1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
8 alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
9 alias Pleroma.{Repo, Activity, User, Object, Notification}
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.TwitterAPI.UserView
12 alias Pleroma.Web.TwitterAPI.NotificationView
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.TwitterAPI.TwitterAPI
18 import Pleroma.Factory
20 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
22 describe "POST /api/account/update_profile_banner" do
23 test "it updates the banner", %{conn: conn} do
27 |> assign(:user, user)
28 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
31 user = refresh_record(user)
32 assert user.info.banner["type"] == "Image"
36 describe "POST /api/qvitter/update_background_image" do
37 test "it updates the background", %{conn: conn} do
41 |> assign(:user, user)
42 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
45 user = refresh_record(user)
46 assert user.info.background["type"] == "Image"
50 describe "POST /api/account/verify_credentials" do
53 test "without valid credentials", %{conn: conn} do
54 conn = post(conn, "/api/account/verify_credentials.json")
55 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
58 test "with credentials", %{conn: conn, user: user} do
61 |> with_credentials(user.nickname, "test")
62 |> post("/api/account/verify_credentials.json")
66 UserView.render("show.json", %{user: user, token: response["token"], for: user})
70 describe "POST /statuses/update.json" do
73 test "without valid credentials", %{conn: conn} do
74 conn = post(conn, "/api/statuses/update.json")
75 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
78 test "with credentials", %{conn: conn, user: user} do
79 conn_with_creds = conn |> with_credentials(user.nickname, "test")
80 request_path = "/api/statuses/update.json"
83 "request" => request_path,
84 "error" => "Client must provide a 'status' parameter with a value."
91 assert json_response(conn, 400) == error_response
95 |> post(request_path, %{status: ""})
97 assert json_response(conn, 400) == error_response
101 |> post(request_path, %{status: " "})
103 assert json_response(conn, 400) == error_response
105 # we post with visibility private in order to avoid triggering relay
108 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
110 assert json_response(conn, 200) ==
111 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user, for: user})
115 describe "GET /statuses/public_timeline.json" do
118 test "returns statuses", %{conn: conn} do
120 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
121 ActivityBuilder.insert_list(10, %{}, %{user: user})
122 since_id = List.last(activities).id
126 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
128 response = json_response(conn, 200)
130 assert length(response) == 10
133 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
135 Application.get_env(:pleroma, :instance)
136 |> Keyword.put(:public, false)
138 Application.put_env(:pleroma, :instance, instance)
141 |> get("/api/statuses/public_timeline.json")
142 |> json_response(403)
145 Application.get_env(:pleroma, :instance)
146 |> Keyword.put(:public, true)
148 Application.put_env(:pleroma, :instance, instance)
151 test "returns 200 to authenticated request when the instance is not public",
152 %{conn: conn, user: user} do
154 Application.get_env(:pleroma, :instance)
155 |> Keyword.put(:public, false)
157 Application.put_env(:pleroma, :instance, instance)
160 |> with_credentials(user.nickname, "test")
161 |> get("/api/statuses/public_timeline.json")
162 |> json_response(200)
165 Application.get_env(:pleroma, :instance)
166 |> Keyword.put(:public, true)
168 Application.put_env(:pleroma, :instance, instance)
171 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
173 |> get("/api/statuses/public_timeline.json")
174 |> json_response(200)
177 test "returns 200 to authenticated request when the instance is public",
178 %{conn: conn, user: user} do
180 |> with_credentials(user.nickname, "test")
181 |> get("/api/statuses/public_timeline.json")
182 |> json_response(200)
186 describe "GET /statuses/public_and_external_timeline.json" do
189 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
191 Application.get_env(:pleroma, :instance)
192 |> Keyword.put(:public, false)
194 Application.put_env(:pleroma, :instance, instance)
197 |> get("/api/statuses/public_and_external_timeline.json")
198 |> json_response(403)
201 Application.get_env(:pleroma, :instance)
202 |> Keyword.put(:public, true)
204 Application.put_env(:pleroma, :instance, instance)
207 test "returns 200 to authenticated request when the instance is not public",
208 %{conn: conn, user: user} do
210 Application.get_env(:pleroma, :instance)
211 |> Keyword.put(:public, false)
213 Application.put_env(:pleroma, :instance, instance)
216 |> with_credentials(user.nickname, "test")
217 |> get("/api/statuses/public_and_external_timeline.json")
218 |> json_response(200)
221 Application.get_env(:pleroma, :instance)
222 |> Keyword.put(:public, true)
224 Application.put_env(:pleroma, :instance, instance)
227 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
229 |> get("/api/statuses/public_and_external_timeline.json")
230 |> json_response(200)
233 test "returns 200 to authenticated request when the instance is public",
234 %{conn: conn, user: user} do
236 |> with_credentials(user.nickname, "test")
237 |> get("/api/statuses/public_and_external_timeline.json")
238 |> json_response(200)
242 describe "GET /statuses/show/:id.json" do
243 test "returns one status", %{conn: conn} do
245 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
246 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
250 |> get("/api/statuses/show/#{activity.id}.json")
252 response = json_response(conn, 200)
254 assert response == ActivityRepresenter.to_map(activity, %{user: actor})
258 describe "GET /users/show.json" do
259 test "gets user with screen_name", %{conn: conn} do
264 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
266 response = json_response(conn, 200)
268 assert response["id"] == user.id
271 test "gets user with user_id", %{conn: conn} do
276 |> get("/api/users/show.json", %{"user_id" => user.id})
278 response = json_response(conn, 200)
280 assert response["id"] == user.id
283 test "gets a user for a logged in user", %{conn: conn} do
285 logged_in = insert(:user)
287 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
291 |> with_credentials(logged_in.nickname, "test")
292 |> get("/api/users/show.json", %{"user_id" => user.id})
294 response = json_response(conn, 200)
296 assert response["following"] == true
300 describe "GET /statusnet/conversation/:id.json" do
301 test "returns the statuses in the conversation", %{conn: conn} do
302 {:ok, _user} = UserBuilder.insert()
303 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
304 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
305 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
309 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
311 response = json_response(conn, 200)
313 assert length(response) == 2
317 describe "GET /statuses/friends_timeline.json" do
320 test "without valid credentials", %{conn: conn} do
321 conn = get(conn, "/api/statuses/friends_timeline.json")
322 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
325 test "with credentials", %{conn: conn, user: current_user} do
329 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
331 returned_activities =
332 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
334 other_user = insert(:user)
335 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
336 since_id = List.last(activities).id
339 Changeset.change(current_user, following: [User.ap_followers(user)])
344 |> with_credentials(current_user.nickname, "test")
345 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
347 response = json_response(conn, 200)
349 assert length(response) == 10
352 Enum.map(returned_activities, fn activity ->
353 ActivityRepresenter.to_map(activity, %{
354 user: User.get_cached_by_ap_id(activity.data["actor"]),
361 describe "GET /statuses/dm_timeline.json" do
362 test "it show direct messages", %{conn: conn} do
363 user_one = insert(:user)
364 user_two = insert(:user)
366 {:ok, user_two} = User.follow(user_two, user_one)
369 CommonAPI.post(user_one, %{
370 "status" => "Hi @#{user_two.nickname}!",
371 "visibility" => "direct"
375 CommonAPI.post(user_two, %{
376 "status" => "Hi @#{user_one.nickname}!",
377 "visibility" => "direct"
380 {:ok, _follower_only} =
381 CommonAPI.post(user_one, %{
382 "status" => "Hi @#{user_two.nickname}!",
383 "visibility" => "private"
386 # Only direct should be visible here
389 |> assign(:user, user_two)
390 |> get("/api/statuses/dm_timeline.json")
392 [status, status_two] = json_response(res_conn, 200)
393 assert status["id"] == direct_two.id
394 assert status_two["id"] == direct.id
398 describe "GET /statuses/mentions.json" do
401 test "without valid credentials", %{conn: conn} do
402 conn = get(conn, "/api/statuses/mentions.json")
403 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
406 test "with credentials", %{conn: conn, user: current_user} do
408 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
412 |> with_credentials(current_user.nickname, "test")
413 |> get("/api/statuses/mentions.json")
415 response = json_response(conn, 200)
417 assert length(response) == 1
419 assert Enum.at(response, 0) ==
420 ActivityRepresenter.to_map(activity, %{
423 mentioned: [current_user]
428 describe "GET /api/qvitter/statuses/notifications.json" do
431 test "without valid credentials", %{conn: conn} do
432 conn = get(conn, "/api/qvitter/statuses/notifications.json")
433 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
436 test "with credentials", %{conn: conn, user: current_user} do
437 other_user = insert(:user)
440 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
444 |> with_credentials(current_user.nickname, "test")
445 |> get("/api/qvitter/statuses/notifications.json")
447 response = json_response(conn, 200)
449 assert length(response) == 1
452 NotificationView.render("notification.json", %{
453 notifications: Notification.for_user(current_user),
459 describe "POST /api/qvitter/statuses/notifications/read" do
462 test "without valid credentials", %{conn: conn} do
463 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
464 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
467 test "with credentials, without any params", %{conn: conn, user: current_user} do
470 |> with_credentials(current_user.nickname, "test")
471 |> post("/api/qvitter/statuses/notifications/read")
473 assert json_response(conn, 400) == %{
474 "error" => "You need to specify latest_id",
475 "request" => "/api/qvitter/statuses/notifications/read"
479 test "with credentials, with params", %{conn: conn, user: current_user} do
480 other_user = insert(:user)
483 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
487 |> with_credentials(current_user.nickname, "test")
488 |> get("/api/qvitter/statuses/notifications.json")
490 [notification] = response = json_response(response_conn, 200)
492 assert length(response) == 1
494 assert notification["is_seen"] == 0
498 |> with_credentials(current_user.nickname, "test")
499 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
501 [notification] = response = json_response(response_conn, 200)
503 assert length(response) == 1
505 assert notification["is_seen"] == 1
509 describe "GET /statuses/user_timeline.json" do
512 test "without any params", %{conn: conn} do
513 conn = get(conn, "/api/statuses/user_timeline.json")
515 assert json_response(conn, 400) == %{
516 "error" => "You need to specify screen_name or user_id",
517 "request" => "/api/statuses/user_timeline.json"
521 test "with user_id", %{conn: conn} do
523 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
525 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
526 response = json_response(conn, 200)
527 assert length(response) == 1
528 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
531 test "with screen_name", %{conn: conn} do
533 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
535 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
536 response = json_response(conn, 200)
537 assert length(response) == 1
538 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
541 test "with credentials", %{conn: conn, user: current_user} do
542 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
546 |> with_credentials(current_user.nickname, "test")
547 |> get("/api/statuses/user_timeline.json")
549 response = json_response(conn, 200)
551 assert length(response) == 1
553 assert Enum.at(response, 0) ==
554 ActivityRepresenter.to_map(activity, %{user: current_user, for: current_user})
557 test "with credentials with user_id", %{conn: conn, user: current_user} do
559 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
563 |> with_credentials(current_user.nickname, "test")
564 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
566 response = json_response(conn, 200)
568 assert length(response) == 1
569 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
572 test "with credentials screen_name", %{conn: conn, user: current_user} do
574 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
578 |> with_credentials(current_user.nickname, "test")
579 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
581 response = json_response(conn, 200)
583 assert length(response) == 1
584 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
587 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
589 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
590 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
594 |> with_credentials(current_user.nickname, "test")
595 |> get("/api/statuses/user_timeline.json", %{
596 "user_id" => user.id,
597 "include_rts" => "false"
600 response = json_response(conn, 200)
602 assert length(response) == 1
603 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
607 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
609 response = json_response(conn, 200)
611 assert length(response) == 1
612 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
616 describe "POST /friendships/create.json" do
619 test "without valid credentials", %{conn: conn} do
620 conn = post(conn, "/api/friendships/create.json")
621 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
624 test "with credentials", %{conn: conn, user: current_user} do
625 followed = insert(:user)
629 |> with_credentials(current_user.nickname, "test")
630 |> post("/api/friendships/create.json", %{user_id: followed.id})
632 current_user = Repo.get(User, current_user.id)
633 assert User.ap_followers(followed) in current_user.following
635 assert json_response(conn, 200) ==
636 UserView.render("show.json", %{user: followed, for: current_user})
640 describe "POST /friendships/destroy.json" do
643 test "without valid credentials", %{conn: conn} do
644 conn = post(conn, "/api/friendships/destroy.json")
645 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
648 test "with credentials", %{conn: conn, user: current_user} do
649 followed = insert(:user)
651 {:ok, current_user} = User.follow(current_user, followed)
652 assert User.ap_followers(followed) in current_user.following
653 ActivityPub.follow(current_user, followed)
657 |> with_credentials(current_user.nickname, "test")
658 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
660 current_user = Repo.get(User, current_user.id)
661 assert current_user.following == [current_user.ap_id]
663 assert json_response(conn, 200) ==
664 UserView.render("show.json", %{user: followed, for: current_user})
668 describe "POST /blocks/create.json" do
671 test "without valid credentials", %{conn: conn} do
672 conn = post(conn, "/api/blocks/create.json")
673 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
676 test "with credentials", %{conn: conn, user: current_user} do
677 blocked = insert(:user)
681 |> with_credentials(current_user.nickname, "test")
682 |> post("/api/blocks/create.json", %{user_id: blocked.id})
684 current_user = Repo.get(User, current_user.id)
685 assert User.blocks?(current_user, blocked)
687 assert json_response(conn, 200) ==
688 UserView.render("show.json", %{user: blocked, for: current_user})
692 describe "POST /blocks/destroy.json" do
695 test "without valid credentials", %{conn: conn} do
696 conn = post(conn, "/api/blocks/destroy.json")
697 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
700 test "with credentials", %{conn: conn, user: current_user} do
701 blocked = insert(:user)
703 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
704 assert User.blocks?(current_user, blocked)
708 |> with_credentials(current_user.nickname, "test")
709 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
711 current_user = Repo.get(User, current_user.id)
712 assert current_user.info.blocks == []
714 assert json_response(conn, 200) ==
715 UserView.render("show.json", %{user: blocked, for: current_user})
719 describe "GET /help/test.json" do
720 test "returns \"ok\"", %{conn: conn} do
721 conn = get(conn, "/api/help/test.json")
722 assert json_response(conn, 200) == "ok"
726 describe "POST /api/qvitter/update_avatar.json" do
729 test "without valid credentials", %{conn: conn} do
730 conn = post(conn, "/api/qvitter/update_avatar.json")
731 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
734 test "with credentials", %{conn: conn, user: current_user} do
735 avatar_image = File.read!("test/fixtures/avatar_data_uri")
739 |> with_credentials(current_user.nickname, "test")
740 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
742 current_user = Repo.get(User, current_user.id)
743 assert is_map(current_user.avatar)
745 assert json_response(conn, 200) ==
746 UserView.render("show.json", %{user: current_user, for: current_user})
750 describe "GET /api/qvitter/mutes.json" do
753 test "unimplemented mutes without valid credentials", %{conn: conn} do
754 conn = get(conn, "/api/qvitter/mutes.json")
755 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
758 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
761 |> with_credentials(current_user.nickname, "test")
762 |> get("/api/qvitter/mutes.json")
763 |> json_response(200)
769 describe "POST /api/favorites/create/:id" do
772 test "without valid credentials", %{conn: conn} do
773 note_activity = insert(:note_activity)
774 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
775 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
778 test "with credentials", %{conn: conn, user: current_user} do
779 note_activity = insert(:note_activity)
783 |> with_credentials(current_user.nickname, "test")
784 |> post("/api/favorites/create/#{note_activity.id}.json")
786 assert json_response(conn, 200)
789 test "with credentials, invalid param", %{conn: conn, user: current_user} do
792 |> with_credentials(current_user.nickname, "test")
793 |> post("/api/favorites/create/wrong.json")
795 assert json_response(conn, 400)
798 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
801 |> with_credentials(current_user.nickname, "test")
802 |> post("/api/favorites/create/1.json")
804 assert json_response(conn, 400)
808 describe "POST /api/favorites/destroy/:id" do
811 test "without valid credentials", %{conn: conn} do
812 note_activity = insert(:note_activity)
813 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
814 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
817 test "with credentials", %{conn: conn, user: current_user} do
818 note_activity = insert(:note_activity)
819 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
820 ActivityPub.like(current_user, object)
824 |> with_credentials(current_user.nickname, "test")
825 |> post("/api/favorites/destroy/#{note_activity.id}.json")
827 assert json_response(conn, 200)
831 describe "POST /api/statuses/retweet/:id" do
834 test "without valid credentials", %{conn: conn} do
835 note_activity = insert(:note_activity)
836 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
837 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
840 test "with credentials", %{conn: conn, user: current_user} do
841 note_activity = insert(:note_activity)
843 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
847 |> with_credentials(current_user.nickname, "test")
848 |> post(request_path)
850 activity = Repo.get(Activity, note_activity.id)
851 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
853 assert json_response(response, 200) ==
854 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
858 describe "POST /api/statuses/unretweet/:id" do
861 test "without valid credentials", %{conn: conn} do
862 note_activity = insert(:note_activity)
863 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
864 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
867 test "with credentials", %{conn: conn, user: current_user} do
868 note_activity = insert(:note_activity)
870 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
874 |> with_credentials(current_user.nickname, "test")
875 |> post(request_path)
877 request_path = String.replace(request_path, "retweet", "unretweet")
881 |> with_credentials(current_user.nickname, "test")
882 |> post(request_path)
884 activity = Repo.get(Activity, note_activity.id)
885 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
887 assert json_response(response, 200) ==
888 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
892 describe "POST /api/account/register" do
893 test "it creates a new user", %{conn: conn} do
895 "nickname" => "lain",
896 "email" => "lain@wired.jp",
897 "fullname" => "lain iwakura",
898 "bio" => "close the world.",
899 "password" => "bear",
905 |> post("/api/account/register", data)
907 user = json_response(conn, 200)
909 fetched_user = Repo.get_by(User, nickname: "lain")
910 assert user == UserView.render("show.json", %{user: fetched_user})
913 test "it returns errors on a problem", %{conn: conn} do
915 "email" => "lain@wired.jp",
916 "fullname" => "lain iwakura",
917 "bio" => "close the world.",
918 "password" => "bear",
924 |> post("/api/account/register", data)
926 errors = json_response(conn, 400)
928 assert is_binary(errors["error"])
932 describe "POST /api/account/password_reset, with valid parameters" do
933 setup %{conn: conn} do
935 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
936 %{conn: conn, user: user}
939 test "it returns 204", %{conn: conn} do
940 assert json_response(conn, :no_content)
943 test "it creates a PasswordResetToken record for user", %{user: user} do
944 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
948 test "it sends an email to user", %{user: user} do
949 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
951 Swoosh.TestAssertions.assert_email_sent(
952 Pleroma.UserEmail.password_reset_email(user, token_record.token)
957 describe "POST /api/account/password_reset, with invalid parameters" do
960 test "it returns 500 when user is not found", %{conn: conn, user: user} do
961 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
962 assert json_response(conn, :internal_server_error)
965 test "it returns 500 when user is not local", %{conn: conn, user: user} do
966 {:ok, user} = Repo.update(Changeset.change(user, local: false))
967 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
968 assert json_response(conn, :internal_server_error)
972 describe "GET /api/account/confirm_email/:id/:token" do
975 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
979 |> Changeset.change()
980 |> Changeset.put_embed(:info, info_change)
983 assert user.info.confirmation_pending
988 test "it redirects to root url", %{conn: conn, user: user} do
989 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
991 assert 302 == conn.status
994 test "it confirms the user account", %{conn: conn, user: user} do
995 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
997 user = Repo.get(User, user.id)
999 refute user.info.confirmation_pending
1000 refute user.info.confirmation_token
1003 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
1004 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
1006 assert 500 == conn.status
1009 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
1010 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
1012 assert 500 == conn.status
1016 describe "POST /api/account/resend_confirmation_email" do
1018 setting = Pleroma.Config.get([:instance, :account_activation_required])
1021 Pleroma.Config.put([:instance, :account_activation_required], true)
1022 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
1025 user = insert(:user)
1026 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1030 |> Changeset.change()
1031 |> Changeset.put_embed(:info, info_change)
1034 assert user.info.confirmation_pending
1039 test "it returns 204 No Content", %{conn: conn, user: user} do
1041 |> assign(:user, user)
1042 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1043 |> json_response(:no_content)
1046 test "it sends confirmation email", %{conn: conn, user: user} do
1048 |> assign(:user, user)
1049 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1051 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
1055 describe "GET /api/externalprofile/show" do
1056 test "it returns the user", %{conn: conn} do
1057 user = insert(:user)
1058 other_user = insert(:user)
1062 |> assign(:user, user)
1063 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1065 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1069 describe "GET /api/statuses/followers" do
1070 test "it returns a user's followers", %{conn: conn} do
1071 user = insert(:user)
1072 follower_one = insert(:user)
1073 follower_two = insert(:user)
1074 _not_follower = insert(:user)
1076 {:ok, follower_one} = User.follow(follower_one, user)
1077 {:ok, follower_two} = User.follow(follower_two, user)
1081 |> assign(:user, user)
1082 |> get("/api/statuses/followers")
1084 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1085 result = json_response(conn, 200)
1086 assert Enum.sort(expected) == Enum.sort(result)
1089 test "it returns 20 followers per page", %{conn: conn} do
1090 user = insert(:user)
1091 followers = insert_list(21, :user)
1093 Enum.each(followers, fn follower ->
1094 User.follow(follower, user)
1099 |> assign(:user, user)
1100 |> get("/api/statuses/followers")
1102 result = json_response(res_conn, 200)
1103 assert length(result) == 20
1107 |> assign(:user, user)
1108 |> get("/api/statuses/followers?page=2")
1110 result = json_response(res_conn, 200)
1111 assert length(result) == 1
1114 test "it returns a given user's followers with user_id", %{conn: conn} do
1115 user = insert(:user)
1116 follower_one = insert(:user)
1117 follower_two = insert(:user)
1118 not_follower = insert(:user)
1120 {:ok, follower_one} = User.follow(follower_one, user)
1121 {:ok, follower_two} = User.follow(follower_two, user)
1125 |> assign(:user, not_follower)
1126 |> get("/api/statuses/followers", %{"user_id" => user.id})
1128 assert MapSet.equal?(
1129 MapSet.new(json_response(conn, 200)),
1131 UserView.render("index.json", %{
1132 users: [follower_one, follower_two],
1139 test "it returns empty when hide_followers is set to true", %{conn: conn} do
1140 user = insert(:user, %{info: %{hide_followers: true}})
1141 follower_one = insert(:user)
1142 follower_two = insert(:user)
1143 not_follower = insert(:user)
1145 {:ok, _follower_one} = User.follow(follower_one, user)
1146 {:ok, _follower_two} = User.follow(follower_two, user)
1150 |> assign(:user, not_follower)
1151 |> get("/api/statuses/followers", %{"user_id" => user.id})
1152 |> json_response(200)
1154 assert [] == response
1157 test "it returns the followers when hide_followers is set to true if requested by the user themselves",
1161 user = insert(:user, %{info: %{hide_followers: true}})
1162 follower_one = insert(:user)
1163 follower_two = insert(:user)
1164 _not_follower = insert(:user)
1166 {:ok, _follower_one} = User.follow(follower_one, user)
1167 {:ok, _follower_two} = User.follow(follower_two, user)
1171 |> assign(:user, user)
1172 |> get("/api/statuses/followers", %{"user_id" => user.id})
1174 refute [] == json_response(conn, 200)
1178 describe "GET /api/statuses/blocks" do
1179 test "it returns the list of users blocked by requester", %{conn: conn} do
1180 user = insert(:user)
1181 other_user = insert(:user)
1183 {:ok, user} = User.block(user, other_user)
1187 |> assign(:user, user)
1188 |> get("/api/statuses/blocks")
1190 expected = UserView.render("index.json", %{users: [other_user], for: user})
1191 result = json_response(conn, 200)
1192 assert Enum.sort(expected) == Enum.sort(result)
1196 describe "GET /api/statuses/friends" do
1197 test "it returns the logged in user's friends", %{conn: conn} do
1198 user = insert(:user)
1199 followed_one = insert(:user)
1200 followed_two = insert(:user)
1201 _not_followed = insert(:user)
1203 {:ok, user} = User.follow(user, followed_one)
1204 {:ok, user} = User.follow(user, followed_two)
1208 |> assign(:user, user)
1209 |> get("/api/statuses/friends")
1211 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1212 result = json_response(conn, 200)
1213 assert Enum.sort(expected) == Enum.sort(result)
1216 test "it returns 20 friends per page", %{conn: conn} do
1217 user = insert(:user)
1218 followeds = insert_list(21, :user)
1221 Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
1222 User.follow(user, followed)
1227 |> assign(:user, user)
1228 |> get("/api/statuses/friends")
1230 result = json_response(res_conn, 200)
1231 assert length(result) == 20
1235 |> assign(:user, user)
1236 |> get("/api/statuses/friends", %{page: 2})
1238 result = json_response(res_conn, 200)
1239 assert length(result) == 1
1242 test "it returns a given user's friends with user_id", %{conn: conn} do
1243 user = insert(:user)
1244 followed_one = insert(:user)
1245 followed_two = insert(:user)
1246 _not_followed = insert(:user)
1248 {:ok, user} = User.follow(user, followed_one)
1249 {:ok, user} = User.follow(user, followed_two)
1253 |> assign(:user, user)
1254 |> get("/api/statuses/friends", %{"user_id" => user.id})
1256 assert MapSet.equal?(
1257 MapSet.new(json_response(conn, 200)),
1259 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1264 test "it returns empty when hide_follows is set to true", %{conn: conn} do
1265 user = insert(:user, %{info: %{hide_follows: true}})
1266 followed_one = insert(:user)
1267 followed_two = insert(:user)
1268 not_followed = insert(:user)
1270 {:ok, user} = User.follow(user, followed_one)
1271 {:ok, user} = User.follow(user, followed_two)
1275 |> assign(:user, not_followed)
1276 |> get("/api/statuses/friends", %{"user_id" => user.id})
1278 assert [] == json_response(conn, 200)
1281 test "it returns friends when hide_follows is set to true if the user themselves request it",
1285 user = insert(:user, %{info: %{hide_follows: true}})
1286 followed_one = insert(:user)
1287 followed_two = insert(:user)
1288 _not_followed = insert(:user)
1290 {:ok, _user} = User.follow(user, followed_one)
1291 {:ok, _user} = User.follow(user, followed_two)
1295 |> assign(:user, user)
1296 |> get("/api/statuses/friends", %{"user_id" => user.id})
1297 |> json_response(200)
1299 refute [] == response
1302 test "it returns a given user's friends with screen_name", %{conn: conn} do
1303 user = insert(:user)
1304 followed_one = insert(:user)
1305 followed_two = insert(:user)
1306 _not_followed = insert(:user)
1308 {:ok, user} = User.follow(user, followed_one)
1309 {:ok, user} = User.follow(user, followed_two)
1313 |> assign(:user, user)
1314 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1316 assert MapSet.equal?(
1317 MapSet.new(json_response(conn, 200)),
1319 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1325 describe "GET /friends/ids" do
1326 test "it returns a user's friends", %{conn: conn} do
1327 user = insert(:user)
1328 followed_one = insert(:user)
1329 followed_two = insert(:user)
1330 _not_followed = insert(:user)
1332 {:ok, user} = User.follow(user, followed_one)
1333 {:ok, user} = User.follow(user, followed_two)
1337 |> assign(:user, user)
1338 |> get("/api/friends/ids")
1340 expected = [followed_one.id, followed_two.id]
1342 assert MapSet.equal?(
1343 MapSet.new(Poison.decode!(json_response(conn, 200))),
1344 MapSet.new(expected)
1349 describe "POST /api/account/update_profile.json" do
1350 test "it updates a user's profile", %{conn: conn} do
1351 user = insert(:user)
1352 user2 = insert(:user)
1356 |> assign(:user, user)
1357 |> post("/api/account/update_profile.json", %{
1358 "name" => "new name",
1359 "description" => "hi @#{user2.nickname}"
1362 user = Repo.get!(User, user.id)
1363 assert user.name == "new name"
1366 "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{
1368 }'>@<span>#{user2.nickname}</span></a></span>"
1370 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1373 test "it sets and un-sets hide_follows", %{conn: conn} do
1374 user = insert(:user)
1377 |> assign(:user, user)
1378 |> post("/api/account/update_profile.json", %{
1379 "hide_follows" => "true"
1382 user = Repo.get!(User, user.id)
1383 assert user.info.hide_follows == true
1387 |> assign(:user, user)
1388 |> post("/api/account/update_profile.json", %{
1389 "hide_follows" => "false"
1392 user = Repo.get!(User, user.id)
1393 assert user.info.hide_follows == false
1394 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1397 test "it sets and un-sets hide_followers", %{conn: conn} do
1398 user = insert(:user)
1401 |> assign(:user, user)
1402 |> post("/api/account/update_profile.json", %{
1403 "hide_followers" => "true"
1406 user = Repo.get!(User, user.id)
1407 assert user.info.hide_followers == true
1411 |> assign(:user, user)
1412 |> post("/api/account/update_profile.json", %{
1413 "hide_followers" => "false"
1416 user = Repo.get!(User, user.id)
1417 assert user.info.hide_followers == false
1418 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1421 test "it sets and un-sets show_role", %{conn: conn} do
1422 user = insert(:user)
1425 |> assign(:user, user)
1426 |> post("/api/account/update_profile.json", %{
1427 "show_role" => "true"
1430 user = Repo.get!(User, user.id)
1431 assert user.info.show_role == true
1435 |> assign(:user, user)
1436 |> post("/api/account/update_profile.json", %{
1437 "show_role" => "false"
1440 user = Repo.get!(User, user.id)
1441 assert user.info.show_role == false
1442 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1445 test "it locks an account", %{conn: conn} do
1446 user = insert(:user)
1450 |> assign(:user, user)
1451 |> post("/api/account/update_profile.json", %{
1455 user = Repo.get!(User, user.id)
1456 assert user.info.locked == true
1458 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1461 test "it unlocks an account", %{conn: conn} do
1462 user = insert(:user)
1466 |> assign(:user, user)
1467 |> post("/api/account/update_profile.json", %{
1471 user = Repo.get!(User, user.id)
1472 assert user.info.locked == false
1474 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1478 defp valid_user(_context) do
1479 user = insert(:user)
1483 defp with_credentials(conn, username, password) do
1484 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1485 put_req_header(conn, "authorization", header_content)
1488 describe "GET /api/search.json" do
1489 test "it returns search results", %{conn: conn} do
1490 user = insert(:user)
1491 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1493 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1494 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1498 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1500 assert [status] = json_response(conn, 200)
1501 assert status["id"] == activity.id
1505 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1506 test "it returns the tags timeline", %{conn: conn} do
1507 user = insert(:user)
1508 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1510 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1511 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1515 |> get("/api/statusnet/tags/timeline/2hu.json")
1517 assert [status] = json_response(conn, 200)
1518 assert status["id"] == activity.id
1522 test "Convert newlines to <br> in bio", %{conn: conn} do
1523 user = insert(:user)
1527 |> assign(:user, user)
1528 |> post("/api/account/update_profile.json", %{
1529 "description" => "Hello,\r\nWorld! I\n am a test."
1532 user = Repo.get!(User, user.id)
1533 assert user.bio == "Hello,<br>World! I<br> am a test."
1536 describe "POST /api/pleroma/change_password" do
1539 test "without credentials", %{conn: conn} do
1540 conn = post(conn, "/api/pleroma/change_password")
1541 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1544 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1547 |> with_credentials(current_user.nickname, "test")
1548 |> post("/api/pleroma/change_password", %{
1550 "new_password" => "newpass",
1551 "new_password_confirmation" => "newpass"
1554 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1557 test "with credentials, valid password and new password and confirmation not matching", %{
1563 |> with_credentials(current_user.nickname, "test")
1564 |> post("/api/pleroma/change_password", %{
1565 "password" => "test",
1566 "new_password" => "newpass",
1567 "new_password_confirmation" => "notnewpass"
1570 assert json_response(conn, 200) == %{
1571 "error" => "New password does not match confirmation."
1575 test "with credentials, valid password and invalid new password", %{
1581 |> with_credentials(current_user.nickname, "test")
1582 |> post("/api/pleroma/change_password", %{
1583 "password" => "test",
1584 "new_password" => "",
1585 "new_password_confirmation" => ""
1588 assert json_response(conn, 200) == %{
1589 "error" => "New password can't be blank."
1593 test "with credentials, valid password and matching new password and confirmation", %{
1599 |> with_credentials(current_user.nickname, "test")
1600 |> post("/api/pleroma/change_password", %{
1601 "password" => "test",
1602 "new_password" => "newpass",
1603 "new_password_confirmation" => "newpass"
1606 assert json_response(conn, 200) == %{"status" => "success"}
1607 fetched_user = Repo.get(User, current_user.id)
1608 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1612 describe "POST /api/pleroma/delete_account" do
1615 test "without credentials", %{conn: conn} do
1616 conn = post(conn, "/api/pleroma/delete_account")
1617 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1620 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1623 |> with_credentials(current_user.nickname, "test")
1624 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1626 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1629 test "with credentials and valid password", %{conn: conn, user: current_user} do
1632 |> with_credentials(current_user.nickname, "test")
1633 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1635 assert json_response(conn, 200) == %{"status" => "success"}
1636 # Wait a second for the started task to end
1641 describe "GET /api/pleroma/friend_requests" do
1642 test "it lists friend requests" do
1643 user = insert(:user)
1644 other_user = insert(:user)
1646 {:ok, _activity} = ActivityPub.follow(other_user, user)
1648 user = Repo.get(User, user.id)
1649 other_user = Repo.get(User, other_user.id)
1651 assert User.following?(other_user, user) == false
1655 |> assign(:user, user)
1656 |> get("/api/pleroma/friend_requests")
1658 assert [relationship] = json_response(conn, 200)
1659 assert other_user.id == relationship["id"]
1663 describe "POST /api/pleroma/friendships/approve" do
1664 test "it approves a friend request" do
1665 user = insert(:user)
1666 other_user = insert(:user)
1668 {:ok, _activity} = ActivityPub.follow(other_user, user)
1670 user = Repo.get(User, user.id)
1671 other_user = Repo.get(User, other_user.id)
1673 assert User.following?(other_user, user) == false
1677 |> assign(:user, user)
1678 |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
1680 assert relationship = json_response(conn, 200)
1681 assert other_user.id == relationship["id"]
1682 assert relationship["follows_you"] == true
1686 describe "POST /api/pleroma/friendships/deny" do
1687 test "it denies a friend request" do
1688 user = insert(:user)
1689 other_user = insert(:user)
1691 {:ok, _activity} = ActivityPub.follow(other_user, user)
1693 user = Repo.get(User, user.id)
1694 other_user = Repo.get(User, other_user.id)
1696 assert User.following?(other_user, user) == false
1700 |> assign(:user, user)
1701 |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
1703 assert relationship = json_response(conn, 200)
1704 assert other_user.id == relationship["id"]
1705 assert relationship["follows_you"] == false
1709 describe "GET /api/pleroma/search_user" do
1710 test "it returns users, ordered by similarity", %{conn: conn} do
1711 user = insert(:user, %{name: "eal"})
1712 user_two = insert(:user, %{name: "eal me"})
1713 _user_three = insert(:user, %{name: "zzz"})
1717 |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
1718 |> json_response(200)
1720 assert length(resp) == 2
1721 assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1725 describe "POST /api/media/upload" do
1727 Pleroma.DataCase.ensure_local_uploader(context)
1730 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1733 user = insert(:user)
1735 upload_filename = "test/fixtures/image_tmp.jpg"
1736 File.cp!("test/fixtures/image.jpg", upload_filename)
1738 file = %Plug.Upload{
1739 content_type: "image/jpg",
1740 path: Path.absname(upload_filename),
1741 filename: "image.jpg"
1746 |> assign(:user, user)
1747 |> put_req_header("content-type", "application/octet-stream")
1748 |> post("/api/media/upload", %{
1751 |> json_response(:ok)
1753 assert response["media_id"]
1754 object = Repo.get(Object, response["media_id"])
1756 assert object.data["actor"] == User.ap_id(user)
1760 describe "POST /api/media/metadata/create" do
1762 object = insert(:note)
1763 user = User.get_by_ap_id(object.data["actor"])
1764 %{object: object, user: user}
1767 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1771 initial_description = object.data["name"]
1772 another_user = insert(:user)
1775 |> assign(:user, another_user)
1776 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1777 |> json_response(:forbidden)
1779 object = Repo.get(Object, object.id)
1780 assert object.data["name"] == initial_description
1783 test "it updates `data[name]` of referenced Object with provided value", %{
1788 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1791 |> assign(:user, user)
1792 |> post("/api/media/metadata/create", %{
1793 "media_id" => object.id,
1794 "alt_text" => %{"text" => description}
1796 |> json_response(:no_content)
1798 object = Repo.get(Object, object.id)
1799 assert object.data["name"] == description
1803 describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
1804 test "it returns a list of pinned statuses", %{conn: conn} do
1805 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1807 user = insert(:user, %{name: "egor"})
1808 {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
1809 {:ok, _} = CommonAPI.pin(activity_id, user)
1813 |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
1814 |> json_response(200)
1816 assert length(resp) == 1
1817 assert [%{"id" => ^activity_id, "pinned" => true}] = resp
1821 describe "POST /api/statuses/pin/:id" do
1823 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1824 [user: insert(:user)]
1827 test "without valid credentials", %{conn: conn} do
1828 note_activity = insert(:note_activity)
1829 conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
1830 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1833 test "with credentials", %{conn: conn, user: user} do
1834 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1836 request_path = "/api/statuses/pin/#{activity.id}.json"
1840 |> with_credentials(user.nickname, "test")
1841 |> post(request_path)
1843 user = refresh_record(user)
1845 assert json_response(response, 200) ==
1846 ActivityRepresenter.to_map(activity, %{user: user, for: user})
1850 describe "POST /api/statuses/unpin/:id" do
1852 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1853 [user: insert(:user)]
1856 test "without valid credentials", %{conn: conn} do
1857 note_activity = insert(:note_activity)
1858 conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
1859 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1862 test "with credentials", %{conn: conn, user: user} do
1863 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1864 {:ok, activity} = CommonAPI.pin(activity.id, user)
1866 request_path = "/api/statuses/unpin/#{activity.id}.json"
1870 |> with_credentials(user.nickname, "test")
1871 |> post(request_path)
1873 user = refresh_record(user)
1875 assert json_response(response, 200) ==
1876 ActivityRepresenter.to_map(activity, %{user: user, for: user})