1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Builders.ActivityBuilder
11 alias Pleroma.Builders.UserBuilder
12 alias Pleroma.Notification
16 alias Pleroma.Web.ActivityPub.ActivityPub
17 alias Pleroma.Web.CommonAPI
18 alias Pleroma.Web.OAuth.Token
19 alias Pleroma.Web.TwitterAPI.ActivityView
20 alias Pleroma.Web.TwitterAPI.Controller
21 alias Pleroma.Web.TwitterAPI.NotificationView
22 alias Pleroma.Web.TwitterAPI.TwitterAPI
23 alias Pleroma.Web.TwitterAPI.UserView
25 import Pleroma.Factory
28 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
30 describe "POST /api/account/update_profile_banner" do
31 test "it updates the banner", %{conn: conn} do
35 |> assign(:user, user)
36 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
39 user = refresh_record(user)
40 assert user.info.banner["type"] == "Image"
44 describe "POST /api/qvitter/update_background_image" do
45 test "it updates the background", %{conn: conn} do
49 |> assign(:user, user)
50 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
53 user = refresh_record(user)
54 assert user.info.background["type"] == "Image"
58 describe "POST /api/account/verify_credentials" do
61 test "without valid credentials", %{conn: conn} do
62 conn = post(conn, "/api/account/verify_credentials.json")
63 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
66 test "with credentials", %{conn: conn, user: user} do
69 |> with_credentials(user.nickname, "test")
70 |> post("/api/account/verify_credentials.json")
74 UserView.render("show.json", %{user: user, token: response["token"], for: user})
78 describe "POST /statuses/update.json" do
81 test "without valid credentials", %{conn: conn} do
82 conn = post(conn, "/api/statuses/update.json")
83 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
86 test "with credentials", %{conn: conn, user: user} do
87 conn_with_creds = conn |> with_credentials(user.nickname, "test")
88 request_path = "/api/statuses/update.json"
91 "request" => request_path,
92 "error" => "Client must provide a 'status' parameter with a value."
99 assert json_response(conn, 400) == error_response
103 |> post(request_path, %{status: ""})
105 assert json_response(conn, 400) == error_response
109 |> post(request_path, %{status: " "})
111 assert json_response(conn, 400) == error_response
113 # we post with visibility private in order to avoid triggering relay
116 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
118 assert json_response(conn, 200) ==
119 ActivityView.render("activity.json", %{
120 activity: Repo.one(Activity),
127 describe "GET /statuses/public_timeline.json" do
130 test "returns statuses", %{conn: conn} do
132 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
133 ActivityBuilder.insert_list(10, %{}, %{user: user})
134 since_id = List.last(activities).id
138 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
140 response = json_response(conn, 200)
142 assert length(response) == 10
145 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
147 Application.get_env(:pleroma, :instance)
148 |> Keyword.put(:public, false)
150 Application.put_env(:pleroma, :instance, instance)
153 |> get("/api/statuses/public_timeline.json")
154 |> json_response(403)
157 Application.get_env(:pleroma, :instance)
158 |> Keyword.put(:public, true)
160 Application.put_env(:pleroma, :instance, instance)
163 test "returns 200 to authenticated request when the instance is not public",
164 %{conn: conn, user: user} do
166 Application.get_env(:pleroma, :instance)
167 |> Keyword.put(:public, false)
169 Application.put_env(:pleroma, :instance, instance)
172 |> with_credentials(user.nickname, "test")
173 |> get("/api/statuses/public_timeline.json")
174 |> json_response(200)
177 Application.get_env(:pleroma, :instance)
178 |> Keyword.put(:public, true)
180 Application.put_env(:pleroma, :instance, instance)
183 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
185 |> get("/api/statuses/public_timeline.json")
186 |> json_response(200)
189 test "returns 200 to authenticated request when the instance is public",
190 %{conn: conn, user: user} do
192 |> with_credentials(user.nickname, "test")
193 |> get("/api/statuses/public_timeline.json")
194 |> json_response(200)
197 test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
201 token = insert(:oauth_token, scopes: ["write"])
204 |> put_req_header("authorization", "Bearer #{token.token}")
205 |> get("/api/statuses/public_timeline.json")
206 |> json_response(200)
208 assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
212 describe "GET /statuses/public_and_external_timeline.json" do
215 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
217 Application.get_env(:pleroma, :instance)
218 |> Keyword.put(:public, false)
220 Application.put_env(:pleroma, :instance, instance)
223 |> get("/api/statuses/public_and_external_timeline.json")
224 |> json_response(403)
227 Application.get_env(:pleroma, :instance)
228 |> Keyword.put(:public, true)
230 Application.put_env(:pleroma, :instance, instance)
233 test "returns 200 to authenticated request when the instance is not public",
234 %{conn: conn, user: user} do
236 Application.get_env(:pleroma, :instance)
237 |> Keyword.put(:public, false)
239 Application.put_env(:pleroma, :instance, instance)
242 |> with_credentials(user.nickname, "test")
243 |> get("/api/statuses/public_and_external_timeline.json")
244 |> json_response(200)
247 Application.get_env(:pleroma, :instance)
248 |> Keyword.put(:public, true)
250 Application.put_env(:pleroma, :instance, instance)
253 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
255 |> get("/api/statuses/public_and_external_timeline.json")
256 |> json_response(200)
259 test "returns 200 to authenticated request when the instance is public",
260 %{conn: conn, user: user} do
262 |> with_credentials(user.nickname, "test")
263 |> get("/api/statuses/public_and_external_timeline.json")
264 |> json_response(200)
268 describe "GET /statuses/show/:id.json" do
269 test "returns one status", %{conn: conn} do
271 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
272 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
276 |> get("/api/statuses/show/#{activity.id}.json")
278 response = json_response(conn, 200)
280 assert response == ActivityView.render("activity.json", %{activity: activity, user: actor})
284 describe "GET /users/show.json" do
285 test "gets user with screen_name", %{conn: conn} do
290 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
292 response = json_response(conn, 200)
294 assert response["id"] == user.id
297 test "gets user with user_id", %{conn: conn} do
302 |> get("/api/users/show.json", %{"user_id" => user.id})
304 response = json_response(conn, 200)
306 assert response["id"] == user.id
309 test "gets a user for a logged in user", %{conn: conn} do
311 logged_in = insert(:user)
313 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
317 |> with_credentials(logged_in.nickname, "test")
318 |> get("/api/users/show.json", %{"user_id" => user.id})
320 response = json_response(conn, 200)
322 assert response["following"] == true
326 describe "GET /statusnet/conversation/:id.json" do
327 test "returns the statuses in the conversation", %{conn: conn} do
328 {:ok, _user} = UserBuilder.insert()
329 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
330 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
331 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
335 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
337 response = json_response(conn, 200)
339 assert length(response) == 2
343 describe "GET /statuses/friends_timeline.json" do
346 test "without valid credentials", %{conn: conn} do
347 conn = get(conn, "/api/statuses/friends_timeline.json")
348 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
351 test "with credentials", %{conn: conn, user: current_user} do
355 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
357 returned_activities =
358 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
360 other_user = insert(:user)
361 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
362 since_id = List.last(activities).id
365 Changeset.change(current_user, following: [User.ap_followers(user)])
370 |> with_credentials(current_user.nickname, "test")
371 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
373 response = json_response(conn, 200)
375 assert length(response) == 10
378 Enum.map(returned_activities, fn activity ->
379 ActivityView.render("activity.json", %{
381 user: User.get_cached_by_ap_id(activity.data["actor"]),
388 describe "GET /statuses/dm_timeline.json" do
389 test "it show direct messages", %{conn: conn} do
390 user_one = insert(:user)
391 user_two = insert(:user)
393 {:ok, user_two} = User.follow(user_two, user_one)
396 CommonAPI.post(user_one, %{
397 "status" => "Hi @#{user_two.nickname}!",
398 "visibility" => "direct"
402 CommonAPI.post(user_two, %{
403 "status" => "Hi @#{user_one.nickname}!",
404 "visibility" => "direct"
407 {:ok, _follower_only} =
408 CommonAPI.post(user_one, %{
409 "status" => "Hi @#{user_two.nickname}!",
410 "visibility" => "private"
413 # Only direct should be visible here
416 |> assign(:user, user_two)
417 |> get("/api/statuses/dm_timeline.json")
419 [status, status_two] = json_response(res_conn, 200)
420 assert status["id"] == direct_two.id
421 assert status_two["id"] == direct.id
424 test "doesn't include DMs from blocked users", %{conn: conn} do
425 blocker = insert(:user)
426 blocked = insert(:user)
428 {:ok, blocker} = User.block(blocker, blocked)
430 {:ok, _blocked_direct} =
431 CommonAPI.post(blocked, %{
432 "status" => "Hi @#{blocker.nickname}!",
433 "visibility" => "direct"
437 CommonAPI.post(user, %{
438 "status" => "Hi @#{blocker.nickname}!",
439 "visibility" => "direct"
444 |> assign(:user, blocker)
445 |> get("/api/statuses/dm_timeline.json")
447 [status] = json_response(res_conn, 200)
448 assert status["id"] == direct.id
452 describe "GET /statuses/mentions.json" do
455 test "without valid credentials", %{conn: conn} do
456 conn = get(conn, "/api/statuses/mentions.json")
457 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
460 test "with credentials", %{conn: conn, user: current_user} do
462 CommonAPI.post(current_user, %{
463 "status" => "why is tenshi eating a corndog so cute?",
464 "visibility" => "public"
469 |> with_credentials(current_user.nickname, "test")
470 |> get("/api/statuses/mentions.json")
472 response = json_response(conn, 200)
474 assert length(response) == 1
476 assert Enum.at(response, 0) ==
477 ActivityView.render("activity.json", %{
484 test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
486 CommonAPI.post(current_user, %{
487 "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
488 "visibility" => "direct"
493 |> with_credentials(current_user.nickname, "test")
494 |> get("/api/statuses/mentions.json")
496 response = json_response(conn, 200)
498 assert Enum.empty?(response)
502 describe "GET /api/qvitter/statuses/notifications.json" do
505 test "without valid credentials", %{conn: conn} do
506 conn = get(conn, "/api/qvitter/statuses/notifications.json")
507 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
510 test "with credentials", %{conn: conn, user: current_user} do
511 other_user = insert(:user)
514 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
518 |> with_credentials(current_user.nickname, "test")
519 |> get("/api/qvitter/statuses/notifications.json")
521 response = json_response(conn, 200)
523 assert length(response) == 1
526 NotificationView.render("notification.json", %{
527 notifications: Notification.for_user(current_user),
533 describe "POST /api/qvitter/statuses/notifications/read" do
536 test "without valid credentials", %{conn: conn} do
537 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
538 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
541 test "with credentials, without any params", %{conn: conn, user: current_user} do
544 |> with_credentials(current_user.nickname, "test")
545 |> post("/api/qvitter/statuses/notifications/read")
547 assert json_response(conn, 400) == %{
548 "error" => "You need to specify latest_id",
549 "request" => "/api/qvitter/statuses/notifications/read"
553 test "with credentials, with params", %{conn: conn, user: current_user} do
554 other_user = insert(:user)
557 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
561 |> with_credentials(current_user.nickname, "test")
562 |> get("/api/qvitter/statuses/notifications.json")
564 [notification] = response = json_response(response_conn, 200)
566 assert length(response) == 1
568 assert notification["is_seen"] == 0
572 |> with_credentials(current_user.nickname, "test")
573 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
575 [notification] = response = json_response(response_conn, 200)
577 assert length(response) == 1
579 assert notification["is_seen"] == 1
583 describe "GET /statuses/user_timeline.json" do
586 test "without any params", %{conn: conn} do
587 conn = get(conn, "/api/statuses/user_timeline.json")
589 assert json_response(conn, 400) == %{
590 "error" => "You need to specify screen_name or user_id",
591 "request" => "/api/statuses/user_timeline.json"
595 test "with user_id", %{conn: conn} do
597 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
599 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
600 response = json_response(conn, 200)
601 assert length(response) == 1
603 assert Enum.at(response, 0) ==
604 ActivityView.render("activity.json", %{user: user, activity: activity})
607 test "with screen_name", %{conn: conn} do
609 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
611 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
612 response = json_response(conn, 200)
613 assert length(response) == 1
615 assert Enum.at(response, 0) ==
616 ActivityView.render("activity.json", %{user: user, activity: activity})
619 test "with credentials", %{conn: conn, user: current_user} do
620 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
624 |> with_credentials(current_user.nickname, "test")
625 |> get("/api/statuses/user_timeline.json")
627 response = json_response(conn, 200)
629 assert length(response) == 1
631 assert Enum.at(response, 0) ==
632 ActivityView.render("activity.json", %{
639 test "with credentials with user_id", %{conn: conn, user: current_user} do
641 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
645 |> with_credentials(current_user.nickname, "test")
646 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
648 response = json_response(conn, 200)
650 assert length(response) == 1
652 assert Enum.at(response, 0) ==
653 ActivityView.render("activity.json", %{user: user, activity: activity})
656 test "with credentials screen_name", %{conn: conn, user: current_user} do
658 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
662 |> with_credentials(current_user.nickname, "test")
663 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
665 response = json_response(conn, 200)
667 assert length(response) == 1
669 assert Enum.at(response, 0) ==
670 ActivityView.render("activity.json", %{user: user, activity: activity})
673 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
675 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
676 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
680 |> with_credentials(current_user.nickname, "test")
681 |> get("/api/statuses/user_timeline.json", %{
682 "user_id" => user.id,
683 "include_rts" => "false"
686 response = json_response(conn, 200)
688 assert length(response) == 1
690 assert Enum.at(response, 0) ==
691 ActivityView.render("activity.json", %{user: user, activity: activity})
695 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
697 response = json_response(conn, 200)
699 assert length(response) == 1
701 assert Enum.at(response, 0) ==
702 ActivityView.render("activity.json", %{user: user, activity: activity})
706 describe "POST /friendships/create.json" do
709 test "without valid credentials", %{conn: conn} do
710 conn = post(conn, "/api/friendships/create.json")
711 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
714 test "with credentials", %{conn: conn, user: current_user} do
715 followed = insert(:user)
719 |> with_credentials(current_user.nickname, "test")
720 |> post("/api/friendships/create.json", %{user_id: followed.id})
722 current_user = User.get_by_id(current_user.id)
723 assert User.ap_followers(followed) in current_user.following
725 assert json_response(conn, 200) ==
726 UserView.render("show.json", %{user: followed, for: current_user})
729 test "for restricted account", %{conn: conn, user: current_user} do
730 followed = insert(:user, info: %User.Info{locked: true})
734 |> with_credentials(current_user.nickname, "test")
735 |> post("/api/friendships/create.json", %{user_id: followed.id})
737 current_user = User.get_by_id(current_user.id)
738 followed = User.get_by_id(followed.id)
740 refute User.ap_followers(followed) in current_user.following
742 assert json_response(conn, 200) ==
743 UserView.render("show.json", %{user: followed, for: current_user})
747 describe "POST /friendships/destroy.json" do
750 test "without valid credentials", %{conn: conn} do
751 conn = post(conn, "/api/friendships/destroy.json")
752 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
755 test "with credentials", %{conn: conn, user: current_user} do
756 followed = insert(:user)
758 {:ok, current_user} = User.follow(current_user, followed)
759 assert User.ap_followers(followed) in current_user.following
760 ActivityPub.follow(current_user, followed)
764 |> with_credentials(current_user.nickname, "test")
765 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
767 current_user = User.get_by_id(current_user.id)
768 assert current_user.following == [current_user.ap_id]
770 assert json_response(conn, 200) ==
771 UserView.render("show.json", %{user: followed, for: current_user})
775 describe "POST /blocks/create.json" do
778 test "without valid credentials", %{conn: conn} do
779 conn = post(conn, "/api/blocks/create.json")
780 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
783 test "with credentials", %{conn: conn, user: current_user} do
784 blocked = insert(:user)
788 |> with_credentials(current_user.nickname, "test")
789 |> post("/api/blocks/create.json", %{user_id: blocked.id})
791 current_user = User.get_by_id(current_user.id)
792 assert User.blocks?(current_user, blocked)
794 assert json_response(conn, 200) ==
795 UserView.render("show.json", %{user: blocked, for: current_user})
799 describe "POST /blocks/destroy.json" do
802 test "without valid credentials", %{conn: conn} do
803 conn = post(conn, "/api/blocks/destroy.json")
804 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
807 test "with credentials", %{conn: conn, user: current_user} do
808 blocked = insert(:user)
810 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
811 assert User.blocks?(current_user, blocked)
815 |> with_credentials(current_user.nickname, "test")
816 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
818 current_user = User.get_by_id(current_user.id)
819 assert current_user.info.blocks == []
821 assert json_response(conn, 200) ==
822 UserView.render("show.json", %{user: blocked, for: current_user})
826 describe "GET /help/test.json" do
827 test "returns \"ok\"", %{conn: conn} do
828 conn = get(conn, "/api/help/test.json")
829 assert json_response(conn, 200) == "ok"
833 describe "POST /api/qvitter/update_avatar.json" do
836 test "without valid credentials", %{conn: conn} do
837 conn = post(conn, "/api/qvitter/update_avatar.json")
838 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
841 test "with credentials", %{conn: conn, user: current_user} do
842 avatar_image = File.read!("test/fixtures/avatar_data_uri")
846 |> with_credentials(current_user.nickname, "test")
847 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
849 current_user = User.get_by_id(current_user.id)
850 assert is_map(current_user.avatar)
852 assert json_response(conn, 200) ==
853 UserView.render("show.json", %{user: current_user, for: current_user})
857 describe "GET /api/qvitter/mutes.json" do
860 test "unimplemented mutes without valid credentials", %{conn: conn} do
861 conn = get(conn, "/api/qvitter/mutes.json")
862 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
865 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
868 |> with_credentials(current_user.nickname, "test")
869 |> get("/api/qvitter/mutes.json")
870 |> json_response(200)
876 describe "POST /api/favorites/create/:id" do
879 test "without valid credentials", %{conn: conn} do
880 note_activity = insert(:note_activity)
881 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
882 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
885 test "with credentials", %{conn: conn, user: current_user} do
886 note_activity = insert(:note_activity)
890 |> with_credentials(current_user.nickname, "test")
891 |> post("/api/favorites/create/#{note_activity.id}.json")
893 assert json_response(conn, 200)
896 test "with credentials, invalid param", %{conn: conn, user: current_user} do
899 |> with_credentials(current_user.nickname, "test")
900 |> post("/api/favorites/create/wrong.json")
902 assert json_response(conn, 400)
905 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
908 |> with_credentials(current_user.nickname, "test")
909 |> post("/api/favorites/create/1.json")
911 assert json_response(conn, 400)
915 describe "POST /api/favorites/destroy/:id" do
918 test "without valid credentials", %{conn: conn} do
919 note_activity = insert(:note_activity)
920 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
921 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
924 test "with credentials", %{conn: conn, user: current_user} do
925 note_activity = insert(:note_activity)
926 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
927 ActivityPub.like(current_user, object)
931 |> with_credentials(current_user.nickname, "test")
932 |> post("/api/favorites/destroy/#{note_activity.id}.json")
934 assert json_response(conn, 200)
938 describe "POST /api/statuses/retweet/:id" do
941 test "without valid credentials", %{conn: conn} do
942 note_activity = insert(:note_activity)
943 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
944 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
947 test "with credentials", %{conn: conn, user: current_user} do
948 note_activity = insert(:note_activity)
950 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
954 |> with_credentials(current_user.nickname, "test")
955 |> post(request_path)
957 activity = Activity.get_by_id(note_activity.id)
958 activity_user = User.get_by_ap_id(note_activity.data["actor"])
960 assert json_response(response, 200) ==
961 ActivityView.render("activity.json", %{
969 describe "POST /api/statuses/unretweet/:id" do
972 test "without valid credentials", %{conn: conn} do
973 note_activity = insert(:note_activity)
974 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
975 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
978 test "with credentials", %{conn: conn, user: current_user} do
979 note_activity = insert(:note_activity)
981 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
985 |> with_credentials(current_user.nickname, "test")
986 |> post(request_path)
988 request_path = String.replace(request_path, "retweet", "unretweet")
992 |> with_credentials(current_user.nickname, "test")
993 |> post(request_path)
995 activity = Activity.get_by_id(note_activity.id)
996 activity_user = User.get_by_ap_id(note_activity.data["actor"])
998 assert json_response(response, 200) ==
999 ActivityView.render("activity.json", %{
1000 user: activity_user,
1007 describe "POST /api/account/register" do
1008 test "it creates a new user", %{conn: conn} do
1010 "nickname" => "lain",
1011 "email" => "lain@wired.jp",
1012 "fullname" => "lain iwakura",
1013 "bio" => "close the world.",
1014 "password" => "bear",
1020 |> post("/api/account/register", data)
1022 user = json_response(conn, 200)
1024 fetched_user = User.get_by_nickname("lain")
1025 assert user == UserView.render("show.json", %{user: fetched_user})
1028 test "it returns errors on a problem", %{conn: conn} do
1030 "email" => "lain@wired.jp",
1031 "fullname" => "lain iwakura",
1032 "bio" => "close the world.",
1033 "password" => "bear",
1039 |> post("/api/account/register", data)
1041 errors = json_response(conn, 400)
1043 assert is_binary(errors["error"])
1047 describe "POST /api/account/password_reset, with valid parameters" do
1048 setup %{conn: conn} do
1049 user = insert(:user)
1050 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1051 %{conn: conn, user: user}
1054 test "it returns 204", %{conn: conn} do
1055 assert json_response(conn, :no_content)
1058 test "it creates a PasswordResetToken record for user", %{user: user} do
1059 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1063 test "it sends an email to user", %{user: user} do
1064 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1066 Swoosh.TestAssertions.assert_email_sent(
1067 Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
1072 describe "POST /api/account/password_reset, with invalid parameters" do
1075 test "it returns 500 when user is not found", %{conn: conn, user: user} do
1076 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
1077 assert json_response(conn, :internal_server_error)
1080 test "it returns 500 when user is not local", %{conn: conn, user: user} do
1081 {:ok, user} = Repo.update(Changeset.change(user, local: false))
1082 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1083 assert json_response(conn, :internal_server_error)
1087 describe "GET /api/account/confirm_email/:id/:token" do
1089 user = insert(:user)
1090 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1094 |> Changeset.change()
1095 |> Changeset.put_embed(:info, info_change)
1098 assert user.info.confirmation_pending
1103 test "it redirects to root url", %{conn: conn, user: user} do
1104 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1106 assert 302 == conn.status
1109 test "it confirms the user account", %{conn: conn, user: user} do
1110 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1112 user = User.get_by_id(user.id)
1114 refute user.info.confirmation_pending
1115 refute user.info.confirmation_token
1118 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
1119 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
1121 assert 500 == conn.status
1124 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
1125 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
1127 assert 500 == conn.status
1131 describe "POST /api/account/resend_confirmation_email" do
1133 setting = Pleroma.Config.get([:instance, :account_activation_required])
1136 Pleroma.Config.put([:instance, :account_activation_required], true)
1137 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
1140 user = insert(:user)
1141 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1145 |> Changeset.change()
1146 |> Changeset.put_embed(:info, info_change)
1149 assert user.info.confirmation_pending
1154 test "it returns 204 No Content", %{conn: conn, user: user} do
1156 |> assign(:user, user)
1157 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1158 |> json_response(:no_content)
1161 test "it sends confirmation email", %{conn: conn, user: user} do
1163 |> assign(:user, user)
1164 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1166 Swoosh.TestAssertions.assert_email_sent(
1167 Pleroma.Emails.UserEmail.account_confirmation_email(user)
1172 describe "GET /api/externalprofile/show" do
1173 test "it returns the user", %{conn: conn} do
1174 user = insert(:user)
1175 other_user = insert(:user)
1179 |> assign(:user, user)
1180 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1182 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1186 describe "GET /api/statuses/followers" do
1187 test "it returns a user's followers", %{conn: conn} do
1188 user = insert(:user)
1189 follower_one = insert(:user)
1190 follower_two = insert(:user)
1191 _not_follower = insert(:user)
1193 {:ok, follower_one} = User.follow(follower_one, user)
1194 {:ok, follower_two} = User.follow(follower_two, user)
1198 |> assign(:user, user)
1199 |> get("/api/statuses/followers")
1201 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1202 result = json_response(conn, 200)
1203 assert Enum.sort(expected) == Enum.sort(result)
1206 test "it returns 20 followers per page", %{conn: conn} do
1207 user = insert(:user)
1208 followers = insert_list(21, :user)
1210 Enum.each(followers, fn follower ->
1211 User.follow(follower, user)
1216 |> assign(:user, user)
1217 |> get("/api/statuses/followers")
1219 result = json_response(res_conn, 200)
1220 assert length(result) == 20
1224 |> assign(:user, user)
1225 |> get("/api/statuses/followers?page=2")
1227 result = json_response(res_conn, 200)
1228 assert length(result) == 1
1231 test "it returns a given user's followers with user_id", %{conn: conn} do
1232 user = insert(:user)
1233 follower_one = insert(:user)
1234 follower_two = insert(:user)
1235 not_follower = insert(:user)
1237 {:ok, follower_one} = User.follow(follower_one, user)
1238 {:ok, follower_two} = User.follow(follower_two, user)
1242 |> assign(:user, not_follower)
1243 |> get("/api/statuses/followers", %{"user_id" => user.id})
1245 assert MapSet.equal?(
1246 MapSet.new(json_response(conn, 200)),
1248 UserView.render("index.json", %{
1249 users: [follower_one, follower_two],
1256 test "it returns empty when hide_followers is set to true", %{conn: conn} do
1257 user = insert(:user, %{info: %{hide_followers: true}})
1258 follower_one = insert(:user)
1259 follower_two = insert(:user)
1260 not_follower = insert(:user)
1262 {:ok, _follower_one} = User.follow(follower_one, user)
1263 {:ok, _follower_two} = User.follow(follower_two, user)
1267 |> assign(:user, not_follower)
1268 |> get("/api/statuses/followers", %{"user_id" => user.id})
1269 |> json_response(200)
1271 assert [] == response
1274 test "it returns the followers when hide_followers is set to true if requested by the user themselves",
1278 user = insert(:user, %{info: %{hide_followers: true}})
1279 follower_one = insert(:user)
1280 follower_two = insert(:user)
1281 _not_follower = insert(:user)
1283 {:ok, _follower_one} = User.follow(follower_one, user)
1284 {:ok, _follower_two} = User.follow(follower_two, user)
1288 |> assign(:user, user)
1289 |> get("/api/statuses/followers", %{"user_id" => user.id})
1291 refute [] == json_response(conn, 200)
1295 describe "GET /api/statuses/blocks" do
1296 test "it returns the list of users blocked by requester", %{conn: conn} do
1297 user = insert(:user)
1298 other_user = insert(:user)
1300 {:ok, user} = User.block(user, other_user)
1304 |> assign(:user, user)
1305 |> get("/api/statuses/blocks")
1307 expected = UserView.render("index.json", %{users: [other_user], for: user})
1308 result = json_response(conn, 200)
1309 assert Enum.sort(expected) == Enum.sort(result)
1313 describe "GET /api/statuses/friends" do
1314 test "it returns the logged in user's friends", %{conn: conn} do
1315 user = insert(:user)
1316 followed_one = insert(:user)
1317 followed_two = insert(:user)
1318 _not_followed = insert(:user)
1320 {:ok, user} = User.follow(user, followed_one)
1321 {:ok, user} = User.follow(user, followed_two)
1325 |> assign(:user, user)
1326 |> get("/api/statuses/friends")
1328 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1329 result = json_response(conn, 200)
1330 assert Enum.sort(expected) == Enum.sort(result)
1333 test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
1334 user = insert(:user)
1335 followeds = insert_list(21, :user)
1338 Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
1339 User.follow(user, followed)
1344 |> assign(:user, user)
1345 |> get("/api/statuses/friends")
1347 result = json_response(res_conn, 200)
1348 assert length(result) == 20
1352 |> assign(:user, user)
1353 |> get("/api/statuses/friends", %{page: 2})
1355 result = json_response(res_conn, 200)
1356 assert length(result) == 1
1360 |> assign(:user, user)
1361 |> get("/api/statuses/friends", %{all: true})
1363 result = json_response(res_conn, 200)
1364 assert length(result) == 21
1367 test "it returns a given user's friends with user_id", %{conn: conn} do
1368 user = insert(:user)
1369 followed_one = insert(:user)
1370 followed_two = insert(:user)
1371 _not_followed = insert(:user)
1373 {:ok, user} = User.follow(user, followed_one)
1374 {:ok, user} = User.follow(user, followed_two)
1378 |> assign(:user, user)
1379 |> get("/api/statuses/friends", %{"user_id" => user.id})
1381 assert MapSet.equal?(
1382 MapSet.new(json_response(conn, 200)),
1384 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1389 test "it returns empty when hide_follows is set to true", %{conn: conn} do
1390 user = insert(:user, %{info: %{hide_follows: true}})
1391 followed_one = insert(:user)
1392 followed_two = insert(:user)
1393 not_followed = insert(:user)
1395 {:ok, user} = User.follow(user, followed_one)
1396 {:ok, user} = User.follow(user, followed_two)
1400 |> assign(:user, not_followed)
1401 |> get("/api/statuses/friends", %{"user_id" => user.id})
1403 assert [] == json_response(conn, 200)
1406 test "it returns friends when hide_follows is set to true if the user themselves request it",
1410 user = insert(:user, %{info: %{hide_follows: true}})
1411 followed_one = insert(:user)
1412 followed_two = insert(:user)
1413 _not_followed = insert(:user)
1415 {:ok, _user} = User.follow(user, followed_one)
1416 {:ok, _user} = User.follow(user, followed_two)
1420 |> assign(:user, user)
1421 |> get("/api/statuses/friends", %{"user_id" => user.id})
1422 |> json_response(200)
1424 refute [] == response
1427 test "it returns a given user's friends with screen_name", %{conn: conn} do
1428 user = insert(:user)
1429 followed_one = insert(:user)
1430 followed_two = insert(:user)
1431 _not_followed = insert(:user)
1433 {:ok, user} = User.follow(user, followed_one)
1434 {:ok, user} = User.follow(user, followed_two)
1438 |> assign(:user, user)
1439 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1441 assert MapSet.equal?(
1442 MapSet.new(json_response(conn, 200)),
1444 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1450 describe "GET /friends/ids" do
1451 test "it returns a user's friends", %{conn: conn} do
1452 user = insert(:user)
1453 followed_one = insert(:user)
1454 followed_two = insert(:user)
1455 _not_followed = insert(:user)
1457 {:ok, user} = User.follow(user, followed_one)
1458 {:ok, user} = User.follow(user, followed_two)
1462 |> assign(:user, user)
1463 |> get("/api/friends/ids")
1465 expected = [followed_one.id, followed_two.id]
1467 assert MapSet.equal?(
1468 MapSet.new(Poison.decode!(json_response(conn, 200))),
1469 MapSet.new(expected)
1474 describe "POST /api/account/update_profile.json" do
1475 test "it updates a user's profile", %{conn: conn} do
1476 user = insert(:user)
1477 user2 = insert(:user)
1481 |> assign(:user, user)
1482 |> post("/api/account/update_profile.json", %{
1483 "name" => "new name",
1484 "description" => "hi @#{user2.nickname}"
1487 user = Repo.get!(User, user.id)
1488 assert user.name == "new name"
1491 "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{
1493 }'>@<span>#{user2.nickname}</span></a></span>"
1495 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1498 test "it sets and un-sets hide_follows", %{conn: conn} do
1499 user = insert(:user)
1502 |> assign(:user, user)
1503 |> post("/api/account/update_profile.json", %{
1504 "hide_follows" => "true"
1507 user = Repo.get!(User, user.id)
1508 assert user.info.hide_follows == true
1512 |> assign(:user, user)
1513 |> post("/api/account/update_profile.json", %{
1514 "hide_follows" => "false"
1517 user = Repo.get!(User, user.id)
1518 assert user.info.hide_follows == false
1519 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1522 test "it sets and un-sets hide_followers", %{conn: conn} do
1523 user = insert(:user)
1526 |> assign(:user, user)
1527 |> post("/api/account/update_profile.json", %{
1528 "hide_followers" => "true"
1531 user = Repo.get!(User, user.id)
1532 assert user.info.hide_followers == true
1536 |> assign(:user, user)
1537 |> post("/api/account/update_profile.json", %{
1538 "hide_followers" => "false"
1541 user = Repo.get!(User, user.id)
1542 assert user.info.hide_followers == false
1543 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1546 test "it sets and un-sets show_role", %{conn: conn} do
1547 user = insert(:user)
1550 |> assign(:user, user)
1551 |> post("/api/account/update_profile.json", %{
1552 "show_role" => "true"
1555 user = Repo.get!(User, user.id)
1556 assert user.info.show_role == true
1560 |> assign(:user, user)
1561 |> post("/api/account/update_profile.json", %{
1562 "show_role" => "false"
1565 user = Repo.get!(User, user.id)
1566 assert user.info.show_role == false
1567 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1570 test "it locks an account", %{conn: conn} do
1571 user = insert(:user)
1575 |> assign(:user, user)
1576 |> post("/api/account/update_profile.json", %{
1580 user = Repo.get!(User, user.id)
1581 assert user.info.locked == true
1583 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1586 test "it unlocks an account", %{conn: conn} do
1587 user = insert(:user)
1591 |> assign(:user, user)
1592 |> post("/api/account/update_profile.json", %{
1596 user = Repo.get!(User, user.id)
1597 assert user.info.locked == false
1599 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1603 defp valid_user(_context) do
1604 user = insert(:user)
1608 defp with_credentials(conn, username, password) do
1609 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1610 put_req_header(conn, "authorization", header_content)
1613 describe "GET /api/search.json" do
1614 test "it returns search results", %{conn: conn} do
1615 user = insert(:user)
1616 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1618 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1619 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1623 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1625 assert [status] = json_response(conn, 200)
1626 assert status["id"] == activity.id
1630 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1631 test "it returns the tags timeline", %{conn: conn} do
1632 user = insert(:user)
1633 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1635 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1636 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1640 |> get("/api/statusnet/tags/timeline/2hu.json")
1642 assert [status] = json_response(conn, 200)
1643 assert status["id"] == activity.id
1647 test "Convert newlines to <br> in bio", %{conn: conn} do
1648 user = insert(:user)
1652 |> assign(:user, user)
1653 |> post("/api/account/update_profile.json", %{
1654 "description" => "Hello,\r\nWorld! I\n am a test."
1657 user = Repo.get!(User, user.id)
1658 assert user.bio == "Hello,<br>World! I<br> am a test."
1661 describe "POST /api/pleroma/change_password" do
1664 test "without credentials", %{conn: conn} do
1665 conn = post(conn, "/api/pleroma/change_password")
1666 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1669 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1672 |> with_credentials(current_user.nickname, "test")
1673 |> post("/api/pleroma/change_password", %{
1675 "new_password" => "newpass",
1676 "new_password_confirmation" => "newpass"
1679 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1682 test "with credentials, valid password and new password and confirmation not matching", %{
1688 |> with_credentials(current_user.nickname, "test")
1689 |> post("/api/pleroma/change_password", %{
1690 "password" => "test",
1691 "new_password" => "newpass",
1692 "new_password_confirmation" => "notnewpass"
1695 assert json_response(conn, 200) == %{
1696 "error" => "New password does not match confirmation."
1700 test "with credentials, valid password and invalid new password", %{
1706 |> with_credentials(current_user.nickname, "test")
1707 |> post("/api/pleroma/change_password", %{
1708 "password" => "test",
1709 "new_password" => "",
1710 "new_password_confirmation" => ""
1713 assert json_response(conn, 200) == %{
1714 "error" => "New password can't be blank."
1718 test "with credentials, valid password and matching new password and confirmation", %{
1724 |> with_credentials(current_user.nickname, "test")
1725 |> post("/api/pleroma/change_password", %{
1726 "password" => "test",
1727 "new_password" => "newpass",
1728 "new_password_confirmation" => "newpass"
1731 assert json_response(conn, 200) == %{"status" => "success"}
1732 fetched_user = User.get_by_id(current_user.id)
1733 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1737 describe "POST /api/pleroma/delete_account" do
1740 test "without credentials", %{conn: conn} do
1741 conn = post(conn, "/api/pleroma/delete_account")
1742 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1745 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1748 |> with_credentials(current_user.nickname, "test")
1749 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1751 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1754 test "with credentials and valid password", %{conn: conn, user: current_user} do
1757 |> with_credentials(current_user.nickname, "test")
1758 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1760 assert json_response(conn, 200) == %{"status" => "success"}
1761 # Wait a second for the started task to end
1766 describe "GET /api/pleroma/friend_requests" do
1767 test "it lists friend requests" do
1768 user = insert(:user)
1769 other_user = insert(:user)
1771 {:ok, _activity} = ActivityPub.follow(other_user, user)
1773 user = User.get_by_id(user.id)
1774 other_user = User.get_by_id(other_user.id)
1776 assert User.following?(other_user, user) == false
1780 |> assign(:user, user)
1781 |> get("/api/pleroma/friend_requests")
1783 assert [relationship] = json_response(conn, 200)
1784 assert other_user.id == relationship["id"]
1787 test "requires 'read' permission", %{conn: conn} do
1788 token1 = insert(:oauth_token, scopes: ["write"])
1789 token2 = insert(:oauth_token, scopes: ["read"])
1791 for token <- [token1, token2] do
1794 |> put_req_header("authorization", "Bearer #{token.token}")
1795 |> get("/api/pleroma/friend_requests")
1797 if token == token1 do
1798 assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
1800 assert json_response(conn, 200)
1806 describe "POST /api/pleroma/friendships/approve" do
1807 test "it approves a friend request" do
1808 user = insert(:user)
1809 other_user = insert(:user)
1811 {:ok, _activity} = ActivityPub.follow(other_user, user)
1813 user = User.get_by_id(user.id)
1814 other_user = User.get_by_id(other_user.id)
1816 assert User.following?(other_user, user) == false
1820 |> assign(:user, user)
1821 |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
1823 assert relationship = json_response(conn, 200)
1824 assert other_user.id == relationship["id"]
1825 assert relationship["follows_you"] == true
1829 describe "POST /api/pleroma/friendships/deny" do
1830 test "it denies a friend request" do
1831 user = insert(:user)
1832 other_user = insert(:user)
1834 {:ok, _activity} = ActivityPub.follow(other_user, user)
1836 user = User.get_by_id(user.id)
1837 other_user = User.get_by_id(other_user.id)
1839 assert User.following?(other_user, user) == false
1843 |> assign(:user, user)
1844 |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
1846 assert relationship = json_response(conn, 200)
1847 assert other_user.id == relationship["id"]
1848 assert relationship["follows_you"] == false
1852 describe "GET /api/pleroma/search_user" do
1853 test "it returns users, ordered by similarity", %{conn: conn} do
1854 user = insert(:user, %{name: "eal"})
1855 user_two = insert(:user, %{name: "eal me"})
1856 _user_three = insert(:user, %{name: "zzz"})
1860 |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
1861 |> json_response(200)
1863 assert length(resp) == 2
1864 assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1868 describe "POST /api/media/upload" do
1870 Pleroma.DataCase.ensure_local_uploader(context)
1873 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1876 user = insert(:user)
1878 upload_filename = "test/fixtures/image_tmp.jpg"
1879 File.cp!("test/fixtures/image.jpg", upload_filename)
1881 file = %Plug.Upload{
1882 content_type: "image/jpg",
1883 path: Path.absname(upload_filename),
1884 filename: "image.jpg"
1889 |> assign(:user, user)
1890 |> put_req_header("content-type", "application/octet-stream")
1891 |> post("/api/media/upload", %{
1894 |> json_response(:ok)
1896 assert response["media_id"]
1897 object = Repo.get(Object, response["media_id"])
1899 assert object.data["actor"] == User.ap_id(user)
1903 describe "POST /api/media/metadata/create" do
1905 object = insert(:note)
1906 user = User.get_by_ap_id(object.data["actor"])
1907 %{object: object, user: user}
1910 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1914 initial_description = object.data["name"]
1915 another_user = insert(:user)
1918 |> assign(:user, another_user)
1919 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1920 |> json_response(:forbidden)
1922 object = Repo.get(Object, object.id)
1923 assert object.data["name"] == initial_description
1926 test "it updates `data[name]` of referenced Object with provided value", %{
1931 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1934 |> assign(:user, user)
1935 |> post("/api/media/metadata/create", %{
1936 "media_id" => object.id,
1937 "alt_text" => %{"text" => description}
1939 |> json_response(:no_content)
1941 object = Repo.get(Object, object.id)
1942 assert object.data["name"] == description
1946 describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
1947 test "it returns a list of pinned statuses", %{conn: conn} do
1948 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1950 user = insert(:user, %{name: "egor"})
1951 {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
1952 {:ok, _} = CommonAPI.pin(activity_id, user)
1956 |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
1957 |> json_response(200)
1959 assert length(resp) == 1
1960 assert [%{"id" => ^activity_id, "pinned" => true}] = resp
1964 describe "POST /api/statuses/pin/:id" do
1966 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1967 [user: insert(:user)]
1970 test "without valid credentials", %{conn: conn} do
1971 note_activity = insert(:note_activity)
1972 conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
1973 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1976 test "with credentials", %{conn: conn, user: user} do
1977 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1979 request_path = "/api/statuses/pin/#{activity.id}.json"
1983 |> with_credentials(user.nickname, "test")
1984 |> post(request_path)
1986 user = refresh_record(user)
1988 assert json_response(response, 200) ==
1989 ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
1993 describe "POST /api/statuses/unpin/:id" do
1995 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1996 [user: insert(:user)]
1999 test "without valid credentials", %{conn: conn} do
2000 note_activity = insert(:note_activity)
2001 conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
2002 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
2005 test "with credentials", %{conn: conn, user: user} do
2006 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
2007 {:ok, activity} = CommonAPI.pin(activity.id, user)
2009 request_path = "/api/statuses/unpin/#{activity.id}.json"
2013 |> with_credentials(user.nickname, "test")
2014 |> post(request_path)
2016 user = refresh_record(user)
2018 assert json_response(response, 200) ==
2019 ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
2023 describe "GET /api/oauth_tokens" do
2025 token = insert(:oauth_token) |> Repo.preload(:user)
2030 test "renders list", %{token: token} do
2033 |> assign(:user, token.user)
2034 |> get("/api/oauth_tokens")
2037 json_response(response, 200)
2041 assert keys -- ["id", "app_name", "valid_until"] == []
2044 test "revoke token", %{token: token} do
2047 |> assign(:user, token.user)
2048 |> delete("/api/oauth_tokens/#{token.id}")
2050 tokens = Token.get_user_tokens(token.user)
2053 assert response.status == 201