and_validate_schema(:ok)

      assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
               conn
               |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
               |> json_response_and_validate_schema(:ok)
    end

    test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
      conn =
        patch(conn, "/api/v1/accounts/update_credentials", %{
          hide_followers_count: "true",
          hide_follows_count: "true"
        })

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["pleroma"]["hide_followers_count"] == true
      assert user_data["pleroma"]["hide_follows_count"] == true
    end

    test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
      response =
        conn
        |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
        |> json_response_and_validate_schema(200)

      assert response["pleroma"]["skip_thread_containment"] == true
      assert refresh_record(user).skip_thread_containment
    end

    test "updates the user's hide_follows status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["pleroma"]["hide_follows"] == true
    end

    test "updates the user's hide_favorites status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["pleroma"]["hide_favorites"] == true
    end

    test "updates the user's show_role status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["source"]["pleroma"]["show_role"] == false
    end

    test "updates the user's no_rich_text status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["source"]["pleroma"]["no_rich_text"] == true
    end

    test "updates the user's name", %{conn: conn} do
      conn =
        patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})

      assert user_data = json_response_and_validate_schema(conn, 200)
      assert user_data["display_name"] == "markorepairs"
    end

    test "updates the user's avatar", %{user: user, conn: conn} do
      new_avatar = %Plug.Upload{
        content_type: "image/jpg",
        path: Path.absname("test/fixtures/image.jpg"),
        filename: "an_image.jpg"
      }

      conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})

      assert user_response = json_response_and_validate_schema(conn, 200)
      assert user_response["avatar"] != User.avatar_url(user)
    end

    test "updates the user's banner", %{user: user, conn: conn} do
      new_header = %Plug.Upload{
        content_type: "image/jpg",
        path: Path.absname("test/fixtures/image.jpg"),
        filename: "an_image.jpg"
      }

      conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})

      assert user_response = json_response_and_validate_schema(conn, 200)
      assert user_response["header"] != User.banner_url(user)
    end

    test "updates the user's background", %{conn: conn} do
      new_header = %Plug.Upload{
        content_type: "image/jpg",
        path: Path.absname("test/fixtures/image.jpg"),
        filename: "an_image.jpg"
      }

      conn =
        patch(conn, "/api/v1/accounts/update_credentials", %{
          "pleroma_background_image" => new_header
        })

      assert user_response = json_response_and_validate_schema(conn, 200)
      assert user_response["pleroma"]["background_image"]
    end

    test "requires 'write:accounts' permission" do
      token1 = insert(:oauth_token, scopes: ["read"])
      token2 = insert(:oauth_token, scopes: ["write", "follow"])

      for token <- [token1, token2] do
        conn =
          build_conn()
          |> put_req_header("content-type", "multipart/form-data")
          |> put_req_header("authorization", "Bearer #{token.token}")
          |> patch("/api/v1/accounts/update_credentials", %{})

        if token == token1 do
          assert %{"error" => "Insufficient permissions: write:accounts."} ==
                   json_response_and_validate_schema(conn, 403)
        else
          assert json_response_and_validate_schema(conn, 200)
        end
      end
    end

    test "updates profile emojos", %{user: user, conn: conn} do
      note = "*sips :blank:*"
      name = "I am :firefox:"

      ret_conn =
        patch(conn, "/api/v1/accounts/update_credentials", %{
          "note" => note,
          "display_name" => name
        })

      assert json_response_and_validate_schema(ret_conn, 200)

      conn = get(conn, "/api/v1/accounts/#{user.id}")

      assert user_data = json_response_and_validate_schema(conn, 200)

      assert user_data["note"] == note
      assert user_data["display_name"] == name
      assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
    end

    test "update fields", %{conn: conn} do
      fields = [
        %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
        %{"name" => "link.io", "value" => "cofe.io"}
      ]

      account_data =
        conn
        |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
        |> json_response_and_validate_schema(200)

      assert account_data["fields"] == [
               %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
               %{
                 "name" => "link.io",
                 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
               }
             ]

      assert account_data["source"]["fields"] == [
               %{
                 "name" => "<a href=\"http://google.com\">foo</a>",
                 "value" => "<script>bar</script>"
               },
               %{"name" => "link.io", "value" => "cofe.io"}
             ]
    end

    test "update fields via x-www-form-urlencoded", %{conn: conn} do
      fields =
        [
          "fields_attributes[1][name]=link",
          "fields_attributes[1][value]=http://cofe.io",
          "fields_attributes[0][name]=foo",
          "fields_attributes[0][value]=bar"
        ]
        |> Enum.join("&")

      account =
        conn
        |> put_req_header("content-type", "application/x-www-form-urlencoded")
        |> patch("/api/v1/accounts/update_credentials", fields)
        |> json_response_and_validate_schema(200)

      assert account["fields"] == [
               %{"name" => "foo", "value" => "bar"},
               %{
                 "name" => "link",
                 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
               }
             ]

      assert account["source"]["fields"] == [
               %{"name" => "foo", "value" => "bar"},
               %{"name" => "link", "value" => "http://cofe.io"}
             ]
    end

    test "update fields with empty name", %{conn: conn} do
      fields = [
        %{"name" => "foo", "value" => ""},
        %{"name" => "", "value" => "bar"}
      ]

      account =
        conn
        |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
        |> json_response_and_validate_schema(200)

      assert account["fields"] == [
               %{"name" => "foo", "value" => ""}
             ]
    end

    test "update fields when invalid request", %{conn: conn} do
      name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
      value_limit = Pleroma.Config.get([:instance, :account_field_value_length])

      long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
      long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()

      fields = [%{"name" => "foo", "value" => long_value}]

      assert %{"error" => "Invalid request"} ==
               conn
               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
               |> json_response_and_validate_schema(403)

      fields = [%{"name" => long_name, "value" => "bar"}]

      assert %{"error" => "Invalid request"} ==
               conn
               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
               |> json_response_and_validate_schema(403)

      Pleroma.Config.put([:instance, :max_account_fields], 1)

      fields = [
        %{"name" => "foo", "value" => "bar"},
        %{"name" => "link", "value" => "cofe.io"}
      ]

      assert %{"error" => "Invalid request"} ==
               conn
               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
               |> json_response_and_validate_schema(403)
    end
  end
end