1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
8 alias Pleroma.Builders.ActivityBuilder
9 alias Pleroma.Builders.UserBuilder
11 alias Pleroma.Activity
14 alias Pleroma.Notification
15 alias Pleroma.Web.ActivityPub.ActivityPub
16 alias Pleroma.Web.OAuth.Token
17 alias Pleroma.Web.TwitterAPI.Controller
18 alias Pleroma.Web.TwitterAPI.UserView
19 alias Pleroma.Web.TwitterAPI.NotificationView
20 alias Pleroma.Web.CommonAPI
21 alias Pleroma.Web.TwitterAPI.TwitterAPI
25 import Pleroma.Factory
28 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
30 describe "POST /api/account/update_profile_banner" do
31 test "it updates the banner", %{conn: conn} do
35 |> assign(:user, user)
36 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
39 user = refresh_record(user)
40 assert user.info.banner["type"] == "Image"
44 describe "POST /api/qvitter/update_background_image" do
45 test "it updates the background", %{conn: conn} do
49 |> assign(:user, user)
50 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
53 user = refresh_record(user)
54 assert user.info.background["type"] == "Image"
58 describe "POST /api/account/verify_credentials" do
61 test "without valid credentials", %{conn: conn} do
62 conn = post(conn, "/api/account/verify_credentials.json")
63 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
66 test "with credentials", %{conn: conn, user: user} do
69 |> with_credentials(user.nickname, "test")
70 |> post("/api/account/verify_credentials.json")
74 UserView.render("show.json", %{user: user, token: response["token"], for: user})
78 describe "POST /statuses/update.json" do
81 test "without valid credentials", %{conn: conn} do
82 conn = post(conn, "/api/statuses/update.json")
83 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
86 test "with credentials", %{conn: conn, user: user} do
87 conn_with_creds = conn |> with_credentials(user.nickname, "test")
88 request_path = "/api/statuses/update.json"
91 "request" => request_path,
92 "error" => "Client must provide a 'status' parameter with a value."
99 assert json_response(conn, 400) == error_response
103 |> post(request_path, %{status: ""})
105 assert json_response(conn, 400) == error_response
109 |> post(request_path, %{status: " "})
111 assert json_response(conn, 400) == error_response
113 # we post with visibility private in order to avoid triggering relay
116 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
118 assert json_response(conn, 200) ==
119 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user, for: user})
123 describe "GET /statuses/public_timeline.json" do
126 test "returns statuses", %{conn: conn} do
128 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
129 ActivityBuilder.insert_list(10, %{}, %{user: user})
130 since_id = List.last(activities).id
134 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
136 response = json_response(conn, 200)
138 assert length(response) == 10
141 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
143 Application.get_env(:pleroma, :instance)
144 |> Keyword.put(:public, false)
146 Application.put_env(:pleroma, :instance, instance)
149 |> get("/api/statuses/public_timeline.json")
150 |> json_response(403)
153 Application.get_env(:pleroma, :instance)
154 |> Keyword.put(:public, true)
156 Application.put_env(:pleroma, :instance, instance)
159 test "returns 200 to authenticated request when the instance is not public",
160 %{conn: conn, user: user} do
162 Application.get_env(:pleroma, :instance)
163 |> Keyword.put(:public, false)
165 Application.put_env(:pleroma, :instance, instance)
168 |> with_credentials(user.nickname, "test")
169 |> get("/api/statuses/public_timeline.json")
170 |> json_response(200)
173 Application.get_env(:pleroma, :instance)
174 |> Keyword.put(:public, true)
176 Application.put_env(:pleroma, :instance, instance)
179 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
181 |> get("/api/statuses/public_timeline.json")
182 |> json_response(200)
185 test "returns 200 to authenticated request when the instance is public",
186 %{conn: conn, user: user} do
188 |> with_credentials(user.nickname, "test")
189 |> get("/api/statuses/public_timeline.json")
190 |> json_response(200)
193 test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
197 token = insert(:oauth_token, scopes: ["write"])
200 |> put_req_header("authorization", "Bearer #{token.token}")
201 |> get("/api/statuses/public_timeline.json")
202 |> json_response(200)
204 assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
208 describe "GET /statuses/public_and_external_timeline.json" do
211 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
213 Application.get_env(:pleroma, :instance)
214 |> Keyword.put(:public, false)
216 Application.put_env(:pleroma, :instance, instance)
219 |> get("/api/statuses/public_and_external_timeline.json")
220 |> json_response(403)
223 Application.get_env(:pleroma, :instance)
224 |> Keyword.put(:public, true)
226 Application.put_env(:pleroma, :instance, instance)
229 test "returns 200 to authenticated request when the instance is not public",
230 %{conn: conn, user: user} do
232 Application.get_env(:pleroma, :instance)
233 |> Keyword.put(:public, false)
235 Application.put_env(:pleroma, :instance, instance)
238 |> with_credentials(user.nickname, "test")
239 |> get("/api/statuses/public_and_external_timeline.json")
240 |> json_response(200)
243 Application.get_env(:pleroma, :instance)
244 |> Keyword.put(:public, true)
246 Application.put_env(:pleroma, :instance, instance)
249 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
251 |> get("/api/statuses/public_and_external_timeline.json")
252 |> json_response(200)
255 test "returns 200 to authenticated request when the instance is public",
256 %{conn: conn, user: user} do
258 |> with_credentials(user.nickname, "test")
259 |> get("/api/statuses/public_and_external_timeline.json")
260 |> json_response(200)
264 describe "GET /statuses/show/:id.json" do
265 test "returns one status", %{conn: conn} do
267 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
268 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
272 |> get("/api/statuses/show/#{activity.id}.json")
274 response = json_response(conn, 200)
276 assert response == ActivityRepresenter.to_map(activity, %{user: actor})
280 describe "GET /users/show.json" do
281 test "gets user with screen_name", %{conn: conn} do
286 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
288 response = json_response(conn, 200)
290 assert response["id"] == user.id
293 test "gets user with user_id", %{conn: conn} do
298 |> get("/api/users/show.json", %{"user_id" => user.id})
300 response = json_response(conn, 200)
302 assert response["id"] == user.id
305 test "gets a user for a logged in user", %{conn: conn} do
307 logged_in = insert(:user)
309 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
313 |> with_credentials(logged_in.nickname, "test")
314 |> get("/api/users/show.json", %{"user_id" => user.id})
316 response = json_response(conn, 200)
318 assert response["following"] == true
322 describe "GET /statusnet/conversation/:id.json" do
323 test "returns the statuses in the conversation", %{conn: conn} do
324 {:ok, _user} = UserBuilder.insert()
325 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
326 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
327 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
331 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
333 response = json_response(conn, 200)
335 assert length(response) == 2
339 describe "GET /statuses/friends_timeline.json" do
342 test "without valid credentials", %{conn: conn} do
343 conn = get(conn, "/api/statuses/friends_timeline.json")
344 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
347 test "with credentials", %{conn: conn, user: current_user} do
351 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
353 returned_activities =
354 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
356 other_user = insert(:user)
357 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
358 since_id = List.last(activities).id
361 Changeset.change(current_user, following: [User.ap_followers(user)])
366 |> with_credentials(current_user.nickname, "test")
367 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
369 response = json_response(conn, 200)
371 assert length(response) == 10
374 Enum.map(returned_activities, fn activity ->
375 ActivityRepresenter.to_map(activity, %{
376 user: User.get_cached_by_ap_id(activity.data["actor"]),
383 describe "GET /statuses/dm_timeline.json" do
384 test "it show direct messages", %{conn: conn} do
385 user_one = insert(:user)
386 user_two = insert(:user)
388 {:ok, user_two} = User.follow(user_two, user_one)
391 CommonAPI.post(user_one, %{
392 "status" => "Hi @#{user_two.nickname}!",
393 "visibility" => "direct"
397 CommonAPI.post(user_two, %{
398 "status" => "Hi @#{user_one.nickname}!",
399 "visibility" => "direct"
402 {:ok, _follower_only} =
403 CommonAPI.post(user_one, %{
404 "status" => "Hi @#{user_two.nickname}!",
405 "visibility" => "private"
408 # Only direct should be visible here
411 |> assign(:user, user_two)
412 |> get("/api/statuses/dm_timeline.json")
414 [status, status_two] = json_response(res_conn, 200)
415 assert status["id"] == direct_two.id
416 assert status_two["id"] == direct.id
420 describe "GET /statuses/mentions.json" do
423 test "without valid credentials", %{conn: conn} do
424 conn = get(conn, "/api/statuses/mentions.json")
425 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
428 test "with credentials", %{conn: conn, user: current_user} do
430 CommonAPI.post(current_user, %{
431 "status" => "why is tenshi eating a corndog so cute?",
432 "visibility" => "public"
437 |> with_credentials(current_user.nickname, "test")
438 |> get("/api/statuses/mentions.json")
440 response = json_response(conn, 200)
442 assert length(response) == 1
444 assert Enum.at(response, 0) ==
445 ActivityRepresenter.to_map(activity, %{
448 mentioned: [current_user]
452 test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
454 CommonAPI.post(current_user, %{
455 "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
456 "visibility" => "direct"
461 |> with_credentials(current_user.nickname, "test")
462 |> get("/api/statuses/mentions.json")
464 response = json_response(conn, 200)
466 assert length(response) == 0
470 describe "GET /api/qvitter/statuses/notifications.json" do
473 test "without valid credentials", %{conn: conn} do
474 conn = get(conn, "/api/qvitter/statuses/notifications.json")
475 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
478 test "with credentials", %{conn: conn, user: current_user} do
479 other_user = insert(:user)
482 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
486 |> with_credentials(current_user.nickname, "test")
487 |> get("/api/qvitter/statuses/notifications.json")
489 response = json_response(conn, 200)
491 assert length(response) == 1
494 NotificationView.render("notification.json", %{
495 notifications: Notification.for_user(current_user),
501 describe "POST /api/qvitter/statuses/notifications/read" do
504 test "without valid credentials", %{conn: conn} do
505 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
506 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
509 test "with credentials, without any params", %{conn: conn, user: current_user} do
512 |> with_credentials(current_user.nickname, "test")
513 |> post("/api/qvitter/statuses/notifications/read")
515 assert json_response(conn, 400) == %{
516 "error" => "You need to specify latest_id",
517 "request" => "/api/qvitter/statuses/notifications/read"
521 test "with credentials, with params", %{conn: conn, user: current_user} do
522 other_user = insert(:user)
525 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
529 |> with_credentials(current_user.nickname, "test")
530 |> get("/api/qvitter/statuses/notifications.json")
532 [notification] = response = json_response(response_conn, 200)
534 assert length(response) == 1
536 assert notification["is_seen"] == 0
540 |> with_credentials(current_user.nickname, "test")
541 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
543 [notification] = response = json_response(response_conn, 200)
545 assert length(response) == 1
547 assert notification["is_seen"] == 1
551 describe "GET /statuses/user_timeline.json" do
554 test "without any params", %{conn: conn} do
555 conn = get(conn, "/api/statuses/user_timeline.json")
557 assert json_response(conn, 400) == %{
558 "error" => "You need to specify screen_name or user_id",
559 "request" => "/api/statuses/user_timeline.json"
563 test "with user_id", %{conn: conn} do
565 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
567 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
568 response = json_response(conn, 200)
569 assert length(response) == 1
570 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
573 test "with screen_name", %{conn: conn} do
575 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
577 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
578 response = json_response(conn, 200)
579 assert length(response) == 1
580 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
583 test "with credentials", %{conn: conn, user: current_user} do
584 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
588 |> with_credentials(current_user.nickname, "test")
589 |> get("/api/statuses/user_timeline.json")
591 response = json_response(conn, 200)
593 assert length(response) == 1
595 assert Enum.at(response, 0) ==
596 ActivityRepresenter.to_map(activity, %{user: current_user, for: current_user})
599 test "with credentials with user_id", %{conn: conn, user: current_user} do
601 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
605 |> with_credentials(current_user.nickname, "test")
606 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
608 response = json_response(conn, 200)
610 assert length(response) == 1
611 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
614 test "with credentials screen_name", %{conn: conn, user: current_user} do
616 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
620 |> with_credentials(current_user.nickname, "test")
621 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
623 response = json_response(conn, 200)
625 assert length(response) == 1
626 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
629 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
631 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
632 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
636 |> with_credentials(current_user.nickname, "test")
637 |> get("/api/statuses/user_timeline.json", %{
638 "user_id" => user.id,
639 "include_rts" => "false"
642 response = json_response(conn, 200)
644 assert length(response) == 1
645 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
649 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
651 response = json_response(conn, 200)
653 assert length(response) == 1
654 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
658 describe "POST /friendships/create.json" do
661 test "without valid credentials", %{conn: conn} do
662 conn = post(conn, "/api/friendships/create.json")
663 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
666 test "with credentials", %{conn: conn, user: current_user} do
667 followed = insert(:user)
671 |> with_credentials(current_user.nickname, "test")
672 |> post("/api/friendships/create.json", %{user_id: followed.id})
674 current_user = Repo.get(User, current_user.id)
675 assert User.ap_followers(followed) in current_user.following
677 assert json_response(conn, 200) ==
678 UserView.render("show.json", %{user: followed, for: current_user})
681 test "for restricted account", %{conn: conn, user: current_user} do
682 followed = insert(:user, info: %User.Info{locked: true})
686 |> with_credentials(current_user.nickname, "test")
687 |> post("/api/friendships/create.json", %{user_id: followed.id})
689 current_user = Repo.get(User, current_user.id)
690 followed = Repo.get(User, followed.id)
692 refute User.ap_followers(followed) in current_user.following
694 assert json_response(conn, 200) ==
695 UserView.render("show.json", %{user: followed, for: current_user})
699 describe "POST /friendships/destroy.json" do
702 test "without valid credentials", %{conn: conn} do
703 conn = post(conn, "/api/friendships/destroy.json")
704 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
707 test "with credentials", %{conn: conn, user: current_user} do
708 followed = insert(:user)
710 {:ok, current_user} = User.follow(current_user, followed)
711 assert User.ap_followers(followed) in current_user.following
712 ActivityPub.follow(current_user, followed)
716 |> with_credentials(current_user.nickname, "test")
717 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
719 current_user = Repo.get(User, current_user.id)
720 assert current_user.following == [current_user.ap_id]
722 assert json_response(conn, 200) ==
723 UserView.render("show.json", %{user: followed, for: current_user})
727 describe "POST /blocks/create.json" do
730 test "without valid credentials", %{conn: conn} do
731 conn = post(conn, "/api/blocks/create.json")
732 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
735 test "with credentials", %{conn: conn, user: current_user} do
736 blocked = insert(:user)
740 |> with_credentials(current_user.nickname, "test")
741 |> post("/api/blocks/create.json", %{user_id: blocked.id})
743 current_user = Repo.get(User, current_user.id)
744 assert User.blocks?(current_user, blocked)
746 assert json_response(conn, 200) ==
747 UserView.render("show.json", %{user: blocked, for: current_user})
751 describe "POST /blocks/destroy.json" do
754 test "without valid credentials", %{conn: conn} do
755 conn = post(conn, "/api/blocks/destroy.json")
756 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
759 test "with credentials", %{conn: conn, user: current_user} do
760 blocked = insert(:user)
762 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
763 assert User.blocks?(current_user, blocked)
767 |> with_credentials(current_user.nickname, "test")
768 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
770 current_user = Repo.get(User, current_user.id)
771 assert current_user.info.blocks == []
773 assert json_response(conn, 200) ==
774 UserView.render("show.json", %{user: blocked, for: current_user})
778 describe "GET /help/test.json" do
779 test "returns \"ok\"", %{conn: conn} do
780 conn = get(conn, "/api/help/test.json")
781 assert json_response(conn, 200) == "ok"
785 describe "POST /api/qvitter/update_avatar.json" do
788 test "without valid credentials", %{conn: conn} do
789 conn = post(conn, "/api/qvitter/update_avatar.json")
790 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
793 test "with credentials", %{conn: conn, user: current_user} do
794 avatar_image = File.read!("test/fixtures/avatar_data_uri")
798 |> with_credentials(current_user.nickname, "test")
799 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
801 current_user = Repo.get(User, current_user.id)
802 assert is_map(current_user.avatar)
804 assert json_response(conn, 200) ==
805 UserView.render("show.json", %{user: current_user, for: current_user})
809 describe "GET /api/qvitter/mutes.json" do
812 test "unimplemented mutes without valid credentials", %{conn: conn} do
813 conn = get(conn, "/api/qvitter/mutes.json")
814 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
817 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
820 |> with_credentials(current_user.nickname, "test")
821 |> get("/api/qvitter/mutes.json")
822 |> json_response(200)
828 describe "POST /api/favorites/create/:id" do
831 test "without valid credentials", %{conn: conn} do
832 note_activity = insert(:note_activity)
833 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
834 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
837 test "with credentials", %{conn: conn, user: current_user} do
838 note_activity = insert(:note_activity)
842 |> with_credentials(current_user.nickname, "test")
843 |> post("/api/favorites/create/#{note_activity.id}.json")
845 assert json_response(conn, 200)
848 test "with credentials, invalid param", %{conn: conn, user: current_user} do
851 |> with_credentials(current_user.nickname, "test")
852 |> post("/api/favorites/create/wrong.json")
854 assert json_response(conn, 400)
857 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
860 |> with_credentials(current_user.nickname, "test")
861 |> post("/api/favorites/create/1.json")
863 assert json_response(conn, 400)
867 describe "POST /api/favorites/destroy/:id" do
870 test "without valid credentials", %{conn: conn} do
871 note_activity = insert(:note_activity)
872 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
873 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
876 test "with credentials", %{conn: conn, user: current_user} do
877 note_activity = insert(:note_activity)
878 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
879 ActivityPub.like(current_user, object)
883 |> with_credentials(current_user.nickname, "test")
884 |> post("/api/favorites/destroy/#{note_activity.id}.json")
886 assert json_response(conn, 200)
890 describe "POST /api/statuses/retweet/:id" do
893 test "without valid credentials", %{conn: conn} do
894 note_activity = insert(:note_activity)
895 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
896 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
899 test "with credentials", %{conn: conn, user: current_user} do
900 note_activity = insert(:note_activity)
902 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
906 |> with_credentials(current_user.nickname, "test")
907 |> post(request_path)
909 activity = Repo.get(Activity, note_activity.id)
910 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
912 assert json_response(response, 200) ==
913 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
917 describe "POST /api/statuses/unretweet/:id" do
920 test "without valid credentials", %{conn: conn} do
921 note_activity = insert(:note_activity)
922 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
923 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
926 test "with credentials", %{conn: conn, user: current_user} do
927 note_activity = insert(:note_activity)
929 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
933 |> with_credentials(current_user.nickname, "test")
934 |> post(request_path)
936 request_path = String.replace(request_path, "retweet", "unretweet")
940 |> with_credentials(current_user.nickname, "test")
941 |> post(request_path)
943 activity = Repo.get(Activity, note_activity.id)
944 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
946 assert json_response(response, 200) ==
947 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
951 describe "POST /api/account/register" do
952 test "it creates a new user", %{conn: conn} do
954 "nickname" => "lain",
955 "email" => "lain@wired.jp",
956 "fullname" => "lain iwakura",
957 "bio" => "close the world.",
958 "password" => "bear",
964 |> post("/api/account/register", data)
966 user = json_response(conn, 200)
968 fetched_user = Repo.get_by(User, nickname: "lain")
969 assert user == UserView.render("show.json", %{user: fetched_user})
972 test "it returns errors on a problem", %{conn: conn} do
974 "email" => "lain@wired.jp",
975 "fullname" => "lain iwakura",
976 "bio" => "close the world.",
977 "password" => "bear",
983 |> post("/api/account/register", data)
985 errors = json_response(conn, 400)
987 assert is_binary(errors["error"])
991 describe "POST /api/account/password_reset, with valid parameters" do
992 setup %{conn: conn} do
994 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
995 %{conn: conn, user: user}
998 test "it returns 204", %{conn: conn} do
999 assert json_response(conn, :no_content)
1002 test "it creates a PasswordResetToken record for user", %{user: user} do
1003 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1007 test "it sends an email to user", %{user: user} do
1008 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
1010 Swoosh.TestAssertions.assert_email_sent(
1011 Pleroma.UserEmail.password_reset_email(user, token_record.token)
1016 describe "POST /api/account/password_reset, with invalid parameters" do
1019 test "it returns 500 when user is not found", %{conn: conn, user: user} do
1020 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
1021 assert json_response(conn, :internal_server_error)
1024 test "it returns 500 when user is not local", %{conn: conn, user: user} do
1025 {:ok, user} = Repo.update(Changeset.change(user, local: false))
1026 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
1027 assert json_response(conn, :internal_server_error)
1031 describe "GET /api/account/confirm_email/:id/:token" do
1033 user = insert(:user)
1034 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1038 |> Changeset.change()
1039 |> Changeset.put_embed(:info, info_change)
1042 assert user.info.confirmation_pending
1047 test "it redirects to root url", %{conn: conn, user: user} do
1048 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1050 assert 302 == conn.status
1053 test "it confirms the user account", %{conn: conn, user: user} do
1054 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1056 user = Repo.get(User, user.id)
1058 refute user.info.confirmation_pending
1059 refute user.info.confirmation_token
1062 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
1063 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
1065 assert 500 == conn.status
1068 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
1069 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
1071 assert 500 == conn.status
1075 describe "POST /api/account/resend_confirmation_email" do
1077 setting = Pleroma.Config.get([:instance, :account_activation_required])
1080 Pleroma.Config.put([:instance, :account_activation_required], true)
1081 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
1084 user = insert(:user)
1085 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1089 |> Changeset.change()
1090 |> Changeset.put_embed(:info, info_change)
1093 assert user.info.confirmation_pending
1098 test "it returns 204 No Content", %{conn: conn, user: user} do
1100 |> assign(:user, user)
1101 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1102 |> json_response(:no_content)
1105 test "it sends confirmation email", %{conn: conn, user: user} do
1107 |> assign(:user, user)
1108 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1110 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
1114 describe "GET /api/externalprofile/show" do
1115 test "it returns the user", %{conn: conn} do
1116 user = insert(:user)
1117 other_user = insert(:user)
1121 |> assign(:user, user)
1122 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1124 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1128 describe "GET /api/statuses/followers" do
1129 test "it returns a user's followers", %{conn: conn} do
1130 user = insert(:user)
1131 follower_one = insert(:user)
1132 follower_two = insert(:user)
1133 _not_follower = insert(:user)
1135 {:ok, follower_one} = User.follow(follower_one, user)
1136 {:ok, follower_two} = User.follow(follower_two, user)
1140 |> assign(:user, user)
1141 |> get("/api/statuses/followers")
1143 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1144 result = json_response(conn, 200)
1145 assert Enum.sort(expected) == Enum.sort(result)
1148 test "it returns 20 followers per page", %{conn: conn} do
1149 user = insert(:user)
1150 followers = insert_list(21, :user)
1152 Enum.each(followers, fn follower ->
1153 User.follow(follower, user)
1158 |> assign(:user, user)
1159 |> get("/api/statuses/followers")
1161 result = json_response(res_conn, 200)
1162 assert length(result) == 20
1166 |> assign(:user, user)
1167 |> get("/api/statuses/followers?page=2")
1169 result = json_response(res_conn, 200)
1170 assert length(result) == 1
1173 test "it returns a given user's followers with user_id", %{conn: conn} do
1174 user = insert(:user)
1175 follower_one = insert(:user)
1176 follower_two = insert(:user)
1177 not_follower = insert(:user)
1179 {:ok, follower_one} = User.follow(follower_one, user)
1180 {:ok, follower_two} = User.follow(follower_two, user)
1184 |> assign(:user, not_follower)
1185 |> get("/api/statuses/followers", %{"user_id" => user.id})
1187 assert MapSet.equal?(
1188 MapSet.new(json_response(conn, 200)),
1190 UserView.render("index.json", %{
1191 users: [follower_one, follower_two],
1198 test "it returns empty when hide_followers is set to true", %{conn: conn} do
1199 user = insert(:user, %{info: %{hide_followers: true}})
1200 follower_one = insert(:user)
1201 follower_two = insert(:user)
1202 not_follower = insert(:user)
1204 {:ok, _follower_one} = User.follow(follower_one, user)
1205 {:ok, _follower_two} = User.follow(follower_two, user)
1209 |> assign(:user, not_follower)
1210 |> get("/api/statuses/followers", %{"user_id" => user.id})
1211 |> json_response(200)
1213 assert [] == response
1216 test "it returns the followers when hide_followers is set to true if requested by the user themselves",
1220 user = insert(:user, %{info: %{hide_followers: true}})
1221 follower_one = insert(:user)
1222 follower_two = insert(:user)
1223 _not_follower = insert(:user)
1225 {:ok, _follower_one} = User.follow(follower_one, user)
1226 {:ok, _follower_two} = User.follow(follower_two, user)
1230 |> assign(:user, user)
1231 |> get("/api/statuses/followers", %{"user_id" => user.id})
1233 refute [] == json_response(conn, 200)
1237 describe "GET /api/statuses/blocks" do
1238 test "it returns the list of users blocked by requester", %{conn: conn} do
1239 user = insert(:user)
1240 other_user = insert(:user)
1242 {:ok, user} = User.block(user, other_user)
1246 |> assign(:user, user)
1247 |> get("/api/statuses/blocks")
1249 expected = UserView.render("index.json", %{users: [other_user], for: user})
1250 result = json_response(conn, 200)
1251 assert Enum.sort(expected) == Enum.sort(result)
1255 describe "GET /api/statuses/friends" do
1256 test "it returns the logged in user's friends", %{conn: conn} do
1257 user = insert(:user)
1258 followed_one = insert(:user)
1259 followed_two = insert(:user)
1260 _not_followed = insert(:user)
1262 {:ok, user} = User.follow(user, followed_one)
1263 {:ok, user} = User.follow(user, followed_two)
1267 |> assign(:user, user)
1268 |> get("/api/statuses/friends")
1270 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1271 result = json_response(conn, 200)
1272 assert Enum.sort(expected) == Enum.sort(result)
1275 test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
1276 user = insert(:user)
1277 followeds = insert_list(21, :user)
1280 Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
1281 User.follow(user, followed)
1286 |> assign(:user, user)
1287 |> get("/api/statuses/friends")
1289 result = json_response(res_conn, 200)
1290 assert length(result) == 20
1294 |> assign(:user, user)
1295 |> get("/api/statuses/friends", %{page: 2})
1297 result = json_response(res_conn, 200)
1298 assert length(result) == 1
1302 |> assign(:user, user)
1303 |> get("/api/statuses/friends", %{all: true})
1305 result = json_response(res_conn, 200)
1306 assert length(result) == 21
1309 test "it returns a given user's friends with user_id", %{conn: conn} do
1310 user = insert(:user)
1311 followed_one = insert(:user)
1312 followed_two = insert(:user)
1313 _not_followed = insert(:user)
1315 {:ok, user} = User.follow(user, followed_one)
1316 {:ok, user} = User.follow(user, followed_two)
1320 |> assign(:user, user)
1321 |> get("/api/statuses/friends", %{"user_id" => user.id})
1323 assert MapSet.equal?(
1324 MapSet.new(json_response(conn, 200)),
1326 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1331 test "it returns empty when hide_follows is set to true", %{conn: conn} do
1332 user = insert(:user, %{info: %{hide_follows: true}})
1333 followed_one = insert(:user)
1334 followed_two = insert(:user)
1335 not_followed = insert(:user)
1337 {:ok, user} = User.follow(user, followed_one)
1338 {:ok, user} = User.follow(user, followed_two)
1342 |> assign(:user, not_followed)
1343 |> get("/api/statuses/friends", %{"user_id" => user.id})
1345 assert [] == json_response(conn, 200)
1348 test "it returns friends when hide_follows is set to true if the user themselves request it",
1352 user = insert(:user, %{info: %{hide_follows: true}})
1353 followed_one = insert(:user)
1354 followed_two = insert(:user)
1355 _not_followed = insert(:user)
1357 {:ok, _user} = User.follow(user, followed_one)
1358 {:ok, _user} = User.follow(user, followed_two)
1362 |> assign(:user, user)
1363 |> get("/api/statuses/friends", %{"user_id" => user.id})
1364 |> json_response(200)
1366 refute [] == response
1369 test "it returns a given user's friends with screen_name", %{conn: conn} do
1370 user = insert(:user)
1371 followed_one = insert(:user)
1372 followed_two = insert(:user)
1373 _not_followed = insert(:user)
1375 {:ok, user} = User.follow(user, followed_one)
1376 {:ok, user} = User.follow(user, followed_two)
1380 |> assign(:user, user)
1381 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1383 assert MapSet.equal?(
1384 MapSet.new(json_response(conn, 200)),
1386 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1392 describe "GET /friends/ids" do
1393 test "it returns a user's friends", %{conn: conn} do
1394 user = insert(:user)
1395 followed_one = insert(:user)
1396 followed_two = insert(:user)
1397 _not_followed = insert(:user)
1399 {:ok, user} = User.follow(user, followed_one)
1400 {:ok, user} = User.follow(user, followed_two)
1404 |> assign(:user, user)
1405 |> get("/api/friends/ids")
1407 expected = [followed_one.id, followed_two.id]
1409 assert MapSet.equal?(
1410 MapSet.new(Poison.decode!(json_response(conn, 200))),
1411 MapSet.new(expected)
1416 describe "POST /api/account/update_profile.json" do
1417 test "it updates a user's profile", %{conn: conn} do
1418 user = insert(:user)
1419 user2 = insert(:user)
1423 |> assign(:user, user)
1424 |> post("/api/account/update_profile.json", %{
1425 "name" => "new name",
1426 "description" => "hi @#{user2.nickname}"
1429 user = Repo.get!(User, user.id)
1430 assert user.name == "new name"
1433 "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{
1435 }'>@<span>#{user2.nickname}</span></a></span>"
1437 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1440 test "it sets and un-sets hide_follows", %{conn: conn} do
1441 user = insert(:user)
1444 |> assign(:user, user)
1445 |> post("/api/account/update_profile.json", %{
1446 "hide_follows" => "true"
1449 user = Repo.get!(User, user.id)
1450 assert user.info.hide_follows == true
1454 |> assign(:user, user)
1455 |> post("/api/account/update_profile.json", %{
1456 "hide_follows" => "false"
1459 user = Repo.get!(User, user.id)
1460 assert user.info.hide_follows == false
1461 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1464 test "it sets and un-sets hide_followers", %{conn: conn} do
1465 user = insert(:user)
1468 |> assign(:user, user)
1469 |> post("/api/account/update_profile.json", %{
1470 "hide_followers" => "true"
1473 user = Repo.get!(User, user.id)
1474 assert user.info.hide_followers == true
1478 |> assign(:user, user)
1479 |> post("/api/account/update_profile.json", %{
1480 "hide_followers" => "false"
1483 user = Repo.get!(User, user.id)
1484 assert user.info.hide_followers == false
1485 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1488 test "it sets and un-sets show_role", %{conn: conn} do
1489 user = insert(:user)
1492 |> assign(:user, user)
1493 |> post("/api/account/update_profile.json", %{
1494 "show_role" => "true"
1497 user = Repo.get!(User, user.id)
1498 assert user.info.show_role == true
1502 |> assign(:user, user)
1503 |> post("/api/account/update_profile.json", %{
1504 "show_role" => "false"
1507 user = Repo.get!(User, user.id)
1508 assert user.info.show_role == false
1509 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1512 test "it locks an account", %{conn: conn} do
1513 user = insert(:user)
1517 |> assign(:user, user)
1518 |> post("/api/account/update_profile.json", %{
1522 user = Repo.get!(User, user.id)
1523 assert user.info.locked == true
1525 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1528 test "it unlocks an account", %{conn: conn} do
1529 user = insert(:user)
1533 |> assign(:user, user)
1534 |> post("/api/account/update_profile.json", %{
1538 user = Repo.get!(User, user.id)
1539 assert user.info.locked == false
1541 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1545 defp valid_user(_context) do
1546 user = insert(:user)
1550 defp with_credentials(conn, username, password) do
1551 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1552 put_req_header(conn, "authorization", header_content)
1555 describe "GET /api/search.json" do
1556 test "it returns search results", %{conn: conn} do
1557 user = insert(:user)
1558 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1560 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1561 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1565 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1567 assert [status] = json_response(conn, 200)
1568 assert status["id"] == activity.id
1572 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1573 test "it returns the tags timeline", %{conn: conn} do
1574 user = insert(:user)
1575 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1577 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1578 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1582 |> get("/api/statusnet/tags/timeline/2hu.json")
1584 assert [status] = json_response(conn, 200)
1585 assert status["id"] == activity.id
1589 test "Convert newlines to <br> in bio", %{conn: conn} do
1590 user = insert(:user)
1594 |> assign(:user, user)
1595 |> post("/api/account/update_profile.json", %{
1596 "description" => "Hello,\r\nWorld! I\n am a test."
1599 user = Repo.get!(User, user.id)
1600 assert user.bio == "Hello,<br>World! I<br> am a test."
1603 describe "POST /api/pleroma/change_password" do
1606 test "without credentials", %{conn: conn} do
1607 conn = post(conn, "/api/pleroma/change_password")
1608 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1611 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1614 |> with_credentials(current_user.nickname, "test")
1615 |> post("/api/pleroma/change_password", %{
1617 "new_password" => "newpass",
1618 "new_password_confirmation" => "newpass"
1621 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1624 test "with credentials, valid password and new password and confirmation not matching", %{
1630 |> with_credentials(current_user.nickname, "test")
1631 |> post("/api/pleroma/change_password", %{
1632 "password" => "test",
1633 "new_password" => "newpass",
1634 "new_password_confirmation" => "notnewpass"
1637 assert json_response(conn, 200) == %{
1638 "error" => "New password does not match confirmation."
1642 test "with credentials, valid password and invalid new password", %{
1648 |> with_credentials(current_user.nickname, "test")
1649 |> post("/api/pleroma/change_password", %{
1650 "password" => "test",
1651 "new_password" => "",
1652 "new_password_confirmation" => ""
1655 assert json_response(conn, 200) == %{
1656 "error" => "New password can't be blank."
1660 test "with credentials, valid password and matching new password and confirmation", %{
1666 |> with_credentials(current_user.nickname, "test")
1667 |> post("/api/pleroma/change_password", %{
1668 "password" => "test",
1669 "new_password" => "newpass",
1670 "new_password_confirmation" => "newpass"
1673 assert json_response(conn, 200) == %{"status" => "success"}
1674 fetched_user = Repo.get(User, current_user.id)
1675 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1679 describe "POST /api/pleroma/delete_account" do
1682 test "without credentials", %{conn: conn} do
1683 conn = post(conn, "/api/pleroma/delete_account")
1684 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1687 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1690 |> with_credentials(current_user.nickname, "test")
1691 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1693 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1696 test "with credentials and valid password", %{conn: conn, user: current_user} do
1699 |> with_credentials(current_user.nickname, "test")
1700 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1702 assert json_response(conn, 200) == %{"status" => "success"}
1703 # Wait a second for the started task to end
1708 describe "GET /api/pleroma/friend_requests" do
1709 test "it lists friend requests" do
1710 user = insert(:user)
1711 other_user = insert(:user)
1713 {:ok, _activity} = ActivityPub.follow(other_user, user)
1715 user = Repo.get(User, user.id)
1716 other_user = Repo.get(User, other_user.id)
1718 assert User.following?(other_user, user) == false
1722 |> assign(:user, user)
1723 |> get("/api/pleroma/friend_requests")
1725 assert [relationship] = json_response(conn, 200)
1726 assert other_user.id == relationship["id"]
1729 test "requires 'read' permission", %{conn: conn} do
1730 token1 = insert(:oauth_token, scopes: ["write"])
1731 token2 = insert(:oauth_token, scopes: ["read"])
1733 for token <- [token1, token2] do
1736 |> put_req_header("authorization", "Bearer #{token.token}")
1737 |> get("/api/pleroma/friend_requests")
1739 if token == token1 do
1740 assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
1742 assert json_response(conn, 200)
1748 describe "POST /api/pleroma/friendships/approve" do
1749 test "it approves a friend request" do
1750 user = insert(:user)
1751 other_user = insert(:user)
1753 {:ok, _activity} = ActivityPub.follow(other_user, user)
1755 user = Repo.get(User, user.id)
1756 other_user = Repo.get(User, other_user.id)
1758 assert User.following?(other_user, user) == false
1762 |> assign(:user, user)
1763 |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
1765 assert relationship = json_response(conn, 200)
1766 assert other_user.id == relationship["id"]
1767 assert relationship["follows_you"] == true
1771 describe "POST /api/pleroma/friendships/deny" do
1772 test "it denies a friend request" do
1773 user = insert(:user)
1774 other_user = insert(:user)
1776 {:ok, _activity} = ActivityPub.follow(other_user, user)
1778 user = Repo.get(User, user.id)
1779 other_user = Repo.get(User, other_user.id)
1781 assert User.following?(other_user, user) == false
1785 |> assign(:user, user)
1786 |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
1788 assert relationship = json_response(conn, 200)
1789 assert other_user.id == relationship["id"]
1790 assert relationship["follows_you"] == false
1794 describe "GET /api/pleroma/search_user" do
1795 test "it returns users, ordered by similarity", %{conn: conn} do
1796 user = insert(:user, %{name: "eal"})
1797 user_two = insert(:user, %{name: "eal me"})
1798 _user_three = insert(:user, %{name: "zzz"})
1802 |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
1803 |> json_response(200)
1805 assert length(resp) == 2
1806 assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1810 describe "POST /api/media/upload" do
1812 Pleroma.DataCase.ensure_local_uploader(context)
1815 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1818 user = insert(:user)
1820 upload_filename = "test/fixtures/image_tmp.jpg"
1821 File.cp!("test/fixtures/image.jpg", upload_filename)
1823 file = %Plug.Upload{
1824 content_type: "image/jpg",
1825 path: Path.absname(upload_filename),
1826 filename: "image.jpg"
1831 |> assign(:user, user)
1832 |> put_req_header("content-type", "application/octet-stream")
1833 |> post("/api/media/upload", %{
1836 |> json_response(:ok)
1838 assert response["media_id"]
1839 object = Repo.get(Object, response["media_id"])
1841 assert object.data["actor"] == User.ap_id(user)
1845 describe "POST /api/media/metadata/create" do
1847 object = insert(:note)
1848 user = User.get_by_ap_id(object.data["actor"])
1849 %{object: object, user: user}
1852 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1856 initial_description = object.data["name"]
1857 another_user = insert(:user)
1860 |> assign(:user, another_user)
1861 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1862 |> json_response(:forbidden)
1864 object = Repo.get(Object, object.id)
1865 assert object.data["name"] == initial_description
1868 test "it updates `data[name]` of referenced Object with provided value", %{
1873 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1876 |> assign(:user, user)
1877 |> post("/api/media/metadata/create", %{
1878 "media_id" => object.id,
1879 "alt_text" => %{"text" => description}
1881 |> json_response(:no_content)
1883 object = Repo.get(Object, object.id)
1884 assert object.data["name"] == description
1888 describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
1889 test "it returns a list of pinned statuses", %{conn: conn} do
1890 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1892 user = insert(:user, %{name: "egor"})
1893 {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
1894 {:ok, _} = CommonAPI.pin(activity_id, user)
1898 |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
1899 |> json_response(200)
1901 assert length(resp) == 1
1902 assert [%{"id" => ^activity_id, "pinned" => true}] = resp
1906 describe "POST /api/statuses/pin/:id" do
1908 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1909 [user: insert(:user)]
1912 test "without valid credentials", %{conn: conn} do
1913 note_activity = insert(:note_activity)
1914 conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
1915 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1918 test "with credentials", %{conn: conn, user: user} do
1919 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1921 request_path = "/api/statuses/pin/#{activity.id}.json"
1925 |> with_credentials(user.nickname, "test")
1926 |> post(request_path)
1928 user = refresh_record(user)
1930 assert json_response(response, 200) ==
1931 ActivityRepresenter.to_map(activity, %{user: user, for: user})
1935 describe "POST /api/statuses/unpin/:id" do
1937 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1938 [user: insert(:user)]
1941 test "without valid credentials", %{conn: conn} do
1942 note_activity = insert(:note_activity)
1943 conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
1944 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1947 test "with credentials", %{conn: conn, user: user} do
1948 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1949 {:ok, activity} = CommonAPI.pin(activity.id, user)
1951 request_path = "/api/statuses/unpin/#{activity.id}.json"
1955 |> with_credentials(user.nickname, "test")
1956 |> post(request_path)
1958 user = refresh_record(user)
1960 assert json_response(response, 200) ==
1961 ActivityRepresenter.to_map(activity, %{user: user, for: user})
1965 describe "GET /api/oauth_tokens" do
1967 token = insert(:oauth_token) |> Repo.preload(:user)
1972 test "renders list", %{token: token} do
1975 |> assign(:user, token.user)
1976 |> get("/api/oauth_tokens")
1979 json_response(response, 200)
1983 assert keys -- ["id", "app_name", "valid_until"] == []
1986 test "revoke token", %{token: token} do
1989 |> assign(:user, token.user)
1990 |> delete("/api/oauth_tokens/#{token.id}")
1992 tokens = Token.get_user_tokens(token.user)
1995 assert response.status == 201