X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Ftwitter_api%2Ftwitter_api_controller_test.exs;h=9a9630c191a25c8cc81b1eb5d3d14cfa4ab89bd0;hb=6c0e07b8bdc85f757e2d1e6993e64f2e1540deb6;hp=4119d1dd8142b03ffe996f3c072b67b66e27bba9;hpb=b0adea30b38713e70039475acdd3defbef57171a;p=akkoma
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 4119d1dd8..9a9630c19 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -1,31 +1,43 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
defmodule Pleroma.Web.TwitterAPI.ControllerTest do
use Pleroma.Web.ConnCase
- alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
- alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
- alias Pleroma.{Repo, Activity, User, Object, Notification}
+ alias Comeonin.Pbkdf2
+ alias Ecto.Changeset
+ alias Pleroma.Activity
+ alias Pleroma.Builders.ActivityBuilder
+ alias Pleroma.Builders.UserBuilder
+ alias Pleroma.Notification
+ alias Pleroma.Object
+ alias Pleroma.Repo
+ alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
- alias Pleroma.Web.TwitterAPI.UserView
- alias Pleroma.Web.TwitterAPI.NotificationView
alias Pleroma.Web.CommonAPI
+ alias Pleroma.Web.OAuth.Token
+ alias Pleroma.Web.TwitterAPI.ActivityView
+ alias Pleroma.Web.TwitterAPI.Controller
+ alias Pleroma.Web.TwitterAPI.NotificationView
alias Pleroma.Web.TwitterAPI.TwitterAPI
- alias Comeonin.Pbkdf2
+ alias Pleroma.Web.TwitterAPI.UserView
+ import Mock
import Pleroma.Factory
+ import Swoosh.TestAssertions
+
+ @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
describe "POST /api/account/update_profile_banner" do
test "it updates the banner", %{conn: conn} do
user = insert(:user)
- new_banner =
- "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
-
- response =
- conn
- |> assign(:user, user)
- |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => new_banner})
- |> json_response(200)
+ conn
+ |> assign(:user, user)
+ |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
+ |> json_response(200)
- user = Repo.get(User, user.id)
+ user = refresh_record(user)
assert user.info.banner["type"] == "Image"
end
end
@@ -34,16 +46,12 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
test "it updates the background", %{conn: conn} do
user = insert(:user)
- new_bg =
- "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
-
- response =
- conn
- |> assign(:user, user)
- |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => new_bg})
- |> json_response(200)
+ conn
+ |> assign(:user, user)
+ |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
+ |> json_response(200)
- user = Repo.get(User, user.id)
+ user = refresh_record(user)
assert user.info.background["type"] == "Image"
end
end
@@ -57,13 +65,14 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
end
test "with credentials", %{conn: conn, user: user} do
- conn =
+ response =
conn
|> with_credentials(user.nickname, "test")
|> post("/api/account/verify_credentials.json")
+ |> json_response(200)
- assert response = json_response(conn, 200)
- assert response == UserView.render("show.json", %{user: user, token: response["token"]})
+ assert response ==
+ UserView.render("show.json", %{user: user, token: response["token"], for: user})
end
end
@@ -84,24 +93,41 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
"error" => "Client must provide a 'status' parameter with a value."
}
- conn = conn_with_creds |> post(request_path)
+ conn =
+ conn_with_creds
+ |> post(request_path)
+
assert json_response(conn, 400) == error_response
- conn = conn_with_creds |> post(request_path, %{status: ""})
+ conn =
+ conn_with_creds
+ |> post(request_path, %{status: ""})
+
assert json_response(conn, 400) == error_response
- conn = conn_with_creds |> post(request_path, %{status: " "})
+ conn =
+ conn_with_creds
+ |> post(request_path, %{status: " "})
+
assert json_response(conn, 400) == error_response
# we post with visibility private in order to avoid triggering relay
- conn = conn_with_creds |> post(request_path, %{status: "Nice meme.", visibility: "private"})
+ conn =
+ conn_with_creds
+ |> post(request_path, %{status: "Nice meme.", visibility: "private"})
assert json_response(conn, 200) ==
- ActivityRepresenter.to_map(Repo.one(Activity), %{user: user})
+ ActivityView.render("activity.json", %{
+ activity: Repo.one(Activity),
+ user: user,
+ for: user
+ })
end
end
describe "GET /statuses/public_timeline.json" do
+ setup [:valid_user]
+
test "returns statuses", %{conn: conn} do
user = insert(:user)
activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
@@ -117,7 +143,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert length(response) == 10
end
- test "returns 403 to unauthenticated request when the instance is not public" do
+ test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
instance =
Application.get_env(:pleroma, :instance)
|> Keyword.put(:public, false)
@@ -135,15 +161,59 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
Application.put_env(:pleroma, :instance, instance)
end
- test "returns 200 to unauthenticated request when the instance is public" do
+ test "returns 200 to authenticated request when the instance is not public",
+ %{conn: conn, user: user} do
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, false)
+
+ Application.put_env(:pleroma, :instance, instance)
+
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, true)
+
+ Application.put_env(:pleroma, :instance, instance)
+ end
+
+ test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
conn
|> get("/api/statuses/public_timeline.json")
|> json_response(200)
end
+
+ test "returns 200 to authenticated request when the instance is public",
+ %{conn: conn, user: user} do
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+ end
+
+ test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission",
+ Controller,
+ [:passthrough],
+ [] do
+ token = insert(:oauth_token, scopes: ["write"])
+
+ build_conn()
+ |> put_req_header("authorization", "Bearer #{token.token}")
+ |> get("/api/statuses/public_timeline.json")
+ |> json_response(200)
+
+ assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_))
+ end
end
describe "GET /statuses/public_and_external_timeline.json" do
- test "returns 403 to unauthenticated request when the instance is not public" do
+ setup [:valid_user]
+
+ test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
instance =
Application.get_env(:pleroma, :instance)
|> Keyword.put(:public, false)
@@ -161,8 +231,36 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
Application.put_env(:pleroma, :instance, instance)
end
- test "returns 200 to unauthenticated request when the instance is public" do
+ test "returns 200 to authenticated request when the instance is not public",
+ %{conn: conn, user: user} do
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, false)
+
+ Application.put_env(:pleroma, :instance, instance)
+
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> get("/api/statuses/public_and_external_timeline.json")
+ |> json_response(200)
+
+ instance =
+ Application.get_env(:pleroma, :instance)
+ |> Keyword.put(:public, true)
+
+ Application.put_env(:pleroma, :instance, instance)
+ end
+
+ test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
+ conn
+ |> get("/api/statuses/public_and_external_timeline.json")
+ |> json_response(200)
+ end
+
+ test "returns 200 to authenticated request when the instance is public",
+ %{conn: conn, user: user} do
conn
+ |> with_credentials(user.nickname, "test")
|> get("/api/statuses/public_and_external_timeline.json")
|> json_response(200)
end
@@ -180,7 +278,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
response = json_response(conn, 200)
- assert response == ActivityRepresenter.to_map(activity, %{user: actor})
+ assert response == ActivityView.render("activity.json", %{activity: activity, user: actor})
end
end
@@ -265,7 +363,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
since_id = List.last(activities).id
current_user =
- Ecto.Changeset.change(current_user, following: [User.ap_followers(user)])
+ Changeset.change(current_user, following: [User.ap_followers(user)])
|> Repo.update!()
conn =
@@ -279,7 +377,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert response ==
Enum.map(returned_activities, fn activity ->
- ActivityRepresenter.to_map(activity, %{
+ ActivityView.render("activity.json", %{
+ activity: activity,
user: User.get_cached_by_ap_id(activity.data["actor"]),
for: current_user
})
@@ -322,6 +421,33 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert status["id"] == direct_two.id
assert status_two["id"] == direct.id
end
+
+ test "doesn't include DMs from blocked users", %{conn: conn} do
+ blocker = insert(:user)
+ blocked = insert(:user)
+ user = insert(:user)
+ {:ok, blocker} = User.block(blocker, blocked)
+
+ {:ok, _blocked_direct} =
+ CommonAPI.post(blocked, %{
+ "status" => "Hi @#{blocker.nickname}!",
+ "visibility" => "direct"
+ })
+
+ {:ok, direct} =
+ CommonAPI.post(user, %{
+ "status" => "Hi @#{blocker.nickname}!",
+ "visibility" => "direct"
+ })
+
+ res_conn =
+ conn
+ |> assign(:user, blocker)
+ |> get("/api/statuses/dm_timeline.json")
+
+ [status] = json_response(res_conn, 200)
+ assert status["id"] == direct.id
+ end
end
describe "GET /statuses/mentions.json" do
@@ -334,7 +460,10 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
test "with credentials", %{conn: conn, user: current_user} do
{:ok, activity} =
- ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
+ CommonAPI.post(current_user, %{
+ "status" => "why is tenshi eating a corndog so cute?",
+ "visibility" => "public"
+ })
conn =
conn
@@ -346,11 +475,29 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert length(response) == 1
assert Enum.at(response, 0) ==
- ActivityRepresenter.to_map(activity, %{
+ ActivityView.render("activity.json", %{
user: current_user,
- mentioned: [current_user]
+ for: current_user,
+ activity: activity
})
end
+
+ test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do
+ {:ok, _activity} =
+ CommonAPI.post(current_user, %{
+ "status" => "Have you guys ever seen how cute tenshi eating a corndog is?",
+ "visibility" => "direct"
+ })
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> get("/api/statuses/mentions.json")
+
+ response = json_response(conn, 200)
+
+ assert Enum.empty?(response)
+ end
end
describe "GET /api/qvitter/statuses/notifications.json" do
@@ -453,7 +600,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with screen_name", %{conn: conn} do
@@ -463,7 +612,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with credentials", %{conn: conn, user: current_user} do
@@ -477,7 +628,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: current_user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{
+ user: current_user,
+ for: current_user,
+ activity: activity
+ })
end
test "with credentials with user_id", %{conn: conn, user: current_user} do
@@ -492,7 +649,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
test "with credentials screen_name", %{conn: conn, user: current_user} do
@@ -507,7 +666,41 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
response = json_response(conn, 200)
assert length(response) == 1
- assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
+ end
+
+ test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
+ user = insert(:user)
+ {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
+ {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> get("/api/statuses/user_timeline.json", %{
+ "user_id" => user.id,
+ "include_rts" => "false"
+ })
+
+ response = json_response(conn, 200)
+
+ assert length(response) == 1
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
+
+ conn =
+ conn
+ |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
+
+ response = json_response(conn, 200)
+
+ assert length(response) == 1
+
+ assert Enum.at(response, 0) ==
+ ActivityView.render("activity.json", %{user: user, activity: activity})
end
end
@@ -527,12 +720,29 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post("/api/friendships/create.json", %{user_id: followed.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert User.ap_followers(followed) in current_user.following
assert json_response(conn, 200) ==
UserView.render("show.json", %{user: followed, for: current_user})
end
+
+ test "for restricted account", %{conn: conn, user: current_user} do
+ followed = insert(:user, info: %User.Info{locked: true})
+
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/friendships/create.json", %{user_id: followed.id})
+
+ current_user = User.get_by_id(current_user.id)
+ followed = User.get_by_id(followed.id)
+
+ refute User.ap_followers(followed) in current_user.following
+
+ assert json_response(conn, 200) ==
+ UserView.render("show.json", %{user: followed, for: current_user})
+ end
end
describe "POST /friendships/destroy.json" do
@@ -555,7 +765,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post("/api/friendships/destroy.json", %{user_id: followed.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert current_user.following == [current_user.ap_id]
assert json_response(conn, 200) ==
@@ -579,7 +789,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post("/api/blocks/create.json", %{user_id: blocked.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert User.blocks?(current_user, blocked)
assert json_response(conn, 200) ==
@@ -606,7 +816,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post("/api/blocks/destroy.json", %{user_id: blocked.id})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert current_user.info.blocks == []
assert json_response(conn, 200) ==
@@ -637,7 +847,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
- current_user = Repo.get(User, current_user.id)
+ current_user = User.get_by_id(current_user.id)
assert is_map(current_user.avatar)
assert json_response(conn, 200) ==
@@ -654,14 +864,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
end
test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
- conn =
+ response =
conn
|> with_credentials(current_user.nickname, "test")
|> get("/api/qvitter/mutes.json")
+ |> json_response(200)
- current_user = Repo.get(User, current_user.id)
-
- assert [] = json_response(conn, 200)
+ assert [] = response
end
end
@@ -700,7 +909,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post("/api/favorites/create/1.json")
- assert json_response(conn, 500)
+ assert json_response(conn, 400)
end
end
@@ -746,11 +955,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post(request_path)
- activity = Repo.get(Activity, note_activity.id)
- activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
+ activity = Activity.get_by_id(note_activity.id)
+ activity_user = User.get_by_ap_id(note_activity.data["actor"])
assert json_response(response, 200) ==
- ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
+ ActivityView.render("activity.json", %{
+ user: activity_user,
+ for: current_user,
+ activity: activity
+ })
end
end
@@ -780,11 +993,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> with_credentials(current_user.nickname, "test")
|> post(request_path)
- activity = Repo.get(Activity, note_activity.id)
- activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
+ activity = Activity.get_by_id(note_activity.id)
+ activity_user = User.get_by_ap_id(note_activity.data["actor"])
assert json_response(response, 200) ==
- ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
+ ActivityView.render("activity.json", %{
+ user: activity_user,
+ for: current_user,
+ activity: activity
+ })
end
end
@@ -805,7 +1022,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
user = json_response(conn, 200)
- fetched_user = Repo.get_by(User, nickname: "lain")
+ fetched_user = User.get_by_nickname("lain")
assert user == UserView.render("show.json", %{user: fetched_user})
end
@@ -828,6 +1045,143 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
end
end
+ describe "POST /api/account/password_reset, with valid parameters" do
+ setup %{conn: conn} do
+ user = insert(:user)
+ conn = post(conn, "/api/account/password_reset?email=#{user.email}")
+ %{conn: conn, user: user}
+ end
+
+ test "it returns 204", %{conn: conn} do
+ assert json_response(conn, :no_content)
+ end
+
+ test "it creates a PasswordResetToken record for user", %{user: user} do
+ token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
+ assert token_record
+ end
+
+ test "it sends an email to user", %{user: user} do
+ token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
+
+ email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
+ notify_email = Pleroma.Config.get([:instance, :notify_email])
+ instance_name = Pleroma.Config.get([:instance, :name])
+
+ assert_email_sent(
+ from: {instance_name, notify_email},
+ to: {user.name, user.email},
+ html_body: email.html_body
+ )
+ end
+ end
+
+ describe "POST /api/account/password_reset, with invalid parameters" do
+ setup [:valid_user]
+
+ test "it returns 500 when user is not found", %{conn: conn, user: user} do
+ conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
+ assert json_response(conn, :internal_server_error)
+ end
+
+ test "it returns 500 when user is not local", %{conn: conn, user: user} do
+ {:ok, user} = Repo.update(Changeset.change(user, local: false))
+ conn = post(conn, "/api/account/password_reset?email=#{user.email}")
+ assert json_response(conn, :internal_server_error)
+ end
+ end
+
+ describe "GET /api/account/confirm_email/:id/:token" do
+ setup do
+ user = insert(:user)
+ info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+ {:ok, user} =
+ user
+ |> Changeset.change()
+ |> Changeset.put_embed(:info, info_change)
+ |> Repo.update()
+
+ assert user.info.confirmation_pending
+
+ [user: user]
+ end
+
+ test "it redirects to root url", %{conn: conn, user: user} do
+ conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
+
+ assert 302 == conn.status
+ end
+
+ test "it confirms the user account", %{conn: conn, user: user} do
+ get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
+
+ user = User.get_by_id(user.id)
+
+ refute user.info.confirmation_pending
+ refute user.info.confirmation_token
+ end
+
+ test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
+ conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
+
+ assert 500 == conn.status
+ end
+
+ test "it returns 500 if token is invalid", %{conn: conn, user: user} do
+ conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
+
+ assert 500 == conn.status
+ end
+ end
+
+ describe "POST /api/account/resend_confirmation_email" do
+ setup do
+ setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+ unless setting do
+ Pleroma.Config.put([:instance, :account_activation_required], true)
+ on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+ end
+
+ user = insert(:user)
+ info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+ {:ok, user} =
+ user
+ |> Changeset.change()
+ |> Changeset.put_embed(:info, info_change)
+ |> Repo.update()
+
+ assert user.info.confirmation_pending
+
+ [user: user]
+ end
+
+ test "it returns 204 No Content", %{conn: conn, user: user} do
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+ |> json_response(:no_content)
+ end
+
+ test "it sends confirmation email", %{conn: conn, user: user} do
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+
+ email = Pleroma.Emails.UserEmail.account_confirmation_email(user)
+ notify_email = Pleroma.Config.get([:instance, :notify_email])
+ instance_name = Pleroma.Config.get([:instance, :name])
+
+ assert_email_sent(
+ from: {instance_name, notify_email},
+ to: {user.name, user.email},
+ html_body: email.html_body
+ )
+ end
+ end
+
describe "GET /api/externalprofile/show" do
test "it returns the user", %{conn: conn} do
user = insert(:user)
@@ -862,6 +1216,31 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert Enum.sort(expected) == Enum.sort(result)
end
+ test "it returns 20 followers per page", %{conn: conn} do
+ user = insert(:user)
+ followers = insert_list(21, :user)
+
+ Enum.each(followers, fn follower ->
+ User.follow(follower, user)
+ end)
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/followers")
+
+ result = json_response(res_conn, 200)
+ assert length(result) == 20
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/followers?page=2")
+
+ result = json_response(res_conn, 200)
+ assert length(result) == 1
+ end
+
test "it returns a given user's followers with user_id", %{conn: conn} do
user = insert(:user)
follower_one = insert(:user)
@@ -887,33 +1266,35 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
)
end
- test "it returns empty for a hidden network", %{conn: conn} do
- user = insert(:user, %{info: %{hide_network: true}})
+ test "it returns empty when hide_followers is set to true", %{conn: conn} do
+ user = insert(:user, %{info: %{hide_followers: true}})
follower_one = insert(:user)
follower_two = insert(:user)
not_follower = insert(:user)
- {:ok, follower_one} = User.follow(follower_one, user)
- {:ok, follower_two} = User.follow(follower_two, user)
+ {:ok, _follower_one} = User.follow(follower_one, user)
+ {:ok, _follower_two} = User.follow(follower_two, user)
- conn =
+ response =
conn
|> assign(:user, not_follower)
|> get("/api/statuses/followers", %{"user_id" => user.id})
+ |> json_response(200)
- assert [] == json_response(conn, 200)
+ assert [] == response
end
- test "it returns the followers for a hidden network if requested by the user themselves", %{
- conn: conn
- } do
- user = insert(:user, %{info: %{hide_network: true}})
+ test "it returns the followers when hide_followers is set to true if requested by the user themselves",
+ %{
+ conn: conn
+ } do
+ user = insert(:user, %{info: %{hide_followers: true}})
follower_one = insert(:user)
follower_two = insert(:user)
- not_follower = insert(:user)
+ _not_follower = insert(:user)
- {:ok, follower_one} = User.follow(follower_one, user)
- {:ok, follower_two} = User.follow(follower_two, user)
+ {:ok, _follower_one} = User.follow(follower_one, user)
+ {:ok, _follower_two} = User.follow(follower_two, user)
conn =
conn
@@ -924,6 +1305,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
end
end
+ describe "GET /api/statuses/blocks" do
+ test "it returns the list of users blocked by requester", %{conn: conn} do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, user} = User.block(user, other_user)
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/blocks")
+
+ expected = UserView.render("index.json", %{users: [other_user], for: user})
+ result = json_response(conn, 200)
+ assert Enum.sort(expected) == Enum.sort(result)
+ end
+ end
+
describe "GET /api/statuses/friends" do
test "it returns the logged in user's friends", %{conn: conn} do
user = insert(:user)
@@ -944,6 +1343,40 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert Enum.sort(expected) == Enum.sort(result)
end
+ test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do
+ user = insert(:user)
+ followeds = insert_list(21, :user)
+
+ {:ok, user} =
+ Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
+ User.follow(user, followed)
+ end)
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/friends")
+
+ result = json_response(res_conn, 200)
+ assert length(result) == 20
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/friends", %{page: 2})
+
+ result = json_response(res_conn, 200)
+ assert length(result) == 1
+
+ res_conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/statuses/friends", %{all: true})
+
+ result = json_response(res_conn, 200)
+ assert length(result) == 21
+ end
+
test "it returns a given user's friends with user_id", %{conn: conn} do
user = insert(:user)
followed_one = insert(:user)
@@ -966,8 +1399,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
)
end
- test "it returns empty for a hidden network", %{conn: conn} do
- user = insert(:user, %{info: %{hide_network: true}})
+ test "it returns empty when hide_follows is set to true", %{conn: conn} do
+ user = insert(:user, %{info: %{hide_follows: true}})
followed_one = insert(:user)
followed_two = insert(:user)
not_followed = insert(:user)
@@ -983,23 +1416,25 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert [] == json_response(conn, 200)
end
- test "it returns friends for a hidden network if the user themselves request it", %{
- conn: conn
- } do
- user = insert(:user, %{info: %{hide_network: true}})
+ test "it returns friends when hide_follows is set to true if the user themselves request it",
+ %{
+ conn: conn
+ } do
+ user = insert(:user, %{info: %{hide_follows: true}})
followed_one = insert(:user)
followed_two = insert(:user)
- not_followed = insert(:user)
+ _not_followed = insert(:user)
- {:ok, user} = User.follow(user, followed_one)
- {:ok, user} = User.follow(user, followed_two)
+ {:ok, _user} = User.follow(user, followed_one)
+ {:ok, _user} = User.follow(user, followed_two)
- conn =
+ response =
conn
|> assign(:user, user)
|> get("/api/statuses/friends", %{"user_id" => user.id})
+ |> json_response(200)
- refute [] == json_response(conn, 200)
+ refute [] == response
end
test "it returns a given user's friends with screen_name", %{conn: conn} do
@@ -1066,34 +1501,82 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert user.name == "new name"
assert user.bio ==
- "hi @#{
- user2.nickname
- }"
+ "hi @#{user2.nickname}"
+
+ assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
+ end
+
+ test "it sets and un-sets hide_follows", %{conn: conn} do
+ user = insert(:user)
+
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/update_profile.json", %{
+ "hide_follows" => "true"
+ })
+
+ user = Repo.get!(User, user.id)
+ assert user.info.hide_follows == true
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/update_profile.json", %{
+ "hide_follows" => "false"
+ })
+
+ user = Repo.get!(User, user.id)
+ assert user.info.hide_follows == false
+ assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
+ end
+
+ test "it sets and un-sets hide_followers", %{conn: conn} do
+ user = insert(:user)
+
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/update_profile.json", %{
+ "hide_followers" => "true"
+ })
+
+ user = Repo.get!(User, user.id)
+ assert user.info.hide_followers == true
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> post("/api/account/update_profile.json", %{
+ "hide_followers" => "false"
+ })
+ user = Repo.get!(User, user.id)
+ assert user.info.hide_followers == false
assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
end
- test "it sets and un-sets hide_network", %{conn: conn} do
+ test "it sets and un-sets show_role", %{conn: conn} do
user = insert(:user)
conn
|> assign(:user, user)
|> post("/api/account/update_profile.json", %{
- "hide_network" => "true"
+ "show_role" => "true"
})
user = Repo.get!(User, user.id)
- assert user.info.hide_network == true
+ assert user.info.show_role == true
conn =
conn
|> assign(:user, user)
|> post("/api/account/update_profile.json", %{
- "hide_network" => "false"
+ "show_role" => "false"
})
user = Repo.get!(User, user.id)
- assert user.info.hide_network == false
+ assert user.info.show_role == false
assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
end
@@ -1259,7 +1742,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
})
assert json_response(conn, 200) == %{"status" => "success"}
- fetched_user = Repo.get(User, current_user.id)
+ fetched_user = User.get_by_id(current_user.id)
assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
end
end
@@ -1300,8 +1783,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
{:ok, _activity} = ActivityPub.follow(other_user, user)
- user = Repo.get(User, user.id)
- other_user = Repo.get(User, other_user.id)
+ user = User.get_by_id(user.id)
+ other_user = User.get_by_id(other_user.id)
assert User.following?(other_user, user) == false
@@ -1313,6 +1796,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert [relationship] = json_response(conn, 200)
assert other_user.id == relationship["id"]
end
+
+ test "requires 'read' permission", %{conn: conn} do
+ token1 = insert(:oauth_token, scopes: ["write"])
+ token2 = insert(:oauth_token, scopes: ["read"])
+
+ for token <- [token1, token2] do
+ conn =
+ conn
+ |> put_req_header("authorization", "Bearer #{token.token}")
+ |> get("/api/pleroma/friend_requests")
+
+ if token == token1 do
+ assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403)
+ else
+ assert json_response(conn, 200)
+ end
+ end
+ end
end
describe "POST /api/pleroma/friendships/approve" do
@@ -1322,15 +1823,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
{:ok, _activity} = ActivityPub.follow(other_user, user)
- user = Repo.get(User, user.id)
- other_user = Repo.get(User, other_user.id)
+ user = User.get_by_id(user.id)
+ other_user = User.get_by_id(other_user.id)
assert User.following?(other_user, user) == false
conn =
build_conn()
|> assign(:user, user)
- |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
+ |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
assert relationship = json_response(conn, 200)
assert other_user.id == relationship["id"]
@@ -1345,15 +1846,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
{:ok, _activity} = ActivityPub.follow(other_user, user)
- user = Repo.get(User, user.id)
- other_user = Repo.get(User, other_user.id)
+ user = User.get_by_id(user.id)
+ other_user = User.get_by_id(other_user.id)
assert User.following?(other_user, user) == false
conn =
build_conn()
|> assign(:user, user)
- |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
+ |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
assert relationship = json_response(conn, 200)
assert other_user.id == relationship["id"]
@@ -1364,16 +1865,16 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
describe "GET /api/pleroma/search_user" do
test "it returns users, ordered by similarity", %{conn: conn} do
user = insert(:user, %{name: "eal"})
- user_two = insert(:user, %{name: "ean"})
- user_three = insert(:user, %{name: "ebn"})
+ user_two = insert(:user, %{name: "eal me"})
+ _user_three = insert(:user, %{name: "zzz"})
resp =
conn
- |> get(twitter_api_search__path(conn, :search_user), query: "eal")
+ |> get(twitter_api_search__path(conn, :search_user), query: "eal me")
|> json_response(200)
- assert length(resp) == 3
- assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end)
+ assert length(resp) == 2
+ assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end)
end
end
@@ -1454,4 +1955,115 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert object.data["name"] == description
end
end
+
+ describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
+ test "it returns a list of pinned statuses", %{conn: conn} do
+ Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+
+ user = insert(:user, %{name: "egor"})
+ {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
+ {:ok, _} = CommonAPI.pin(activity_id, user)
+
+ resp =
+ conn
+ |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
+ |> json_response(200)
+
+ assert length(resp) == 1
+ assert [%{"id" => ^activity_id, "pinned" => true}] = resp
+ end
+ end
+
+ describe "POST /api/statuses/pin/:id" do
+ setup do
+ Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+ [user: insert(:user)]
+ end
+
+ test "without valid credentials", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials", %{conn: conn, user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
+
+ request_path = "/api/statuses/pin/#{activity.id}.json"
+
+ response =
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> post(request_path)
+
+ user = refresh_record(user)
+
+ assert json_response(response, 200) ==
+ ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
+ end
+ end
+
+ describe "POST /api/statuses/unpin/:id" do
+ setup do
+ Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+ [user: insert(:user)]
+ end
+
+ test "without valid credentials", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials", %{conn: conn, user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
+ {:ok, activity} = CommonAPI.pin(activity.id, user)
+
+ request_path = "/api/statuses/unpin/#{activity.id}.json"
+
+ response =
+ conn
+ |> with_credentials(user.nickname, "test")
+ |> post(request_path)
+
+ user = refresh_record(user)
+
+ assert json_response(response, 200) ==
+ ActivityView.render("activity.json", %{user: user, for: user, activity: activity})
+ end
+ end
+
+ describe "GET /api/oauth_tokens" do
+ setup do
+ token = insert(:oauth_token) |> Repo.preload(:user)
+
+ %{token: token}
+ end
+
+ test "renders list", %{token: token} do
+ response =
+ build_conn()
+ |> assign(:user, token.user)
+ |> get("/api/oauth_tokens")
+
+ keys =
+ json_response(response, 200)
+ |> hd()
+ |> Map.keys()
+
+ assert keys -- ["id", "app_name", "valid_until"] == []
+ end
+
+ test "revoke token", %{token: token} do
+ response =
+ build_conn()
+ |> assign(:user, token.user)
+ |> delete("/api/oauth_tokens/#{token.id}")
+
+ tokens = Token.get_user_tokens(token.user)
+
+ assert tokens == []
+ assert response.status == 201
+ end
+ end
end