+ test "returns 404 for deactivated user", %{conn: conn} do
+ user = insert(:user, deactivated: true)
+
+ assert %{"error" => "Can't find user"} =
+ conn
+ |> get("/api/v1/accounts/#{user.id}")
+ |> json_response_and_validate_schema(:not_found)
+ end
+ end
+
+ defp local_and_remote_users do
+ local = insert(:user)
+ remote = insert(:user, local: false)
+ {:ok, local: local, remote: remote}
+ end
+
+ describe "user fetching with restrict unauthenticated profiles for local and remote" do
+ setup do: local_and_remote_users()
+
+ setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
+
+ setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
+
+ test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+ assert %{"error" => "This API requires an authenticated user"} ==
+ conn
+ |> get("/api/v1/accounts/#{local.id}")
+ |> json_response_and_validate_schema(:unauthorized)
+
+ assert %{"error" => "This API requires an authenticated user"} ==
+ conn
+ |> get("/api/v1/accounts/#{remote.id}")
+ |> json_response_and_validate_schema(:unauthorized)
+ end
+
+ test "if user is authenticated", %{local: local, remote: remote} do
+ %{conn: conn} = oauth_access(["read"])
+
+ res_conn = get(conn, "/api/v1/accounts/#{local.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+
+ res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+ end
+ end
+
+ describe "user fetching with restrict unauthenticated profiles for local" do
+ setup do: local_and_remote_users()
+
+ setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
+
+ test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+ res_conn = get(conn, "/api/v1/accounts/#{local.id}")
+
+ assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
+ "error" => "This API requires an authenticated user"
+ }
+
+ res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+ end
+
+ test "if user is authenticated", %{local: local, remote: remote} do
+ %{conn: conn} = oauth_access(["read"])
+
+ res_conn = get(conn, "/api/v1/accounts/#{local.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+
+ res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+ end
+ end
+
+ describe "user fetching with restrict unauthenticated profiles for remote" do
+ setup do: local_and_remote_users()
+
+ setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
+
+ test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+ res_conn = get(conn, "/api/v1/accounts/#{local.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+
+ res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
+
+ assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
+ "error" => "This API requires an authenticated user"
+ }
+ end
+
+ test "if user is authenticated", %{local: local, remote: remote} do
+ %{conn: conn} = oauth_access(["read"])
+
+ res_conn = get(conn, "/api/v1/accounts/#{local.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
+
+ res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
+ assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)