X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=test%2Fpleroma%2Fweb%2Fmastodon_api%2Fupdate_credentials_test.exs;h=4aec31eacd07088edde803686b2ea9c86c7c3a8a;hb=c2ae3273d5d8667967891e9c1672c653188e5446;hp=130cbe8d171b614435ebb5a28a1ed98404d2c86c;hpb=3e9c0b380a02011770ee28a6938f5bbec05cc093;p=akkoma
diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs
index 130cbe8d1..4aec31eac 100644
--- a/test/pleroma/web/mastodon_api/update_credentials_test.exs
+++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs
@@ -388,7 +388,7 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
"pleroma_background_image" => new_background_oversized
})
- assert user_response = json_response_and_validate_schema(res, 413)
+ assert json_response_and_validate_schema(res, 413)
assert user.background == %{}
clear_config([:instance, :upload_limit], upload_limit)
@@ -396,6 +396,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
end
+ test "Strip / from upload files", %{user: user, conn: conn} do
+ new_image = %Plug.Upload{
+ content_type: "image/jpeg",
+ path: Path.absname("test/fixtures/image.jpg"),
+ filename: "../../../../nested/an_image.jpg"
+ }
+
+ assert user.avatar == %{}
+
+ res =
+ patch(conn, "/api/v1/accounts/update_credentials", %{
+ "avatar" => new_image,
+ "header" => new_image,
+ "pleroma_background_image" => new_image
+ })
+
+ assert user_response = json_response_and_validate_schema(res, 200)
+ assert user_response["avatar"]
+ assert user_response["header"]
+ assert user_response["pleroma"]["background_image"]
+ refute Regex.match?(~r"/nested/", user_response["avatar"])
+ refute Regex.match?(~r"/nested/", user_response["header"])
+ refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
+
+ user = User.get_by_id(user.id)
+ refute user.avatar == %{}
+ end
+
test "requires 'write:accounts' permission" do
token1 = insert(:oauth_token, scopes: ["read"])
token2 = insert(:oauth_token, scopes: ["write", "follow"])
@@ -439,13 +467,13 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
test "update fields", %{conn: conn} do
fields = [
- %{"name" => "foo", "value" => ""},
- %{"name" => "link.io", "value" => "cofe.io"}
+ %{name: "foo", value: ""},
+ %{name: "link.io", value: "cofe.io"}
]
account_data =
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(200)
assert account_data["fields"] == [
@@ -465,15 +493,78 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
]
end
+ test "update fields with a link to content with rel=me, with ap id", %{user: user, conn: conn} do
+ Tesla.Mock.mock(fn
+ %{url: "http://example.com/rel_me/ap_id"} ->
+ %Tesla.Env{
+ status: 200,
+ body: ~s[]
+ }
+ end)
+
+ field = %{name: "Website", value: "http://example.com/rel_me/ap_id"}
+
+ account_data =
+ conn
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: [field]})
+ |> json_response_and_validate_schema(200)
+
+ assert [
+ %{
+ "name" => "Website",
+ "value" =>
+ ~s[http://example.com/rel_me/ap_id],
+ "verified_at" => verified_at
+ }
+ ] = account_data["fields"]
+
+ {:ok, verified_at, _} = DateTime.from_iso8601(verified_at)
+ assert DateTime.diff(DateTime.utc_now(), verified_at) < 10
+ end
+
+ test "update fields with a link to content with rel=me, with frontend path", %{
+ user: user,
+ conn: conn
+ } do
+ fe_url = "#{Pleroma.Web.Endpoint.url()}/#{user.nickname}"
+
+ Tesla.Mock.mock(fn
+ %{url: "http://example.com/rel_me/fe_path"} ->
+ %Tesla.Env{
+ status: 200,
+ body: ~s[]
+ }
+ end)
+
+ field = %{name: "Website", value: "http://example.com/rel_me/fe_path"}
+
+ account_data =
+ conn
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: [field]})
+ |> json_response_and_validate_schema(200)
+
+ assert [
+ %{
+ "name" => "Website",
+ "value" =>
+ ~s[http://example.com/rel_me/fe_path],
+ "verified_at" => verified_at
+ }
+ ] = account_data["fields"]
+
+ {:ok, verified_at, _} = DateTime.from_iso8601(verified_at)
+ assert DateTime.diff(DateTime.utc_now(), verified_at) < 10
+ end
+
test "emojis in fields labels", %{conn: conn} do
fields = [
- %{"name" => ":firefox:", "value" => "is best 2hu"},
- %{"name" => "they wins", "value" => ":blank:"}
+ %{name: ":firefox:", value: "is best 2hu"},
+ %{name: "they wins", value: ":blank:"}
]
account_data =
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(200)
assert account_data["fields"] == [
@@ -521,13 +612,13 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
test "update fields with empty name", %{conn: conn} do
fields = [
- %{"name" => "foo", "value" => ""},
- %{"name" => "", "value" => "bar"}
+ %{name: "foo", value: ""},
+ %{name: "", value: "bar"}
]
account =
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(200)
assert account["fields"] == [
@@ -542,30 +633,30 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
- fields = [%{"name" => "foo", "value" => long_value}]
+ fields = [%{name: "foo", value: long_value}]
assert %{"error" => "Invalid request"} ==
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(403)
- fields = [%{"name" => long_name, "value" => "bar"}]
+ fields = [%{name: long_name, value: "bar"}]
assert %{"error" => "Invalid request"} ==
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(403)
clear_config([:instance, :max_account_fields], 1)
fields = [
- %{"name" => "foo", "value" => "bar"},
+ %{name: "foo", value: "bar"},
%{"name" => "link", "value" => "cofe.io"}
]
assert %{"error" => "Invalid request"} ==
conn
- |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+ |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
|> json_response_and_validate_schema(403)
end
end