# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
import Mock
import Pleroma.Factory
- setup do: clear_config([:instance, :max_account_fields])
-
describe "updating credentials" do
setup do: oauth_access(["write:accounts"])
setup :request_content_type
assert user_data = json_response_and_validate_schema(conn, 200)
assert user_data["note"] ==
- ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
- user2.id
- }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
+ ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{user2.id}" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
assert user_data["source"]["note"] == raw_bio
assert user_data["locked"] == true
end
- test "updates the user's chat acceptance status", %{conn: conn} do
- conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
-
- assert user_data = json_response_and_validate_schema(conn, 200)
- assert user_data["pleroma"]["accepts_chat_messages"] == false
- end
-
test "updates the user's allow_following_move", %{user: user, conn: conn} do
assert user.allow_following_move == true
assert update_activity.data["object"]["name"] == "markorepairs"
end
+ test "updates the user's default post expiry", %{conn: conn} do
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "1"})
+
+ assert user_data = json_response_and_validate_schema(conn, 200)
+ assert user_data["akkoma"]["status_ttl_days"] == 1
+ end
+
+ test "resets the user's default post expiry", %{conn: conn} do
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "-1"})
+
+ assert user_data = json_response_and_validate_schema(conn, 200)
+ assert is_nil(user_data["akkoma"]["status_ttl_days"])
+ end
+
+ test "does not allow negative integers other than -1 for TTL", %{conn: conn} do
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "-2"})
+
+ assert json_response_and_validate_schema(conn, 403)
+ end
+
test "updates the user's AKAs", %{conn: conn} do
conn =
patch(conn, "/api/v1/accounts/update_credentials", %{
assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
end
+ test "doesn't update non-url akas", %{conn: conn} do
+ conn =
+ patch(conn, "/api/v1/accounts/update_credentials", %{
+ "also_known_as" => ["aReallyCoolGuy"]
+ })
+
+ assert json_response_and_validate_schema(conn, 403)
+ end
+
test "updates the user's avatar", %{user: user, conn: conn} do
new_avatar = %Plug.Upload{
- content_type: "image/jpg",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
assert user.avatar == nil
end
+ test "updates the user's avatar, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
+ upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
+
+ assert :ok ==
+ File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
+
+ new_avatar_oversized = %Plug.Upload{
+ content_type: nil,
+ path: Path.absname("test/tmp/large_binary.data"),
+ filename: "large_binary.data"
+ }
+
+ assert user.avatar == %{}
+
+ res =
+ patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar_oversized})
+
+ assert user_response = json_response_and_validate_schema(res, 413)
+ assert user_response["avatar"] != User.avatar_url(user)
+
+ user = User.get_by_id(user.id)
+ assert user.avatar == %{}
+
+ clear_config([:instance, :upload_limit], upload_limit)
+
+ assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
+ end
+
test "updates the user's banner", %{user: user, conn: conn} do
new_header = %Plug.Upload{
- content_type: "image/jpg",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
assert user.banner == nil
end
+ test "updates the user's banner, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
+ upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
+
+ assert :ok ==
+ File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
+
+ new_header_oversized = %Plug.Upload{
+ content_type: nil,
+ path: Path.absname("test/tmp/large_binary.data"),
+ filename: "large_binary.data"
+ }
+
+ res =
+ patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header_oversized})
+
+ assert user_response = json_response_and_validate_schema(res, 413)
+ assert user_response["header"] != User.banner_url(user)
+
+ user = User.get_by_id(user.id)
+ assert user.banner == %{}
+
+ clear_config([:instance, :upload_limit], upload_limit)
+
+ assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
+ end
+
test "updates the user's background", %{conn: conn, user: user} do
new_header = %Plug.Upload{
- content_type: "image/jpg",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
assert user.background == nil
end
+ test "updates the user's background, upload_limit, returns a HTTP 413", %{
+ conn: conn,
+ user: user
+ } do
+ upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
+
+ assert :ok ==
+ File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
+
+ new_background_oversized = %Plug.Upload{
+ content_type: nil,
+ path: Path.absname("test/tmp/large_binary.data"),
+ filename: "large_binary.data"
+ }
+
+ res =
+ patch(conn, "/api/v1/accounts/update_credentials", %{
+ "pleroma_background_image" => new_background_oversized
+ })
+
+ assert json_response_and_validate_schema(res, 413)
+ assert user.background == %{}
+
+ clear_config([:instance, :upload_limit], upload_limit)
+
+ assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
+ end
+
test "requires 'write:accounts' permission" do
token1 = insert(:oauth_token, scopes: ["read"])
token2 = insert(:oauth_token, scopes: ["write", "follow"])
test "update fields", %{conn: conn} do
fields = [
- %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
- %{"name" => "link.io", "value" => "cofe.io"}
+ %{name: "<a href=\"http://google.com\">foo</a>", value: "<script>bar</script>"},
+ %{name: "link.io", value: "cofe.io"}
]
account_data =
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(200)
assert account_data["fields"] == [
test "emojis in fields labels", %{conn: conn} do
fields = [
- %{"name" => ":firefox:", "value" => "is best 2hu"},
- %{"name" => "they wins", "value" => ":blank:"}
+ %{name: ":firefox:", value: "is best 2hu"},
+ %{name: "they wins", value: ":blank:"}
]
account_data =
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(200)
assert account_data["fields"] == [
test "update fields with empty name", %{conn: conn} do
fields = [
- %{"name" => "foo", "value" => ""},
- %{"name" => "", "value" => "bar"}
+ %{name: "foo", value: ""},
+ %{name: "", value: "bar"}
]
account =
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(200)
assert account["fields"] == [
long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
- fields = [%{"name" => "foo", "value" => long_value}]
+ fields = [%{name: "foo", value: long_value}]
assert %{"error" => "Invalid request"} ==
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(403)
- fields = [%{"name" => long_name, "value" => "bar"}]
+ fields = [%{name: long_name, value: "bar"}]
assert %{"error" => "Invalid request"} ==
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(403)
- Pleroma.Config.put([:instance, :max_account_fields], 1)
+ clear_config([:instance, :max_account_fields], 1)
fields = [
- %{"name" => "foo", "value" => "bar"},
+ %{name: "foo", value: "bar"},
%{"name" => "link", "value" => "cofe.io"}
]
assert %{"error" => "Invalid request"} ==
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(403)
end
end
projects / akkoma / blobdiff