1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
11 import Pleroma.Factory
13 setup do: clear_config([:instance, :max_account_fields])
15 describe "updating credentials" do
16 setup do: oauth_access(["write:accounts"])
18 test "sets user settings in a generic way", %{conn: conn} do
20 patch(conn, "/api/v1/accounts/update_credentials", %{
21 "pleroma_settings_store" => %{
28 assert user_data = json_response(res_conn, 200)
29 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
31 user = Repo.get(User, user_data["id"])
35 |> assign(:user, user)
36 |> patch("/api/v1/accounts/update_credentials", %{
37 "pleroma_settings_store" => %{
44 assert user_data = json_response(res_conn, 200)
46 assert user_data["pleroma"]["settings_store"] ==
48 "pleroma_fe" => %{"theme" => "bla"},
49 "masto_fe" => %{"theme" => "bla"}
52 user = Repo.get(User, user_data["id"])
56 |> assign(:user, user)
57 |> patch("/api/v1/accounts/update_credentials", %{
58 "pleroma_settings_store" => %{
65 assert user_data = json_response(res_conn, 200)
67 assert user_data["pleroma"]["settings_store"] ==
69 "pleroma_fe" => %{"theme" => "bla"},
70 "masto_fe" => %{"theme" => "blub"}
74 test "updates the user's bio", %{conn: conn} do
78 patch(conn, "/api/v1/accounts/update_credentials", %{
79 "note" => "I drink #cofe with @#{user2.nickname}\n\nsuya.."
82 assert user_data = json_response(conn, 200)
84 assert user_data["note"] ==
85 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{
87 }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
90 test "updates the user's locking status", %{conn: conn} do
91 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
93 assert user_data = json_response(conn, 200)
94 assert user_data["locked"] == true
97 test "updates the user's allow_following_move", %{user: user, conn: conn} do
98 assert user.allow_following_move == true
100 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
102 assert refresh_record(user).allow_following_move == false
103 assert user_data = json_response(conn, 200)
104 assert user_data["pleroma"]["allow_following_move"] == false
107 test "updates the user's default scope", %{conn: conn} do
108 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
110 assert user_data = json_response(conn, 200)
111 assert user_data["source"]["privacy"] == "cofe"
114 test "updates the user's hide_followers status", %{conn: conn} do
115 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
117 assert user_data = json_response(conn, 200)
118 assert user_data["pleroma"]["hide_followers"] == true
121 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
123 patch(conn, "/api/v1/accounts/update_credentials", %{
124 hide_followers_count: "true",
125 hide_follows_count: "true"
128 assert user_data = json_response(conn, 200)
129 assert user_data["pleroma"]["hide_followers_count"] == true
130 assert user_data["pleroma"]["hide_follows_count"] == true
133 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
136 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
137 |> json_response(200)
139 assert response["pleroma"]["skip_thread_containment"] == true
140 assert refresh_record(user).skip_thread_containment
143 test "updates the user's hide_follows status", %{conn: conn} do
144 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
146 assert user_data = json_response(conn, 200)
147 assert user_data["pleroma"]["hide_follows"] == true
150 test "updates the user's hide_favorites status", %{conn: conn} do
151 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
153 assert user_data = json_response(conn, 200)
154 assert user_data["pleroma"]["hide_favorites"] == true
157 test "updates the user's show_role status", %{conn: conn} do
158 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
160 assert user_data = json_response(conn, 200)
161 assert user_data["source"]["pleroma"]["show_role"] == false
164 test "updates the user's no_rich_text status", %{conn: conn} do
165 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
167 assert user_data = json_response(conn, 200)
168 assert user_data["source"]["pleroma"]["no_rich_text"] == true
171 test "updates the user's name", %{conn: conn} do
173 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
175 assert user_data = json_response(conn, 200)
176 assert user_data["display_name"] == "markorepairs"
179 test "updates the user's avatar", %{user: user, conn: conn} do
180 new_avatar = %Plug.Upload{
181 content_type: "image/jpg",
182 path: Path.absname("test/fixtures/image.jpg"),
183 filename: "an_image.jpg"
186 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
188 assert user_response = json_response(conn, 200)
189 assert user_response["avatar"] != User.avatar_url(user)
192 test "updates the user's banner", %{user: user, conn: conn} do
193 new_header = %Plug.Upload{
194 content_type: "image/jpg",
195 path: Path.absname("test/fixtures/image.jpg"),
196 filename: "an_image.jpg"
199 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
201 assert user_response = json_response(conn, 200)
202 assert user_response["header"] != User.banner_url(user)
205 test "updates the user's background", %{conn: conn} do
206 new_header = %Plug.Upload{
207 content_type: "image/jpg",
208 path: Path.absname("test/fixtures/image.jpg"),
209 filename: "an_image.jpg"
213 patch(conn, "/api/v1/accounts/update_credentials", %{
214 "pleroma_background_image" => new_header
217 assert user_response = json_response(conn, 200)
218 assert user_response["pleroma"]["background_image"]
221 test "requires 'write:accounts' permission" do
222 token1 = insert(:oauth_token, scopes: ["read"])
223 token2 = insert(:oauth_token, scopes: ["write", "follow"])
225 for token <- [token1, token2] do
228 |> put_req_header("authorization", "Bearer #{token.token}")
229 |> patch("/api/v1/accounts/update_credentials", %{})
231 if token == token1 do
232 assert %{"error" => "Insufficient permissions: write:accounts."} ==
233 json_response(conn, 403)
235 assert json_response(conn, 200)
240 test "updates profile emojos", %{user: user, conn: conn} do
241 note = "*sips :blank:*"
242 name = "I am :firefox:"
245 patch(conn, "/api/v1/accounts/update_credentials", %{
247 "display_name" => name
250 assert json_response(ret_conn, 200)
252 conn = get(conn, "/api/v1/accounts/#{user.id}")
254 assert user_data = json_response(conn, 200)
256 assert user_data["note"] == note
257 assert user_data["display_name"] == name
258 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
261 test "update fields", %{conn: conn} do
263 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
264 %{"name" => "link", "value" => "cofe.io"}
269 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
270 |> json_response(200)
272 assert account_data["fields"] == [
273 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
274 %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
277 assert account_data["source"]["fields"] == [
279 "name" => "<a href=\"http://google.com\">foo</a>",
280 "value" => "<script>bar</script>"
282 %{"name" => "link", "value" => "cofe.io"}
287 "fields_attributes[1][name]=link",
288 "fields_attributes[1][value]=cofe.io",
289 "fields_attributes[0][name]=<a href=\"http://google.com\">foo</a>",
290 "fields_attributes[0][value]=bar"
296 |> put_req_header("content-type", "application/x-www-form-urlencoded")
297 |> patch("/api/v1/accounts/update_credentials", fields)
298 |> json_response(200)
300 assert account["fields"] == [
301 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
302 %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
305 assert account["source"]["fields"] == [
307 "name" => "<a href=\"http://google.com\">foo</a>",
310 %{"name" => "link", "value" => "cofe.io"}
313 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
314 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
316 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
318 fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
320 assert %{"error" => "Invalid request"} ==
322 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
323 |> json_response(403)
325 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
327 fields = [%{"name" => long_name, "value" => "bar"}]
329 assert %{"error" => "Invalid request"} ==
331 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
332 |> json_response(403)
334 Pleroma.Config.put([:instance, :max_account_fields], 1)
337 %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
338 %{"name" => "link", "value" => "cofe.io"}
341 assert %{"error" => "Invalid request"} ==
343 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
344 |> json_response(403)
347 %{"name" => "foo", "value" => ""},
348 %{"name" => "", "value" => "bar"}
353 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
354 |> json_response(200)
356 assert account["fields"] == [
357 %{"name" => "foo", "value" => ""}