Merge branch 'feature/mastofe-admin-scope' into 'develop'
[akkoma] / test / web / mastodon_api / controllers / status_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase
7
8 alias Pleroma.Activity
9 alias Pleroma.ActivityExpiration
10 alias Pleroma.Config
11 alias Pleroma.Conversation.Participation
12 alias Pleroma.Object
13 alias Pleroma.Repo
14 alias Pleroma.ScheduledActivity
15 alias Pleroma.Tests.ObanHelpers
16 alias Pleroma.User
17 alias Pleroma.Web.ActivityPub.ActivityPub
18 alias Pleroma.Web.CommonAPI
19
20 import Pleroma.Factory
21
22 clear_config([:instance, :federating])
23 clear_config([:instance, :allow_relay])
24 clear_config([:rich_media, :enabled])
25
26 describe "posting statuses" do
27 setup do: oauth_access(["write:statuses"])
28
29 test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
30 Pleroma.Config.put([:instance, :federating], true)
31 Pleroma.Config.get([:instance, :allow_relay], true)
32
33 response =
34 conn
35 |> post("api/v1/statuses", %{
36 "content_type" => "text/plain",
37 "source" => "Pleroma FE",
38 "status" => "Hello world",
39 "visibility" => "public"
40 })
41 |> json_response(200)
42
43 assert response["reblogs_count"] == 0
44 ObanHelpers.perform_all()
45
46 response =
47 conn
48 |> get("api/v1/statuses/#{response["id"]}", %{})
49 |> json_response(200)
50
51 assert response["reblogs_count"] == 0
52 end
53
54 test "posting a status", %{conn: conn} do
55 idempotency_key = "Pikachu rocks!"
56
57 conn_one =
58 conn
59 |> put_req_header("idempotency-key", idempotency_key)
60 |> post("/api/v1/statuses", %{
61 "status" => "cofe",
62 "spoiler_text" => "2hu",
63 "sensitive" => "false"
64 })
65
66 {:ok, ttl} = Cachex.ttl(:idempotency_cache, idempotency_key)
67 # Six hours
68 assert ttl > :timer.seconds(6 * 60 * 60 - 1)
69
70 assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} =
71 json_response(conn_one, 200)
72
73 assert Activity.get_by_id(id)
74
75 conn_two =
76 conn
77 |> put_req_header("idempotency-key", idempotency_key)
78 |> post("/api/v1/statuses", %{
79 "status" => "cofe",
80 "spoiler_text" => "2hu",
81 "sensitive" => "false"
82 })
83
84 assert %{"id" => second_id} = json_response(conn_two, 200)
85 assert id == second_id
86
87 conn_three =
88 conn
89 |> post("/api/v1/statuses", %{
90 "status" => "cofe",
91 "spoiler_text" => "2hu",
92 "sensitive" => "false"
93 })
94
95 assert %{"id" => third_id} = json_response(conn_three, 200)
96 refute id == third_id
97
98 # An activity that will expire:
99 # 2 hours
100 expires_in = 120 * 60
101
102 conn_four =
103 conn
104 |> post("api/v1/statuses", %{
105 "status" => "oolong",
106 "expires_in" => expires_in
107 })
108
109 assert fourth_response = %{"id" => fourth_id} = json_response(conn_four, 200)
110 assert activity = Activity.get_by_id(fourth_id)
111 assert expiration = ActivityExpiration.get_by_activity_id(fourth_id)
112
113 estimated_expires_at =
114 NaiveDateTime.utc_now()
115 |> NaiveDateTime.add(expires_in)
116 |> NaiveDateTime.truncate(:second)
117
118 # This assert will fail if the test takes longer than a minute. I sure hope it never does:
119 assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60
120
121 assert fourth_response["pleroma"]["expires_at"] ==
122 NaiveDateTime.to_iso8601(expiration.scheduled_at)
123 end
124
125 test "it fails to create a status if `expires_in` is less or equal than an hour", %{
126 conn: conn
127 } do
128 # 1 hour
129 expires_in = 60 * 60
130
131 assert %{"error" => "Expiry date is too soon"} =
132 conn
133 |> post("api/v1/statuses", %{
134 "status" => "oolong",
135 "expires_in" => expires_in
136 })
137 |> json_response(422)
138
139 # 30 minutes
140 expires_in = 30 * 60
141
142 assert %{"error" => "Expiry date is too soon"} =
143 conn
144 |> post("api/v1/statuses", %{
145 "status" => "oolong",
146 "expires_in" => expires_in
147 })
148 |> json_response(422)
149 end
150
151 test "posting an undefined status with an attachment", %{user: user, conn: conn} do
152 file = %Plug.Upload{
153 content_type: "image/jpg",
154 path: Path.absname("test/fixtures/image.jpg"),
155 filename: "an_image.jpg"
156 }
157
158 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
159
160 conn =
161 post(conn, "/api/v1/statuses", %{
162 "media_ids" => [to_string(upload.id)]
163 })
164
165 assert json_response(conn, 200)
166 end
167
168 test "replying to a status", %{user: user, conn: conn} do
169 {:ok, replied_to} = CommonAPI.post(user, %{"status" => "cofe"})
170
171 conn =
172 conn
173 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
174
175 assert %{"content" => "xD", "id" => id} = json_response(conn, 200)
176
177 activity = Activity.get_by_id(id)
178
179 assert activity.data["context"] == replied_to.data["context"]
180 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
181 end
182
183 test "replying to a direct message with visibility other than direct", %{
184 user: user,
185 conn: conn
186 } do
187 {:ok, replied_to} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
188
189 Enum.each(["public", "private", "unlisted"], fn visibility ->
190 conn =
191 conn
192 |> post("/api/v1/statuses", %{
193 "status" => "@#{user.nickname} hey",
194 "in_reply_to_id" => replied_to.id,
195 "visibility" => visibility
196 })
197
198 assert json_response(conn, 422) == %{"error" => "The message visibility must be direct"}
199 end)
200 end
201
202 test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
203 conn = post(conn, "/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
204
205 assert %{"content" => "xD", "id" => id} = json_response(conn, 200)
206 assert Activity.get_by_id(id)
207 end
208
209 test "posting a sensitive status", %{conn: conn} do
210 conn = post(conn, "/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
211
212 assert %{"content" => "cofe", "id" => id, "sensitive" => true} = json_response(conn, 200)
213 assert Activity.get_by_id(id)
214 end
215
216 test "posting a fake status", %{conn: conn} do
217 real_conn =
218 post(conn, "/api/v1/statuses", %{
219 "status" =>
220 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
221 })
222
223 real_status = json_response(real_conn, 200)
224
225 assert real_status
226 assert Object.get_by_ap_id(real_status["uri"])
227
228 real_status =
229 real_status
230 |> Map.put("id", nil)
231 |> Map.put("url", nil)
232 |> Map.put("uri", nil)
233 |> Map.put("created_at", nil)
234 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
235
236 fake_conn =
237 post(conn, "/api/v1/statuses", %{
238 "status" =>
239 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
240 "preview" => true
241 })
242
243 fake_status = json_response(fake_conn, 200)
244
245 assert fake_status
246 refute Object.get_by_ap_id(fake_status["uri"])
247
248 fake_status =
249 fake_status
250 |> Map.put("id", nil)
251 |> Map.put("url", nil)
252 |> Map.put("uri", nil)
253 |> Map.put("created_at", nil)
254 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
255
256 assert real_status == fake_status
257 end
258
259 test "posting a status with OGP link preview", %{conn: conn} do
260 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
261 Config.put([:rich_media, :enabled], true)
262
263 conn =
264 post(conn, "/api/v1/statuses", %{
265 "status" => "https://example.com/ogp"
266 })
267
268 assert %{"id" => id, "card" => %{"title" => "The Rock"}} = json_response(conn, 200)
269 assert Activity.get_by_id(id)
270 end
271
272 test "posting a direct status", %{conn: conn} do
273 user2 = insert(:user)
274 content = "direct cofe @#{user2.nickname}"
275
276 conn = post(conn, "api/v1/statuses", %{"status" => content, "visibility" => "direct"})
277
278 assert %{"id" => id} = response = json_response(conn, 200)
279 assert response["visibility"] == "direct"
280 assert response["pleroma"]["direct_conversation_id"]
281 assert activity = Activity.get_by_id(id)
282 assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id]
283 assert activity.data["to"] == [user2.ap_id]
284 assert activity.data["cc"] == []
285 end
286 end
287
288 describe "posting scheduled statuses" do
289 setup do: oauth_access(["write:statuses"])
290
291 test "creates a scheduled activity", %{conn: conn} do
292 scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
293
294 conn =
295 post(conn, "/api/v1/statuses", %{
296 "status" => "scheduled",
297 "scheduled_at" => scheduled_at
298 })
299
300 assert %{"scheduled_at" => expected_scheduled_at} = json_response(conn, 200)
301 assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at)
302 assert [] == Repo.all(Activity)
303 end
304
305 test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
306 scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
307
308 file = %Plug.Upload{
309 content_type: "image/jpg",
310 path: Path.absname("test/fixtures/image.jpg"),
311 filename: "an_image.jpg"
312 }
313
314 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
315
316 conn =
317 post(conn, "/api/v1/statuses", %{
318 "media_ids" => [to_string(upload.id)],
319 "status" => "scheduled",
320 "scheduled_at" => scheduled_at
321 })
322
323 assert %{"media_attachments" => [media_attachment]} = json_response(conn, 200)
324 assert %{"type" => "image"} = media_attachment
325 end
326
327 test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
328 %{conn: conn} do
329 scheduled_at =
330 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
331
332 conn =
333 post(conn, "/api/v1/statuses", %{
334 "status" => "not scheduled",
335 "scheduled_at" => scheduled_at
336 })
337
338 assert %{"content" => "not scheduled"} = json_response(conn, 200)
339 assert [] == Repo.all(ScheduledActivity)
340 end
341
342 test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
343 today =
344 NaiveDateTime.utc_now()
345 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
346 |> NaiveDateTime.to_iso8601()
347
348 attrs = %{params: %{}, scheduled_at: today}
349 {:ok, _} = ScheduledActivity.create(user, attrs)
350 {:ok, _} = ScheduledActivity.create(user, attrs)
351
352 conn = post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
353
354 assert %{"error" => "daily limit exceeded"} == json_response(conn, 422)
355 end
356
357 test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
358 today =
359 NaiveDateTime.utc_now()
360 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
361 |> NaiveDateTime.to_iso8601()
362
363 tomorrow =
364 NaiveDateTime.utc_now()
365 |> NaiveDateTime.add(:timer.hours(36), :millisecond)
366 |> NaiveDateTime.to_iso8601()
367
368 attrs = %{params: %{}, scheduled_at: today}
369 {:ok, _} = ScheduledActivity.create(user, attrs)
370 {:ok, _} = ScheduledActivity.create(user, attrs)
371 {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
372
373 conn =
374 post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
375
376 assert %{"error" => "total limit exceeded"} == json_response(conn, 422)
377 end
378 end
379
380 describe "posting polls" do
381 setup do: oauth_access(["write:statuses"])
382
383 test "posting a poll", %{conn: conn} do
384 time = NaiveDateTime.utc_now()
385
386 conn =
387 post(conn, "/api/v1/statuses", %{
388 "status" => "Who is the #bestgrill?",
389 "poll" => %{"options" => ["Rei", "Asuka", "Misato"], "expires_in" => 420}
390 })
391
392 response = json_response(conn, 200)
393
394 assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
395 title in ["Rei", "Asuka", "Misato"]
396 end)
397
398 assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
399 refute response["poll"]["expred"]
400
401 question = Object.get_by_id(response["poll"]["id"])
402
403 # closed contains utc timezone
404 assert question.data["closed"] =~ "Z"
405 end
406
407 test "option limit is enforced", %{conn: conn} do
408 limit = Config.get([:instance, :poll_limits, :max_options])
409
410 conn =
411 post(conn, "/api/v1/statuses", %{
412 "status" => "desu~",
413 "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
414 })
415
416 %{"error" => error} = json_response(conn, 422)
417 assert error == "Poll can't contain more than #{limit} options"
418 end
419
420 test "option character limit is enforced", %{conn: conn} do
421 limit = Config.get([:instance, :poll_limits, :max_option_chars])
422
423 conn =
424 post(conn, "/api/v1/statuses", %{
425 "status" => "...",
426 "poll" => %{
427 "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
428 "expires_in" => 1
429 }
430 })
431
432 %{"error" => error} = json_response(conn, 422)
433 assert error == "Poll options cannot be longer than #{limit} characters each"
434 end
435
436 test "minimal date limit is enforced", %{conn: conn} do
437 limit = Config.get([:instance, :poll_limits, :min_expiration])
438
439 conn =
440 post(conn, "/api/v1/statuses", %{
441 "status" => "imagine arbitrary limits",
442 "poll" => %{
443 "options" => ["this post was made by pleroma gang"],
444 "expires_in" => limit - 1
445 }
446 })
447
448 %{"error" => error} = json_response(conn, 422)
449 assert error == "Expiration date is too soon"
450 end
451
452 test "maximum date limit is enforced", %{conn: conn} do
453 limit = Config.get([:instance, :poll_limits, :max_expiration])
454
455 conn =
456 post(conn, "/api/v1/statuses", %{
457 "status" => "imagine arbitrary limits",
458 "poll" => %{
459 "options" => ["this post was made by pleroma gang"],
460 "expires_in" => limit + 1
461 }
462 })
463
464 %{"error" => error} = json_response(conn, 422)
465 assert error == "Expiration date is too far in the future"
466 end
467 end
468
469 test "get a status" do
470 %{conn: conn} = oauth_access(["read:statuses"])
471 activity = insert(:note_activity)
472
473 conn = get(conn, "/api/v1/statuses/#{activity.id}")
474
475 assert %{"id" => id} = json_response(conn, 200)
476 assert id == to_string(activity.id)
477 end
478
479 test "getting a status that doesn't exist returns 404" do
480 %{conn: conn} = oauth_access(["read:statuses"])
481 activity = insert(:note_activity)
482
483 conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}")
484
485 assert json_response(conn, 404) == %{"error" => "Record not found"}
486 end
487
488 test "get a direct status" do
489 %{user: user, conn: conn} = oauth_access(["read:statuses"])
490 other_user = insert(:user)
491
492 {:ok, activity} =
493 CommonAPI.post(user, %{"status" => "@#{other_user.nickname}", "visibility" => "direct"})
494
495 conn =
496 conn
497 |> assign(:user, user)
498 |> get("/api/v1/statuses/#{activity.id}")
499
500 [participation] = Participation.for_user(user)
501
502 res = json_response(conn, 200)
503 assert res["pleroma"]["direct_conversation_id"] == participation.id
504 end
505
506 test "get statuses by IDs" do
507 %{conn: conn} = oauth_access(["read:statuses"])
508 %{id: id1} = insert(:note_activity)
509 %{id: id2} = insert(:note_activity)
510
511 query_string = "ids[]=#{id1}&ids[]=#{id2}"
512 conn = get(conn, "/api/v1/statuses/?#{query_string}")
513
514 assert [%{"id" => ^id1}, %{"id" => ^id2}] = Enum.sort_by(json_response(conn, :ok), & &1["id"])
515 end
516
517 describe "deleting a status" do
518 test "when you created it" do
519 %{user: author, conn: conn} = oauth_access(["write:statuses"])
520 activity = insert(:note_activity, user: author)
521
522 conn =
523 conn
524 |> assign(:user, author)
525 |> delete("/api/v1/statuses/#{activity.id}")
526
527 assert %{} = json_response(conn, 200)
528
529 refute Activity.get_by_id(activity.id)
530 end
531
532 test "when it doesn't exist" do
533 %{user: author, conn: conn} = oauth_access(["write:statuses"])
534 activity = insert(:note_activity, user: author)
535
536 conn =
537 conn
538 |> assign(:user, author)
539 |> delete("/api/v1/statuses/#{String.downcase(activity.id)}")
540
541 assert %{"error" => "Record not found"} == json_response(conn, 404)
542 end
543
544 test "when you didn't create it" do
545 %{conn: conn} = oauth_access(["write:statuses"])
546 activity = insert(:note_activity)
547
548 conn = delete(conn, "/api/v1/statuses/#{activity.id}")
549
550 assert %{"error" => _} = json_response(conn, 403)
551
552 assert Activity.get_by_id(activity.id) == activity
553 end
554
555 test "when you're an admin or moderator", %{conn: conn} do
556 activity1 = insert(:note_activity)
557 activity2 = insert(:note_activity)
558 admin = insert(:user, is_admin: true)
559 moderator = insert(:user, is_moderator: true)
560
561 res_conn =
562 conn
563 |> assign(:user, admin)
564 |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
565 |> delete("/api/v1/statuses/#{activity1.id}")
566
567 assert %{} = json_response(res_conn, 200)
568
569 res_conn =
570 conn
571 |> assign(:user, moderator)
572 |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
573 |> delete("/api/v1/statuses/#{activity2.id}")
574
575 assert %{} = json_response(res_conn, 200)
576
577 refute Activity.get_by_id(activity1.id)
578 refute Activity.get_by_id(activity2.id)
579 end
580 end
581
582 describe "reblogging" do
583 setup do: oauth_access(["write:statuses"])
584
585 test "reblogs and returns the reblogged status", %{conn: conn} do
586 activity = insert(:note_activity)
587
588 conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog")
589
590 assert %{
591 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
592 "reblogged" => true
593 } = json_response(conn, 200)
594
595 assert to_string(activity.id) == id
596 end
597
598 test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do
599 activity = insert(:note_activity)
600
601 conn = post(conn, "/api/v1/statuses/#{String.downcase(activity.id)}/reblog")
602
603 assert %{"error" => "Record not found"} = json_response(conn, 404)
604 end
605
606 test "reblogs privately and returns the reblogged status", %{conn: conn} do
607 activity = insert(:note_activity)
608
609 conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
610
611 assert %{
612 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
613 "reblogged" => true,
614 "visibility" => "private"
615 } = json_response(conn, 200)
616
617 assert to_string(activity.id) == id
618 end
619
620 test "reblogged status for another user" do
621 activity = insert(:note_activity)
622 user1 = insert(:user)
623 user2 = insert(:user)
624 user3 = insert(:user)
625 CommonAPI.favorite(activity.id, user2)
626 {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id)
627 {:ok, reblog_activity1, _object} = CommonAPI.repeat(activity.id, user1)
628 {:ok, _, _object} = CommonAPI.repeat(activity.id, user2)
629
630 conn_res =
631 build_conn()
632 |> assign(:user, user3)
633 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
634 |> get("/api/v1/statuses/#{reblog_activity1.id}")
635
636 assert %{
637 "reblog" => %{"id" => id, "reblogged" => false, "reblogs_count" => 2},
638 "reblogged" => false,
639 "favourited" => false,
640 "bookmarked" => false
641 } = json_response(conn_res, 200)
642
643 conn_res =
644 build_conn()
645 |> assign(:user, user2)
646 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
647 |> get("/api/v1/statuses/#{reblog_activity1.id}")
648
649 assert %{
650 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2},
651 "reblogged" => true,
652 "favourited" => true,
653 "bookmarked" => true
654 } = json_response(conn_res, 200)
655
656 assert to_string(activity.id) == id
657 end
658 end
659
660 describe "unreblogging" do
661 setup do: oauth_access(["write:statuses"])
662
663 test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
664 activity = insert(:note_activity)
665
666 {:ok, _, _} = CommonAPI.repeat(activity.id, user)
667
668 conn = post(conn, "/api/v1/statuses/#{activity.id}/unreblog")
669
670 assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} = json_response(conn, 200)
671
672 assert to_string(activity.id) == id
673 end
674
675 test "returns 404 error when activity does not exist", %{conn: conn} do
676 conn = post(conn, "/api/v1/statuses/foo/unreblog")
677
678 assert json_response(conn, 404) == %{"error" => "Record not found"}
679 end
680 end
681
682 describe "favoriting" do
683 setup do: oauth_access(["write:favourites"])
684
685 test "favs a status and returns it", %{conn: conn} do
686 activity = insert(:note_activity)
687
688 conn = post(conn, "/api/v1/statuses/#{activity.id}/favourite")
689
690 assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
691 json_response(conn, 200)
692
693 assert to_string(activity.id) == id
694 end
695
696 test "favoriting twice will just return 200", %{conn: conn} do
697 activity = insert(:note_activity)
698
699 post(conn, "/api/v1/statuses/#{activity.id}/favourite")
700 assert post(conn, "/api/v1/statuses/#{activity.id}/favourite") |> json_response(200)
701 end
702
703 test "returns 404 error for a wrong id", %{conn: conn} do
704 conn = post(conn, "/api/v1/statuses/1/favourite")
705
706 assert json_response(conn, 404) == %{"error" => "Record not found"}
707 end
708 end
709
710 describe "unfavoriting" do
711 setup do: oauth_access(["write:favourites"])
712
713 test "unfavorites a status and returns it", %{user: user, conn: conn} do
714 activity = insert(:note_activity)
715
716 {:ok, _, _} = CommonAPI.favorite(activity.id, user)
717
718 conn = post(conn, "/api/v1/statuses/#{activity.id}/unfavourite")
719
720 assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
721 json_response(conn, 200)
722
723 assert to_string(activity.id) == id
724 end
725
726 test "returns 404 error for a wrong id", %{conn: conn} do
727 conn = post(conn, "/api/v1/statuses/1/unfavourite")
728
729 assert json_response(conn, 404) == %{"error" => "Record not found"}
730 end
731 end
732
733 describe "pinned statuses" do
734 setup do: oauth_access(["write:accounts"])
735
736 setup %{user: user} do
737 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
738
739 %{activity: activity}
740 end
741
742 clear_config([:instance, :max_pinned_statuses]) do
743 Config.put([:instance, :max_pinned_statuses], 1)
744 end
745
746 test "pin status", %{conn: conn, user: user, activity: activity} do
747 id_str = to_string(activity.id)
748
749 assert %{"id" => ^id_str, "pinned" => true} =
750 conn
751 |> post("/api/v1/statuses/#{activity.id}/pin")
752 |> json_response(200)
753
754 assert [%{"id" => ^id_str, "pinned" => true}] =
755 conn
756 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
757 |> json_response(200)
758 end
759
760 test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
761 {:ok, dm} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
762
763 conn = post(conn, "/api/v1/statuses/#{dm.id}/pin")
764
765 assert json_response(conn, 400) == %{"error" => "Could not pin"}
766 end
767
768 test "unpin status", %{conn: conn, user: user, activity: activity} do
769 {:ok, _} = CommonAPI.pin(activity.id, user)
770 user = refresh_record(user)
771
772 id_str = to_string(activity.id)
773
774 assert %{"id" => ^id_str, "pinned" => false} =
775 conn
776 |> assign(:user, user)
777 |> post("/api/v1/statuses/#{activity.id}/unpin")
778 |> json_response(200)
779
780 assert [] =
781 conn
782 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
783 |> json_response(200)
784 end
785
786 test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do
787 conn = post(conn, "/api/v1/statuses/1/unpin")
788
789 assert json_response(conn, 400) == %{"error" => "Could not unpin"}
790 end
791
792 test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
793 {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
794
795 id_str_one = to_string(activity_one.id)
796
797 assert %{"id" => ^id_str_one, "pinned" => true} =
798 conn
799 |> post("/api/v1/statuses/#{id_str_one}/pin")
800 |> json_response(200)
801
802 user = refresh_record(user)
803
804 assert %{"error" => "You have already pinned the maximum number of statuses"} =
805 conn
806 |> assign(:user, user)
807 |> post("/api/v1/statuses/#{activity_two.id}/pin")
808 |> json_response(400)
809 end
810 end
811
812 describe "cards" do
813 setup do
814 Config.put([:rich_media, :enabled], true)
815
816 oauth_access(["read:statuses"])
817 end
818
819 test "returns rich-media card", %{conn: conn, user: user} do
820 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
821
822 {:ok, activity} = CommonAPI.post(user, %{"status" => "https://example.com/ogp"})
823
824 card_data = %{
825 "image" => "http://ia.media-imdb.com/images/rock.jpg",
826 "provider_name" => "example.com",
827 "provider_url" => "https://example.com",
828 "title" => "The Rock",
829 "type" => "link",
830 "url" => "https://example.com/ogp",
831 "description" =>
832 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
833 "pleroma" => %{
834 "opengraph" => %{
835 "image" => "http://ia.media-imdb.com/images/rock.jpg",
836 "title" => "The Rock",
837 "type" => "video.movie",
838 "url" => "https://example.com/ogp",
839 "description" =>
840 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer."
841 }
842 }
843 }
844
845 response =
846 conn
847 |> get("/api/v1/statuses/#{activity.id}/card")
848 |> json_response(200)
849
850 assert response == card_data
851
852 # works with private posts
853 {:ok, activity} =
854 CommonAPI.post(user, %{"status" => "https://example.com/ogp", "visibility" => "direct"})
855
856 response_two =
857 conn
858 |> get("/api/v1/statuses/#{activity.id}/card")
859 |> json_response(200)
860
861 assert response_two == card_data
862 end
863
864 test "replaces missing description with an empty string", %{conn: conn, user: user} do
865 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
866
867 {:ok, activity} =
868 CommonAPI.post(user, %{"status" => "https://example.com/ogp-missing-data"})
869
870 response =
871 conn
872 |> get("/api/v1/statuses/#{activity.id}/card")
873 |> json_response(:ok)
874
875 assert response == %{
876 "type" => "link",
877 "title" => "Pleroma",
878 "description" => "",
879 "image" => nil,
880 "provider_name" => "example.com",
881 "provider_url" => "https://example.com",
882 "url" => "https://example.com/ogp-missing-data",
883 "pleroma" => %{
884 "opengraph" => %{
885 "title" => "Pleroma",
886 "type" => "website",
887 "url" => "https://example.com/ogp-missing-data"
888 }
889 }
890 }
891 end
892 end
893
894 test "bookmarks" do
895 %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
896 author = insert(:user)
897
898 {:ok, activity1} =
899 CommonAPI.post(author, %{
900 "status" => "heweoo?"
901 })
902
903 {:ok, activity2} =
904 CommonAPI.post(author, %{
905 "status" => "heweoo!"
906 })
907
908 response1 = post(conn, "/api/v1/statuses/#{activity1.id}/bookmark")
909
910 assert json_response(response1, 200)["bookmarked"] == true
911
912 response2 = post(conn, "/api/v1/statuses/#{activity2.id}/bookmark")
913
914 assert json_response(response2, 200)["bookmarked"] == true
915
916 bookmarks = get(conn, "/api/v1/bookmarks")
917
918 assert [json_response(response2, 200), json_response(response1, 200)] ==
919 json_response(bookmarks, 200)
920
921 response1 = post(conn, "/api/v1/statuses/#{activity1.id}/unbookmark")
922
923 assert json_response(response1, 200)["bookmarked"] == false
924
925 bookmarks = get(conn, "/api/v1/bookmarks")
926
927 assert [json_response(response2, 200)] == json_response(bookmarks, 200)
928 end
929
930 describe "conversation muting" do
931 setup do: oauth_access(["write:mutes"])
932
933 setup do
934 post_user = insert(:user)
935 {:ok, activity} = CommonAPI.post(post_user, %{"status" => "HIE"})
936 %{activity: activity}
937 end
938
939 test "mute conversation", %{conn: conn, activity: activity} do
940 id_str = to_string(activity.id)
941
942 assert %{"id" => ^id_str, "muted" => true} =
943 conn
944 |> post("/api/v1/statuses/#{activity.id}/mute")
945 |> json_response(200)
946 end
947
948 test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
949 {:ok, _} = CommonAPI.add_mute(user, activity)
950
951 conn = post(conn, "/api/v1/statuses/#{activity.id}/mute")
952
953 assert json_response(conn, 400) == %{"error" => "conversation is already muted"}
954 end
955
956 test "unmute conversation", %{conn: conn, user: user, activity: activity} do
957 {:ok, _} = CommonAPI.add_mute(user, activity)
958
959 id_str = to_string(activity.id)
960
961 assert %{"id" => ^id_str, "muted" => false} =
962 conn
963 # |> assign(:user, user)
964 |> post("/api/v1/statuses/#{activity.id}/unmute")
965 |> json_response(200)
966 end
967 end
968
969 test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do
970 user1 = insert(:user)
971 user2 = insert(:user)
972 user3 = insert(:user)
973
974 {:ok, replied_to} = CommonAPI.post(user1, %{"status" => "cofe"})
975
976 # Reply to status from another user
977 conn1 =
978 conn
979 |> assign(:user, user2)
980 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
981 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
982
983 assert %{"content" => "xD", "id" => id} = json_response(conn1, 200)
984
985 activity = Activity.get_by_id_with_object(id)
986
987 assert Object.normalize(activity).data["inReplyTo"] == Object.normalize(replied_to).data["id"]
988 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
989
990 # Reblog from the third user
991 conn2 =
992 conn
993 |> assign(:user, user3)
994 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
995 |> post("/api/v1/statuses/#{activity.id}/reblog")
996
997 assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
998 json_response(conn2, 200)
999
1000 assert to_string(activity.id) == id
1001
1002 # Getting third user status
1003 conn3 =
1004 conn
1005 |> assign(:user, user3)
1006 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1007 |> get("api/v1/timelines/home")
1008
1009 [reblogged_activity] = json_response(conn3, 200)
1010
1011 assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
1012
1013 replied_to_user = User.get_by_ap_id(replied_to.data["actor"])
1014 assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id
1015 end
1016
1017 describe "GET /api/v1/statuses/:id/favourited_by" do
1018 setup do: oauth_access(["read:accounts"])
1019
1020 setup %{user: user} do
1021 {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
1022
1023 %{activity: activity}
1024 end
1025
1026 test "returns users who have favorited the status", %{conn: conn, activity: activity} do
1027 other_user = insert(:user)
1028 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1029
1030 response =
1031 conn
1032 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1033 |> json_response(:ok)
1034
1035 [%{"id" => id}] = response
1036
1037 assert id == other_user.id
1038 end
1039
1040 test "returns empty array when status has not been favorited yet", %{
1041 conn: conn,
1042 activity: activity
1043 } do
1044 response =
1045 conn
1046 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1047 |> json_response(:ok)
1048
1049 assert Enum.empty?(response)
1050 end
1051
1052 test "does not return users who have favorited the status but are blocked", %{
1053 conn: %{assigns: %{user: user}} = conn,
1054 activity: activity
1055 } do
1056 other_user = insert(:user)
1057 {:ok, _user_relationship} = User.block(user, other_user)
1058
1059 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1060
1061 response =
1062 conn
1063 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1064 |> json_response(:ok)
1065
1066 assert Enum.empty?(response)
1067 end
1068
1069 test "does not fail on an unauthenticated request", %{activity: activity} do
1070 other_user = insert(:user)
1071 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1072
1073 response =
1074 build_conn()
1075 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1076 |> json_response(:ok)
1077
1078 [%{"id" => id}] = response
1079 assert id == other_user.id
1080 end
1081
1082 test "requires authentication for private posts", %{user: user} do
1083 other_user = insert(:user)
1084
1085 {:ok, activity} =
1086 CommonAPI.post(user, %{
1087 "status" => "@#{other_user.nickname} wanna get some #cofe together?",
1088 "visibility" => "direct"
1089 })
1090
1091 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1092
1093 favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
1094
1095 build_conn()
1096 |> get(favourited_by_url)
1097 |> json_response(404)
1098
1099 conn =
1100 build_conn()
1101 |> assign(:user, other_user)
1102 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1103
1104 conn
1105 |> assign(:token, nil)
1106 |> get(favourited_by_url)
1107 |> json_response(404)
1108
1109 response =
1110 conn
1111 |> get(favourited_by_url)
1112 |> json_response(200)
1113
1114 [%{"id" => id}] = response
1115 assert id == other_user.id
1116 end
1117 end
1118
1119 describe "GET /api/v1/statuses/:id/reblogged_by" do
1120 setup do: oauth_access(["read:accounts"])
1121
1122 setup %{user: user} do
1123 {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
1124
1125 %{activity: activity}
1126 end
1127
1128 test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
1129 other_user = insert(:user)
1130 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
1131
1132 response =
1133 conn
1134 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1135 |> json_response(:ok)
1136
1137 [%{"id" => id}] = response
1138
1139 assert id == other_user.id
1140 end
1141
1142 test "returns empty array when status has not been reblogged yet", %{
1143 conn: conn,
1144 activity: activity
1145 } do
1146 response =
1147 conn
1148 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1149 |> json_response(:ok)
1150
1151 assert Enum.empty?(response)
1152 end
1153
1154 test "does not return users who have reblogged the status but are blocked", %{
1155 conn: %{assigns: %{user: user}} = conn,
1156 activity: activity
1157 } do
1158 other_user = insert(:user)
1159 {:ok, _user_relationship} = User.block(user, other_user)
1160
1161 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
1162
1163 response =
1164 conn
1165 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1166 |> json_response(:ok)
1167
1168 assert Enum.empty?(response)
1169 end
1170
1171 test "does not return users who have reblogged the status privately", %{
1172 conn: conn,
1173 activity: activity
1174 } do
1175 other_user = insert(:user)
1176
1177 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user, %{"visibility" => "private"})
1178
1179 response =
1180 conn
1181 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1182 |> json_response(:ok)
1183
1184 assert Enum.empty?(response)
1185 end
1186
1187 test "does not fail on an unauthenticated request", %{activity: activity} do
1188 other_user = insert(:user)
1189 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
1190
1191 response =
1192 build_conn()
1193 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1194 |> json_response(:ok)
1195
1196 [%{"id" => id}] = response
1197 assert id == other_user.id
1198 end
1199
1200 test "requires authentication for private posts", %{user: user} do
1201 other_user = insert(:user)
1202
1203 {:ok, activity} =
1204 CommonAPI.post(user, %{
1205 "status" => "@#{other_user.nickname} wanna get some #cofe together?",
1206 "visibility" => "direct"
1207 })
1208
1209 build_conn()
1210 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1211 |> json_response(404)
1212
1213 response =
1214 build_conn()
1215 |> assign(:user, other_user)
1216 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1217 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1218 |> json_response(200)
1219
1220 assert [] == response
1221 end
1222 end
1223
1224 test "context" do
1225 user = insert(:user)
1226
1227 {:ok, %{id: id1}} = CommonAPI.post(user, %{"status" => "1"})
1228 {:ok, %{id: id2}} = CommonAPI.post(user, %{"status" => "2", "in_reply_to_status_id" => id1})
1229 {:ok, %{id: id3}} = CommonAPI.post(user, %{"status" => "3", "in_reply_to_status_id" => id2})
1230 {:ok, %{id: id4}} = CommonAPI.post(user, %{"status" => "4", "in_reply_to_status_id" => id3})
1231 {:ok, %{id: id5}} = CommonAPI.post(user, %{"status" => "5", "in_reply_to_status_id" => id4})
1232
1233 response =
1234 build_conn()
1235 |> get("/api/v1/statuses/#{id3}/context")
1236 |> json_response(:ok)
1237
1238 assert %{
1239 "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}],
1240 "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}]
1241 } = response
1242 end
1243
1244 test "returns the favorites of a user" do
1245 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1246 other_user = insert(:user)
1247
1248 {:ok, _} = CommonAPI.post(other_user, %{"status" => "bla"})
1249 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "traps are happy"})
1250
1251 {:ok, _, _} = CommonAPI.favorite(activity.id, user)
1252
1253 first_conn = get(conn, "/api/v1/favourites")
1254
1255 assert [status] = json_response(first_conn, 200)
1256 assert status["id"] == to_string(activity.id)
1257
1258 assert [{"link", _link_header}] =
1259 Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end)
1260
1261 # Honours query params
1262 {:ok, second_activity} =
1263 CommonAPI.post(other_user, %{
1264 "status" =>
1265 "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful."
1266 })
1267
1268 {:ok, _, _} = CommonAPI.favorite(second_activity.id, user)
1269
1270 last_like = status["id"]
1271
1272 second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like}")
1273
1274 assert [second_status] = json_response(second_conn, 200)
1275 assert second_status["id"] == to_string(second_activity.id)
1276
1277 third_conn = get(conn, "/api/v1/favourites?limit=0")
1278
1279 assert [] = json_response(third_conn, 200)
1280 end
1281
1282 test "expires_at is nil for another user" do
1283 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1284 {:ok, activity} = CommonAPI.post(user, %{"status" => "foobar", "expires_in" => 1_000_000})
1285
1286 expires_at =
1287 activity.id
1288 |> ActivityExpiration.get_by_activity_id()
1289 |> Map.get(:scheduled_at)
1290 |> NaiveDateTime.to_iso8601()
1291
1292 assert %{"pleroma" => %{"expires_at" => ^expires_at}} =
1293 conn |> get("/api/v1/statuses/#{activity.id}") |> json_response(:ok)
1294
1295 %{conn: conn} = oauth_access(["read:statuses"])
1296
1297 assert %{"pleroma" => %{"expires_at" => nil}} =
1298 conn |> get("/api/v1/statuses/#{activity.id}") |> json_response(:ok)
1299 end
1300 end