projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms
[akkoma] / test / web / mastodon_api / controllers / timeline_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
6 use Pleroma.Web.ConnCase
7
8 import Pleroma.Factory
9 import Tesla.Mock
10
11 alias Pleroma.Config
12 alias Pleroma.User
13 alias Pleroma.Web.CommonAPI
14
15 setup do
16 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
17 :ok
18 end
19
20 describe "home" do
21 setup do: oauth_access(["read:statuses"])
22
23 test "does NOT render account/pleroma/relationship if this is disabled by default", %{
24 user: user,
25 conn: conn
26 } do
27 clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
28
29 other_user = insert(:user)
30
31 {:ok, _} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
32
33 response =
34 conn
35 |> assign(:user, user)
36 |> get("/api/v1/timelines/home")
37 |> json_response(200)
38
39 assert Enum.all?(response, fn n ->
40 get_in(n, ["account", "pleroma", "relationship"]) == %{}
41 end)
42 end
43
44 test "the home timeline", %{user: user, conn: conn} do
45 uri = "/api/v1/timelines/home?with_relationships=true"
46
47 following = insert(:user, nickname: "followed")
48 third_user = insert(:user, nickname: "repeated")
49
50 {:ok, _activity} = CommonAPI.post(following, %{"status" => "post"})
51 {:ok, activity} = CommonAPI.post(third_user, %{"status" => "repeated post"})
52 {:ok, _, _} = CommonAPI.repeat(activity.id, following)
53
54 # This one should not show up in the TL
55 {:ok, _activity} = CommonAPI.post_chat_message(third_user, user, ":gun:")
56
57 ret_conn = get(conn, uri)
58
59 assert Enum.empty?(json_response(ret_conn, :ok))
60
61 {:ok, _user} = User.follow(user, following)
62
63 ret_conn = get(conn, uri)
64
65 assert [
66 %{
67 "reblog" => %{
68 "content" => "repeated post",
69 "account" => %{
70 "pleroma" => %{
71 "relationship" => %{"following" => false, "followed_by" => false}
72 }
73 }
74 },
75 "account" => %{"pleroma" => %{"relationship" => %{"following" => true}}}
76 },
77 %{
78 "content" => "post",
79 "account" => %{
80 "acct" => "followed",
81 "pleroma" => %{"relationship" => %{"following" => true}}
82 }
83 }
84 ] = json_response(ret_conn, :ok)
85
86 {:ok, _user} = User.follow(third_user, user)
87
88 ret_conn = get(conn, uri)
89
90 assert [
91 %{
92 "reblog" => %{
93 "content" => "repeated post",
94 "account" => %{
95 "acct" => "repeated",
96 "pleroma" => %{
97 "relationship" => %{"following" => false, "followed_by" => true}
98 }
99 }
100 },
101 "account" => %{"pleroma" => %{"relationship" => %{"following" => true}}}
102 },
103 %{
104 "content" => "post",
105 "account" => %{
106 "acct" => "followed",
107 "pleroma" => %{"relationship" => %{"following" => true}}
108 }
109 }
110 ] = json_response(ret_conn, :ok)
111 end
112
113 test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do
114 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
115 {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
116
117 {:ok, unlisted_activity} =
118 CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
119
120 {:ok, private_activity} =
121 CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
122
123 conn = get(conn, "/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
124
125 assert status_ids = json_response(conn, :ok) |> Enum.map(& &1["id"])
126 assert public_activity.id in status_ids
127 assert unlisted_activity.id in status_ids
128 assert private_activity.id in status_ids
129 refute direct_activity.id in status_ids
130 end
131 end
132
133 describe "public" do
134 @tag capture_log: true
135 test "the public timeline", %{conn: conn} do
136 following = insert(:user)
137
138 {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
139
140 _activity = insert(:note_activity, local: false)
141
142 conn = get(conn, "/api/v1/timelines/public", %{"local" => "False"})
143
144 assert length(json_response(conn, :ok)) == 2
145
146 conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "True"})
147
148 assert [%{"content" => "test"}] = json_response(conn, :ok)
149
150 conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "1"})
151
152 assert [%{"content" => "test"}] = json_response(conn, :ok)
153 end
154
155 test "the public timeline includes only public statuses for an authenticated user" do
156 %{user: user, conn: conn} = oauth_access(["read:statuses"])
157
158 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
159 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
160 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
161 {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
162
163 res_conn = get(conn, "/api/v1/timelines/public")
164 assert length(json_response(res_conn, 200)) == 1
165 end
166 end
167
168 defp local_and_remote_activities do
169 insert(:note_activity)
170 insert(:note_activity, local: false)
171 :ok
172 end
173
174 describe "public with restrict unauthenticated timeline for local and federated timelines" do
175 setup do: local_and_remote_activities()
176
177 setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
178
179 setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
180
181 test "if user is unauthenticated", %{conn: conn} do
182 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
183
184 assert json_response(res_conn, :unauthorized) == %{
185 "error" => "authorization required for timeline view"
186 }
187
188 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
189
190 assert json_response(res_conn, :unauthorized) == %{
191 "error" => "authorization required for timeline view"
192 }
193 end
194
195 test "if user is authenticated" do
196 %{conn: conn} = oauth_access(["read:statuses"])
197
198 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
199 assert length(json_response(res_conn, 200)) == 1
200
201 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
202 assert length(json_response(res_conn, 200)) == 2
203 end
204 end
205
206 describe "public with restrict unauthenticated timeline for local" do
207 setup do: local_and_remote_activities()
208
209 setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
210
211 test "if user is unauthenticated", %{conn: conn} do
212 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
213
214 assert json_response(res_conn, :unauthorized) == %{
215 "error" => "authorization required for timeline view"
216 }
217
218 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
219 assert length(json_response(res_conn, 200)) == 2
220 end
221
222 test "if user is authenticated", %{conn: _conn} do
223 %{conn: conn} = oauth_access(["read:statuses"])
224
225 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
226 assert length(json_response(res_conn, 200)) == 1
227
228 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
229 assert length(json_response(res_conn, 200)) == 2
230 end
231 end
232
233 describe "public with restrict unauthenticated timeline for remote" do
234 setup do: local_and_remote_activities()
235
236 setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
237
238 test "if user is unauthenticated", %{conn: conn} do
239 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
240 assert length(json_response(res_conn, 200)) == 1
241
242 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
243
244 assert json_response(res_conn, :unauthorized) == %{
245 "error" => "authorization required for timeline view"
246 }
247 end
248
249 test "if user is authenticated", %{conn: _conn} do
250 %{conn: conn} = oauth_access(["read:statuses"])
251
252 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
253 assert length(json_response(res_conn, 200)) == 1
254
255 res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
256 assert length(json_response(res_conn, 200)) == 2
257 end
258 end
259
260 describe "direct" do
261 test "direct timeline", %{conn: conn} do
262 user_one = insert(:user)
263 user_two = insert(:user)
264
265 {:ok, user_two} = User.follow(user_two, user_one)
266
267 {:ok, direct} =
268 CommonAPI.post(user_one, %{
269 "status" => "Hi @#{user_two.nickname}!",
270 "visibility" => "direct"
271 })
272
273 {:ok, _follower_only} =
274 CommonAPI.post(user_one, %{
275 "status" => "Hi @#{user_two.nickname}!",
276 "visibility" => "private"
277 })
278
279 conn_user_two =
280 conn
281 |> assign(:user, user_two)
282 |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
283
284 # Only direct should be visible here
285 res_conn = get(conn_user_two, "api/v1/timelines/direct")
286
287 [status] = json_response(res_conn, :ok)
288
289 assert %{"visibility" => "direct"} = status
290 assert status["url"] != direct.data["id"]
291
292 # User should be able to see their own direct message
293 res_conn =
294 build_conn()
295 |> assign(:user, user_one)
296 |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
297 |> get("api/v1/timelines/direct")
298
299 [status] = json_response(res_conn, :ok)
300
301 assert %{"visibility" => "direct"} = status
302
303 # Both should be visible here
304 res_conn = get(conn_user_two, "api/v1/timelines/home")
305
306 [_s1, _s2] = json_response(res_conn, :ok)
307
308 # Test pagination
309 Enum.each(1..20, fn _ ->
310 {:ok, _} =
311 CommonAPI.post(user_one, %{
312 "status" => "Hi @#{user_two.nickname}!",
313 "visibility" => "direct"
314 })
315 end)
316
317 res_conn = get(conn_user_two, "api/v1/timelines/direct")
318
319 statuses = json_response(res_conn, :ok)
320 assert length(statuses) == 20
321
322 res_conn =
323 get(conn_user_two, "api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
324
325 [status] = json_response(res_conn, :ok)
326
327 assert status["url"] != direct.data["id"]
328 end
329
330 test "doesn't include DMs from blocked users" do
331 %{user: blocker, conn: conn} = oauth_access(["read:statuses"])
332 blocked = insert(:user)
333 other_user = insert(:user)
334 {:ok, _user_relationship} = User.block(blocker, blocked)
335
336 {:ok, _blocked_direct} =
337 CommonAPI.post(blocked, %{
338 "status" => "Hi @#{blocker.nickname}!",
339 "visibility" => "direct"
340 })
341
342 {:ok, direct} =
343 CommonAPI.post(other_user, %{
344 "status" => "Hi @#{blocker.nickname}!",
345 "visibility" => "direct"
346 })
347
348 res_conn = get(conn, "api/v1/timelines/direct")
349
350 [status] = json_response(res_conn, :ok)
351 assert status["id"] == direct.id
352 end
353 end
354
355 describe "list" do
356 setup do: oauth_access(["read:lists"])
357
358 test "list timeline", %{user: user, conn: conn} do
359 other_user = insert(:user)
360 {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
361 {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
362 {:ok, list} = Pleroma.List.create("name", user)
363 {:ok, list} = Pleroma.List.follow(list, other_user)
364
365 conn = get(conn, "/api/v1/timelines/list/#{list.id}")
366
367 assert [%{"id" => id}] = json_response(conn, :ok)
368
369 assert id == to_string(activity_two.id)
370 end
371
372 test "list timeline does not leak non-public statuses for unfollowed users", %{
373 user: user,
374 conn: conn
375 } do
376 other_user = insert(:user)
377 {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
378
379 {:ok, _activity_two} =
380 CommonAPI.post(other_user, %{
381 "status" => "Marisa is cute.",
382 "visibility" => "private"
383 })
384
385 {:ok, list} = Pleroma.List.create("name", user)
386 {:ok, list} = Pleroma.List.follow(list, other_user)
387
388 conn = get(conn, "/api/v1/timelines/list/#{list.id}")
389
390 assert [%{"id" => id}] = json_response(conn, :ok)
391
392 assert id == to_string(activity_one.id)
393 end
394 end
395
396 describe "hashtag" do
397 setup do: oauth_access(["n/a"])
398
399 @tag capture_log: true
400 test "hashtag timeline", %{conn: conn} do
401 following = insert(:user)
402
403 {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"})
404
405 nconn = get(conn, "/api/v1/timelines/tag/2hu")
406
407 assert [%{"id" => id}] = json_response(nconn, :ok)
408
409 assert id == to_string(activity.id)
410
411 # works for different capitalization too
412 nconn = get(conn, "/api/v1/timelines/tag/2HU")
413
414 assert [%{"id" => id}] = json_response(nconn, :ok)
415
416 assert id == to_string(activity.id)
417 end
418
419 test "multi-hashtag timeline", %{conn: conn} do
420 user = insert(:user)
421
422 {:ok, activity_test} = CommonAPI.post(user, %{"status" => "#test"})
423 {:ok, activity_test1} = CommonAPI.post(user, %{"status" => "#test #test1"})
424 {:ok, activity_none} = CommonAPI.post(user, %{"status" => "#test #none"})
425
426 any_test = get(conn, "/api/v1/timelines/tag/test", %{"any" => ["test1"]})
427
428 [status_none, status_test1, status_test] = json_response(any_test, :ok)
429
430 assert to_string(activity_test.id) == status_test["id"]
431 assert to_string(activity_test1.id) == status_test1["id"]
432 assert to_string(activity_none.id) == status_none["id"]
433
434 restricted_test =
435 get(conn, "/api/v1/timelines/tag/test", %{"all" => ["test1"], "none" => ["none"]})
436
437 assert [status_test1] == json_response(restricted_test, :ok)
438
439 all_test = get(conn, "/api/v1/timelines/tag/test", %{"all" => ["none"]})
440
441 assert [status_none] == json_response(all_test, :ok)
442 end
443 end
444 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git