1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Conversation.Participation
13 alias Pleroma.ScheduledActivity
14 alias Pleroma.Tests.ObanHelpers
16 alias Pleroma.Web.ActivityPub.ActivityPub
17 alias Pleroma.Web.CommonAPI
19 import Pleroma.Factory
21 setup do: clear_config([:instance, :federating])
22 setup do: clear_config([:instance, :allow_relay])
23 setup do: clear_config([:rich_media, :enabled])
24 setup do: clear_config([:mrf, :policies])
25 setup do: clear_config([:mrf_keyword, :reject])
27 describe "posting statuses" do
28 setup do: oauth_access(["write:statuses"])
30 test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
31 clear_config([:instance, :federating], true)
32 Config.get([:instance, :allow_relay], true)
36 |> put_req_header("content-type", "application/json")
37 |> post("api/v1/statuses", %{
38 "content_type" => "text/plain",
39 "source" => "Pleroma FE",
40 "status" => "Hello world",
41 "visibility" => "public"
43 |> json_response_and_validate_schema(200)
45 assert response["reblogs_count"] == 0
46 ObanHelpers.perform_all()
50 |> get("api/v1/statuses/#{response["id"]}", %{})
51 |> json_response_and_validate_schema(200)
53 assert response["reblogs_count"] == 0
56 test "posting a status", %{conn: conn} do
57 idempotency_key = "Pikachu rocks!"
61 |> put_req_header("content-type", "application/json")
62 |> put_req_header("idempotency-key", idempotency_key)
63 |> post("/api/v1/statuses", %{
65 "spoiler_text" => "2hu",
69 assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} =
70 json_response_and_validate_schema(conn_one, 200)
72 assert Activity.get_by_id(id)
76 |> put_req_header("content-type", "application/json")
77 |> put_req_header("idempotency-key", idempotency_key)
78 |> post("/api/v1/statuses", %{
80 "spoiler_text" => "2hu",
84 # Idempotency plug response means detection fail
85 assert %{"id" => second_id} = json_response(conn_two, 200)
86 assert id == second_id
90 |> put_req_header("content-type", "application/json")
91 |> post("/api/v1/statuses", %{
93 "spoiler_text" => "2hu",
94 "sensitive" => "False"
97 assert %{"id" => third_id} = json_response_and_validate_schema(conn_three, 200)
100 # An activity that will expire:
102 expires_in = 2 * 60 * 60
104 expires_at = DateTime.add(DateTime.utc_now(), expires_in)
108 |> put_req_header("content-type", "application/json")
109 |> post("api/v1/statuses", %{
110 "status" => "oolong",
111 "expires_in" => expires_in
114 assert %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200)
116 assert Activity.get_by_id(fourth_id)
119 worker: Pleroma.Workers.PurgeExpiredActivity,
120 args: %{activity_id: fourth_id},
121 scheduled_at: expires_at
125 test "it fails to create a status if `expires_in` is less or equal than an hour", %{
131 assert %{"error" => "Expiry date is too soon"} =
133 |> put_req_header("content-type", "application/json")
134 |> post("api/v1/statuses", %{
135 "status" => "oolong",
136 "expires_in" => expires_in
138 |> json_response_and_validate_schema(422)
143 assert %{"error" => "Expiry date is too soon"} =
145 |> put_req_header("content-type", "application/json")
146 |> post("api/v1/statuses", %{
147 "status" => "oolong",
148 "expires_in" => expires_in
150 |> json_response_and_validate_schema(422)
153 test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do
154 clear_config([:mrf_keyword, :reject], ["GNO"])
155 clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy])
157 assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} =
159 |> put_req_header("content-type", "application/json")
160 |> post("api/v1/statuses", %{"status" => "GNO/Linux"})
161 |> json_response_and_validate_schema(422)
164 test "posting an undefined status with an attachment", %{user: user, conn: conn} do
166 content_type: "image/jpeg",
167 path: Path.absname("test/fixtures/image.jpg"),
168 filename: "an_image.jpg"
171 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
175 |> put_req_header("content-type", "application/json")
176 |> post("/api/v1/statuses", %{
177 "media_ids" => [to_string(upload.id)]
180 assert json_response_and_validate_schema(conn, 200)
183 test "replying to a status", %{user: user, conn: conn} do
184 {:ok, replied_to} = CommonAPI.post(user, %{status: "cofe"})
188 |> put_req_header("content-type", "application/json")
189 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
191 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
193 activity = Activity.get_by_id(id)
195 assert activity.data["context"] == replied_to.data["context"]
196 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
199 test "replying to a direct message with visibility other than direct", %{
203 {:ok, replied_to} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"})
205 Enum.each(["public", "private", "unlisted"], fn visibility ->
208 |> put_req_header("content-type", "application/json")
209 |> post("/api/v1/statuses", %{
210 "status" => "@#{user.nickname} hey",
211 "in_reply_to_id" => replied_to.id,
212 "visibility" => visibility
215 assert json_response_and_validate_schema(conn, 422) == %{
216 "error" => "The message visibility must be direct"
221 test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
224 |> put_req_header("content-type", "application/json")
225 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
227 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200)
228 assert Activity.get_by_id(id)
231 test "posting a sensitive status", %{conn: conn} do
234 |> put_req_header("content-type", "application/json")
235 |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
237 assert %{"content" => "cofe", "id" => id, "sensitive" => true} =
238 json_response_and_validate_schema(conn, 200)
240 assert Activity.get_by_id(id)
243 test "posting a fake status", %{conn: conn} do
246 |> put_req_header("content-type", "application/json")
247 |> post("/api/v1/statuses", %{
249 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
252 real_status = json_response_and_validate_schema(real_conn, 200)
255 assert Object.get_by_ap_id(real_status["uri"])
259 |> Map.put("id", nil)
260 |> Map.put("url", nil)
261 |> Map.put("uri", nil)
262 |> Map.put("created_at", nil)
263 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
267 |> assign(:user, refresh_record(conn.assigns.user))
268 |> put_req_header("content-type", "application/json")
269 |> post("/api/v1/statuses", %{
271 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
275 fake_status = json_response_and_validate_schema(fake_conn, 200)
278 refute Object.get_by_ap_id(fake_status["uri"])
282 |> Map.put("id", nil)
283 |> Map.put("url", nil)
284 |> Map.put("uri", nil)
285 |> Map.put("created_at", nil)
286 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
288 assert real_status == fake_status
291 test "fake statuses' preview card is not cached", %{conn: conn} do
292 clear_config([:rich_media, :enabled], true)
297 url: "https://example.com/twitter-card"
299 %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/twitter_card.html")}
302 apply(HttpRequestMock, :request, [env])
307 |> put_req_header("content-type", "application/json")
308 |> post("/api/v1/statuses", %{
309 "status" => "https://example.com/ogp",
315 |> put_req_header("content-type", "application/json")
316 |> post("/api/v1/statuses", %{
317 "status" => "https://example.com/twitter-card",
321 assert %{"card" => %{"title" => "The Rock"}} = json_response_and_validate_schema(conn1, 200)
323 assert %{"card" => %{"title" => "Small Island Developing States Photo Submission"}} =
324 json_response_and_validate_schema(conn2, 200)
327 test "posting a status with OGP link preview", %{conn: conn} do
328 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
329 clear_config([:rich_media, :enabled], true)
333 |> put_req_header("content-type", "application/json")
334 |> post("/api/v1/statuses", %{
335 "status" => "https://example.com/ogp"
338 assert %{"id" => id, "card" => %{"title" => "The Rock"}} =
339 json_response_and_validate_schema(conn, 200)
341 assert Activity.get_by_id(id)
344 test "posting a direct status", %{conn: conn} do
345 user2 = insert(:user)
346 content = "direct cofe @#{user2.nickname}"
350 |> put_req_header("content-type", "application/json")
351 |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
353 assert %{"id" => id} = response = json_response_and_validate_schema(conn, 200)
354 assert response["visibility"] == "direct"
355 assert response["pleroma"]["direct_conversation_id"]
356 assert activity = Activity.get_by_id(id)
357 assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id]
358 assert activity.data["to"] == [user2.ap_id]
359 assert activity.data["cc"] == []
362 test "discloses application metadata when enabled" do
363 user = insert(:user, disclose_client: true)
364 %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user)
366 %Pleroma.Web.OAuth.Token{
367 app: %Pleroma.Web.OAuth.App{
368 client_name: app_name,
375 |> put_req_header("content-type", "application/json")
376 |> post("/api/v1/statuses", %{
377 "status" => "cofe is my copilot"
381 "content" => "cofe is my copilot"
382 } = json_response_and_validate_schema(result, 200)
384 activity = result.assigns.activity.id
388 |> get("api/v1/statuses/#{activity}")
391 "content" => "cofe is my copilot",
394 "website" => ^app_website
396 } = json_response_and_validate_schema(result, 200)
399 test "hides application metadata when disabled" do
400 user = insert(:user, disclose_client: false)
401 %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user)
405 |> put_req_header("content-type", "application/json")
406 |> post("/api/v1/statuses", %{
407 "status" => "club mate is my wingman"
410 assert %{"content" => "club mate is my wingman"} =
411 json_response_and_validate_schema(result, 200)
413 activity = result.assigns.activity.id
417 |> get("api/v1/statuses/#{activity}")
420 "content" => "club mate is my wingman",
422 } = json_response_and_validate_schema(result, 200)
426 describe "posting scheduled statuses" do
427 setup do: oauth_access(["write:statuses"])
429 test "creates a scheduled activity", %{conn: conn} do
431 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
432 |> NaiveDateTime.to_iso8601()
437 |> put_req_header("content-type", "application/json")
438 |> post("/api/v1/statuses", %{
439 "status" => "scheduled",
440 "scheduled_at" => scheduled_at
443 assert %{"scheduled_at" => expected_scheduled_at} =
444 json_response_and_validate_schema(conn, 200)
446 assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at)
447 assert [] == Repo.all(Activity)
450 test "with expiration" do
451 %{conn: conn} = oauth_access(["write:statuses", "read:statuses"])
454 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
455 |> NaiveDateTime.to_iso8601()
458 assert %{"id" => status_id, "params" => %{"expires_in" => 300}} =
460 |> put_req_header("content-type", "application/json")
461 |> post("/api/v1/statuses", %{
462 "status" => "scheduled",
463 "scheduled_at" => scheduled_at,
466 |> json_response_and_validate_schema(200)
468 assert %{"id" => ^status_id, "params" => %{"expires_in" => 300}} =
470 |> put_req_header("content-type", "application/json")
471 |> get("/api/v1/scheduled_statuses/#{status_id}")
472 |> json_response_and_validate_schema(200)
475 test "ignores nil values", %{conn: conn} do
478 |> put_req_header("content-type", "application/json")
479 |> post("/api/v1/statuses", %{
480 "status" => "not scheduled",
481 "scheduled_at" => nil
484 assert result = json_response_and_validate_schema(conn, 200)
485 assert Activity.get_by_id(result["id"])
488 test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
490 NaiveDateTime.utc_now()
491 |> NaiveDateTime.add(:timer.minutes(120), :millisecond)
492 |> NaiveDateTime.to_iso8601()
496 content_type: "image/jpeg",
497 path: Path.absname("test/fixtures/image.jpg"),
498 filename: "an_image.jpg"
501 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
505 |> put_req_header("content-type", "application/json")
506 |> post("/api/v1/statuses", %{
507 "media_ids" => [to_string(upload.id)],
508 "status" => "scheduled",
509 "scheduled_at" => scheduled_at
512 assert %{"media_attachments" => [media_attachment]} =
513 json_response_and_validate_schema(conn, 200)
515 assert %{"type" => "image"} = media_attachment
518 test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
521 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
522 |> NaiveDateTime.to_iso8601()
527 |> put_req_header("content-type", "application/json")
528 |> post("/api/v1/statuses", %{
529 "status" => "not scheduled",
530 "scheduled_at" => scheduled_at
533 assert %{"content" => "not scheduled"} = json_response_and_validate_schema(conn, 200)
534 assert [] == Repo.all(ScheduledActivity)
537 test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
539 NaiveDateTime.utc_now()
540 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
541 |> NaiveDateTime.to_iso8601()
545 attrs = %{params: %{}, scheduled_at: today}
546 {:ok, _} = ScheduledActivity.create(user, attrs)
547 {:ok, _} = ScheduledActivity.create(user, attrs)
551 |> put_req_header("content-type", "application/json")
552 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
554 assert %{"error" => "daily limit exceeded"} == json_response_and_validate_schema(conn, 422)
557 test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
559 NaiveDateTime.utc_now()
560 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
561 |> NaiveDateTime.to_iso8601()
565 NaiveDateTime.utc_now()
566 |> NaiveDateTime.add(:timer.hours(36), :millisecond)
567 |> NaiveDateTime.to_iso8601()
570 attrs = %{params: %{}, scheduled_at: today}
571 {:ok, _} = ScheduledActivity.create(user, attrs)
572 {:ok, _} = ScheduledActivity.create(user, attrs)
573 {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
577 |> put_req_header("content-type", "application/json")
578 |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
580 assert %{"error" => "total limit exceeded"} == json_response_and_validate_schema(conn, 422)
584 describe "posting polls" do
585 setup do: oauth_access(["write:statuses"])
587 test "posting a poll", %{conn: conn} do
588 time = NaiveDateTime.utc_now()
592 |> put_req_header("content-type", "application/json")
593 |> post("/api/v1/statuses", %{
594 "status" => "Who is the #bestgrill?",
596 "options" => ["Rei", "Asuka", "Misato"],
601 response = json_response_and_validate_schema(conn, 200)
603 assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
604 title in ["Rei", "Asuka", "Misato"]
607 assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
608 assert response["poll"]["expired"] == false
610 question = Object.get_by_id(response["poll"]["id"])
612 # closed contains utc timezone
613 assert question.data["closed"] =~ "Z"
616 test "option limit is enforced", %{conn: conn} do
617 limit = Config.get([:instance, :poll_limits, :max_options])
621 |> put_req_header("content-type", "application/json")
622 |> post("/api/v1/statuses", %{
624 "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
627 %{"error" => error} = json_response_and_validate_schema(conn, 422)
628 assert error == "Poll can't contain more than #{limit} options"
631 test "option character limit is enforced", %{conn: conn} do
632 limit = Config.get([:instance, :poll_limits, :max_option_chars])
636 |> put_req_header("content-type", "application/json")
637 |> post("/api/v1/statuses", %{
640 "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
645 %{"error" => error} = json_response_and_validate_schema(conn, 422)
646 assert error == "Poll options cannot be longer than #{limit} characters each"
649 test "minimal date limit is enforced", %{conn: conn} do
650 limit = Config.get([:instance, :poll_limits, :min_expiration])
654 |> put_req_header("content-type", "application/json")
655 |> post("/api/v1/statuses", %{
656 "status" => "imagine arbitrary limits",
658 "options" => ["this post was made by pleroma gang"],
659 "expires_in" => limit - 1
663 %{"error" => error} = json_response_and_validate_schema(conn, 422)
664 assert error == "Expiration date is too soon"
667 test "maximum date limit is enforced", %{conn: conn} do
668 limit = Config.get([:instance, :poll_limits, :max_expiration])
672 |> put_req_header("content-type", "application/json")
673 |> post("/api/v1/statuses", %{
674 "status" => "imagine arbitrary limits",
676 "options" => ["this post was made by pleroma gang"],
677 "expires_in" => limit + 1
681 %{"error" => error} = json_response_and_validate_schema(conn, 422)
682 assert error == "Expiration date is too far in the future"
685 test "scheduled poll", %{conn: conn} do
686 clear_config([ScheduledActivity, :enabled], true)
689 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
690 |> NaiveDateTime.to_iso8601()
693 %{"id" => scheduled_id} =
695 |> put_req_header("content-type", "application/json")
696 |> post("/api/v1/statuses", %{
697 "status" => "very cool poll",
699 "options" => ~w(a b c),
702 "scheduled_at" => scheduled_at
704 |> json_response_and_validate_schema(200)
706 assert {:ok, %{id: activity_id}} =
707 perform_job(Pleroma.Workers.ScheduledActivityWorker, %{
708 activity_id: scheduled_id
711 assert Repo.all(Oban.Job) == []
715 |> Repo.get(activity_id)
716 |> Object.normalize()
718 assert object.data["content"] == "very cool poll"
719 assert object.data["type"] == "Question"
720 assert length(object.data["oneOf"]) == 3
724 test "get a status" do
725 %{conn: conn} = oauth_access(["read:statuses"])
726 activity = insert(:note_activity)
728 conn = get(conn, "/api/v1/statuses/#{activity.id}")
730 assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
731 assert id == to_string(activity.id)
734 defp local_and_remote_activities do
735 local = insert(:note_activity)
736 remote = insert(:note_activity, local: false)
737 {:ok, local: local, remote: remote}
740 describe "status with restrict unauthenticated activities for local and remote" do
741 setup do: local_and_remote_activities()
743 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
745 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
747 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
748 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
750 assert json_response_and_validate_schema(res_conn, :not_found) == %{
751 "error" => "Record not found"
754 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
756 assert json_response_and_validate_schema(res_conn, :not_found) == %{
757 "error" => "Record not found"
761 test "if user is authenticated", %{local: local, remote: remote} do
762 %{conn: conn} = oauth_access(["read"])
763 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
764 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
766 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
767 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
771 describe "status with restrict unauthenticated activities for local" do
772 setup do: local_and_remote_activities()
774 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
776 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
777 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
779 assert json_response_and_validate_schema(res_conn, :not_found) == %{
780 "error" => "Record not found"
783 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
784 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
787 test "if user is authenticated", %{local: local, remote: remote} do
788 %{conn: conn} = oauth_access(["read"])
789 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
790 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
792 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
793 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
797 describe "status with restrict unauthenticated activities for remote" do
798 setup do: local_and_remote_activities()
800 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
802 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
803 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
804 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
806 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
808 assert json_response_and_validate_schema(res_conn, :not_found) == %{
809 "error" => "Record not found"
813 test "if user is authenticated", %{local: local, remote: remote} do
814 %{conn: conn} = oauth_access(["read"])
815 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
816 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
818 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
819 assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200)
823 test "getting a status that doesn't exist returns 404" do
824 %{conn: conn} = oauth_access(["read:statuses"])
825 activity = insert(:note_activity)
827 conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}")
829 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
832 test "get a direct status" do
833 %{user: user, conn: conn} = oauth_access(["read:statuses"])
834 other_user = insert(:user)
837 CommonAPI.post(user, %{status: "@#{other_user.nickname}", visibility: "direct"})
841 |> assign(:user, user)
842 |> get("/api/v1/statuses/#{activity.id}")
844 [participation] = Participation.for_user(user)
846 res = json_response_and_validate_schema(conn, 200)
847 assert res["pleroma"]["direct_conversation_id"] == participation.id
850 test "get statuses by IDs" do
851 %{conn: conn} = oauth_access(["read:statuses"])
852 %{id: id1} = insert(:note_activity)
853 %{id: id2} = insert(:note_activity)
855 query_string = "ids[]=#{id1}&ids[]=#{id2}"
856 conn = get(conn, "/api/v1/statuses/?#{query_string}")
858 assert [%{"id" => ^id1}, %{"id" => ^id2}] =
859 Enum.sort_by(json_response_and_validate_schema(conn, :ok), & &1["id"])
862 describe "getting statuses by ids with restricted unauthenticated for local and remote" do
863 setup do: local_and_remote_activities()
865 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
867 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
869 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
870 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
872 assert json_response_and_validate_schema(res_conn, 200) == []
875 test "if user is authenticated", %{local: local, remote: remote} do
876 %{conn: conn} = oauth_access(["read"])
878 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
880 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
884 describe "getting statuses by ids with restricted unauthenticated for local" do
885 setup do: local_and_remote_activities()
887 setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
889 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
890 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
892 remote_id = remote.id
893 assert [%{"id" => ^remote_id}] = json_response_and_validate_schema(res_conn, 200)
896 test "if user is authenticated", %{local: local, remote: remote} do
897 %{conn: conn} = oauth_access(["read"])
899 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
901 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
905 describe "getting statuses by ids with restricted unauthenticated for remote" do
906 setup do: local_and_remote_activities()
908 setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
910 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
911 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
914 assert [%{"id" => ^local_id}] = json_response_and_validate_schema(res_conn, 200)
917 test "if user is authenticated", %{local: local, remote: remote} do
918 %{conn: conn} = oauth_access(["read"])
920 res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}")
922 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
926 describe "deleting a status" do
927 test "when you created it" do
928 %{user: author, conn: conn} = oauth_access(["write:statuses"])
929 activity = insert(:note_activity, user: author)
930 object = Object.normalize(activity, fetch: false)
932 content = object.data["content"]
933 source = object.data["source"]
937 |> assign(:user, author)
938 |> delete("/api/v1/statuses/#{activity.id}")
939 |> json_response_and_validate_schema(200)
941 assert match?(%{"content" => ^content, "text" => ^source}, result)
943 refute Activity.get_by_id(activity.id)
946 test "when it doesn't exist" do
947 %{user: author, conn: conn} = oauth_access(["write:statuses"])
948 activity = insert(:note_activity, user: author)
952 |> assign(:user, author)
953 |> delete("/api/v1/statuses/#{String.downcase(activity.id)}")
955 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
958 test "when you didn't create it" do
959 %{conn: conn} = oauth_access(["write:statuses"])
960 activity = insert(:note_activity)
962 conn = delete(conn, "/api/v1/statuses/#{activity.id}")
964 assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404)
966 assert Activity.get_by_id(activity.id) == activity
969 test "when you're an admin or moderator", %{conn: conn} do
970 activity1 = insert(:note_activity)
971 activity2 = insert(:note_activity)
972 admin = insert(:user, is_admin: true)
973 moderator = insert(:user, is_moderator: true)
977 |> assign(:user, admin)
978 |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
979 |> delete("/api/v1/statuses/#{activity1.id}")
981 assert %{} = json_response_and_validate_schema(res_conn, 200)
985 |> assign(:user, moderator)
986 |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
987 |> delete("/api/v1/statuses/#{activity2.id}")
989 assert %{} = json_response_and_validate_schema(res_conn, 200)
991 refute Activity.get_by_id(activity1.id)
992 refute Activity.get_by_id(activity2.id)
996 describe "reblogging" do
997 setup do: oauth_access(["write:statuses"])
999 test "reblogs and returns the reblogged status", %{conn: conn} do
1000 activity = insert(:note_activity)
1004 |> put_req_header("content-type", "application/json")
1005 |> post("/api/v1/statuses/#{activity.id}/reblog")
1008 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1010 } = json_response_and_validate_schema(conn, 200)
1012 assert to_string(activity.id) == id
1015 test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do
1016 activity = insert(:note_activity)
1020 |> put_req_header("content-type", "application/json")
1021 |> post("/api/v1/statuses/#{String.downcase(activity.id)}/reblog")
1023 assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
1026 test "reblogs privately and returns the reblogged status", %{conn: conn} do
1027 activity = insert(:note_activity)
1031 |> put_req_header("content-type", "application/json")
1033 "/api/v1/statuses/#{activity.id}/reblog",
1034 %{"visibility" => "private"}
1038 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1039 "reblogged" => true,
1040 "visibility" => "private"
1041 } = json_response_and_validate_schema(conn, 200)
1043 assert to_string(activity.id) == id
1046 test "reblogged status for another user" do
1047 activity = insert(:note_activity)
1048 user1 = insert(:user)
1049 user2 = insert(:user)
1050 user3 = insert(:user)
1051 {:ok, _} = CommonAPI.favorite(user2, activity.id)
1052 {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id)
1053 {:ok, reblog_activity1} = CommonAPI.repeat(activity.id, user1)
1054 {:ok, _} = CommonAPI.repeat(activity.id, user2)
1058 |> assign(:user, user3)
1059 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1060 |> get("/api/v1/statuses/#{reblog_activity1.id}")
1063 "reblog" => %{"id" => _id, "reblogged" => false, "reblogs_count" => 2},
1064 "reblogged" => false,
1065 "favourited" => false,
1066 "bookmarked" => false
1067 } = json_response_and_validate_schema(conn_res, 200)
1071 |> assign(:user, user2)
1072 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
1073 |> get("/api/v1/statuses/#{reblog_activity1.id}")
1076 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2},
1077 "reblogged" => true,
1078 "favourited" => true,
1079 "bookmarked" => true
1080 } = json_response_and_validate_schema(conn_res, 200)
1082 assert to_string(activity.id) == id
1085 test "author can reblog own private status", %{conn: conn, user: user} do
1086 {:ok, activity} = CommonAPI.post(user, %{status: "cofe", visibility: "private"})
1090 |> put_req_header("content-type", "application/json")
1091 |> post("/api/v1/statuses/#{activity.id}/reblog")
1094 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
1095 "reblogged" => true,
1096 "visibility" => "private"
1097 } = json_response_and_validate_schema(conn, 200)
1099 assert to_string(activity.id) == id
1103 describe "unreblogging" do
1104 setup do: oauth_access(["write:statuses"])
1106 test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
1107 activity = insert(:note_activity)
1109 {:ok, _} = CommonAPI.repeat(activity.id, user)
1113 |> put_req_header("content-type", "application/json")
1114 |> post("/api/v1/statuses/#{activity.id}/unreblog")
1116 assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} =
1117 json_response_and_validate_schema(conn, 200)
1119 assert to_string(activity.id) == id
1122 test "returns 404 error when activity does not exist", %{conn: conn} do
1125 |> put_req_header("content-type", "application/json")
1126 |> post("/api/v1/statuses/foo/unreblog")
1128 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1132 describe "favoriting" do
1133 setup do: oauth_access(["write:favourites"])
1135 test "favs a status and returns it", %{conn: conn} do
1136 activity = insert(:note_activity)
1140 |> put_req_header("content-type", "application/json")
1141 |> post("/api/v1/statuses/#{activity.id}/favourite")
1143 assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
1144 json_response_and_validate_schema(conn, 200)
1146 assert to_string(activity.id) == id
1149 test "favoriting twice will just return 200", %{conn: conn} do
1150 activity = insert(:note_activity)
1153 |> put_req_header("content-type", "application/json")
1154 |> post("/api/v1/statuses/#{activity.id}/favourite")
1157 |> put_req_header("content-type", "application/json")
1158 |> post("/api/v1/statuses/#{activity.id}/favourite")
1159 |> json_response_and_validate_schema(200)
1162 test "returns 404 error for a wrong id", %{conn: conn} do
1165 |> put_req_header("content-type", "application/json")
1166 |> post("/api/v1/statuses/1/favourite")
1168 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1172 describe "unfavoriting" do
1173 setup do: oauth_access(["write:favourites"])
1175 test "unfavorites a status and returns it", %{user: user, conn: conn} do
1176 activity = insert(:note_activity)
1178 {:ok, _} = CommonAPI.favorite(user, activity.id)
1182 |> put_req_header("content-type", "application/json")
1183 |> post("/api/v1/statuses/#{activity.id}/unfavourite")
1185 assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
1186 json_response_and_validate_schema(conn, 200)
1188 assert to_string(activity.id) == id
1191 test "returns 404 error for a wrong id", %{conn: conn} do
1194 |> put_req_header("content-type", "application/json")
1195 |> post("/api/v1/statuses/1/unfavourite")
1197 assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
1201 describe "pinned statuses" do
1202 setup do: oauth_access(["write:accounts"])
1204 setup %{user: user} do
1205 {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
1207 %{activity: activity}
1210 setup do: clear_config([:instance, :max_pinned_statuses], 1)
1212 test "pin status", %{conn: conn, user: user, activity: activity} do
1213 id_str = to_string(activity.id)
1215 assert %{"id" => ^id_str, "pinned" => true} =
1217 |> put_req_header("content-type", "application/json")
1218 |> post("/api/v1/statuses/#{activity.id}/pin")
1219 |> json_response_and_validate_schema(200)
1221 assert [%{"id" => ^id_str, "pinned" => true}] =
1223 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1224 |> json_response_and_validate_schema(200)
1227 test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
1228 {:ok, dm} = CommonAPI.post(user, %{status: "test", visibility: "direct"})
1232 |> put_req_header("content-type", "application/json")
1233 |> post("/api/v1/statuses/#{dm.id}/pin")
1235 assert json_response_and_validate_schema(conn, 400) == %{"error" => "Could not pin"}
1238 test "unpin status", %{conn: conn, user: user, activity: activity} do
1239 {:ok, _} = CommonAPI.pin(activity.id, user)
1240 user = refresh_record(user)
1242 id_str = to_string(activity.id)
1244 assert %{"id" => ^id_str, "pinned" => false} =
1246 |> assign(:user, user)
1247 |> post("/api/v1/statuses/#{activity.id}/unpin")
1248 |> json_response_and_validate_schema(200)
1252 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
1253 |> json_response_and_validate_schema(200)
1256 test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do
1259 |> put_req_header("content-type", "application/json")
1260 |> post("/api/v1/statuses/1/unpin")
1262 assert json_response_and_validate_schema(conn, 400) == %{"error" => "Could not unpin"}
1265 test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
1266 {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"})
1268 id_str_one = to_string(activity_one.id)
1270 assert %{"id" => ^id_str_one, "pinned" => true} =
1272 |> put_req_header("content-type", "application/json")
1273 |> post("/api/v1/statuses/#{id_str_one}/pin")
1274 |> json_response_and_validate_schema(200)
1276 user = refresh_record(user)
1278 assert %{"error" => "You have already pinned the maximum number of statuses"} =
1280 |> assign(:user, user)
1281 |> post("/api/v1/statuses/#{activity_two.id}/pin")
1282 |> json_response_and_validate_schema(400)
1285 test "on pin removes deletion job, on unpin reschedule deletion" do
1286 %{conn: conn} = oauth_access(["write:accounts", "write:statuses"])
1287 expires_in = 2 * 60 * 60
1289 expires_at = DateTime.add(DateTime.utc_now(), expires_in)
1291 assert %{"id" => id} =
1293 |> put_req_header("content-type", "application/json")
1294 |> post("api/v1/statuses", %{
1295 "status" => "oolong",
1296 "expires_in" => expires_in
1298 |> json_response_and_validate_schema(200)
1301 worker: Pleroma.Workers.PurgeExpiredActivity,
1302 args: %{activity_id: id},
1303 scheduled_at: expires_at
1306 assert %{"id" => ^id, "pinned" => true} =
1308 |> put_req_header("content-type", "application/json")
1309 |> post("/api/v1/statuses/#{id}/pin")
1310 |> json_response_and_validate_schema(200)
1313 worker: Pleroma.Workers.PurgeExpiredActivity,
1314 args: %{activity_id: id},
1315 scheduled_at: expires_at
1318 assert %{"id" => ^id, "pinned" => false} =
1320 |> put_req_header("content-type", "application/json")
1321 |> post("/api/v1/statuses/#{id}/unpin")
1322 |> json_response_and_validate_schema(200)
1325 worker: Pleroma.Workers.PurgeExpiredActivity,
1326 args: %{activity_id: id},
1327 scheduled_at: expires_at
1334 clear_config([:rich_media, :enabled], true)
1336 oauth_access(["read:statuses"])
1339 test "returns rich-media card", %{conn: conn, user: user} do
1340 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
1342 {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp"})
1345 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1346 "provider_name" => "example.com",
1347 "provider_url" => "https://example.com",
1348 "title" => "The Rock",
1350 "url" => "https://example.com/ogp",
1352 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
1355 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1356 "title" => "The Rock",
1357 "type" => "video.movie",
1358 "url" => "https://example.com/ogp",
1360 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer."
1367 |> get("/api/v1/statuses/#{activity.id}/card")
1368 |> json_response_and_validate_schema(200)
1370 assert response == card_data
1372 # works with private posts
1374 CommonAPI.post(user, %{status: "https://example.com/ogp", visibility: "direct"})
1378 |> get("/api/v1/statuses/#{activity.id}/card")
1379 |> json_response_and_validate_schema(200)
1381 assert response_two == card_data
1384 test "replaces missing description with an empty string", %{conn: conn, user: user} do
1385 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
1387 {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp-missing-data"})
1391 |> get("/api/v1/statuses/#{activity.id}/card")
1392 |> json_response_and_validate_schema(:ok)
1394 assert response == %{
1396 "title" => "Pleroma",
1397 "description" => "",
1399 "provider_name" => "example.com",
1400 "provider_url" => "https://example.com",
1401 "url" => "https://example.com/ogp-missing-data",
1404 "title" => "Pleroma",
1405 "type" => "website",
1406 "url" => "https://example.com/ogp-missing-data"
1414 bookmarks_uri = "/api/v1/bookmarks"
1416 %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
1417 author = insert(:user)
1419 {:ok, activity1} = CommonAPI.post(author, %{status: "heweoo?"})
1420 {:ok, activity2} = CommonAPI.post(author, %{status: "heweoo!"})
1424 |> put_req_header("content-type", "application/json")
1425 |> post("/api/v1/statuses/#{activity1.id}/bookmark")
1427 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == true
1431 |> put_req_header("content-type", "application/json")
1432 |> post("/api/v1/statuses/#{activity2.id}/bookmark")
1434 assert json_response_and_validate_schema(response2, 200)["bookmarked"] == true
1436 bookmarks = get(conn, bookmarks_uri)
1439 json_response_and_validate_schema(response2, 200),
1440 json_response_and_validate_schema(response1, 200)
1442 json_response_and_validate_schema(bookmarks, 200)
1446 |> put_req_header("content-type", "application/json")
1447 |> post("/api/v1/statuses/#{activity1.id}/unbookmark")
1449 assert json_response_and_validate_schema(response1, 200)["bookmarked"] == false
1451 bookmarks = get(conn, bookmarks_uri)
1453 assert [json_response_and_validate_schema(response2, 200)] ==
1454 json_response_and_validate_schema(bookmarks, 200)
1457 describe "conversation muting" do
1458 setup do: oauth_access(["write:mutes"])
1461 post_user = insert(:user)
1462 {:ok, activity} = CommonAPI.post(post_user, %{status: "HIE"})
1463 %{activity: activity}
1466 test "mute conversation", %{conn: conn, activity: activity} do
1467 id_str = to_string(activity.id)
1469 assert %{"id" => ^id_str, "muted" => true} =
1471 |> put_req_header("content-type", "application/json")
1472 |> post("/api/v1/statuses/#{activity.id}/mute")
1473 |> json_response_and_validate_schema(200)
1476 test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
1477 {:ok, _} = CommonAPI.add_mute(user, activity)
1481 |> put_req_header("content-type", "application/json")
1482 |> post("/api/v1/statuses/#{activity.id}/mute")
1484 assert json_response_and_validate_schema(conn, 400) == %{
1485 "error" => "conversation is already muted"
1489 test "unmute conversation", %{conn: conn, user: user, activity: activity} do
1490 {:ok, _} = CommonAPI.add_mute(user, activity)
1492 id_str = to_string(activity.id)
1494 assert %{"id" => ^id_str, "muted" => false} =
1496 # |> assign(:user, user)
1497 |> post("/api/v1/statuses/#{activity.id}/unmute")
1498 |> json_response_and_validate_schema(200)
1502 test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do
1503 user1 = insert(:user)
1504 user2 = insert(:user)
1505 user3 = insert(:user)
1507 {:ok, replied_to} = CommonAPI.post(user1, %{status: "cofe"})
1509 # Reply to status from another user
1512 |> assign(:user, user2)
1513 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
1514 |> put_req_header("content-type", "application/json")
1515 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
1517 assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn1, 200)
1519 activity = Activity.get_by_id_with_object(id)
1521 assert Object.normalize(activity, fetch: false).data["inReplyTo"] ==
1522 Object.normalize(replied_to, fetch: false).data["id"]
1524 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
1526 # Reblog from the third user
1529 |> assign(:user, user3)
1530 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
1531 |> put_req_header("content-type", "application/json")
1532 |> post("/api/v1/statuses/#{activity.id}/reblog")
1534 assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
1535 json_response_and_validate_schema(conn2, 200)
1537 assert to_string(activity.id) == id
1539 # Getting third user status
1542 |> assign(:user, user3)
1543 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1544 |> get("api/v1/timelines/home")
1546 [reblogged_activity] = json_response_and_validate_schema(conn3, 200)
1548 assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
1550 replied_to_user = User.get_by_ap_id(replied_to.data["actor"])
1551 assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id
1554 describe "GET /api/v1/statuses/:id/favourited_by" do
1555 setup do: oauth_access(["read:accounts"])
1557 setup %{user: user} do
1558 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1560 %{activity: activity}
1563 test "returns users who have favorited the status", %{conn: conn, activity: activity} do
1564 other_user = insert(:user)
1565 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1569 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1570 |> json_response_and_validate_schema(:ok)
1572 [%{"id" => id}] = response
1574 assert id == other_user.id
1577 test "returns empty array when status has not been favorited yet", %{
1583 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1584 |> json_response_and_validate_schema(:ok)
1586 assert Enum.empty?(response)
1589 test "does not return users who have favorited the status but are blocked", %{
1590 conn: %{assigns: %{user: user}} = conn,
1593 other_user = insert(:user)
1594 {:ok, _user_relationship} = User.block(user, other_user)
1596 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1600 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1601 |> json_response_and_validate_schema(:ok)
1603 assert Enum.empty?(response)
1606 test "does not fail on an unauthenticated request", %{activity: activity} do
1607 other_user = insert(:user)
1608 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1612 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1613 |> json_response_and_validate_schema(:ok)
1615 [%{"id" => id}] = response
1616 assert id == other_user.id
1619 test "requires authentication for private posts", %{user: user} do
1620 other_user = insert(:user)
1623 CommonAPI.post(user, %{
1624 status: "@#{other_user.nickname} wanna get some #cofe together?",
1625 visibility: "direct"
1628 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1630 favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
1633 |> get(favourited_by_url)
1634 |> json_response_and_validate_schema(404)
1638 |> assign(:user, other_user)
1639 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1642 |> assign(:token, nil)
1643 |> get(favourited_by_url)
1644 |> json_response_and_validate_schema(404)
1648 |> get(favourited_by_url)
1649 |> json_response_and_validate_schema(200)
1651 [%{"id" => id}] = response
1652 assert id == other_user.id
1655 test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do
1656 clear_config([:instance, :show_reactions], false)
1658 other_user = insert(:user)
1659 {:ok, _} = CommonAPI.favorite(other_user, activity.id)
1663 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1664 |> json_response_and_validate_schema(:ok)
1666 assert Enum.empty?(response)
1670 describe "GET /api/v1/statuses/:id/reblogged_by" do
1671 setup do: oauth_access(["read:accounts"])
1673 setup %{user: user} do
1674 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1676 %{activity: activity}
1679 test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
1680 other_user = insert(:user)
1681 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1685 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1686 |> json_response_and_validate_schema(:ok)
1688 [%{"id" => id}] = response
1690 assert id == other_user.id
1693 test "returns empty array when status has not been reblogged yet", %{
1699 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1700 |> json_response_and_validate_schema(:ok)
1702 assert Enum.empty?(response)
1705 test "does not return users who have reblogged the status but are blocked", %{
1706 conn: %{assigns: %{user: user}} = conn,
1709 other_user = insert(:user)
1710 {:ok, _user_relationship} = User.block(user, other_user)
1712 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1716 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1717 |> json_response_and_validate_schema(:ok)
1719 assert Enum.empty?(response)
1722 test "does not return users who have reblogged the status privately", %{
1725 other_user = insert(:user)
1726 {:ok, activity} = CommonAPI.post(other_user, %{status: "my secret post"})
1728 {:ok, _} = CommonAPI.repeat(activity.id, other_user, %{visibility: "private"})
1732 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1733 |> json_response_and_validate_schema(:ok)
1735 assert Enum.empty?(response)
1738 test "does not fail on an unauthenticated request", %{activity: activity} do
1739 other_user = insert(:user)
1740 {:ok, _} = CommonAPI.repeat(activity.id, other_user)
1744 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1745 |> json_response_and_validate_schema(:ok)
1747 [%{"id" => id}] = response
1748 assert id == other_user.id
1751 test "requires authentication for private posts", %{user: user} do
1752 other_user = insert(:user)
1755 CommonAPI.post(user, %{
1756 status: "@#{other_user.nickname} wanna get some #cofe together?",
1757 visibility: "direct"
1761 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1762 |> json_response_and_validate_schema(404)
1766 |> assign(:user, other_user)
1767 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1768 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1769 |> json_response_and_validate_schema(200)
1771 assert [] == response
1776 user = insert(:user)
1778 {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"})
1779 {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1})
1780 {:ok, %{id: id3}} = CommonAPI.post(user, %{status: "3", in_reply_to_status_id: id2})
1781 {:ok, %{id: id4}} = CommonAPI.post(user, %{status: "4", in_reply_to_status_id: id3})
1782 {:ok, %{id: id5}} = CommonAPI.post(user, %{status: "5", in_reply_to_status_id: id4})
1786 |> get("/api/v1/statuses/#{id3}/context")
1787 |> json_response_and_validate_schema(:ok)
1790 "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}],
1791 "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}]
1795 test "favorites paginate correctly" do
1796 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1797 other_user = insert(:user)
1798 {:ok, first_post} = CommonAPI.post(other_user, %{status: "bla"})
1799 {:ok, second_post} = CommonAPI.post(other_user, %{status: "bla"})
1800 {:ok, third_post} = CommonAPI.post(other_user, %{status: "bla"})
1802 {:ok, _first_favorite} = CommonAPI.favorite(user, third_post.id)
1803 {:ok, _second_favorite} = CommonAPI.favorite(user, first_post.id)
1804 {:ok, third_favorite} = CommonAPI.favorite(user, second_post.id)
1808 |> get("/api/v1/favourites?limit=1")
1810 assert [%{"id" => post_id}] = json_response_and_validate_schema(result, 200)
1811 assert post_id == second_post.id
1813 # Using the header for pagination works correctly
1814 [next, _] = get_resp_header(result, "link") |> hd() |> String.split(", ")
1815 [_, max_id] = Regex.run(~r/max_id=([^&]+)/, next)
1817 assert max_id == third_favorite.id
1821 |> get("/api/v1/favourites?max_id=#{max_id}")
1823 assert [%{"id" => first_post_id}, %{"id" => third_post_id}] =
1824 json_response_and_validate_schema(result, 200)
1826 assert first_post_id == first_post.id
1827 assert third_post_id == third_post.id
1830 test "returns the favorites of a user" do
1831 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1832 other_user = insert(:user)
1834 {:ok, _} = CommonAPI.post(other_user, %{status: "bla"})
1835 {:ok, activity} = CommonAPI.post(other_user, %{status: "trees are happy"})
1837 {:ok, last_like} = CommonAPI.favorite(user, activity.id)
1839 first_conn = get(conn, "/api/v1/favourites")
1841 assert [status] = json_response_and_validate_schema(first_conn, 200)
1842 assert status["id"] == to_string(activity.id)
1844 assert [{"link", _link_header}] =
1845 Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end)
1847 # Honours query params
1848 {:ok, second_activity} =
1849 CommonAPI.post(other_user, %{
1850 status: "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful."
1853 {:ok, _} = CommonAPI.favorite(user, second_activity.id)
1855 second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like.id}")
1857 assert [second_status] = json_response_and_validate_schema(second_conn, 200)
1858 assert second_status["id"] == to_string(second_activity.id)
1860 third_conn = get(conn, "/api/v1/favourites?limit=0")
1862 assert [] = json_response_and_validate_schema(third_conn, 200)
1865 test "expires_at is nil for another user" do
1866 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1867 expires_at = DateTime.add(DateTime.utc_now(), 1_000_000)
1868 {:ok, activity} = CommonAPI.post(user, %{status: "foobar", expires_in: 1_000_000})
1870 assert %{"pleroma" => %{"expires_at" => a_expires_at}} =
1872 |> get("/api/v1/statuses/#{activity.id}")
1873 |> json_response_and_validate_schema(:ok)
1875 {:ok, a_expires_at, 0} = DateTime.from_iso8601(a_expires_at)
1876 assert DateTime.diff(expires_at, a_expires_at) == 0
1878 %{conn: conn} = oauth_access(["read:statuses"])
1880 assert %{"pleroma" => %{"expires_at" => nil}} =
1882 |> get("/api/v1/statuses/#{activity.id}")
1883 |> json_response_and_validate_schema(:ok)
1886 test "posting a local only status" do
1887 %{user: _user, conn: conn} = oauth_access(["write:statuses"])
1891 |> put_req_header("content-type", "application/json")
1892 |> post("/api/v1/statuses", %{
1894 "visibility" => "local"
1897 local = Pleroma.Constants.as_local_public()
1899 assert %{"content" => "cofe", "id" => id, "visibility" => "local"} =
1900 json_response_and_validate_schema(conn_one, 200)
1902 assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id)
1905 describe "muted reactions" do
1907 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1909 other_user = insert(:user)
1910 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1912 {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
1913 User.mute(user, other_user)
1917 |> get("/api/v1/statuses/?ids[]=#{activity.id}")
1918 |> json_response_and_validate_schema(200)
1923 "emoji_reactions" => []
1930 |> get("/api/v1/statuses/?ids[]=#{activity.id}&with_muted=true")
1931 |> json_response_and_validate_schema(200)
1936 "emoji_reactions" => [%{"count" => 1, "me" => false, "name" => "🎅"}]
1943 # %{conn: conn, user: user, token: token} = oauth_access(["read:statuses"])
1944 %{conn: conn, user: user, token: _token} = oauth_access(["read:statuses"])
1946 other_user = insert(:user)
1947 {:ok, activity} = CommonAPI.post(user, %{status: "test"})
1949 {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
1950 User.mute(user, other_user)
1954 |> get("/api/v1/statuses/#{activity.id}")
1955 |> json_response_and_validate_schema(200)
1959 "emoji_reactions" => []
1965 |> get("/api/v1/statuses/#{activity.id}?with_muted=true")
1966 |> json_response_and_validate_schema(200)
1970 "emoji_reactions" => [%{"count" => 1, "me" => false, "name" => "🎅"}]