projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'develop' into feature/report-notes
[akkoma] / test / web / mastodon_api / controllers / account_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
7
8 alias Pleroma.Repo
9 alias Pleroma.User
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.ActivityPub.InternalFetchActor
12 alias Pleroma.Web.CommonAPI
13 alias Pleroma.Web.OAuth.Token
14
15 import Pleroma.Factory
16
17 describe "account fetching" do
18 test "works by id" do
19 user = insert(:user)
20
21 conn =
22 build_conn()
23 |> get("/api/v1/accounts/#{user.id}")
24
25 assert %{"id" => id} = json_response(conn, 200)
26 assert id == to_string(user.id)
27
28 conn =
29 build_conn()
30 |> get("/api/v1/accounts/-1")
31
32 assert %{"error" => "Can't find user"} = json_response(conn, 404)
33 end
34
35 test "works by nickname" do
36 user = insert(:user)
37
38 conn =
39 build_conn()
40 |> get("/api/v1/accounts/#{user.nickname}")
41
42 assert %{"id" => id} = json_response(conn, 200)
43 assert id == user.id
44 end
45
46 test "works by nickname for remote users" do
47 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
48 Pleroma.Config.put([:instance, :limit_to_local_content], false)
49 user = insert(:user, nickname: "user@example.com", local: false)
50
51 conn =
52 build_conn()
53 |> get("/api/v1/accounts/#{user.nickname}")
54
55 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
56 assert %{"id" => id} = json_response(conn, 200)
57 assert id == user.id
58 end
59
60 test "respects limit_to_local_content == :all for remote user nicknames" do
61 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
62 Pleroma.Config.put([:instance, :limit_to_local_content], :all)
63
64 user = insert(:user, nickname: "user@example.com", local: false)
65
66 conn =
67 build_conn()
68 |> get("/api/v1/accounts/#{user.nickname}")
69
70 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
71 assert json_response(conn, 404)
72 end
73
74 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
75 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
76 Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
77
78 user = insert(:user, nickname: "user@example.com", local: false)
79 reading_user = insert(:user)
80
81 conn =
82 build_conn()
83 |> get("/api/v1/accounts/#{user.nickname}")
84
85 assert json_response(conn, 404)
86
87 conn =
88 build_conn()
89 |> assign(:user, reading_user)
90 |> get("/api/v1/accounts/#{user.nickname}")
91
92 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
93 assert %{"id" => id} = json_response(conn, 200)
94 assert id == user.id
95 end
96
97 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
98 # Need to set an old-style integer ID to reproduce the problem
99 # (these are no longer assigned to new accounts but were preserved
100 # for existing accounts during the migration to flakeIDs)
101 user_one = insert(:user, %{id: 1212})
102 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
103
104 resp_one =
105 conn
106 |> get("/api/v1/accounts/#{user_one.id}")
107
108 resp_two =
109 conn
110 |> get("/api/v1/accounts/#{user_two.nickname}")
111
112 resp_three =
113 conn
114 |> get("/api/v1/accounts/#{user_two.id}")
115
116 acc_one = json_response(resp_one, 200)
117 acc_two = json_response(resp_two, 200)
118 acc_three = json_response(resp_three, 200)
119 refute acc_one == acc_two
120 assert acc_two == acc_three
121 end
122
123 test "returns 404 when user is invisible", %{conn: conn} do
124 user = insert(:user, %{invisible: true})
125
126 resp =
127 conn
128 |> get("/api/v1/accounts/#{user.nickname}")
129 |> json_response(404)
130
131 assert %{"error" => "Can't find user"} = resp
132 end
133
134 test "returns 404 for internal.fetch actor", %{conn: conn} do
135 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
136
137 resp =
138 conn
139 |> get("/api/v1/accounts/internal.fetch")
140 |> json_response(404)
141
142 assert %{"error" => "Can't find user"} = resp
143 end
144 end
145
146 describe "user timelines" do
147 test "respects blocks", %{conn: conn} do
148 user_one = insert(:user)
149 user_two = insert(:user)
150 user_three = insert(:user)
151
152 User.block(user_one, user_two)
153
154 {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
155 {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
156
157 resp =
158 conn
159 |> get("/api/v1/accounts/#{user_two.id}/statuses")
160
161 assert [%{"id" => id}] = json_response(resp, 200)
162 assert id == activity.id
163
164 # Even a blocked user will deliver the full user timeline, there would be
165 # no point in looking at a blocked users timeline otherwise
166 resp =
167 conn
168 |> assign(:user, user_one)
169 |> get("/api/v1/accounts/#{user_two.id}/statuses")
170
171 assert [%{"id" => id}] = json_response(resp, 200)
172 assert id == activity.id
173
174 resp =
175 conn
176 |> get("/api/v1/accounts/#{user_three.id}/statuses")
177
178 assert [%{"id" => id}] = json_response(resp, 200)
179 assert id == repeat.id
180
181 # When viewing a third user's timeline, the blocked users will NOT be
182 # shown.
183 resp =
184 conn
185 |> assign(:user, user_one)
186 |> get("/api/v1/accounts/#{user_three.id}/statuses")
187
188 assert [] = json_response(resp, 200)
189 end
190
191 test "gets a users statuses", %{conn: conn} do
192 user_one = insert(:user)
193 user_two = insert(:user)
194 user_three = insert(:user)
195
196 {:ok, user_three} = User.follow(user_three, user_one)
197
198 {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
199
200 {:ok, direct_activity} =
201 CommonAPI.post(user_one, %{
202 "status" => "Hi, @#{user_two.nickname}.",
203 "visibility" => "direct"
204 })
205
206 {:ok, private_activity} =
207 CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
208
209 resp =
210 conn
211 |> get("/api/v1/accounts/#{user_one.id}/statuses")
212
213 assert [%{"id" => id}] = json_response(resp, 200)
214 assert id == to_string(activity.id)
215
216 resp =
217 conn
218 |> assign(:user, user_two)
219 |> get("/api/v1/accounts/#{user_one.id}/statuses")
220
221 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
222 assert id_one == to_string(direct_activity.id)
223 assert id_two == to_string(activity.id)
224
225 resp =
226 conn
227 |> assign(:user, user_three)
228 |> get("/api/v1/accounts/#{user_one.id}/statuses")
229
230 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
231 assert id_one == to_string(private_activity.id)
232 assert id_two == to_string(activity.id)
233 end
234
235 test "unimplemented pinned statuses feature", %{conn: conn} do
236 note = insert(:note_activity)
237 user = User.get_cached_by_ap_id(note.data["actor"])
238
239 conn =
240 conn
241 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
242
243 assert json_response(conn, 200) == []
244 end
245
246 test "gets an users media", %{conn: conn} do
247 note = insert(:note_activity)
248 user = User.get_cached_by_ap_id(note.data["actor"])
249
250 file = %Plug.Upload{
251 content_type: "image/jpg",
252 path: Path.absname("test/fixtures/image.jpg"),
253 filename: "an_image.jpg"
254 }
255
256 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
257
258 {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
259
260 conn =
261 conn
262 |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
263
264 assert [%{"id" => id}] = json_response(conn, 200)
265 assert id == to_string(image_post.id)
266
267 conn =
268 build_conn()
269 |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
270
271 assert [%{"id" => id}] = json_response(conn, 200)
272 assert id == to_string(image_post.id)
273 end
274
275 test "gets a user's statuses without reblogs", %{conn: conn} do
276 user = insert(:user)
277 {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
278 {:ok, _, _} = CommonAPI.repeat(post.id, user)
279
280 conn =
281 conn
282 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
283
284 assert [%{"id" => id}] = json_response(conn, 200)
285 assert id == to_string(post.id)
286
287 conn =
288 conn
289 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
290
291 assert [%{"id" => id}] = json_response(conn, 200)
292 assert id == to_string(post.id)
293 end
294
295 test "filters user's statuses by a hashtag", %{conn: conn} do
296 user = insert(:user)
297 {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
298 {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
299
300 conn =
301 conn
302 |> get("/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
303
304 assert [%{"id" => id}] = json_response(conn, 200)
305 assert id == to_string(post.id)
306 end
307
308 test "the user views their own timelines and excludes direct messages", %{conn: conn} do
309 user = insert(:user)
310 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
311 {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
312
313 conn =
314 conn
315 |> assign(:user, user)
316 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
317
318 assert [%{"id" => id}] = json_response(conn, 200)
319 assert id == to_string(public_activity.id)
320 end
321 end
322
323 describe "followers" do
324 test "getting followers", %{conn: conn} do
325 user = insert(:user)
326 other_user = insert(:user)
327 {:ok, user} = User.follow(user, other_user)
328
329 conn =
330 conn
331 |> get("/api/v1/accounts/#{other_user.id}/followers")
332
333 assert [%{"id" => id}] = json_response(conn, 200)
334 assert id == to_string(user.id)
335 end
336
337 test "getting followers, hide_followers", %{conn: conn} do
338 user = insert(:user)
339 other_user = insert(:user, hide_followers: true)
340 {:ok, _user} = User.follow(user, other_user)
341
342 conn =
343 conn
344 |> get("/api/v1/accounts/#{other_user.id}/followers")
345
346 assert [] == json_response(conn, 200)
347 end
348
349 test "getting followers, hide_followers, same user requesting", %{conn: conn} do
350 user = insert(:user)
351 other_user = insert(:user, hide_followers: true)
352 {:ok, _user} = User.follow(user, other_user)
353
354 conn =
355 conn
356 |> assign(:user, other_user)
357 |> get("/api/v1/accounts/#{other_user.id}/followers")
358
359 refute [] == json_response(conn, 200)
360 end
361
362 test "getting followers, pagination", %{conn: conn} do
363 user = insert(:user)
364 follower1 = insert(:user)
365 follower2 = insert(:user)
366 follower3 = insert(:user)
367 {:ok, _} = User.follow(follower1, user)
368 {:ok, _} = User.follow(follower2, user)
369 {:ok, _} = User.follow(follower3, user)
370
371 conn =
372 conn
373 |> assign(:user, user)
374
375 res_conn =
376 conn
377 |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
378
379 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
380 assert id3 == follower3.id
381 assert id2 == follower2.id
382
383 res_conn =
384 conn
385 |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
386
387 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
388 assert id2 == follower2.id
389 assert id1 == follower1.id
390
391 res_conn =
392 conn
393 |> get("/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
394
395 assert [%{"id" => id2}] = json_response(res_conn, 200)
396 assert id2 == follower2.id
397
398 assert [link_header] = get_resp_header(res_conn, "link")
399 assert link_header =~ ~r/min_id=#{follower2.id}/
400 assert link_header =~ ~r/max_id=#{follower2.id}/
401 end
402 end
403
404 describe "following" do
405 test "getting following", %{conn: conn} do
406 user = insert(:user)
407 other_user = insert(:user)
408 {:ok, user} = User.follow(user, other_user)
409
410 conn =
411 conn
412 |> get("/api/v1/accounts/#{user.id}/following")
413
414 assert [%{"id" => id}] = json_response(conn, 200)
415 assert id == to_string(other_user.id)
416 end
417
418 test "getting following, hide_follows", %{conn: conn} do
419 user = insert(:user, hide_follows: true)
420 other_user = insert(:user)
421 {:ok, user} = User.follow(user, other_user)
422
423 conn =
424 conn
425 |> get("/api/v1/accounts/#{user.id}/following")
426
427 assert [] == json_response(conn, 200)
428 end
429
430 test "getting following, hide_follows, same user requesting", %{conn: conn} do
431 user = insert(:user, hide_follows: true)
432 other_user = insert(:user)
433 {:ok, user} = User.follow(user, other_user)
434
435 conn =
436 conn
437 |> assign(:user, user)
438 |> get("/api/v1/accounts/#{user.id}/following")
439
440 refute [] == json_response(conn, 200)
441 end
442
443 test "getting following, pagination", %{conn: conn} do
444 user = insert(:user)
445 following1 = insert(:user)
446 following2 = insert(:user)
447 following3 = insert(:user)
448 {:ok, _} = User.follow(user, following1)
449 {:ok, _} = User.follow(user, following2)
450 {:ok, _} = User.follow(user, following3)
451
452 conn =
453 conn
454 |> assign(:user, user)
455
456 res_conn =
457 conn
458 |> get("/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
459
460 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
461 assert id3 == following3.id
462 assert id2 == following2.id
463
464 res_conn =
465 conn
466 |> get("/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
467
468 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
469 assert id2 == following2.id
470 assert id1 == following1.id
471
472 res_conn =
473 conn
474 |> get("/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
475
476 assert [%{"id" => id2}] = json_response(res_conn, 200)
477 assert id2 == following2.id
478
479 assert [link_header] = get_resp_header(res_conn, "link")
480 assert link_header =~ ~r/min_id=#{following2.id}/
481 assert link_header =~ ~r/max_id=#{following2.id}/
482 end
483 end
484
485 describe "follow/unfollow" do
486 test "following / unfollowing a user", %{conn: conn} do
487 user = insert(:user)
488 other_user = insert(:user)
489
490 conn =
491 conn
492 |> assign(:user, user)
493 |> post("/api/v1/accounts/#{other_user.id}/follow")
494
495 assert %{"id" => _id, "following" => true} = json_response(conn, 200)
496
497 user = User.get_cached_by_id(user.id)
498
499 conn =
500 build_conn()
501 |> assign(:user, user)
502 |> post("/api/v1/accounts/#{other_user.id}/unfollow")
503
504 assert %{"id" => _id, "following" => false} = json_response(conn, 200)
505
506 user = User.get_cached_by_id(user.id)
507
508 conn =
509 build_conn()
510 |> assign(:user, user)
511 |> post("/api/v1/follows", %{"uri" => other_user.nickname})
512
513 assert %{"id" => id} = json_response(conn, 200)
514 assert id == to_string(other_user.id)
515 end
516
517 test "following without reblogs" do
518 follower = insert(:user)
519 followed = insert(:user)
520 other_user = insert(:user)
521
522 conn =
523 build_conn()
524 |> assign(:user, follower)
525 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=false")
526
527 assert %{"showing_reblogs" => false} = json_response(conn, 200)
528
529 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
530 {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
531
532 conn =
533 build_conn()
534 |> assign(:user, User.get_cached_by_id(follower.id))
535 |> get("/api/v1/timelines/home")
536
537 assert [] == json_response(conn, 200)
538
539 conn =
540 build_conn()
541 |> assign(:user, User.get_cached_by_id(follower.id))
542 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=true")
543
544 assert %{"showing_reblogs" => true} = json_response(conn, 200)
545
546 conn =
547 build_conn()
548 |> assign(:user, User.get_cached_by_id(follower.id))
549 |> get("/api/v1/timelines/home")
550
551 expected_activity_id = reblog.id
552 assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
553 end
554
555 test "following / unfollowing errors" do
556 user = insert(:user)
557
558 conn =
559 build_conn()
560 |> assign(:user, user)
561
562 # self follow
563 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
564 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
565
566 # self unfollow
567 user = User.get_cached_by_id(user.id)
568 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
569 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
570
571 # self follow via uri
572 user = User.get_cached_by_id(user.id)
573 conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
574 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
575
576 # follow non existing user
577 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
578 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
579
580 # follow non existing user via uri
581 conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
582 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
583
584 # unfollow non existing user
585 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
586 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
587 end
588 end
589
590 describe "mute/unmute" do
591 test "with notifications", %{conn: conn} do
592 user = insert(:user)
593 other_user = insert(:user)
594
595 conn =
596 conn
597 |> assign(:user, user)
598 |> post("/api/v1/accounts/#{other_user.id}/mute")
599
600 response = json_response(conn, 200)
601
602 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
603 user = User.get_cached_by_id(user.id)
604
605 conn =
606 build_conn()
607 |> assign(:user, user)
608 |> post("/api/v1/accounts/#{other_user.id}/unmute")
609
610 response = json_response(conn, 200)
611 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
612 end
613
614 test "without notifications", %{conn: conn} do
615 user = insert(:user)
616 other_user = insert(:user)
617
618 conn =
619 conn
620 |> assign(:user, user)
621 |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
622
623 response = json_response(conn, 200)
624
625 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
626 user = User.get_cached_by_id(user.id)
627
628 conn =
629 build_conn()
630 |> assign(:user, user)
631 |> post("/api/v1/accounts/#{other_user.id}/unmute")
632
633 response = json_response(conn, 200)
634 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
635 end
636 end
637
638 describe "pinned statuses" do
639 setup do
640 user = insert(:user)
641 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
642
643 [user: user, activity: activity]
644 end
645
646 test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
647 {:ok, _} = CommonAPI.pin(activity.id, user)
648
649 result =
650 conn
651 |> assign(:user, user)
652 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
653 |> json_response(200)
654
655 id_str = to_string(activity.id)
656
657 assert [%{"id" => ^id_str, "pinned" => true}] = result
658 end
659 end
660
661 test "blocking / unblocking a user", %{conn: conn} do
662 user = insert(:user)
663 other_user = insert(:user)
664
665 conn =
666 conn
667 |> assign(:user, user)
668 |> post("/api/v1/accounts/#{other_user.id}/block")
669
670 assert %{"id" => _id, "blocking" => true} = json_response(conn, 200)
671
672 user = User.get_cached_by_id(user.id)
673
674 conn =
675 build_conn()
676 |> assign(:user, user)
677 |> post("/api/v1/accounts/#{other_user.id}/unblock")
678
679 assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
680 end
681
682 describe "create account by app" do
683 setup do
684 valid_params = %{
685 username: "lain",
686 email: "lain@example.org",
687 password: "PlzDontHackLain",
688 agreement: true
689 }
690
691 [valid_params: valid_params]
692 end
693
694 test "Account registration via Application", %{conn: conn} do
695 conn =
696 conn
697 |> post("/api/v1/apps", %{
698 client_name: "client_name",
699 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
700 scopes: "read, write, follow"
701 })
702
703 %{
704 "client_id" => client_id,
705 "client_secret" => client_secret,
706 "id" => _,
707 "name" => "client_name",
708 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
709 "vapid_key" => _,
710 "website" => nil
711 } = json_response(conn, 200)
712
713 conn =
714 conn
715 |> post("/oauth/token", %{
716 grant_type: "client_credentials",
717 client_id: client_id,
718 client_secret: client_secret
719 })
720
721 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
722 json_response(conn, 200)
723
724 assert token
725 token_from_db = Repo.get_by(Token, token: token)
726 assert token_from_db
727 assert refresh
728 assert scope == "read write follow"
729
730 conn =
731 build_conn()
732 |> put_req_header("authorization", "Bearer " <> token)
733 |> post("/api/v1/accounts", %{
734 username: "lain",
735 email: "lain@example.org",
736 password: "PlzDontHackLain",
737 bio: "Test Bio",
738 agreement: true
739 })
740
741 %{
742 "access_token" => token,
743 "created_at" => _created_at,
744 "scope" => _scope,
745 "token_type" => "Bearer"
746 } = json_response(conn, 200)
747
748 token_from_db = Repo.get_by(Token, token: token)
749 assert token_from_db
750 token_from_db = Repo.preload(token_from_db, :user)
751 assert token_from_db.user
752
753 assert token_from_db.user.confirmation_pending
754 end
755
756 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
757 _user = insert(:user, email: "lain@example.org")
758 app_token = insert(:oauth_token, user: nil)
759
760 conn =
761 conn
762 |> put_req_header("authorization", "Bearer " <> app_token.token)
763
764 res = post(conn, "/api/v1/accounts", valid_params)
765 assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
766 end
767
768 test "rate limit", %{conn: conn} do
769 app_token = insert(:oauth_token, user: nil)
770
771 conn =
772 put_req_header(conn, "authorization", "Bearer " <> app_token.token)
773 |> Map.put(:remote_ip, {15, 15, 15, 15})
774
775 for i <- 1..5 do
776 conn =
777 conn
778 |> post("/api/v1/accounts", %{
779 username: "#{i}lain",
780 email: "#{i}lain@example.org",
781 password: "PlzDontHackLain",
782 agreement: true
783 })
784
785 %{
786 "access_token" => token,
787 "created_at" => _created_at,
788 "scope" => _scope,
789 "token_type" => "Bearer"
790 } = json_response(conn, 200)
791
792 token_from_db = Repo.get_by(Token, token: token)
793 assert token_from_db
794 token_from_db = Repo.preload(token_from_db, :user)
795 assert token_from_db.user
796
797 assert token_from_db.user.confirmation_pending
798 end
799
800 conn =
801 conn
802 |> post("/api/v1/accounts", %{
803 username: "6lain",
804 email: "6lain@example.org",
805 password: "PlzDontHackLain",
806 agreement: true
807 })
808
809 assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
810 end
811
812 test "returns bad_request if missing required params", %{
813 conn: conn,
814 valid_params: valid_params
815 } do
816 app_token = insert(:oauth_token, user: nil)
817
818 conn =
819 conn
820 |> put_req_header("authorization", "Bearer " <> app_token.token)
821
822 res = post(conn, "/api/v1/accounts", valid_params)
823 assert json_response(res, 200)
824
825 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
826 |> Stream.zip(valid_params)
827 |> Enum.each(fn {ip, {attr, _}} ->
828 res =
829 conn
830 |> Map.put(:remote_ip, ip)
831 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
832 |> json_response(400)
833
834 assert res == %{"error" => "Missing parameters"}
835 end)
836 end
837
838 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
839 conn =
840 conn
841 |> put_req_header("authorization", "Bearer " <> "invalid-token")
842
843 res = post(conn, "/api/v1/accounts", valid_params)
844 assert json_response(res, 403) == %{"error" => "Invalid credentials"}
845 end
846 end
847
848 describe "GET /api/v1/accounts/:id/lists - account_lists" do
849 test "returns lists to which the account belongs", %{conn: conn} do
850 user = insert(:user)
851 other_user = insert(:user)
852 assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
853 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
854
855 res =
856 conn
857 |> assign(:user, user)
858 |> get("/api/v1/accounts/#{other_user.id}/lists")
859 |> json_response(200)
860
861 assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
862 end
863 end
864
865 describe "verify_credentials" do
866 test "verify_credentials", %{conn: conn} do
867 user = insert(:user)
868
869 conn =
870 conn
871 |> assign(:user, user)
872 |> get("/api/v1/accounts/verify_credentials")
873
874 response = json_response(conn, 200)
875
876 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
877 assert response["pleroma"]["chat_token"]
878 assert id == to_string(user.id)
879 end
880
881 test "verify_credentials default scope unlisted", %{conn: conn} do
882 user = insert(:user, default_scope: "unlisted")
883
884 conn =
885 conn
886 |> assign(:user, user)
887 |> get("/api/v1/accounts/verify_credentials")
888
889 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
890 assert id == to_string(user.id)
891 end
892
893 test "locked accounts", %{conn: conn} do
894 user = insert(:user, default_scope: "private")
895
896 conn =
897 conn
898 |> assign(:user, user)
899 |> get("/api/v1/accounts/verify_credentials")
900
901 assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
902 assert id == to_string(user.id)
903 end
904 end
905
906 describe "user relationships" do
907 test "returns the relationships for the current user", %{conn: conn} do
908 user = insert(:user)
909 other_user = insert(:user)
910 {:ok, user} = User.follow(user, other_user)
911
912 conn =
913 conn
914 |> assign(:user, user)
915 |> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
916
917 assert [relationship] = json_response(conn, 200)
918
919 assert to_string(other_user.id) == relationship["id"]
920 end
921
922 test "returns an empty list on a bad request", %{conn: conn} do
923 user = insert(:user)
924
925 conn =
926 conn
927 |> assign(:user, user)
928 |> get("/api/v1/accounts/relationships", %{})
929
930 assert [] = json_response(conn, 200)
931 end
932 end
933
934 test "getting a list of mutes", %{conn: conn} do
935 user = insert(:user)
936 other_user = insert(:user)
937
938 {:ok, _user_relationships} = User.mute(user, other_user)
939
940 conn =
941 conn
942 |> assign(:user, user)
943 |> get("/api/v1/mutes")
944
945 other_user_id = to_string(other_user.id)
946 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
947 end
948
949 test "getting a list of blocks", %{conn: conn} do
950 user = insert(:user)
951 other_user = insert(:user)
952
953 {:ok, _user_relationship} = User.block(user, other_user)
954
955 conn =
956 conn
957 |> assign(:user, user)
958 |> get("/api/v1/blocks")
959
960 other_user_id = to_string(other_user.id)
961 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
962 end
963 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git