X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Fmastodon_api%2Fmastodon_api_controller_test.exs;h=60dafcf0309f609505f348d544fe6f29416fcdcc;hb=0c2a0e3551f26bff8fa6161356ddcefb791baccf;hp=e45b5c9c26e1ca50bcd0efb7d147916ecff7bfe1;hpb=c99b9b9d926b30e417c2a44fa3f0f64029f76b2d;p=akkoma diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index e45b5c9c2..60dafcf03 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -206,7 +206,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") - assert %{"id" => id} = json_response(conn, 200) + assert %{"id" => id, "source" => %{"privacy" => "public"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + + test "verify_credentials default scope unlisted", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "unlisted"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) assert id == to_string(user.id) end @@ -368,6 +380,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert id == to_string(activity_two.id) end + + test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + + {:ok, activity_two} = + TwitterAPI.create_status(other_user, %{ + "status" => "Marisa is cute.", + "visibility" => "private" + }) + + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/timelines/list/#{list.id}") + + assert [%{"id" => id}] = json_response(conn, 200) + + assert id == to_string(activity_one.id) + end end describe "notifications" do @@ -652,6 +688,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do {:ok, activity} = ActivityPub.follow(other_user, user) + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + conn = build_conn() |> assign(:user, user) @@ -667,6 +708,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do {:ok, activity} = ActivityPub.follow(other_user, user) + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + conn = build_conn() |> assign(:user, user) @@ -681,6 +727,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert User.following?(other_user, user) == true end + test "verify_credentials", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "private"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + test "/api/v1/follow_requests/:id/reject works" do user = insert(:user, %{info: %{"locked" => true}}) other_user = insert(:user) @@ -726,16 +784,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do filename: "an_image.jpg" } + desc = "Description of the image" + user = insert(:user) conn = conn |> assign(:user, user) - |> post("/api/v1/media", %{"file" => file}) + |> post("/api/v1/media", %{"file" => file, "description" => desc}) assert media = json_response(conn, 200) assert media["type"] == "image" + assert media["description"] == desc end test "hashtag timeline", %{conn: conn} do