tests for setttings without an explicit key

[akkoma] / test / web / admin_api / admin_api_controller_test.exs
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs

index 4148f04bc765d716374c8931d2d4a78e34b16a56..1372edcab241e0bf582fad6d41e6f8dfe02c46c4 100644 (file)
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -10,6 +10,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    alias Pleroma.HTML
    alias Pleroma.ModerationLog
    alias Pleroma.Repo
+  alias Pleroma.ReportNote
    alias Pleroma.Tests.ObanHelpers
    alias Pleroma.User
    alias Pleroma.UserInviteToken
@@ -25,6 +26,60 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      :ok
    end
  
+  clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+    Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+  end
+
+  describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
+    clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+      Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
+    end
+
+    test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope" do
+      user = insert(:user)
+      admin = insert(:user, is_admin: true)
+      url = "/api/pleroma/admin/users/#{user.nickname}"
+
+      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+
+      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+      bad_token3 = nil
+
+      for good_token <- [good_token1, good_token2, good_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, admin)
+          |> assign(:token, good_token)
+          |> get(url)
+
+        assert json_response(conn, 200)
+      end
+
+      for good_token <- [good_token1, good_token2, good_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, nil)
+          |> assign(:token, good_token)
+          |> get(url)
+
+        assert json_response(conn, :forbidden)
+      end
+
+      for bad_token <- [bad_token1, bad_token2, bad_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, admin)
+          |> assign(:token, bad_token)
+          |> get(url)
+
+        assert json_response(conn, :forbidden)
+      end
+    end
+  end
+
    describe "DELETE /api/pleroma/admin/users" do
      test "single user" do
        admin = insert(:user, is_admin: true)
@@ -98,7 +153,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert ["lain", "lain2"] -- Enum.map(log_entry.data["subjects"], & &1["nickname"]) == []
      end
  
-    test "Cannot create user with exisiting email" do
+    test "Cannot create user with existing email" do
        admin = insert(:user, is_admin: true)
        user = insert(:user)
  
@@ -129,7 +184,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
               ]
      end
  
-    test "Cannot create user with exisiting nickname" do
+    test "Cannot create user with existing nickname" do
        admin = insert(:user, is_admin: true)
        user = insert(:user)
  
@@ -1560,7 +1615,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          |> assign(:user, user)
          |> get("/api/pleroma/admin/reports")
  
-      assert json_response(conn, :forbidden) == %{"error" => "User is not admin."}
+      assert json_response(conn, :forbidden) ==
+               %{"error" => "User is not an admin or OAuth admin scope is not granted."}
      end
  
      test "returns 403 when requested by anonymous" do
@@ -1776,61 +1832,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      end
    end
  
-  describe "POST /api/pleroma/admin/reports/:id/respond" do
-    setup %{conn: conn} do
-      admin = insert(:user, is_admin: true)
-
-      %{conn: assign(conn, :user, admin), admin: admin}
-    end
-
-    test "returns created dm", %{conn: conn, admin: admin} do
-      [reporter, target_user] = insert_pair(:user)
-      activity = insert(:note_activity, user: target_user)
-
-      {:ok, %{id: report_id}} =
-        CommonAPI.report(reporter, %{
-          "account_id" => target_user.id,
-          "comment" => "I feel offended",
-          "status_ids" => [activity.id]
-        })
-
-      response =
-        conn
-        |> post("/api/pleroma/admin/reports/#{report_id}/respond", %{
-          "status" => "I will check it out"
-        })
-        |> json_response(:ok)
-
-      recipients = Enum.map(response["mentions"], & &1["username"])
-
-      assert reporter.nickname in recipients
-      assert response["content"] == "I will check it out"
-      assert response["visibility"] == "direct"
-
-      log_entry = Repo.one(ModerationLog)
-
-      assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} responded with 'I will check it out' to report ##{
-                 response["id"]
-               }"
-    end
-
-    test "returns 400 when status is missing", %{conn: conn} do
-      conn = post(conn, "/api/pleroma/admin/reports/test/respond")
-
-      assert json_response(conn, :bad_request) == "Invalid parameters"
-    end
-
-    test "returns 404 when report id is invalid", %{conn: conn} do
-      conn =
-        post(conn, "/api/pleroma/admin/reports/test/respond", %{
-          "status" => "foo"
-        })
-
-      assert json_response(conn, :not_found) == "Not found"
-    end
-  end
-
    describe "PUT /api/pleroma/admin/statuses/:id" do
      setup %{conn: conn} do
        admin = insert(:user, is_admin: true)
@@ -1949,6 +1950,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        %{
          "configs" => [
            %{
+            "group" => ":pleroma",
              "key" => key1,
              "value" => _
            },
@@ -1968,8 +1970,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      setup %{conn: conn} do
        admin = insert(:user, is_admin: true)
  
-      temp_file = "config/test.exported_from_db.secret.exs"
-
        on_exit(fn ->
          Application.delete_env(:pleroma, :key1)
          Application.delete_env(:pleroma, :key2)
@@ -1979,7 +1979,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          Application.delete_env(:pleroma, :keyaa2)
          Application.delete_env(:pleroma, Pleroma.Web.Endpoint.NotReal)
          Application.delete_env(:pleroma, Pleroma.Captcha.NotReal)
-        :ok = File.rm(temp_file)
+        :ok = File.rm("config/test.exported_from_db.secret.exs")
        end)
  
        %{conn: assign(conn, :user, admin)}
@@ -1994,15 +1994,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        conn =
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
-            %{group: "pleroma", key: "key1", value: "value1"},
+            %{group: ":pleroma", key: ":key1", value: "value1"},
              %{
-              group: "ueberauth",
+              group: ":ueberauth",
                key: "Ueberauth.Strategy.Twitter.OAuth",
                value: [%{"tuple" => [":consumer_secret", "aaaa"]}]
              },
              %{
-              group: "pleroma",
-              key: "key2",
+              group: ":pleroma",
+              key: ":key2",
                value: %{
                  ":nested_1" => "nested_value1",
                  ":nested_2" => [
@@ -2012,21 +2012,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                }
              },
              %{
-              group: "pleroma",
-              key: "key3",
+              group: ":pleroma",
+              key: ":key3",
                value: [
                  %{"nested_3" => ":nested_3", "nested_33" => "nested_33"},
                  %{"nested_4" => true}
                ]
              },
              %{
-              group: "pleroma",
-              key: "key4",
+              group: ":pleroma",
+              key: ":key4",
                value: %{":nested_5" => ":upload", "endpoint" => "https://example.com"}
              },
              %{
-              group: "idna",
-              key: "key5",
+              group: ":idna",
+              key: ":key5",
                value: %{"tuple" => ["string", "Pleroma.Captcha.NotReal", []]}
              }
            ]
@@ -2035,18 +2035,18 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert json_response(conn, 200) == %{
                 "configs" => [
                   %{
-                   "group" => "pleroma",
-                   "key" => "key1",
+                   "group" => ":pleroma",
+                   "key" => ":key1",
                     "value" => "value1"
                   },
                   %{
-                   "group" => "ueberauth",
+                   "group" => ":ueberauth",
                     "key" => "Ueberauth.Strategy.Twitter.OAuth",
                     "value" => [%{"tuple" => [":consumer_secret", "aaaa"]}]
                   },
                   %{
-                   "group" => "pleroma",
-                   "key" => "key2",
+                   "group" => ":pleroma",
+                   "key" => ":key2",
                     "value" => %{
                       ":nested_1" => "nested_value1",
                       ":nested_2" => [
@@ -2056,21 +2056,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                     }
                   },
                   %{
-                   "group" => "pleroma",
-                   "key" => "key3",
+                   "group" => ":pleroma",
+                   "key" => ":key3",
                     "value" => [
                       %{"nested_3" => ":nested_3", "nested_33" => "nested_33"},
                       %{"nested_4" => true}
                     ]
                   },
                   %{
-                   "group" => "pleroma",
-                   "key" => "key4",
+                   "group" => ":pleroma",
+                   "key" => ":key4",
                     "value" => %{"endpoint" => "https://example.com", ":nested_5" => ":upload"}
                   },
                   %{
-                   "group" => "idna",
-                   "key" => "key5",
+                   "group" => ":idna",
+                   "key" => ":key5",
                     "value" => %{"tuple" => ["string", "Pleroma.Captcha.NotReal", []]}
                   }
                 ]
@@ -2099,9 +2099,51 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert Application.get_env(:idna, :key5) == {"string", Pleroma.Captcha.NotReal, []}
      end
  
+    test "save config setting without key", %{conn: conn} do
+      initial = Application.get_all_env(:quack)
+      on_exit(fn -> Application.put_all_env([{:quack, initial}]) end)
+
+      conn =
+        post(conn, "/api/pleroma/admin/config", %{
+          configs: [
+            %{
+              group: ":quack",
+              key: ":level",
+              value: ":info"
+            },
+            %{
+              group: ":quack",
+              key: ":meta",
+              value: [":none"]
+            },
+            %{
+              group: ":quack",
+              key: ":webhook_url",
+              value: "https://hooks.slack.com/services/KEY"
+            }
+          ]
+        })
+
+      assert json_response(conn, 200) == %{
+               "configs" => [
+                 %{"group" => ":quack", "key" => ":level", "value" => ":info"},
+                 %{"group" => ":quack", "key" => ":meta", "value" => [":none"]},
+                 %{
+                   "group" => ":quack",
+                   "key" => ":webhook_url",
+                   "value" => "https://hooks.slack.com/services/KEY"
+                 }
+               ]
+             }
+
+      assert Application.get_env(:quack, :level) == :info
+      assert Application.get_env(:quack, :meta) == [:none]
+      assert Application.get_env(:quack, :webhook_url) == "https://hooks.slack.com/services/KEY"
+    end
+
      test "update config setting & delete", %{conn: conn} do
-      config1 = insert(:config, key: "keyaa1")
-      config2 = insert(:config, key: "keyaa2")
+      config1 = insert(:config, key: ":keyaa1")
+      config2 = insert(:config, key: ":keyaa2")
  
        insert(:config,
          group: "ueberauth",
@@ -2125,7 +2167,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert json_response(conn, 200) == %{
                 "configs" => [
                   %{
-                   "group" => "pleroma",
+                   "group" => ":pleroma",
                     "key" => config1.key,
                     "value" => "another_value"
                   }
@@ -2137,11 +2179,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      end
  
      test "common config example", %{conn: conn} do
+      adapter = Application.get_env(:tesla, :adapter)
+      on_exit(fn -> Application.put_env(:tesla, :adapter, adapter) end)
+
        conn =
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
              %{
-              "group" => "pleroma",
+              "group" => ":pleroma",
                "key" => "Pleroma.Captcha.NotReal",
                "value" => [
                  %{"tuple" => [":enabled", false]},
@@ -2153,16 +2198,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                  %{"tuple" => [":regex1", "~r/https:\/\/example.com/"]},
                  %{"tuple" => [":regex2", "~r/https:\/\/example.com/u"]},
                  %{"tuple" => [":regex3", "~r/https:\/\/example.com/i"]},
-                %{"tuple" => [":regex4", "~r/https:\/\/example.com/s"]}
+                %{"tuple" => [":regex4", "~r/https:\/\/example.com/s"]},
+                %{"tuple" => [":name", "Pleroma"]}
                ]
-            }
+            },
+            %{"group" => ":tesla", "key" => ":adapter", "value" => "Tesla.Adapter.Httpc"}
            ]
          })
  
+      assert Application.get_env(:tesla, :adapter) == Tesla.Adapter.Httpc
+      assert Pleroma.Config.get([Pleroma.Captcha.NotReal, :name]) == "Pleroma"
+
        assert json_response(conn, 200) == %{
                 "configs" => [
                   %{
-                   "group" => "pleroma",
+                   "group" => ":pleroma",
                     "key" => "Pleroma.Captcha.NotReal",
                     "value" => [
                       %{"tuple" => [":enabled", false]},
@@ -2174,9 +2224,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                       %{"tuple" => [":regex1", "~r/https:\\/\\/example.com/"]},
                       %{"tuple" => [":regex2", "~r/https:\\/\\/example.com/u"]},
                       %{"tuple" => [":regex3", "~r/https:\\/\\/example.com/i"]},
-                     %{"tuple" => [":regex4", "~r/https:\\/\\/example.com/s"]}
+                     %{"tuple" => [":regex4", "~r/https:\\/\\/example.com/s"]},
+                     %{"tuple" => [":name", "Pleroma"]}
                     ]
-                 }
+                 },
+                 %{"group" => ":tesla", "key" => ":adapter", "value" => "Tesla.Adapter.Httpc"}
                 ]
               }
      end
@@ -2186,7 +2238,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
              %{
-              "group" => "pleroma",
+              "group" => ":pleroma",
                "key" => "Pleroma.Web.Endpoint.NotReal",
                "value" => [
                  %{
@@ -2250,7 +2302,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert json_response(conn, 200) == %{
                 "configs" => [
                   %{
-                   "group" => "pleroma",
+                   "group" => ":pleroma",
                     "key" => "Pleroma.Web.Endpoint.NotReal",
                     "value" => [
                       %{
@@ -2317,7 +2369,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
              %{
-              "group" => "pleroma",
+              "group" => ":pleroma",
                "key" => ":key1",
                "value" => [
                  %{"tuple" => [":key2", "some_val"]},
@@ -2347,7 +2399,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                 %{
                   "configs" => [
                     %{
-                     "group" => "pleroma",
+                     "group" => ":pleroma",
                       "key" => ":key1",
                       "value" => [
                         %{"tuple" => [":key2", "some_val"]},
@@ -2379,7 +2431,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
              %{
-              "group" => "pleroma",
+              "group" => ":pleroma",
                "key" => ":key1",
                "value" => %{"key" => "some_val"}
              }
@@ -2390,7 +2442,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                 %{
                   "configs" => [
                     %{
-                     "group" => "pleroma",
+                     "group" => ":pleroma",
                       "key" => ":key1",
                       "value" => %{"key" => "some_val"}
                     }
@@ -2403,7 +2455,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
              %{
-              "group" => "pleroma",
+              "group" => ":pleroma",
                "key" => "Pleroma.Web.Endpoint.NotReal",
                "value" => [
                  %{
@@ -2436,7 +2488,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert json_response(conn, 200) == %{
                 "configs" => [
                   %{
-                   "group" => "pleroma",
+                   "group" => ":pleroma",
                     "key" => "Pleroma.Web.Endpoint.NotReal",
                     "value" => [
                       %{
@@ -2466,7 +2518,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          post(conn, "/api/pleroma/admin/config", %{
            configs: [
              %{
-              "group" => "oban",
+              "group" => ":oban",
                "key" => ":queues",
                "value" => [
                  %{"tuple" => [":federator_incoming", 50]},
@@ -2484,7 +2536,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
        assert json_response(conn, 200) == %{
                 "configs" => [
                   %{
-                   "group" => "oban",
+                   "group" => ":oban",
                     "key" => ":queues",
                     "value" => [
                       %{"tuple" => [":federator_incoming", 50]},
@@ -2503,7 +2555,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      test "delete part of settings by atom subkeys", %{conn: conn} do
        config =
          insert(:config,
-          key: "keyaa1",
+          key: ":keyaa1",
            value: :erlang.term_to_binary(subkey1: "val1", subkey2: "val2", subkey3: "val3")
          )
  
@@ -2523,8 +2575,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
          json_response(conn, 200) == %{
            "configs" => [
              %{
-              "group" => "pleroma",
-              "key" => "keyaa1",
+              "group" => ":pleroma",
+              "key" => ":keyaa1",
                "value" => [%{"tuple" => [":subkey2", "val2"]}]
              }
            ]
@@ -3027,6 +3079,92 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                 }"
      end
    end
+
+  describe "POST /reports/:id/notes" do
+    setup do
+      admin = insert(:user, is_admin: true)
+      [reporter, target_user] = insert_pair(:user)
+      activity = insert(:note_activity, user: target_user)
+
+      {:ok, %{id: report_id}} =
+        CommonAPI.report(reporter, %{
+          "account_id" => target_user.id,
+          "comment" => "I feel offended",
+          "status_ids" => [activity.id]
+        })
+
+      build_conn()
+      |> assign(:user, admin)
+      |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+        content: "this is disgusting!"
+      })
+
+      build_conn()
+      |> assign(:user, admin)
+      |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+        content: "this is disgusting2!"
+      })
+
+      %{
+        admin_id: admin.id,
+        report_id: report_id,
+        admin: admin
+      }
+    end
+
+    test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
+      [note, _] = Repo.all(ReportNote)
+
+      assert %{
+               activity_id: ^report_id,
+               content: "this is disgusting!",
+               user_id: ^admin_id
+             } = note
+    end
+
+    test "it returns reports with notes", %{admin: admin} do
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/reports")
+
+      response = json_response(conn, 200)
+      notes = hd(response["reports"])["notes"]
+      [note, _] = notes
+
+      assert note["user"]["nickname"] == admin.nickname
+      assert note["content"] == "this is disgusting!"
+      assert note["created_at"]
+      assert response["total"] == 1
+    end
+
+    test "it deletes the note", %{admin: admin, report_id: report_id} do
+      assert ReportNote |> Repo.all() |> length() == 2
+
+      [note, _] = Repo.all(ReportNote)
+
+      build_conn()
+      |> assign(:user, admin)
+      |> delete("/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
+
+      assert ReportNote |> Repo.all() |> length() == 1
+    end
+  end
+
+  test "GET /api/pleroma/admin/config/descriptions", %{conn: conn} do
+    admin = insert(:user, is_admin: true)
+
+    conn =
+      assign(conn, :user, admin)
+      |> get("/api/pleroma/admin/config/descriptions")
+
+    assert [child | _others] = json_response(conn, 200)
+
+    assert child["children"]
+    assert child["key"]
+    assert String.starts_with?(child["group"], ":")
+    assert child["description"]
+  end
  end
  
  # Needed for testing