+
+ test "Convert newlines to <br> in bio", %{conn: conn} do
+ user = insert(:user)
+
+ _conn =
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/update_profile.json", %{
+ "description" => "Hello,\r\nWorld! I\n am a test."
+ })
+
+ user = Repo.get!(User, user.id)
+ assert user.bio == "Hello,<br>World! I<br> am a test."
+ end
+
+ describe "POST /api/pleroma/change_password" do
+ setup [:valid_user]
+
+ test "without credentials", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/change_password")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_password", %{
+ "password" => "hi",
+ "new_password" => "newpass",
+ "new_password_confirmation" => "newpass"
+ })
+
+ assert json_response(conn, 200) == %{"error" => "Invalid password."}
+ end
+
+ test "with credentials, valid password and new password and confirmation not matching", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_password", %{
+ "password" => "test",
+ "new_password" => "newpass",
+ "new_password_confirmation" => "notnewpass"
+ })
+
+ assert json_response(conn, 200) == %{
+ "error" => "New password does not match confirmation."
+ }
+ end
+
+ test "with credentials, valid password and invalid new password", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_password", %{
+ "password" => "test",
+ "new_password" => "",
+ "new_password_confirmation" => ""
+ })
+
+ assert json_response(conn, 200) == %{
+ "error" => "New password can't be blank."
+ }
+ end
+
+ test "with credentials, valid password and matching new password and confirmation", %{
+ conn: conn,
+ user: current_user
+ } do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/change_password", %{
+ "password" => "test",
+ "new_password" => "newpass",
+ "new_password_confirmation" => "newpass"
+ })
+
+ assert json_response(conn, 200) == %{"status" => "success"}
+ fetched_user = Repo.get(User, current_user.id)
+ assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
+ end
+ end
+
+ describe "POST /api/pleroma/delete_account" do
+ setup [:valid_user]
+
+ test "without credentials", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/delete_account")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/delete_account", %{"password" => "hi"})
+
+ assert json_response(conn, 200) == %{"error" => "Invalid password."}
+ end
+
+ test "with credentials and valid password", %{conn: conn, user: current_user} do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/pleroma/delete_account", %{"password" => "test"})
+
+ assert json_response(conn, 200) == %{"status" => "success"}
+ # Wait a second for the started task to end
+ :timer.sleep(1000)
+ end
+ end
+
+ describe "GET /api/pleroma/friend_requests" do
+ test "it lists friend requests" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, _activity} = ActivityPub.follow(other_user, user)
+
+ user = Repo.get(User, user.id)
+ other_user = Repo.get(User, other_user.id)
+
+ assert User.following?(other_user, user) == false
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> get("/api/pleroma/friend_requests")
+
+ assert [relationship] = json_response(conn, 200)
+ assert other_user.id == relationship["id"]
+ end
+ end
+
+ describe "POST /api/pleroma/friendships/approve" do
+ test "it approves a friend request" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, _activity} = ActivityPub.follow(other_user, user)
+
+ user = Repo.get(User, user.id)
+ other_user = Repo.get(User, other_user.id)
+
+ assert User.following?(other_user, user) == false
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
+
+ assert relationship = json_response(conn, 200)
+ assert other_user.id == relationship["id"]
+ assert relationship["follows_you"] == true
+ end
+ end
+
+ describe "POST /api/pleroma/friendships/deny" do
+ test "it denies a friend request" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, _activity} = ActivityPub.follow(other_user, user)
+
+ user = Repo.get(User, user.id)
+ other_user = Repo.get(User, other_user.id)
+
+ assert User.following?(other_user, user) == false
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
+
+ assert relationship = json_response(conn, 200)
+ assert other_user.id == relationship["id"]
+ assert relationship["follows_you"] == false
+ end
+ end
+
+ describe "GET /api/pleroma/search_user" do
+ test "it returns users, ordered by similarity", %{conn: conn} do
+ user = insert(:user, %{name: "eal"})
+ user_two = insert(:user, %{name: "eal me"})
+ _user_three = insert(:user, %{name: "zzz"})
+
+ resp =
+ conn
+ |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
+ |> json_response(200)
+
+ assert length(resp) == 2
+ assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
+ end
+ end
+
+ describe "POST /api/media/upload" do
+ setup context do
+ Pleroma.DataCase.ensure_local_uploader(context)
+ end
+
+ test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
+ conn: conn
+ } do
+ user = insert(:user)
+
+ upload_filename = "test/fixtures/image_tmp.jpg"
+ File.cp!("test/fixtures/image.jpg", upload_filename)
+
+ file = %Plug.Upload{
+ content_type: "image/jpg",
+ path: Path.absname(upload_filename),
+ filename: "image.jpg"
+ }
+
+ response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/octet-stream")
+ |> post("/api/media/upload", %{
+ "media" => file
+ })
+ |> json_response(:ok)
+
+ assert response["media_id"]
+ object = Repo.get(Object, response["media_id"])
+ assert object
+ assert object.data["actor"] == User.ap_id(user)
+ end
+ end
+
+ describe "POST /api/media/metadata/create" do
+ setup do
+ object = insert(:note)
+ user = User.get_by_ap_id(object.data["actor"])
+ %{object: object, user: user}
+ end
+
+ test "it returns :forbidden status on attempt to modify someone else's upload", %{
+ conn: conn,
+ object: object
+ } do
+ initial_description = object.data["name"]
+ another_user = insert(:user)
+
+ conn
+ |> assign(:user, another_user)
+ |> post("/api/media/metadata/create", %{"media_id" => object.id})
+ |> json_response(:forbidden)
+
+ object = Repo.get(Object, object.id)
+ assert object.data["name"] == initial_description
+ end
+
+ test "it updates `data[name]` of referenced Object with provided value", %{
+ conn: conn,
+ object: object,
+ user: user
+ } do
+ description = "Informative description of the image. Initial value: #{object.data["name"]}}"
+
+ conn
+ |> assign(:user, user)
+ |> post("/api/media/metadata/create", %{
+ "media_id" => object.id,
+ "alt_text" => %{"text" => description}
+ })
+ |> json_response(:no_content)
+
+ object = Repo.get(Object, object.id)
+ assert object.data["name"] == description
+ end
+ end
+
+ describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
+ test "it returns a list of pinned statuses", %{conn: conn} do
+ Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+
+ user = insert(:user, %{name: "egor"})
+ {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
+ {:ok, _} = CommonAPI.pin(activity_id, user)
+
+ resp =
+ conn
+ |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
+ |> json_response(200)
+
+ assert length(resp) == 1
+ assert [%{"id" => ^activity_id, "pinned" => true}] = resp
+ end
+ end
+
+ describe "POST /api/statuses/pin/:id" do
+ setup do
+ Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+ [user: insert(:user)]
+ end
+
+ test "without valid credentials", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials", %{conn: conn, user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
+
+ request_path = "/api/statuses/pin/#{activity.id}.json"
+
+ response =
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> post(request_path)
+
+ user = refresh_record(user)
+
+ assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: user})
+ end
+ end
+
+ describe "POST /api/statuses/unpin/:id" do
+ setup do
+ Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+ [user: insert(:user)]
+ end
+
+ test "without valid credentials", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials", %{conn: conn, user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
+ {:ok, activity} = CommonAPI.pin(activity.id, user)
+
+ request_path = "/api/statuses/unpin/#{activity.id}.json"
+
+ response =
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> post(request_path)
+
+ user = refresh_record(user)
+
+ assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: user})
+ end
+ end