1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.ActivityExpiration
11 alias Pleroma.Conversation.Participation
14 alias Pleroma.ScheduledActivity
15 alias Pleroma.Tests.ObanHelpers
17 alias Pleroma.Web.ActivityPub.ActivityPub
18 alias Pleroma.Web.CommonAPI
20 import Pleroma.Factory
22 setup do: clear_config([:instance, :federating])
23 setup do: clear_config([:instance, :allow_relay])
24 setup do: clear_config([:rich_media, :enabled])
26 describe "posting statuses" do
27 setup do: oauth_access(["write:statuses"])
29 test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
30 Pleroma.Config.put([:instance, :federating], true)
31 Pleroma.Config.get([:instance, :allow_relay], true)
35 |> put_req_header("content-type", "application/json")
36 |> post("api/v1/statuses", %{
37 "content_type" => "text/plain",
38 "source" => "Pleroma FE",
39 "status" => "Hello world",
40 "visibility" => "public"
42 |> json_response_and_validate_schema(200)
44 assert response["reblogs_count"] == 0
45 ObanHelpers.perform_all()
49 |> get("api/v1/statuses/#{response["id"]}", %{})
50 |> json_response_and_validate_schema(200)
52 assert response["reblogs_count"] == 0
55 test "posting a status", %{conn: conn} do
56 idempotency_key = "Pikachu rocks!"
60 |> put_req_header("content-type", "application/json")
61 |> put_req_header("idempotency-key", idempotency_key)
62 |> post("/api/v1/statuses", %{
64 "spoiler_text" => "2hu",
68 {:ok, ttl} = Cachex.ttl(:idempotency_cache, idempotency_key)
70 assert ttl > :timer.seconds(6 * 60 * 60 - 1)
72 assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} =
73 json_response_and_validate_schema(conn_one, 200)
75 assert Activity.get_by_id(id)
79 |> put_req_header("content-type", "application/json")
80 |> put_req_header("idempotency-key", idempotency_key)
81 |> post("/api/v1/statuses", %{
83 "spoiler_text" => "2hu",
87 assert %{"id" => second_id} = json_response(conn_two, 200)
88 assert id == second_id
92 |> put_req_header("content-type", "application/json")
93 |> post("/api/v1/statuses", %{
95 "spoiler_text" => "2hu",
96 "sensitive" => "False"
99 assert %{"id" => third_id} = json_response_and_validate_schema(conn_three, 200)
100 refute id == third_id
102 # An activity that will expire:
104 expires_in = 120 * 60
108 |> put_req_header("content-type", "application/json")
109 |> post("api/v1/statuses", %{
110 "status" => "oolong",
111 "expires_in" => expires_in
114 assert fourth_response =
115 %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200)
117 assert activity = Activity.get_by_id(fourth_id)
118 assert expiration = ActivityExpiration.get_by_activity_id(fourth_id)
120 estimated_expires_at =
121 NaiveDateTime.utc_now()
122 |> NaiveDateTime.add(expires_in)
123 |> NaiveDateTime.truncate(:second)
125 # This assert will fail if the test takes longer than a minute. I sure hope it never does:
126 assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60
128 assert fourth_response["pleroma"]["expires_at"] ==
129 NaiveDateTime.to_iso8601(expiration.scheduled_at)
132 test "it fails to create a status if `expires_in` is less or equal than an hour", %{
138 assert %{"error" => "Expiry date is too soon"} =
140 |> put_req_header("content-type", "application/json")
141 |> post("api/v1/statuses", %{
142 "status" => "oolong",
143 "expires_in" => expires_in
145 |> json_response_and_validate_schema(422)
150 assert %{"error" => "Expiry date is too soon"} =
152 |> put_req_header("content-type", "application/json")
153 |> post("api/v1/statuses", %{
154 "status" => "oolong",
155 "expires_in" => expires_in
157 |> json_response_and_validate_schema(422)
160 test "posting an undefined status with an attachment", %{user: user, conn: conn} do
162 content_type: "image/jpg",
163 path: Path.absname("test/fixtures/image.jpg"),
164 filename: "an_image.jpg"
167 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
171 |> put_req_header("content-type", "application/json")
172 |> post("/api/v1/statuses", %{
173 "media_ids" => [to_string(upload.id)]
176 assert json_response_and_validate_schema(conn, 200)
179 test "replying to a status", %{user: user, conn: conn} do
180 {:ok, replied_to} = CommonAPI.post(user, %{status: "cofe"})
184 |> put_req_header("content-type", "application/json")
185 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
187 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
189 activity = Activity.get_by_id(id)
191 assert activity.data["context"] == replied_to.data["context"]
192 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
195 test "replying to a direct message with visibility other than direct", %{
199 {:ok, replied_to} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"})
201 Enum.each(["public", "private", "unlisted"], fn visibility ->
204 |> put_req_header("content-type", "application/json")
205 |> post("/api/v1/statuses", %{
206 "status" => "@#{user.nickname} hey",
207 "in_reply_to_id" => replied_to.id,
208 "visibility" => visibility
211 assert json_response_and_validate_schema(conn, 422) == %{
212 "error" => "The message visibility must be direct"
217 test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
220 |> put_req_header("content-type", "application/json")
221 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
223 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
224 assert Activity.get_by_id(id)
227 test "posting a sensitive status", %{conn: conn} do
230 |> put_req_header("content-type", "application/json")
231 |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
233 assert %{"content" => "cofe", "id" => id, "sensitive" => true} =
234 json_response_and_validate_schema(conn, 200)
236 assert Activity.get_by_id(id)
239 test "posting a fake status", %{conn: conn} do
242 |> put_req_header("content-type", "application/json")
243 |> post("/api/v1/statuses", %{
245 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
248 real_status = json_response_and_validate_schema(real_conn, 200)
251 assert Object.get_by_ap_id(real_status["uri"])
255 |> Map.put("id", nil)
256 |> Map.put("url", nil)
257 |> Map.put("uri", nil)
258 |> Map.put("created_at", nil)
259 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
263 |> put_req_header("content-type", "application/json")
264 |> post("/api/v1/statuses", %{
266 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
270 fake_status = json_response_and_validate_schema(fake_conn, 200)
273 refute Object.get_by_ap_id(fake_status["uri"])
277 |> Map.put("id", nil)
278 |> Map.put("url", nil)
279 |> Map.put("uri", nil)
280 |> Map.put("created_at", nil)
281 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
283 assert real_status == fake_status
286 test "posting a status with OGP link preview", %{conn: conn} do
287 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
288 Config.put([:rich_media, :enabled], true)
292 |> put_req_header("content-type", "application/json")
293 |> post("/api/v1/statuses", %{
294 "status" => "https://example.com/ogp"
297 assert %{"id" => id, "card" => %{"title" => "The Rock"}} =
298 json_response_and_validate_schema(conn, 200)
300 assert Activity.get_by_id(id)
303 test "posting a direct status", %{conn: conn} do
304 user2 = insert(:user)
305 content = "direct cofe @#{user2.nickname}"
309 |> put_req_header("content-type", "application/json")
310 |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
312 assert %{"id" => id} = response = json_response_and_validate_schema(conn, 200)
313 assert response["visibility"] == "direct"
314 assert response["pleroma"]["direct_conversation_id"]
315 assert activity = Activity.get_by_id(id)
316 assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id]
317 assert activity.data["to"] == [user2.ap_id]
318 assert activity.data["cc"] == []
322 describe "posting scheduled statuses" do
323 setup do: oauth_access(["write:statuses"])
325 test "creates a scheduled activity", %{conn: conn} do
327 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
328 |> NaiveDateTime.to_iso8601()
333 |> put_req_header("content-type", "application/json")
334 |> post("/api/v1/statuses", %{
335 "status" => "scheduled",
336 "scheduled_at" => scheduled_at
339 assert %{"scheduled_at" => expected_scheduled_at} =
340 json_response_and_validate_schema(conn, 200)
342 assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at)
343 assert [] == Repo.all(Activity)
346 test "ignores nil values", %{conn: conn} do
349 |> put_req_header("content-type", "application/json")
350 |> post("/api/v1/statuses", %{
351 "status" => "not scheduled",
352 "scheduled_at" => nil
355 assert result = json_response_and_validate_schema(conn, 200)
356 assert Activity.get_by_id(result["id"])
359 test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
361 NaiveDateTime.utc_now()
362 |> NaiveDateTime.add(:timer.minutes(120), :millisecond)
363 |> NaiveDateTime.to_iso8601()
367 content_type: "image/jpg",
368 path: Path.absname("test/fixtures/image.jpg"),
369 filename: "an_image.jpg"
372 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
376 |> put_req_header("content-type", "application/json")
377 |> post("/api/v1/statuses", %{
378 "media_ids" => [to_string(upload.id)],
379 "status" => "scheduled",
380 "scheduled_at" => scheduled_at
383 assert %{"media_attachments" => [media_attachment]} =
384 json_response_and_validate_schema(conn, 200)
386 assert %{"type" => "image"} = media_attachment
389 test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
392 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
393 |> NaiveDateTime.to_iso8601()
398 |> put_req_header("content-type", "application/json")
399 |> post("/api/v1/statuses", %{
400 "status" => "not scheduled",
401 "scheduled_at" => scheduled_at
404 assert %{"content" => "not scheduled"} = json_response_and_validate_schema(conn, 200)
405 assert [] == Repo.all(ScheduledActivity)
408 test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
410 NaiveDateTime.utc_now()
411 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
412 |> NaiveDateTime.to_iso8601()
416 attrs = %{params: %{}, scheduled_at: today}
417 {:ok, _} = ScheduledActivity.create(user, attrs)
418 {:ok, _} = ScheduledActivity.create(user, attrs)
422 |> put_req_header("content-type", "application/json")
423 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
425 assert %{"error" => "daily limit exceeded"} == json_response_and_validate_schema(conn, 422)
428 test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
430 NaiveDateTime.utc_now()
431 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
432 |> NaiveDateTime.to_iso8601()
436 NaiveDateTime.utc_now()
437 |> NaiveDateTime.add(:timer.hours(36), :millisecond)
438 |> NaiveDateTime.to_iso8601()
441 attrs = %{params: %{}, scheduled_at: today}
442 {:ok, _} = ScheduledActivity.create(user, attrs)
443 {:ok, _} = ScheduledActivity.create(user, attrs)
444 {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
448 |> put_req_header("content-type", "application/json")
449 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
451 assert %{"error" => "total limit exceeded"} == json_response_and_validate_schema(conn, 422)
455 describe "posting polls" do
456 setup do: oauth_access(["write:statuses"])
458 test "posting a poll", %{conn: conn} do
459 time = NaiveDateTime.utc_now()
463 |> put_req_header("content-type", "application/json")
464 |> post("/api/v1/statuses", %{
465 "status" => "Who is the #bestgrill?",
467 "options" => ["Rei", "Asuka", "Misato"],
472 response = json_response_and_validate_schema(conn, 200)
474 assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
475 title in ["Rei", "Asuka", "Misato"]
478 assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
479 refute response["poll"]["expred"]
481 question = Object.get_by_id(response["poll"]["id"])
483 # closed contains utc timezone
484 assert question.data["closed"] =~ "Z"
487 test "option limit is enforced", %{conn: conn} do
488 limit = Config.get([:instance, :poll_limits, :max_options])
492 |> put_req_header("content-type", "application/json")
493 |> post("/api/v1/statuses", %{
495 "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
498 %{"error" => error} = json_response_and_validate_schema(conn, 422)
499 assert error == "Poll can't contain more than #{limit} options"
502 test "option character limit is enforced", %{conn: conn} do
503 limit = Config.get([:instance, :poll_limits, :max_option_chars])
507 |> put_req_header("content-type", "application/json")
508 |> post("/api/v1/statuses", %{
511 "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
516 %{"error" => error} = json_response_and_validate_schema(conn, 422)
517 assert error == "Poll options cannot be longer than #{limit} characters each"
520 test "minimal date limit is enforced", %{conn: conn} do
521 limit = Config.get([:instance, :poll_limits, :min_expiration])
525 |> put_req_header("content-type", "application/json")
526 |> post("/api/v1/statuses", %{
527 "status" => "imagine arbitrary limits",
529 "options" => ["this post was made by pleroma gang"],
530 "expires_in" => limit - 1
534 %{"error" => error} = json_response_and_validate_schema(conn, 422)
535 assert error == "Expiration date is too soon"
538 test "maximum date limit is enforced", %{conn: conn} do
539 limit = Config.get([:instance, :poll_limits, :max_expiration])
543 |> put_req_header("content-type", "application/json")
544 |> post("/api/v1/statuses", %{
545 "status" => "imagine arbitrary limits",
547 "options" => ["this post was made by pleroma gang"],
548 "expires_in" => limit + 1
552 %{"error" => error} = json_response_and_validate_schema(conn, 422)
553 assert error == "Expiration date is too far in the future"
557 test "get a status" do
558 %{conn: conn} = oauth_access(["read:statuses"])
559 activity = insert(:note_activity)
561 conn = get(conn, "/api/v1/statuses/#{activity.id}")
563 assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
564 assert id == to_string(activity.id)
567 defp local_and_remote_activities do
568 local = insert(:note_activity)
569 remote = insert(:note_activity, local: false)
570 {:ok, local: local, remote: remote}
573 describe "status with restrict unauthenticated activities for local and remote" do
574 setup do: local_and_remote_activities()
576 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
578 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
580 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
581 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
583 assert json_response_and_validate_schema(res_conn, :not_found) == %{
584 "error" => "Record not found"
587 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
589 assert json_response_and_validate_schema(res_conn, :not_found) == %{
590 "error" => "Record not found"
594 test "if user is authenticated", %{local: local, remote: remote} do
595 %{conn: conn} = oauth_access(["read"])
596 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
597 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
599 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
600 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
604 describe "status with restrict unauthenticated activities for local" do
605 setup do: local_and_remote_activities()
607 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
609 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
610 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
612 assert json_response_and_validate_schema(res_conn, :not_found) == %{
613 "error" => "Record not found"
616 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
617 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
620 test "if user is authenticated", %{local: local, remote: remote} do
621 %{conn: conn} = oauth_access(["read"])
622 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
623 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
625 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
626 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
630 describe "status with restrict unauthenticated activities for remote" do
631 setup do: local_and_remote_activities()
633 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
635 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
636 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
637 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
639 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
641 assert json_response_and_validate_schema(res_conn, :not_found) == %{
642 "error" => "Record not found"
646 test "if user is authenticated", %{local: local, remote: remote} do
647 %{conn: conn} = oauth_access(["read"])
648 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
649 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
651 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
652 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
656 test "getting a status that doesn't exist returns 404" do
657 %{conn: conn} = oauth_access(["read:statuses"])
658 activity = insert(:note_activity)
660 conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}")
662 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
665 test "get a direct status" do
666 %{user: user, conn: conn} = oauth_access(["read:statuses"])
667 other_user = insert(:user)
670 CommonAPI.post(user, %{status: "@#{other_user.nickname}", visibility: "direct"})
674 |> assign(:user, user)
675 |> get("/api/v1/statuses/#{activity.id}")
677 [participation] = Participation.for_user(user)
679 res = json_response_and_validate_schema(conn, 200)
680 assert res["pleroma"]["direct_conversation_id"] == participation.id
683 test "get statuses by IDs" do
684 %{conn: conn} = oauth_access(["read:statuses"])
685 %{id: id1} = insert(:note_activity)
686 %{id: id2} = insert(:note_activity)
688 query_string = "ids[]=#{id1}&ids[]=#{id2}"
689 conn = get(conn, "/api/v1/statuses/?#{query_string}")
691 assert [%{"id" => ^id1}, %{"id" => ^id2}] =
692 Enum.sort_by(json_response_and_validate_schema(conn, :ok), & &1["id"])
695 describe "getting statuses by ids with restricted unauthenticated for local and remote" do
696 setup do: local_and_remote_activities()
698 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
700 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
702 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
703 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
705 assert json_response_and_validate_schema(res_conn, 200) == []
708 test "if user is authenticated", %{local: local, remote: remote} do
709 %{conn: conn} = oauth_access(["read"])
711 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
713 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
717 describe "getting statuses by ids with restricted unauthenticated for local" do
718 setup do: local_and_remote_activities()
720 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
722 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
723 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
725 remote_id = remote.id
726 assert [%{"id" => ^remote_id}] = json_response_and_validate_schema(res_conn, 200)
729 test "if user is authenticated", %{local: local, remote: remote} do
730 %{conn: conn} = oauth_access(["read"])
732 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
734 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
738 describe "getting statuses by ids with restricted unauthenticated for remote" do
739 setup do: local_and_remote_activities()
741 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
743 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
744 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
747 assert [%{"id" => ^local_id}] = json_response_and_validate_schema(res_conn, 200)
750 test "if user is authenticated", %{local: local, remote: remote} do
751 %{conn: conn} = oauth_access(["read"])
753 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
755 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
759 describe "deleting a status" do
760 test "when you created it" do
761 %{user: author, conn: conn} = oauth_access(["write:statuses"])
762 activity = insert(:note_activity, user: author)
766 |> assign(:user, author)
767 |> delete("/api/v1/statuses/#{activity.id}")
769 assert %{} = json_response_and_validate_schema(conn, 200)
771 refute Activity.get_by_id(activity.id)
774 test "when it doesn't exist" do
775 %{user: author, conn: conn} = oauth_access(["write:statuses"])
776 activity = insert(:note_activity, user: author)
780 |> assign(:user, author)
781 |> delete("/api/v1/statuses/#{String.downcase(activity.id)}")
783 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
786 test "when you didn't create it" do
787 %{conn: conn} = oauth_access(["write:statuses"])
788 activity = insert(:note_activity)
790 conn = delete(conn, "/api/v1/statuses/#{activity.id}")
792 assert %{"error" => _} = json_response_and_validate_schema(conn, 403)
794 assert Activity.get_by_id(activity.id) == activity
797 test "when you're an admin or moderator", %{conn: conn} do
798 activity1 = insert(:note_activity)
799 activity2 = insert(:note_activity)
800 admin = insert(:user, is_admin: true)
801 moderator = insert(:user, is_moderator: true)
805 |> assign(:user, admin)
806 |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
807 |> delete("/api/v1/statuses/#{activity1.id}")
809 assert %{} = json_response_and_validate_schema(res_conn, 200)
813 |> assign(:user, moderator)
814 |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
815 |> delete("/api/v1/statuses/#{activity2.id}")
817 assert %{} = json_response_and_validate_schema(res_conn, 200)
819 refute Activity.get_by_id(activity1.id)
820 refute Activity.get_by_id(activity2.id)
824 describe "reblogging" do
825 setup do: oauth_access(["write:statuses"])
827 test "reblogs and returns the reblogged status", %{conn: conn} do
828 activity = insert(:note_activity)
832 |> put_req_header("content-type", "application/json")
833 |> post("/api/v1/statuses/#{activity.id}/reblog")
836 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
838 } = json_response_and_validate_schema(conn, 200)
840 assert to_string(activity.id) == id
843 test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do
844 activity = insert(:note_activity)
848 |> put_req_header("content-type", "application/json")
849 |> post("/api/v1/statuses/#{String.downcase(activity.id)}/reblog")
851 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
854 test "reblogs privately and returns the reblogged status", %{conn: conn} do
855 activity = insert(:note_activity)
859 |> put_req_header("content-type", "application/json")
861 "/api/v1/statuses/#{activity.id}/reblog",
862 %{"visibility" => "private"}
866 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
868 "visibility" => "private"
869 } = json_response_and_validate_schema(conn, 200)
871 assert to_string(activity.id) == id
874 test "reblogged status for another user" do
875 activity = insert(:note_activity)
876 user1 = insert(:user)
877 user2 = insert(:user)
878 user3 = insert(:user)
879 {:ok, _} = CommonAPI.favorite(user2, activity.id)
880 {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id)
881 {:ok, reblog_activity1} = CommonAPI.repeat(activity.id, user1)
882 {:ok, _} = CommonAPI.repeat(activity.id, user2)
886 |> assign(:user, user3)
887 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
888 |> get("/api/v1/statuses/#{reblog_activity1.id}")
891 "reblog" => %{"id" => id, "reblogged" => false, "reblogs_count" => 2},
892 "reblogged" => false,
893 "favourited" => false,
894 "bookmarked" => false
895 } = json_response_and_validate_schema(conn_res, 200)
899 |> assign(:user, user2)
900 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
901 |> get("/api/v1/statuses/#{reblog_activity1.id}")
904 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2},
906 "favourited" => true,
908 } = json_response_and_validate_schema(conn_res, 200)
910 assert to_string(activity.id) == id
914 describe "unreblogging" do
915 setup do: oauth_access(["write:statuses"])
917 test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
918 activity = insert(:note_activity)
920 {:ok, _} = CommonAPI.repeat(activity.id, user)
924 |> put_req_header("content-type", "application/json")
925 |> post("/api/v1/statuses/#{activity.id}/unreblog")
927 assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} =
928 json_response_and_validate_schema(conn, 200)
930 assert to_string(activity.id) == id
933 test "returns 404 error when activity does not exist", %{conn: conn} do
936 |> put_req_header("content-type", "application/json")
937 |> post("/api/v1/statuses/foo/unreblog")
939 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
943 describe "favoriting" do
944 setup do: oauth_access(["write:favourites"])
946 test "favs a status and returns it", %{conn: conn} do
947 activity = insert(:note_activity)
951 |> put_req_header("content-type", "application/json")
952 |> post("/api/v1/statuses/#{activity.id}/favourite")
954 assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
955 json_response_and_validate_schema(conn, 200)
957 assert to_string(activity.id) == id
960 test "favoriting twice will just return 200", %{conn: conn} do
961 activity = insert(:note_activity)
964 |> put_req_header("content-type", "application/json")
965 |> post("/api/v1/statuses/#{activity.id}/favourite")
968 |> put_req_header("content-type", "application/json")
969 |> post("/api/v1/statuses/#{activity.id}/favourite")
970 |> json_response_and_validate_schema(200)
973 test "returns 404 error for a wrong id", %{conn: conn} do
976 |> put_req_header("content-type", "application/json")
977 |> post("/api/v1/statuses/1/favourite")
979 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
983 describe "unfavoriting" do
984 setup do: oauth_access(["write:favourites"])
986 test "unfavorites a status and returns it", %{user: user, conn: conn} do
987 activity = insert(:note_activity)
989 {:ok, _} = CommonAPI.favorite(user, activity.id)
993 |> put_req_header("content-type", "application/json")
994 |> post("/api/v1/statuses/#{activity.id}/unfavourite")
996 assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
997 json_response_and_validate_schema(conn, 200)
999 assert to_string(activity.id) == id
1002 test "returns 404 error for a wrong id", %{conn: conn} do
1005 |> put_req_header("content-type", "application/json")
1006 |> post("/api/v1/statuses/1/unfavourite")
1008 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1012 describe "pinned statuses" do
1013 setup do: oauth_access(["write:accounts"])
1015 setup %{user: user} do
1016 {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
1018 %{activity: activity}
1021 setup do: clear_config([:instance, :max_pinned_statuses], 1)
1023 test "pin status", %{conn: conn, user: user, activity: activity} do
1024 id_str = to_string(activity.id)
1026 assert %{"id" => ^id_str, "pinned" => true} =
1028 |> put_req_header("content-type", "application/json")
1029 |> post("/api/v1/statuses/#{activity.id}/pin")
1030 |> json_response_and_validate_schema(200)
1032 assert [%{"id" => ^id_str, "pinned" => true}] =
1034 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1035 |> json_response_and_validate_schema(200)
1038 test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
1039 {:ok, dm} = CommonAPI.post(user, %{status: "test", visibility: "direct"})
1043 |> put_req_header("content-type", "application/json")
1044 |> post("/api/v1/statuses/#{dm.id}/pin")
1046 assert json_response_and_validate_schema(conn, 400) == %{"error" => "Could not pin"}
1049 test "unpin status", %{conn: conn, user: user, activity: activity} do
1050 {:ok, _} = CommonAPI.pin(activity.id, user)
1051 user = refresh_record(user)
1053 id_str = to_string(activity.id)
1055 assert %{"id" => ^id_str, "pinned" => false} =
1057 |> assign(:user, user)
1058 |> post("/api/v1/statuses/#{activity.id}/unpin")
1059 |> json_response_and_validate_schema(200)
1063 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1064 |> json_response_and_validate_schema(200)
1067 test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do
1070 |> put_req_header("content-type", "application/json")
1071 |> post("/api/v1/statuses/1/unpin")
1073 assert json_response_and_validate_schema(conn, 400) == %{"error" => "Could not unpin"}
1076 test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
1077 {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"})
1079 id_str_one = to_string(activity_one.id)
1081 assert %{"id" => ^id_str_one, "pinned" => true} =
1083 |> put_req_header("content-type", "application/json")
1084 |> post("/api/v1/statuses/#{id_str_one}/pin")
1085 |> json_response_and_validate_schema(200)
1087 user = refresh_record(user)
1089 assert %{"error" => "You have already pinned the maximum number of statuses"} =
1091 |> assign(:user, user)
1092 |> post("/api/v1/statuses/#{activity_two.id}/pin")
1093 |> json_response_and_validate_schema(400)
1099 Config.put([:rich_media, :enabled], true)
1101 oauth_access(["read:statuses"])
1104 test "returns rich-media card", %{conn: conn, user: user} do
1105 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
1107 {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp"})
1110 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1111 "provider_name" => "example.com",
1112 "provider_url" => "https://example.com",
1113 "title" => "The Rock",
1115 "url" => "https://example.com/ogp",
1117 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
1120 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1121 "title" => "The Rock",
1122 "type" => "video.movie",
1123 "url" => "https://example.com/ogp",
1125 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer."
1132 |> get("/api/v1/statuses/#{activity.id}/card")
1133 |> json_response_and_validate_schema(200)
1135 assert response == card_data
1137 # works with private posts
1139 CommonAPI.post(user, %{status: "https://example.com/ogp", visibility: "direct"})
1143 |> get("/api/v1/statuses/#{activity.id}/card")
1144 |> json_response_and_validate_schema(200)
1146 assert response_two == card_data
1149 test "replaces missing description with an empty string", %{conn: conn, user: user} do
1150 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
1152 {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp-missing-data"})
1156 |> get("/api/v1/statuses/#{activity.id}/card")
1157 |> json_response_and_validate_schema(:ok)
1159 assert response == %{
1161 "title" => "Pleroma",
1162 "description" => "",
1164 "provider_name" => "example.com",
1165 "provider_url" => "https://example.com",
1166 "url" => "https://example.com/ogp-missing-data",
1169 "title" => "Pleroma",
1170 "type" => "website",
1171 "url" => "https://example.com/ogp-missing-data"
1179 bookmarks_uri = "/api/v1/bookmarks"
1181 %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
1182 author = insert(:user)
1184 {:ok, activity1} = CommonAPI.post(author, %{status: "heweoo?"})
1185 {:ok, activity2} = CommonAPI.post(author, %{status: "heweoo!"})
1189 |> put_req_header("content-type", "application/json")
1190 |> post("/api/v1/statuses/#{activity1.id}/bookmark")
1192 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == true
1196 |> put_req_header("content-type", "application/json")
1197 |> post("/api/v1/statuses/#{activity2.id}/bookmark")
1199 assert json_response_and_validate_schema(response2, 200)["bookmarked"] == true
1201 bookmarks = get(conn, bookmarks_uri)
1204 json_response_and_validate_schema(response2, 200),
1205 json_response_and_validate_schema(response1, 200)
1207 json_response_and_validate_schema(bookmarks, 200)
1211 |> put_req_header("content-type", "application/json")
1212 |> post("/api/v1/statuses/#{activity1.id}/unbookmark")
1214 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == false
1216 bookmarks = get(conn, bookmarks_uri)
1218 assert [json_response_and_validate_schema(response2, 200)] ==
1219 json_response_and_validate_schema(bookmarks, 200)
1222 describe "conversation muting" do
1223 setup do: oauth_access(["write:mutes"])
1226 post_user = insert(:user)
1227 {:ok, activity} = CommonAPI.post(post_user, %{status: "HIE"})
1228 %{activity: activity}
1231 test "mute conversation", %{conn: conn, activity: activity} do
1232 id_str = to_string(activity.id)
1234 assert %{"id" => ^id_str, "muted" => true} =
1236 |> put_req_header("content-type", "application/json")
1237 |> post("/api/v1/statuses/#{activity.id}/mute")
1238 |> json_response_and_validate_schema(200)
1241 test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
1242 {:ok, _} = CommonAPI.add_mute(user, activity)
1246 |> put_req_header("content-type", "application/json")
1247 |> post("/api/v1/statuses/#{activity.id}/mute")
1249 assert json_response_and_validate_schema(conn, 400) == %{
1250 "error" => "conversation is already muted"
1254 test "unmute conversation", %{conn: conn, user: user, activity: activity} do
1255 {:ok, _} = CommonAPI.add_mute(user, activity)
1257 id_str = to_string(activity.id)
1259 assert %{"id" => ^id_str, "muted" => false} =
1261 # |> assign(:user, user)
1262 |> post("/api/v1/statuses/#{activity.id}/unmute")
1263 |> json_response_and_validate_schema(200)
1267 test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do
1268 user1 = insert(:user)
1269 user2 = insert(:user)
1270 user3 = insert(:user)
1272 {:ok, replied_to} = CommonAPI.post(user1, %{status: "cofe"})
1274 # Reply to status from another user
1277 |> assign(:user, user2)
1278 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
1279 |> put_req_header("content-type", "application/json")
1280 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
1282 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn1, 200)
1284 activity = Activity.get_by_id_with_object(id)
1286 assert Object.normalize(activity).data["inReplyTo"] == Object.normalize(replied_to).data["id"]
1287 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
1289 # Reblog from the third user
1292 |> assign(:user, user3)
1293 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
1294 |> put_req_header("content-type", "application/json")
1295 |> post("/api/v1/statuses/#{activity.id}/reblog")
1297 assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
1298 json_response_and_validate_schema(conn2, 200)
1300 assert to_string(activity.id) == id
1302 # Getting third user status
1305 |> assign(:user, user3)
1306 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1307 |> get("api/v1/timelines/home")
1309 [reblogged_activity] = json_response(conn3, 200)
1311 assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
1313 replied_to_user = User.get_by_ap_id(replied_to.data["actor"])
1314 assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id
1317 describe "GET /api/v1/statuses/:id/favourited_by" do
1318 setup do: oauth_access(["read:accounts"])
1320 setup %{user: user} do
1321 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1323 %{activity: activity}
1326 test "returns users who have favorited the status", %{conn: conn, activity: activity} do
1327 other_user = insert(:user)
1328 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1332 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1333 |> json_response_and_validate_schema(:ok)
1335 [%{"id" => id}] = response
1337 assert id == other_user.id
1340 test "returns empty array when status has not been favorited yet", %{
1346 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1347 |> json_response_and_validate_schema(:ok)
1349 assert Enum.empty?(response)
1352 test "does not return users who have favorited the status but are blocked", %{
1353 conn: %{assigns: %{user: user}} = conn,
1356 other_user = insert(:user)
1357 {:ok, _user_relationship} = User.block(user, other_user)
1359 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1363 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1364 |> json_response_and_validate_schema(:ok)
1366 assert Enum.empty?(response)
1369 test "does not fail on an unauthenticated request", %{activity: activity} do
1370 other_user = insert(:user)
1371 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1375 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1376 |> json_response_and_validate_schema(:ok)
1378 [%{"id" => id}] = response
1379 assert id == other_user.id
1382 test "requires authentication for private posts", %{user: user} do
1383 other_user = insert(:user)
1386 CommonAPI.post(user, %{
1387 status: "@#{other_user.nickname} wanna get some #cofe together?",
1388 visibility: "direct"
1391 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1393 favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
1396 |> get(favourited_by_url)
1397 |> json_response_and_validate_schema(404)
1401 |> assign(:user, other_user)
1402 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1405 |> assign(:token, nil)
1406 |> get(favourited_by_url)
1407 |> json_response_and_validate_schema(404)
1411 |> get(favourited_by_url)
1412 |> json_response_and_validate_schema(200)
1414 [%{"id" => id}] = response
1415 assert id == other_user.id
1419 describe "GET /api/v1/statuses/:id/reblogged_by" do
1420 setup do: oauth_access(["read:accounts"])
1422 setup %{user: user} do
1423 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1425 %{activity: activity}
1428 test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
1429 other_user = insert(:user)
1430 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1434 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1435 |> json_response_and_validate_schema(:ok)
1437 [%{"id" => id}] = response
1439 assert id == other_user.id
1442 test "returns empty array when status has not been reblogged yet", %{
1448 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1449 |> json_response_and_validate_schema(:ok)
1451 assert Enum.empty?(response)
1454 test "does not return users who have reblogged the status but are blocked", %{
1455 conn: %{assigns: %{user: user}} = conn,
1458 other_user = insert(:user)
1459 {:ok, _user_relationship} = User.block(user, other_user)
1461 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1465 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1466 |> json_response_and_validate_schema(:ok)
1468 assert Enum.empty?(response)
1471 test "does not return users who have reblogged the status privately", %{
1474 other_user = insert(:user)
1475 {:ok, activity} = CommonAPI.post(other_user, %{status: "my secret post"})
1477 {:ok, _} = CommonAPI.repeat(activity.id, other_user, %{visibility: "private"})
1481 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1482 |> json_response_and_validate_schema(:ok)
1484 assert Enum.empty?(response)
1487 test "does not fail on an unauthenticated request", %{activity: activity} do
1488 other_user = insert(:user)
1489 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1493 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1494 |> json_response_and_validate_schema(:ok)
1496 [%{"id" => id}] = response
1497 assert id == other_user.id
1500 test "requires authentication for private posts", %{user: user} do
1501 other_user = insert(:user)
1504 CommonAPI.post(user, %{
1505 status: "@#{other_user.nickname} wanna get some #cofe together?",
1506 visibility: "direct"
1510 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1511 |> json_response_and_validate_schema(404)
1515 |> assign(:user, other_user)
1516 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1517 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1518 |> json_response_and_validate_schema(200)
1520 assert [] == response
1525 user = insert(:user)
1527 {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
1528 {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
1529 {:ok, %{id: id3}} = CommonAPI.post(user, %{status: "3", in_reply_to_status_id: id2})
1530 {:ok, %{id: id4}} = CommonAPI.post(user, %{status: "4", in_reply_to_status_id: id3})
1531 {:ok, %{id: id5}} = CommonAPI.post(user, %{status: "5", in_reply_to_status_id: id4})
1535 |> get("/api/v1/statuses/#{id3}/context")
1536 |> json_response_and_validate_schema(:ok)
1539 "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}],
1540 "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}]
1544 test "returns the favorites of a user" do
1545 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1546 other_user = insert(:user)
1548 {:ok, _} = CommonAPI.post(other_user, %{status: "bla"})
1549 {:ok, activity} = CommonAPI.post(other_user, %{status: "traps are happy"})
1551 {:ok, _} = CommonAPI.favorite(user, activity.id)
1553 first_conn = get(conn, "/api/v1/favourites")
1555 assert [status] = json_response_and_validate_schema(first_conn, 200)
1556 assert status["id"] == to_string(activity.id)
1558 assert [{"link", _link_header}] =
1559 Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end)
1561 # Honours query params
1562 {:ok, second_activity} =
1563 CommonAPI.post(other_user, %{
1564 status: "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful."
1567 {:ok, _} = CommonAPI.favorite(user, second_activity.id)
1569 last_like = status["id"]
1571 second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like}")
1573 assert [second_status] = json_response_and_validate_schema(second_conn, 200)
1574 assert second_status["id"] == to_string(second_activity.id)
1576 third_conn = get(conn, "/api/v1/favourites?limit=0")
1578 assert [] = json_response_and_validate_schema(third_conn, 200)
1581 test "expires_at is nil for another user" do
1582 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1583 {:ok, activity} = CommonAPI.post(user, %{status: "foobar", expires_in: 1_000_000})
1587 |> ActivityExpiration.get_by_activity_id()
1588 |> Map.get(:scheduled_at)
1589 |> NaiveDateTime.to_iso8601()
1591 assert %{"pleroma" => %{"expires_at" => ^expires_at}} =
1593 |> get("/api/v1/statuses/#{activity.id}")
1594 |> json_response_and_validate_schema(:ok)
1596 %{conn: conn} = oauth_access(["read:statuses"])
1598 assert %{"pleroma" => %{"expires_at" => nil}} =
1600 |> get("/api/v1/statuses/#{activity.id}")
1601 |> json_response_and_validate_schema(:ok)