1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
6 use Pleroma.Web.ConnCase
13 alias Pleroma.Web.CommonAPI
15 clear_config([:instance, :public])
18 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
23 setup do: oauth_access(["read:statuses"])
25 test "the home timeline", %{user: user, conn: conn} do
26 following = insert(:user)
28 {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
30 ret_conn = get(conn, "/api/v1/timelines/home")
32 assert Enum.empty?(json_response(ret_conn, :ok))
34 {:ok, _user} = User.follow(user, following)
36 conn = get(conn, "/api/v1/timelines/home")
38 assert [%{"content" => "test"}] = json_response(conn, :ok)
41 test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do
42 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
43 {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
45 {:ok, unlisted_activity} =
46 CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
48 {:ok, private_activity} =
49 CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
51 conn = get(conn, "/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
53 assert status_ids = json_response(conn, :ok) |> Enum.map(& &1["id"])
54 assert public_activity.id in status_ids
55 assert unlisted_activity.id in status_ids
56 assert private_activity.id in status_ids
57 refute direct_activity.id in status_ids
62 @tag capture_log: true
63 test "the public timeline", %{conn: conn} do
64 following = insert(:user)
66 {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
68 _activity = insert(:note_activity, local: false)
70 conn = get(conn, "/api/v1/timelines/public", %{"local" => "False"})
72 assert length(json_response(conn, :ok)) == 2
74 conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "True"})
76 assert [%{"content" => "test"}] = json_response(conn, :ok)
78 conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "1"})
80 assert [%{"content" => "test"}] = json_response(conn, :ok)
83 test "the public timeline when public is set to false", %{conn: conn} do
84 Config.put([:instance, :public], false)
86 assert %{"error" => "This resource requires authentication."} ==
88 |> get("/api/v1/timelines/public", %{"local" => "False"})
89 |> json_response(:forbidden)
92 test "the public timeline includes only public statuses for an authenticated user" do
93 %{user: user, conn: conn} = oauth_access(["read:statuses"])
95 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
96 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
97 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
98 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
100 res_conn = get(conn, "/api/v1/timelines/public")
101 assert length(json_response(res_conn, 200)) == 1
106 test "direct timeline", %{conn: conn} do
107 user_one = insert(:user)
108 user_two = insert(:user)
110 {:ok, user_two} = User.follow(user_two, user_one)
113 CommonAPI.post(user_one, %{
114 "status" => "Hi @#{user_two.nickname}!",
115 "visibility" => "direct"
118 {:ok, _follower_only} =
119 CommonAPI.post(user_one, %{
120 "status" => "Hi @#{user_two.nickname}!",
121 "visibility" => "private"
126 |> assign(:user, user_two)
127 |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
129 # Only direct should be visible here
130 res_conn = get(conn_user_two, "api/v1/timelines/direct")
132 [status] = json_response(res_conn, :ok)
134 assert %{"visibility" => "direct"} = status
135 assert status["url"] != direct.data["id"]
137 # User should be able to see their own direct message
140 |> assign(:user, user_one)
141 |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
142 |> get("api/v1/timelines/direct")
144 [status] = json_response(res_conn, :ok)
146 assert %{"visibility" => "direct"} = status
148 # Both should be visible here
149 res_conn = get(conn_user_two, "api/v1/timelines/home")
151 [_s1, _s2] = json_response(res_conn, :ok)
154 Enum.each(1..20, fn _ ->
156 CommonAPI.post(user_one, %{
157 "status" => "Hi @#{user_two.nickname}!",
158 "visibility" => "direct"
162 res_conn = get(conn_user_two, "api/v1/timelines/direct")
164 statuses = json_response(res_conn, :ok)
165 assert length(statuses) == 20
168 get(conn_user_two, "api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
170 [status] = json_response(res_conn, :ok)
172 assert status["url"] != direct.data["id"]
175 test "doesn't include DMs from blocked users" do
176 %{user: blocker, conn: conn} = oauth_access(["read:statuses"])
177 blocked = insert(:user)
178 other_user = insert(:user)
179 {:ok, _user_relationship} = User.block(blocker, blocked)
181 {:ok, _blocked_direct} =
182 CommonAPI.post(blocked, %{
183 "status" => "Hi @#{blocker.nickname}!",
184 "visibility" => "direct"
188 CommonAPI.post(other_user, %{
189 "status" => "Hi @#{blocker.nickname}!",
190 "visibility" => "direct"
193 res_conn = get(conn, "api/v1/timelines/direct")
195 [status] = json_response(res_conn, :ok)
196 assert status["id"] == direct.id
201 setup do: oauth_access(["read:lists"])
203 test "list timeline", %{user: user, conn: conn} do
204 other_user = insert(:user)
205 {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
206 {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
207 {:ok, list} = Pleroma.List.create("name", user)
208 {:ok, list} = Pleroma.List.follow(list, other_user)
210 conn = get(conn, "/api/v1/timelines/list/#{list.id}")
212 assert [%{"id" => id}] = json_response(conn, :ok)
214 assert id == to_string(activity_two.id)
217 test "list timeline does not leak non-public statuses for unfollowed users", %{
221 other_user = insert(:user)
222 {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
224 {:ok, _activity_two} =
225 CommonAPI.post(other_user, %{
226 "status" => "Marisa is cute.",
227 "visibility" => "private"
230 {:ok, list} = Pleroma.List.create("name", user)
231 {:ok, list} = Pleroma.List.follow(list, other_user)
233 conn = get(conn, "/api/v1/timelines/list/#{list.id}")
235 assert [%{"id" => id}] = json_response(conn, :ok)
237 assert id == to_string(activity_one.id)
241 describe "hashtag" do
242 setup do: oauth_access(["n/a"])
244 @tag capture_log: true
245 test "hashtag timeline", %{conn: conn} do
246 following = insert(:user)
248 {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"})
250 nconn = get(conn, "/api/v1/timelines/tag/2hu")
252 assert [%{"id" => id}] = json_response(nconn, :ok)
254 assert id == to_string(activity.id)
256 # works for different capitalization too
257 nconn = get(conn, "/api/v1/timelines/tag/2HU")
259 assert [%{"id" => id}] = json_response(nconn, :ok)
261 assert id == to_string(activity.id)
264 test "multi-hashtag timeline", %{conn: conn} do
267 {:ok, activity_test} = CommonAPI.post(user, %{"status" => "#test"})
268 {:ok, activity_test1} = CommonAPI.post(user, %{"status" => "#test #test1"})
269 {:ok, activity_none} = CommonAPI.post(user, %{"status" => "#test #none"})
271 any_test = get(conn, "/api/v1/timelines/tag/test", %{"any" => ["test1"]})
273 [status_none, status_test1, status_test] = json_response(any_test, :ok)
275 assert to_string(activity_test.id) == status_test["id"]
276 assert to_string(activity_test1.id) == status_test1["id"]
277 assert to_string(activity_none.id) == status_none["id"]
280 get(conn, "/api/v1/timelines/tag/test", %{"all" => ["test1"], "none" => ["none"]})
282 assert [status_test1] == json_response(restricted_test, :ok)
284 all_test = get(conn, "/api/v1/timelines/tag/test", %{"all" => ["none"]})
286 assert [status_none] == json_response(all_test, :ok)