1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
11 import Pleroma.Factory
13 setup do: clear_config([:instance, :max_account_fields])
15 describe "updating credentials" do
16 setup do: oauth_access(["write:accounts"])
17 setup :request_content_type
19 test "sets user settings in a generic way", %{conn: conn} do
21 patch(conn, "/api/v1/accounts/update_credentials", %{
22 "pleroma_settings_store" => %{
29 assert user_data = json_response_and_validate_schema(res_conn, 200)
30 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
32 user = Repo.get(User, user_data["id"])
36 |> assign(:user, user)
37 |> patch("/api/v1/accounts/update_credentials", %{
38 "pleroma_settings_store" => %{
45 assert user_data = json_response_and_validate_schema(res_conn, 200)
47 assert user_data["pleroma"]["settings_store"] ==
49 "pleroma_fe" => %{"theme" => "bla"},
50 "masto_fe" => %{"theme" => "bla"}
53 user = Repo.get(User, user_data["id"])
57 |> assign(:user, user)
58 |> patch("/api/v1/accounts/update_credentials", %{
59 "pleroma_settings_store" => %{
66 assert user_data = json_response_and_validate_schema(res_conn, 200)
68 assert user_data["pleroma"]["settings_store"] ==
70 "pleroma_fe" => %{"theme" => "bla"},
71 "masto_fe" => %{"theme" => "blub"}
75 test "updates the user's bio", %{conn: conn} do
79 patch(conn, "/api/v1/accounts/update_credentials", %{
80 "note" => "I drink #cofe with @#{user2.nickname}\n\nsuya.."
83 assert user_data = json_response_and_validate_schema(conn, 200)
85 assert user_data["note"] ==
86 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
88 }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
91 test "updates the user's locking status", %{conn: conn} do
92 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
94 assert user_data = json_response_and_validate_schema(conn, 200)
95 assert user_data["locked"] == true
98 test "updates the user's allow_following_move", %{user: user, conn: conn} do
99 assert user.allow_following_move == true
101 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
103 assert refresh_record(user).allow_following_move == false
104 assert user_data = json_response_and_validate_schema(conn, 200)
105 assert user_data["pleroma"]["allow_following_move"] == false
108 test "updates the user's default scope", %{conn: conn} do
109 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
111 assert user_data = json_response_and_validate_schema(conn, 200)
112 assert user_data["source"]["privacy"] == "unlisted"
115 test "updates the user's privacy", %{conn: conn} do
116 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
118 assert user_data = json_response_and_validate_schema(conn, 200)
119 assert user_data["source"]["privacy"] == "unlisted"
122 test "updates the user's hide_followers status", %{conn: conn} do
123 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
125 assert user_data = json_response_and_validate_schema(conn, 200)
126 assert user_data["pleroma"]["hide_followers"] == true
129 test "updates the user's discoverable status", %{conn: conn} do
130 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
132 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
133 |> json_response_and_validate_schema(:ok)
135 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
137 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
138 |> json_response_and_validate_schema(:ok)
141 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
143 patch(conn, "/api/v1/accounts/update_credentials", %{
144 hide_followers_count: "true",
145 hide_follows_count: "true"
148 assert user_data = json_response_and_validate_schema(conn, 200)
149 assert user_data["pleroma"]["hide_followers_count"] == true
150 assert user_data["pleroma"]["hide_follows_count"] == true
153 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
156 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
157 |> json_response_and_validate_schema(200)
159 assert response["pleroma"]["skip_thread_containment"] == true
160 assert refresh_record(user).skip_thread_containment
163 test "updates the user's hide_follows status", %{conn: conn} do
164 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
166 assert user_data = json_response_and_validate_schema(conn, 200)
167 assert user_data["pleroma"]["hide_follows"] == true
170 test "updates the user's hide_favorites status", %{conn: conn} do
171 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
173 assert user_data = json_response_and_validate_schema(conn, 200)
174 assert user_data["pleroma"]["hide_favorites"] == true
177 test "updates the user's show_role status", %{conn: conn} do
178 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
180 assert user_data = json_response_and_validate_schema(conn, 200)
181 assert user_data["source"]["pleroma"]["show_role"] == false
184 test "updates the user's no_rich_text status", %{conn: conn} do
185 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
187 assert user_data = json_response_and_validate_schema(conn, 200)
188 assert user_data["source"]["pleroma"]["no_rich_text"] == true
191 test "updates the user's name", %{conn: conn} do
193 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
195 assert user_data = json_response_and_validate_schema(conn, 200)
196 assert user_data["display_name"] == "markorepairs"
199 test "updates the user's avatar", %{user: user, conn: conn} do
200 new_avatar = %Plug.Upload{
201 content_type: "image/jpg",
202 path: Path.absname("test/fixtures/image.jpg"),
203 filename: "an_image.jpg"
206 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
208 assert user_response = json_response_and_validate_schema(conn, 200)
209 assert user_response["avatar"] != User.avatar_url(user)
212 test "updates the user's banner", %{user: user, conn: conn} do
213 new_header = %Plug.Upload{
214 content_type: "image/jpg",
215 path: Path.absname("test/fixtures/image.jpg"),
216 filename: "an_image.jpg"
219 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
221 assert user_response = json_response_and_validate_schema(conn, 200)
222 assert user_response["header"] != User.banner_url(user)
225 test "updates the user's background", %{conn: conn} do
226 new_header = %Plug.Upload{
227 content_type: "image/jpg",
228 path: Path.absname("test/fixtures/image.jpg"),
229 filename: "an_image.jpg"
233 patch(conn, "/api/v1/accounts/update_credentials", %{
234 "pleroma_background_image" => new_header
237 assert user_response = json_response_and_validate_schema(conn, 200)
238 assert user_response["pleroma"]["background_image"]
241 test "requires 'write:accounts' permission" do
242 token1 = insert(:oauth_token, scopes: ["read"])
243 token2 = insert(:oauth_token, scopes: ["write", "follow"])
245 for token <- [token1, token2] do
248 |> put_req_header("content-type", "multipart/form-data")
249 |> put_req_header("authorization", "Bearer #{token.token}")
250 |> patch("/api/v1/accounts/update_credentials", %{})
252 if token == token1 do
253 assert %{"error" => "Insufficient permissions: write:accounts."} ==
254 json_response_and_validate_schema(conn, 403)
256 assert json_response_and_validate_schema(conn, 200)
261 test "updates profile emojos", %{user: user, conn: conn} do
262 note = "*sips :blank:*"
263 name = "I am :firefox:"
266 patch(conn, "/api/v1/accounts/update_credentials", %{
268 "display_name" => name
271 assert json_response_and_validate_schema(ret_conn, 200)
273 conn = get(conn, "/api/v1/accounts/#{user.id}")
275 assert user_data = json_response_and_validate_schema(conn, 200)
277 assert user_data["note"] == note
278 assert user_data["display_name"] == name
279 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
282 test "update fields", %{conn: conn} do
284 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
285 %{"name" => "link.io", "value" => "cofe.io"}
290 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
291 |> json_response_and_validate_schema(200)
293 assert account_data["fields"] == [
294 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
297 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
301 assert account_data["source"]["fields"] == [
303 "name" => "<a href=\"http://google.com\">foo</a>",
304 "value" => "<script>bar</script>"
306 %{"name" => "link.io", "value" => "cofe.io"}
310 test "update fields via x-www-form-urlencoded", %{conn: conn} do
313 "fields_attributes[1][name]=link",
314 "fields_attributes[1][value]=http://cofe.io",
315 "fields_attributes[0][name]=foo",
316 "fields_attributes[0][value]=bar"
322 |> put_req_header("content-type", "application/x-www-form-urlencoded")
323 |> patch("/api/v1/accounts/update_credentials", fields)
324 |> json_response_and_validate_schema(200)
326 assert account["fields"] == [
327 %{"name" => "foo", "value" => "bar"},
330 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
334 assert account["source"]["fields"] == [
335 %{"name" => "foo", "value" => "bar"},
336 %{"name" => "link", "value" => "http://cofe.io"}
340 test "update fields with empty name", %{conn: conn} do
342 %{"name" => "foo", "value" => ""},
343 %{"name" => "", "value" => "bar"}
348 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
349 |> json_response_and_validate_schema(200)
351 assert account["fields"] == [
352 %{"name" => "foo", "value" => ""}
356 test "update fields when invalid request", %{conn: conn} do
357 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
358 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
360 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
361 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
363 fields = [%{"name" => "foo", "value" => long_value}]
365 assert %{"error" => "Invalid request"} ==
367 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
368 |> json_response_and_validate_schema(403)
370 fields = [%{"name" => long_name, "value" => "bar"}]
372 assert %{"error" => "Invalid request"} ==
374 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
375 |> json_response_and_validate_schema(403)
377 Pleroma.Config.put([:instance, :max_account_fields], 1)
380 %{"name" => "foo", "value" => "bar"},
381 %{"name" => "link", "value" => "cofe.io"}
384 assert %{"error" => "Invalid request"} ==
386 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
387 |> json_response_and_validate_schema(403)