X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Fmastodon_api%2Fcontrollers%2Ftimeline_controller_test.exs;h=6fedb4223d8963bbeb7b4251820e8b4f2960caf2;hb=9bae9b1b1bf4f48e20ce0b2d9b670648d052e069;hp=d3652d964b17ee2ddc22096ebc6bd5f811eabf58;hpb=26f66fb70ab1bd777a92daf4347aaa63b044d0af;p=akkoma
diff --git a/test/web/mastodon_api/controllers/timeline_controller_test.exs b/test/web/mastodon_api/controllers/timeline_controller_test.exs
index d3652d964..6fedb4223 100644
--- a/test/web/mastodon_api/controllers/timeline_controller_test.exs
+++ b/test/web/mastodon_api/controllers/timeline_controller_test.exs
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
@@ -11,36 +11,49 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
alias Pleroma.Config
alias Pleroma.User
alias Pleroma.Web.CommonAPI
- alias Pleroma.Web.OStatus
-
- clear_config([:instance, :public])
setup do
mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
:ok
end
- test "the home timeline", %{conn: conn} do
- user = insert(:user)
- following = insert(:user)
+ describe "home" do
+ setup do: oauth_access(["read:statuses"])
+
+ test "the home timeline", %{user: user, conn: conn} do
+ following = insert(:user)
+
+ {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+
+ ret_conn = get(conn, "/api/v1/timelines/home")
- {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+ assert Enum.empty?(json_response(ret_conn, :ok))
+
+ {:ok, _user} = User.follow(user, following)
+
+ conn = get(conn, "/api/v1/timelines/home")
+
+ assert [%{"content" => "test"}] = json_response(conn, :ok)
+ end
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/home")
+ test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do
+ {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
+ {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
- assert Enum.empty?(json_response(conn, :ok))
+ {:ok, unlisted_activity} =
+ CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
- {:ok, user} = User.follow(user, following)
+ {:ok, private_activity} =
+ CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
- conn =
- build_conn()
- |> assign(:user, user)
- |> get("/api/v1/timelines/home")
+ conn = get(conn, "/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
- assert [%{"content" => "test"}] = json_response(conn, :ok)
+ assert status_ids = json_response(conn, :ok) |> Enum.map(& &1["id"])
+ assert public_activity.id in status_ids
+ assert unlisted_activity.id in status_ids
+ assert private_activity.id in status_ids
+ refute direct_activity.id in status_ids
+ end
end
describe "public" do
@@ -50,8 +63,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
{:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
- {:ok, [_activity]} =
- OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873")
+ _activity = insert(:note_activity, local: false)
conn = get(conn, "/api/v1/timelines/public", %{"local" => "False"})
@@ -66,21 +78,8 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
assert [%{"content" => "test"}] = json_response(conn, :ok)
end
- test "the public timeline when public is set to false", %{conn: conn} do
- Config.put([:instance, :public], false)
-
- assert %{"error" => "This resource requires authentication."} ==
- conn
- |> get("/api/v1/timelines/public", %{"local" => "False"})
- |> json_response(:forbidden)
- end
-
test "the public timeline includes only public statuses for an authenticated user" do
- user = insert(:user)
-
- conn =
- build_conn()
- |> assign(:user, user)
+ %{user: user, conn: conn} = oauth_access(["read:statuses"])
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
@@ -92,6 +91,98 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
end
end
+ defp local_and_remote_activities do
+ insert(:note_activity)
+ insert(:note_activity, local: false)
+ :ok
+ end
+
+ describe "public with restrict unauthenticated timeline for local and federated timelines" do
+ setup do: local_and_remote_activities()
+
+ setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
+
+ setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
+
+ test "if user is unauthenticated", %{conn: conn} do
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+
+ assert json_response(res_conn, :unauthorized) == %{
+ "error" => "authorization required for timeline view"
+ }
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+
+ assert json_response(res_conn, :unauthorized) == %{
+ "error" => "authorization required for timeline view"
+ }
+ end
+
+ test "if user is authenticated" do
+ %{conn: conn} = oauth_access(["read:statuses"])
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+ assert length(json_response(res_conn, 200)) == 1
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+ assert length(json_response(res_conn, 200)) == 2
+ end
+ end
+
+ describe "public with restrict unauthenticated timeline for local" do
+ setup do: local_and_remote_activities()
+
+ setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
+
+ test "if user is unauthenticated", %{conn: conn} do
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+
+ assert json_response(res_conn, :unauthorized) == %{
+ "error" => "authorization required for timeline view"
+ }
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+ assert length(json_response(res_conn, 200)) == 2
+ end
+
+ test "if user is authenticated", %{conn: _conn} do
+ %{conn: conn} = oauth_access(["read:statuses"])
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+ assert length(json_response(res_conn, 200)) == 1
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+ assert length(json_response(res_conn, 200)) == 2
+ end
+ end
+
+ describe "public with restrict unauthenticated timeline for remote" do
+ setup do: local_and_remote_activities()
+
+ setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
+
+ test "if user is unauthenticated", %{conn: conn} do
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+ assert length(json_response(res_conn, 200)) == 1
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+
+ assert json_response(res_conn, :unauthorized) == %{
+ "error" => "authorization required for timeline view"
+ }
+ end
+
+ test "if user is authenticated", %{conn: _conn} do
+ %{conn: conn} = oauth_access(["read:statuses"])
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+ assert length(json_response(res_conn, 200)) == 1
+
+ res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+ assert length(json_response(res_conn, 200)) == 2
+ end
+ end
+
describe "direct" do
test "direct timeline", %{conn: conn} do
user_one = insert(:user)
@@ -111,11 +202,13 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
"visibility" => "private"
})
- # Only direct should be visible here
- res_conn =
+ conn_user_two =
conn
|> assign(:user, user_two)
- |> get("api/v1/timelines/direct")
+ |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
+
+ # Only direct should be visible here
+ res_conn = get(conn_user_two, "api/v1/timelines/direct")
[status] = json_response(res_conn, :ok)
@@ -126,6 +219,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
res_conn =
build_conn()
|> assign(:user, user_one)
+ |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
|> get("api/v1/timelines/direct")
[status] = json_response(res_conn, :ok)
@@ -133,10 +227,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
assert %{"visibility" => "direct"} = status
# Both should be visible here
- res_conn =
- conn
- |> assign(:user, user_two)
- |> get("api/v1/timelines/home")
+ res_conn = get(conn_user_two, "api/v1/timelines/home")
[_s1, _s2] = json_response(res_conn, :ok)
@@ -149,29 +240,24 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
})
end)
- res_conn =
- conn
- |> assign(:user, user_two)
- |> get("api/v1/timelines/direct")
+ res_conn = get(conn_user_two, "api/v1/timelines/direct")
statuses = json_response(res_conn, :ok)
assert length(statuses) == 20
res_conn =
- conn
- |> assign(:user, user_two)
- |> get("api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
+ get(conn_user_two, "api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
[status] = json_response(res_conn, :ok)
assert status["url"] != direct.data["id"]
end
- test "doesn't include DMs from blocked users", %{conn: conn} do
- blocker = insert(:user)
+ test "doesn't include DMs from blocked users" do
+ %{user: blocker, conn: conn} = oauth_access(["read:statuses"])
blocked = insert(:user)
- user = insert(:user)
- {:ok, blocker} = User.block(blocker, blocked)
+ other_user = insert(:user)
+ {:ok, _user_relationship} = User.block(blocker, blocked)
{:ok, _blocked_direct} =
CommonAPI.post(blocked, %{
@@ -180,15 +266,12 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
})
{:ok, direct} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "Hi @#{blocker.nickname}!",
"visibility" => "direct"
})
- res_conn =
- conn
- |> assign(:user, user)
- |> get("api/v1/timelines/direct")
+ res_conn = get(conn, "api/v1/timelines/direct")
[status] = json_response(res_conn, :ok)
assert status["id"] == direct.id
@@ -196,26 +279,26 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
end
describe "list" do
- test "list timeline", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["read:lists"])
+
+ test "list timeline", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
{:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/list/#{list.id}")
+ conn = get(conn, "/api/v1/timelines/list/#{list.id}")
assert [%{"id" => id}] = json_response(conn, :ok)
assert id == to_string(activity_two.id)
end
- test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do
- user = insert(:user)
+ test "list timeline does not leak non-public statuses for unfollowed users", %{
+ user: user,
+ conn: conn
+ } do
other_user = insert(:user)
{:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
@@ -228,10 +311,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/list/#{list.id}")
+ conn = get(conn, "/api/v1/timelines/list/#{list.id}")
assert [%{"id" => id}] = json_response(conn, :ok)
@@ -240,15 +320,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
end
describe "hashtag" do
+ setup do: oauth_access(["n/a"])
+
@tag capture_log: true
test "hashtag timeline", %{conn: conn} do
following = insert(:user)
{:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"})
- {:ok, [_activity]} =
- OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873")
-
nconn = get(conn, "/api/v1/timelines/tag/2hu")
assert [%{"id" => id}] = json_response(nconn, :ok)