projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'remotes/origin/develop' into 1478-oauth-admin-scopes...
[akkoma] / test / web / twitter_api / util_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
8
9 alias Pleroma.Tests.ObanHelpers
10 alias Pleroma.User
11 alias Pleroma.Web.CommonAPI
12
13 import ExUnit.CaptureLog
14 import Pleroma.Factory
15 import Mock
16
17 setup do
18 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
19 :ok
20 end
21
22 clear_config([:instance])
23 clear_config([:frontend_configurations, :pleroma_fe])
24 clear_config([:user, :deny_follow_blocked])
25
26 describe "POST /api/pleroma/follow_import" do
27 setup do: oauth_access(["follow"])
28
29 test "it returns HTTP 200", %{conn: conn} do
30 user2 = insert(:user)
31
32 response =
33 conn
34 |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"})
35 |> json_response(:ok)
36
37 assert response == "job started"
38 end
39
40 test "it imports follow lists from file", %{user: user1, conn: conn} do
41 user2 = insert(:user)
42
43 with_mocks([
44 {File, [],
45 read!: fn "follow_list.txt" ->
46 "Account address,Show boosts\n#{user2.ap_id},true"
47 end}
48 ]) do
49 response =
50 conn
51 |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}})
52 |> json_response(:ok)
53
54 assert response == "job started"
55
56 assert ObanHelpers.member?(
57 %{
58 "op" => "follow_import",
59 "follower_id" => user1.id,
60 "followed_identifiers" => [user2.ap_id]
61 },
62 all_enqueued(worker: Pleroma.Workers.BackgroundWorker)
63 )
64 end
65 end
66
67 test "it imports new-style mastodon follow lists", %{conn: conn} do
68 user2 = insert(:user)
69
70 response =
71 conn
72 |> post("/api/pleroma/follow_import", %{
73 "list" => "Account address,Show boosts\n#{user2.ap_id},true"
74 })
75 |> json_response(:ok)
76
77 assert response == "job started"
78 end
79
80 test "requires 'follow' or 'write:follows' permissions" do
81 token1 = insert(:oauth_token, scopes: ["read", "write"])
82 token2 = insert(:oauth_token, scopes: ["follow"])
83 token3 = insert(:oauth_token, scopes: ["something"])
84 another_user = insert(:user)
85
86 for token <- [token1, token2, token3] do
87 conn =
88 build_conn()
89 |> put_req_header("authorization", "Bearer #{token.token}")
90 |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"})
91
92 if token == token3 do
93 assert %{"error" => "Insufficient permissions: follow | write:follows."} ==
94 json_response(conn, 403)
95 else
96 assert json_response(conn, 200)
97 end
98 end
99 end
100 end
101
102 describe "POST /api/pleroma/blocks_import" do
103 # Note: "follow" or "write:blocks" permission is required
104 setup do: oauth_access(["write:blocks"])
105
106 test "it returns HTTP 200", %{conn: conn} do
107 user2 = insert(:user)
108
109 response =
110 conn
111 |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"})
112 |> json_response(:ok)
113
114 assert response == "job started"
115 end
116
117 test "it imports blocks users from file", %{user: user1, conn: conn} do
118 user2 = insert(:user)
119 user3 = insert(:user)
120
121 with_mocks([
122 {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end}
123 ]) do
124 response =
125 conn
126 |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}})
127 |> json_response(:ok)
128
129 assert response == "job started"
130
131 assert ObanHelpers.member?(
132 %{
133 "op" => "blocks_import",
134 "blocker_id" => user1.id,
135 "blocked_identifiers" => [user2.ap_id, user3.ap_id]
136 },
137 all_enqueued(worker: Pleroma.Workers.BackgroundWorker)
138 )
139 end
140 end
141 end
142
143 describe "PUT /api/pleroma/notification_settings" do
144 setup do: oauth_access(["write:accounts"])
145
146 test "it updates notification settings", %{user: user, conn: conn} do
147 conn
148 |> put("/api/pleroma/notification_settings", %{
149 "followers" => false,
150 "bar" => 1
151 })
152 |> json_response(:ok)
153
154 user = refresh_record(user)
155
156 assert %Pleroma.User.NotificationSetting{
157 followers: false,
158 follows: true,
159 non_follows: true,
160 non_followers: true,
161 privacy_option: false
162 } == user.notification_settings
163 end
164
165 test "it updates notification privacy option", %{user: user, conn: conn} do
166 conn
167 |> put("/api/pleroma/notification_settings", %{"privacy_option" => "1"})
168 |> json_response(:ok)
169
170 user = refresh_record(user)
171
172 assert %Pleroma.User.NotificationSetting{
173 followers: true,
174 follows: true,
175 non_follows: true,
176 non_followers: true,
177 privacy_option: true
178 } == user.notification_settings
179 end
180 end
181
182 describe "GET /api/statusnet/config" do
183 test "it returns config in xml format", %{conn: conn} do
184 instance = Pleroma.Config.get(:instance)
185
186 response =
187 conn
188 |> put_req_header("accept", "application/xml")
189 |> get("/api/statusnet/config")
190 |> response(:ok)
191
192 assert response ==
193 "<config>\n<site>\n<name>#{Keyword.get(instance, :name)}</name>\n<site>#{
194 Pleroma.Web.base_url()
195 }</site>\n<textlimit>#{Keyword.get(instance, :limit)}</textlimit>\n<closed>#{
196 !Keyword.get(instance, :registrations_open)
197 }</closed>\n</site>\n</config>\n"
198 end
199
200 test "it returns config in json format", %{conn: conn} do
201 instance = Pleroma.Config.get(:instance)
202 Pleroma.Config.put([:instance, :managed_config], true)
203 Pleroma.Config.put([:instance, :registrations_open], false)
204 Pleroma.Config.put([:instance, :invites_enabled], true)
205 Pleroma.Config.put([:instance, :public], false)
206 Pleroma.Config.put([:frontend_configurations, :pleroma_fe], %{theme: "asuka-hospital"})
207
208 response =
209 conn
210 |> put_req_header("accept", "application/json")
211 |> get("/api/statusnet/config")
212 |> json_response(:ok)
213
214 expected_data = %{
215 "site" => %{
216 "accountActivationRequired" => "0",
217 "closed" => "1",
218 "description" => Keyword.get(instance, :description),
219 "invitesEnabled" => "1",
220 "name" => Keyword.get(instance, :name),
221 "pleromafe" => %{"theme" => "asuka-hospital"},
222 "private" => "1",
223 "safeDMMentionsEnabled" => "0",
224 "server" => Pleroma.Web.base_url(),
225 "textlimit" => to_string(Keyword.get(instance, :limit)),
226 "uploadlimit" => %{
227 "avatarlimit" => to_string(Keyword.get(instance, :avatar_upload_limit)),
228 "backgroundlimit" => to_string(Keyword.get(instance, :background_upload_limit)),
229 "bannerlimit" => to_string(Keyword.get(instance, :banner_upload_limit)),
230 "uploadlimit" => to_string(Keyword.get(instance, :upload_limit))
231 },
232 "vapidPublicKey" => Keyword.get(Pleroma.Web.Push.vapid_config(), :public_key)
233 }
234 }
235
236 assert response == expected_data
237 end
238
239 test "returns the state of safe_dm_mentions flag", %{conn: conn} do
240 Pleroma.Config.put([:instance, :safe_dm_mentions], true)
241
242 response =
243 conn
244 |> get("/api/statusnet/config.json")
245 |> json_response(:ok)
246
247 assert response["site"]["safeDMMentionsEnabled"] == "1"
248
249 Pleroma.Config.put([:instance, :safe_dm_mentions], false)
250
251 response =
252 conn
253 |> get("/api/statusnet/config.json")
254 |> json_response(:ok)
255
256 assert response["site"]["safeDMMentionsEnabled"] == "0"
257 end
258
259 test "it returns the managed config", %{conn: conn} do
260 Pleroma.Config.put([:instance, :managed_config], false)
261 Pleroma.Config.put([:frontend_configurations, :pleroma_fe], %{theme: "asuka-hospital"})
262
263 response =
264 conn
265 |> get("/api/statusnet/config.json")
266 |> json_response(:ok)
267
268 refute response["site"]["pleromafe"]
269
270 Pleroma.Config.put([:instance, :managed_config], true)
271
272 response =
273 conn
274 |> get("/api/statusnet/config.json")
275 |> json_response(:ok)
276
277 assert response["site"]["pleromafe"] == %{"theme" => "asuka-hospital"}
278 end
279 end
280
281 describe "GET /api/pleroma/frontend_configurations" do
282 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
283 config = [
284 frontend_a: %{
285 x: 1,
286 y: 2
287 },
288 frontend_b: %{
289 z: 3
290 }
291 ]
292
293 Pleroma.Config.put(:frontend_configurations, config)
294
295 response =
296 conn
297 |> get("/api/pleroma/frontend_configurations")
298 |> json_response(:ok)
299
300 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
301 end
302 end
303
304 describe "/api/pleroma/emoji" do
305 test "returns json with custom emoji with tags", %{conn: conn} do
306 emoji =
307 conn
308 |> get("/api/pleroma/emoji")
309 |> json_response(200)
310
311 assert Enum.all?(emoji, fn
312 {_key,
313 %{
314 "image_url" => url,
315 "tags" => tags
316 }} ->
317 is_binary(url) and is_list(tags)
318 end)
319 end
320 end
321
322 describe "GET /ostatus_subscribe - remote_follow/2" do
323 test "adds status to pleroma instance if the `acct` is a status", %{conn: conn} do
324 conn =
325 get(
326 conn,
327 "/ostatus_subscribe?acct=https://mastodon.social/users/emelie/statuses/101849165031453009"
328 )
329
330 assert redirected_to(conn) =~ "/notice/"
331 end
332
333 test "show follow account page if the `acct` is a account link", %{conn: conn} do
334 response =
335 get(
336 conn,
337 "/ostatus_subscribe?acct=https://mastodon.social/users/emelie"
338 )
339
340 assert html_response(response, 200) =~ "Log in to follow"
341 end
342
343 test "show follow page if the `acct` is a account link", %{conn: conn} do
344 user = insert(:user)
345
346 response =
347 conn
348 |> assign(:user, user)
349 |> get("/ostatus_subscribe?acct=https://mastodon.social/users/emelie")
350
351 assert html_response(response, 200) =~ "Remote follow"
352 end
353
354 test "show follow page with error when user cannot fecth by `acct` link", %{conn: conn} do
355 user = insert(:user)
356
357 assert capture_log(fn ->
358 response =
359 conn
360 |> assign(:user, user)
361 |> get("/ostatus_subscribe?acct=https://mastodon.social/users/not_found")
362
363 assert html_response(response, 200) =~ "Error fetching user"
364 end) =~ "Object has been deleted"
365 end
366 end
367
368 describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user" do
369 setup do: oauth_access(["follow"])
370
371 test "follows user", %{user: user, conn: conn} do
372 user2 = insert(:user)
373
374 response =
375 conn
376 |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
377 |> response(200)
378
379 assert response =~ "Account followed!"
380 assert user2.follower_address in User.following(user)
381 end
382
383 test "returns error when user is deactivated" do
384 user = insert(:user, deactivated: true)
385 user2 = insert(:user)
386
387 response =
388 build_conn()
389 |> assign(:user, user)
390 |> assign(:token, insert(:oauth_token, user: user, scopes: ["follow"]))
391 |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
392 |> response(200)
393
394 assert response =~ "Error following account"
395 end
396
397 test "returns error when user is blocked", %{user: user, conn: conn} do
398 Pleroma.Config.put([:user, :deny_follow_blocked], true)
399 user2 = insert(:user)
400
401 {:ok, _user_block} = Pleroma.User.block(user2, user)
402
403 response =
404 conn
405 |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
406 |> response(200)
407
408 assert response =~ "Error following account"
409 end
410
411 test "returns error on insufficient permissions", %{user: user, conn: conn} do
412 user2 = insert(:user)
413
414 for token <- [nil, insert(:oauth_token, user: user, scopes: ["read"])] do
415 response =
416 conn
417 |> assign(:token, token)
418 |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
419 |> response(200)
420
421 assert response =~ "Error following account"
422 end
423 end
424
425 test "returns error when followee not found", %{conn: conn} do
426 response =
427 conn
428 |> post("/ostatus_subscribe", %{"user" => %{"id" => "jimm"}})
429 |> response(200)
430
431 assert response =~ "Error following account"
432 end
433
434 test "returns success result when user already in followers", %{user: user, conn: conn} do
435 user2 = insert(:user)
436 {:ok, _, _, _} = CommonAPI.follow(user, user2)
437
438 response =
439 conn
440 |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
441 |> response(200)
442
443 assert response =~ "Account followed!"
444 end
445 end
446
447 describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user" do
448 test "follows", %{conn: conn} do
449 user = insert(:user)
450 user2 = insert(:user)
451
452 response =
453 conn
454 |> post("/ostatus_subscribe", %{
455 "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
456 })
457 |> response(200)
458
459 assert response =~ "Account followed!"
460 assert user2.follower_address in User.following(user)
461 end
462
463 test "returns error when followee not found", %{conn: conn} do
464 user = insert(:user)
465
466 response =
467 conn
468 |> post("/ostatus_subscribe", %{
469 "authorization" => %{"name" => user.nickname, "password" => "test", "id" => "jimm"}
470 })
471 |> response(200)
472
473 assert response =~ "Error following account"
474 end
475
476 test "returns error when login invalid", %{conn: conn} do
477 user = insert(:user)
478
479 response =
480 conn
481 |> post("/ostatus_subscribe", %{
482 "authorization" => %{"name" => "jimm", "password" => "test", "id" => user.id}
483 })
484 |> response(200)
485
486 assert response =~ "Wrong username or password"
487 end
488
489 test "returns error when password invalid", %{conn: conn} do
490 user = insert(:user)
491 user2 = insert(:user)
492
493 response =
494 conn
495 |> post("/ostatus_subscribe", %{
496 "authorization" => %{"name" => user.nickname, "password" => "42", "id" => user2.id}
497 })
498 |> response(200)
499
500 assert response =~ "Wrong username or password"
501 end
502
503 test "returns error when user is blocked", %{conn: conn} do
504 Pleroma.Config.put([:user, :deny_follow_blocked], true)
505 user = insert(:user)
506 user2 = insert(:user)
507 {:ok, _user_block} = Pleroma.User.block(user2, user)
508
509 response =
510 conn
511 |> post("/ostatus_subscribe", %{
512 "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
513 })
514 |> response(200)
515
516 assert response =~ "Error following account"
517 end
518 end
519
520 describe "GET /api/pleroma/healthcheck" do
521 clear_config([:instance, :healthcheck])
522
523 test "returns 503 when healthcheck disabled", %{conn: conn} do
524 Pleroma.Config.put([:instance, :healthcheck], false)
525
526 response =
527 conn
528 |> get("/api/pleroma/healthcheck")
529 |> json_response(503)
530
531 assert response == %{}
532 end
533
534 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
535 Pleroma.Config.put([:instance, :healthcheck], true)
536
537 with_mock Pleroma.Healthcheck,
538 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
539 response =
540 conn
541 |> get("/api/pleroma/healthcheck")
542 |> json_response(200)
543
544 assert %{
545 "active" => _,
546 "healthy" => true,
547 "idle" => _,
548 "memory_used" => _,
549 "pool_size" => _
550 } = response
551 end
552 end
553
554 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
555 Pleroma.Config.put([:instance, :healthcheck], true)
556
557 with_mock Pleroma.Healthcheck,
558 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
559 response =
560 conn
561 |> get("/api/pleroma/healthcheck")
562 |> json_response(503)
563
564 assert %{
565 "active" => _,
566 "healthy" => false,
567 "idle" => _,
568 "memory_used" => _,
569 "pool_size" => _
570 } = response
571 end
572 end
573 end
574
575 describe "POST /api/pleroma/disable_account" do
576 setup do: oauth_access(["write:accounts"])
577
578 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
579 response =
580 conn
581 |> post("/api/pleroma/disable_account", %{"password" => "test"})
582 |> json_response(:ok)
583
584 assert response == %{"status" => "success"}
585 ObanHelpers.perform_all()
586
587 user = User.get_cached_by_id(user.id)
588
589 assert user.deactivated == true
590 end
591
592 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
593 user = insert(:user)
594
595 response =
596 conn
597 |> post("/api/pleroma/disable_account", %{"password" => "test1"})
598 |> json_response(:ok)
599
600 assert response == %{"error" => "Invalid password."}
601 user = User.get_cached_by_id(user.id)
602
603 refute user.deactivated
604 end
605 end
606
607 describe "GET /api/statusnet/version" do
608 test "it returns version in xml format", %{conn: conn} do
609 response =
610 conn
611 |> put_req_header("accept", "application/xml")
612 |> get("/api/statusnet/version")
613 |> response(:ok)
614
615 assert response == "<version>#{Pleroma.Application.named_version()}</version>"
616 end
617
618 test "it returns version in json format", %{conn: conn} do
619 response =
620 conn
621 |> put_req_header("accept", "application/json")
622 |> get("/api/statusnet/version")
623 |> json_response(:ok)
624
625 assert response == "#{Pleroma.Application.named_version()}"
626 end
627 end
628
629 describe "POST /main/ostatus - remote_subscribe/2" do
630 test "renders subscribe form", %{conn: conn} do
631 user = insert(:user)
632
633 response =
634 conn
635 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
636 |> response(:ok)
637
638 refute response =~ "Could not find user"
639 assert response =~ "Remotely follow #{user.nickname}"
640 end
641
642 test "renders subscribe form with error when user not found", %{conn: conn} do
643 response =
644 conn
645 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
646 |> response(:ok)
647
648 assert response =~ "Could not find user"
649 refute response =~ "Remotely follow"
650 end
651
652 test "it redirect to webfinger url", %{conn: conn} do
653 user = insert(:user)
654 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
655
656 conn =
657 conn
658 |> post("/main/ostatus", %{
659 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
660 })
661
662 assert redirected_to(conn) ==
663 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
664 end
665
666 test "it renders form with error when user not found", %{conn: conn} do
667 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
668
669 response =
670 conn
671 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
672 |> response(:ok)
673
674 assert response =~ "Something went wrong."
675 end
676 end
677
678 test "it returns new captcha", %{conn: conn} do
679 with_mock Pleroma.Captcha,
680 new: fn -> "test_captcha" end do
681 resp =
682 conn
683 |> get("/api/pleroma/captcha")
684 |> response(200)
685
686 assert resp == "\"test_captcha\""
687 assert called(Pleroma.Captcha.new())
688 end
689 end
690
691 describe "POST /api/pleroma/change_email" do
692 setup do: oauth_access(["write:accounts"])
693
694 test "without permissions", %{conn: conn} do
695 conn =
696 conn
697 |> assign(:token, nil)
698 |> post("/api/pleroma/change_email")
699
700 assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
701 end
702
703 test "with proper permissions and invalid password", %{conn: conn} do
704 conn =
705 post(conn, "/api/pleroma/change_email", %{
706 "password" => "hi",
707 "email" => "test@test.com"
708 })
709
710 assert json_response(conn, 200) == %{"error" => "Invalid password."}
711 end
712
713 test "with proper permissions, valid password and invalid email", %{
714 conn: conn
715 } do
716 conn =
717 post(conn, "/api/pleroma/change_email", %{
718 "password" => "test",
719 "email" => "foobar"
720 })
721
722 assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
723 end
724
725 test "with proper permissions, valid password and no email", %{
726 conn: conn
727 } do
728 conn =
729 post(conn, "/api/pleroma/change_email", %{
730 "password" => "test"
731 })
732
733 assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
734 end
735
736 test "with proper permissions, valid password and blank email", %{
737 conn: conn
738 } do
739 conn =
740 post(conn, "/api/pleroma/change_email", %{
741 "password" => "test",
742 "email" => ""
743 })
744
745 assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
746 end
747
748 test "with proper permissions, valid password and non unique email", %{
749 conn: conn
750 } do
751 user = insert(:user)
752
753 conn =
754 post(conn, "/api/pleroma/change_email", %{
755 "password" => "test",
756 "email" => user.email
757 })
758
759 assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
760 end
761
762 test "with proper permissions, valid password and valid email", %{
763 conn: conn
764 } do
765 conn =
766 post(conn, "/api/pleroma/change_email", %{
767 "password" => "test",
768 "email" => "cofe@foobar.com"
769 })
770
771 assert json_response(conn, 200) == %{"status" => "success"}
772 end
773 end
774
775 describe "POST /api/pleroma/change_password" do
776 setup do: oauth_access(["write:accounts"])
777
778 test "without permissions", %{conn: conn} do
779 conn =
780 conn
781 |> assign(:token, nil)
782 |> post("/api/pleroma/change_password")
783
784 assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
785 end
786
787 test "with proper permissions and invalid password", %{conn: conn} do
788 conn =
789 post(conn, "/api/pleroma/change_password", %{
790 "password" => "hi",
791 "new_password" => "newpass",
792 "new_password_confirmation" => "newpass"
793 })
794
795 assert json_response(conn, 200) == %{"error" => "Invalid password."}
796 end
797
798 test "with proper permissions, valid password and new password and confirmation not matching",
799 %{
800 conn: conn
801 } do
802 conn =
803 post(conn, "/api/pleroma/change_password", %{
804 "password" => "test",
805 "new_password" => "newpass",
806 "new_password_confirmation" => "notnewpass"
807 })
808
809 assert json_response(conn, 200) == %{
810 "error" => "New password does not match confirmation."
811 }
812 end
813
814 test "with proper permissions, valid password and invalid new password", %{
815 conn: conn
816 } do
817 conn =
818 post(conn, "/api/pleroma/change_password", %{
819 "password" => "test",
820 "new_password" => "",
821 "new_password_confirmation" => ""
822 })
823
824 assert json_response(conn, 200) == %{
825 "error" => "New password can't be blank."
826 }
827 end
828
829 test "with proper permissions, valid password and matching new password and confirmation", %{
830 conn: conn,
831 user: user
832 } do
833 conn =
834 post(conn, "/api/pleroma/change_password", %{
835 "password" => "test",
836 "new_password" => "newpass",
837 "new_password_confirmation" => "newpass"
838 })
839
840 assert json_response(conn, 200) == %{"status" => "success"}
841 fetched_user = User.get_cached_by_id(user.id)
842 assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
843 end
844 end
845
846 describe "POST /api/pleroma/delete_account" do
847 setup do: oauth_access(["write:accounts"])
848
849 test "without permissions", %{conn: conn} do
850 conn =
851 conn
852 |> assign(:token, nil)
853 |> post("/api/pleroma/delete_account")
854
855 assert json_response(conn, 403) ==
856 %{"error" => "Insufficient permissions: write:accounts."}
857 end
858
859 test "with proper permissions and wrong or missing password", %{conn: conn} do
860 for params <- [%{"password" => "hi"}, %{}] do
861 ret_conn = post(conn, "/api/pleroma/delete_account", params)
862
863 assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
864 end
865 end
866
867 test "with proper permissions and valid password", %{conn: conn} do
868 conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
869
870 assert json_response(conn, 200) == %{"status" => "success"}
871 end
872 end
873 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git