projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'remotes/upstream/develop' into twitter_oauth
[akkoma] / test / web / twitter_api / twitter_api_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Comeonin.Pbkdf2
8 alias Ecto.Changeset
9 alias Pleroma.Activity
10 alias Pleroma.Builders.ActivityBuilder
11 alias Pleroma.Builders.UserBuilder
12 alias Pleroma.Notification
13 alias Pleroma.Object
14 alias Pleroma.Repo
15 alias Pleroma.User
16 alias Pleroma.Web.ActivityPub.ActivityPub
17 alias Pleroma.Web.CommonAPI
18 alias Pleroma.Web.OAuth.Token
19 alias Pleroma.Web.TwitterAPI.ActivityView
20 alias Pleroma.Web.TwitterAPI.Controller
21 alias Pleroma.Web.TwitterAPI.NotificationView
22 alias Pleroma.Web.TwitterAPI.TwitterAPI
23 alias Pleroma.Web.TwitterAPI.UserView
24
25 import Pleroma.Factory
26 import Mock
27
28 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
29
30 describe "POST /api/account/update_profile_banner" do
31 test "it updates the banner", %{conn: conn} do
32 user = insert(:user)
33
34 conn
35 |> assign(:user, user)
36 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
37 |> json_response(200)
38
39 user = refresh_record(user)
40 assert user.info.banner["type"] == "Image"
41 end
42 end
43
44 describe "POST /api/qvitter/update_background_image" do
45 test "it updates the background", %{conn: conn} do
46 user = insert(:user)
47
48 conn
49 |> assign(:user, user)
50 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
51 |> json_response(200)
52
53 user = refresh_record(user)
54 assert user.info.background["type"] == "Image"
55 end
56 end
57
58 describe "POST /api/account/verify_credentials" do
59 setup [:valid_user]
60
61 test "without valid credentials", %{conn: conn} do
62 conn = post(conn, "/api/account/verify_credentials.json")
63 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
64 end
65
66 test "with credentials", %{conn: conn, user: user} do
67 response =
68 conn
69 |> with_credentials(user.nickname, "test")
70 |> post("/api/account/verify_credentials.json")
71 |> json_response(200)
72
73 assert response ==
74 UserView.render("show.json", %{user: user, token: response["token"], for: user})
75 end
76 end
77
78 describe "POST /statuses/update.json" do
79 setup [:valid_user]
80
81 test "without valid credentials", %{conn: conn} do
82 conn = post(conn, "/api/statuses/update.json")
83 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
84 end
85
86 test "with credentials", %{conn: conn, user: user} do
87 conn_with_creds = conn |> with_credentials(user.nickname, "test")
88 request_path = "/api/statuses/update.json"
89
90 error_response = %{
91 "request" => request_path,
92 "error" => "Client must provide a 'status' parameter with a value."
93 }
94
95 conn =
96 conn_with_creds
97 |> post(request_path)
98
99 assert json_response(conn, 400) == error_response
100
101 conn =
102 conn_with_creds
103 |> post(request_path, %{status: ""})
104
105 assert json_response(conn, 400) == error_response
106
107 conn =
108 conn_with_creds
109 |> post(request_path, %{status: " "})
110
111 assert json_response(conn, 400) == error_response
112
113 # we post with visibility private in order to avoid triggering relay
114 conn =
115 conn_with_creds
116 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
117
118 assert json_response(conn, 200) ==
119 ActivityView.render("activity.json", %{
120 activity: Repo.one(Activity),
121 user: user,
122 for: user
123 })
124 end
125 end
126
127 describe "GET /statuses/public_timeline.json" do
128 setup [:valid_user]
129
130 test "returns statuses", %{conn: conn} do
131 user = insert(:user)
132 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
133 ActivityBuilder.insert_list(10, %{}, %{user: user})
134 since_id = List.last(activities).id
135
136 conn =
137 conn
138 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
139
140 response = json_response(conn, 200)
141
142 assert length(response) == 10
143 end
144
145 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
146 instance =
147 Application.get_env(:pleroma, :instance)
148 |> Keyword.put(:public, false)
149
150 Application.put_env(:pleroma, :instance, instance)
151
152 conn
153 |> get("/api/statuses/public_timeline.json")
154 |> json_response(403)
155
156 instance =
157 Application.get_env(:pleroma, :instance)
158 |> Keyword.put(:public, true)
159
160 Application.put_env(:pleroma, :instance, instance)
161 end
162
163 test "returns 200 to authenticated request when the instance is not public",
164 %{conn: conn, user: user} do
165 instance =
166 Application.get_env(:pleroma, :instance)
167 |> Keyword.put(:public, false)
168
169 Application.put_env(:pleroma, :instance, instance)
170
171 conn
172 |> with_credentials(user.nickname, "test")
173 |> get("/api/statuses/public_timeline.json")
174 |> json_response(200)
175
176 instance =
177 Application.get_env(:pleroma, :instance)
178 |> Keyword.put(:public, true)
179
180 Application.put_env(:pleroma, :instance, instance)
181 end
182
183 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
184 conn
185 |> get("/api/statuses/public_timeline.json")
186 |> json_response(200)
187 end
188
189 test "returns 200 to authenticated request when the instance is public",
190 %{conn: conn, user: user} do
191 conn
192 |> with_credentials(user.nickname, "test")
193 |> get("/api/statuses/public_timeline.json")
194 |> json_response(200)
195 end
196
197 test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
198 Controller,
199 [:passthrough],
200 [] do
201 token = insert(:oauth_token, scopes: ["write"])
202
203 build_conn()
204 |> put_req_header("authorization", "Bearer #{token.token}")
205 |> get("/api/statuses/public_timeline.json")
206 |> json_response(200)
207
208 assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
209 end
210 end
211
212 describe "GET /statuses/public_and_external_timeline.json" do
213 setup [:valid_user]
214
215 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
216 instance =
217 Application.get_env(:pleroma, :instance)
218 |> Keyword.put(:public, false)
219
220 Application.put_env(:pleroma, :instance, instance)
221
222 conn
223 |> get("/api/statuses/public_and_external_timeline.json")
224 |> json_response(403)
225
226 instance =
227 Application.get_env(:pleroma, :instance)
228 |> Keyword.put(:public, true)
229
230 Application.put_env(:pleroma, :instance, instance)
231 end
232
233 test "returns 200 to authenticated request when the instance is not public",
234 %{conn: conn, user: user} do
235 instance =
236 Application.get_env(:pleroma, :instance)
237 |> Keyword.put(:public, false)
238
239 Application.put_env(:pleroma, :instance, instance)
240
241 conn
242 |> with_credentials(user.nickname, "test")
243 |> get("/api/statuses/public_and_external_timeline.json")
244 |> json_response(200)
245
246 instance =
247 Application.get_env(:pleroma, :instance)
248 |> Keyword.put(:public, true)
249
250 Application.put_env(:pleroma, :instance, instance)
251 end
252
253 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
254 conn
255 |> get("/api/statuses/public_and_external_timeline.json")
256 |> json_response(200)
257 end
258
259 test "returns 200 to authenticated request when the instance is public",
260 %{conn: conn, user: user} do
261 conn
262 |> with_credentials(user.nickname, "test")
263 |> get("/api/statuses/public_and_external_timeline.json")
264 |> json_response(200)
265 end
266 end
267
268 describe "GET /statuses/show/:id.json" do
269 test "returns one status", %{conn: conn} do
270 user = insert(:user)
271 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
272 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
273
274 conn =
275 conn
276 |> get("/api/statuses/show/#{activity.id}.json")
277
278 response = json_response(conn, 200)
279
280 assert response == ActivityView.render("activity.json", %{activity: activity, user: actor})
281 end
282 end
283
284 describe "GET /users/show.json" do
285 test "gets user with screen_name", %{conn: conn} do
286 user = insert(:user)
287
288 conn =
289 conn
290 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
291
292 response = json_response(conn, 200)
293
294 assert response["id"] == user.id
295 end
296
297 test "gets user with user_id", %{conn: conn} do
298 user = insert(:user)
299
300 conn =
301 conn
302 |> get("/api/users/show.json", %{"user_id" => user.id})
303
304 response = json_response(conn, 200)
305
306 assert response["id"] == user.id
307 end
308
309 test "gets a user for a logged in user", %{conn: conn} do
310 user = insert(:user)
311 logged_in = insert(:user)
312
313 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
314
315 conn =
316 conn
317 |> with_credentials(logged_in.nickname, "test")
318 |> get("/api/users/show.json", %{"user_id" => user.id})
319
320 response = json_response(conn, 200)
321
322 assert response["following"] == true
323 end
324 end
325
326 describe "GET /statusnet/conversation/:id.json" do
327 test "returns the statuses in the conversation", %{conn: conn} do
328 {:ok, _user} = UserBuilder.insert()
329 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
330 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
331 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
332
333 conn =
334 conn
335 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
336
337 response = json_response(conn, 200)
338
339 assert length(response) == 2
340 end
341 end
342
343 describe "GET /statuses/friends_timeline.json" do
344 setup [:valid_user]
345
346 test "without valid credentials", %{conn: conn} do
347 conn = get(conn, "/api/statuses/friends_timeline.json")
348 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
349 end
350
351 test "with credentials", %{conn: conn, user: current_user} do
352 user = insert(:user)
353
354 activities =
355 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
356
357 returned_activities =
358 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
359
360 other_user = insert(:user)
361 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
362 since_id = List.last(activities).id
363
364 current_user =
365 Changeset.change(current_user, following: [User.ap_followers(user)])
366 |> Repo.update!()
367
368 conn =
369 conn
370 |> with_credentials(current_user.nickname, "test")
371 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
372
373 response = json_response(conn, 200)
374
375 assert length(response) == 10
376
377 assert response ==
378 Enum.map(returned_activities, fn activity ->
379 ActivityView.render("activity.json", %{
380 activity: activity,
381 user: User.get_cached_by_ap_id(activity.data["actor"]),
382 for: current_user
383 })
384 end)
385 end
386 end
387
388 describe "GET /statuses/dm_timeline.json" do
389 test "it show direct messages", %{conn: conn} do
390 user_one = insert(:user)
391 user_two = insert(:user)
392
393 {:ok, user_two} = User.follow(user_two, user_one)
394
395 {:ok, direct} =
396 CommonAPI.post(user_one, %{
397 "status" => "Hi @#{user_two.nickname}!",
398 "visibility" => "direct"
399 })
400
401 {:ok, direct_two} =
402 CommonAPI.post(user_two, %{
403 "status" => "Hi @#{user_one.nickname}!",
404 "visibility" => "direct"
405 })
406
407 {:ok, _follower_only} =
408 CommonAPI.post(user_one, %{
409 "status" => "Hi @#{user_two.nickname}!",
410 "visibility" => "private"
411 })
412
413 # Only direct should be visible here
414 res_conn =
415 conn
416 |> assign(:user, user_two)
417 |> get("/api/statuses/dm_timeline.json")
418
419 [status, status_two] = json_response(res_conn, 200)
420 assert status["id"] == direct_two.id
421 assert status_two["id"] == direct.id
422 end
423
424 test "doesn't include DMs from blocked users", %{conn: conn} do
425 blocker = insert(:user)
426 blocked = insert(:user)
427 user = insert(:user)
428 {:ok, blocker} = User.block(blocker, blocked)
429
430 {:ok, _blocked_direct} =
431 CommonAPI.post(blocked, %{
432 "status" => "Hi @#{blocker.nickname}!",
433 "visibility" => "direct"
434 })
435
436 {:ok, direct} =
437 CommonAPI.post(user, %{
438 "status" => "Hi @#{blocker.nickname}!",
439 "visibility" => "direct"
440 })
441
442 res_conn =
443 conn
444 |> assign(:user, blocker)
445 |> get("/api/statuses/dm_timeline.json")
446
447 [status] = json_response(res_conn, 200)
448 assert status["id"] == direct.id
449 end
450 end
451
452 describe "GET /statuses/mentions.json" do
453 setup [:valid_user]
454
455 test "without valid credentials", %{conn: conn} do
456 conn = get(conn, "/api/statuses/mentions.json")
457 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
458 end
459
460 test "with credentials", %{conn: conn, user: current_user} do
461 {:ok, activity} =
462 CommonAPI.post(current_user, %{
463 "status" => "why is tenshi eating a corndog so cute?",
464 "visibility" => "public"
465 })
466
467 conn =
468 conn
469 |> with_credentials(current_user.nickname, "test")
470 |> get("/api/statuses/mentions.json")
471
472 response = json_response(conn, 200)
473
474 assert length(response) == 1
475
476 assert Enum.at(response, 0) ==
477 ActivityView.render("activity.json", %{
478 user: current_user,
479 for: current_user,
480 activity: activity
481 })
482 end
483
484 test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
485 {:ok, _activity} =
486 CommonAPI.post(current_user, %{
487 "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
488 "visibility" => "direct"
489 })
490
491 conn =
492 conn
493 |> with_credentials(current_user.nickname, "test")
494 |> get("/api/statuses/mentions.json")
495
496 response = json_response(conn, 200)
497
498 assert Enum.empty?(response)
499 end
500 end
501
502 describe "GET /api/qvitter/statuses/notifications.json" do
503 setup [:valid_user]
504
505 test "without valid credentials", %{conn: conn} do
506 conn = get(conn, "/api/qvitter/statuses/notifications.json")
507 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
508 end
509
510 test "with credentials", %{conn: conn, user: current_user} do
511 other_user = insert(:user)
512
513 {:ok, _activity} =
514 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
515
516 conn =
517 conn
518 |> with_credentials(current_user.nickname, "test")
519 |> get("/api/qvitter/statuses/notifications.json")
520
521 response = json_response(conn, 200)
522
523 assert length(response) == 1
524
525 assert response ==
526 NotificationView.render("notification.json", %{
527 notifications: Notification.for_user(current_user),
528 for: current_user
529 })
530 end
531 end
532
533 describe "POST /api/qvitter/statuses/notifications/read" do
534 setup [:valid_user]
535
536 test "without valid credentials", %{conn: conn} do
537 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
538 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
539 end
540
541 test "with credentials, without any params", %{conn: conn, user: current_user} do
542 conn =
543 conn
544 |> with_credentials(current_user.nickname, "test")
545 |> post("/api/qvitter/statuses/notifications/read")
546
547 assert json_response(conn, 400) == %{
548 "error" => "You need to specify latest_id",
549 "request" => "/api/qvitter/statuses/notifications/read"
550 }
551 end
552
553 test "with credentials, with params", %{conn: conn, user: current_user} do
554 other_user = insert(:user)
555
556 {:ok, _activity} =
557 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
558
559 response_conn =
560 conn
561 |> with_credentials(current_user.nickname, "test")
562 |> get("/api/qvitter/statuses/notifications.json")
563
564 [notification] = response = json_response(response_conn, 200)
565
566 assert length(response) == 1
567
568 assert notification["is_seen"] == 0
569
570 response_conn =
571 conn
572 |> with_credentials(current_user.nickname, "test")
573 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
574
575 [notification] = response = json_response(response_conn, 200)
576
577 assert length(response) == 1
578
579 assert notification["is_seen"] == 1
580 end
581 end
582
583 describe "GET /statuses/user_timeline.json" do
584 setup [:valid_user]
585
586 test "without any params", %{conn: conn} do
587 conn = get(conn, "/api/statuses/user_timeline.json")
588
589 assert json_response(conn, 400) == %{
590 "error" => "You need to specify screen_name or user_id",
591 "request" => "/api/statuses/user_timeline.json"
592 }
593 end
594
595 test "with user_id", %{conn: conn} do
596 user = insert(:user)
597 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
598
599 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
600 response = json_response(conn, 200)
601 assert length(response) == 1
602
603 assert Enum.at(response, 0) ==
604 ActivityView.render("activity.json", %{user: user, activity: activity})
605 end
606
607 test "with screen_name", %{conn: conn} do
608 user = insert(:user)
609 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
610
611 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
612 response = json_response(conn, 200)
613 assert length(response) == 1
614
615 assert Enum.at(response, 0) ==
616 ActivityView.render("activity.json", %{user: user, activity: activity})
617 end
618
619 test "with credentials", %{conn: conn, user: current_user} do
620 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
621
622 conn =
623 conn
624 |> with_credentials(current_user.nickname, "test")
625 |> get("/api/statuses/user_timeline.json")
626
627 response = json_response(conn, 200)
628
629 assert length(response) == 1
630
631 assert Enum.at(response, 0) ==
632 ActivityView.render("activity.json", %{
633 user: current_user,
634 for: current_user,
635 activity: activity
636 })
637 end
638
639 test "with credentials with user_id", %{conn: conn, user: current_user} do
640 user = insert(:user)
641 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
642
643 conn =
644 conn
645 |> with_credentials(current_user.nickname, "test")
646 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
647
648 response = json_response(conn, 200)
649
650 assert length(response) == 1
651
652 assert Enum.at(response, 0) ==
653 ActivityView.render("activity.json", %{user: user, activity: activity})
654 end
655
656 test "with credentials screen_name", %{conn: conn, user: current_user} do
657 user = insert(:user)
658 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
659
660 conn =
661 conn
662 |> with_credentials(current_user.nickname, "test")
663 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
664
665 response = json_response(conn, 200)
666
667 assert length(response) == 1
668
669 assert Enum.at(response, 0) ==
670 ActivityView.render("activity.json", %{user: user, activity: activity})
671 end
672
673 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
674 user = insert(:user)
675 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
676 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
677
678 conn =
679 conn
680 |> with_credentials(current_user.nickname, "test")
681 |> get("/api/statuses/user_timeline.json", %{
682 "user_id" => user.id,
683 "include_rts" => "false"
684 })
685
686 response = json_response(conn, 200)
687
688 assert length(response) == 1
689
690 assert Enum.at(response, 0) ==
691 ActivityView.render("activity.json", %{user: user, activity: activity})
692
693 conn =
694 conn
695 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
696
697 response = json_response(conn, 200)
698
699 assert length(response) == 1
700
701 assert Enum.at(response, 0) ==
702 ActivityView.render("activity.json", %{user: user, activity: activity})
703 end
704 end
705
706 describe "POST /friendships/create.json" do
707 setup [:valid_user]
708
709 test "without valid credentials", %{conn: conn} do
710 conn = post(conn, "/api/friendships/create.json")
711 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
712 end
713
714 test "with credentials", %{conn: conn, user: current_user} do
715 followed = insert(:user)
716
717 conn =
718 conn
719 |> with_credentials(current_user.nickname, "test")
720 |> post("/api/friendships/create.json", %{user_id: followed.id})
721
722 current_user = User.get_by_id(current_user.id)
723 assert User.ap_followers(followed) in current_user.following
724
725 assert json_response(conn, 200) ==
726 UserView.render("show.json", %{user: followed, for: current_user})
727 end
728
729 test "for restricted account", %{conn: conn, user: current_user} do
730 followed = insert(:user, info: %User.Info{locked: true})
731
732 conn =
733 conn
734 |> with_credentials(current_user.nickname, "test")
735 |> post("/api/friendships/create.json", %{user_id: followed.id})
736
737 current_user = User.get_by_id(current_user.id)
738 followed = User.get_by_id(followed.id)
739
740 refute User.ap_followers(followed) in current_user.following
741
742 assert json_response(conn, 200) ==
743 UserView.render("show.json", %{user: followed, for: current_user})
744 end
745 end
746
747 describe "POST /friendships/destroy.json" do
748 setup [:valid_user]
749
750 test "without valid credentials", %{conn: conn} do
751 conn = post(conn, "/api/friendships/destroy.json")
752 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
753 end
754
755 test "with credentials", %{conn: conn, user: current_user} do
756 followed = insert(:user)
757
758 {:ok, current_user} = User.follow(current_user, followed)
759 assert User.ap_followers(followed) in current_user.following
760 ActivityPub.follow(current_user, followed)
761
762 conn =
763 conn
764 |> with_credentials(current_user.nickname, "test")
765 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
766
767 current_user = User.get_by_id(current_user.id)
768 assert current_user.following == [current_user.ap_id]
769
770 assert json_response(conn, 200) ==
771 UserView.render("show.json", %{user: followed, for: current_user})
772 end
773 end
774
775 describe "POST /blocks/create.json" do
776 setup [:valid_user]
777
778 test "without valid credentials", %{conn: conn} do
779 conn = post(conn, "/api/blocks/create.json")
780 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
781 end
782
783 test "with credentials", %{conn: conn, user: current_user} do
784 blocked = insert(:user)
785
786 conn =
787 conn
788 |> with_credentials(current_user.nickname, "test")
789 |> post("/api/blocks/create.json", %{user_id: blocked.id})
790
791 current_user = User.get_by_id(current_user.id)
792 assert User.blocks?(current_user, blocked)
793
794 assert json_response(conn, 200) ==
795 UserView.render("show.json", %{user: blocked, for: current_user})
796 end
797 end
798
799 describe "POST /blocks/destroy.json" do
800 setup [:valid_user]
801
802 test "without valid credentials", %{conn: conn} do
803 conn = post(conn, "/api/blocks/destroy.json")
804 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
805 end
806
807 test "with credentials", %{conn: conn, user: current_user} do
808 blocked = insert(:user)
809
810 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
811 assert User.blocks?(current_user, blocked)
812
813 conn =
814 conn
815 |> with_credentials(current_user.nickname, "test")
816 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
817
818 current_user = User.get_by_id(current_user.id)
819 assert current_user.info.blocks == []
820
821 assert json_response(conn, 200) ==
822 UserView.render("show.json", %{user: blocked, for: current_user})
823 end
824 end
825
826 describe "GET /help/test.json" do
827 test "returns \"ok\"", %{conn: conn} do
828 conn = get(conn, "/api/help/test.json")
829 assert json_response(conn, 200) == "ok"
830 end
831 end
832
833 describe "POST /api/qvitter/update_avatar.json" do
834 setup [:valid_user]
835
836 test "without valid credentials", %{conn: conn} do
837 conn = post(conn, "/api/qvitter/update_avatar.json")
838 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
839 end
840
841 test "with credentials", %{conn: conn, user: current_user} do
842 avatar_image = File.read!("test/fixtures/avatar_data_uri")
843
844 conn =
845 conn
846 |> with_credentials(current_user.nickname, "test")
847 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
848
849 current_user = User.get_by_id(current_user.id)
850 assert is_map(current_user.avatar)
851
852 assert json_response(conn, 200) ==
853 UserView.render("show.json", %{user: current_user, for: current_user})
854 end
855 end
856
857 describe "GET /api/qvitter/mutes.json" do
858 setup [:valid_user]
859
860 test "unimplemented mutes without valid credentials", %{conn: conn} do
861 conn = get(conn, "/api/qvitter/mutes.json")
862 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
863 end
864
865 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
866 response =
867 conn
868 |> with_credentials(current_user.nickname, "test")
869 |> get("/api/qvitter/mutes.json")
870 |> json_response(200)
871
872 assert [] = response
873 end
874 end
875
876 describe "POST /api/favorites/create/:id" do
877 setup [:valid_user]
878
879 test "without valid credentials", %{conn: conn} do
880 note_activity = insert(:note_activity)
881 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
882 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
883 end
884
885 test "with credentials", %{conn: conn, user: current_user} do
886 note_activity = insert(:note_activity)
887
888 conn =
889 conn
890 |> with_credentials(current_user.nickname, "test")
891 |> post("/api/favorites/create/#{note_activity.id}.json")
892
893 assert json_response(conn, 200)
894 end
895
896 test "with credentials, invalid param", %{conn: conn, user: current_user} do
897 conn =
898 conn
899 |> with_credentials(current_user.nickname, "test")
900 |> post("/api/favorites/create/wrong.json")
901
902 assert json_response(conn, 400)
903 end
904
905 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
906 conn =
907 conn
908 |> with_credentials(current_user.nickname, "test")
909 |> post("/api/favorites/create/1.json")
910
911 assert json_response(conn, 400)
912 end
913 end
914
915 describe "POST /api/favorites/destroy/:id" do
916 setup [:valid_user]
917
918 test "without valid credentials", %{conn: conn} do
919 note_activity = insert(:note_activity)
920 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
921 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
922 end
923
924 test "with credentials", %{conn: conn, user: current_user} do
925 note_activity = insert(:note_activity)
926 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
927 ActivityPub.like(current_user, object)
928
929 conn =
930 conn
931 |> with_credentials(current_user.nickname, "test")
932 |> post("/api/favorites/destroy/#{note_activity.id}.json")
933
934 assert json_response(conn, 200)
935 end
936 end
937
938 describe "POST /api/statuses/retweet/:id" do
939 setup [:valid_user]
940
941 test "without valid credentials", %{conn: conn} do
942 note_activity = insert(:note_activity)
943 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
944 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
945 end
946
947 test "with credentials", %{conn: conn, user: current_user} do
948 note_activity = insert(:note_activity)
949
950 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
951
952 response =
953 conn
954 |> with_credentials(current_user.nickname, "test")
955 |> post(request_path)
956
957 activity = Activity.get_by_id(note_activity.id)
958 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
959
960 assert json_response(response, 200) ==
961 ActivityView.render("activity.json", %{
962 user: activity_user,
963 for: current_user,
964 activity: activity
965 })
966 end
967 end
968
969 describe "POST /api/statuses/unretweet/:id" do
970 setup [:valid_user]
971
972 test "without valid credentials", %{conn: conn} do
973 note_activity = insert(:note_activity)
974 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
975 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
976 end
977
978 test "with credentials", %{conn: conn, user: current_user} do
979 note_activity = insert(:note_activity)
980
981 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
982
983 _response =
984 conn
985 |> with_credentials(current_user.nickname, "test")
986 |> post(request_path)
987
988 request_path = String.replace(request_path, "retweet", "unretweet")
989
990 response =
991 conn
992 |> with_credentials(current_user.nickname, "test")
993 |> post(request_path)
994
995 activity = Activity.get_by_id(note_activity.id)
996 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
997
998 assert json_response(response, 200) ==
999 ActivityView.render("activity.json", %{
1000 user: activity_user,
1001 for: current_user,
1002 activity: activity
1003 })
1004 end
1005 end
1006
1007 describe "POST /api/account/register" do
1008 test "it creates a new user", %{conn: conn} do
1009 data = %{
1010 "nickname" => "lain",
1011 "email" => "lain@wired.jp",
1012 "fullname" => "lain iwakura",
1013 "bio" => "close the world.",
1014 "password" => "bear",
1015 "confirm" => "bear"
1016 }
1017
1018 conn =
1019 conn
1020 |> post("/api/account/register", data)
1021
1022 user = json_response(conn, 200)
1023
1024 fetched_user = Repo.get_by(User, nickname: "lain")
1025 assert user == UserView.render("show.json", %{user: fetched_user})
1026 end
1027
1028 test "it returns errors on a problem", %{conn: conn} do
1029 data = %{
1030 "email" => "lain@wired.jp",
1031 "fullname" => "lain iwakura",
1032 "bio" => "close the world.",
1033 "password" => "bear",
1034 "confirm" => "bear"
1035 }
1036
1037 conn =
1038 conn
1039 |> post("/api/account/register", data)
1040
1041 errors = json_response(conn, 400)
1042
1043 assert is_binary(errors["error"])
1044 end
1045 end
1046
1047 describe "POST /api/account/password_reset, with valid parameters" do
1048 setup %{conn: conn} do
1049 user = insert(:user)
1050 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1051 %{conn: conn, user: user}
1052 end
1053
1054 test "it returns 204", %{conn: conn} do
1055 assert json_response(conn, :no_content)
1056 end
1057
1058 test "it creates a PasswordResetToken record for user", %{user: user} do
1059 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1060 assert token_record
1061 end
1062
1063 test "it sends an email to user", %{user: user} do
1064 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1065
1066 Swoosh.TestAssertions.assert_email_sent(
1067 Pleroma.UserEmail.password_reset_email(user, token_record.token)
1068 )
1069 end
1070 end
1071
1072 describe "POST /api/account/password_reset, with invalid parameters" do
1073 setup [:valid_user]
1074
1075 test "it returns 500 when user is not found", %{conn: conn, user: user} do
1076 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
1077 assert json_response(conn, :internal_server_error)
1078 end
1079
1080 test "it returns 500 when user is not local", %{conn: conn, user: user} do
1081 {:ok, user} = Repo.update(Changeset.change(user, local: false))
1082 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1083 assert json_response(conn, :internal_server_error)
1084 end
1085 end
1086
1087 describe "GET /api/account/confirm_email/:id/:token" do
1088 setup do
1089 user = insert(:user)
1090 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1091
1092 {:ok, user} =
1093 user
1094 |> Changeset.change()
1095 |> Changeset.put_embed(:info, info_change)
1096 |> Repo.update()
1097
1098 assert user.info.confirmation_pending
1099
1100 [user: user]
1101 end
1102
1103 test "it redirects to root url", %{conn: conn, user: user} do
1104 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1105
1106 assert 302 == conn.status
1107 end
1108
1109 test "it confirms the user account", %{conn: conn, user: user} do
1110 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1111
1112 user = User.get_by_id(user.id)
1113
1114 refute user.info.confirmation_pending
1115 refute user.info.confirmation_token
1116 end
1117
1118 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
1119 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
1120
1121 assert 500 == conn.status
1122 end
1123
1124 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
1125 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
1126
1127 assert 500 == conn.status
1128 end
1129 end
1130
1131 describe "POST /api/account/resend_confirmation_email" do
1132 setup do
1133 setting = Pleroma.Config.get([:instance, :account_activation_required])
1134
1135 unless setting do
1136 Pleroma.Config.put([:instance, :account_activation_required], true)
1137 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
1138 end
1139
1140 user = insert(:user)
1141 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1142
1143 {:ok, user} =
1144 user
1145 |> Changeset.change()
1146 |> Changeset.put_embed(:info, info_change)
1147 |> Repo.update()
1148
1149 assert user.info.confirmation_pending
1150
1151 [user: user]
1152 end
1153
1154 test "it returns 204 No Content", %{conn: conn, user: user} do
1155 conn
1156 |> assign(:user, user)
1157 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1158 |> json_response(:no_content)
1159 end
1160
1161 test "it sends confirmation email", %{conn: conn, user: user} do
1162 conn
1163 |> assign(:user, user)
1164 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1165
1166 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
1167 end
1168 end
1169
1170 describe "GET /api/externalprofile/show" do
1171 test "it returns the user", %{conn: conn} do
1172 user = insert(:user)
1173 other_user = insert(:user)
1174
1175 conn =
1176 conn
1177 |> assign(:user, user)
1178 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1179
1180 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1181 end
1182 end
1183
1184 describe "GET /api/statuses/followers" do
1185 test "it returns a user's followers", %{conn: conn} do
1186 user = insert(:user)
1187 follower_one = insert(:user)
1188 follower_two = insert(:user)
1189 _not_follower = insert(:user)
1190
1191 {:ok, follower_one} = User.follow(follower_one, user)
1192 {:ok, follower_two} = User.follow(follower_two, user)
1193
1194 conn =
1195 conn
1196 |> assign(:user, user)
1197 |> get("/api/statuses/followers")
1198
1199 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1200 result = json_response(conn, 200)
1201 assert Enum.sort(expected) == Enum.sort(result)
1202 end
1203
1204 test "it returns 20 followers per page", %{conn: conn} do
1205 user = insert(:user)
1206 followers = insert_list(21, :user)
1207
1208 Enum.each(followers, fn follower ->
1209 User.follow(follower, user)
1210 end)
1211
1212 res_conn =
1213 conn
1214 |> assign(:user, user)
1215 |> get("/api/statuses/followers")
1216
1217 result = json_response(res_conn, 200)
1218 assert length(result) == 20
1219
1220 res_conn =
1221 conn
1222 |> assign(:user, user)
1223 |> get("/api/statuses/followers?page=2")
1224
1225 result = json_response(res_conn, 200)
1226 assert length(result) == 1
1227 end
1228
1229 test "it returns a given user's followers with user_id", %{conn: conn} do
1230 user = insert(:user)
1231 follower_one = insert(:user)
1232 follower_two = insert(:user)
1233 not_follower = insert(:user)
1234
1235 {:ok, follower_one} = User.follow(follower_one, user)
1236 {:ok, follower_two} = User.follow(follower_two, user)
1237
1238 conn =
1239 conn
1240 |> assign(:user, not_follower)
1241 |> get("/api/statuses/followers", %{"user_id" => user.id})
1242
1243 assert MapSet.equal?(
1244 MapSet.new(json_response(conn, 200)),
1245 MapSet.new(
1246 UserView.render("index.json", %{
1247 users: [follower_one, follower_two],
1248 for: not_follower
1249 })
1250 )
1251 )
1252 end
1253
1254 test "it returns empty when hide_followers is set to true", %{conn: conn} do
1255 user = insert(:user, %{info: %{hide_followers: true}})
1256 follower_one = insert(:user)
1257 follower_two = insert(:user)
1258 not_follower = insert(:user)
1259
1260 {:ok, _follower_one} = User.follow(follower_one, user)
1261 {:ok, _follower_two} = User.follow(follower_two, user)
1262
1263 response =
1264 conn
1265 |> assign(:user, not_follower)
1266 |> get("/api/statuses/followers", %{"user_id" => user.id})
1267 |> json_response(200)
1268
1269 assert [] == response
1270 end
1271
1272 test "it returns the followers when hide_followers is set to true if requested by the user themselves",
1273 %{
1274 conn: conn
1275 } do
1276 user = insert(:user, %{info: %{hide_followers: true}})
1277 follower_one = insert(:user)
1278 follower_two = insert(:user)
1279 _not_follower = insert(:user)
1280
1281 {:ok, _follower_one} = User.follow(follower_one, user)
1282 {:ok, _follower_two} = User.follow(follower_two, user)
1283
1284 conn =
1285 conn
1286 |> assign(:user, user)
1287 |> get("/api/statuses/followers", %{"user_id" => user.id})
1288
1289 refute [] == json_response(conn, 200)
1290 end
1291 end
1292
1293 describe "GET /api/statuses/blocks" do
1294 test "it returns the list of users blocked by requester", %{conn: conn} do
1295 user = insert(:user)
1296 other_user = insert(:user)
1297
1298 {:ok, user} = User.block(user, other_user)
1299
1300 conn =
1301 conn
1302 |> assign(:user, user)
1303 |> get("/api/statuses/blocks")
1304
1305 expected = UserView.render("index.json", %{users: [other_user], for: user})
1306 result = json_response(conn, 200)
1307 assert Enum.sort(expected) == Enum.sort(result)
1308 end
1309 end
1310
1311 describe "GET /api/statuses/friends" do
1312 test "it returns the logged in user's friends", %{conn: conn} do
1313 user = insert(:user)
1314 followed_one = insert(:user)
1315 followed_two = insert(:user)
1316 _not_followed = insert(:user)
1317
1318 {:ok, user} = User.follow(user, followed_one)
1319 {:ok, user} = User.follow(user, followed_two)
1320
1321 conn =
1322 conn
1323 |> assign(:user, user)
1324 |> get("/api/statuses/friends")
1325
1326 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1327 result = json_response(conn, 200)
1328 assert Enum.sort(expected) == Enum.sort(result)
1329 end
1330
1331 test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
1332 user = insert(:user)
1333 followeds = insert_list(21, :user)
1334
1335 {:ok, user} =
1336 Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
1337 User.follow(user, followed)
1338 end)
1339
1340 res_conn =
1341 conn
1342 |> assign(:user, user)
1343 |> get("/api/statuses/friends")
1344
1345 result = json_response(res_conn, 200)
1346 assert length(result) == 20
1347
1348 res_conn =
1349 conn
1350 |> assign(:user, user)
1351 |> get("/api/statuses/friends", %{page: 2})
1352
1353 result = json_response(res_conn, 200)
1354 assert length(result) == 1
1355
1356 res_conn =
1357 conn
1358 |> assign(:user, user)
1359 |> get("/api/statuses/friends", %{all: true})
1360
1361 result = json_response(res_conn, 200)
1362 assert length(result) == 21
1363 end
1364
1365 test "it returns a given user's friends with user_id", %{conn: conn} do
1366 user = insert(:user)
1367 followed_one = insert(:user)
1368 followed_two = insert(:user)
1369 _not_followed = insert(:user)
1370
1371 {:ok, user} = User.follow(user, followed_one)
1372 {:ok, user} = User.follow(user, followed_two)
1373
1374 conn =
1375 conn
1376 |> assign(:user, user)
1377 |> get("/api/statuses/friends", %{"user_id" => user.id})
1378
1379 assert MapSet.equal?(
1380 MapSet.new(json_response(conn, 200)),
1381 MapSet.new(
1382 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1383 )
1384 )
1385 end
1386
1387 test "it returns empty when hide_follows is set to true", %{conn: conn} do
1388 user = insert(:user, %{info: %{hide_follows: true}})
1389 followed_one = insert(:user)
1390 followed_two = insert(:user)
1391 not_followed = insert(:user)
1392
1393 {:ok, user} = User.follow(user, followed_one)
1394 {:ok, user} = User.follow(user, followed_two)
1395
1396 conn =
1397 conn
1398 |> assign(:user, not_followed)
1399 |> get("/api/statuses/friends", %{"user_id" => user.id})
1400
1401 assert [] == json_response(conn, 200)
1402 end
1403
1404 test "it returns friends when hide_follows is set to true if the user themselves request it",
1405 %{
1406 conn: conn
1407 } do
1408 user = insert(:user, %{info: %{hide_follows: true}})
1409 followed_one = insert(:user)
1410 followed_two = insert(:user)
1411 _not_followed = insert(:user)
1412
1413 {:ok, _user} = User.follow(user, followed_one)
1414 {:ok, _user} = User.follow(user, followed_two)
1415
1416 response =
1417 conn
1418 |> assign(:user, user)
1419 |> get("/api/statuses/friends", %{"user_id" => user.id})
1420 |> json_response(200)
1421
1422 refute [] == response
1423 end
1424
1425 test "it returns a given user's friends with screen_name", %{conn: conn} do
1426 user = insert(:user)
1427 followed_one = insert(:user)
1428 followed_two = insert(:user)
1429 _not_followed = insert(:user)
1430
1431 {:ok, user} = User.follow(user, followed_one)
1432 {:ok, user} = User.follow(user, followed_two)
1433
1434 conn =
1435 conn
1436 |> assign(:user, user)
1437 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1438
1439 assert MapSet.equal?(
1440 MapSet.new(json_response(conn, 200)),
1441 MapSet.new(
1442 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1443 )
1444 )
1445 end
1446 end
1447
1448 describe "GET /friends/ids" do
1449 test "it returns a user's friends", %{conn: conn} do
1450 user = insert(:user)
1451 followed_one = insert(:user)
1452 followed_two = insert(:user)
1453 _not_followed = insert(:user)
1454
1455 {:ok, user} = User.follow(user, followed_one)
1456 {:ok, user} = User.follow(user, followed_two)
1457
1458 conn =
1459 conn
1460 |> assign(:user, user)
1461 |> get("/api/friends/ids")
1462
1463 expected = [followed_one.id, followed_two.id]
1464
1465 assert MapSet.equal?(
1466 MapSet.new(Poison.decode!(json_response(conn, 200))),
1467 MapSet.new(expected)
1468 )
1469 end
1470 end
1471
1472 describe "POST /api/account/update_profile.json" do
1473 test "it updates a user's profile", %{conn: conn} do
1474 user = insert(:user)
1475 user2 = insert(:user)
1476
1477 conn =
1478 conn
1479 |> assign(:user, user)
1480 |> post("/api/account/update_profile.json", %{
1481 "name" => "new name",
1482 "description" => "hi @#{user2.nickname}"
1483 })
1484
1485 user = Repo.get!(User, user.id)
1486 assert user.name == "new name"
1487
1488 assert user.bio ==
1489 "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{
1490 user2.ap_id
1491 }'>@<span>#{user2.nickname}</span></a></span>"
1492
1493 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1494 end
1495
1496 test "it sets and un-sets hide_follows", %{conn: conn} do
1497 user = insert(:user)
1498
1499 conn
1500 |> assign(:user, user)
1501 |> post("/api/account/update_profile.json", %{
1502 "hide_follows" => "true"
1503 })
1504
1505 user = Repo.get!(User, user.id)
1506 assert user.info.hide_follows == true
1507
1508 conn =
1509 conn
1510 |> assign(:user, user)
1511 |> post("/api/account/update_profile.json", %{
1512 "hide_follows" => "false"
1513 })
1514
1515 user = Repo.get!(User, user.id)
1516 assert user.info.hide_follows == false
1517 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1518 end
1519
1520 test "it sets and un-sets hide_followers", %{conn: conn} do
1521 user = insert(:user)
1522
1523 conn
1524 |> assign(:user, user)
1525 |> post("/api/account/update_profile.json", %{
1526 "hide_followers" => "true"
1527 })
1528
1529 user = Repo.get!(User, user.id)
1530 assert user.info.hide_followers == true
1531
1532 conn =
1533 conn
1534 |> assign(:user, user)
1535 |> post("/api/account/update_profile.json", %{
1536 "hide_followers" => "false"
1537 })
1538
1539 user = Repo.get!(User, user.id)
1540 assert user.info.hide_followers == false
1541 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1542 end
1543
1544 test "it sets and un-sets show_role", %{conn: conn} do
1545 user = insert(:user)
1546
1547 conn
1548 |> assign(:user, user)
1549 |> post("/api/account/update_profile.json", %{
1550 "show_role" => "true"
1551 })
1552
1553 user = Repo.get!(User, user.id)
1554 assert user.info.show_role == true
1555
1556 conn =
1557 conn
1558 |> assign(:user, user)
1559 |> post("/api/account/update_profile.json", %{
1560 "show_role" => "false"
1561 })
1562
1563 user = Repo.get!(User, user.id)
1564 assert user.info.show_role == false
1565 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1566 end
1567
1568 test "it locks an account", %{conn: conn} do
1569 user = insert(:user)
1570
1571 conn =
1572 conn
1573 |> assign(:user, user)
1574 |> post("/api/account/update_profile.json", %{
1575 "locked" => "true"
1576 })
1577
1578 user = Repo.get!(User, user.id)
1579 assert user.info.locked == true
1580
1581 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1582 end
1583
1584 test "it unlocks an account", %{conn: conn} do
1585 user = insert(:user)
1586
1587 conn =
1588 conn
1589 |> assign(:user, user)
1590 |> post("/api/account/update_profile.json", %{
1591 "locked" => "false"
1592 })
1593
1594 user = Repo.get!(User, user.id)
1595 assert user.info.locked == false
1596
1597 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1598 end
1599 end
1600
1601 defp valid_user(_context) do
1602 user = insert(:user)
1603 [user: user]
1604 end
1605
1606 defp with_credentials(conn, username, password) do
1607 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1608 put_req_header(conn, "authorization", header_content)
1609 end
1610
1611 describe "GET /api/search.json" do
1612 test "it returns search results", %{conn: conn} do
1613 user = insert(:user)
1614 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1615
1616 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1617 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1618
1619 conn =
1620 conn
1621 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1622
1623 assert [status] = json_response(conn, 200)
1624 assert status["id"] == activity.id
1625 end
1626 end
1627
1628 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1629 test "it returns the tags timeline", %{conn: conn} do
1630 user = insert(:user)
1631 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1632
1633 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1634 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1635
1636 conn =
1637 conn
1638 |> get("/api/statusnet/tags/timeline/2hu.json")
1639
1640 assert [status] = json_response(conn, 200)
1641 assert status["id"] == activity.id
1642 end
1643 end
1644
1645 test "Convert newlines to <br> in bio", %{conn: conn} do
1646 user = insert(:user)
1647
1648 _conn =
1649 conn
1650 |> assign(:user, user)
1651 |> post("/api/account/update_profile.json", %{
1652 "description" => "Hello,\r\nWorld! I\n am a test."
1653 })
1654
1655 user = Repo.get!(User, user.id)
1656 assert user.bio == "Hello,<br>World! I<br> am a test."
1657 end
1658
1659 describe "POST /api/pleroma/change_password" do
1660 setup [:valid_user]
1661
1662 test "without credentials", %{conn: conn} do
1663 conn = post(conn, "/api/pleroma/change_password")
1664 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1665 end
1666
1667 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1668 conn =
1669 conn
1670 |> with_credentials(current_user.nickname, "test")
1671 |> post("/api/pleroma/change_password", %{
1672 "password" => "hi",
1673 "new_password" => "newpass",
1674 "new_password_confirmation" => "newpass"
1675 })
1676
1677 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1678 end
1679
1680 test "with credentials, valid password and new password and confirmation not matching", %{
1681 conn: conn,
1682 user: current_user
1683 } do
1684 conn =
1685 conn
1686 |> with_credentials(current_user.nickname, "test")
1687 |> post("/api/pleroma/change_password", %{
1688 "password" => "test",
1689 "new_password" => "newpass",
1690 "new_password_confirmation" => "notnewpass"
1691 })
1692
1693 assert json_response(conn, 200) == %{
1694 "error" => "New password does not match confirmation."
1695 }
1696 end
1697
1698 test "with credentials, valid password and invalid new password", %{
1699 conn: conn,
1700 user: current_user
1701 } do
1702 conn =
1703 conn
1704 |> with_credentials(current_user.nickname, "test")
1705 |> post("/api/pleroma/change_password", %{
1706 "password" => "test",
1707 "new_password" => "",
1708 "new_password_confirmation" => ""
1709 })
1710
1711 assert json_response(conn, 200) == %{
1712 "error" => "New password can't be blank."
1713 }
1714 end
1715
1716 test "with credentials, valid password and matching new password and confirmation", %{
1717 conn: conn,
1718 user: current_user
1719 } do
1720 conn =
1721 conn
1722 |> with_credentials(current_user.nickname, "test")
1723 |> post("/api/pleroma/change_password", %{
1724 "password" => "test",
1725 "new_password" => "newpass",
1726 "new_password_confirmation" => "newpass"
1727 })
1728
1729 assert json_response(conn, 200) == %{"status" => "success"}
1730 fetched_user = User.get_by_id(current_user.id)
1731 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1732 end
1733 end
1734
1735 describe "POST /api/pleroma/delete_account" do
1736 setup [:valid_user]
1737
1738 test "without credentials", %{conn: conn} do
1739 conn = post(conn, "/api/pleroma/delete_account")
1740 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1741 end
1742
1743 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1744 conn =
1745 conn
1746 |> with_credentials(current_user.nickname, "test")
1747 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1748
1749 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1750 end
1751
1752 test "with credentials and valid password", %{conn: conn, user: current_user} do
1753 conn =
1754 conn
1755 |> with_credentials(current_user.nickname, "test")
1756 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1757
1758 assert json_response(conn, 200) == %{"status" => "success"}
1759 # Wait a second for the started task to end
1760 :timer.sleep(1000)
1761 end
1762 end
1763
1764 describe "GET /api/pleroma/friend_requests" do
1765 test "it lists friend requests" do
1766 user = insert(:user)
1767 other_user = insert(:user)
1768
1769 {:ok, _activity} = ActivityPub.follow(other_user, user)
1770
1771 user = User.get_by_id(user.id)
1772 other_user = User.get_by_id(other_user.id)
1773
1774 assert User.following?(other_user, user) == false
1775
1776 conn =
1777 build_conn()
1778 |> assign(:user, user)
1779 |> get("/api/pleroma/friend_requests")
1780
1781 assert [relationship] = json_response(conn, 200)
1782 assert other_user.id == relationship["id"]
1783 end
1784
1785 test "requires 'read' permission", %{conn: conn} do
1786 token1 = insert(:oauth_token, scopes: ["write"])
1787 token2 = insert(:oauth_token, scopes: ["read"])
1788
1789 for token <- [token1, token2] do
1790 conn =
1791 conn
1792 |> put_req_header("authorization", "Bearer #{token.token}")
1793 |> get("/api/pleroma/friend_requests")
1794
1795 if token == token1 do
1796 assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
1797 else
1798 assert json_response(conn, 200)
1799 end
1800 end
1801 end
1802 end
1803
1804 describe "POST /api/pleroma/friendships/approve" do
1805 test "it approves a friend request" do
1806 user = insert(:user)
1807 other_user = insert(:user)
1808
1809 {:ok, _activity} = ActivityPub.follow(other_user, user)
1810
1811 user = User.get_by_id(user.id)
1812 other_user = User.get_by_id(other_user.id)
1813
1814 assert User.following?(other_user, user) == false
1815
1816 conn =
1817 build_conn()
1818 |> assign(:user, user)
1819 |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
1820
1821 assert relationship = json_response(conn, 200)
1822 assert other_user.id == relationship["id"]
1823 assert relationship["follows_you"] == true
1824 end
1825 end
1826
1827 describe "POST /api/pleroma/friendships/deny" do
1828 test "it denies a friend request" do
1829 user = insert(:user)
1830 other_user = insert(:user)
1831
1832 {:ok, _activity} = ActivityPub.follow(other_user, user)
1833
1834 user = User.get_by_id(user.id)
1835 other_user = User.get_by_id(other_user.id)
1836
1837 assert User.following?(other_user, user) == false
1838
1839 conn =
1840 build_conn()
1841 |> assign(:user, user)
1842 |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
1843
1844 assert relationship = json_response(conn, 200)
1845 assert other_user.id == relationship["id"]
1846 assert relationship["follows_you"] == false
1847 end
1848 end
1849
1850 describe "GET /api/pleroma/search_user" do
1851 test "it returns users, ordered by similarity", %{conn: conn} do
1852 user = insert(:user, %{name: "eal"})
1853 user_two = insert(:user, %{name: "eal me"})
1854 _user_three = insert(:user, %{name: "zzz"})
1855
1856 resp =
1857 conn
1858 |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
1859 |> json_response(200)
1860
1861 assert length(resp) == 2
1862 assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1863 end
1864 end
1865
1866 describe "POST /api/media/upload" do
1867 setup context do
1868 Pleroma.DataCase.ensure_local_uploader(context)
1869 end
1870
1871 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1872 conn: conn
1873 } do
1874 user = insert(:user)
1875
1876 upload_filename = "test/fixtures/image_tmp.jpg"
1877 File.cp!("test/fixtures/image.jpg", upload_filename)
1878
1879 file = %Plug.Upload{
1880 content_type: "image/jpg",
1881 path: Path.absname(upload_filename),
1882 filename: "image.jpg"
1883 }
1884
1885 response =
1886 conn
1887 |> assign(:user, user)
1888 |> put_req_header("content-type", "application/octet-stream")
1889 |> post("/api/media/upload", %{
1890 "media" => file
1891 })
1892 |> json_response(:ok)
1893
1894 assert response["media_id"]
1895 object = Repo.get(Object, response["media_id"])
1896 assert object
1897 assert object.data["actor"] == User.ap_id(user)
1898 end
1899 end
1900
1901 describe "POST /api/media/metadata/create" do
1902 setup do
1903 object = insert(:note)
1904 user = User.get_by_ap_id(object.data["actor"])
1905 %{object: object, user: user}
1906 end
1907
1908 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1909 conn: conn,
1910 object: object
1911 } do
1912 initial_description = object.data["name"]
1913 another_user = insert(:user)
1914
1915 conn
1916 |> assign(:user, another_user)
1917 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1918 |> json_response(:forbidden)
1919
1920 object = Repo.get(Object, object.id)
1921 assert object.data["name"] == initial_description
1922 end
1923
1924 test "it updates `data[name]` of referenced Object with provided value", %{
1925 conn: conn,
1926 object: object,
1927 user: user
1928 } do
1929 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1930
1931 conn
1932 |> assign(:user, user)
1933 |> post("/api/media/metadata/create", %{
1934 "media_id" => object.id,
1935 "alt_text" => %{"text" => description}
1936 })
1937 |> json_response(:no_content)
1938
1939 object = Repo.get(Object, object.id)
1940 assert object.data["name"] == description
1941 end
1942 end
1943
1944 describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
1945 test "it returns a list of pinned statuses", %{conn: conn} do
1946 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1947
1948 user = insert(:user, %{name: "egor"})
1949 {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
1950 {:ok, _} = CommonAPI.pin(activity_id, user)
1951
1952 resp =
1953 conn
1954 |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
1955 |> json_response(200)
1956
1957 assert length(resp) == 1
1958 assert [%{"id" => ^activity_id, "pinned" => true}] = resp
1959 end
1960 end
1961
1962 describe "POST /api/statuses/pin/:id" do
1963 setup do
1964 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1965 [user: insert(:user)]
1966 end
1967
1968 test "without valid credentials", %{conn: conn} do
1969 note_activity = insert(:note_activity)
1970 conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
1971 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1972 end
1973
1974 test "with credentials", %{conn: conn, user: user} do
1975 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1976
1977 request_path = "/api/statuses/pin/#{activity.id}.json"
1978
1979 response =
1980 conn
1981 |> with_credentials(user.nickname, "test")
1982 |> post(request_path)
1983
1984 user = refresh_record(user)
1985
1986 assert json_response(response, 200) ==
1987 ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
1988 end
1989 end
1990
1991 describe "POST /api/statuses/unpin/:id" do
1992 setup do
1993 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1994 [user: insert(:user)]
1995 end
1996
1997 test "without valid credentials", %{conn: conn} do
1998 note_activity = insert(:note_activity)
1999 conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
2000 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
2001 end
2002
2003 test "with credentials", %{conn: conn, user: user} do
2004 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
2005 {:ok, activity} = CommonAPI.pin(activity.id, user)
2006
2007 request_path = "/api/statuses/unpin/#{activity.id}.json"
2008
2009 response =
2010 conn
2011 |> with_credentials(user.nickname, "test")
2012 |> post(request_path)
2013
2014 user = refresh_record(user)
2015
2016 assert json_response(response, 200) ==
2017 ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
2018 end
2019 end
2020
2021 describe "GET /api/oauth_tokens" do
2022 setup do
2023 token = insert(:oauth_token) |> Repo.preload(:user)
2024
2025 %{token: token}
2026 end
2027
2028 test "renders list", %{token: token} do
2029 response =
2030 build_conn()
2031 |> assign(:user, token.user)
2032 |> get("/api/oauth_tokens")
2033
2034 keys =
2035 json_response(response, 200)
2036 |> hd()
2037 |> Map.keys()
2038
2039 assert keys -- ["id", "app_name", "valid_until"] == []
2040 end
2041
2042 test "revoke token", %{token: token} do
2043 response =
2044 build_conn()
2045 |> assign(:user, token.user)
2046 |> delete("/api/oauth_tokens/#{token.id}")
2047
2048 tokens = Token.get_user_tokens(token.user)
2049
2050 assert tokens == []
2051 assert response.status == 201
2052 end
2053 end
2054 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git