1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Tests.ObanHelpers
13 import Pleroma.Factory
17 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
21 setup do: clear_config([:instance])
22 setup do: clear_config([:frontend_configurations, :pleroma_fe])
24 describe "POST /api/pleroma/follow_import" do
25 setup do: oauth_access(["follow"])
27 test "it returns HTTP 200", %{conn: conn} do
32 |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"})
35 assert response == "job started"
38 test "it imports follow lists from file", %{user: user1, conn: conn} do
43 read!: fn "follow_list.txt" ->
44 "Account address,Show boosts\n#{user2.ap_id},true"
49 |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}})
52 assert response == "job started"
54 assert ObanHelpers.member?(
56 "op" => "follow_import",
57 "follower_id" => user1.id,
58 "followed_identifiers" => [user2.ap_id]
60 all_enqueued(worker: Pleroma.Workers.BackgroundWorker)
65 test "it imports new-style mastodon follow lists", %{conn: conn} do
70 |> post("/api/pleroma/follow_import", %{
71 "list" => "Account address,Show boosts\n#{user2.ap_id},true"
75 assert response == "job started"
78 test "requires 'follow' or 'write:follows' permissions" do
79 token1 = insert(:oauth_token, scopes: ["read", "write"])
80 token2 = insert(:oauth_token, scopes: ["follow"])
81 token3 = insert(:oauth_token, scopes: ["something"])
82 another_user = insert(:user)
84 for token <- [token1, token2, token3] do
87 |> put_req_header("authorization", "Bearer #{token.token}")
88 |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"})
91 assert %{"error" => "Insufficient permissions: follow | write:follows."} ==
92 json_response(conn, 403)
94 assert json_response(conn, 200)
100 describe "POST /api/pleroma/blocks_import" do
101 # Note: "follow" or "write:blocks" permission is required
102 setup do: oauth_access(["write:blocks"])
104 test "it returns HTTP 200", %{conn: conn} do
105 user2 = insert(:user)
109 |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"})
110 |> json_response(:ok)
112 assert response == "job started"
115 test "it imports blocks users from file", %{user: user1, conn: conn} do
116 user2 = insert(:user)
117 user3 = insert(:user)
120 {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end}
124 |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}})
125 |> json_response(:ok)
127 assert response == "job started"
129 assert ObanHelpers.member?(
131 "op" => "blocks_import",
132 "blocker_id" => user1.id,
133 "blocked_identifiers" => [user2.ap_id, user3.ap_id]
135 all_enqueued(worker: Pleroma.Workers.BackgroundWorker)
141 describe "PUT /api/pleroma/notification_settings" do
142 setup do: oauth_access(["write:accounts"])
144 test "it updates notification settings", %{user: user, conn: conn} do
146 |> put("/api/pleroma/notification_settings", %{
147 "followers" => false,
150 |> json_response(:ok)
152 user = refresh_record(user)
154 assert %Pleroma.User.NotificationSetting{
159 privacy_option: false
160 } == user.notification_settings
163 test "it updates notification privacy option", %{user: user, conn: conn} do
165 |> put("/api/pleroma/notification_settings", %{"privacy_option" => "1"})
166 |> json_response(:ok)
168 user = refresh_record(user)
170 assert %Pleroma.User.NotificationSetting{
176 } == user.notification_settings
180 describe "GET /api/pleroma/frontend_configurations" do
181 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
192 Config.put(:frontend_configurations, config)
196 |> get("/api/pleroma/frontend_configurations")
197 |> json_response(:ok)
199 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
203 describe "/api/pleroma/emoji" do
204 test "returns json with custom emoji with tags", %{conn: conn} do
207 |> get("/api/pleroma/emoji")
208 |> json_response(200)
210 assert Enum.all?(emoji, fn
216 is_binary(url) and is_list(tags)
221 describe "GET /api/pleroma/healthcheck" do
222 setup do: clear_config([:instance, :healthcheck])
224 test "returns 503 when healthcheck disabled", %{conn: conn} do
225 Config.put([:instance, :healthcheck], false)
229 |> get("/api/pleroma/healthcheck")
230 |> json_response(503)
232 assert response == %{}
235 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
236 Config.put([:instance, :healthcheck], true)
238 with_mock Pleroma.Healthcheck,
239 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
242 |> get("/api/pleroma/healthcheck")
243 |> json_response(200)
255 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
256 Config.put([:instance, :healthcheck], true)
258 with_mock Pleroma.Healthcheck,
259 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
262 |> get("/api/pleroma/healthcheck")
263 |> json_response(503)
276 describe "POST /api/pleroma/disable_account" do
277 setup do: oauth_access(["write:accounts"])
279 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
282 |> post("/api/pleroma/disable_account", %{"password" => "test"})
283 |> json_response(:ok)
285 assert response == %{"status" => "success"}
286 ObanHelpers.perform_all()
288 user = User.get_cached_by_id(user.id)
290 assert user.deactivated == true
293 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
298 |> post("/api/pleroma/disable_account", %{"password" => "test1"})
299 |> json_response(:ok)
301 assert response == %{"error" => "Invalid password."}
302 user = User.get_cached_by_id(user.id)
304 refute user.deactivated
308 describe "POST /main/ostatus - remote_subscribe/2" do
309 setup do: clear_config([:instance, :federating], true)
311 test "renders subscribe form", %{conn: conn} do
316 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
319 refute response =~ "Could not find user"
320 assert response =~ "Remotely follow #{user.nickname}"
323 test "renders subscribe form with error when user not found", %{conn: conn} do
326 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
329 assert response =~ "Could not find user"
330 refute response =~ "Remotely follow"
333 test "it redirect to webfinger url", %{conn: conn} do
335 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
339 |> post("/main/ostatus", %{
340 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
343 assert redirected_to(conn) ==
344 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
347 test "it renders form with error when user not found", %{conn: conn} do
348 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
352 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
355 assert response =~ "Something went wrong."
359 test "it returns new captcha", %{conn: conn} do
360 with_mock Pleroma.Captcha,
361 new: fn -> "test_captcha" end do
364 |> get("/api/pleroma/captcha")
367 assert resp == "\"test_captcha\""
368 assert called(Pleroma.Captcha.new())
372 describe "POST /api/pleroma/change_email" do
373 setup do: oauth_access(["write:accounts"])
375 test "without permissions", %{conn: conn} do
378 |> assign(:token, nil)
379 |> post("/api/pleroma/change_email")
381 assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
384 test "with proper permissions and invalid password", %{conn: conn} do
386 post(conn, "/api/pleroma/change_email", %{
388 "email" => "test@test.com"
391 assert json_response(conn, 200) == %{"error" => "Invalid password."}
394 test "with proper permissions, valid password and invalid email", %{
398 post(conn, "/api/pleroma/change_email", %{
399 "password" => "test",
403 assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
406 test "with proper permissions, valid password and no email", %{
410 post(conn, "/api/pleroma/change_email", %{
414 assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
417 test "with proper permissions, valid password and blank email", %{
421 post(conn, "/api/pleroma/change_email", %{
422 "password" => "test",
426 assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
429 test "with proper permissions, valid password and non unique email", %{
435 post(conn, "/api/pleroma/change_email", %{
436 "password" => "test",
437 "email" => user.email
440 assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
443 test "with proper permissions, valid password and valid email", %{
447 post(conn, "/api/pleroma/change_email", %{
448 "password" => "test",
449 "email" => "cofe@foobar.com"
452 assert json_response(conn, 200) == %{"status" => "success"}
456 describe "POST /api/pleroma/change_password" do
457 setup do: oauth_access(["write:accounts"])
459 test "without permissions", %{conn: conn} do
462 |> assign(:token, nil)
463 |> post("/api/pleroma/change_password")
465 assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
468 test "with proper permissions and invalid password", %{conn: conn} do
470 post(conn, "/api/pleroma/change_password", %{
472 "new_password" => "newpass",
473 "new_password_confirmation" => "newpass"
476 assert json_response(conn, 200) == %{"error" => "Invalid password."}
479 test "with proper permissions, valid password and new password and confirmation not matching",
484 post(conn, "/api/pleroma/change_password", %{
485 "password" => "test",
486 "new_password" => "newpass",
487 "new_password_confirmation" => "notnewpass"
490 assert json_response(conn, 200) == %{
491 "error" => "New password does not match confirmation."
495 test "with proper permissions, valid password and invalid new password", %{
499 post(conn, "/api/pleroma/change_password", %{
500 "password" => "test",
501 "new_password" => "",
502 "new_password_confirmation" => ""
505 assert json_response(conn, 200) == %{
506 "error" => "New password can't be blank."
510 test "with proper permissions, valid password and matching new password and confirmation", %{
515 post(conn, "/api/pleroma/change_password", %{
516 "password" => "test",
517 "new_password" => "newpass",
518 "new_password_confirmation" => "newpass"
521 assert json_response(conn, 200) == %{"status" => "success"}
522 fetched_user = User.get_cached_by_id(user.id)
523 assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
527 describe "POST /api/pleroma/delete_account" do
528 setup do: oauth_access(["write:accounts"])
530 test "without permissions", %{conn: conn} do
533 |> assign(:token, nil)
534 |> post("/api/pleroma/delete_account")
536 assert json_response(conn, 403) ==
537 %{"error" => "Insufficient permissions: write:accounts."}
540 test "with proper permissions and wrong or missing password", %{conn: conn} do
541 for params <- [%{"password" => "hi"}, %{}] do
542 ret_conn = post(conn, "/api/pleroma/delete_account", params)
544 assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
548 test "with proper permissions and valid password", %{conn: conn} do
549 conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
551 assert json_response(conn, 200) == %{"status" => "success"}