1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
11 import Pleroma.Factory
12 clear_config([:instance, :max_account_fields])
14 describe "updating credentials" do
15 test "sets user settings in a generic way", %{conn: conn} do
20 |> assign(:user, user)
21 |> patch("/api/v1/accounts/update_credentials", %{
22 "pleroma_settings_store" => %{
29 assert user = json_response(res_conn, 200)
30 assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
32 user = Repo.get(User, user["id"])
36 |> assign(:user, user)
37 |> patch("/api/v1/accounts/update_credentials", %{
38 "pleroma_settings_store" => %{
45 assert user = json_response(res_conn, 200)
47 assert user["pleroma"]["settings_store"] ==
49 "pleroma_fe" => %{"theme" => "bla"},
50 "masto_fe" => %{"theme" => "bla"}
53 user = Repo.get(User, user["id"])
57 |> assign(:user, user)
58 |> patch("/api/v1/accounts/update_credentials", %{
59 "pleroma_settings_store" => %{
66 assert user = json_response(res_conn, 200)
68 assert user["pleroma"]["settings_store"] ==
70 "pleroma_fe" => %{"theme" => "bla"},
71 "masto_fe" => %{"theme" => "blub"}
75 test "updates the user's bio", %{conn: conn} do
81 |> assign(:user, user)
82 |> patch("/api/v1/accounts/update_credentials", %{
83 "note" => "I drink #cofe with @#{user2.nickname}"
86 assert user = json_response(conn, 200)
88 assert user["note"] ==
89 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{
91 }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span>)
94 test "updates the user's locking status", %{conn: conn} do
99 |> assign(:user, user)
100 |> patch("/api/v1/accounts/update_credentials", %{locked: "true"})
102 assert user = json_response(conn, 200)
103 assert user["locked"] == true
106 test "updates the user's allow_following_move", %{conn: conn} do
109 assert user.allow_following_move == true
113 |> assign(:user, user)
114 |> patch("/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
116 assert refresh_record(user).allow_following_move == false
117 assert user = json_response(conn, 200)
118 assert user["pleroma"]["allow_following_move"] == false
121 test "updates the user's default scope", %{conn: conn} do
126 |> assign(:user, user)
127 |> patch("/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
129 assert user = json_response(conn, 200)
130 assert user["source"]["privacy"] == "cofe"
133 test "updates the user's hide_followers status", %{conn: conn} do
138 |> assign(:user, user)
139 |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
141 assert user = json_response(conn, 200)
142 assert user["pleroma"]["hide_followers"] == true
145 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
150 |> assign(:user, user)
151 |> patch("/api/v1/accounts/update_credentials", %{
152 hide_followers_count: "true",
153 hide_follows_count: "true"
156 assert user = json_response(conn, 200)
157 assert user["pleroma"]["hide_followers_count"] == true
158 assert user["pleroma"]["hide_follows_count"] == true
161 test "updates the user's skip_thread_containment option", %{conn: conn} do
166 |> assign(:user, user)
167 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
168 |> json_response(200)
170 assert response["pleroma"]["skip_thread_containment"] == true
171 assert refresh_record(user).skip_thread_containment
174 test "updates the user's hide_follows status", %{conn: conn} do
179 |> assign(:user, user)
180 |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
182 assert user = json_response(conn, 200)
183 assert user["pleroma"]["hide_follows"] == true
186 test "updates the user's hide_favorites status", %{conn: conn} do
191 |> assign(:user, user)
192 |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
194 assert user = json_response(conn, 200)
195 assert user["pleroma"]["hide_favorites"] == true
198 test "updates the user's show_role status", %{conn: conn} do
203 |> assign(:user, user)
204 |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
206 assert user = json_response(conn, 200)
207 assert user["source"]["pleroma"]["show_role"] == false
210 test "updates the user's no_rich_text status", %{conn: conn} do
215 |> assign(:user, user)
216 |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
218 assert user = json_response(conn, 200)
219 assert user["source"]["pleroma"]["no_rich_text"] == true
222 test "updates the user's name", %{conn: conn} do
227 |> assign(:user, user)
228 |> patch("/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
230 assert user = json_response(conn, 200)
231 assert user["display_name"] == "markorepairs"
234 test "updates the user's avatar", %{conn: conn} do
237 new_avatar = %Plug.Upload{
238 content_type: "image/jpg",
239 path: Path.absname("test/fixtures/image.jpg"),
240 filename: "an_image.jpg"
245 |> assign(:user, user)
246 |> patch("/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
248 assert user_response = json_response(conn, 200)
249 assert user_response["avatar"] != User.avatar_url(user)
252 test "updates the user's banner", %{conn: conn} do
255 new_header = %Plug.Upload{
256 content_type: "image/jpg",
257 path: Path.absname("test/fixtures/image.jpg"),
258 filename: "an_image.jpg"
263 |> assign(:user, user)
264 |> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
266 assert user_response = json_response(conn, 200)
267 assert user_response["header"] != User.banner_url(user)
270 test "updates the user's background", %{conn: conn} do
273 new_header = %Plug.Upload{
274 content_type: "image/jpg",
275 path: Path.absname("test/fixtures/image.jpg"),
276 filename: "an_image.jpg"
281 |> assign(:user, user)
282 |> patch("/api/v1/accounts/update_credentials", %{
283 "pleroma_background_image" => new_header
286 assert user_response = json_response(conn, 200)
287 assert user_response["pleroma"]["background_image"]
290 test "requires 'write:accounts' permission", %{conn: conn} do
291 token1 = insert(:oauth_token, scopes: ["read"])
292 token2 = insert(:oauth_token, scopes: ["write", "follow"])
294 for token <- [token1, token2] do
297 |> put_req_header("authorization", "Bearer #{token.token}")
298 |> patch("/api/v1/accounts/update_credentials", %{})
300 if token == token1 do
301 assert %{"error" => "Insufficient permissions: write:accounts."} ==
302 json_response(conn, 403)
304 assert json_response(conn, 200)
309 test "updates profile emojos", %{conn: conn} do
312 note = "*sips :blank:*"
313 name = "I am :firefox:"
317 |> assign(:user, user)
318 |> patch("/api/v1/accounts/update_credentials", %{
320 "display_name" => name
323 assert json_response(conn, 200)
327 |> get("/api/v1/accounts/#{user.id}")
329 assert user = json_response(conn, 200)
331 assert user["note"] == note
332 assert user["display_name"] == name
333 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user["emojis"]
336 test "update fields", %{conn: conn} do
340 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
341 %{"name" => "link", "value" => "cofe.io"}
346 |> assign(:user, user)
347 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
348 |> json_response(200)
350 assert account["fields"] == [
351 %{"name" => "foo", "value" => "bar"},
352 %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
355 assert account["source"]["fields"] == [
357 "name" => "<a href=\"http://google.com\">foo</a>",
358 "value" => "<script>bar</script>"
360 %{"name" => "link", "value" => "cofe.io"}
365 "fields_attributes[1][name]=link",
366 "fields_attributes[1][value]=cofe.io",
367 "fields_attributes[0][name]=<a href=\"http://google.com\">foo</a>",
368 "fields_attributes[0][value]=bar"
374 |> put_req_header("content-type", "application/x-www-form-urlencoded")
375 |> assign(:user, user)
376 |> patch("/api/v1/accounts/update_credentials", fields)
377 |> json_response(200)
379 assert account["fields"] == [
380 %{"name" => "foo", "value" => "bar"},
381 %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
384 assert account["source"]["fields"] == [
386 "name" => "<a href=\"http://google.com\">foo</a>",
389 %{"name" => "link", "value" => "cofe.io"}
392 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
393 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
395 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
397 fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
399 assert %{"error" => "Invalid request"} ==
401 |> assign(:user, user)
402 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
403 |> json_response(403)
405 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
407 fields = [%{"name" => long_name, "value" => "bar"}]
409 assert %{"error" => "Invalid request"} ==
411 |> assign(:user, user)
412 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
413 |> json_response(403)
415 Pleroma.Config.put([:instance, :max_account_fields], 1)
418 %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
419 %{"name" => "link", "value" => "cofe.io"}
422 assert %{"error" => "Invalid request"} ==
424 |> assign(:user, user)
425 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
426 |> json_response(403)
429 %{"name" => "foo", "value" => ""},
430 %{"name" => "", "value" => "bar"}
435 |> assign(:user, user)
436 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
437 |> json_response(200)
439 assert account["fields"] == [
440 %{"name" => "foo", "value" => ""}