git.squeep.com Git - akkoma/blob - test/pleroma/web/mastodon_api/update_credentials_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
   6   alias Pleroma.Repo
   7   alias Pleroma.User
   8
   9   use Pleroma.Web.ConnCase
  10
  11   import Mock
  12   import Pleroma.Factory
  13
  14   describe "updating credentials" do
  15     setup do: oauth_access(["write:accounts"])
  16     setup :request_content_type
  17
  18     test "sets user settings in a generic way", %{conn: conn} do
  19       res_conn =
  20         patch(conn, "/api/v1/accounts/update_credentials", %{
  21           "pleroma_settings_store" => %{
  22             pleroma_fe: %{
  23               theme: "bla"
  24             }
  25           }
  26         })
  27
  28       assert user_data = json_response_and_validate_schema(res_conn, 200)
  29       assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
  30
  31       user = Repo.get(User, user_data["id"])
  32
  33       res_conn =
  34         conn
  35         |> assign(:user, user)
  36         |> patch("/api/v1/accounts/update_credentials", %{
  37           "pleroma_settings_store" => %{
  38             masto_fe: %{
  39               theme: "bla"
  40             }
  41           }
  42         })
  43
  44       assert user_data = json_response_and_validate_schema(res_conn, 200)
  45
  46       assert user_data["pleroma"]["settings_store"] ==
  47                %{
  48                  "pleroma_fe" => %{"theme" => "bla"},
  49                  "masto_fe" => %{"theme" => "bla"}
  50                }
  51
  52       user = Repo.get(User, user_data["id"])
  53
  54       clear_config([:instance, :federating], true)
  55
  56       with_mock Pleroma.Web.Federator,
  57         publish: fn _activity -> :ok end do
  58         res_conn =
  59           conn
  60           |> assign(:user, user)
  61           |> patch("/api/v1/accounts/update_credentials", %{
  62             "pleroma_settings_store" => %{
  63               masto_fe: %{
  64                 theme: "blub"
  65               }
  66             }
  67           })
  68
  69         assert user_data = json_response_and_validate_schema(res_conn, 200)
  70
  71         assert user_data["pleroma"]["settings_store"] ==
  72                  %{
  73                    "pleroma_fe" => %{"theme" => "bla"},
  74                    "masto_fe" => %{"theme" => "blub"}
  75                  }
  76
  77         assert_called(Pleroma.Web.Federator.publish(:_))
  78       end
  79     end
  80
  81     test "updates the user's bio", %{conn: conn} do
  82       user2 = insert(:user)
  83
  84       raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
  85
  86       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
  87
  88       assert user_data = json_response_and_validate_schema(conn, 200)
  89
  90       assert user_data["note"] ==
  91                ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{user2.id}" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
  92
  93       assert user_data["source"]["note"] == raw_bio
  94
  95       user = Repo.get(User, user_data["id"])
  96
  97       assert user.raw_bio == raw_bio
  98     end
  99
 100     test "updates the user's locking status", %{conn: conn} do
 101       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
 102
 103       assert user_data = json_response_and_validate_schema(conn, 200)
 104       assert user_data["locked"] == true
 105     end
 106
 107     test "updates the user's allow_following_move", %{user: user, conn: conn} do
 108       assert user.allow_following_move == true
 109
 110       conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
 111
 112       assert refresh_record(user).allow_following_move == false
 113       assert user_data = json_response_and_validate_schema(conn, 200)
 114       assert user_data["pleroma"]["allow_following_move"] == false
 115     end
 116
 117     test "updates the user's default scope", %{conn: conn} do
 118       conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
 119
 120       assert user_data = json_response_and_validate_schema(conn, 200)
 121       assert user_data["source"]["privacy"] == "unlisted"
 122     end
 123
 124     test "updates the user's privacy", %{conn: conn} do
 125       conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
 126
 127       assert user_data = json_response_and_validate_schema(conn, 200)
 128       assert user_data["source"]["privacy"] == "unlisted"
 129     end
 130
 131     test "updates the user's hide_followers status", %{conn: conn} do
 132       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
 133
 134       assert user_data = json_response_and_validate_schema(conn, 200)
 135       assert user_data["pleroma"]["hide_followers"] == true
 136     end
 137
 138     test "updates the user's discoverable status", %{conn: conn} do
 139       assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
 140                conn
 141                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
 142                |> json_response_and_validate_schema(:ok)
 143
 144       assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
 145                conn
 146                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
 147                |> json_response_and_validate_schema(:ok)
 148     end
 149
 150     test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
 151       conn =
 152         patch(conn, "/api/v1/accounts/update_credentials", %{
 153           hide_followers_count: "true",
 154           hide_follows_count: "true"
 155         })
 156
 157       assert user_data = json_response_and_validate_schema(conn, 200)
 158       assert user_data["pleroma"]["hide_followers_count"] == true
 159       assert user_data["pleroma"]["hide_follows_count"] == true
 160     end
 161
 162     test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
 163       response =
 164         conn
 165         |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
 166         |> json_response_and_validate_schema(200)
 167
 168       assert response["pleroma"]["skip_thread_containment"] == true
 169       assert refresh_record(user).skip_thread_containment
 170     end
 171
 172     test "updates the user's hide_follows status", %{conn: conn} do
 173       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
 174
 175       assert user_data = json_response_and_validate_schema(conn, 200)
 176       assert user_data["pleroma"]["hide_follows"] == true
 177     end
 178
 179     test "updates the user's hide_favorites status", %{conn: conn} do
 180       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
 181
 182       assert user_data = json_response_and_validate_schema(conn, 200)
 183       assert user_data["pleroma"]["hide_favorites"] == true
 184     end
 185
 186     test "updates the user's show_role status", %{conn: conn} do
 187       conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
 188
 189       assert user_data = json_response_and_validate_schema(conn, 200)
 190       assert user_data["source"]["pleroma"]["show_role"] == false
 191     end
 192
 193     test "updates the user's no_rich_text status", %{conn: conn} do
 194       conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
 195
 196       assert user_data = json_response_and_validate_schema(conn, 200)
 197       assert user_data["source"]["pleroma"]["no_rich_text"] == true
 198     end
 199
 200     test "updates the user's name", %{conn: conn} do
 201       conn =
 202         patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
 203
 204       assert user_data = json_response_and_validate_schema(conn, 200)
 205       assert user_data["display_name"] == "markorepairs"
 206
 207       update_activity = Repo.one(Pleroma.Activity)
 208       assert update_activity.data["type"] == "Update"
 209       assert update_activity.data["object"]["name"] == "markorepairs"
 210     end
 211
 212     test "updates the user's default post expiry", %{conn: conn} do
 213       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "1"})
 214
 215       assert user_data = json_response_and_validate_schema(conn, 200)
 216       assert user_data["akkoma"]["status_ttl_days"] == 1
 217     end
 218
 219     test "resets the user's default post expiry", %{conn: conn} do
 220       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "-1"})
 221
 222       assert user_data = json_response_and_validate_schema(conn, 200)
 223       assert is_nil(user_data["akkoma"]["status_ttl_days"])
 224     end
 225
 226     test "does not allow negative integers other than -1 for TTL", %{conn: conn} do
 227       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "-2"})
 228
 229       assert user_data = json_response_and_validate_schema(conn, 403)
 230     end
 231
 232     test "updates the user's AKAs", %{conn: conn} do
 233       conn =
 234         patch(conn, "/api/v1/accounts/update_credentials", %{
 235           "also_known_as" => ["https://mushroom.kingdom/users/mario"]
 236         })
 237
 238       assert user_data = json_response_and_validate_schema(conn, 200)
 239       assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
 240     end
 241
 242     test "doesn't update non-url akas", %{conn: conn} do
 243       conn =
 244         patch(conn, "/api/v1/accounts/update_credentials", %{
 245           "also_known_as" => ["aReallyCoolGuy"]
 246         })
 247
 248       assert json_response_and_validate_schema(conn, 403)
 249     end
 250
 251     test "updates the user's avatar", %{user: user, conn: conn} do
 252       new_avatar = %Plug.Upload{
 253         content_type: "image/jpeg",
 254         path: Path.absname("test/fixtures/image.jpg"),
 255         filename: "an_image.jpg"
 256       }
 257
 258       assert user.avatar == %{}
 259
 260       res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
 261
 262       assert user_response = json_response_and_validate_schema(res, 200)
 263       assert user_response["avatar"] != User.avatar_url(user)
 264
 265       user = User.get_by_id(user.id)
 266       refute user.avatar == %{}
 267
 268       # Also resets it
 269       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
 270
 271       user = User.get_by_id(user.id)
 272       assert user.avatar == nil
 273     end
 274
 275     test "updates the user's banner", %{user: user, conn: conn} do
 276       new_header = %Plug.Upload{
 277         content_type: "image/jpeg",
 278         path: Path.absname("test/fixtures/image.jpg"),
 279         filename: "an_image.jpg"
 280       }
 281
 282       res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
 283
 284       assert user_response = json_response_and_validate_schema(res, 200)
 285       assert user_response["header"] != User.banner_url(user)
 286
 287       # Also resets it
 288       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
 289
 290       user = User.get_by_id(user.id)
 291       assert user.banner == nil
 292     end
 293
 294     test "updates the user's background", %{conn: conn, user: user} do
 295       new_header = %Plug.Upload{
 296         content_type: "image/jpeg",
 297         path: Path.absname("test/fixtures/image.jpg"),
 298         filename: "an_image.jpg"
 299       }
 300
 301       res =
 302         patch(conn, "/api/v1/accounts/update_credentials", %{
 303           "pleroma_background_image" => new_header
 304         })
 305
 306       assert user_response = json_response_and_validate_schema(res, 200)
 307       assert user_response["pleroma"]["background_image"]
 308       #
 309       # Also resets it
 310       _res =
 311         patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
 312
 313       user = User.get_by_id(user.id)
 314       assert user.background == nil
 315     end
 316
 317     test "requires 'write:accounts' permission" do
 318       token1 = insert(:oauth_token, scopes: ["read"])
 319       token2 = insert(:oauth_token, scopes: ["write", "follow"])
 320
 321       for token <- [token1, token2] do
 322         conn =
 323           build_conn()
 324           |> put_req_header("content-type", "multipart/form-data")
 325           |> put_req_header("authorization", "Bearer #{token.token}")
 326           |> patch("/api/v1/accounts/update_credentials", %{})
 327
 328         if token == token1 do
 329           assert %{"error" => "Insufficient permissions: write:accounts."} ==
 330                    json_response_and_validate_schema(conn, 403)
 331         else
 332           assert json_response_and_validate_schema(conn, 200)
 333         end
 334       end
 335     end
 336
 337     test "updates profile emojos", %{user: user, conn: conn} do
 338       note = "*sips :blank:*"
 339       name = "I am :firefox:"
 340
 341       ret_conn =
 342         patch(conn, "/api/v1/accounts/update_credentials", %{
 343           "note" => note,
 344           "display_name" => name
 345         })
 346
 347       assert json_response_and_validate_schema(ret_conn, 200)
 348
 349       conn = get(conn, "/api/v1/accounts/#{user.id}")
 350
 351       assert user_data = json_response_and_validate_schema(conn, 200)
 352
 353       assert user_data["note"] == note
 354       assert user_data["display_name"] == name
 355       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
 356     end
 357
 358     test "update fields", %{conn: conn} do
 359       fields = [
 360         %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
 361         %{"name" => "link.io", "value" => "cofe.io"}
 362       ]
 363
 364       account_data =
 365         conn
 366         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 367         |> json_response_and_validate_schema(200)
 368
 369       assert account_data["fields"] == [
 370                %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
 371                %{
 372                  "name" => "link.io",
 373                  "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
 374                }
 375              ]
 376
 377       assert account_data["source"]["fields"] == [
 378                %{
 379                  "name" => "<a href=\"http://google.com\">foo</a>",
 380                  "value" => "<script>bar</script>"
 381                },
 382                %{"name" => "link.io", "value" => "cofe.io"}
 383              ]
 384     end
 385
 386     test "emojis in fields labels", %{conn: conn} do
 387       fields = [
 388         %{"name" => ":firefox:", "value" => "is best 2hu"},
 389         %{"name" => "they wins", "value" => ":blank:"}
 390       ]
 391
 392       account_data =
 393         conn
 394         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 395         |> json_response_and_validate_schema(200)
 396
 397       assert account_data["fields"] == [
 398                %{"name" => ":firefox:", "value" => "is best 2hu"},
 399                %{"name" => "they wins", "value" => ":blank:"}
 400              ]
 401
 402       assert account_data["source"]["fields"] == [
 403                %{"name" => ":firefox:", "value" => "is best 2hu"},
 404                %{"name" => "they wins", "value" => ":blank:"}
 405              ]
 406
 407       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
 408     end
 409
 410     test "update fields via x-www-form-urlencoded", %{conn: conn} do
 411       fields =
 412         [
 413           "fields_attributes[1][name]=link",
 414           "fields_attributes[1][value]=http://cofe.io",
 415           "fields_attributes[0][name]=foo",
 416           "fields_attributes[0][value]=bar"
 417         ]
 418         |> Enum.join("&")
 419
 420       account =
 421         conn
 422         |> put_req_header("content-type", "application/x-www-form-urlencoded")
 423         |> patch("/api/v1/accounts/update_credentials", fields)
 424         |> json_response_and_validate_schema(200)
 425
 426       assert account["fields"] == [
 427                %{"name" => "foo", "value" => "bar"},
 428                %{
 429                  "name" => "link",
 430                  "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
 431                }
 432              ]
 433
 434       assert account["source"]["fields"] == [
 435                %{"name" => "foo", "value" => "bar"},
 436                %{"name" => "link", "value" => "http://cofe.io"}
 437              ]
 438     end
 439
 440     test "update fields with empty name", %{conn: conn} do
 441       fields = [
 442         %{"name" => "foo", "value" => ""},
 443         %{"name" => "", "value" => "bar"}
 444       ]
 445
 446       account =
 447         conn
 448         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 449         |> json_response_and_validate_schema(200)
 450
 451       assert account["fields"] == [
 452                %{"name" => "foo", "value" => ""}
 453              ]
 454     end
 455
 456     test "update fields when invalid request", %{conn: conn} do
 457       name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
 458       value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
 459
 460       long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
 461       long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
 462
 463       fields = [%{"name" => "foo", "value" => long_value}]
 464
 465       assert %{"error" => "Invalid request"} ==
 466                conn
 467                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 468                |> json_response_and_validate_schema(403)
 469
 470       fields = [%{"name" => long_name, "value" => "bar"}]
 471
 472       assert %{"error" => "Invalid request"} ==
 473                conn
 474                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 475                |> json_response_and_validate_schema(403)
 476
 477       clear_config([:instance, :max_account_fields], 1)
 478
 479       fields = [
 480         %{"name" => "foo", "value" => "bar"},
 481         %{"name" => "link", "value" => "cofe.io"}
 482       ]
 483
 484       assert %{"error" => "Invalid request"} ==
 485                conn
 486                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 487                |> json_response_and_validate_schema(403)
 488     end
 489   end
 490
 491   describe "Mark account as bot" do
 492     setup do: oauth_access(["write:accounts"])
 493     setup :request_content_type
 494
 495     test "changing actor_type to Service makes account a bot", %{conn: conn} do
 496       account =
 497         conn
 498         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
 499         |> json_response_and_validate_schema(200)
 500
 501       assert account["bot"]
 502       assert account["source"]["pleroma"]["actor_type"] == "Service"
 503     end
 504
 505     test "changing actor_type to Person makes account a human", %{conn: conn} do
 506       account =
 507         conn
 508         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
 509         |> json_response_and_validate_schema(200)
 510
 511       refute account["bot"]
 512       assert account["source"]["pleroma"]["actor_type"] == "Person"
 513     end
 514
 515     test "changing actor_type to Application causes error", %{conn: conn} do
 516       response =
 517         conn
 518         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
 519         |> json_response_and_validate_schema(403)
 520
 521       assert %{"error" => "Invalid request"} == response
 522     end
 523
 524     test "changing bot field to true changes actor_type to Service", %{conn: conn} do
 525       account =
 526         conn
 527         |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
 528         |> json_response_and_validate_schema(200)
 529
 530       assert account["bot"]
 531       assert account["source"]["pleroma"]["actor_type"] == "Service"
 532     end
 533
 534     test "changing bot field to false changes actor_type to Person", %{conn: conn} do
 535       account =
 536         conn
 537         |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
 538         |> json_response_and_validate_schema(200)
 539
 540       refute account["bot"]
 541       assert account["source"]["pleroma"]["actor_type"] == "Person"
 542     end
 543
 544     test "actor_type field has a higher priority than bot", %{conn: conn} do
 545       account =
 546         conn
 547         |> patch("/api/v1/accounts/update_credentials", %{
 548           actor_type: "Person",
 549           bot: "true"
 550         })
 551         |> json_response_and_validate_schema(200)
 552
 553       refute account["bot"]
 554       assert account["source"]["pleroma"]["actor_type"] == "Person"
 555     end
 556   end
 557 end