1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.ActivityPub.InternalFetchActor
12 alias Pleroma.Web.CommonAPI
13 alias Pleroma.Web.OAuth.Token
15 import Pleroma.Factory
17 describe "account fetching" do
23 |> get("/api/v1/accounts/#{user.id}")
25 assert %{"id" => id} = json_response(conn, 200)
26 assert id == to_string(user.id)
30 |> get("/api/v1/accounts/-1")
32 assert %{"error" => "Can't find user"} = json_response(conn, 404)
35 test "works by nickname" do
40 |> get("/api/v1/accounts/#{user.nickname}")
42 assert %{"id" => id} = json_response(conn, 200)
46 test "works by nickname for remote users" do
47 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
48 Pleroma.Config.put([:instance, :limit_to_local_content], false)
49 user = insert(:user, nickname: "user@example.com", local: false)
53 |> get("/api/v1/accounts/#{user.nickname}")
55 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
56 assert %{"id" => id} = json_response(conn, 200)
60 test "respects limit_to_local_content == :all for remote user nicknames" do
61 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
62 Pleroma.Config.put([:instance, :limit_to_local_content], :all)
64 user = insert(:user, nickname: "user@example.com", local: false)
68 |> get("/api/v1/accounts/#{user.nickname}")
70 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
71 assert json_response(conn, 404)
74 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
75 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
76 Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
78 user = insert(:user, nickname: "user@example.com", local: false)
79 reading_user = insert(:user)
83 |> get("/api/v1/accounts/#{user.nickname}")
85 assert json_response(conn, 404)
89 |> assign(:user, reading_user)
90 |> assign(:token, insert(:oauth_token, user: reading_user, scopes: ["read:accounts"]))
91 |> get("/api/v1/accounts/#{user.nickname}")
93 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
94 assert %{"id" => id} = json_response(conn, 200)
98 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
99 # Need to set an old-style integer ID to reproduce the problem
100 # (these are no longer assigned to new accounts but were preserved
101 # for existing accounts during the migration to flakeIDs)
102 user_one = insert(:user, %{id: 1212})
103 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
107 |> get("/api/v1/accounts/#{user_one.id}")
111 |> get("/api/v1/accounts/#{user_two.nickname}")
115 |> get("/api/v1/accounts/#{user_two.id}")
117 acc_one = json_response(resp_one, 200)
118 acc_two = json_response(resp_two, 200)
119 acc_three = json_response(resp_three, 200)
120 refute acc_one == acc_two
121 assert acc_two == acc_three
124 test "returns 404 when user is invisible", %{conn: conn} do
125 user = insert(:user, %{invisible: true})
129 |> get("/api/v1/accounts/#{user.nickname}")
130 |> json_response(404)
132 assert %{"error" => "Can't find user"} = resp
135 test "returns 404 for internal.fetch actor", %{conn: conn} do
136 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
140 |> get("/api/v1/accounts/internal.fetch")
141 |> json_response(404)
143 assert %{"error" => "Can't find user"} = resp
147 describe "user timelines" do
148 setup do: oauth_access(["read:statuses"])
150 test "respects blocks", %{user: user_one, conn: conn} do
151 user_two = insert(:user)
152 user_three = insert(:user)
154 User.block(user_one, user_two)
156 {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
157 {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
159 resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
161 assert [%{"id" => id}] = json_response(resp, 200)
162 assert id == activity.id
164 # Even a blocked user will deliver the full user timeline, there would be
165 # no point in looking at a blocked users timeline otherwise
166 resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
168 assert [%{"id" => id}] = json_response(resp, 200)
169 assert id == activity.id
171 # Third user's timeline includes the repeat when viewed by unauthenticated user
172 resp = get(build_conn(), "/api/v1/accounts/#{user_three.id}/statuses")
173 assert [%{"id" => id}] = json_response(resp, 200)
174 assert id == repeat.id
176 # When viewing a third user's timeline, the blocked users' statuses will NOT be shown
177 resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses")
179 assert [] = json_response(resp, 200)
182 test "gets users statuses", %{conn: conn} do
183 user_one = insert(:user)
184 user_two = insert(:user)
185 user_three = insert(:user)
187 {:ok, _user_three} = User.follow(user_three, user_one)
189 {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
191 {:ok, direct_activity} =
192 CommonAPI.post(user_one, %{
193 "status" => "Hi, @#{user_two.nickname}.",
194 "visibility" => "direct"
197 {:ok, private_activity} =
198 CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
200 resp = get(conn, "/api/v1/accounts/#{user_one.id}/statuses")
202 assert [%{"id" => id}] = json_response(resp, 200)
203 assert id == to_string(activity.id)
207 |> assign(:user, user_two)
208 |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
209 |> get("/api/v1/accounts/#{user_one.id}/statuses")
211 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
212 assert id_one == to_string(direct_activity.id)
213 assert id_two == to_string(activity.id)
217 |> assign(:user, user_three)
218 |> assign(:token, insert(:oauth_token, user: user_three, scopes: ["read:statuses"]))
219 |> get("/api/v1/accounts/#{user_one.id}/statuses")
221 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
222 assert id_one == to_string(private_activity.id)
223 assert id_two == to_string(activity.id)
226 test "unimplemented pinned statuses feature", %{conn: conn} do
227 note = insert(:note_activity)
228 user = User.get_cached_by_ap_id(note.data["actor"])
230 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?pinned=true")
232 assert json_response(conn, 200) == []
235 test "gets an users media", %{conn: conn} do
236 note = insert(:note_activity)
237 user = User.get_cached_by_ap_id(note.data["actor"])
240 content_type: "image/jpg",
241 path: Path.absname("test/fixtures/image.jpg"),
242 filename: "an_image.jpg"
245 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
247 {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
249 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
251 assert [%{"id" => id}] = json_response(conn, 200)
252 assert id == to_string(image_post.id)
254 conn = get(build_conn(), "/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
256 assert [%{"id" => id}] = json_response(conn, 200)
257 assert id == to_string(image_post.id)
260 test "gets a user's statuses without reblogs", %{user: user, conn: conn} do
261 {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
262 {:ok, _, _} = CommonAPI.repeat(post.id, user)
264 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
266 assert [%{"id" => id}] = json_response(conn, 200)
267 assert id == to_string(post.id)
269 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
271 assert [%{"id" => id}] = json_response(conn, 200)
272 assert id == to_string(post.id)
275 test "filters user's statuses by a hashtag", %{user: user, conn: conn} do
276 {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
277 {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
279 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
281 assert [%{"id" => id}] = json_response(conn, 200)
282 assert id == to_string(post.id)
285 test "the user views their own timelines and excludes direct messages", %{
289 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
290 {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
293 get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
295 assert [%{"id" => id}] = json_response(conn, 200)
296 assert id == to_string(public_activity.id)
300 describe "followers" do
301 setup do: oauth_access(["read:accounts"])
303 test "getting followers", %{user: user, conn: conn} do
304 other_user = insert(:user)
305 {:ok, user} = User.follow(user, other_user)
307 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
309 assert [%{"id" => id}] = json_response(conn, 200)
310 assert id == to_string(user.id)
313 test "getting followers, hide_followers", %{user: user, conn: conn} do
314 other_user = insert(:user, hide_followers: true)
315 {:ok, _user} = User.follow(user, other_user)
317 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
319 assert [] == json_response(conn, 200)
322 test "getting followers, hide_followers, same user requesting" do
324 other_user = insert(:user, hide_followers: true)
325 {:ok, _user} = User.follow(user, other_user)
329 |> assign(:user, other_user)
330 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
331 |> get("/api/v1/accounts/#{other_user.id}/followers")
333 refute [] == json_response(conn, 200)
336 test "getting followers, pagination", %{user: user, conn: conn} do
337 follower1 = insert(:user)
338 follower2 = insert(:user)
339 follower3 = insert(:user)
340 {:ok, _} = User.follow(follower1, user)
341 {:ok, _} = User.follow(follower2, user)
342 {:ok, _} = User.follow(follower3, user)
344 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
346 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
347 assert id3 == follower3.id
348 assert id2 == follower2.id
350 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
352 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
353 assert id2 == follower2.id
354 assert id1 == follower1.id
356 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
358 assert [%{"id" => id2}] = json_response(res_conn, 200)
359 assert id2 == follower2.id
361 assert [link_header] = get_resp_header(res_conn, "link")
362 assert link_header =~ ~r/min_id=#{follower2.id}/
363 assert link_header =~ ~r/max_id=#{follower2.id}/
367 describe "following" do
368 setup do: oauth_access(["read:accounts"])
370 test "getting following", %{user: user, conn: conn} do
371 other_user = insert(:user)
372 {:ok, user} = User.follow(user, other_user)
374 conn = get(conn, "/api/v1/accounts/#{user.id}/following")
376 assert [%{"id" => id}] = json_response(conn, 200)
377 assert id == to_string(other_user.id)
380 test "getting following, hide_follows, other user requesting" do
381 user = insert(:user, hide_follows: true)
382 other_user = insert(:user)
383 {:ok, user} = User.follow(user, other_user)
387 |> assign(:user, other_user)
388 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
389 |> get("/api/v1/accounts/#{user.id}/following")
391 assert [] == json_response(conn, 200)
394 test "getting following, hide_follows, same user requesting" do
395 user = insert(:user, hide_follows: true)
396 other_user = insert(:user)
397 {:ok, user} = User.follow(user, other_user)
401 |> assign(:user, user)
402 |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:accounts"]))
403 |> get("/api/v1/accounts/#{user.id}/following")
405 refute [] == json_response(conn, 200)
408 test "getting following, pagination", %{user: user, conn: conn} do
409 following1 = insert(:user)
410 following2 = insert(:user)
411 following3 = insert(:user)
412 {:ok, _} = User.follow(user, following1)
413 {:ok, _} = User.follow(user, following2)
414 {:ok, _} = User.follow(user, following3)
416 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
418 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
419 assert id3 == following3.id
420 assert id2 == following2.id
422 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
424 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
425 assert id2 == following2.id
426 assert id1 == following1.id
429 get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
431 assert [%{"id" => id2}] = json_response(res_conn, 200)
432 assert id2 == following2.id
434 assert [link_header] = get_resp_header(res_conn, "link")
435 assert link_header =~ ~r/min_id=#{following2.id}/
436 assert link_header =~ ~r/max_id=#{following2.id}/
440 describe "follow/unfollow" do
441 setup do: oauth_access(["follow"])
443 test "following / unfollowing a user", %{conn: conn} do
444 other_user = insert(:user)
446 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/follow")
448 assert %{"id" => _id, "following" => true} = json_response(ret_conn, 200)
450 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/unfollow")
452 assert %{"id" => _id, "following" => false} = json_response(ret_conn, 200)
454 conn = post(conn, "/api/v1/follows", %{"uri" => other_user.nickname})
456 assert %{"id" => id} = json_response(conn, 200)
457 assert id == to_string(other_user.id)
460 test "following without reblogs" do
461 %{conn: conn} = oauth_access(["follow", "read:statuses"])
462 followed = insert(:user)
463 other_user = insert(:user)
465 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=false")
467 assert %{"showing_reblogs" => false} = json_response(ret_conn, 200)
469 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
470 {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
472 ret_conn = get(conn, "/api/v1/timelines/home")
474 assert [] == json_response(ret_conn, 200)
476 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=true")
478 assert %{"showing_reblogs" => true} = json_response(ret_conn, 200)
480 conn = get(conn, "/api/v1/timelines/home")
482 expected_activity_id = reblog.id
483 assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
486 test "following / unfollowing errors", %{user: user, conn: conn} do
488 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
489 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
492 user = User.get_cached_by_id(user.id)
493 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
494 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
496 # self follow via uri
497 user = User.get_cached_by_id(user.id)
498 conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
499 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
501 # follow non existing user
502 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
503 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
505 # follow non existing user via uri
506 conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
507 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
509 # unfollow non existing user
510 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
511 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
515 describe "mute/unmute" do
516 setup do: oauth_access(["write:mutes"])
518 test "with notifications", %{conn: conn} do
519 other_user = insert(:user)
521 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/mute")
523 response = json_response(ret_conn, 200)
525 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
527 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
529 response = json_response(conn, 200)
530 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
533 test "without notifications", %{conn: conn} do
534 other_user = insert(:user)
537 post(conn, "/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
539 response = json_response(ret_conn, 200)
541 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
543 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
545 response = json_response(conn, 200)
546 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
550 describe "pinned statuses" do
553 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
554 %{conn: conn} = oauth_access(["read:statuses"], user: user)
556 [conn: conn, user: user, activity: activity]
559 test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
560 {:ok, _} = CommonAPI.pin(activity.id, user)
564 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
565 |> json_response(200)
567 id_str = to_string(activity.id)
569 assert [%{"id" => ^id_str, "pinned" => true}] = result
573 test "blocking / unblocking a user" do
574 %{conn: conn} = oauth_access(["follow"])
575 other_user = insert(:user)
577 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/block")
579 assert %{"id" => _id, "blocking" => true} = json_response(ret_conn, 200)
581 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unblock")
583 assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
586 describe "create account by app" do
590 email: "lain@example.org",
591 password: "PlzDontHackLain",
595 [valid_params: valid_params]
598 test "Account registration via Application", %{conn: conn} do
600 post(conn, "/api/v1/apps", %{
601 client_name: "client_name",
602 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
603 scopes: "read, write, follow"
607 "client_id" => client_id,
608 "client_secret" => client_secret,
610 "name" => "client_name",
611 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
614 } = json_response(conn, 200)
617 post(conn, "/oauth/token", %{
618 grant_type: "client_credentials",
619 client_id: client_id,
620 client_secret: client_secret
623 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
624 json_response(conn, 200)
627 token_from_db = Repo.get_by(Token, token: token)
630 assert scope == "read write follow"
634 |> put_req_header("authorization", "Bearer " <> token)
635 |> post("/api/v1/accounts", %{
637 email: "lain@example.org",
638 password: "PlzDontHackLain",
644 "access_token" => token,
645 "created_at" => _created_at,
647 "token_type" => "Bearer"
648 } = json_response(conn, 200)
650 token_from_db = Repo.get_by(Token, token: token)
652 token_from_db = Repo.preload(token_from_db, :user)
653 assert token_from_db.user
655 assert token_from_db.user.confirmation_pending
658 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
659 _user = insert(:user, email: "lain@example.org")
660 app_token = insert(:oauth_token, user: nil)
664 |> put_req_header("authorization", "Bearer " <> app_token.token)
666 res = post(conn, "/api/v1/accounts", valid_params)
667 assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
670 test "rate limit", %{conn: conn} do
671 app_token = insert(:oauth_token, user: nil)
675 |> put_req_header("authorization", "Bearer " <> app_token.token)
676 |> Map.put(:remote_ip, {15, 15, 15, 15})
680 post(conn, "/api/v1/accounts", %{
681 username: "#{i}lain",
682 email: "#{i}lain@example.org",
683 password: "PlzDontHackLain",
688 "access_token" => token,
689 "created_at" => _created_at,
691 "token_type" => "Bearer"
692 } = json_response(conn, 200)
694 token_from_db = Repo.get_by(Token, token: token)
696 token_from_db = Repo.preload(token_from_db, :user)
697 assert token_from_db.user
699 assert token_from_db.user.confirmation_pending
703 post(conn, "/api/v1/accounts", %{
705 email: "6lain@example.org",
706 password: "PlzDontHackLain",
710 assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
713 test "returns bad_request if missing required params", %{
715 valid_params: valid_params
717 app_token = insert(:oauth_token, user: nil)
719 conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
721 res = post(conn, "/api/v1/accounts", valid_params)
722 assert json_response(res, 200)
724 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
725 |> Stream.zip(valid_params)
726 |> Enum.each(fn {ip, {attr, _}} ->
729 |> Map.put(:remote_ip, ip)
730 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
731 |> json_response(400)
733 assert res == %{"error" => "Missing parameters"}
737 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
738 conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
740 res = post(conn, "/api/v1/accounts", valid_params)
741 assert json_response(res, 403) == %{"error" => "Invalid credentials"}
745 describe "GET /api/v1/accounts/:id/lists - account_lists" do
746 test "returns lists to which the account belongs" do
747 %{user: user, conn: conn} = oauth_access(["read:lists"])
748 other_user = insert(:user)
749 assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
750 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
754 |> get("/api/v1/accounts/#{other_user.id}/lists")
755 |> json_response(200)
757 assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
761 describe "verify_credentials" do
762 test "verify_credentials" do
763 %{user: user, conn: conn} = oauth_access(["read:accounts"])
764 conn = get(conn, "/api/v1/accounts/verify_credentials")
766 response = json_response(conn, 200)
768 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
769 assert response["pleroma"]["chat_token"]
770 assert id == to_string(user.id)
773 test "verify_credentials default scope unlisted" do
774 user = insert(:user, default_scope: "unlisted")
775 %{conn: conn} = oauth_access(["read:accounts"], user: user)
777 conn = get(conn, "/api/v1/accounts/verify_credentials")
779 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
780 assert id == to_string(user.id)
783 test "locked accounts" do
784 user = insert(:user, default_scope: "private")
785 %{conn: conn} = oauth_access(["read:accounts"], user: user)
787 conn = get(conn, "/api/v1/accounts/verify_credentials")
789 assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
790 assert id == to_string(user.id)
794 describe "user relationships" do
795 setup do: oauth_access(["read:follows"])
797 test "returns the relationships for the current user", %{user: user, conn: conn} do
798 other_user = insert(:user)
799 {:ok, _user} = User.follow(user, other_user)
801 conn = get(conn, "/api/v1/accounts/relationships", %{"id" => [other_user.id]})
803 assert [relationship] = json_response(conn, 200)
805 assert to_string(other_user.id) == relationship["id"]
808 test "returns an empty list on a bad request", %{conn: conn} do
809 conn = get(conn, "/api/v1/accounts/relationships", %{})
811 assert [] = json_response(conn, 200)
815 test "getting a list of mutes" do
816 %{user: user, conn: conn} = oauth_access(["read:mutes"])
817 other_user = insert(:user)
819 {:ok, _user_relationships} = User.mute(user, other_user)
821 conn = get(conn, "/api/v1/mutes")
823 other_user_id = to_string(other_user.id)
824 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
827 test "getting a list of blocks" do
828 %{user: user, conn: conn} = oauth_access(["read:blocks"])
829 other_user = insert(:user)
831 {:ok, _user_relationship} = User.block(user, other_user)
835 |> assign(:user, user)
836 |> get("/api/v1/blocks")
838 other_user_id = to_string(other_user.id)
839 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)