account visibility
[akkoma] / test / web / mastodon_api / controllers / account_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
7
8 alias Pleroma.Config
9 alias Pleroma.Repo
10 alias Pleroma.User
11 alias Pleroma.Web.ActivityPub.ActivityPub
12 alias Pleroma.Web.ActivityPub.InternalFetchActor
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.OAuth.Token
15
16 import Pleroma.Factory
17
18 describe "account fetching" do
19 setup do: clear_config([:instance, :limit_to_local_content])
20
21 test "works by id" do
22 %User{id: user_id} = insert(:user)
23
24 assert %{"id" => ^user_id} =
25 build_conn()
26 |> get("/api/v1/accounts/#{user_id}")
27 |> json_response_and_validate_schema(200)
28
29 assert %{"error" => "Can't find user"} =
30 build_conn()
31 |> get("/api/v1/accounts/-1")
32 |> json_response_and_validate_schema(404)
33 end
34
35 test "works by nickname" do
36 user = insert(:user)
37
38 assert %{"id" => user_id} =
39 build_conn()
40 |> get("/api/v1/accounts/#{user.nickname}")
41 |> json_response_and_validate_schema(200)
42 end
43
44 test "works by nickname for remote users" do
45 Config.put([:instance, :limit_to_local_content], false)
46
47 user = insert(:user, nickname: "user@example.com", local: false)
48
49 assert %{"id" => user_id} =
50 build_conn()
51 |> get("/api/v1/accounts/#{user.nickname}")
52 |> json_response_and_validate_schema(200)
53 end
54
55 test "respects limit_to_local_content == :all for remote user nicknames" do
56 Config.put([:instance, :limit_to_local_content], :all)
57
58 user = insert(:user, nickname: "user@example.com", local: false)
59
60 assert build_conn()
61 |> get("/api/v1/accounts/#{user.nickname}")
62 |> json_response_and_validate_schema(404)
63 end
64
65 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
66 Config.put([:instance, :limit_to_local_content], :unauthenticated)
67
68 user = insert(:user, nickname: "user@example.com", local: false)
69 reading_user = insert(:user)
70
71 conn =
72 build_conn()
73 |> get("/api/v1/accounts/#{user.nickname}")
74
75 assert json_response_and_validate_schema(conn, 404)
76
77 conn =
78 build_conn()
79 |> assign(:user, reading_user)
80 |> assign(:token, insert(:oauth_token, user: reading_user, scopes: ["read:accounts"]))
81 |> get("/api/v1/accounts/#{user.nickname}")
82
83 assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
84 assert id == user.id
85 end
86
87 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
88 # Need to set an old-style integer ID to reproduce the problem
89 # (these are no longer assigned to new accounts but were preserved
90 # for existing accounts during the migration to flakeIDs)
91 user_one = insert(:user, %{id: 1212})
92 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
93
94 acc_one =
95 conn
96 |> get("/api/v1/accounts/#{user_one.id}")
97 |> json_response_and_validate_schema(:ok)
98
99 acc_two =
100 conn
101 |> get("/api/v1/accounts/#{user_two.nickname}")
102 |> json_response_and_validate_schema(:ok)
103
104 acc_three =
105 conn
106 |> get("/api/v1/accounts/#{user_two.id}")
107 |> json_response_and_validate_schema(:ok)
108
109 refute acc_one == acc_two
110 assert acc_two == acc_three
111 end
112
113 test "returns 404 when user is invisible", %{conn: conn} do
114 user = insert(:user, %{invisible: true})
115
116 assert %{"error" => "Can't find user"} =
117 conn
118 |> get("/api/v1/accounts/#{user.nickname}")
119 |> json_response_and_validate_schema(404)
120 end
121
122 test "returns 404 for internal.fetch actor", %{conn: conn} do
123 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
124
125 assert %{"error" => "Can't find user"} =
126 conn
127 |> get("/api/v1/accounts/internal.fetch")
128 |> json_response_and_validate_schema(404)
129 end
130
131 test "returns 401 for deactivated user", %{conn: conn} do
132 user = insert(:user, deactivated: true)
133
134 assert %{} =
135 conn
136 |> get("/api/v1/accounts/#{user.id}")
137 |> json_response_and_validate_schema(:gone)
138 end
139 end
140
141 defp local_and_remote_users do
142 local = insert(:user)
143 remote = insert(:user, local: false)
144 {:ok, local: local, remote: remote}
145 end
146
147 describe "user fetching with restrict unauthenticated profiles for local and remote" do
148 setup do: local_and_remote_users()
149
150 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
151
152 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
153
154 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
155 assert %{"error" => "This API requires an authenticated user"} ==
156 conn
157 |> get("/api/v1/accounts/#{local.id}")
158 |> json_response_and_validate_schema(:unauthorized)
159
160 assert %{"error" => "This API requires an authenticated user"} ==
161 conn
162 |> get("/api/v1/accounts/#{remote.id}")
163 |> json_response_and_validate_schema(:unauthorized)
164 end
165
166 test "if user is authenticated", %{local: local, remote: remote} do
167 %{conn: conn} = oauth_access(["read"])
168
169 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
170 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
171
172 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
173 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
174 end
175 end
176
177 describe "user fetching with restrict unauthenticated profiles for local" do
178 setup do: local_and_remote_users()
179
180 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
181
182 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
183 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
184
185 assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
186 "error" => "This API requires an authenticated user"
187 }
188
189 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
190 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
191 end
192
193 test "if user is authenticated", %{local: local, remote: remote} do
194 %{conn: conn} = oauth_access(["read"])
195
196 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
197 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
198
199 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
200 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
201 end
202 end
203
204 describe "user fetching with restrict unauthenticated profiles for remote" do
205 setup do: local_and_remote_users()
206
207 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
208
209 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
210 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
211 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
212
213 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
214
215 assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
216 "error" => "This API requires an authenticated user"
217 }
218 end
219
220 test "if user is authenticated", %{local: local, remote: remote} do
221 %{conn: conn} = oauth_access(["read"])
222
223 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
224 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
225
226 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
227 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
228 end
229 end
230
231 describe "user timelines" do
232 setup do: oauth_access(["read:statuses"])
233
234 test "works with announces that are just addressed to public", %{conn: conn} do
235 user = insert(:user, ap_id: "https://honktest/u/test", local: false)
236 other_user = insert(:user)
237
238 {:ok, post} = CommonAPI.post(other_user, %{status: "bonkeronk"})
239
240 {:ok, announce, _} =
241 %{
242 "@context" => "https://www.w3.org/ns/activitystreams",
243 "actor" => "https://honktest/u/test",
244 "id" => "https://honktest/u/test/bonk/1793M7B9MQ48847vdx",
245 "object" => post.data["object"],
246 "published" => "2019-06-25T19:33:58Z",
247 "to" => ["https://www.w3.org/ns/activitystreams#Public"],
248 "type" => "Announce"
249 }
250 |> ActivityPub.persist(local: false)
251
252 assert resp =
253 conn
254 |> get("/api/v1/accounts/#{user.id}/statuses")
255 |> json_response_and_validate_schema(200)
256
257 assert [%{"id" => id}] = resp
258 assert id == announce.id
259 end
260
261 test "deactivated user", %{conn: conn} do
262 user = insert(:user, deactivated: true)
263
264 assert %{} ==
265 conn
266 |> get("/api/v1/accounts/#{user.id}/statuses")
267 |> json_response_and_validate_schema(:gone)
268 end
269
270 test "returns 404 when user is invisible", %{conn: conn} do
271 user = insert(:user, %{invisible: true})
272
273 assert %{"error" => "Can't find user"} =
274 conn
275 |> get("/api/v1/accounts/#{user.id}")
276 |> json_response_and_validate_schema(404)
277 end
278
279 test "respects blocks", %{user: user_one, conn: conn} do
280 user_two = insert(:user)
281 user_three = insert(:user)
282
283 User.block(user_one, user_two)
284
285 {:ok, activity} = CommonAPI.post(user_two, %{status: "User one sux0rz"})
286 {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
287
288 assert resp =
289 conn
290 |> get("/api/v1/accounts/#{user_two.id}/statuses")
291 |> json_response_and_validate_schema(200)
292
293 assert [%{"id" => id}] = resp
294 assert id == activity.id
295
296 # Even a blocked user will deliver the full user timeline, there would be
297 # no point in looking at a blocked users timeline otherwise
298 assert resp =
299 conn
300 |> get("/api/v1/accounts/#{user_two.id}/statuses")
301 |> json_response_and_validate_schema(200)
302
303 assert [%{"id" => id}] = resp
304 assert id == activity.id
305
306 # Third user's timeline includes the repeat when viewed by unauthenticated user
307 resp =
308 build_conn()
309 |> get("/api/v1/accounts/#{user_three.id}/statuses")
310 |> json_response_and_validate_schema(200)
311
312 assert [%{"id" => id}] = resp
313 assert id == repeat.id
314
315 # When viewing a third user's timeline, the blocked users' statuses will NOT be shown
316 resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses")
317
318 assert [] == json_response_and_validate_schema(resp, 200)
319 end
320
321 test "gets users statuses", %{conn: conn} do
322 user_one = insert(:user)
323 user_two = insert(:user)
324 user_three = insert(:user)
325
326 {:ok, _user_three} = User.follow(user_three, user_one)
327
328 {:ok, activity} = CommonAPI.post(user_one, %{status: "HI!!!"})
329
330 {:ok, direct_activity} =
331 CommonAPI.post(user_one, %{
332 status: "Hi, @#{user_two.nickname}.",
333 visibility: "direct"
334 })
335
336 {:ok, private_activity} =
337 CommonAPI.post(user_one, %{status: "private", visibility: "private"})
338
339 # TODO!!!
340 resp =
341 conn
342 |> get("/api/v1/accounts/#{user_one.id}/statuses")
343 |> json_response_and_validate_schema(200)
344
345 assert [%{"id" => id}] = resp
346 assert id == to_string(activity.id)
347
348 resp =
349 conn
350 |> assign(:user, user_two)
351 |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
352 |> get("/api/v1/accounts/#{user_one.id}/statuses")
353 |> json_response_and_validate_schema(200)
354
355 assert [%{"id" => id_one}, %{"id" => id_two}] = resp
356 assert id_one == to_string(direct_activity.id)
357 assert id_two == to_string(activity.id)
358
359 resp =
360 conn
361 |> assign(:user, user_three)
362 |> assign(:token, insert(:oauth_token, user: user_three, scopes: ["read:statuses"]))
363 |> get("/api/v1/accounts/#{user_one.id}/statuses")
364 |> json_response_and_validate_schema(200)
365
366 assert [%{"id" => id_one}, %{"id" => id_two}] = resp
367 assert id_one == to_string(private_activity.id)
368 assert id_two == to_string(activity.id)
369 end
370
371 test "unimplemented pinned statuses feature", %{conn: conn} do
372 note = insert(:note_activity)
373 user = User.get_cached_by_ap_id(note.data["actor"])
374
375 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?pinned=true")
376
377 assert json_response_and_validate_schema(conn, 200) == []
378 end
379
380 test "gets an users media", %{conn: conn} do
381 note = insert(:note_activity)
382 user = User.get_cached_by_ap_id(note.data["actor"])
383
384 file = %Plug.Upload{
385 content_type: "image/jpg",
386 path: Path.absname("test/fixtures/image.jpg"),
387 filename: "an_image.jpg"
388 }
389
390 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
391
392 {:ok, %{id: image_post_id}} = CommonAPI.post(user, %{status: "cofe", media_ids: [media_id]})
393
394 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?only_media=true")
395
396 assert [%{"id" => ^image_post_id}] = json_response_and_validate_schema(conn, 200)
397
398 conn = get(build_conn(), "/api/v1/accounts/#{user.id}/statuses?only_media=1")
399
400 assert [%{"id" => ^image_post_id}] = json_response_and_validate_schema(conn, 200)
401 end
402
403 test "gets a user's statuses without reblogs", %{user: user, conn: conn} do
404 {:ok, %{id: post_id}} = CommonAPI.post(user, %{status: "HI!!!"})
405 {:ok, _, _} = CommonAPI.repeat(post_id, user)
406
407 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=true")
408 assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200)
409
410 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=1")
411 assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200)
412 end
413
414 test "filters user's statuses by a hashtag", %{user: user, conn: conn} do
415 {:ok, %{id: post_id}} = CommonAPI.post(user, %{status: "#hashtag"})
416 {:ok, _post} = CommonAPI.post(user, %{status: "hashtag"})
417
418 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?tagged=hashtag")
419 assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200)
420 end
421
422 test "the user views their own timelines and excludes direct messages", %{
423 user: user,
424 conn: conn
425 } do
426 {:ok, %{id: public_activity_id}} =
427 CommonAPI.post(user, %{status: ".", visibility: "public"})
428
429 {:ok, _direct_activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"})
430
431 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_visibilities[]=direct")
432 assert [%{"id" => ^public_activity_id}] = json_response_and_validate_schema(conn, 200)
433 end
434 end
435
436 defp local_and_remote_activities(%{local: local, remote: remote}) do
437 insert(:note_activity, user: local)
438 insert(:note_activity, user: remote, local: false)
439
440 :ok
441 end
442
443 describe "statuses with restrict unauthenticated profiles for local and remote" do
444 setup do: local_and_remote_users()
445 setup :local_and_remote_activities
446
447 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
448
449 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
450
451 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
452 assert %{"error" => "This API requires an authenticated user"} ==
453 conn
454 |> get("/api/v1/accounts/#{local.id}/statuses")
455 |> json_response_and_validate_schema(:unauthorized)
456
457 assert %{"error" => "This API requires an authenticated user"} ==
458 conn
459 |> get("/api/v1/accounts/#{remote.id}/statuses")
460 |> json_response_and_validate_schema(:unauthorized)
461 end
462
463 test "if user is authenticated", %{local: local, remote: remote} do
464 %{conn: conn} = oauth_access(["read"])
465
466 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
467 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
468
469 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
470 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
471 end
472 end
473
474 describe "statuses with restrict unauthenticated profiles for local" do
475 setup do: local_and_remote_users()
476 setup :local_and_remote_activities
477
478 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
479
480 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
481 assert %{"error" => "This API requires an authenticated user"} ==
482 conn
483 |> get("/api/v1/accounts/#{local.id}/statuses")
484 |> json_response_and_validate_schema(:unauthorized)
485
486 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
487 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
488 end
489
490 test "if user is authenticated", %{local: local, remote: remote} do
491 %{conn: conn} = oauth_access(["read"])
492
493 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
494 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
495
496 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
497 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
498 end
499 end
500
501 describe "statuses with restrict unauthenticated profiles for remote" do
502 setup do: local_and_remote_users()
503 setup :local_and_remote_activities
504
505 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
506
507 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
508 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
509 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
510
511 assert %{"error" => "This API requires an authenticated user"} ==
512 conn
513 |> get("/api/v1/accounts/#{remote.id}/statuses")
514 |> json_response_and_validate_schema(:unauthorized)
515 end
516
517 test "if user is authenticated", %{local: local, remote: remote} do
518 %{conn: conn} = oauth_access(["read"])
519
520 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
521 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
522
523 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
524 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
525 end
526 end
527
528 describe "followers" do
529 setup do: oauth_access(["read:accounts"])
530
531 test "getting followers", %{user: user, conn: conn} do
532 other_user = insert(:user)
533 {:ok, %{id: user_id}} = User.follow(user, other_user)
534
535 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
536
537 assert [%{"id" => ^user_id}] = json_response_and_validate_schema(conn, 200)
538 end
539
540 test "getting followers, hide_followers", %{user: user, conn: conn} do
541 other_user = insert(:user, hide_followers: true)
542 {:ok, _user} = User.follow(user, other_user)
543
544 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
545
546 assert [] == json_response_and_validate_schema(conn, 200)
547 end
548
549 test "getting followers, hide_followers, same user requesting" do
550 user = insert(:user)
551 other_user = insert(:user, hide_followers: true)
552 {:ok, _user} = User.follow(user, other_user)
553
554 conn =
555 build_conn()
556 |> assign(:user, other_user)
557 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
558 |> get("/api/v1/accounts/#{other_user.id}/followers")
559
560 refute [] == json_response_and_validate_schema(conn, 200)
561 end
562
563 test "getting followers, pagination", %{user: user, conn: conn} do
564 {:ok, %User{id: follower1_id}} = :user |> insert() |> User.follow(user)
565 {:ok, %User{id: follower2_id}} = :user |> insert() |> User.follow(user)
566 {:ok, %User{id: follower3_id}} = :user |> insert() |> User.follow(user)
567
568 assert [%{"id" => ^follower3_id}, %{"id" => ^follower2_id}] =
569 conn
570 |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1_id}")
571 |> json_response_and_validate_schema(200)
572
573 assert [%{"id" => ^follower2_id}, %{"id" => ^follower1_id}] =
574 conn
575 |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3_id}")
576 |> json_response_and_validate_schema(200)
577
578 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3_id}")
579
580 assert [%{"id" => ^follower2_id}] = json_response_and_validate_schema(res_conn, 200)
581
582 assert [link_header] = get_resp_header(res_conn, "link")
583 assert link_header =~ ~r/min_id=#{follower2_id}/
584 assert link_header =~ ~r/max_id=#{follower2_id}/
585 end
586 end
587
588 describe "following" do
589 setup do: oauth_access(["read:accounts"])
590
591 test "getting following", %{user: user, conn: conn} do
592 other_user = insert(:user)
593 {:ok, user} = User.follow(user, other_user)
594
595 conn = get(conn, "/api/v1/accounts/#{user.id}/following")
596
597 assert [%{"id" => id}] = json_response_and_validate_schema(conn, 200)
598 assert id == to_string(other_user.id)
599 end
600
601 test "getting following, hide_follows, other user requesting" do
602 user = insert(:user, hide_follows: true)
603 other_user = insert(:user)
604 {:ok, user} = User.follow(user, other_user)
605
606 conn =
607 build_conn()
608 |> assign(:user, other_user)
609 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
610 |> get("/api/v1/accounts/#{user.id}/following")
611
612 assert [] == json_response_and_validate_schema(conn, 200)
613 end
614
615 test "getting following, hide_follows, same user requesting" do
616 user = insert(:user, hide_follows: true)
617 other_user = insert(:user)
618 {:ok, user} = User.follow(user, other_user)
619
620 conn =
621 build_conn()
622 |> assign(:user, user)
623 |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:accounts"]))
624 |> get("/api/v1/accounts/#{user.id}/following")
625
626 refute [] == json_response_and_validate_schema(conn, 200)
627 end
628
629 test "getting following, pagination", %{user: user, conn: conn} do
630 following1 = insert(:user)
631 following2 = insert(:user)
632 following3 = insert(:user)
633 {:ok, _} = User.follow(user, following1)
634 {:ok, _} = User.follow(user, following2)
635 {:ok, _} = User.follow(user, following3)
636
637 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
638
639 assert [%{"id" => id3}, %{"id" => id2}] = json_response_and_validate_schema(res_conn, 200)
640 assert id3 == following3.id
641 assert id2 == following2.id
642
643 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
644
645 assert [%{"id" => id2}, %{"id" => id1}] = json_response_and_validate_schema(res_conn, 200)
646 assert id2 == following2.id
647 assert id1 == following1.id
648
649 res_conn =
650 get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
651
652 assert [%{"id" => id2}] = json_response_and_validate_schema(res_conn, 200)
653 assert id2 == following2.id
654
655 assert [link_header] = get_resp_header(res_conn, "link")
656 assert link_header =~ ~r/min_id=#{following2.id}/
657 assert link_header =~ ~r/max_id=#{following2.id}/
658 end
659 end
660
661 describe "follow/unfollow" do
662 setup do: oauth_access(["follow"])
663
664 test "following / unfollowing a user", %{conn: conn} do
665 %{id: other_user_id, nickname: other_user_nickname} = insert(:user)
666
667 assert %{"id" => _id, "following" => true} =
668 conn
669 |> post("/api/v1/accounts/#{other_user_id}/follow")
670 |> json_response_and_validate_schema(200)
671
672 assert %{"id" => _id, "following" => false} =
673 conn
674 |> post("/api/v1/accounts/#{other_user_id}/unfollow")
675 |> json_response_and_validate_schema(200)
676
677 assert %{"id" => ^other_user_id} =
678 conn
679 |> put_req_header("content-type", "application/json")
680 |> post("/api/v1/follows", %{"uri" => other_user_nickname})
681 |> json_response_and_validate_schema(200)
682 end
683
684 test "cancelling follow request", %{conn: conn} do
685 %{id: other_user_id} = insert(:user, %{locked: true})
686
687 assert %{"id" => ^other_user_id, "following" => false, "requested" => true} =
688 conn
689 |> post("/api/v1/accounts/#{other_user_id}/follow")
690 |> json_response_and_validate_schema(:ok)
691
692 assert %{"id" => ^other_user_id, "following" => false, "requested" => false} =
693 conn
694 |> post("/api/v1/accounts/#{other_user_id}/unfollow")
695 |> json_response_and_validate_schema(:ok)
696 end
697
698 test "following without reblogs" do
699 %{conn: conn} = oauth_access(["follow", "read:statuses"])
700 followed = insert(:user)
701 other_user = insert(:user)
702
703 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=false")
704
705 assert %{"showing_reblogs" => false} = json_response_and_validate_schema(ret_conn, 200)
706
707 {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
708 {:ok, %{id: reblog_id}, _} = CommonAPI.repeat(activity.id, followed)
709
710 assert [] ==
711 conn
712 |> get("/api/v1/timelines/home")
713 |> json_response(200)
714
715 assert %{"showing_reblogs" => true} =
716 conn
717 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=true")
718 |> json_response_and_validate_schema(200)
719
720 assert [%{"id" => ^reblog_id}] =
721 conn
722 |> get("/api/v1/timelines/home")
723 |> json_response(200)
724 end
725
726 test "following / unfollowing errors", %{user: user, conn: conn} do
727 # self follow
728 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
729
730 assert %{"error" => "Can not follow yourself"} =
731 json_response_and_validate_schema(conn_res, 400)
732
733 # self unfollow
734 user = User.get_cached_by_id(user.id)
735 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
736
737 assert %{"error" => "Can not unfollow yourself"} =
738 json_response_and_validate_schema(conn_res, 400)
739
740 # self follow via uri
741 user = User.get_cached_by_id(user.id)
742
743 assert %{"error" => "Can not follow yourself"} =
744 conn
745 |> put_req_header("content-type", "multipart/form-data")
746 |> post("/api/v1/follows", %{"uri" => user.nickname})
747 |> json_response_and_validate_schema(400)
748
749 # follow non existing user
750 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
751 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn_res, 404)
752
753 # follow non existing user via uri
754 conn_res =
755 conn
756 |> put_req_header("content-type", "multipart/form-data")
757 |> post("/api/v1/follows", %{"uri" => "doesntexist"})
758
759 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn_res, 404)
760
761 # unfollow non existing user
762 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
763 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn_res, 404)
764 end
765 end
766
767 describe "mute/unmute" do
768 setup do: oauth_access(["write:mutes"])
769
770 test "with notifications", %{conn: conn} do
771 other_user = insert(:user)
772
773 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} =
774 conn
775 |> put_req_header("content-type", "application/json")
776 |> post("/api/v1/accounts/#{other_user.id}/mute")
777 |> json_response_and_validate_schema(200)
778
779 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
780
781 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} =
782 json_response_and_validate_schema(conn, 200)
783 end
784
785 test "without notifications", %{conn: conn} do
786 other_user = insert(:user)
787
788 ret_conn =
789 conn
790 |> put_req_header("content-type", "multipart/form-data")
791 |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
792
793 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} =
794 json_response_and_validate_schema(ret_conn, 200)
795
796 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
797
798 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} =
799 json_response_and_validate_schema(conn, 200)
800 end
801 end
802
803 describe "pinned statuses" do
804 setup do
805 user = insert(:user)
806 {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
807 %{conn: conn} = oauth_access(["read:statuses"], user: user)
808
809 [conn: conn, user: user, activity: activity]
810 end
811
812 test "returns pinned statuses", %{conn: conn, user: user, activity: %{id: activity_id}} do
813 {:ok, _} = CommonAPI.pin(activity_id, user)
814
815 assert [%{"id" => ^activity_id, "pinned" => true}] =
816 conn
817 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
818 |> json_response_and_validate_schema(200)
819 end
820 end
821
822 test "blocking / unblocking a user" do
823 %{conn: conn} = oauth_access(["follow"])
824 other_user = insert(:user)
825
826 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/block")
827
828 assert %{"id" => _id, "blocking" => true} = json_response_and_validate_schema(ret_conn, 200)
829
830 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unblock")
831
832 assert %{"id" => _id, "blocking" => false} = json_response_and_validate_schema(conn, 200)
833 end
834
835 describe "create account by app" do
836 setup do
837 valid_params = %{
838 username: "lain",
839 email: "lain@example.org",
840 password: "PlzDontHackLain",
841 agreement: true
842 }
843
844 [valid_params: valid_params]
845 end
846
847 setup do: clear_config([:instance, :account_activation_required])
848
849 test "Account registration via Application", %{conn: conn} do
850 conn =
851 conn
852 |> put_req_header("content-type", "application/json")
853 |> post("/api/v1/apps", %{
854 client_name: "client_name",
855 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
856 scopes: "read, write, follow"
857 })
858
859 assert %{
860 "client_id" => client_id,
861 "client_secret" => client_secret,
862 "id" => _,
863 "name" => "client_name",
864 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
865 "vapid_key" => _,
866 "website" => nil
867 } = json_response_and_validate_schema(conn, 200)
868
869 conn =
870 post(conn, "/oauth/token", %{
871 grant_type: "client_credentials",
872 client_id: client_id,
873 client_secret: client_secret
874 })
875
876 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
877 json_response(conn, 200)
878
879 assert token
880 token_from_db = Repo.get_by(Token, token: token)
881 assert token_from_db
882 assert refresh
883 assert scope == "read write follow"
884
885 conn =
886 build_conn()
887 |> put_req_header("content-type", "multipart/form-data")
888 |> put_req_header("authorization", "Bearer " <> token)
889 |> post("/api/v1/accounts", %{
890 username: "lain",
891 email: "lain@example.org",
892 password: "PlzDontHackLain",
893 bio: "Test Bio",
894 agreement: true
895 })
896
897 %{
898 "access_token" => token,
899 "created_at" => _created_at,
900 "scope" => _scope,
901 "token_type" => "Bearer"
902 } = json_response_and_validate_schema(conn, 200)
903
904 token_from_db = Repo.get_by(Token, token: token)
905 assert token_from_db
906 token_from_db = Repo.preload(token_from_db, :user)
907 assert token_from_db.user
908
909 assert token_from_db.user.confirmation_pending
910 end
911
912 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
913 _user = insert(:user, email: "lain@example.org")
914 app_token = insert(:oauth_token, user: nil)
915
916 res =
917 conn
918 |> put_req_header("authorization", "Bearer " <> app_token.token)
919 |> put_req_header("content-type", "application/json")
920 |> post("/api/v1/accounts", valid_params)
921
922 assert json_response_and_validate_schema(res, 400) == %{
923 "error" => "{\"email\":[\"has already been taken\"]}"
924 }
925 end
926
927 test "returns bad_request if missing required params", %{
928 conn: conn,
929 valid_params: valid_params
930 } do
931 app_token = insert(:oauth_token, user: nil)
932
933 conn =
934 conn
935 |> put_req_header("authorization", "Bearer " <> app_token.token)
936 |> put_req_header("content-type", "application/json")
937
938 res = post(conn, "/api/v1/accounts", valid_params)
939 assert json_response_and_validate_schema(res, 200)
940
941 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
942 |> Stream.zip(Map.delete(valid_params, :email))
943 |> Enum.each(fn {ip, {attr, _}} ->
944 res =
945 conn
946 |> Map.put(:remote_ip, ip)
947 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
948 |> json_response_and_validate_schema(400)
949
950 assert res == %{
951 "error" => "Missing field: #{attr}.",
952 "errors" => [
953 %{
954 "message" => "Missing field: #{attr}",
955 "source" => %{"pointer" => "/#{attr}"},
956 "title" => "Invalid value"
957 }
958 ]
959 }
960 end)
961 end
962
963 setup do: clear_config([:instance, :account_activation_required])
964
965 test "returns bad_request if missing email params when :account_activation_required is enabled",
966 %{conn: conn, valid_params: valid_params} do
967 Pleroma.Config.put([:instance, :account_activation_required], true)
968
969 app_token = insert(:oauth_token, user: nil)
970
971 conn =
972 conn
973 |> put_req_header("authorization", "Bearer " <> app_token.token)
974 |> put_req_header("content-type", "application/json")
975
976 res =
977 conn
978 |> Map.put(:remote_ip, {127, 0, 0, 5})
979 |> post("/api/v1/accounts", Map.delete(valid_params, :email))
980
981 assert json_response_and_validate_schema(res, 400) ==
982 %{"error" => "Missing parameter: email"}
983
984 res =
985 conn
986 |> Map.put(:remote_ip, {127, 0, 0, 6})
987 |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
988
989 assert json_response_and_validate_schema(res, 400) == %{
990 "error" => "{\"email\":[\"can't be blank\"]}"
991 }
992 end
993
994 test "allow registration without an email", %{conn: conn, valid_params: valid_params} do
995 app_token = insert(:oauth_token, user: nil)
996 conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
997
998 res =
999 conn
1000 |> put_req_header("content-type", "application/json")
1001 |> Map.put(:remote_ip, {127, 0, 0, 7})
1002 |> post("/api/v1/accounts", Map.delete(valid_params, :email))
1003
1004 assert json_response_and_validate_schema(res, 200)
1005 end
1006
1007 test "allow registration with an empty email", %{conn: conn, valid_params: valid_params} do
1008 app_token = insert(:oauth_token, user: nil)
1009 conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
1010
1011 res =
1012 conn
1013 |> put_req_header("content-type", "application/json")
1014 |> Map.put(:remote_ip, {127, 0, 0, 8})
1015 |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
1016
1017 assert json_response_and_validate_schema(res, 200)
1018 end
1019
1020 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
1021 res =
1022 conn
1023 |> put_req_header("authorization", "Bearer " <> "invalid-token")
1024 |> put_req_header("content-type", "multipart/form-data")
1025 |> post("/api/v1/accounts", valid_params)
1026
1027 assert json_response_and_validate_schema(res, 403) == %{"error" => "Invalid credentials"}
1028 end
1029
1030 test "registration from trusted app" do
1031 clear_config([Pleroma.Captcha, :enabled], true)
1032 app = insert(:oauth_app, trusted: true, scopes: ["read", "write", "follow", "push"])
1033
1034 conn =
1035 build_conn()
1036 |> post("/oauth/token", %{
1037 "grant_type" => "client_credentials",
1038 "client_id" => app.client_id,
1039 "client_secret" => app.client_secret
1040 })
1041
1042 assert %{"access_token" => token, "token_type" => "Bearer"} = json_response(conn, 200)
1043
1044 response =
1045 build_conn()
1046 |> Plug.Conn.put_req_header("authorization", "Bearer " <> token)
1047 |> put_req_header("content-type", "multipart/form-data")
1048 |> post("/api/v1/accounts", %{
1049 nickname: "nickanme",
1050 agreement: true,
1051 email: "email@example.com",
1052 fullname: "Lain",
1053 username: "Lain",
1054 password: "some_password",
1055 confirm: "some_password"
1056 })
1057 |> json_response_and_validate_schema(200)
1058
1059 assert %{
1060 "access_token" => access_token,
1061 "created_at" => _,
1062 "scope" => ["read", "write", "follow", "push"],
1063 "token_type" => "Bearer"
1064 } = response
1065
1066 response =
1067 build_conn()
1068 |> Plug.Conn.put_req_header("authorization", "Bearer " <> access_token)
1069 |> get("/api/v1/accounts/verify_credentials")
1070 |> json_response_and_validate_schema(200)
1071
1072 assert %{
1073 "acct" => "Lain",
1074 "bot" => false,
1075 "display_name" => "Lain",
1076 "follow_requests_count" => 0,
1077 "followers_count" => 0,
1078 "following_count" => 0,
1079 "locked" => false,
1080 "note" => "",
1081 "source" => %{
1082 "fields" => [],
1083 "note" => "",
1084 "pleroma" => %{
1085 "actor_type" => "Person",
1086 "discoverable" => false,
1087 "no_rich_text" => false,
1088 "show_role" => true
1089 },
1090 "privacy" => "public",
1091 "sensitive" => false
1092 },
1093 "statuses_count" => 0,
1094 "username" => "Lain"
1095 } = response
1096 end
1097 end
1098
1099 describe "create account by app / rate limit" do
1100 setup do: clear_config([:rate_limit, :app_account_creation], {10_000, 2})
1101
1102 test "respects rate limit setting", %{conn: conn} do
1103 app_token = insert(:oauth_token, user: nil)
1104
1105 conn =
1106 conn
1107 |> put_req_header("authorization", "Bearer " <> app_token.token)
1108 |> Map.put(:remote_ip, {15, 15, 15, 15})
1109 |> put_req_header("content-type", "multipart/form-data")
1110
1111 for i <- 1..2 do
1112 conn =
1113 conn
1114 |> post("/api/v1/accounts", %{
1115 username: "#{i}lain",
1116 email: "#{i}lain@example.org",
1117 password: "PlzDontHackLain",
1118 agreement: true
1119 })
1120
1121 %{
1122 "access_token" => token,
1123 "created_at" => _created_at,
1124 "scope" => _scope,
1125 "token_type" => "Bearer"
1126 } = json_response_and_validate_schema(conn, 200)
1127
1128 token_from_db = Repo.get_by(Token, token: token)
1129 assert token_from_db
1130 token_from_db = Repo.preload(token_from_db, :user)
1131 assert token_from_db.user
1132
1133 assert token_from_db.user.confirmation_pending
1134 end
1135
1136 conn =
1137 post(conn, "/api/v1/accounts", %{
1138 username: "6lain",
1139 email: "6lain@example.org",
1140 password: "PlzDontHackLain",
1141 agreement: true
1142 })
1143
1144 assert json_response_and_validate_schema(conn, :too_many_requests) == %{
1145 "error" => "Throttled"
1146 }
1147 end
1148 end
1149
1150 describe "create account with enabled captcha" do
1151 setup %{conn: conn} do
1152 app_token = insert(:oauth_token, user: nil)
1153
1154 conn =
1155 conn
1156 |> put_req_header("authorization", "Bearer " <> app_token.token)
1157 |> put_req_header("content-type", "multipart/form-data")
1158
1159 [conn: conn]
1160 end
1161
1162 setup do: clear_config([Pleroma.Captcha, :enabled], true)
1163
1164 test "creates an account and returns 200 if captcha is valid", %{conn: conn} do
1165 %{token: token, answer_data: answer_data} = Pleroma.Captcha.new()
1166
1167 params = %{
1168 username: "lain",
1169 email: "lain@example.org",
1170 password: "PlzDontHackLain",
1171 agreement: true,
1172 captcha_solution: Pleroma.Captcha.Mock.solution(),
1173 captcha_token: token,
1174 captcha_answer_data: answer_data
1175 }
1176
1177 assert %{
1178 "access_token" => access_token,
1179 "created_at" => _,
1180 "scope" => ["read"],
1181 "token_type" => "Bearer"
1182 } =
1183 conn
1184 |> post("/api/v1/accounts", params)
1185 |> json_response_and_validate_schema(:ok)
1186
1187 assert Token |> Repo.get_by(token: access_token) |> Repo.preload(:user) |> Map.get(:user)
1188
1189 Cachex.del(:used_captcha_cache, token)
1190 end
1191
1192 test "returns 400 if any captcha field is not provided", %{conn: conn} do
1193 captcha_fields = [:captcha_solution, :captcha_token, :captcha_answer_data]
1194
1195 valid_params = %{
1196 username: "lain",
1197 email: "lain@example.org",
1198 password: "PlzDontHackLain",
1199 agreement: true,
1200 captcha_solution: "xx",
1201 captcha_token: "xx",
1202 captcha_answer_data: "xx"
1203 }
1204
1205 for field <- captcha_fields do
1206 expected = %{
1207 "error" => "{\"captcha\":[\"Invalid CAPTCHA (Missing parameter: #{field})\"]}"
1208 }
1209
1210 assert expected ==
1211 conn
1212 |> post("/api/v1/accounts", Map.delete(valid_params, field))
1213 |> json_response_and_validate_schema(:bad_request)
1214 end
1215 end
1216
1217 test "returns an error if captcha is invalid", %{conn: conn} do
1218 params = %{
1219 username: "lain",
1220 email: "lain@example.org",
1221 password: "PlzDontHackLain",
1222 agreement: true,
1223 captcha_solution: "cofe",
1224 captcha_token: "cofe",
1225 captcha_answer_data: "cofe"
1226 }
1227
1228 assert %{"error" => "{\"captcha\":[\"Invalid answer data\"]}"} ==
1229 conn
1230 |> post("/api/v1/accounts", params)
1231 |> json_response_and_validate_schema(:bad_request)
1232 end
1233 end
1234
1235 describe "GET /api/v1/accounts/:id/lists - account_lists" do
1236 test "returns lists to which the account belongs" do
1237 %{user: user, conn: conn} = oauth_access(["read:lists"])
1238 other_user = insert(:user)
1239 assert {:ok, %Pleroma.List{id: list_id} = list} = Pleroma.List.create("Test List", user)
1240 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
1241
1242 assert [%{"id" => list_id, "title" => "Test List"}] =
1243 conn
1244 |> get("/api/v1/accounts/#{other_user.id}/lists")
1245 |> json_response_and_validate_schema(200)
1246 end
1247 end
1248
1249 describe "verify_credentials" do
1250 test "verify_credentials" do
1251 %{user: user, conn: conn} = oauth_access(["read:accounts"])
1252 [notification | _] = insert_list(7, :notification, user: user)
1253 Pleroma.Notification.set_read_up_to(user, notification.id)
1254 conn = get(conn, "/api/v1/accounts/verify_credentials")
1255
1256 response = json_response_and_validate_schema(conn, 200)
1257
1258 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
1259 assert response["pleroma"]["chat_token"]
1260 assert response["pleroma"]["unread_notifications_count"] == 6
1261 assert id == to_string(user.id)
1262 end
1263
1264 test "verify_credentials default scope unlisted" do
1265 user = insert(:user, default_scope: "unlisted")
1266 %{conn: conn} = oauth_access(["read:accounts"], user: user)
1267
1268 conn = get(conn, "/api/v1/accounts/verify_credentials")
1269
1270 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} =
1271 json_response_and_validate_schema(conn, 200)
1272
1273 assert id == to_string(user.id)
1274 end
1275
1276 test "locked accounts" do
1277 user = insert(:user, default_scope: "private")
1278 %{conn: conn} = oauth_access(["read:accounts"], user: user)
1279
1280 conn = get(conn, "/api/v1/accounts/verify_credentials")
1281
1282 assert %{"id" => id, "source" => %{"privacy" => "private"}} =
1283 json_response_and_validate_schema(conn, 200)
1284
1285 assert id == to_string(user.id)
1286 end
1287 end
1288
1289 describe "user relationships" do
1290 setup do: oauth_access(["read:follows"])
1291
1292 test "returns the relationships for the current user", %{user: user, conn: conn} do
1293 %{id: other_user_id} = other_user = insert(:user)
1294 {:ok, _user} = User.follow(user, other_user)
1295
1296 assert [%{"id" => ^other_user_id}] =
1297 conn
1298 |> get("/api/v1/accounts/relationships?id=#{other_user.id}")
1299 |> json_response_and_validate_schema(200)
1300
1301 assert [%{"id" => ^other_user_id}] =
1302 conn
1303 |> get("/api/v1/accounts/relationships?id[]=#{other_user.id}")
1304 |> json_response_and_validate_schema(200)
1305 end
1306
1307 test "returns an empty list on a bad request", %{conn: conn} do
1308 conn = get(conn, "/api/v1/accounts/relationships", %{})
1309
1310 assert [] = json_response_and_validate_schema(conn, 200)
1311 end
1312 end
1313
1314 test "getting a list of mutes" do
1315 %{user: user, conn: conn} = oauth_access(["read:mutes"])
1316 other_user = insert(:user)
1317
1318 {:ok, _user_relationships} = User.mute(user, other_user)
1319
1320 conn = get(conn, "/api/v1/mutes")
1321
1322 other_user_id = to_string(other_user.id)
1323 assert [%{"id" => ^other_user_id}] = json_response_and_validate_schema(conn, 200)
1324 end
1325
1326 test "getting a list of blocks" do
1327 %{user: user, conn: conn} = oauth_access(["read:blocks"])
1328 other_user = insert(:user)
1329
1330 {:ok, _user_relationship} = User.block(user, other_user)
1331
1332 conn =
1333 conn
1334 |> assign(:user, user)
1335 |> get("/api/v1/blocks")
1336
1337 other_user_id = to_string(other_user.id)
1338 assert [%{"id" => ^other_user_id}] = json_response_and_validate_schema(conn, 200)
1339 end
1340 end