1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
8 alias Pleroma.Builders.ActivityBuilder
9 alias Pleroma.Builders.UserBuilder
11 alias Pleroma.Activity
14 alias Pleroma.Notification
15 alias Pleroma.Web.ActivityPub.ActivityPub
16 alias Pleroma.Web.OAuth.Token
17 alias Pleroma.Web.TwitterAPI.UserView
18 alias Pleroma.Web.TwitterAPI.NotificationView
19 alias Pleroma.Web.CommonAPI
20 alias Pleroma.Web.TwitterAPI.TwitterAPI
24 import Pleroma.Factory
26 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
28 describe "POST /api/account/update_profile_banner" do
29 test "it updates the banner", %{conn: conn} do
33 |> assign(:user, user)
34 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
37 user = refresh_record(user)
38 assert user.info.banner["type"] == "Image"
42 describe "POST /api/qvitter/update_background_image" do
43 test "it updates the background", %{conn: conn} do
47 |> assign(:user, user)
48 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
51 user = refresh_record(user)
52 assert user.info.background["type"] == "Image"
56 describe "POST /api/account/verify_credentials" do
59 test "without valid credentials", %{conn: conn} do
60 conn = post(conn, "/api/account/verify_credentials.json")
61 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
64 test "with credentials", %{conn: conn, user: user} do
67 |> with_credentials(user.nickname, "test")
68 |> post("/api/account/verify_credentials.json")
72 UserView.render("show.json", %{user: user, token: response["token"], for: user})
76 describe "POST /statuses/update.json" do
79 test "without valid credentials", %{conn: conn} do
80 conn = post(conn, "/api/statuses/update.json")
81 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
84 test "with credentials", %{conn: conn, user: user} do
85 conn_with_creds = conn |> with_credentials(user.nickname, "test")
86 request_path = "/api/statuses/update.json"
89 "request" => request_path,
90 "error" => "Client must provide a 'status' parameter with a value."
97 assert json_response(conn, 400) == error_response
101 |> post(request_path, %{status: ""})
103 assert json_response(conn, 400) == error_response
107 |> post(request_path, %{status: " "})
109 assert json_response(conn, 400) == error_response
111 # we post with visibility private in order to avoid triggering relay
114 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
116 assert json_response(conn, 200) ==
117 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user, for: user})
121 describe "GET /statuses/public_timeline.json" do
124 test "returns statuses", %{conn: conn} do
126 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
127 ActivityBuilder.insert_list(10, %{}, %{user: user})
128 since_id = List.last(activities).id
132 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
134 response = json_response(conn, 200)
136 assert length(response) == 10
139 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
141 Application.get_env(:pleroma, :instance)
142 |> Keyword.put(:public, false)
144 Application.put_env(:pleroma, :instance, instance)
147 |> get("/api/statuses/public_timeline.json")
148 |> json_response(403)
151 Application.get_env(:pleroma, :instance)
152 |> Keyword.put(:public, true)
154 Application.put_env(:pleroma, :instance, instance)
157 test "returns 200 to authenticated request when the instance is not public",
158 %{conn: conn, user: user} do
160 Application.get_env(:pleroma, :instance)
161 |> Keyword.put(:public, false)
163 Application.put_env(:pleroma, :instance, instance)
166 |> with_credentials(user.nickname, "test")
167 |> get("/api/statuses/public_timeline.json")
168 |> json_response(200)
171 Application.get_env(:pleroma, :instance)
172 |> Keyword.put(:public, true)
174 Application.put_env(:pleroma, :instance, instance)
177 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
179 |> get("/api/statuses/public_timeline.json")
180 |> json_response(200)
183 test "returns 200 to authenticated request when the instance is public",
184 %{conn: conn, user: user} do
186 |> with_credentials(user.nickname, "test")
187 |> get("/api/statuses/public_timeline.json")
188 |> json_response(200)
192 describe "GET /statuses/public_and_external_timeline.json" do
195 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
197 Application.get_env(:pleroma, :instance)
198 |> Keyword.put(:public, false)
200 Application.put_env(:pleroma, :instance, instance)
203 |> get("/api/statuses/public_and_external_timeline.json")
204 |> json_response(403)
207 Application.get_env(:pleroma, :instance)
208 |> Keyword.put(:public, true)
210 Application.put_env(:pleroma, :instance, instance)
213 test "returns 200 to authenticated request when the instance is not public",
214 %{conn: conn, user: user} do
216 Application.get_env(:pleroma, :instance)
217 |> Keyword.put(:public, false)
219 Application.put_env(:pleroma, :instance, instance)
222 |> with_credentials(user.nickname, "test")
223 |> get("/api/statuses/public_and_external_timeline.json")
224 |> json_response(200)
227 Application.get_env(:pleroma, :instance)
228 |> Keyword.put(:public, true)
230 Application.put_env(:pleroma, :instance, instance)
233 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
235 |> get("/api/statuses/public_and_external_timeline.json")
236 |> json_response(200)
239 test "returns 200 to authenticated request when the instance is public",
240 %{conn: conn, user: user} do
242 |> with_credentials(user.nickname, "test")
243 |> get("/api/statuses/public_and_external_timeline.json")
244 |> json_response(200)
248 describe "GET /statuses/show/:id.json" do
249 test "returns one status", %{conn: conn} do
251 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
252 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
256 |> get("/api/statuses/show/#{activity.id}.json")
258 response = json_response(conn, 200)
260 assert response == ActivityRepresenter.to_map(activity, %{user: actor})
264 describe "GET /users/show.json" do
265 test "gets user with screen_name", %{conn: conn} do
270 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
272 response = json_response(conn, 200)
274 assert response["id"] == user.id
277 test "gets user with user_id", %{conn: conn} do
282 |> get("/api/users/show.json", %{"user_id" => user.id})
284 response = json_response(conn, 200)
286 assert response["id"] == user.id
289 test "gets a user for a logged in user", %{conn: conn} do
291 logged_in = insert(:user)
293 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
297 |> with_credentials(logged_in.nickname, "test")
298 |> get("/api/users/show.json", %{"user_id" => user.id})
300 response = json_response(conn, 200)
302 assert response["following"] == true
306 describe "GET /statusnet/conversation/:id.json" do
307 test "returns the statuses in the conversation", %{conn: conn} do
308 {:ok, _user} = UserBuilder.insert()
309 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
310 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
311 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
315 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
317 response = json_response(conn, 200)
319 assert length(response) == 2
323 describe "GET /statuses/friends_timeline.json" do
326 test "without valid credentials", %{conn: conn} do
327 conn = get(conn, "/api/statuses/friends_timeline.json")
328 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
331 test "with credentials", %{conn: conn, user: current_user} do
335 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
337 returned_activities =
338 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
340 other_user = insert(:user)
341 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
342 since_id = List.last(activities).id
345 Changeset.change(current_user, following: [User.ap_followers(user)])
350 |> with_credentials(current_user.nickname, "test")
351 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
353 response = json_response(conn, 200)
355 assert length(response) == 10
358 Enum.map(returned_activities, fn activity ->
359 ActivityRepresenter.to_map(activity, %{
360 user: User.get_cached_by_ap_id(activity.data["actor"]),
367 describe "GET /statuses/dm_timeline.json" do
368 test "it show direct messages", %{conn: conn} do
369 user_one = insert(:user)
370 user_two = insert(:user)
372 {:ok, user_two} = User.follow(user_two, user_one)
375 CommonAPI.post(user_one, %{
376 "status" => "Hi @#{user_two.nickname}!",
377 "visibility" => "direct"
381 CommonAPI.post(user_two, %{
382 "status" => "Hi @#{user_one.nickname}!",
383 "visibility" => "direct"
386 {:ok, _follower_only} =
387 CommonAPI.post(user_one, %{
388 "status" => "Hi @#{user_two.nickname}!",
389 "visibility" => "private"
392 # Only direct should be visible here
395 |> assign(:user, user_two)
396 |> get("/api/statuses/dm_timeline.json")
398 [status, status_two] = json_response(res_conn, 200)
399 assert status["id"] == direct_two.id
400 assert status_two["id"] == direct.id
404 describe "GET /statuses/mentions.json" do
407 test "without valid credentials", %{conn: conn} do
408 conn = get(conn, "/api/statuses/mentions.json")
409 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
412 test "with credentials", %{conn: conn, user: current_user} do
414 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
418 |> with_credentials(current_user.nickname, "test")
419 |> get("/api/statuses/mentions.json")
421 response = json_response(conn, 200)
423 assert length(response) == 1
425 assert Enum.at(response, 0) ==
426 ActivityRepresenter.to_map(activity, %{
429 mentioned: [current_user]
434 describe "GET /api/qvitter/statuses/notifications.json" do
437 test "without valid credentials", %{conn: conn} do
438 conn = get(conn, "/api/qvitter/statuses/notifications.json")
439 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
442 test "with credentials", %{conn: conn, user: current_user} do
443 other_user = insert(:user)
446 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
450 |> with_credentials(current_user.nickname, "test")
451 |> get("/api/qvitter/statuses/notifications.json")
453 response = json_response(conn, 200)
455 assert length(response) == 1
458 NotificationView.render("notification.json", %{
459 notifications: Notification.for_user(current_user),
465 describe "POST /api/qvitter/statuses/notifications/read" do
468 test "without valid credentials", %{conn: conn} do
469 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
470 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
473 test "with credentials, without any params", %{conn: conn, user: current_user} do
476 |> with_credentials(current_user.nickname, "test")
477 |> post("/api/qvitter/statuses/notifications/read")
479 assert json_response(conn, 400) == %{
480 "error" => "You need to specify latest_id",
481 "request" => "/api/qvitter/statuses/notifications/read"
485 test "with credentials, with params", %{conn: conn, user: current_user} do
486 other_user = insert(:user)
489 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
493 |> with_credentials(current_user.nickname, "test")
494 |> get("/api/qvitter/statuses/notifications.json")
496 [notification] = response = json_response(response_conn, 200)
498 assert length(response) == 1
500 assert notification["is_seen"] == 0
504 |> with_credentials(current_user.nickname, "test")
505 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
507 [notification] = response = json_response(response_conn, 200)
509 assert length(response) == 1
511 assert notification["is_seen"] == 1
515 describe "GET /statuses/user_timeline.json" do
518 test "without any params", %{conn: conn} do
519 conn = get(conn, "/api/statuses/user_timeline.json")
521 assert json_response(conn, 400) == %{
522 "error" => "You need to specify screen_name or user_id",
523 "request" => "/api/statuses/user_timeline.json"
527 test "with user_id", %{conn: conn} do
529 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
531 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
532 response = json_response(conn, 200)
533 assert length(response) == 1
534 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
537 test "with screen_name", %{conn: conn} do
539 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
541 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
542 response = json_response(conn, 200)
543 assert length(response) == 1
544 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
547 test "with credentials", %{conn: conn, user: current_user} do
548 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
552 |> with_credentials(current_user.nickname, "test")
553 |> get("/api/statuses/user_timeline.json")
555 response = json_response(conn, 200)
557 assert length(response) == 1
559 assert Enum.at(response, 0) ==
560 ActivityRepresenter.to_map(activity, %{user: current_user, for: current_user})
563 test "with credentials with user_id", %{conn: conn, user: current_user} do
565 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
569 |> with_credentials(current_user.nickname, "test")
570 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
572 response = json_response(conn, 200)
574 assert length(response) == 1
575 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
578 test "with credentials screen_name", %{conn: conn, user: current_user} do
580 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
584 |> with_credentials(current_user.nickname, "test")
585 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
587 response = json_response(conn, 200)
589 assert length(response) == 1
590 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
593 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
595 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
596 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
600 |> with_credentials(current_user.nickname, "test")
601 |> get("/api/statuses/user_timeline.json", %{
602 "user_id" => user.id,
603 "include_rts" => "false"
606 response = json_response(conn, 200)
608 assert length(response) == 1
609 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
613 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
615 response = json_response(conn, 200)
617 assert length(response) == 1
618 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
622 describe "POST /friendships/create.json" do
625 test "without valid credentials", %{conn: conn} do
626 conn = post(conn, "/api/friendships/create.json")
627 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
630 test "with credentials", %{conn: conn, user: current_user} do
631 followed = insert(:user)
635 |> with_credentials(current_user.nickname, "test")
636 |> post("/api/friendships/create.json", %{user_id: followed.id})
638 current_user = Repo.get(User, current_user.id)
639 assert User.ap_followers(followed) in current_user.following
641 assert json_response(conn, 200) ==
642 UserView.render("show.json", %{user: followed, for: current_user})
645 test "for restricted account", %{conn: conn, user: current_user} do
646 followed = insert(:user, info: %User.Info{locked: true})
650 |> with_credentials(current_user.nickname, "test")
651 |> post("/api/friendships/create.json", %{user_id: followed.id})
653 current_user = Repo.get(User, current_user.id)
654 followed = Repo.get(User, followed.id)
656 refute User.ap_followers(followed) in current_user.following
657 assert followed.info.follow_request_count == 1
659 assert json_response(conn, 200) ==
660 UserView.render("show.json", %{user: followed, for: current_user})
664 describe "POST /friendships/destroy.json" do
667 test "without valid credentials", %{conn: conn} do
668 conn = post(conn, "/api/friendships/destroy.json")
669 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
672 test "with credentials", %{conn: conn, user: current_user} do
673 followed = insert(:user)
675 {:ok, current_user} = User.follow(current_user, followed)
676 assert User.ap_followers(followed) in current_user.following
677 ActivityPub.follow(current_user, followed)
681 |> with_credentials(current_user.nickname, "test")
682 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
684 current_user = Repo.get(User, current_user.id)
685 assert current_user.following == [current_user.ap_id]
687 assert json_response(conn, 200) ==
688 UserView.render("show.json", %{user: followed, for: current_user})
692 describe "POST /blocks/create.json" do
695 test "without valid credentials", %{conn: conn} do
696 conn = post(conn, "/api/blocks/create.json")
697 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
700 test "with credentials", %{conn: conn, user: current_user} do
701 blocked = insert(:user)
705 |> with_credentials(current_user.nickname, "test")
706 |> post("/api/blocks/create.json", %{user_id: blocked.id})
708 current_user = Repo.get(User, current_user.id)
709 assert User.blocks?(current_user, blocked)
711 assert json_response(conn, 200) ==
712 UserView.render("show.json", %{user: blocked, for: current_user})
716 describe "POST /blocks/destroy.json" do
719 test "without valid credentials", %{conn: conn} do
720 conn = post(conn, "/api/blocks/destroy.json")
721 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
724 test "with credentials", %{conn: conn, user: current_user} do
725 blocked = insert(:user)
727 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
728 assert User.blocks?(current_user, blocked)
732 |> with_credentials(current_user.nickname, "test")
733 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
735 current_user = Repo.get(User, current_user.id)
736 assert current_user.info.blocks == []
738 assert json_response(conn, 200) ==
739 UserView.render("show.json", %{user: blocked, for: current_user})
743 describe "GET /help/test.json" do
744 test "returns \"ok\"", %{conn: conn} do
745 conn = get(conn, "/api/help/test.json")
746 assert json_response(conn, 200) == "ok"
750 describe "POST /api/qvitter/update_avatar.json" do
753 test "without valid credentials", %{conn: conn} do
754 conn = post(conn, "/api/qvitter/update_avatar.json")
755 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
758 test "with credentials", %{conn: conn, user: current_user} do
759 avatar_image = File.read!("test/fixtures/avatar_data_uri")
763 |> with_credentials(current_user.nickname, "test")
764 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
766 current_user = Repo.get(User, current_user.id)
767 assert is_map(current_user.avatar)
769 assert json_response(conn, 200) ==
770 UserView.render("show.json", %{user: current_user, for: current_user})
774 describe "GET /api/qvitter/mutes.json" do
777 test "unimplemented mutes without valid credentials", %{conn: conn} do
778 conn = get(conn, "/api/qvitter/mutes.json")
779 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
782 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
785 |> with_credentials(current_user.nickname, "test")
786 |> get("/api/qvitter/mutes.json")
787 |> json_response(200)
793 describe "POST /api/favorites/create/:id" do
796 test "without valid credentials", %{conn: conn} do
797 note_activity = insert(:note_activity)
798 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
799 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
802 test "with credentials", %{conn: conn, user: current_user} do
803 note_activity = insert(:note_activity)
807 |> with_credentials(current_user.nickname, "test")
808 |> post("/api/favorites/create/#{note_activity.id}.json")
810 assert json_response(conn, 200)
813 test "with credentials, invalid param", %{conn: conn, user: current_user} do
816 |> with_credentials(current_user.nickname, "test")
817 |> post("/api/favorites/create/wrong.json")
819 assert json_response(conn, 400)
822 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
825 |> with_credentials(current_user.nickname, "test")
826 |> post("/api/favorites/create/1.json")
828 assert json_response(conn, 400)
832 describe "POST /api/favorites/destroy/:id" do
835 test "without valid credentials", %{conn: conn} do
836 note_activity = insert(:note_activity)
837 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
838 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
841 test "with credentials", %{conn: conn, user: current_user} do
842 note_activity = insert(:note_activity)
843 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
844 ActivityPub.like(current_user, object)
848 |> with_credentials(current_user.nickname, "test")
849 |> post("/api/favorites/destroy/#{note_activity.id}.json")
851 assert json_response(conn, 200)
855 describe "POST /api/statuses/retweet/:id" do
858 test "without valid credentials", %{conn: conn} do
859 note_activity = insert(:note_activity)
860 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
861 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
864 test "with credentials", %{conn: conn, user: current_user} do
865 note_activity = insert(:note_activity)
867 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
871 |> with_credentials(current_user.nickname, "test")
872 |> post(request_path)
874 activity = Repo.get(Activity, note_activity.id)
875 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
877 assert json_response(response, 200) ==
878 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
882 describe "POST /api/statuses/unretweet/:id" do
885 test "without valid credentials", %{conn: conn} do
886 note_activity = insert(:note_activity)
887 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
888 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
891 test "with credentials", %{conn: conn, user: current_user} do
892 note_activity = insert(:note_activity)
894 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
898 |> with_credentials(current_user.nickname, "test")
899 |> post(request_path)
901 request_path = String.replace(request_path, "retweet", "unretweet")
905 |> with_credentials(current_user.nickname, "test")
906 |> post(request_path)
908 activity = Repo.get(Activity, note_activity.id)
909 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
911 assert json_response(response, 200) ==
912 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
916 describe "POST /api/account/register" do
917 test "it creates a new user", %{conn: conn} do
919 "nickname" => "lain",
920 "email" => "lain@wired.jp",
921 "fullname" => "lain iwakura",
922 "bio" => "close the world.",
923 "password" => "bear",
929 |> post("/api/account/register", data)
931 user = json_response(conn, 200)
933 fetched_user = Repo.get_by(User, nickname: "lain")
934 assert user == UserView.render("show.json", %{user: fetched_user})
937 test "it returns errors on a problem", %{conn: conn} do
939 "email" => "lain@wired.jp",
940 "fullname" => "lain iwakura",
941 "bio" => "close the world.",
942 "password" => "bear",
948 |> post("/api/account/register", data)
950 errors = json_response(conn, 400)
952 assert is_binary(errors["error"])
956 describe "POST /api/account/password_reset, with valid parameters" do
957 setup %{conn: conn} do
959 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
960 %{conn: conn, user: user}
963 test "it returns 204", %{conn: conn} do
964 assert json_response(conn, :no_content)
967 test "it creates a PasswordResetToken record for user", %{user: user} do
968 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
972 test "it sends an email to user", %{user: user} do
973 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
975 Swoosh.TestAssertions.assert_email_sent(
976 Pleroma.UserEmail.password_reset_email(user, token_record.token)
981 describe "POST /api/account/password_reset, with invalid parameters" do
984 test "it returns 500 when user is not found", %{conn: conn, user: user} do
985 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
986 assert json_response(conn, :internal_server_error)
989 test "it returns 500 when user is not local", %{conn: conn, user: user} do
990 {:ok, user} = Repo.update(Changeset.change(user, local: false))
991 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
992 assert json_response(conn, :internal_server_error)
996 describe "GET /api/account/confirm_email/:id/:token" do
999 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1003 |> Changeset.change()
1004 |> Changeset.put_embed(:info, info_change)
1007 assert user.info.confirmation_pending
1012 test "it redirects to root url", %{conn: conn, user: user} do
1013 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1015 assert 302 == conn.status
1018 test "it confirms the user account", %{conn: conn, user: user} do
1019 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
1021 user = Repo.get(User, user.id)
1023 refute user.info.confirmation_pending
1024 refute user.info.confirmation_token
1027 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
1028 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
1030 assert 500 == conn.status
1033 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
1034 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
1036 assert 500 == conn.status
1040 describe "POST /api/account/resend_confirmation_email" do
1042 setting = Pleroma.Config.get([:instance, :account_activation_required])
1045 Pleroma.Config.put([:instance, :account_activation_required], true)
1046 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
1049 user = insert(:user)
1050 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
1054 |> Changeset.change()
1055 |> Changeset.put_embed(:info, info_change)
1058 assert user.info.confirmation_pending
1063 test "it returns 204 No Content", %{conn: conn, user: user} do
1065 |> assign(:user, user)
1066 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1067 |> json_response(:no_content)
1070 test "it sends confirmation email", %{conn: conn, user: user} do
1072 |> assign(:user, user)
1073 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
1075 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
1079 describe "GET /api/externalprofile/show" do
1080 test "it returns the user", %{conn: conn} do
1081 user = insert(:user)
1082 other_user = insert(:user)
1086 |> assign(:user, user)
1087 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1089 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1093 describe "GET /api/statuses/followers" do
1094 test "it returns a user's followers", %{conn: conn} do
1095 user = insert(:user)
1096 follower_one = insert(:user)
1097 follower_two = insert(:user)
1098 _not_follower = insert(:user)
1100 {:ok, follower_one} = User.follow(follower_one, user)
1101 {:ok, follower_two} = User.follow(follower_two, user)
1105 |> assign(:user, user)
1106 |> get("/api/statuses/followers")
1108 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1109 result = json_response(conn, 200)
1110 assert Enum.sort(expected) == Enum.sort(result)
1113 test "it returns 20 followers per page", %{conn: conn} do
1114 user = insert(:user)
1115 followers = insert_list(21, :user)
1117 Enum.each(followers, fn follower ->
1118 User.follow(follower, user)
1123 |> assign(:user, user)
1124 |> get("/api/statuses/followers")
1126 result = json_response(res_conn, 200)
1127 assert length(result) == 20
1131 |> assign(:user, user)
1132 |> get("/api/statuses/followers?page=2")
1134 result = json_response(res_conn, 200)
1135 assert length(result) == 1
1138 test "it returns a given user's followers with user_id", %{conn: conn} do
1139 user = insert(:user)
1140 follower_one = insert(:user)
1141 follower_two = insert(:user)
1142 not_follower = insert(:user)
1144 {:ok, follower_one} = User.follow(follower_one, user)
1145 {:ok, follower_two} = User.follow(follower_two, user)
1149 |> assign(:user, not_follower)
1150 |> get("/api/statuses/followers", %{"user_id" => user.id})
1152 assert MapSet.equal?(
1153 MapSet.new(json_response(conn, 200)),
1155 UserView.render("index.json", %{
1156 users: [follower_one, follower_two],
1163 test "it returns empty when hide_followers is set to true", %{conn: conn} do
1164 user = insert(:user, %{info: %{hide_followers: true}})
1165 follower_one = insert(:user)
1166 follower_two = insert(:user)
1167 not_follower = insert(:user)
1169 {:ok, _follower_one} = User.follow(follower_one, user)
1170 {:ok, _follower_two} = User.follow(follower_two, user)
1174 |> assign(:user, not_follower)
1175 |> get("/api/statuses/followers", %{"user_id" => user.id})
1176 |> json_response(200)
1178 assert [] == response
1181 test "it returns the followers when hide_followers is set to true if requested by the user themselves",
1185 user = insert(:user, %{info: %{hide_followers: true}})
1186 follower_one = insert(:user)
1187 follower_two = insert(:user)
1188 _not_follower = insert(:user)
1190 {:ok, _follower_one} = User.follow(follower_one, user)
1191 {:ok, _follower_two} = User.follow(follower_two, user)
1195 |> assign(:user, user)
1196 |> get("/api/statuses/followers", %{"user_id" => user.id})
1198 refute [] == json_response(conn, 200)
1202 describe "GET /api/statuses/blocks" do
1203 test "it returns the list of users blocked by requester", %{conn: conn} do
1204 user = insert(:user)
1205 other_user = insert(:user)
1207 {:ok, user} = User.block(user, other_user)
1211 |> assign(:user, user)
1212 |> get("/api/statuses/blocks")
1214 expected = UserView.render("index.json", %{users: [other_user], for: user})
1215 result = json_response(conn, 200)
1216 assert Enum.sort(expected) == Enum.sort(result)
1220 describe "GET /api/statuses/friends" do
1221 test "it returns the logged in user's friends", %{conn: conn} do
1222 user = insert(:user)
1223 followed_one = insert(:user)
1224 followed_two = insert(:user)
1225 _not_followed = insert(:user)
1227 {:ok, user} = User.follow(user, followed_one)
1228 {:ok, user} = User.follow(user, followed_two)
1232 |> assign(:user, user)
1233 |> get("/api/statuses/friends")
1235 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1236 result = json_response(conn, 200)
1237 assert Enum.sort(expected) == Enum.sort(result)
1240 test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
1241 user = insert(:user)
1242 followeds = insert_list(21, :user)
1245 Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
1246 User.follow(user, followed)
1251 |> assign(:user, user)
1252 |> get("/api/statuses/friends")
1254 result = json_response(res_conn, 200)
1255 assert length(result) == 20
1259 |> assign(:user, user)
1260 |> get("/api/statuses/friends", %{page: 2})
1262 result = json_response(res_conn, 200)
1263 assert length(result) == 1
1267 |> assign(:user, user)
1268 |> get("/api/statuses/friends", %{all: true})
1270 result = json_response(res_conn, 200)
1271 assert length(result) == 21
1274 test "it returns a given user's friends with user_id", %{conn: conn} do
1275 user = insert(:user)
1276 followed_one = insert(:user)
1277 followed_two = insert(:user)
1278 _not_followed = insert(:user)
1280 {:ok, user} = User.follow(user, followed_one)
1281 {:ok, user} = User.follow(user, followed_two)
1285 |> assign(:user, user)
1286 |> get("/api/statuses/friends", %{"user_id" => user.id})
1288 assert MapSet.equal?(
1289 MapSet.new(json_response(conn, 200)),
1291 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1296 test "it returns empty when hide_follows is set to true", %{conn: conn} do
1297 user = insert(:user, %{info: %{hide_follows: true}})
1298 followed_one = insert(:user)
1299 followed_two = insert(:user)
1300 not_followed = insert(:user)
1302 {:ok, user} = User.follow(user, followed_one)
1303 {:ok, user} = User.follow(user, followed_two)
1307 |> assign(:user, not_followed)
1308 |> get("/api/statuses/friends", %{"user_id" => user.id})
1310 assert [] == json_response(conn, 200)
1313 test "it returns friends when hide_follows is set to true if the user themselves request it",
1317 user = insert(:user, %{info: %{hide_follows: true}})
1318 followed_one = insert(:user)
1319 followed_two = insert(:user)
1320 _not_followed = insert(:user)
1322 {:ok, _user} = User.follow(user, followed_one)
1323 {:ok, _user} = User.follow(user, followed_two)
1327 |> assign(:user, user)
1328 |> get("/api/statuses/friends", %{"user_id" => user.id})
1329 |> json_response(200)
1331 refute [] == response
1334 test "it returns a given user's friends with screen_name", %{conn: conn} do
1335 user = insert(:user)
1336 followed_one = insert(:user)
1337 followed_two = insert(:user)
1338 _not_followed = insert(:user)
1340 {:ok, user} = User.follow(user, followed_one)
1341 {:ok, user} = User.follow(user, followed_two)
1345 |> assign(:user, user)
1346 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1348 assert MapSet.equal?(
1349 MapSet.new(json_response(conn, 200)),
1351 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1357 describe "GET /friends/ids" do
1358 test "it returns a user's friends", %{conn: conn} do
1359 user = insert(:user)
1360 followed_one = insert(:user)
1361 followed_two = insert(:user)
1362 _not_followed = insert(:user)
1364 {:ok, user} = User.follow(user, followed_one)
1365 {:ok, user} = User.follow(user, followed_two)
1369 |> assign(:user, user)
1370 |> get("/api/friends/ids")
1372 expected = [followed_one.id, followed_two.id]
1374 assert MapSet.equal?(
1375 MapSet.new(Poison.decode!(json_response(conn, 200))),
1376 MapSet.new(expected)
1381 describe "POST /api/account/update_profile.json" do
1382 test "it updates a user's profile", %{conn: conn} do
1383 user = insert(:user)
1384 user2 = insert(:user)
1388 |> assign(:user, user)
1389 |> post("/api/account/update_profile.json", %{
1390 "name" => "new name",
1391 "description" => "hi @#{user2.nickname}"
1394 user = Repo.get!(User, user.id)
1395 assert user.name == "new name"
1398 "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{
1400 }'>@<span>#{user2.nickname}</span></a></span>"
1402 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1405 test "it sets and un-sets hide_follows", %{conn: conn} do
1406 user = insert(:user)
1409 |> assign(:user, user)
1410 |> post("/api/account/update_profile.json", %{
1411 "hide_follows" => "true"
1414 user = Repo.get!(User, user.id)
1415 assert user.info.hide_follows == true
1419 |> assign(:user, user)
1420 |> post("/api/account/update_profile.json", %{
1421 "hide_follows" => "false"
1424 user = Repo.get!(User, user.id)
1425 assert user.info.hide_follows == false
1426 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1429 test "it sets and un-sets hide_followers", %{conn: conn} do
1430 user = insert(:user)
1433 |> assign(:user, user)
1434 |> post("/api/account/update_profile.json", %{
1435 "hide_followers" => "true"
1438 user = Repo.get!(User, user.id)
1439 assert user.info.hide_followers == true
1443 |> assign(:user, user)
1444 |> post("/api/account/update_profile.json", %{
1445 "hide_followers" => "false"
1448 user = Repo.get!(User, user.id)
1449 assert user.info.hide_followers == false
1450 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1453 test "it sets and un-sets show_role", %{conn: conn} do
1454 user = insert(:user)
1457 |> assign(:user, user)
1458 |> post("/api/account/update_profile.json", %{
1459 "show_role" => "true"
1462 user = Repo.get!(User, user.id)
1463 assert user.info.show_role == true
1467 |> assign(:user, user)
1468 |> post("/api/account/update_profile.json", %{
1469 "show_role" => "false"
1472 user = Repo.get!(User, user.id)
1473 assert user.info.show_role == false
1474 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1477 test "it locks an account", %{conn: conn} do
1478 user = insert(:user)
1482 |> assign(:user, user)
1483 |> post("/api/account/update_profile.json", %{
1487 user = Repo.get!(User, user.id)
1488 assert user.info.locked == true
1490 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1493 test "it unlocks an account", %{conn: conn} do
1494 user = insert(:user)
1498 |> assign(:user, user)
1499 |> post("/api/account/update_profile.json", %{
1503 user = Repo.get!(User, user.id)
1504 assert user.info.locked == false
1506 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1510 defp valid_user(_context) do
1511 user = insert(:user)
1515 defp with_credentials(conn, username, password) do
1516 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1517 put_req_header(conn, "authorization", header_content)
1520 describe "GET /api/search.json" do
1521 test "it returns search results", %{conn: conn} do
1522 user = insert(:user)
1523 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1525 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1526 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1530 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1532 assert [status] = json_response(conn, 200)
1533 assert status["id"] == activity.id
1537 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1538 test "it returns the tags timeline", %{conn: conn} do
1539 user = insert(:user)
1540 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1542 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1543 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1547 |> get("/api/statusnet/tags/timeline/2hu.json")
1549 assert [status] = json_response(conn, 200)
1550 assert status["id"] == activity.id
1554 test "Convert newlines to <br> in bio", %{conn: conn} do
1555 user = insert(:user)
1559 |> assign(:user, user)
1560 |> post("/api/account/update_profile.json", %{
1561 "description" => "Hello,\r\nWorld! I\n am a test."
1564 user = Repo.get!(User, user.id)
1565 assert user.bio == "Hello,<br>World! I<br> am a test."
1568 describe "POST /api/pleroma/change_password" do
1571 test "without credentials", %{conn: conn} do
1572 conn = post(conn, "/api/pleroma/change_password")
1573 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1576 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1579 |> with_credentials(current_user.nickname, "test")
1580 |> post("/api/pleroma/change_password", %{
1582 "new_password" => "newpass",
1583 "new_password_confirmation" => "newpass"
1586 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1589 test "with credentials, valid password and new password and confirmation not matching", %{
1595 |> with_credentials(current_user.nickname, "test")
1596 |> post("/api/pleroma/change_password", %{
1597 "password" => "test",
1598 "new_password" => "newpass",
1599 "new_password_confirmation" => "notnewpass"
1602 assert json_response(conn, 200) == %{
1603 "error" => "New password does not match confirmation."
1607 test "with credentials, valid password and invalid new password", %{
1613 |> with_credentials(current_user.nickname, "test")
1614 |> post("/api/pleroma/change_password", %{
1615 "password" => "test",
1616 "new_password" => "",
1617 "new_password_confirmation" => ""
1620 assert json_response(conn, 200) == %{
1621 "error" => "New password can't be blank."
1625 test "with credentials, valid password and matching new password and confirmation", %{
1631 |> with_credentials(current_user.nickname, "test")
1632 |> post("/api/pleroma/change_password", %{
1633 "password" => "test",
1634 "new_password" => "newpass",
1635 "new_password_confirmation" => "newpass"
1638 assert json_response(conn, 200) == %{"status" => "success"}
1639 fetched_user = Repo.get(User, current_user.id)
1640 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1644 describe "POST /api/pleroma/delete_account" do
1647 test "without credentials", %{conn: conn} do
1648 conn = post(conn, "/api/pleroma/delete_account")
1649 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1652 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1655 |> with_credentials(current_user.nickname, "test")
1656 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1658 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1661 test "with credentials and valid password", %{conn: conn, user: current_user} do
1664 |> with_credentials(current_user.nickname, "test")
1665 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1667 assert json_response(conn, 200) == %{"status" => "success"}
1668 # Wait a second for the started task to end
1673 describe "GET /api/pleroma/friend_requests" do
1674 test "it lists friend requests" do
1675 user = insert(:user)
1676 other_user = insert(:user)
1678 {:ok, _activity} = ActivityPub.follow(other_user, user)
1680 user = Repo.get(User, user.id)
1681 other_user = Repo.get(User, other_user.id)
1683 assert User.following?(other_user, user) == false
1687 |> assign(:user, user)
1688 |> get("/api/pleroma/friend_requests")
1690 assert [relationship] = json_response(conn, 200)
1691 assert other_user.id == relationship["id"]
1695 describe "POST /api/pleroma/friendships/approve" do
1696 test "it approves a friend request" do
1697 user = insert(:user)
1698 other_user = insert(:user)
1700 {:ok, _activity} = ActivityPub.follow(other_user, user)
1702 user = Repo.get(User, user.id)
1703 other_user = Repo.get(User, other_user.id)
1705 assert User.following?(other_user, user) == false
1706 assert user.info.follow_request_count == 1
1710 |> assign(:user, user)
1711 |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
1713 user = Repo.get(User, user.id)
1715 assert relationship = json_response(conn, 200)
1716 assert other_user.id == relationship["id"]
1717 assert relationship["follows_you"] == true
1718 assert user.info.follow_request_count == 0
1722 describe "POST /api/pleroma/friendships/deny" do
1723 test "it denies a friend request" do
1724 user = insert(:user)
1725 other_user = insert(:user)
1727 {:ok, _activity} = ActivityPub.follow(other_user, user)
1729 user = Repo.get(User, user.id)
1730 other_user = Repo.get(User, other_user.id)
1732 assert User.following?(other_user, user) == false
1733 assert user.info.follow_request_count == 1
1737 |> assign(:user, user)
1738 |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
1740 user = Repo.get(User, user.id)
1742 assert relationship = json_response(conn, 200)
1743 assert other_user.id == relationship["id"]
1744 assert relationship["follows_you"] == false
1745 assert user.info.follow_request_count == 0
1749 describe "GET /api/pleroma/search_user" do
1750 test "it returns users, ordered by similarity", %{conn: conn} do
1751 user = insert(:user, %{name: "eal"})
1752 user_two = insert(:user, %{name: "eal me"})
1753 _user_three = insert(:user, %{name: "zzz"})
1757 |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
1758 |> json_response(200)
1760 assert length(resp) == 2
1761 assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1765 describe "POST /api/media/upload" do
1767 Pleroma.DataCase.ensure_local_uploader(context)
1770 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1773 user = insert(:user)
1775 upload_filename = "test/fixtures/image_tmp.jpg"
1776 File.cp!("test/fixtures/image.jpg", upload_filename)
1778 file = %Plug.Upload{
1779 content_type: "image/jpg",
1780 path: Path.absname(upload_filename),
1781 filename: "image.jpg"
1786 |> assign(:user, user)
1787 |> put_req_header("content-type", "application/octet-stream")
1788 |> post("/api/media/upload", %{
1791 |> json_response(:ok)
1793 assert response["media_id"]
1794 object = Repo.get(Object, response["media_id"])
1796 assert object.data["actor"] == User.ap_id(user)
1800 describe "POST /api/media/metadata/create" do
1802 object = insert(:note)
1803 user = User.get_by_ap_id(object.data["actor"])
1804 %{object: object, user: user}
1807 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1811 initial_description = object.data["name"]
1812 another_user = insert(:user)
1815 |> assign(:user, another_user)
1816 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1817 |> json_response(:forbidden)
1819 object = Repo.get(Object, object.id)
1820 assert object.data["name"] == initial_description
1823 test "it updates `data[name]` of referenced Object with provided value", %{
1828 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1831 |> assign(:user, user)
1832 |> post("/api/media/metadata/create", %{
1833 "media_id" => object.id,
1834 "alt_text" => %{"text" => description}
1836 |> json_response(:no_content)
1838 object = Repo.get(Object, object.id)
1839 assert object.data["name"] == description
1843 describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
1844 test "it returns a list of pinned statuses", %{conn: conn} do
1845 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1847 user = insert(:user, %{name: "egor"})
1848 {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
1849 {:ok, _} = CommonAPI.pin(activity_id, user)
1853 |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
1854 |> json_response(200)
1856 assert length(resp) == 1
1857 assert [%{"id" => ^activity_id, "pinned" => true}] = resp
1861 describe "POST /api/statuses/pin/:id" do
1863 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1864 [user: insert(:user)]
1867 test "without valid credentials", %{conn: conn} do
1868 note_activity = insert(:note_activity)
1869 conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
1870 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1873 test "with credentials", %{conn: conn, user: user} do
1874 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1876 request_path = "/api/statuses/pin/#{activity.id}.json"
1880 |> with_credentials(user.nickname, "test")
1881 |> post(request_path)
1883 user = refresh_record(user)
1885 assert json_response(response, 200) ==
1886 ActivityRepresenter.to_map(activity, %{user: user, for: user})
1890 describe "POST /api/statuses/unpin/:id" do
1892 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
1893 [user: insert(:user)]
1896 test "without valid credentials", %{conn: conn} do
1897 note_activity = insert(:note_activity)
1898 conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
1899 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1902 test "with credentials", %{conn: conn, user: user} do
1903 {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
1904 {:ok, activity} = CommonAPI.pin(activity.id, user)
1906 request_path = "/api/statuses/unpin/#{activity.id}.json"
1910 |> with_credentials(user.nickname, "test")
1911 |> post(request_path)
1913 user = refresh_record(user)
1915 assert json_response(response, 200) ==
1916 ActivityRepresenter.to_map(activity, %{user: user, for: user})
1920 describe "GET /api/oauth_tokens" do
1922 token = insert(:oauth_token) |> Repo.preload(:user)
1927 test "renders list", %{token: token} do
1930 |> assign(:user, token.user)
1931 |> get("/api/oauth_tokens")
1934 json_response(response, 200)
1938 assert keys -- ["id", "app_name", "valid_until"] == []
1941 test "revoke token", %{token: token} do
1944 |> assign(:user, token.user)
1945 |> delete("/api/oauth_tokens/#{token.id}")
1947 tokens = Token.get_user_tokens(token.user)
1950 assert response.status == 201