1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
12 import Pleroma.Factory
14 setup do: clear_config([:instance, :max_account_fields])
16 describe "updating credentials" do
17 setup do: oauth_access(["write:accounts"])
18 setup :request_content_type
20 test "sets user settings in a generic way", %{conn: conn} do
22 patch(conn, "/api/v1/accounts/update_credentials", %{
23 "pleroma_settings_store" => %{
30 assert user_data = json_response_and_validate_schema(res_conn, 200)
31 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
33 user = Repo.get(User, user_data["id"])
37 |> assign(:user, user)
38 |> patch("/api/v1/accounts/update_credentials", %{
39 "pleroma_settings_store" => %{
46 assert user_data = json_response_and_validate_schema(res_conn, 200)
48 assert user_data["pleroma"]["settings_store"] ==
50 "pleroma_fe" => %{"theme" => "bla"},
51 "masto_fe" => %{"theme" => "bla"}
54 user = Repo.get(User, user_data["id"])
56 clear_config([:instance, :federating], true)
58 with_mock Pleroma.Web.Federator,
59 publish: fn _activity -> :ok end do
62 |> assign(:user, user)
63 |> patch("/api/v1/accounts/update_credentials", %{
64 "pleroma_settings_store" => %{
71 assert user_data = json_response_and_validate_schema(res_conn, 200)
73 assert user_data["pleroma"]["settings_store"] ==
75 "pleroma_fe" => %{"theme" => "bla"},
76 "masto_fe" => %{"theme" => "blub"}
79 assert_called(Pleroma.Web.Federator.publish(:_))
83 test "updates the user's bio", %{conn: conn} do
86 raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
88 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
90 assert user_data = json_response_and_validate_schema(conn, 200)
92 assert user_data["note"] ==
93 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
95 }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
97 assert user_data["source"]["note"] == raw_bio
99 user = Repo.get(User, user_data["id"])
101 assert user.raw_bio == raw_bio
104 test "updates the user's locking status", %{conn: conn} do
105 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
107 assert user_data = json_response_and_validate_schema(conn, 200)
108 assert user_data["locked"] == true
111 test "updates the user's chat acceptance status", %{conn: conn} do
112 conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
114 assert user_data = json_response_and_validate_schema(conn, 200)
115 assert user_data["pleroma"]["accepts_chat_messages"] == false
118 test "updates the user's allow_following_move", %{user: user, conn: conn} do
119 assert user.allow_following_move == true
121 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
123 assert refresh_record(user).allow_following_move == false
124 assert user_data = json_response_and_validate_schema(conn, 200)
125 assert user_data["pleroma"]["allow_following_move"] == false
128 test "updates the user's default scope", %{conn: conn} do
129 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
131 assert user_data = json_response_and_validate_schema(conn, 200)
132 assert user_data["source"]["privacy"] == "unlisted"
135 test "updates the user's privacy", %{conn: conn} do
136 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
138 assert user_data = json_response_and_validate_schema(conn, 200)
139 assert user_data["source"]["privacy"] == "unlisted"
142 test "updates the user's hide_followers status", %{conn: conn} do
143 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
145 assert user_data = json_response_and_validate_schema(conn, 200)
146 assert user_data["pleroma"]["hide_followers"] == true
149 test "updates the user's discoverable status", %{conn: conn} do
150 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
152 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
153 |> json_response_and_validate_schema(:ok)
155 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
157 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
158 |> json_response_and_validate_schema(:ok)
161 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
163 patch(conn, "/api/v1/accounts/update_credentials", %{
164 hide_followers_count: "true",
165 hide_follows_count: "true"
168 assert user_data = json_response_and_validate_schema(conn, 200)
169 assert user_data["pleroma"]["hide_followers_count"] == true
170 assert user_data["pleroma"]["hide_follows_count"] == true
173 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
176 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
177 |> json_response_and_validate_schema(200)
179 assert response["pleroma"]["skip_thread_containment"] == true
180 assert refresh_record(user).skip_thread_containment
183 test "updates the user's hide_follows status", %{conn: conn} do
184 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
186 assert user_data = json_response_and_validate_schema(conn, 200)
187 assert user_data["pleroma"]["hide_follows"] == true
190 test "updates the user's hide_favorites status", %{conn: conn} do
191 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
193 assert user_data = json_response_and_validate_schema(conn, 200)
194 assert user_data["pleroma"]["hide_favorites"] == true
197 test "updates the user's show_role status", %{conn: conn} do
198 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
200 assert user_data = json_response_and_validate_schema(conn, 200)
201 assert user_data["source"]["pleroma"]["show_role"] == false
204 test "updates the user's no_rich_text status", %{conn: conn} do
205 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
207 assert user_data = json_response_and_validate_schema(conn, 200)
208 assert user_data["source"]["pleroma"]["no_rich_text"] == true
211 test "updates the user's name", %{conn: conn} do
213 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
215 assert user_data = json_response_and_validate_schema(conn, 200)
216 assert user_data["display_name"] == "markorepairs"
219 test "updates the user's avatar", %{user: user, conn: conn} do
220 new_avatar = %Plug.Upload{
221 content_type: "image/jpg",
222 path: Path.absname("test/fixtures/image.jpg"),
223 filename: "an_image.jpg"
226 assert user.avatar == %{}
228 res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
230 assert user_response = json_response_and_validate_schema(res, 200)
231 assert user_response["avatar"] != User.avatar_url(user)
233 user = User.get_by_id(user.id)
234 refute user.avatar == %{}
237 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
239 user = User.get_by_id(user.id)
240 assert user.avatar == nil
243 test "updates the user's banner", %{user: user, conn: conn} do
244 new_header = %Plug.Upload{
245 content_type: "image/jpg",
246 path: Path.absname("test/fixtures/image.jpg"),
247 filename: "an_image.jpg"
250 res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
252 assert user_response = json_response_and_validate_schema(res, 200)
253 assert user_response["header"] != User.banner_url(user)
256 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
258 user = User.get_by_id(user.id)
259 assert user.banner == nil
262 test "updates the user's background", %{conn: conn, user: user} do
263 new_header = %Plug.Upload{
264 content_type: "image/jpg",
265 path: Path.absname("test/fixtures/image.jpg"),
266 filename: "an_image.jpg"
270 patch(conn, "/api/v1/accounts/update_credentials", %{
271 "pleroma_background_image" => new_header
274 assert user_response = json_response_and_validate_schema(res, 200)
275 assert user_response["pleroma"]["background_image"]
279 patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
281 user = User.get_by_id(user.id)
282 assert user.background == nil
285 test "requires 'write:accounts' permission" do
286 token1 = insert(:oauth_token, scopes: ["read"])
287 token2 = insert(:oauth_token, scopes: ["write", "follow"])
289 for token <- [token1, token2] do
292 |> put_req_header("content-type", "multipart/form-data")
293 |> put_req_header("authorization", "Bearer #{token.token}")
294 |> patch("/api/v1/accounts/update_credentials", %{})
296 if token == token1 do
297 assert %{"error" => "Insufficient permissions: write:accounts."} ==
298 json_response_and_validate_schema(conn, 403)
300 assert json_response_and_validate_schema(conn, 200)
305 test "updates profile emojos", %{user: user, conn: conn} do
306 note = "*sips :blank:*"
307 name = "I am :firefox:"
310 patch(conn, "/api/v1/accounts/update_credentials", %{
312 "display_name" => name
315 assert json_response_and_validate_schema(ret_conn, 200)
317 conn = get(conn, "/api/v1/accounts/#{user.id}")
319 assert user_data = json_response_and_validate_schema(conn, 200)
321 assert user_data["note"] == note
322 assert user_data["display_name"] == name
323 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
326 test "update fields", %{conn: conn} do
328 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
329 %{"name" => "link.io", "value" => "cofe.io"}
334 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
335 |> json_response_and_validate_schema(200)
337 assert account_data["fields"] == [
338 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
341 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
345 assert account_data["source"]["fields"] == [
347 "name" => "<a href=\"http://google.com\">foo</a>",
348 "value" => "<script>bar</script>"
350 %{"name" => "link.io", "value" => "cofe.io"}
354 test "update fields via x-www-form-urlencoded", %{conn: conn} do
357 "fields_attributes[1][name]=link",
358 "fields_attributes[1][value]=http://cofe.io",
359 "fields_attributes[0][name]=foo",
360 "fields_attributes[0][value]=bar"
366 |> put_req_header("content-type", "application/x-www-form-urlencoded")
367 |> patch("/api/v1/accounts/update_credentials", fields)
368 |> json_response_and_validate_schema(200)
370 assert account["fields"] == [
371 %{"name" => "foo", "value" => "bar"},
374 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
378 assert account["source"]["fields"] == [
379 %{"name" => "foo", "value" => "bar"},
380 %{"name" => "link", "value" => "http://cofe.io"}
384 test "update fields with empty name", %{conn: conn} do
386 %{"name" => "foo", "value" => ""},
387 %{"name" => "", "value" => "bar"}
392 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
393 |> json_response_and_validate_schema(200)
395 assert account["fields"] == [
396 %{"name" => "foo", "value" => ""}
400 test "update fields when invalid request", %{conn: conn} do
401 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
402 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
404 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
405 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
407 fields = [%{"name" => "foo", "value" => long_value}]
409 assert %{"error" => "Invalid request"} ==
411 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
412 |> json_response_and_validate_schema(403)
414 fields = [%{"name" => long_name, "value" => "bar"}]
416 assert %{"error" => "Invalid request"} ==
418 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
419 |> json_response_and_validate_schema(403)
421 Pleroma.Config.put([:instance, :max_account_fields], 1)
424 %{"name" => "foo", "value" => "bar"},
425 %{"name" => "link", "value" => "cofe.io"}
428 assert %{"error" => "Invalid request"} ==
430 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
431 |> json_response_and_validate_schema(403)
435 describe "Mark account as bot" do
436 setup do: oauth_access(["write:accounts"])
437 setup :request_content_type
439 test "changing actor_type to Service makes account a bot", %{conn: conn} do
442 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
443 |> json_response_and_validate_schema(200)
445 assert account["bot"]
446 assert account["source"]["pleroma"]["actor_type"] == "Service"
449 test "changing actor_type to Person makes account a human", %{conn: conn} do
452 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
453 |> json_response_and_validate_schema(200)
455 refute account["bot"]
456 assert account["source"]["pleroma"]["actor_type"] == "Person"
459 test "changing actor_type to Application causes error", %{conn: conn} do
462 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
463 |> json_response_and_validate_schema(403)
465 assert %{"error" => "Invalid request"} == response
468 test "changing bot field to true changes actor_type to Service", %{conn: conn} do
471 |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
472 |> json_response_and_validate_schema(200)
474 assert account["bot"]
475 assert account["source"]["pleroma"]["actor_type"] == "Service"
478 test "changing bot field to false changes actor_type to Person", %{conn: conn} do
481 |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
482 |> json_response_and_validate_schema(200)
484 refute account["bot"]
485 assert account["source"]["pleroma"]["actor_type"] == "Person"
488 test "actor_type field has a higher priority than bot", %{conn: conn} do
491 |> patch("/api/v1/accounts/update_credentials", %{
492 actor_type: "Person",
495 |> json_response_and_validate_schema(200)
497 refute account["bot"]
498 assert account["source"]["pleroma"]["actor_type"] == "Person"