1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Builders.ActivityBuilder
11 alias Pleroma.Builders.UserBuilder
12 alias Pleroma.Notification
16 alias Pleroma.Web.ActivityPub.ActivityPub
17 alias Pleroma.Web.CommonAPI
18 alias Pleroma.Web.OAuth.Token
19 alias Pleroma.Web.TwitterAPI.ActivityView
20 alias Pleroma.Web.TwitterAPI.Controller
21 alias Pleroma.Web.TwitterAPI.NotificationView
22 alias Pleroma.Web.TwitterAPI.TwitterAPI
23 alias Pleroma.Web.TwitterAPI.UserView
25 import Pleroma.Factory
28 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
30 describe "POST /api/account/update_profile_banner" do
31 test "it updates the banner", %{conn: conn} do
35 |> assign(:user, user)
36 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
39 user = refresh_record(user)
40 assert user.info.banner["type"] == "Image"
44 describe "POST /api/qvitter/update_background_image" do
45 test "it updates the background", %{conn: conn} do
49 |> assign(:user, user)
50 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
53 user = refresh_record(user)
54 assert user.info.background["type"] == "Image"
58 describe "POST /api/account/verify_credentials" do
61 test "without valid credentials", %{conn: conn} do
62 conn = post(conn, "/api/account/verify_credentials.json")
63 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
66 test "with credentials", %{conn: conn, user: user} do
69 |> with_credentials(user.nickname, "test")
70 |> post("/api/account/verify_credentials.json")
74 UserView.render("show.json", %{user: user, token: response["token"], for: user})
78 describe "POST /statuses/update.json" do
81 test "without valid credentials", %{conn: conn} do
82 conn = post(conn, "/api/statuses/update.json")
83 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
86 test "with credentials", %{conn: conn, user: user} do
87 conn_with_creds = conn |> with_credentials(user.nickname, "test")
88 request_path = "/api/statuses/update.json"
91 "request" => request_path,
92 "error" => "Client must provide a 'status' parameter with a value."
99 assert json_response(conn, 400) == error_response
103 |> post(request_path, %{status: ""})
105 assert json_response(conn, 400) == error_response
109 |> post(request_path, %{status: " "})
111 assert json_response(conn, 400) == error_response
113 # we post with visibility private in order to avoid triggering relay
116 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
118 assert json_response(conn, 200) ==
119 ActivityView.render("activity.json", %{
120 activity: Repo.one(Activity),
127 describe "GET /statuses/public_timeline.json" do
130 test "returns statuses", %{conn: conn} do
132 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
133 ActivityBuilder.insert_list(10, %{}, %{user: user})
134 since_id = List.last(activities).id
138 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
140 response = json_response(conn, 200)
142 assert length(response) == 10
145 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
147 Application.get_env(:pleroma, :instance)
148 |> Keyword.put(:public, false)
150 Application.put_env(:pleroma, :instance, instance)
153 |> get("/api/statuses/public_timeline.json")
154 |> json_response(403)
157 Application.get_env(:pleroma, :instance)
158 |> Keyword.put(:public, true)
160 Application.put_env(:pleroma, :instance, instance)
163 test "returns 200 to authenticated request when the instance is not public",
164 %{conn: conn, user: user} do
166 Application.get_env(:pleroma, :instance)
167 |> Keyword.put(:public, false)
169 Application.put_env(:pleroma, :instance, instance)
172 |> with_credentials(user.nickname, "test")
173 |> get("/api/statuses/public_timeline.json")
174 |> json_response(200)
177 Application.get_env(:pleroma, :instance)
178 |> Keyword.put(:public, true)
180 Application.put_env(:pleroma, :instance, instance)
183 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
185 |> get("/api/statuses/public_timeline.json")
186 |> json_response(200)
189 test "returns 200 to authenticated request when the instance is public",
190 %{conn: conn, user: user} do
192 |> with_credentials(user.nickname, "test")
193 |> get("/api/statuses/public_timeline.json")
194 |> json_response(200)
197 test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
201 token = insert(:oauth_token, scopes: ["write"])
204 |> put_req_header("authorization", "Bearer #{token.token}")
205 |> get("/api/statuses/public_timeline.json")
206 |> json_response(200)
208 assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
212 describe "GET /statuses/public_and_external_timeline.json" do
215 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
217 Application.get_env(:pleroma, :instance)
218 |> Keyword.put(:public, false)
220 Application.put_env(:pleroma, :instance, instance)
223 |> get("/api/statuses/public_and_external_timeline.json")
224 |> json_response(403)
227 Application.get_env(:pleroma, :instance)
228 |> Keyword.put(:public, true)
230 Application.put_env(:pleroma, :instance, instance)
233 test "returns 200 to authenticated request when the instance is not public",
234 %{conn: conn, user: user} do
236 Application.get_env(:pleroma, :instance)
237 |> Keyword.put(:public, false)
239 Application.put_env(:pleroma, :instance, instance)
242 |> with_credentials(user.nickname, "test")
243 |> get("/api/statuses/public_and_external_timeline.json")
244 |> json_response(200)
247 Application.get_env(:pleroma, :instance)
248 |> Keyword.put(:public, true)
250 Application.put_env(:pleroma, :instance, instance)
253 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
255 |> get("/api/statuses/public_and_external_timeline.json")
256 |> json_response(200)
259 test "returns 200 to authenticated request when the instance is public",
260 %{conn: conn, user: user} do
262 |> with_credentials(user.nickname, "test")
263 |> get("/api/statuses/public_and_external_timeline.json")
264 |> json_response(200)
268 describe "GET /statuses/show/:id.json" do
269 test "returns one status", %{conn: conn} do
271 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
272 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
276 |> get("/api/statuses/show/#{activity.id}.json")
278 response = json_response(conn, 200)
280 assert response == ActivityView.render("activity.json", %{activity: activity, user: actor})
284 describe "GET /users/show.json" do
285 test "gets user with screen_name", %{conn: conn} do
290 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
292 response = json_response(conn, 200)
294 assert response["id"] == user.id
297 test "gets user with user_id", %{conn: conn} do
302 |> get("/api/users/show.json", %{"user_id" => user.id})
304 response = json_response(conn, 200)
306 assert response["id"] == user.id
309 test "gets a user for a logged in user", %{conn: conn} do
311 logged_in = insert(:user)
313 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
317 |> with_credentials(logged_in.nickname, "test")
318 |> get("/api/users/show.json", %{"user_id" => user.id})
320 response = json_response(conn, 200)
322 assert response["following"] == true
326 describe "GET /statusnet/conversation/:id.json" do
327 test "returns the statuses in the conversation", %{conn: conn} do
328 {:ok, _user} = UserBuilder.insert()
329 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
330 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
331 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
335 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
337 response = json_response(conn, 200)
339 assert length(response) == 2
343 describe "GET /statuses/friends_timeline.json" do
346 test "without valid credentials", %{conn: conn} do
347 conn = get(conn, "/api/statuses/friends_timeline.json")
348 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
351 test "with credentials", %{conn: conn, user: current_user} do
355 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
357 returned_activities =
358 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
360 other_user = insert(:user)
361 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
362 since_id = List.last(activities).id
365 Changeset.change(current_user, following: [User.ap_followers(user)])
370 |> with_credentials(current_user.nickname, "test")
371 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
373 response = json_response(conn, 200)
375 assert length(response) == 10
378 Enum.map(returned_activities, fn activity ->
379 ActivityView.render("activity.json", %{
381 user: User.get_cached_by_ap_id(activity.data["actor"]),
388 describe "GET /statuses/dm_timeline.json" do
389 test "it show direct messages", %{conn: conn} do
390 user_one = insert(:user)
391 user_two = insert(:user)
393 {:ok, user_two} = User.follow(user_two, user_one)
396 CommonAPI.post(user_one, %{
397 "status" => "Hi @#{user_two.nickname}!",
398 "visibility" => "direct"
402 CommonAPI.post(user_two, %{
403 "status" => "Hi @#{user_one.nickname}!",
404 "visibility" => "direct"
407 {:ok, _follower_only} =
408 CommonAPI.post(user_one, %{
409 "status" => "Hi @#{user_two.nickname}!",
410 "visibility" => "private"
413 # Only direct should be visible here
416 |> assign(:user, user_two)
417 |> get("/api/statuses/dm_timeline.json")
419 [status, status_two] = json_response(res_conn, 200)
420 assert status["id"] == direct_two.id
421 assert status_two["id"] == direct.id
424 test "doesn't include DMs from blocked users", %{conn: conn} do
425 blocker = insert(:user)
426 blocked = insert(:user)
428 {:ok, blocker} = User.block(blocker, blocked)
430 {:ok, _blocked_direct} =
431 CommonAPI.post(blocked, %{
432 "status" => "Hi @#{blocker.nickname}!",
433 "visibility" => "direct"
437 CommonAPI.post(user, %{
438 "status" => "Hi @#{blocker.nickname}!",
439 "visibility" => "direct"
444 |> assign(:user, blocker)
445 |> get("/api/statuses/dm_timeline.json")
447 [status] = json_response(res_conn, 200)
448 assert status["id"] == direct.id
452 describe "GET /statuses/mentions.json" do
455 test "without valid credentials", %{conn: conn} do
456 conn = get(conn, "/api/statuses/mentions.json")
457 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
460 test "with credentials", %{conn: conn, user: current_user} do
462 CommonAPI.post(current_user, %{
463 "status" => "why is tenshi eating a corndog so cute?",
464 "visibility" => "public"
469 |> with_credentials(current_user.nickname, "test")
470 |> get("/api/statuses/mentions.json")
472 response = json_response(conn, 200)
474 assert length(response) == 1
476 assert Enum.at(response, 0) ==
477 ActivityView.render("activity.json", %{
484 test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
486 CommonAPI.post(current_user, %{
487 "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
488 "visibility" => "direct"
493 |> with_credentials(current_user.nickname, "test")
494 |> get("/api/statuses/mentions.json")
496 response = json_response(conn, 200)
498 assert Enum.empty?(response)
502 describe "GET /api/qvitter/statuses/notifications.json" do
505 test "without valid credentials", %{conn: conn} do
506 conn = get(conn, "/api/qvitter/statuses/notifications.json")
507 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
510 test "with credentials", %{conn: conn, user: current_user} do
511 other_user = insert(:user)
514 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
518 |> with_credentials(current_user.nickname, "test")
519 |> get("/api/qvitter/statuses/notifications.json")
521 response = json_response(conn, 200)
523 assert length(response) == 1
526 NotificationView.render("notification.json", %{
527 notifications: Notification.for_user(current_user),
533 describe "POST /api/qvitter/statuses/notifications/read" do
536 test "without valid credentials", %{conn: conn} do
537 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
538 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
541 test "with credentials, without any params", %{conn: conn, user: current_user} do
544 |> with_credentials(current_user.nickname, "test")
545 |> post("/api/qvitter/statuses/notifications/read")
547 assert json_response(conn, 400) == %{
548 "error" => "You need to specify latest_id",
549 "request" => "/api/qvitter/statuses/notifications/read"
553 test "with credentials, with params", %{conn: conn, user: current_user} do
554 other_user = insert(:user)
557 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
561 |> with_credentials(current_user.nickname, "test")
562 |> get("/api/qvitter/statuses/notifications.json")
564 [notification] = response = json_response(response_conn, 200)
566 assert length(response) == 1
568 assert notification["is_seen"] == 0
572 |> with_credentials(current_user.nickname, "test")
573 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
575 [notification] = response = json_response(response_conn, 200)
577 assert length(response) == 1
579 assert notification["is_seen"] == 1
583 describe "GET /statuses/user_timeline.json" do
586 test "without any params", %{conn: conn} do
587 conn = get(conn, "/api/statuses/user_timeline.json")
589 assert json_response(conn, 400) == %{
590 "error" => "You need to specify screen_name or user_id",
591 "request" => "/api/statuses/user_timeline.json"
595 test "with user_id", %{conn: conn} do
597 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
599 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
600 response = json_response(conn, 200)
601 assert length(response) == 1
603 assert Enum.at(response, 0) ==
604 ActivityView.render("activity.json", %{user: user, activity: activity})
607 test "with screen_name", %{conn: conn} do
609 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
611 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
612 response = json_response(conn, 200)
613 assert length(response) == 1
615 assert Enum.at(response, 0) ==
616 ActivityView.render("activity.json", %{user: user, activity: activity})
619 test "with credentials", %{conn: conn, user: current_user} do
620 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
624 |> with_credentials(current_user.nickname, "test")
625 |> get("/api/statuses/user_timeline.json")
627 response = json_response(conn, 200)
629 assert length(response) == 1
631 assert Enum.at(response, 0) ==
632 ActivityView.render("activity.json", %{
639 test "with credentials with user_id", %{conn: conn, user: current_user} do
641 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
645 |> with_credentials(current_user.nickname, "test")
646 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
648 response = json_response(conn, 200)
650 assert length(response) == 1
652 assert Enum.at(response, 0) ==
653 ActivityView.render("activity.json", %{user: user, activity: activity})
656 test "with credentials screen_name", %{conn: conn, user: current_user} do
658 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
662 |> with_credentials(current_user.nickname, "test")
663 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
665 response = json_response(conn, 200)
667 assert length(response) == 1
669 assert Enum.at(response, 0) ==
670 ActivityView.render("activity.json", %{user: user, activity: activity})
673 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
675 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
676 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
680 |> with_credentials(current_user.nickname, "test")
681 |> get("/api/statuses/user_timeline.json", %{
682 "user_id" => user.id,
683 "include_rts" => "false"
686 response = json_response(conn, 200)
688 assert length(response) == 1
690 assert Enum.at(response, 0) ==
691 ActivityView.render("activity.json", %{user: user, activity: activity})
695 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
697 response = json_response(conn, 200)
699 assert length(response) == 1
701 assert Enum.at(response, 0) ==
702 ActivityView.render("activity.json", %{user: user, activity: activity})
706 describe "POST /friendships/create.json" do
709 test "without valid credentials", %{conn: conn} do
710 conn = post(conn, "/api/friendships/create.json")
711 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
714 test "with credentials", %{conn: conn, user: current_user} do
715 followed = insert(:user)
719 |> with_credentials(current_user.nickname, "test")
720 |> post("/api/friendships/create.json", %{user_id: followed.id})
722 current_user = User.get_by_id(current_user.id)
723 assert User.ap_followers(followed) in current_user.following
725 assert json_response(conn, 200) ==
726 UserView.render("show.json", %{user: followed, for: current_user})
729 test "for restricted account", %{conn: conn, user: current_user} do
730 followed = insert(:user, info: %User.Info{locked: true})
734 |> with_credentials(current_user.nickname, "test")
735 |> post("/api/friendships/create.json", %{user_id: followed.id})
737 current_user = User.get_by_id(current_user.id)
738 followed = User.get_by_id(followed.id)
740 refute User.ap_followers(followed) in current_user.following
742 assert json_response(conn, 200) ==
743 UserView.render("show.json", %{user: followed, for: current_user})
747 describe "POST /friendships/destroy.json" do
750 test "without valid credentials", %{conn: conn} do
751 conn = post(conn, "/api/friendships/destroy.json")
752 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
755 test "with credentials", %{conn: conn, user: current_user} do
756 followed = insert(:user)
758 {:ok, current_user} = User.follow(current_user, followed)
759 assert User.ap_followers(followed) in current_user.following
760 ActivityPub.follow(current_user, followed)
764 |> with_credentials(current_user.nickname, "test")
765 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
767 current_user = User.get_by_id(current_user.id)
768 assert current_user.following == [current_user.ap_id]
770 assert json_response(conn, 200) ==
771 UserView.render("show.json", %{user: followed, for: current_user})
775 describe "POST /blocks/create.json" do
778 test "without valid credentials", %{conn: conn} do
779 conn = post(conn, "/api/blocks/create.json")
780 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
783 test "with credentials", %{conn: conn, user: current_user} do
784 blocked = insert(:user)
788 |> with_credentials(current_user.nickname, "test")
789 |> post("/api/blocks/create.json", %{user_id: blocked.id})
791 current_user = User.get_by_id(current_user.id)
792 assert User.blocks?(current_user, blocked)
794 assert json_response(conn, 200) ==
795 UserView.render("show.json", %{user: blocked, for: current_user})
799 describe "POST /blocks/destroy.json" do
802 test "without valid credentials", %{conn: conn} do
803 conn = post(conn, "/api/blocks/destroy.json")
804 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
807 test "with credentials", %{conn: conn, user: current_user} do
808 blocked = insert(:user)
810 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
811 assert User.blocks?(current_user, blocked)
815 |> with_credentials(current_user.nickname, "test")
816 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
818 current_user = User.get_by_id(current_user.id)
819 assert current_user.info.blocks == []
821 assert json_response(conn, 200) ==
822 UserView.render("show.json", %{user: blocked, for: current_user})
826 describe "GET /help/test.json" do
827 test "returns \"ok\"", %{conn: conn} do
828 conn = get(conn, "/api/help/test.json")
829 assert json_response(conn, 200) == "ok"
833 describe "POST /api/qvitter/update_avatar.json" do
836 test "without valid credentials", %{conn: conn} do
837 conn = post(conn, "/api/qvitter/update_avatar.json")
838 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
841 test "with credentials", %{conn: conn, user: current_user} do
842 avatar_image = File.read!("test/fixtures/avatar_data_uri")
846 |> with_credentials(current_user.nickname, "test")
847 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
849 current_user = User.get_by_id(current_user.id)
850 assert is_map(current_user.avatar)
852 assert json_response(conn, 200) ==
853 UserView.render("show.json", %{user: current_user, for: current_user})
857 describe "GET /api/qvitter/mutes.json" do
860 test "unimplemented mutes without valid credentials", %{conn: conn} do
861 conn = get(conn, "/api/qvitter/mutes.json")
862 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
865 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
868 |> with_credentials(current_user.nickname, "test")
869 |> get("/api/qvitter/mutes.json")
870 |> json_response(200)
876 describe "POST /api/favorites/create/:id" do
879 test "without valid credentials", %{conn: conn} do
880 note_activity = insert(:note_activity)
881 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
882 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
885 test "with credentials", %{conn: conn, user: current_user} do
886 note_activity = insert(:note_activity)
890 |> with_credentials(current_user.nickname, "test")
891 |> post("/api/favorites/create/#{note_activity.id}.json")
893 assert json_response(conn, 200)
896 test "with credentials, invalid param", %{conn: conn, user: current_user} do
899 |> with_credentials(current_user.nickname, "test")
900 |> post("/api/favorites/create/wrong.json")
902 assert json_response(conn, 400)
905 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
908 |> with_credentials(current_user.nickname, "test")
909 |> post("/api/favorites/create/1.json")
911 assert json_response(conn, 400)
915 describe "POST /api/favorites/destroy/:id" do
918 test "without valid credentials", %{conn: conn} do
919 note_activity = insert(:note_activity)
920 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
921 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
924 test "with credentials", %{conn: conn, user: current_user} do
925 note_activity = insert(:note_activity)
926 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
927 ActivityPub.like(current_user, object)
931 |> with_credentials(current_user.nickname, "test")
932 |> post("/api/favorites/destroy/#{note_activity.id}.json")
934 assert json_response(conn, 200)
938 describe "POST /api/statuses/retweet/:id" do
941 test "without valid credentials", %{conn: conn} do
942 note_activity = insert(:note_activity)
943 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
944 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
947 test "with credentials", %{conn: conn, user: current_user} do
948 note_activity = insert(:note_activity)
950 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
954 |> with_credentials(current_user.nickname, "test")
955 |> post(request_path)
957 activity = Activity.get_by_id(note_activity.id)
958 activity_user = User.get_by_ap_id(note_activity.data["actor"])
960 assert json_response(response, 200) ==
961 ActivityView.render("activity.json", %{
969 describe "POST /api/statuses/unretweet/:id" do
972 test "without valid credentials", %{conn: conn} do
973 note_activity = insert(:note_activity)
974 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
975 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
978 test "with credentials", %{conn: conn, user: current_user} do
979 note_activity = insert(:note_activity)
981 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
985 |> with_credentials(current_user.nickname, "test")
986 |> post(request_path)
988 request_path = String.replace(request_path, "retweet", "unretweet")
992 |> with_credentials(current_user.nickname, "test")
993 |> post(request_path)
995 activity = Activity.get_by_id(note_activity.id)
996 activity_user = User.get_by_ap_id(note_activity.data["actor"])
998 assert json_response(response, 200) ==
999 ActivityView.render("activity.json", %{
1000 user: activity_user,
1007 describe "POST /api/account/register" do
1008 test "it creates a new user", %{conn: conn} do
1010 "nickname" => "lain",
1011 "email" => "lain@wired.jp",
1012 "fullname" => "lain iwakura",
1013 "bio" => "close the world.",
1014 "password" => "bear",
1020 |> post("/api/account/register", data)
1022 user = json_response(conn, 200)
1024 fetched_user = User.get_by_nickname("lain")
1025 assert user == UserView.render("show.json", %{user: fetched_user})
1028 test "it returns errors on a problem", %{conn: conn} do
1030 "email" => "lain@wired.jp",
1031 "fullname" => "lain iwakura",
1032 "bio" => "close the world.",
1033 "password" => "bear",
1039 |> post("/api/account/register", data)
1041 errors = json_response(conn, 400)
1043 assert is_binary(errors["error"])
1047 describe "POST /api/account/password_reset, with valid parameters" do
1048 setup %{conn: conn} do
1049 user = insert(:user)
1050 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1051 %{conn: conn, user: user}
1054 test "it returns 204", %{conn: conn} do
1055 assert json_response(conn, :no_content)
1058 test "it creates a PasswordResetToken record for user", %{user: user} do
1059 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1063 test "it sends an email to user", %{user: user} do
1064 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1066 Swoosh.TestAssertions.assert_email_sent(
1067 Pleroma.UserEmail.password_reset_email(user, token_record.token)
1072 describe "POST /api/account/password_reset, with invalid parameters" do
1075 test "it returns 500 when user is not found", %{conn: conn, user: user} do
1076 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
1077 assert json_response(conn, :internal_server_error)
1080 test "it returns 500 when user is not local", %{conn: conn, user: user} do
1081 {:ok, user} = Repo.update(Changeset.change(user, local: false))
1082 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1083 assert json_response(conn, :internal_server_error)
1087 describe "GET /api/account/confirm_email/:id/:token" do
1089 user = insert(:user)
1090 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1094 |> Changeset.change()
1095 |> Changeset.put_embed(:info, info_change)
1098 assert user.info.confirmation_pending
1103 test "it redirects to root url", %{conn: conn, user: user} do
1104 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1106 assert 302 == conn.status
1109 test "it confirms the user account", %{conn: conn, user: user} do
1110 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1112 user = User.get_by_id(user.id)
1114 refute user.info.confirmation_pending
1115 refute user.info.confirmation_token
1118 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
1119 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
1121 assert 500 == conn.status
1124 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
1125 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
1127 assert 500 == conn.status
1131 describe "POST /api/account/resend_confirmation_email" do
1133 setting = Pleroma.Config.get([:instance, :account_activation_required])
1136 Pleroma.Config.put([:instance, :account_activation_required], true)
1137 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
1140 user = insert(:user)
1141 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1145 |> Changeset.change()
1146 |> Changeset.put_embed(:info, info_change)
1149 assert user.info.confirmation_pending
1154 test "it returns 204 No Content", %{conn: conn, user: user} do
1156 |> assign(:user, user)
1157 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1158 |> json_response(:no_content)
1161 test "it sends confirmation email", %{conn: conn, user: user} do
1163 |> assign(:user, user)
1164 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1166 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
1170 describe "GET /api/externalprofile/show" do
1171 test "it returns the user", %{conn: conn} do
1172 user = insert(:user)
1173 other_user = insert(:user)
1177 |> assign(:user, user)
1178 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1180 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1184 describe "GET /api/statuses/followers" do
1185 test "it returns a user's followers", %{conn: conn} do
1186 user = insert(:user)
1187 follower_one = insert(:user)
1188 follower_two = insert(:user)
1189 _not_follower = insert(:user)
1191 {:ok, follower_one} = User.follow(follower_one, user)
1192 {:ok, follower_two} = User.follow(follower_two, user)
1196 |> assign(:user, user)
1197 |> get("/api/statuses/followers")
1199 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1200 result = json_response(conn, 200)
1201 assert Enum.sort(expected) == Enum.sort(result)
1204 test "it returns 20 followers per page", %{conn: conn} do
1205 user = insert(:user)
1206 followers = insert_list(21, :user)
1208 Enum.each(followers, fn follower ->
1209 User.follow(follower, user)
1214 |> assign(:user, user)
1215 |> get("/api/statuses/followers")
1217 result = json_response(res_conn, 200)
1218 assert length(result) == 20
1222 |> assign(:user, user)
1223 |> get("/api/statuses/followers?page=2")
1225 result = json_response(res_conn, 200)
1226 assert length(result) == 1
1229 test "it returns a given user's followers with user_id", %{conn: conn} do
1230 user = insert(:user)
1231 follower_one = insert(:user)
1232 follower_two = insert(:user)
1233 not_follower = insert(:user)
1235 {:ok, follower_one} = User.follow(follower_one, user)
1236 {:ok, follower_two} = User.follow(follower_two, user)
1240 |> assign(:user, not_follower)
1241 |> get("/api/statuses/followers", %{"user_id" => user.id})
1243 assert MapSet.equal?(
1244 MapSet.new(json_response(conn, 200)),
1246 UserView.render("index.json", %{
1247 users: [follower_one, follower_two],
1254 test "it returns empty when hide_followers is set to true", %{conn: conn} do
1255 user = insert(:user, %{info: %{hide_followers: true}})
1256 follower_one = insert(:user)
1257 follower_two = insert(:user)
1258 not_follower = insert(:user)
1260 {:ok, _follower_one} = User.follow(follower_one, user)
1261 {:ok, _follower_two} = User.follow(follower_two, user)
1265 |> assign(:user, not_follower)
1266 |> get("/api/statuses/followers", %{"user_id" => user.id})
1267 |> json_response(200)
1269 assert [] == response
1272 test "it returns the followers when hide_followers is set to true if requested by the user themselves",
1276 user = insert(:user, %{info: %{hide_followers: true}})
1277 follower_one = insert(:user)
1278 follower_two = insert(:user)
1279 _not_follower = insert(:user)
1281 {:ok, _follower_one} = User.follow(follower_one, user)
1282 {:ok, _follower_two} = User.follow(follower_two, user)
1286 |> assign(:user, user)
1287 |> get("/api/statuses/followers", %{"user_id" => user.id})
1289 refute [] == json_response(conn, 200)
1293 describe "GET /api/statuses/blocks" do
1294 test "it returns the list of users blocked by requester", %{conn: conn} do
1295 user = insert(:user)
1296 other_user = insert(:user)
1298 {:ok, user} = User.block(user, other_user)
1302 |> assign(:user, user)
1303 |> get("/api/statuses/blocks")
1305 expected = UserView.render("index.json", %{users: [other_user], for: user})
1306 result = json_response(conn, 200)
1307 assert Enum.sort(expected) == Enum.sort(result)
1311 describe "GET /api/statuses/friends" do
1312 test "it returns the logged in user's friends", %{conn: conn} do
1313 user = insert(:user)
1314 followed_one = insert(:user)
1315 followed_two = insert(:user)
1316 _not_followed = insert(:user)
1318 {:ok, user} = User.follow(user, followed_one)
1319 {:ok, user} = User.follow(user, followed_two)
1323 |> assign(:user, user)
1324 |> get("/api/statuses/friends")
1326 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1327 result = json_response(conn, 200)
1328 assert Enum.sort(expected) == Enum.sort(result)
1331 test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
1332 user = insert(:user)
1333 followeds = insert_list(21, :user)
1336 Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
1337 User.follow(user, followed)
1342 |> assign(:user, user)
1343 |> get("/api/statuses/friends")
1345 result = json_response(res_conn, 200)
1346 assert length(result) == 20
1350 |> assign(:user, user)
1351 |> get("/api/statuses/friends", %{page: 2})
1353 result = json_response(res_conn, 200)
1354 assert length(result) == 1
1358 |> assign(:user, user)
1359 |> get("/api/statuses/friends", %{all: true})
1361 result = json_response(res_conn, 200)
1362 assert length(result) == 21
1365 test "it returns a given user's friends with user_id", %{conn: conn} do
1366 user = insert(:user)
1367 followed_one = insert(:user)
1368 followed_two = insert(:user)
1369 _not_followed = insert(:user)
1371 {:ok, user} = User.follow(user, followed_one)
1372 {:ok, user} = User.follow(user, followed_two)
1376 |> assign(:user, user)
1377 |> get("/api/statuses/friends", %{"user_id" => user.id})
1379 assert MapSet.equal?(
1380 MapSet.new(json_response(conn, 200)),
1382 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1387 test "it returns empty when hide_follows is set to true", %{conn: conn} do
1388 user = insert(:user, %{info: %{hide_follows: true}})
1389 followed_one = insert(:user)
1390 followed_two = insert(:user)
1391 not_followed = insert(:user)
1393 {:ok, user} = User.follow(user, followed_one)
1394 {:ok, user} = User.follow(user, followed_two)
1398 |> assign(:user, not_followed)
1399 |> get("/api/statuses/friends", %{"user_id" => user.id})
1401 assert [] == json_response(conn, 200)
1404 test "it returns friends when hide_follows is set to true if the user themselves request it",
1408 user = insert(:user, %{info: %{hide_follows: true}})
1409 followed_one = insert(:user)
1410 followed_two = insert(:user)
1411 _not_followed = insert(:user)
1413 {:ok, _user} = User.follow(user, followed_one)
1414 {:ok, _user} = User.follow(user, followed_two)
1418 |> assign(:user, user)
1419 |> get("/api/statuses/friends", %{"user_id" => user.id})
1420 |> json_response(200)
1422 refute [] == response
1425 test "it returns a given user's friends with screen_name", %{conn: conn} do
1426 user = insert(:user)
1427 followed_one = insert(:user)
1428 followed_two = insert(:user)
1429 _not_followed = insert(:user)
1431 {:ok, user} = User.follow(user, followed_one)
1432 {:ok, user} = User.follow(user, followed_two)
1436 |> assign(:user, user)
1437 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1439 assert MapSet.equal?(
1440 MapSet.new(json_response(conn, 200)),
1442 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1448 describe "GET /friends/ids" do
1449 test "it returns a user's friends", %{conn: conn} do
1450 user = insert(:user)
1451 followed_one = insert(:user)
1452 followed_two = insert(:user)
1453 _not_followed = insert(:user)
1455 {:ok, user} = User.follow(user, followed_one)
1456 {:ok, user} = User.follow(user, followed_two)
1460 |> assign(:user, user)
1461 |> get("/api/friends/ids")
1463 expected = [followed_one.id, followed_two.id]
1465 assert MapSet.equal?(
1466 MapSet.new(Poison.decode!(json_response(conn, 200))),
1467 MapSet.new(expected)
1472 describe "POST /api/account/update_profile.json" do
1473 test "it updates a user's profile", %{conn: conn} do
1474 user = insert(:user)
1475 user2 = insert(:user)
1479 |> assign(:user, user)
1480 |> post("/api/account/update_profile.json", %{
1481 "name" => "new name",
1482 "description" => "hi @#{user2.nickname}"
1485 user = Repo.get!(User, user.id)
1486 assert user.name == "new name"
1489 "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{
1491 }'>@<span>#{user2.nickname}</span></a></span>"
1493 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1496 test "it sets and un-sets hide_follows", %{conn: conn} do
1497 user = insert(:user)
1500 |> assign(:user, user)
1501 |> post("/api/account/update_profile.json", %{
1502 "hide_follows" => "true"
1505 user = Repo.get!(User, user.id)
1506 assert user.info.hide_follows == true
1510 |> assign(:user, user)
1511 |> post("/api/account/update_profile.json", %{
1512 "hide_follows" => "false"
1515 user = Repo.get!(User, user.id)
1516 assert user.info.hide_follows == false
1517 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1520 test "it sets and un-sets hide_followers", %{conn: conn} do
1521 user = insert(:user)
1524 |> assign(:user, user)
1525 |> post("/api/account/update_profile.json", %{
1526 "hide_followers" => "true"
1529 user = Repo.get!(User, user.id)
1530 assert user.info.hide_followers == true
1534 |> assign(:user, user)
1535 |> post("/api/account/update_profile.json", %{
1536 "hide_followers" => "false"
1539 user = Repo.get!(User, user.id)
1540 assert user.info.hide_followers == false
1541 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1544 test "it sets and un-sets show_role", %{conn: conn} do
1545 user = insert(:user)
1548 |> assign(:user, user)
1549 |> post("/api/account/update_profile.json", %{
1550 "show_role" => "true"
1553 user = Repo.get!(User, user.id)
1554 assert user.info.show_role == true
1558 |> assign(:user, user)
1559 |> post("/api/account/update_profile.json", %{
1560 "show_role" => "false"
1563 user = Repo.get!(User, user.id)
1564 assert user.info.show_role == false
1565 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1568 test "it locks an account", %{conn: conn} do
1569 user = insert(:user)
1573 |> assign(:user, user)
1574 |> post("/api/account/update_profile.json", %{
1578 user = Repo.get!(User, user.id)
1579 assert user.info.locked == true
1581 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1584 test "it unlocks an account", %{conn: conn} do
1585 user = insert(:user)
1589 |> assign(:user, user)
1590 |> post("/api/account/update_profile.json", %{
1594 user = Repo.get!(User, user.id)
1595 assert user.info.locked == false
1597 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1601 defp valid_user(_context) do
1602 user = insert(:user)
1606 defp with_credentials(conn, username, password) do
1607 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1608 put_req_header(conn, "authorization", header_content)
1611 describe "GET /api/search.json" do
1612 test "it returns search results", %{conn: conn} do
1613 user = insert(:user)
1614 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1616 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1617 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1621 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1623 assert [status] = json_response(conn, 200)
1624 assert status["id"] == activity.id
1628 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1629 test "it returns the tags timeline", %{conn: conn} do
1630 user = insert(:user)
1631 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1633 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1634 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1638 |> get("/api/statusnet/tags/timeline/2hu.json")
1640 assert [status] = json_response(conn, 200)
1641 assert status["id"] == activity.id
1645 test "Convert newlines to <br> in bio", %{conn: conn} do
1646 user = insert(:user)
1650 |> assign(:user, user)
1651 |> post("/api/account/update_profile.json", %{
1652 "description" => "Hello,\r\nWorld! I\n am a test."
1655 user = Repo.get!(User, user.id)
1656 assert user.bio == "Hello,<br>World! I<br> am a test."
1659 describe "POST /api/pleroma/change_password" do
1662 test "without credentials", %{conn: conn} do
1663 conn = post(conn, "/api/pleroma/change_password")
1664 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1667 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1670 |> with_credentials(current_user.nickname, "test")
1671 |> post("/api/pleroma/change_password", %{
1673 "new_password" => "newpass",
1674 "new_password_confirmation" => "newpass"
1677 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1680 test "with credentials, valid password and new password and confirmation not matching", %{
1686 |> with_credentials(current_user.nickname, "test")
1687 |> post("/api/pleroma/change_password", %{
1688 "password" => "test",
1689 "new_password" => "newpass",
1690 "new_password_confirmation" => "notnewpass"
1693 assert json_response(conn, 200) == %{
1694 "error" => "New password does not match confirmation."
1698 test "with credentials, valid password and invalid new password", %{
1704 |> with_credentials(current_user.nickname, "test")
1705 |> post("/api/pleroma/change_password", %{
1706 "password" => "test",
1707 "new_password" => "",
1708 "new_password_confirmation" => ""
1711 assert json_response(conn, 200) == %{
1712 "error" => "New password can't be blank."
1716 test "with credentials, valid password and matching new password and confirmation", %{
1722 |> with_credentials(current_user.nickname, "test")
1723 |> post("/api/pleroma/change_password", %{
1724 "password" => "test",
1725 "new_password" => "newpass",
1726 "new_password_confirmation" => "newpass"
1729 assert json_response(conn, 200) == %{"status" => "success"}
1730 fetched_user = User.get_by_id(current_user.id)
1731 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1735 describe "POST /api/pleroma/delete_account" do
1738 test "without credentials", %{conn: conn} do
1739 conn = post(conn, "/api/pleroma/delete_account")
1740 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1743 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1746 |> with_credentials(current_user.nickname, "test")
1747 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1749 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1752 test "with credentials and valid password", %{conn: conn, user: current_user} do
1755 |> with_credentials(current_user.nickname, "test")
1756 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1758 assert json_response(conn, 200) == %{"status" => "success"}
1759 # Wait a second for the started task to end
1764 describe "GET /api/pleroma/friend_requests" do
1765 test "it lists friend requests" do
1766 user = insert(:user)
1767 other_user = insert(:user)
1769 {:ok, _activity} = ActivityPub.follow(other_user, user)
1771 user = User.get_by_id(user.id)
1772 other_user = User.get_by_id(other_user.id)
1774 assert User.following?(other_user, user) == false
1778 |> assign(:user, user)
1779 |> get("/api/pleroma/friend_requests")
1781 assert [relationship] = json_response(conn, 200)
1782 assert other_user.id == relationship["id"]
1785 test "requires 'read' permission", %{conn: conn} do
1786 token1 = insert(:oauth_token, scopes: ["write"])
1787 token2 = insert(:oauth_token, scopes: ["read"])
1789 for token <- [token1, token2] do
1792 |> put_req_header("authorization", "Bearer #{token.token}")
1793 |> get("/api/pleroma/friend_requests")
1795 if token == token1 do
1796 assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
1798 assert json_response(conn, 200)
1804 describe "POST /api/pleroma/friendships/approve" do
1805 test "it approves a friend request" do
1806 user = insert(:user)
1807 other_user = insert(:user)
1809 {:ok, _activity} = ActivityPub.follow(other_user, user)
1811 user = User.get_by_id(user.id)
1812 other_user = User.get_by_id(other_user.id)
1814 assert User.following?(other_user, user) == false
1818 |> assign(:user, user)
1819 |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
1821 assert relationship = json_response(conn, 200)
1822 assert other_user.id == relationship["id"]
1823 assert relationship["follows_you"] == true
1827 describe "POST /api/pleroma/friendships/deny" do
1828 test "it denies a friend request" do
1829 user = insert(:user)
1830 other_user = insert(:user)
1832 {:ok, _activity} = ActivityPub.follow(other_user, user)
1834 user = User.get_by_id(user.id)
1835 other_user = User.get_by_id(other_user.id)
1837 assert User.following?(other_user, user) == false
1841 |> assign(:user, user)
1842 |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
1844 assert relationship = json_response(conn, 200)
1845 assert other_user.id == relationship["id"]
1846 assert relationship["follows_you"] == false
1850 describe "GET /api/pleroma/search_user" do
1851 test "it returns users, ordered by similarity", %{conn: conn} do
1852 user = insert(:user, %{name: "eal"})
1853 user_two = insert(:user, %{name: "eal me"})
1854 _user_three = insert(:user, %{name: "zzz"})
1858 |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
1859 |> json_response(200)
1861 assert length(resp) == 2
1862 assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1866 describe "POST /api/media/upload" do
1868 Pleroma.DataCase.ensure_local_uploader(context)
1871 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1874 user = insert(:user)
1876 upload_filename = "test/fixtures/image_tmp.jpg"
1877 File.cp!("test/fixtures/image.jpg", upload_filename)
1879 file = %Plug.Upload{
1880 content_type: "image/jpg",
1881 path: Path.absname(upload_filename),
1882 filename: "image.jpg"
1887 |> assign(:user, user)
1888 |> put_req_header("content-type", "application/octet-stream")
1889 |> post("/api/media/upload", %{
1892 |> json_response(:ok)
1894 assert response["media_id"]
1895 object = Repo.get(Object, response["media_id"])
1897 assert object.data["actor"] == User.ap_id(user)
1901 describe "POST /api/media/metadata/create" do
1903 object = insert(:note)
1904 user = User.get_by_ap_id(object.data["actor"])
1905 %{object: object, user: user}
1908 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1912 initial_description = object.data["name"]
1913 another_user = insert(:user)
1916 |> assign(:user, another_user)
1917 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1918 |> json_response(:forbidden)
1920 object = Repo.get(Object, object.id)
1921 assert object.data["name"] == initial_description
1924 test "it updates `data[name]` of referenced Object with provided value", %{
1929 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1932 |> assign(:user, user)
1933 |> post("/api/media/metadata/create", %{
1934 "media_id" => object.id,
1935 "alt_text" => %{"text" => description}
1937 |> json_response(:no_content)
1939 object = Repo.get(Object, object.id)
1940 assert object.data["name"] == description
1944 describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
1945 test "it returns a list of pinned statuses", %{conn: conn} do
1946 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1948 user = insert(:user, %{name: "egor"})
1949 {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
1950 {:ok, _} = CommonAPI.pin(activity_id, user)
1954 |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
1955 |> json_response(200)
1957 assert length(resp) == 1
1958 assert [%{"id" => ^activity_id, "pinned" => true}] = resp
1962 describe "POST /api/statuses/pin/:id" do
1964 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1965 [user: insert(:user)]
1968 test "without valid credentials", %{conn: conn} do
1969 note_activity = insert(:note_activity)
1970 conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
1971 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1974 test "with credentials", %{conn: conn, user: user} do
1975 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1977 request_path = "/api/statuses/pin/#{activity.id}.json"
1981 |> with_credentials(user.nickname, "test")
1982 |> post(request_path)
1984 user = refresh_record(user)
1986 assert json_response(response, 200) ==
1987 ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
1991 describe "POST /api/statuses/unpin/:id" do
1993 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1994 [user: insert(:user)]
1997 test "without valid credentials", %{conn: conn} do
1998 note_activity = insert(:note_activity)
1999 conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
2000 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
2003 test "with credentials", %{conn: conn, user: user} do
2004 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
2005 {:ok, activity} = CommonAPI.pin(activity.id, user)
2007 request_path = "/api/statuses/unpin/#{activity.id}.json"
2011 |> with_credentials(user.nickname, "test")
2012 |> post(request_path)
2014 user = refresh_record(user)
2016 assert json_response(response, 200) ==
2017 ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
2021 describe "GET /api/oauth_tokens" do
2023 token = insert(:oauth_token) |> Repo.preload(:user)
2028 test "renders list", %{token: token} do
2031 |> assign(:user, token.user)
2032 |> get("/api/oauth_tokens")
2035 json_response(response, 200)
2039 assert keys -- ["id", "app_name", "valid_until"] == []
2042 test "revoke token", %{token: token} do
2045 |> assign(:user, token.user)
2046 |> delete("/api/oauth_tokens/#{token.id}")
2048 tokens = Token.get_user_tokens(token.user)
2051 assert response.status == 201