1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Activity
11 alias Pleroma.ModerationLog
13 alias Pleroma.ReportNote
14 alias Pleroma.Web.CommonAPI
17 admin = insert(:user, is_admin: true)
18 token = insert(:oauth_admin_token, user: admin)
22 |> assign(:user, admin)
23 |> assign(:token, token)
25 {:ok, %{admin: admin, token: token, conn: conn}}
28 describe "GET /api/pleroma/admin/reports/:id" do
29 test "returns report by its id", %{conn: conn} do
30 [reporter, target_user] = insert_pair(:user)
31 activity = insert(:note_activity, user: target_user)
33 {:ok, %{id: report_id}} =
34 CommonAPI.report(reporter, %{
35 account_id: target_user.id,
36 comment: "I feel offended",
37 status_ids: [activity.id]
42 |> get("/api/pleroma/admin/reports/#{report_id}")
43 |> json_response_and_validate_schema(:ok)
45 assert response["id"] == report_id
48 test "returns 404 when report id is invalid", %{conn: conn} do
49 conn = get(conn, "/api/pleroma/admin/reports/test")
51 assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
55 describe "PATCH /api/pleroma/admin/reports" do
57 [reporter, target_user] = insert_pair(:user)
58 activity = insert(:note_activity, user: target_user)
60 {:ok, %{id: report_id}} =
61 CommonAPI.report(reporter, %{
62 account_id: target_user.id,
63 comment: "I feel offended",
64 status_ids: [activity.id]
67 {:ok, %{id: second_report_id}} =
68 CommonAPI.report(reporter, %{
69 account_id: target_user.id,
70 comment: "I feel very offended",
71 status_ids: [activity.id]
76 second_report_id: second_report_id
80 test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
81 read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
82 write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
86 |> assign(:token, read_token)
87 |> put_req_header("content-type", "application/json")
88 |> patch("/api/pleroma/admin/reports", %{
89 "reports" => [%{"state" => "resolved", "id" => id}]
91 |> json_response_and_validate_schema(403)
94 "error" => "Insufficient permissions: admin:write:reports."
98 |> assign(:token, write_token)
99 |> put_req_header("content-type", "application/json")
100 |> patch("/api/pleroma/admin/reports", %{
101 "reports" => [%{"state" => "resolved", "id" => id}]
103 |> json_response_and_validate_schema(:no_content)
106 test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
108 |> put_req_header("content-type", "application/json")
109 |> patch("/api/pleroma/admin/reports", %{
111 %{"state" => "resolved", "id" => id}
114 |> json_response_and_validate_schema(:no_content)
116 activity = Activity.get_by_id(id)
117 assert activity.data["state"] == "resolved"
119 log_entry = Repo.one(ModerationLog)
121 assert ModerationLog.get_log_entry_message(log_entry) ==
122 "@#{admin.nickname} updated report ##{id} with 'resolved' state"
125 test "closes report", %{conn: conn, id: id, admin: admin} do
127 |> put_req_header("content-type", "application/json")
128 |> patch("/api/pleroma/admin/reports", %{
130 %{"state" => "closed", "id" => id}
133 |> json_response_and_validate_schema(:no_content)
135 activity = Activity.get_by_id(id)
136 assert activity.data["state"] == "closed"
138 log_entry = Repo.one(ModerationLog)
140 assert ModerationLog.get_log_entry_message(log_entry) ==
141 "@#{admin.nickname} updated report ##{id} with 'closed' state"
144 test "returns 400 when state is unknown", %{conn: conn, id: id} do
147 |> put_req_header("content-type", "application/json")
148 |> patch("/api/pleroma/admin/reports", %{
150 %{"state" => "test", "id" => id}
154 assert "Unsupported state" =
155 hd(json_response_and_validate_schema(conn, :bad_request))["error"]
158 test "returns 404 when report is not exist", %{conn: conn} do
161 |> put_req_header("content-type", "application/json")
162 |> patch("/api/pleroma/admin/reports", %{
164 %{"state" => "closed", "id" => "test"}
168 assert hd(json_response_and_validate_schema(conn, :bad_request))["error"] == "not_found"
171 test "updates state of multiple reports", %{
175 second_report_id: second_report_id
178 |> put_req_header("content-type", "application/json")
179 |> patch("/api/pleroma/admin/reports", %{
181 %{"state" => "resolved", "id" => id},
182 %{"state" => "closed", "id" => second_report_id}
185 |> json_response_and_validate_schema(:no_content)
187 activity = Activity.get_by_id(id)
188 second_activity = Activity.get_by_id(second_report_id)
189 assert activity.data["state"] == "resolved"
190 assert second_activity.data["state"] == "closed"
192 [first_log_entry, second_log_entry] = Repo.all(ModerationLog)
194 assert ModerationLog.get_log_entry_message(first_log_entry) ==
195 "@#{admin.nickname} updated report ##{id} with 'resolved' state"
197 assert ModerationLog.get_log_entry_message(second_log_entry) ==
198 "@#{admin.nickname} updated report ##{second_report_id} with 'closed' state"
202 describe "GET /api/pleroma/admin/reports" do
203 test "returns empty response when no reports created", %{conn: conn} do
206 |> get(report_path(conn, :index))
207 |> json_response_and_validate_schema(:ok)
209 assert Enum.empty?(response["reports"])
210 assert response["total"] == 0
213 test "returns reports", %{conn: conn} do
214 [reporter, target_user] = insert_pair(:user)
215 activity = insert(:note_activity, user: target_user)
217 {:ok, %{id: report_id}} =
218 CommonAPI.report(reporter, %{
219 account_id: target_user.id,
220 comment: "I feel offended",
221 status_ids: [activity.id]
226 |> get(report_path(conn, :index))
227 |> json_response_and_validate_schema(:ok)
229 [report] = response["reports"]
231 assert length(response["reports"]) == 1
232 assert report["id"] == report_id
234 assert response["total"] == 1
237 test "returns reports with specified state", %{conn: conn} do
238 [reporter, target_user] = insert_pair(:user)
239 activity = insert(:note_activity, user: target_user)
241 {:ok, %{id: first_report_id}} =
242 CommonAPI.report(reporter, %{
243 account_id: target_user.id,
244 comment: "I feel offended",
245 status_ids: [activity.id]
248 {:ok, %{id: second_report_id}} =
249 CommonAPI.report(reporter, %{
250 account_id: target_user.id,
251 comment: "I don't like this user"
254 CommonAPI.update_report_state(second_report_id, "closed")
258 |> get(report_path(conn, :index, %{state: "open"}))
259 |> json_response_and_validate_schema(:ok)
261 assert [open_report] = response["reports"]
263 assert length(response["reports"]) == 1
264 assert open_report["id"] == first_report_id
266 assert response["total"] == 1
270 |> get(report_path(conn, :index, %{state: "closed"}))
271 |> json_response_and_validate_schema(:ok)
273 assert [closed_report] = response["reports"]
275 assert length(response["reports"]) == 1
276 assert closed_report["id"] == second_report_id
278 assert response["total"] == 1
280 assert %{"total" => 0, "reports" => []} ==
282 |> get(report_path(conn, :index, %{state: "resolved"}))
283 |> json_response_and_validate_schema(:ok)
286 test "returns 403 when requested by a non-admin" do
288 token = insert(:oauth_token, user: user)
292 |> assign(:user, user)
293 |> assign(:token, token)
294 |> get("/api/pleroma/admin/reports")
296 assert json_response(conn, :forbidden) ==
297 %{"error" => "User is not an admin."}
300 test "returns 403 when requested by anonymous" do
301 conn = get(build_conn(), "/api/pleroma/admin/reports")
303 assert json_response(conn, :forbidden) == %{
304 "error" => "Invalid credentials."
309 describe "POST /api/pleroma/admin/reports/:id/notes" do
310 setup %{conn: conn, admin: admin} do
311 [reporter, target_user] = insert_pair(:user)
312 activity = insert(:note_activity, user: target_user)
314 {:ok, %{id: report_id}} =
315 CommonAPI.report(reporter, %{
316 account_id: target_user.id,
317 comment: "I feel offended",
318 status_ids: [activity.id]
322 |> put_req_header("content-type", "application/json")
323 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
324 content: "this is disgusting!"
328 |> put_req_header("content-type", "application/json")
329 |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
330 content: "this is disgusting2!"
339 test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
340 assert [note, _] = Repo.all(ReportNote)
343 activity_id: ^report_id,
344 content: "this is disgusting!",
349 test "it returns reports with notes", %{conn: conn, admin: admin} do
350 conn = get(conn, "/api/pleroma/admin/reports")
352 response = json_response_and_validate_schema(conn, 200)
353 notes = hd(response["reports"])["notes"]
356 assert note["user"]["nickname"] == admin.nickname
357 assert note["content"] == "this is disgusting!"
358 assert note["created_at"]
359 assert response["total"] == 1
362 test "it deletes the note", %{conn: conn, report_id: report_id} do
363 assert ReportNote |> Repo.all() |> length() == 2
364 assert [note, _] = Repo.all(ReportNote)
366 delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
368 assert ReportNote |> Repo.all() |> length() == 1