git.squeep.com Git - akkoma/blob - test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
   6   alias Pleroma.Repo
   7   alias Pleroma.User
   8
   9   use Pleroma.Web.ConnCase
  10
  11   import Pleroma.Factory
  12
  13   setup do: clear_config([:instance, :max_account_fields])
  14
  15   describe "updating credentials" do
  16     setup do: oauth_access(["write:accounts"])
  17     setup :request_content_type
  18
  19     test "sets user settings in a generic way", %{conn: conn} do
  20       res_conn =
  21         patch(conn, "/api/v1/accounts/update_credentials", %{
  22           "pleroma_settings_store" => %{
  23             pleroma_fe: %{
  24               theme: "bla"
  25             }
  26           }
  27         })
  28
  29       assert user_data = json_response_and_validate_schema(res_conn, 200)
  30       assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
  31
  32       user = Repo.get(User, user_data["id"])
  33
  34       res_conn =
  35         conn
  36         |> assign(:user, user)
  37         |> patch("/api/v1/accounts/update_credentials", %{
  38           "pleroma_settings_store" => %{
  39             masto_fe: %{
  40               theme: "bla"
  41             }
  42           }
  43         })
  44
  45       assert user_data = json_response_and_validate_schema(res_conn, 200)
  46
  47       assert user_data["pleroma"]["settings_store"] ==
  48                %{
  49                  "pleroma_fe" => %{"theme" => "bla"},
  50                  "masto_fe" => %{"theme" => "bla"}
  51                }
  52
  53       user = Repo.get(User, user_data["id"])
  54
  55       res_conn =
  56         conn
  57         |> assign(:user, user)
  58         |> patch("/api/v1/accounts/update_credentials", %{
  59           "pleroma_settings_store" => %{
  60             masto_fe: %{
  61               theme: "blub"
  62             }
  63           }
  64         })
  65
  66       assert user_data = json_response_and_validate_schema(res_conn, 200)
  67
  68       assert user_data["pleroma"]["settings_store"] ==
  69                %{
  70                  "pleroma_fe" => %{"theme" => "bla"},
  71                  "masto_fe" => %{"theme" => "blub"}
  72                }
  73     end
  74
  75     test "updates the user's bio", %{conn: conn} do
  76       user2 = insert(:user)
  77
  78       conn =
  79         patch(conn, "/api/v1/accounts/update_credentials", %{
  80           "note" => "I drink #cofe with @#{user2.nickname}\n\nsuya.."
  81         })
  82
  83       assert user_data = json_response_and_validate_schema(conn, 200)
  84
  85       assert user_data["note"] ==
  86                ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
  87                  user2.id
  88                }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
  89     end
  90
  91     test "updates the user's locking status", %{conn: conn} do
  92       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
  93
  94       assert user_data = json_response_and_validate_schema(conn, 200)
  95       assert user_data["locked"] == true
  96     end
  97
  98     test "updates the user's allow_following_move", %{user: user, conn: conn} do
  99       assert user.allow_following_move == true
 100
 101       conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
 102
 103       assert refresh_record(user).allow_following_move == false
 104       assert user_data = json_response_and_validate_schema(conn, 200)
 105       assert user_data["pleroma"]["allow_following_move"] == false
 106     end
 107
 108     test "updates the user's default scope", %{conn: conn} do
 109       conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
 110
 111       assert user_data = json_response_and_validate_schema(conn, 200)
 112       assert user_data["source"]["privacy"] == "unlisted"
 113     end
 114
 115     test "updates the user's privacy", %{conn: conn} do
 116       conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
 117
 118       assert user_data = json_response_and_validate_schema(conn, 200)
 119       assert user_data["source"]["privacy"] == "unlisted"
 120     end
 121
 122     test "updates the user's hide_followers status", %{conn: conn} do
 123       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
 124
 125       assert user_data = json_response_and_validate_schema(conn, 200)
 126       assert user_data["pleroma"]["hide_followers"] == true
 127     end
 128
 129     test "updates the user's discoverable status", %{conn: conn} do
 130       assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
 131                conn
 132                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
 133                |> json_response_and_validate_schema(:ok)
 134
 135       assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
 136                conn
 137                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
 138                |> json_response_and_validate_schema(:ok)
 139     end
 140
 141     test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
 142       conn =
 143         patch(conn, "/api/v1/accounts/update_credentials", %{
 144           hide_followers_count: "true",
 145           hide_follows_count: "true"
 146         })
 147
 148       assert user_data = json_response_and_validate_schema(conn, 200)
 149       assert user_data["pleroma"]["hide_followers_count"] == true
 150       assert user_data["pleroma"]["hide_follows_count"] == true
 151     end
 152
 153     test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
 154       response =
 155         conn
 156         |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
 157         |> json_response_and_validate_schema(200)
 158
 159       assert response["pleroma"]["skip_thread_containment"] == true
 160       assert refresh_record(user).skip_thread_containment
 161     end
 162
 163     test "updates the user's hide_follows status", %{conn: conn} do
 164       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
 165
 166       assert user_data = json_response_and_validate_schema(conn, 200)
 167       assert user_data["pleroma"]["hide_follows"] == true
 168     end
 169
 170     test "updates the user's hide_favorites status", %{conn: conn} do
 171       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
 172
 173       assert user_data = json_response_and_validate_schema(conn, 200)
 174       assert user_data["pleroma"]["hide_favorites"] == true
 175     end
 176
 177     test "updates the user's show_role status", %{conn: conn} do
 178       conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
 179
 180       assert user_data = json_response_and_validate_schema(conn, 200)
 181       assert user_data["source"]["pleroma"]["show_role"] == false
 182     end
 183
 184     test "updates the user's no_rich_text status", %{conn: conn} do
 185       conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
 186
 187       assert user_data = json_response_and_validate_schema(conn, 200)
 188       assert user_data["source"]["pleroma"]["no_rich_text"] == true
 189     end
 190
 191     test "updates the user's name", %{conn: conn} do
 192       conn =
 193         patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
 194
 195       assert user_data = json_response_and_validate_schema(conn, 200)
 196       assert user_data["display_name"] == "markorepairs"
 197     end
 198
 199     test "updates the user's avatar", %{user: user, conn: conn} do
 200       new_avatar = %Plug.Upload{
 201         content_type: "image/jpg",
 202         path: Path.absname("test/fixtures/image.jpg"),
 203         filename: "an_image.jpg"
 204       }
 205
 206       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
 207
 208       assert user_response = json_response_and_validate_schema(conn, 200)
 209       assert user_response["avatar"] != User.avatar_url(user)
 210     end
 211
 212     test "updates the user's banner", %{user: user, conn: conn} do
 213       new_header = %Plug.Upload{
 214         content_type: "image/jpg",
 215         path: Path.absname("test/fixtures/image.jpg"),
 216         filename: "an_image.jpg"
 217       }
 218
 219       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
 220
 221       assert user_response = json_response_and_validate_schema(conn, 200)
 222       assert user_response["header"] != User.banner_url(user)
 223     end
 224
 225     test "updates the user's background", %{conn: conn} do
 226       new_header = %Plug.Upload{
 227         content_type: "image/jpg",
 228         path: Path.absname("test/fixtures/image.jpg"),
 229         filename: "an_image.jpg"
 230       }
 231
 232       conn =
 233         patch(conn, "/api/v1/accounts/update_credentials", %{
 234           "pleroma_background_image" => new_header
 235         })
 236
 237       assert user_response = json_response_and_validate_schema(conn, 200)
 238       assert user_response["pleroma"]["background_image"]
 239     end
 240
 241     test "requires 'write:accounts' permission" do
 242       token1 = insert(:oauth_token, scopes: ["read"])
 243       token2 = insert(:oauth_token, scopes: ["write", "follow"])
 244
 245       for token <- [token1, token2] do
 246         conn =
 247           build_conn()
 248           |> put_req_header("content-type", "multipart/form-data")
 249           |> put_req_header("authorization", "Bearer #{token.token}")
 250           |> patch("/api/v1/accounts/update_credentials", %{})
 251
 252         if token == token1 do
 253           assert %{"error" => "Insufficient permissions: write:accounts."} ==
 254                    json_response_and_validate_schema(conn, 403)
 255         else
 256           assert json_response_and_validate_schema(conn, 200)
 257         end
 258       end
 259     end
 260
 261     test "updates profile emojos", %{user: user, conn: conn} do
 262       note = "*sips :blank:*"
 263       name = "I am :firefox:"
 264
 265       ret_conn =
 266         patch(conn, "/api/v1/accounts/update_credentials", %{
 267           "note" => note,
 268           "display_name" => name
 269         })
 270
 271       assert json_response_and_validate_schema(ret_conn, 200)
 272
 273       conn = get(conn, "/api/v1/accounts/#{user.id}")
 274
 275       assert user_data = json_response_and_validate_schema(conn, 200)
 276
 277       assert user_data["note"] == note
 278       assert user_data["display_name"] == name
 279       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
 280     end
 281
 282     test "update fields", %{conn: conn} do
 283       fields = [
 284         %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
 285         %{"name" => "link.io", "value" => "cofe.io"}
 286       ]
 287
 288       account_data =
 289         conn
 290         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 291         |> json_response_and_validate_schema(200)
 292
 293       assert account_data["fields"] == [
 294                %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
 295                %{
 296                  "name" => "link.io",
 297                  "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
 298                }
 299              ]
 300
 301       assert account_data["source"]["fields"] == [
 302                %{
 303                  "name" => "<a href=\"http://google.com\">foo</a>",
 304                  "value" => "<script>bar</script>"
 305                },
 306                %{"name" => "link.io", "value" => "cofe.io"}
 307              ]
 308     end
 309
 310     test "update fields via x-www-form-urlencoded", %{conn: conn} do
 311       fields =
 312         [
 313           "fields_attributes[1][name]=link",
 314           "fields_attributes[1][value]=http://cofe.io",
 315           "fields_attributes[0][name]=foo",
 316           "fields_attributes[0][value]=bar"
 317         ]
 318         |> Enum.join("&")
 319
 320       account =
 321         conn
 322         |> put_req_header("content-type", "application/x-www-form-urlencoded")
 323         |> patch("/api/v1/accounts/update_credentials", fields)
 324         |> json_response_and_validate_schema(200)
 325
 326       assert account["fields"] == [
 327                %{"name" => "foo", "value" => "bar"},
 328                %{
 329                  "name" => "link",
 330                  "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
 331                }
 332              ]
 333
 334       assert account["source"]["fields"] == [
 335                %{"name" => "foo", "value" => "bar"},
 336                %{"name" => "link", "value" => "http://cofe.io"}
 337              ]
 338     end
 339
 340     test "update fields with empty name", %{conn: conn} do
 341       fields = [
 342         %{"name" => "foo", "value" => ""},
 343         %{"name" => "", "value" => "bar"}
 344       ]
 345
 346       account =
 347         conn
 348         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 349         |> json_response_and_validate_schema(200)
 350
 351       assert account["fields"] == [
 352                %{"name" => "foo", "value" => ""}
 353              ]
 354     end
 355
 356     test "update fields when invalid request", %{conn: conn} do
 357       name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
 358       value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
 359
 360       long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
 361       long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
 362
 363       fields = [%{"name" => "foo", "value" => long_value}]
 364
 365       assert %{"error" => "Invalid request"} ==
 366                conn
 367                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 368                |> json_response_and_validate_schema(403)
 369
 370       fields = [%{"name" => long_name, "value" => "bar"}]
 371
 372       assert %{"error" => "Invalid request"} ==
 373                conn
 374                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 375                |> json_response_and_validate_schema(403)
 376
 377       Pleroma.Config.put([:instance, :max_account_fields], 1)
 378
 379       fields = [
 380         %{"name" => "foo", "value" => "bar"},
 381         %{"name" => "link", "value" => "cofe.io"}
 382       ]
 383
 384       assert %{"error" => "Invalid request"} ==
 385                conn
 386                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 387                |> json_response_and_validate_schema(403)
 388     end
 389   end
 390 end