# Pleroma: A lightweight social networking server # Copyright © 2017-2019 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do use Pleroma.Web.ConnCase alias Ecto.Changeset alias Pleroma.Config alias Pleroma.Notification alias Pleroma.Object alias Pleroma.Repo alias Pleroma.Tests.ObanHelpers alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.CommonAPI alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Token alias Pleroma.Web.Push import ExUnit.CaptureLog import Pleroma.Factory import Swoosh.TestAssertions import Tesla.Mock @image "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7" setup do mock(fn env -> apply(HttpRequestMock, :request, [env]) end) :ok end clear_config([:instance, :public]) clear_config([:rich_media, :enabled]) test "verify_credentials", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") response = json_response(conn, 200) assert %{"id" => id, "source" => %{"privacy" => "public"}} = response assert response["pleroma"]["chat_token"] assert id == to_string(user.id) end test "verify_credentials default scope unlisted", %{conn: conn} do user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}}) conn = conn |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) assert id == to_string(user.id) end test "apps/verify_credentials", %{conn: conn} do token = insert(:oauth_token) conn = conn |> assign(:user, token.user) |> assign(:token, token) |> get("/api/v1/apps/verify_credentials") app = Repo.preload(token, :app).app expected = %{ "name" => app.client_name, "website" => app.website, "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) } assert expected == json_response(conn, 200) end test "user avatar can be set", %{conn: conn} do user = insert(:user) avatar_image = File.read!("test/fixtures/avatar_data_uri") conn = conn |> assign(:user, user) |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image}) user = refresh_record(user) assert %{ "name" => _, "type" => _, "url" => [ %{ "href" => _, "mediaType" => _, "type" => _ } ] } = user.avatar assert %{"url" => _} = json_response(conn, 200) end test "user avatar can be reset", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: ""}) user = User.get_cached_by_id(user.id) assert user.avatar == nil assert %{"url" => nil} = json_response(conn, 200) end test "can set profile banner", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => @image}) user = refresh_record(user) assert user.info.banner["type"] == "Image" assert %{"url" => _} = json_response(conn, 200) end test "can reset profile banner", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => ""}) user = refresh_record(user) assert user.info.banner == %{} assert %{"url" => nil} = json_response(conn, 200) end test "background image can be set", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => @image}) user = refresh_record(user) assert user.info.background["type"] == "Image" assert %{"url" => _} = json_response(conn, 200) end test "background image can be reset", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => ""}) user = refresh_record(user) assert user.info.background == %{} assert %{"url" => nil} = json_response(conn, 200) end test "creates an oauth app", %{conn: conn} do user = insert(:user) app_attrs = build(:oauth_app) conn = conn |> assign(:user, user) |> post("/api/v1/apps", %{ client_name: app_attrs.client_name, redirect_uris: app_attrs.redirect_uris }) [app] = Repo.all(App) expected = %{ "name" => app.client_name, "website" => app.website, "client_id" => app.client_id, "client_secret" => app.client_secret, "id" => app.id |> to_string(), "redirect_uri" => app.redirect_uris, "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) } assert expected == json_response(conn, 200) end describe "user relationships" do test "returns the relationships for the current user", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, user} = User.follow(user, other_user) conn = conn |> assign(:user, user) |> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]}) assert [relationship] = json_response(conn, 200) assert to_string(other_user.id) == relationship["id"] end test "returns an empty list on a bad request", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> get("/api/v1/accounts/relationships", %{}) assert [] = json_response(conn, 200) end end describe "media upload" do setup do user = insert(:user) conn = build_conn() |> assign(:user, user) image = %Plug.Upload{ content_type: "image/jpg", path: Path.absname("test/fixtures/image.jpg"), filename: "an_image.jpg" } [conn: conn, image: image] end clear_config([:media_proxy]) clear_config([Pleroma.Upload]) test "returns uploaded image", %{conn: conn, image: image} do desc = "Description of the image" media = conn |> post("/api/v1/media", %{"file" => image, "description" => desc}) |> json_response(:ok) assert media["type"] == "image" assert media["description"] == desc assert media["id"] object = Repo.get(Object, media["id"]) assert object.data["actor"] == User.ap_id(conn.assigns[:user]) end end describe "locked accounts" do test "verify_credentials", %{conn: conn} do user = insert(:user, %{info: %User.Info{default_scope: "private"}}) conn = conn |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) assert id == to_string(user.id) end end describe "/api/v1/pleroma/mascot" do test "mascot upload", %{conn: conn} do user = insert(:user) non_image_file = %Plug.Upload{ content_type: "audio/mpeg", path: Path.absname("test/fixtures/sound.mp3"), filename: "sound.mp3" } conn = conn |> assign(:user, user) |> put("/api/v1/pleroma/mascot", %{"file" => non_image_file}) assert json_response(conn, 415) file = %Plug.Upload{ content_type: "image/jpg", path: Path.absname("test/fixtures/image.jpg"), filename: "an_image.jpg" } conn = build_conn() |> assign(:user, user) |> put("/api/v1/pleroma/mascot", %{"file" => file}) assert %{"id" => _, "type" => image} = json_response(conn, 200) end test "mascot retrieving", %{conn: conn} do user = insert(:user) # When user hasn't set a mascot, we should just get pleroma tan back conn = conn |> assign(:user, user) |> get("/api/v1/pleroma/mascot") assert %{"url" => url} = json_response(conn, 200) assert url =~ "pleroma-fox-tan-smol" # When a user sets their mascot, we should get that back file = %Plug.Upload{ content_type: "image/jpg", path: Path.absname("test/fixtures/image.jpg"), filename: "an_image.jpg" } conn = build_conn() |> assign(:user, user) |> put("/api/v1/pleroma/mascot", %{"file" => file}) assert json_response(conn, 200) user = User.get_cached_by_id(user.id) conn = build_conn() |> assign(:user, user) |> get("/api/v1/pleroma/mascot") assert %{"url" => url, "type" => "image"} = json_response(conn, 200) assert url =~ "an_image" end end describe "subscribing / unsubscribing" do test "subscribing / unsubscribing to a user", %{conn: conn} do user = insert(:user) subscription_target = insert(:user) conn = conn |> assign(:user, user) |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/subscribe") assert %{"id" => _id, "subscribing" => true} = json_response(conn, 200) conn = build_conn() |> assign(:user, user) |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe") assert %{"id" => _id, "subscribing" => false} = json_response(conn, 200) end end describe "subscribing" do test "returns 404 when subscription_target not found", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> post("/api/v1/pleroma/accounts/target_id/subscribe") assert %{"error" => "Record not found"} = json_response(conn, 404) end end describe "unsubscribing" do test "returns 404 when subscription_target not found", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> post("/api/v1/pleroma/accounts/target_id/unsubscribe") assert %{"error" => "Record not found"} = json_response(conn, 404) end end test "getting a list of mutes", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, user} = User.mute(user, other_user) conn = conn |> assign(:user, user) |> get("/api/v1/mutes") other_user_id = to_string(other_user.id) assert [%{"id" => ^other_user_id}] = json_response(conn, 200) end test "getting a list of blocks", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, user} = User.block(user, other_user) conn = conn |> assign(:user, user) |> get("/api/v1/blocks") other_user_id = to_string(other_user.id) assert [%{"id" => ^other_user_id}] = json_response(conn, 200) end test "unimplemented follow_requests, blocks, domain blocks" do user = insert(:user) ["blocks", "domain_blocks", "follow_requests"] |> Enum.each(fn endpoint -> conn = build_conn() |> assign(:user, user) |> get("/api/v1/#{endpoint}") assert [] = json_response(conn, 200) end) end test "returns the favorites of a user", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, _} = CommonAPI.post(other_user, %{"status" => "bla"}) {:ok, activity} = CommonAPI.post(other_user, %{"status" => "traps are happy"}) {:ok, _, _} = CommonAPI.favorite(activity.id, user) first_conn = conn |> assign(:user, user) |> get("/api/v1/favourites") assert [status] = json_response(first_conn, 200) assert status["id"] == to_string(activity.id) assert [{"link", _link_header}] = Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end) # Honours query params {:ok, second_activity} = CommonAPI.post(other_user, %{ "status" => "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful." }) {:ok, _, _} = CommonAPI.favorite(second_activity.id, user) last_like = status["id"] second_conn = conn |> assign(:user, user) |> get("/api/v1/favourites?since_id=#{last_like}") assert [second_status] = json_response(second_conn, 200) assert second_status["id"] == to_string(second_activity.id) third_conn = conn |> assign(:user, user) |> get("/api/v1/favourites?limit=0") assert [] = json_response(third_conn, 200) end test "get instance information", %{conn: conn} do conn = get(conn, "/api/v1/instance") assert result = json_response(conn, 200) email = Config.get([:instance, :email]) # Note: not checking for "max_toot_chars" since it's optional assert %{ "uri" => _, "title" => _, "description" => _, "version" => _, "email" => from_config_email, "urls" => %{ "streaming_api" => _ }, "stats" => _, "thumbnail" => _, "languages" => _, "registrations" => _, "poll_limits" => _ } = result assert email == from_config_email end test "get instance stats", %{conn: conn} do user = insert(:user, %{local: true}) user2 = insert(:user, %{local: true}) {:ok, _user2} = User.deactivate(user2, !user2.info.deactivated) insert(:user, %{local: false, nickname: "u@peer1.com"}) insert(:user, %{local: false, nickname: "u@peer2.com"}) {:ok, _} = CommonAPI.post(user, %{"status" => "cofe"}) # Stats should count users with missing or nil `info.deactivated` value {:ok, _user} = user.id |> User.get_cached_by_id() |> User.update_info(&Changeset.change(&1, %{deactivated: nil})) Pleroma.Stats.force_update() conn = get(conn, "/api/v1/instance") assert result = json_response(conn, 200) stats = result["stats"] assert stats assert stats["user_count"] == 1 assert stats["status_count"] == 1 assert stats["domain_count"] == 2 end test "get peers", %{conn: conn} do insert(:user, %{local: false, nickname: "u@peer1.com"}) insert(:user, %{local: false, nickname: "u@peer2.com"}) Pleroma.Stats.force_update() conn = get(conn, "/api/v1/instance/peers") assert result = json_response(conn, 200) assert ["peer1.com", "peer2.com"] == Enum.sort(result) end test "put settings", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> put("/api/web/settings", %{"data" => %{"programming" => "socks"}}) assert _result = json_response(conn, 200) user = User.get_cached_by_ap_id(user.ap_id) assert user.info.settings == %{"programming" => "socks"} end describe "link headers" do test "preserves parameters in link headers", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, activity1} = CommonAPI.post(other_user, %{ "status" => "hi @#{user.nickname}", "visibility" => "public" }) {:ok, activity2} = CommonAPI.post(other_user, %{ "status" => "hi @#{user.nickname}", "visibility" => "public" }) notification1 = Repo.get_by(Notification, activity_id: activity1.id) notification2 = Repo.get_by(Notification, activity_id: activity2.id) conn = conn |> assign(:user, user) |> get("/api/v1/notifications", %{media_only: true}) assert [link_header] = get_resp_header(conn, "link") assert link_header =~ ~r/media_only=true/ assert link_header =~ ~r/min_id=#{notification2.id}/ assert link_header =~ ~r/max_id=#{notification1.id}/ end end describe "custom emoji" do test "with tags", %{conn: conn} do [emoji | _body] = conn |> get("/api/v1/custom_emojis") |> json_response(200) assert Map.has_key?(emoji, "shortcode") assert Map.has_key?(emoji, "static_url") assert Map.has_key?(emoji, "tags") assert is_list(emoji["tags"]) assert Map.has_key?(emoji, "category") assert Map.has_key?(emoji, "url") assert Map.has_key?(emoji, "visible_in_picker") end end describe "index/2 redirections" do setup %{conn: conn} do session_opts = [ store: :cookie, key: "_test", signing_salt: "cooldude" ] conn = conn |> Plug.Session.call(Plug.Session.init(session_opts)) |> fetch_session() test_path = "/web/statuses/test" %{conn: conn, path: test_path} end test "redirects not logged-in users to the login page", %{conn: conn, path: path} do conn = get(conn, path) assert conn.status == 302 assert redirected_to(conn) == "/web/login" end test "redirects not logged-in users to the login page on private instances", %{ conn: conn, path: path } do Config.put([:instance, :public], false) conn = get(conn, path) assert conn.status == 302 assert redirected_to(conn) == "/web/login" end test "does not redirect logged in users to the login page", %{conn: conn, path: path} do token = insert(:oauth_token) conn = conn |> assign(:user, token.user) |> put_session(:oauth_token, token.token) |> get(path) assert conn.status == 200 end test "saves referer path to session", %{conn: conn, path: path} do conn = get(conn, path) return_to = Plug.Conn.get_session(conn, :return_to) assert return_to == path end test "redirects to the saved path after log in", %{conn: conn, path: path} do app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") auth = insert(:oauth_authorization, app: app) conn = conn |> put_session(:return_to, path) |> get("/web/login", %{code: auth.token}) assert conn.status == 302 assert redirected_to(conn) == path end test "redirects to the getting-started page when referer is not present", %{conn: conn} do app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") auth = insert(:oauth_authorization, app: app) conn = get(conn, "/web/login", %{code: auth.token}) assert conn.status == 302 assert redirected_to(conn) == "/web/getting-started" end end describe "create account by app" do setup do valid_params = %{ username: "lain", email: "lain@example.org", password: "PlzDontHackLain", agreement: true } [valid_params: valid_params] end test "Account registration via Application", %{conn: conn} do conn = conn |> post("/api/v1/apps", %{ client_name: "client_name", redirect_uris: "urn:ietf:wg:oauth:2.0:oob", scopes: "read, write, follow" }) %{ "client_id" => client_id, "client_secret" => client_secret, "id" => _, "name" => "client_name", "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", "vapid_key" => _, "website" => nil } = json_response(conn, 200) conn = conn |> post("/oauth/token", %{ grant_type: "client_credentials", client_id: client_id, client_secret: client_secret }) assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = json_response(conn, 200) assert token token_from_db = Repo.get_by(Token, token: token) assert token_from_db assert refresh assert scope == "read write follow" conn = build_conn() |> put_req_header("authorization", "Bearer " <> token) |> post("/api/v1/accounts", %{ username: "lain", email: "lain@example.org", password: "PlzDontHackLain", bio: "Test Bio", agreement: true }) %{ "access_token" => token, "created_at" => _created_at, "scope" => _scope, "token_type" => "Bearer" } = json_response(conn, 200) token_from_db = Repo.get_by(Token, token: token) assert token_from_db token_from_db = Repo.preload(token_from_db, :user) assert token_from_db.user assert token_from_db.user.info.confirmation_pending end test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do _user = insert(:user, email: "lain@example.org") app_token = insert(:oauth_token, user: nil) conn = conn |> put_req_header("authorization", "Bearer " <> app_token.token) res = post(conn, "/api/v1/accounts", valid_params) assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"} end test "rate limit", %{conn: conn} do app_token = insert(:oauth_token, user: nil) conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token) |> Map.put(:remote_ip, {15, 15, 15, 15}) for i <- 1..5 do conn = conn |> post("/api/v1/accounts", %{ username: "#{i}lain", email: "#{i}lain@example.org", password: "PlzDontHackLain", agreement: true }) %{ "access_token" => token, "created_at" => _created_at, "scope" => _scope, "token_type" => "Bearer" } = json_response(conn, 200) token_from_db = Repo.get_by(Token, token: token) assert token_from_db token_from_db = Repo.preload(token_from_db, :user) assert token_from_db.user assert token_from_db.user.info.confirmation_pending end conn = conn |> post("/api/v1/accounts", %{ username: "6lain", email: "6lain@example.org", password: "PlzDontHackLain", agreement: true }) assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"} end test "returns bad_request if missing required params", %{ conn: conn, valid_params: valid_params } do app_token = insert(:oauth_token, user: nil) conn = conn |> put_req_header("authorization", "Bearer " <> app_token.token) res = post(conn, "/api/v1/accounts", valid_params) assert json_response(res, 200) [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}] |> Stream.zip(valid_params) |> Enum.each(fn {ip, {attr, _}} -> res = conn |> Map.put(:remote_ip, ip) |> post("/api/v1/accounts", Map.delete(valid_params, attr)) |> json_response(400) assert res == %{"error" => "Missing parameters"} end) end test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do conn = conn |> put_req_header("authorization", "Bearer " <> "invalid-token") res = post(conn, "/api/v1/accounts", valid_params) assert json_response(res, 403) == %{"error" => "Invalid credentials"} end end describe "GET /api/v1/polls/:id" do test "returns poll entity for object id", %{conn: conn} do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "Pleroma does", "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20} }) object = Object.normalize(activity) conn = conn |> assign(:user, user) |> get("/api/v1/polls/#{object.id}") response = json_response(conn, 200) id = to_string(object.id) assert %{"id" => ^id, "expired" => false, "multiple" => false} = response end test "does not expose polls for private statuses", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "Pleroma does", "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20}, "visibility" => "private" }) object = Object.normalize(activity) conn = conn |> assign(:user, other_user) |> get("/api/v1/polls/#{object.id}") assert json_response(conn, 404) end end describe "POST /api/v1/polls/:id/votes" do test "votes are added to the poll", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "A very delicious sandwich", "poll" => %{ "options" => ["Lettuce", "Grilled Bacon", "Tomato"], "expires_in" => 20, "multiple" => true } }) object = Object.normalize(activity) conn = conn |> assign(:user, other_user) |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]}) assert json_response(conn, 200) object = Object.get_by_id(object.id) assert Enum.all?(object.data["anyOf"], fn %{"replies" => %{"totalItems" => total_items}} -> total_items == 1 end) end test "author can't vote", %{conn: conn} do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "Am I cute?", "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20} }) object = Object.normalize(activity) assert conn |> assign(:user, user) |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [1]}) |> json_response(422) == %{"error" => "Poll's author can't vote"} object = Object.get_by_id(object.id) refute Enum.at(object.data["oneOf"], 1)["replies"]["totalItems"] == 1 end test "does not allow multiple choices on a single-choice question", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "The glass is", "poll" => %{"options" => ["half empty", "half full"], "expires_in" => 20} }) object = Object.normalize(activity) assert conn |> assign(:user, other_user) |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1]}) |> json_response(422) == %{"error" => "Too many choices"} object = Object.get_by_id(object.id) refute Enum.any?(object.data["oneOf"], fn %{"replies" => %{"totalItems" => total_items}} -> total_items == 1 end) end test "does not allow choice index to be greater than options count", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "Am I cute?", "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20} }) object = Object.normalize(activity) conn = conn |> assign(:user, other_user) |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]}) assert json_response(conn, 422) == %{"error" => "Invalid indices"} end test "returns 404 error when object is not exist", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> post("/api/v1/polls/1/votes", %{"choices" => [0]}) assert json_response(conn, 404) == %{"error" => "Record not found"} end test "returns 404 when poll is private and not available for user", %{conn: conn} do user = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{ "status" => "Am I cute?", "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}, "visibility" => "private" }) object = Object.normalize(activity) conn = conn |> assign(:user, other_user) |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]}) assert json_response(conn, 404) == %{"error" => "Record not found"} end end describe "POST /auth/password, with valid parameters" do setup %{conn: conn} do user = insert(:user) conn = post(conn, "/auth/password?email=#{user.email}") %{conn: conn, user: user} end test "it returns 204", %{conn: conn} do assert json_response(conn, :no_content) end test "it creates a PasswordResetToken record for user", %{user: user} do token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) assert token_record end test "it sends an email to user", %{user: user} do ObanHelpers.perform_all() token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token) notify_email = Config.get([:instance, :notify_email]) instance_name = Config.get([:instance, :name]) assert_email_sent( from: {instance_name, notify_email}, to: {user.name, user.email}, html_body: email.html_body ) end end describe "POST /auth/password, with invalid parameters" do setup do user = insert(:user) {:ok, user: user} end test "it returns 404 when user is not found", %{conn: conn, user: user} do conn = post(conn, "/auth/password?email=nonexisting_#{user.email}") assert conn.status == 404 assert conn.resp_body == "" end test "it returns 400 when user is not local", %{conn: conn, user: user} do {:ok, user} = Repo.update(Changeset.change(user, local: false)) conn = post(conn, "/auth/password?email=#{user.email}") assert conn.status == 400 assert conn.resp_body == "" end end describe "POST /api/v1/pleroma/accounts/confirmation_resend" do setup do {:ok, user} = insert(:user) |> User.change_info(&User.Info.confirmation_changeset(&1, need_confirmation: true)) |> Repo.update() assert user.info.confirmation_pending [user: user] end clear_config([:instance, :account_activation_required]) do Config.put([:instance, :account_activation_required], true) end test "resend account confirmation email", %{conn: conn, user: user} do conn |> assign(:user, user) |> post("/api/v1/pleroma/accounts/confirmation_resend?email=#{user.email}") |> json_response(:no_content) ObanHelpers.perform_all() email = Pleroma.Emails.UserEmail.account_confirmation_email(user) notify_email = Config.get([:instance, :notify_email]) instance_name = Config.get([:instance, :name]) assert_email_sent( from: {instance_name, notify_email}, to: {user.name, user.email}, html_body: email.html_body ) end end describe "GET /api/v1/suggestions" do setup do user = insert(:user) other_user = insert(:user) host = Config.get([Pleroma.Web.Endpoint, :url, :host]) url500 = "http://test500?#{host}&#{user.nickname}" url200 = "http://test200?#{host}&#{user.nickname}" mock(fn %{method: :get, url: ^url500} -> %Tesla.Env{status: 500, body: "bad request"} %{method: :get, url: ^url200} -> %Tesla.Env{ status: 200, body: ~s([{"acct":"yj455","avatar":"https://social.heldscal.la/avatar/201.jpeg","avatar_static":"https://social.heldscal.la/avatar/s/201.jpeg"}, {"acct":"#{ other_user.ap_id }","avatar":"https://social.heldscal.la/avatar/202.jpeg","avatar_static":"https://social.heldscal.la/avatar/s/202.jpeg"}]) } end) [user: user, other_user: other_user] end clear_config(:suggestions) test "returns empty result when suggestions disabled", %{conn: conn, user: user} do Config.put([:suggestions, :enabled], false) res = conn |> assign(:user, user) |> get("/api/v1/suggestions") |> json_response(200) assert res == [] end test "returns error", %{conn: conn, user: user} do Config.put([:suggestions, :enabled], true) Config.put([:suggestions, :third_party_engine], "http://test500?{{host}}&{{user}}") assert capture_log(fn -> res = conn |> assign(:user, user) |> get("/api/v1/suggestions") |> json_response(500) assert res == "Something went wrong" end) =~ "Could not retrieve suggestions" end test "returns suggestions", %{conn: conn, user: user, other_user: other_user} do Config.put([:suggestions, :enabled], true) Config.put([:suggestions, :third_party_engine], "http://test200?{{host}}&{{user}}") res = conn |> assign(:user, user) |> get("/api/v1/suggestions") |> json_response(200) assert res == [ %{ "acct" => "yj455", "avatar" => "https://social.heldscal.la/avatar/201.jpeg", "avatar_static" => "https://social.heldscal.la/avatar/s/201.jpeg", "id" => 0 }, %{ "acct" => other_user.ap_id, "avatar" => "https://social.heldscal.la/avatar/202.jpeg", "avatar_static" => "https://social.heldscal.la/avatar/s/202.jpeg", "id" => other_user.id } ] end end describe "PUT /api/v1/media/:id" do setup do actor = insert(:user) file = %Plug.Upload{ content_type: "image/jpg", path: Path.absname("test/fixtures/image.jpg"), filename: "an_image.jpg" } {:ok, %Object{} = object} = ActivityPub.upload( file, actor: User.ap_id(actor), description: "test-m" ) [actor: actor, object: object] end test "updates name of media", %{conn: conn, actor: actor, object: object} do media = conn |> assign(:user, actor) |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"}) |> json_response(:ok) assert media["description"] == "test-media" assert refresh_record(object).data["name"] == "test-media" end test "returns error wheb request is bad", %{conn: conn, actor: actor, object: object} do media = conn |> assign(:user, actor) |> put("/api/v1/media/#{object.id}", %{}) |> json_response(400) assert media == %{"error" => "bad_request"} end end describe "DELETE /auth/sign_out" do test "redirect to root page", %{conn: conn} do user = insert(:user) conn = conn |> assign(:user, user) |> delete("/auth/sign_out") assert conn.status == 302 assert redirected_to(conn) == "/" end end describe "GET /api/v1/accounts/:id/lists - account_lists" do test "returns lists to which the account belongs", %{conn: conn} do user = insert(:user) other_user = insert(:user) assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user) {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user) res = conn |> assign(:user, user) |> get("/api/v1/accounts/#{other_user.id}/lists") |> json_response(200) assert res == [%{"id" => to_string(list.id), "title" => "Test List"}] end end describe "empty_array, stubs for mastodon api" do test "GET /api/v1/accounts/:id/identity_proofs", %{conn: conn} do user = insert(:user) res = conn |> assign(:user, user) |> get("/api/v1/accounts/#{user.id}/identity_proofs") |> json_response(200) assert res == [] end test "GET /api/v1/endorsements", %{conn: conn} do user = insert(:user) res = conn |> assign(:user, user) |> get("/api/v1/endorsements") |> json_response(200) assert res == [] end test "GET /api/v1/trends", %{conn: conn} do user = insert(:user) res = conn |> assign(:user, user) |> get("/api/v1/trends") |> json_response(200) assert res == [] end end end