1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.ActivityPub.InternalFetchActor
12 alias Pleroma.Web.CommonAPI
13 alias Pleroma.Web.OAuth.Token
15 import Pleroma.Factory
17 describe "account fetching" do
23 |> get("/api/v1/accounts/#{user.id}")
25 assert %{"id" => id} = json_response(conn, 200)
26 assert id == to_string(user.id)
30 |> get("/api/v1/accounts/-1")
32 assert %{"error" => "Can't find user"} = json_response(conn, 404)
35 test "works by nickname" do
40 |> get("/api/v1/accounts/#{user.nickname}")
42 assert %{"id" => id} = json_response(conn, 200)
46 test "works by nickname for remote users" do
47 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
48 Pleroma.Config.put([:instance, :limit_to_local_content], false)
49 user = insert(:user, nickname: "user@example.com", local: false)
53 |> get("/api/v1/accounts/#{user.nickname}")
55 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
56 assert %{"id" => id} = json_response(conn, 200)
60 test "respects limit_to_local_content == :all for remote user nicknames" do
61 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
62 Pleroma.Config.put([:instance, :limit_to_local_content], :all)
64 user = insert(:user, nickname: "user@example.com", local: false)
68 |> get("/api/v1/accounts/#{user.nickname}")
70 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
71 assert json_response(conn, 404)
74 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
75 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
76 Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
78 user = insert(:user, nickname: "user@example.com", local: false)
79 reading_user = insert(:user)
83 |> get("/api/v1/accounts/#{user.nickname}")
85 assert json_response(conn, 404)
89 |> assign(:user, reading_user)
90 |> assign(:token, insert(:oauth_token, user: reading_user, scopes: ["read:accounts"]))
91 |> get("/api/v1/accounts/#{user.nickname}")
93 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
94 assert %{"id" => id} = json_response(conn, 200)
98 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
99 # Need to set an old-style integer ID to reproduce the problem
100 # (these are no longer assigned to new accounts but were preserved
101 # for existing accounts during the migration to flakeIDs)
102 user_one = insert(:user, %{id: 1212})
103 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
107 |> get("/api/v1/accounts/#{user_one.id}")
111 |> get("/api/v1/accounts/#{user_two.nickname}")
115 |> get("/api/v1/accounts/#{user_two.id}")
117 acc_one = json_response(resp_one, 200)
118 acc_two = json_response(resp_two, 200)
119 acc_three = json_response(resp_three, 200)
120 refute acc_one == acc_two
121 assert acc_two == acc_three
124 test "returns 404 when user is invisible", %{conn: conn} do
125 user = insert(:user, %{invisible: true})
129 |> get("/api/v1/accounts/#{user.nickname}")
130 |> json_response(404)
132 assert %{"error" => "Can't find user"} = resp
135 test "returns 404 for internal.fetch actor", %{conn: conn} do
136 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
140 |> get("/api/v1/accounts/internal.fetch")
141 |> json_response(404)
143 assert %{"error" => "Can't find user"} = resp
147 describe "user timelines" do
148 setup do: oauth_access(["read:statuses"])
150 test "respects blocks", %{user: user_one, conn: conn} do
151 user_two = insert(:user)
152 user_three = insert(:user)
154 User.block(user_one, user_two)
156 {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
157 {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
159 resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
161 assert [%{"id" => id}] = json_response(resp, 200)
162 assert id == activity.id
164 # Even a blocked user will deliver the full user timeline, there would be
165 # no point in looking at a blocked users timeline otherwise
166 resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
168 assert [%{"id" => id}] = json_response(resp, 200)
169 assert id == activity.id
171 # Third user's timeline includes the repeat when viewed by unauthenticated user
172 resp = get(build_conn(), "/api/v1/accounts/#{user_three.id}/statuses")
173 assert [%{"id" => id}] = json_response(resp, 200)
174 assert id == repeat.id
176 # When viewing a third user's timeline, the blocked users' statuses will NOT be shown
177 resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses")
179 assert [] = json_response(resp, 200)
182 test "gets users statuses", %{conn: conn} do
183 user_one = insert(:user)
184 user_two = insert(:user)
185 user_three = insert(:user)
187 {:ok, _user_three} = User.follow(user_three, user_one)
189 {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
191 {:ok, direct_activity} =
192 CommonAPI.post(user_one, %{
193 "status" => "Hi, @#{user_two.nickname}.",
194 "visibility" => "direct"
197 {:ok, private_activity} =
198 CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
200 resp = get(conn, "/api/v1/accounts/#{user_one.id}/statuses")
202 assert [%{"id" => id}] = json_response(resp, 200)
203 assert id == to_string(activity.id)
207 |> assign(:user, user_two)
208 |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
209 |> get("/api/v1/accounts/#{user_one.id}/statuses")
211 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
212 assert id_one == to_string(direct_activity.id)
213 assert id_two == to_string(activity.id)
217 |> assign(:user, user_three)
218 |> assign(:token, insert(:oauth_token, user: user_three, scopes: ["read:statuses"]))
219 |> get("/api/v1/accounts/#{user_one.id}/statuses")
221 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
222 assert id_one == to_string(private_activity.id)
223 assert id_two == to_string(activity.id)
226 test "unimplemented pinned statuses feature", %{conn: conn} do
227 note = insert(:note_activity)
228 user = User.get_cached_by_ap_id(note.data["actor"])
230 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?pinned=true")
232 assert json_response(conn, 200) == []
235 test "gets an users media", %{conn: conn} do
236 note = insert(:note_activity)
237 user = User.get_cached_by_ap_id(note.data["actor"])
240 content_type: "image/jpg",
241 path: Path.absname("test/fixtures/image.jpg"),
242 filename: "an_image.jpg"
245 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
247 {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
249 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
251 assert [%{"id" => id}] = json_response(conn, 200)
252 assert id == to_string(image_post.id)
254 conn = get(build_conn(), "/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
256 assert [%{"id" => id}] = json_response(conn, 200)
257 assert id == to_string(image_post.id)
260 test "gets a user's statuses without reblogs", %{user: user, conn: conn} do
261 {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
262 {:ok, _, _} = CommonAPI.repeat(post.id, user)
264 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
266 assert [%{"id" => id}] = json_response(conn, 200)
267 assert id == to_string(post.id)
269 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
271 assert [%{"id" => id}] = json_response(conn, 200)
272 assert id == to_string(post.id)
275 test "filters user's statuses by a hashtag", %{user: user, conn: conn} do
276 {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
277 {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
279 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
281 assert [%{"id" => id}] = json_response(conn, 200)
282 assert id == to_string(post.id)
285 test "the user views their own timelines and excludes direct messages", %{
289 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
290 {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
293 get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
295 assert [%{"id" => id}] = json_response(conn, 200)
296 assert id == to_string(public_activity.id)
300 describe "followers" do
301 setup do: oauth_access(["read:accounts"])
303 test "getting followers", %{user: user, conn: conn} do
304 other_user = insert(:user)
305 {:ok, user} = User.follow(user, other_user)
307 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
309 assert [%{"id" => id}] = json_response(conn, 200)
310 assert id == to_string(user.id)
313 test "getting followers, hide_followers", %{user: user, conn: conn} do
314 other_user = insert(:user, hide_followers: true)
315 {:ok, _user} = User.follow(user, other_user)
317 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
319 assert [] == json_response(conn, 200)
322 test "getting followers, hide_followers, same user requesting" do
324 other_user = insert(:user, hide_followers: true)
325 {:ok, _user} = User.follow(user, other_user)
329 |> assign(:user, other_user)
330 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
331 |> get("/api/v1/accounts/#{other_user.id}/followers")
333 refute [] == json_response(conn, 200)
336 test "getting followers, pagination", %{user: user, conn: conn} do
337 follower1 = insert(:user)
338 follower2 = insert(:user)
339 follower3 = insert(:user)
340 {:ok, _} = User.follow(follower1, user)
341 {:ok, _} = User.follow(follower2, user)
342 {:ok, _} = User.follow(follower3, user)
344 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
346 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
347 assert id3 == follower3.id
348 assert id2 == follower2.id
350 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
352 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
353 assert id2 == follower2.id
354 assert id1 == follower1.id
356 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
358 assert [%{"id" => id2}] = json_response(res_conn, 200)
359 assert id2 == follower2.id
361 assert [link_header] = get_resp_header(res_conn, "link")
362 assert link_header =~ ~r/min_id=#{follower2.id}/
363 assert link_header =~ ~r/max_id=#{follower2.id}/
367 describe "following" do
368 setup do: oauth_access(["read:accounts"])
370 test "getting following", %{user: user, conn: conn} do
371 other_user = insert(:user)
372 {:ok, user} = User.follow(user, other_user)
374 conn = get(conn, "/api/v1/accounts/#{user.id}/following")
376 assert [%{"id" => id}] = json_response(conn, 200)
377 assert id == to_string(other_user.id)
380 test "getting following, hide_follows, other user requesting" do
381 user = insert(:user, hide_follows: true)
382 other_user = insert(:user)
383 {:ok, user} = User.follow(user, other_user)
387 |> assign(:user, other_user)
388 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
389 |> get("/api/v1/accounts/#{user.id}/following")
391 assert [] == json_response(conn, 200)
394 test "getting following, hide_follows, same user requesting" do
395 user = insert(:user, hide_follows: true)
396 other_user = insert(:user)
397 {:ok, user} = User.follow(user, other_user)
401 |> assign(:user, user)
402 |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:accounts"]))
403 |> get("/api/v1/accounts/#{user.id}/following")
405 refute [] == json_response(conn, 200)
408 test "getting following, pagination", %{user: user, conn: conn} do
409 following1 = insert(:user)
410 following2 = insert(:user)
411 following3 = insert(:user)
412 {:ok, _} = User.follow(user, following1)
413 {:ok, _} = User.follow(user, following2)
414 {:ok, _} = User.follow(user, following3)
416 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
418 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
419 assert id3 == following3.id
420 assert id2 == following2.id
422 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
424 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
425 assert id2 == following2.id
426 assert id1 == following1.id
429 get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
431 assert [%{"id" => id2}] = json_response(res_conn, 200)
432 assert id2 == following2.id
434 assert [link_header] = get_resp_header(res_conn, "link")
435 assert link_header =~ ~r/min_id=#{following2.id}/
436 assert link_header =~ ~r/max_id=#{following2.id}/
440 describe "follow/unfollow" do
441 setup do: oauth_access(["follow"])
443 test "following / unfollowing a user", %{conn: conn} do
444 other_user = insert(:user)
446 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/follow")
448 assert %{"id" => _id, "following" => true} = json_response(ret_conn, 200)
450 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/unfollow")
452 assert %{"id" => _id, "following" => false} = json_response(ret_conn, 200)
454 conn = post(conn, "/api/v1/follows", %{"uri" => other_user.nickname})
456 assert %{"id" => id} = json_response(conn, 200)
457 assert id == to_string(other_user.id)
460 test "cancelling follow request", %{conn: conn} do
461 %{id: other_user_id} = insert(:user, %{locked: true})
463 assert %{"id" => ^other_user_id, "following" => false, "requested" => true} =
464 conn |> post("/api/v1/accounts/#{other_user_id}/follow") |> json_response(:ok)
466 assert %{"id" => ^other_user_id, "following" => false, "requested" => false} =
467 conn |> post("/api/v1/accounts/#{other_user_id}/unfollow") |> json_response(:ok)
470 test "following without reblogs" do
471 %{conn: conn} = oauth_access(["follow", "read:statuses"])
472 followed = insert(:user)
473 other_user = insert(:user)
475 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=false")
477 assert %{"showing_reblogs" => false} = json_response(ret_conn, 200)
479 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
480 {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
482 ret_conn = get(conn, "/api/v1/timelines/home")
484 assert [] == json_response(ret_conn, 200)
486 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=true")
488 assert %{"showing_reblogs" => true} = json_response(ret_conn, 200)
490 conn = get(conn, "/api/v1/timelines/home")
492 expected_activity_id = reblog.id
493 assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
496 test "following / unfollowing errors", %{user: user, conn: conn} do
498 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
499 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
502 user = User.get_cached_by_id(user.id)
503 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
504 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
506 # self follow via uri
507 user = User.get_cached_by_id(user.id)
508 conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
509 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
511 # follow non existing user
512 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
513 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
515 # follow non existing user via uri
516 conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
517 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
519 # unfollow non existing user
520 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
521 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
525 describe "mute/unmute" do
526 setup do: oauth_access(["write:mutes"])
528 test "with notifications", %{conn: conn} do
529 other_user = insert(:user)
531 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/mute")
533 response = json_response(ret_conn, 200)
535 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
537 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
539 response = json_response(conn, 200)
540 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
543 test "without notifications", %{conn: conn} do
544 other_user = insert(:user)
547 post(conn, "/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
549 response = json_response(ret_conn, 200)
551 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
553 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
555 response = json_response(conn, 200)
556 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
560 describe "pinned statuses" do
563 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
564 %{conn: conn} = oauth_access(["read:statuses"], user: user)
566 [conn: conn, user: user, activity: activity]
569 test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
570 {:ok, _} = CommonAPI.pin(activity.id, user)
574 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
575 |> json_response(200)
577 id_str = to_string(activity.id)
579 assert [%{"id" => ^id_str, "pinned" => true}] = result
583 test "blocking / unblocking a user" do
584 %{conn: conn} = oauth_access(["follow"])
585 other_user = insert(:user)
587 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/block")
589 assert %{"id" => _id, "blocking" => true} = json_response(ret_conn, 200)
591 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unblock")
593 assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
596 describe "create account by app" do
600 email: "lain@example.org",
601 password: "PlzDontHackLain",
605 [valid_params: valid_params]
608 test "Account registration via Application", %{conn: conn} do
610 post(conn, "/api/v1/apps", %{
611 client_name: "client_name",
612 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
613 scopes: "read, write, follow"
617 "client_id" => client_id,
618 "client_secret" => client_secret,
620 "name" => "client_name",
621 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
624 } = json_response(conn, 200)
627 post(conn, "/oauth/token", %{
628 grant_type: "client_credentials",
629 client_id: client_id,
630 client_secret: client_secret
633 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
634 json_response(conn, 200)
637 token_from_db = Repo.get_by(Token, token: token)
640 assert scope == "read write follow"
644 |> put_req_header("authorization", "Bearer " <> token)
645 |> post("/api/v1/accounts", %{
647 email: "lain@example.org",
648 password: "PlzDontHackLain",
654 "access_token" => token,
655 "created_at" => _created_at,
657 "token_type" => "Bearer"
658 } = json_response(conn, 200)
660 token_from_db = Repo.get_by(Token, token: token)
662 token_from_db = Repo.preload(token_from_db, :user)
663 assert token_from_db.user
665 assert token_from_db.user.confirmation_pending
668 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
669 _user = insert(:user, email: "lain@example.org")
670 app_token = insert(:oauth_token, user: nil)
674 |> put_req_header("authorization", "Bearer " <> app_token.token)
676 res = post(conn, "/api/v1/accounts", valid_params)
677 assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
680 test "rate limit", %{conn: conn} do
681 Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
682 app_token = insert(:oauth_token, user: nil)
686 |> put_req_header("authorization", "Bearer " <> app_token.token)
687 |> Map.put(:remote_ip, {15, 15, 15, 15})
691 post(conn, "/api/v1/accounts", %{
692 username: "#{i}lain",
693 email: "#{i}lain@example.org",
694 password: "PlzDontHackLain",
699 "access_token" => token,
700 "created_at" => _created_at,
702 "token_type" => "Bearer"
703 } = json_response(conn, 200)
705 token_from_db = Repo.get_by(Token, token: token)
707 token_from_db = Repo.preload(token_from_db, :user)
708 assert token_from_db.user
710 assert token_from_db.user.confirmation_pending
714 post(conn, "/api/v1/accounts", %{
716 email: "6lain@example.org",
717 password: "PlzDontHackLain",
721 assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
724 test "returns bad_request if missing required params", %{
726 valid_params: valid_params
728 app_token = insert(:oauth_token, user: nil)
730 conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
732 res = post(conn, "/api/v1/accounts", valid_params)
733 assert json_response(res, 200)
735 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
736 |> Stream.zip(valid_params)
737 |> Enum.each(fn {ip, {attr, _}} ->
740 |> Map.put(:remote_ip, ip)
741 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
742 |> json_response(400)
744 assert res == %{"error" => "Missing parameters"}
748 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
749 conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
751 res = post(conn, "/api/v1/accounts", valid_params)
752 assert json_response(res, 403) == %{"error" => "Invalid credentials"}
756 describe "GET /api/v1/accounts/:id/lists - account_lists" do
757 test "returns lists to which the account belongs" do
758 %{user: user, conn: conn} = oauth_access(["read:lists"])
759 other_user = insert(:user)
760 assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
761 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
765 |> get("/api/v1/accounts/#{other_user.id}/lists")
766 |> json_response(200)
768 assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
772 describe "verify_credentials" do
773 test "verify_credentials" do
774 %{user: user, conn: conn} = oauth_access(["read:accounts"])
775 conn = get(conn, "/api/v1/accounts/verify_credentials")
777 response = json_response(conn, 200)
779 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
780 assert response["pleroma"]["chat_token"]
781 assert id == to_string(user.id)
784 test "verify_credentials default scope unlisted" do
785 user = insert(:user, default_scope: "unlisted")
786 %{conn: conn} = oauth_access(["read:accounts"], user: user)
788 conn = get(conn, "/api/v1/accounts/verify_credentials")
790 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
791 assert id == to_string(user.id)
794 test "locked accounts" do
795 user = insert(:user, default_scope: "private")
796 %{conn: conn} = oauth_access(["read:accounts"], user: user)
798 conn = get(conn, "/api/v1/accounts/verify_credentials")
800 assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
801 assert id == to_string(user.id)
805 describe "user relationships" do
806 setup do: oauth_access(["read:follows"])
808 test "returns the relationships for the current user", %{user: user, conn: conn} do
809 other_user = insert(:user)
810 {:ok, _user} = User.follow(user, other_user)
812 conn = get(conn, "/api/v1/accounts/relationships", %{"id" => [other_user.id]})
814 assert [relationship] = json_response(conn, 200)
816 assert to_string(other_user.id) == relationship["id"]
819 test "returns an empty list on a bad request", %{conn: conn} do
820 conn = get(conn, "/api/v1/accounts/relationships", %{})
822 assert [] = json_response(conn, 200)
826 test "getting a list of mutes" do
827 %{user: user, conn: conn} = oauth_access(["read:mutes"])
828 other_user = insert(:user)
830 {:ok, _user_relationships} = User.mute(user, other_user)
832 conn = get(conn, "/api/v1/mutes")
834 other_user_id = to_string(other_user.id)
835 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
838 test "getting a list of blocks" do
839 %{user: user, conn: conn} = oauth_access(["read:blocks"])
840 other_user = insert(:user)
842 {:ok, _user_relationship} = User.block(user, other_user)
846 |> assign(:user, user)
847 |> get("/api/v1/blocks")
849 other_user_id = to_string(other_user.id)
850 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)