defmodule Pleroma.Web.TwitterAPI.ControllerTest do
use Pleroma.Web.ConnCase
- alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
- alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
- alias Pleroma.{Repo, Activity, User, Object, Notification}
+ alias Comeonin.Pbkdf2
+ alias Ecto.Changeset
+ alias Pleroma.Activity
+ alias Pleroma.Builders.ActivityBuilder
+ alias Pleroma.Builders.UserBuilder
+ alias Pleroma.Notification
+ alias Pleroma.Object
+ alias Pleroma.Repo
+ alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
+ alias Pleroma.Web.CommonAPI
alias Pleroma.Web.OAuth.Token
- alias Pleroma.Web.TwitterAPI.UserView
+ alias Pleroma.Web.TwitterAPI.ActivityView
+ alias Pleroma.Web.TwitterAPI.Controller
alias Pleroma.Web.TwitterAPI.NotificationView
- alias Pleroma.Web.CommonAPI
alias Pleroma.Web.TwitterAPI.TwitterAPI
- alias Comeonin.Pbkdf2
- alias Ecto.Changeset
+ alias Pleroma.Web.TwitterAPI.UserView
import Pleroma.Factory
+ import Mock
@banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
|> post(request_path, %{status: "Nice meme.", visibility: "private"})
assert json_response(conn, 200) ==
- ActivityRepresenter.to_map(Repo.one(Activity), %{user: user, for: user})
+ ActivityView.render("activity.json", %{
+ activity: Repo.one(Activity),
+ user: user,
+ for: user
+ })
end
end
|> get("/api/statuses/public_timeline.json")
|> json_response(200)
end
+
+ test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
+ Controller,
+ [:passthrough],
+ [] do
+ token = insert(:oauth_token, scopes: ["write"])
+
+ build_conn()
+ |> put_req_header("authorization", "Bearer #{token.token}")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+
+ assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
+ end
end
describe "GET /statuses/public_and_external_timeline.json" do
response = json_response(conn, 200)
- assert response == ActivityRepresenter.to_map(activity, %{user: actor})
+ assert response == ActivityView.render("activity.json", %{activity: activity, user: actor})
end
end
assert response ==
Enum.map(returned_activities, fn activity ->
- ActivityRepresenter.to_map(activity, %{
+ ActivityView.render("activity.json", %{
+ activity: activity,
user: User.get_cached_by_ap_id(activity.data["actor"]),
for: current_user
})
assert status["id"] == direct_two.id
assert status_two["id"] == direct.id
end
+
+ test "doesn't include DMs from blocked users", %{conn: conn} do
+ blocker = insert(:user)
+ blocked = insert(:user)
+ user = insert(:user)
+ {:ok, blocker} = User.block(blocker, blocked)
+
+ {:ok, _blocked_direct} =
+ CommonAPI.post(blocked, %{
+ "status" => "Hi @#{blocker.nickname}!",
+ "visibility" => "direct"
+ })
+
+ {:ok, direct} =
+ CommonAPI.post(user, %{
+ "status" => "Hi @#{blocker.nickname}!",
+ "visibility" => "direct"
+ })
+
+ res_conn =
+ conn
+ |> assign(:user, blocker)
+ |> get("/api/statuses/dm_timeline.json")
+
+ [status] = json_response(res_conn, 200)
+ assert status["id"] == direct.id
+ end
end
describe "GET /statuses/mentions.json" do
test "with credentials", %{conn: conn, user: current_user} do
{:ok, activity} =
- ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
+ CommonAPI.post(current_user, %{
+ "status" => "why is tenshi eating a corndog so cute?",
+ "visibility" => "public"
+ })
conn =
conn
assert length(response) == 1
assert Enum.at(response, 0) ==
- ActivityRepresenter.to_map(activity, %{
+ ActivityView.render("activity.json", %{
user: current_user,
for: current_user,
- mentioned: [current_user]
+ activity: activity
})
end
+
+ test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
+ {:ok, _activity} =
+ CommonAPI.post(current_user, %{
+ "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
+ "visibility" => "direct"
+ })
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> get("/api/statuses/mentions.json")
+
+ response = json_response(conn, 200)
+
+ assert Enum.empty?(response)
+ end
end
describe "GET /api/qvitter/statuses/notifications.json" do
conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with screen_name", %{conn: conn} do
conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with credentials", %{conn: conn, user: current_user} do
assert length(response) == 1
assert Enum.at(response, 0) ==
- ActivityRepresenter.to_map(activity, %{user: current_user, for: current_user})
+ ActivityView.render("activity.json", %{
+ user: current_user,
+ for: current_user,
+ activity: activity
+ })
end
test "with credentials with user_id", %{conn: conn, user: current_user} do
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with credentials screen_name", %{conn: conn, user: current_user} do
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
conn =
conn
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
end
|> with_credentials(current_user.nickname, "test")
|> post("/api/friendships/create.json", %{user_id: followed.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert User.ap_followers(followed) in current_user.following
assert json_response(conn, 200) ==
UserView.render("show.json", %{user: followed, for: current_user})
end
+
+ test "for restricted account", %{conn: conn, user: current_user} do
+ followed = insert(:user, info: %User.Info{locked: true})
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/friendships/create.json", %{user_id: followed.id})
+
+ current_user = User.get_by_id(current_user.id)
+ followed = User.get_by_id(followed.id)
+
+ refute User.ap_followers(followed) in current_user.following
+
+ assert json_response(conn, 200) ==
+ UserView.render("show.json", %{user: followed, for: current_user})
+ end
end
describe "POST /friendships/destroy.json" do
|> with_credentials(current_user.nickname, "test")
|> post("/api/friendships/destroy.json", %{user_id: followed.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert current_user.following == [current_user.ap_id]
assert json_response(conn, 200) ==
|> with_credentials(current_user.nickname, "test")
|> post("/api/blocks/create.json", %{user_id: blocked.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert User.blocks?(current_user, blocked)
assert json_response(conn, 200) ==
|> with_credentials(current_user.nickname, "test")
|> post("/api/blocks/destroy.json", %{user_id: blocked.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert current_user.info.blocks == []
assert json_response(conn, 200) ==
|> with_credentials(current_user.nickname, "test")
|> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert is_map(current_user.avatar)
assert json_response(conn, 200) ==
|> with_credentials(current_user.nickname, "test")
|> post(request_path)
- activity = Repo.get(Activity, note_activity.id)
+ activity = Activity.get_by_id(note_activity.id)
activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
assert json_response(response, 200) ==
- ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
+ ActivityView.render("activity.json", %{
+ user: activity_user,
+ for: current_user,
+ activity: activity
+ })
end
end
|> with_credentials(current_user.nickname, "test")
|> post(request_path)
- activity = Repo.get(Activity, note_activity.id)
+ activity = Activity.get_by_id(note_activity.id)
activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
assert json_response(response, 200) ==
- ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
+ ActivityView.render("activity.json", %{
+ user: activity_user,
+ for: current_user,
+ activity: activity
+ })
end
end
test "it confirms the user account", %{conn: conn, user: user} do
get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
- user = Repo.get(User, user.id)
+ user = User.get_by_id(user.id)
refute user.info.confirmation_pending
refute user.info.confirmation_token
assert Enum.sort(expected) == Enum.sort(result)
end
- test "it returns 20 friends per page", %{conn: conn} do
+ test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
user = insert(:user)
followeds = insert_list(21, :user)
result = json_response(res_conn, 200)
assert length(result) == 1
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/friends", %{all: true})
+
+ result = json_response(res_conn, 200)
+ assert length(result) == 21
end
test "it returns a given user's friends with user_id", %{conn: conn} do
})
assert json_response(conn, 200) == %{"status" => "success"}
- fetched_user = Repo.get(User, current_user.id)
+ fetched_user = User.get_by_id(current_user.id)
assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
end
end
{:ok, _activity} = ActivityPub.follow(other_user, user)
- user = Repo.get(User, user.id)
- other_user = Repo.get(User, other_user.id)
+ user = User.get_by_id(user.id)
+ other_user = User.get_by_id(other_user.id)
assert User.following?(other_user, user) == false
assert [relationship] = json_response(conn, 200)
assert other_user.id == relationship["id"]
end
+
+ test "requires 'read' permission", %{conn: conn} do
+ token1 = insert(:oauth_token, scopes: ["write"])
+ token2 = insert(:oauth_token, scopes: ["read"])
+
+ for token <- [token1, token2] do
+ conn =
+ conn
+ |> put_req_header("authorization", "Bearer #{token.token}")
+ |> get("/api/pleroma/friend_requests")
+
+ if token == token1 do
+ assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
+ else
+ assert json_response(conn, 200)
+ end
+ end
+ end
end
describe "POST /api/pleroma/friendships/approve" do
{:ok, _activity} = ActivityPub.follow(other_user, user)
- user = Repo.get(User, user.id)
- other_user = Repo.get(User, other_user.id)
+ user = User.get_by_id(user.id)
+ other_user = User.get_by_id(other_user.id)
assert User.following?(other_user, user) == false
{:ok, _activity} = ActivityPub.follow(other_user, user)
- user = Repo.get(User, user.id)
- other_user = Repo.get(User, other_user.id)
+ user = User.get_by_id(user.id)
+ other_user = User.get_by_id(other_user.id)
assert User.following?(other_user, user) == false
user = refresh_record(user)
assert json_response(response, 200) ==
- ActivityRepresenter.to_map(activity, %{user: user, for: user})
+ ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
end
end
user = refresh_record(user)
assert json_response(response, 200) ==
- ActivityRepresenter.to_map(activity, %{user: user, for: user})
+ ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
end
end
|> hd()
|> Map.keys()
- assert keys -- ["id", "refresh_token", "token", "valid_until"] == []
+ assert keys -- ["id", "app_name", "valid_until"] == []
end
test "revoke token", %{token: token} do
projects / akkoma / blobdiff