validate actor type

[akkoma] / test / web / admin_api / controllers / admin_api_controller_test.exs

diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs
index a0c11a354b75f968503ef55b4e296ea743d8db2d..ead840186beba08fca0f38276f48164401bbdcee 100644 (file)
--- a/test/web/admin_api/controllers/admin_api_controller_test.exs
+++ b/test/web/admin_api/controllers/admin_api_controller_test.exs
@@ -148,6 +148,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
   describe "DELETE /api/pleroma/admin/users" do
     test "single user", %{admin: admin, conn: conn} do
       user = insert(:user)
+      clear_config([:instance, :federating], true)
 
       with_mock Pleroma.Web.Federator,
         publish: fn _ -> nil end do
@@ -2843,6 +2844,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert ":proxy_url" in db
     end
 
+    @tag capture_log: true
     test "doesn't set keys not in the whitelist", %{conn: conn} do
       clear_config(:database_config_whitelist, [
         {:pleroma, :key1},
@@ -2947,7 +2949,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     test "excludes reblogs by default", %{conn: conn, user: user} do
       other_user = insert(:user)
       {:ok, activity} = CommonAPI.post(user, %{status: "."})
-      {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, other_user)
+      {:ok, %Activity{}} = CommonAPI.repeat(activity.id, other_user)
 
       conn_res = get(conn, "/api/pleroma/admin/users/#{other_user.nickname}/statuses")
       assert json_response(conn_res, 200) |> length() == 0
@@ -3189,8 +3191,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
   end
 
   describe "PATCH /users/:nickname/credentials" do
-    test "changes password and email", %{conn: conn, admin: admin} do
+    setup do
       user = insert(:user)
+      [user: user]
+    end
+
+    test "changes password and email", %{conn: conn, admin: admin, user: user} do
       assert user.password_reset_pending == false
 
       conn =
@@ -3220,9 +3226,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                "@#{admin.nickname} forced password reset for users: @#{user.nickname}"
     end
 
-    test "returns 403 if requested by a non-admin" do
-      user = insert(:user)
-
+    test "returns 403 if requested by a non-admin", %{user: user} do
       conn =
         build_conn()
         |> assign(:user, user)
@@ -3234,6 +3238,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       assert json_response(conn, :forbidden)
     end
+
+    test "changes actor type from permitted list", %{conn: conn, user: user} do
+      assert user.actor_type == "Person"
+
+      assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+               "actor_type" => "Service"
+             })
+             |> json_response(200) == %{"status" => "success"}
+
+      updated_user = User.get_by_id(user.id)
+
+      assert updated_user.actor_type == "Service"
+
+      assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+               "actor_type" => "Application"
+             })
+             |> json_response(200) == %{"errors" => %{"actor_type" => "is invalid"}}
+    end
+
+    test "update non existing user", %{conn: conn} do
+      assert patch(conn, "/api/pleroma/admin/users/non-existing/credentials", %{
+               "password" => "new_password"
+             })
+             |> json_response(200) == %{"error" => "Unable to update user."}
+    end
   end
 
   describe "PATCH /users/:nickname/force_password_reset" do