1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
12 import Pleroma.Factory
14 describe "updating credentials" do
15 setup do: oauth_access(["write:accounts"])
16 setup :request_content_type
18 test "sets user settings in a generic way", %{conn: conn} do
20 patch(conn, "/api/v1/accounts/update_credentials", %{
21 "pleroma_settings_store" => %{
28 assert user_data = json_response_and_validate_schema(res_conn, 200)
29 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
31 user = Repo.get(User, user_data["id"])
35 |> assign(:user, user)
36 |> patch("/api/v1/accounts/update_credentials", %{
37 "pleroma_settings_store" => %{
44 assert user_data = json_response_and_validate_schema(res_conn, 200)
46 assert user_data["pleroma"]["settings_store"] ==
48 "pleroma_fe" => %{"theme" => "bla"},
49 "masto_fe" => %{"theme" => "bla"}
52 user = Repo.get(User, user_data["id"])
54 clear_config([:instance, :federating], true)
56 with_mock Pleroma.Web.Federator,
57 publish: fn _activity -> :ok end do
60 |> assign(:user, user)
61 |> patch("/api/v1/accounts/update_credentials", %{
62 "pleroma_settings_store" => %{
69 assert user_data = json_response_and_validate_schema(res_conn, 200)
71 assert user_data["pleroma"]["settings_store"] ==
73 "pleroma_fe" => %{"theme" => "bla"},
74 "masto_fe" => %{"theme" => "blub"}
77 assert_called(Pleroma.Web.Federator.publish(:_))
81 test "updates the user's bio", %{conn: conn} do
84 raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
86 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
88 assert user_data = json_response_and_validate_schema(conn, 200)
90 assert user_data["note"] ==
91 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{user2.id}" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
93 assert user_data["source"]["note"] == raw_bio
95 user = Repo.get(User, user_data["id"])
97 assert user.raw_bio == raw_bio
100 test "updates the user's locking status", %{conn: conn} do
101 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
103 assert user_data = json_response_and_validate_schema(conn, 200)
104 assert user_data["locked"] == true
107 test "updates the user's allow_following_move", %{user: user, conn: conn} do
108 assert user.allow_following_move == true
110 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
112 assert refresh_record(user).allow_following_move == false
113 assert user_data = json_response_and_validate_schema(conn, 200)
114 assert user_data["pleroma"]["allow_following_move"] == false
117 test "updates the user's default scope", %{conn: conn} do
118 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
120 assert user_data = json_response_and_validate_schema(conn, 200)
121 assert user_data["source"]["privacy"] == "unlisted"
124 test "updates the user's privacy", %{conn: conn} do
125 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
127 assert user_data = json_response_and_validate_schema(conn, 200)
128 assert user_data["source"]["privacy"] == "unlisted"
131 test "updates the user's hide_followers status", %{conn: conn} do
132 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
134 assert user_data = json_response_and_validate_schema(conn, 200)
135 assert user_data["pleroma"]["hide_followers"] == true
138 test "updates the user's discoverable status", %{conn: conn} do
139 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
141 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
142 |> json_response_and_validate_schema(:ok)
144 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
146 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
147 |> json_response_and_validate_schema(:ok)
150 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
152 patch(conn, "/api/v1/accounts/update_credentials", %{
153 hide_followers_count: "true",
154 hide_follows_count: "true"
157 assert user_data = json_response_and_validate_schema(conn, 200)
158 assert user_data["pleroma"]["hide_followers_count"] == true
159 assert user_data["pleroma"]["hide_follows_count"] == true
162 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
165 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
166 |> json_response_and_validate_schema(200)
168 assert response["pleroma"]["skip_thread_containment"] == true
169 assert refresh_record(user).skip_thread_containment
172 test "updates the user's hide_follows status", %{conn: conn} do
173 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
175 assert user_data = json_response_and_validate_schema(conn, 200)
176 assert user_data["pleroma"]["hide_follows"] == true
179 test "updates the user's hide_favorites status", %{conn: conn} do
180 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
182 assert user_data = json_response_and_validate_schema(conn, 200)
183 assert user_data["pleroma"]["hide_favorites"] == true
186 test "updates the user's show_role status", %{conn: conn} do
187 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
189 assert user_data = json_response_and_validate_schema(conn, 200)
190 assert user_data["source"]["pleroma"]["show_role"] == false
193 test "updates the user's no_rich_text status", %{conn: conn} do
194 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
196 assert user_data = json_response_and_validate_schema(conn, 200)
197 assert user_data["source"]["pleroma"]["no_rich_text"] == true
200 test "updates the user's name", %{conn: conn} do
202 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
204 assert user_data = json_response_and_validate_schema(conn, 200)
205 assert user_data["display_name"] == "markorepairs"
207 update_activity = Repo.one(Pleroma.Activity)
208 assert update_activity.data["type"] == "Update"
209 assert update_activity.data["object"]["name"] == "markorepairs"
212 test "updates the user's default post expiry", %{conn: conn} do
213 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "1"})
215 assert user_data = json_response_and_validate_schema(conn, 200)
216 assert user_data["akkoma"]["status_ttl_days"] == 1
219 test "resets the user's default post expiry", %{conn: conn} do
220 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "-1"})
222 assert user_data = json_response_and_validate_schema(conn, 200)
223 assert is_nil(user_data["akkoma"]["status_ttl_days"])
226 test "does not allow negative integers other than -1 for TTL", %{conn: conn} do
227 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"status_ttl_days" => "-2"})
229 assert json_response_and_validate_schema(conn, 403)
232 test "updates the user's AKAs", %{conn: conn} do
234 patch(conn, "/api/v1/accounts/update_credentials", %{
235 "also_known_as" => ["https://mushroom.kingdom/users/mario"]
238 assert user_data = json_response_and_validate_schema(conn, 200)
239 assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
242 test "doesn't update non-url akas", %{conn: conn} do
244 patch(conn, "/api/v1/accounts/update_credentials", %{
245 "also_known_as" => ["aReallyCoolGuy"]
248 assert json_response_and_validate_schema(conn, 403)
251 test "updates the user's avatar", %{user: user, conn: conn} do
252 new_avatar = %Plug.Upload{
253 content_type: "image/jpeg",
254 path: Path.absname("test/fixtures/image.jpg"),
255 filename: "an_image.jpg"
258 assert user.avatar == %{}
260 res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
262 assert user_response = json_response_and_validate_schema(res, 200)
263 assert user_response["avatar"] != User.avatar_url(user)
265 user = User.get_by_id(user.id)
266 refute user.avatar == %{}
269 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
271 user = User.get_by_id(user.id)
272 assert user.avatar == nil
275 test "updates the user's avatar, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
276 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
279 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
281 new_avatar_oversized = %Plug.Upload{
283 path: Path.absname("test/tmp/large_binary.data"),
284 filename: "large_binary.data"
287 assert user.avatar == %{}
290 patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar_oversized})
292 assert user_response = json_response_and_validate_schema(res, 413)
293 assert user_response["avatar"] != User.avatar_url(user)
295 user = User.get_by_id(user.id)
296 assert user.avatar == %{}
298 clear_config([:instance, :upload_limit], upload_limit)
300 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
303 test "updates the user's banner", %{user: user, conn: conn} do
304 new_header = %Plug.Upload{
305 content_type: "image/jpeg",
306 path: Path.absname("test/fixtures/image.jpg"),
307 filename: "an_image.jpg"
310 res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
312 assert user_response = json_response_and_validate_schema(res, 200)
313 assert user_response["header"] != User.banner_url(user)
316 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
318 user = User.get_by_id(user.id)
319 assert user.banner == nil
322 test "updates the user's banner, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
323 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
326 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
328 new_header_oversized = %Plug.Upload{
330 path: Path.absname("test/tmp/large_binary.data"),
331 filename: "large_binary.data"
335 patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header_oversized})
337 assert user_response = json_response_and_validate_schema(res, 413)
338 assert user_response["header"] != User.banner_url(user)
340 user = User.get_by_id(user.id)
341 assert user.banner == %{}
343 clear_config([:instance, :upload_limit], upload_limit)
345 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
348 test "updates the user's background", %{conn: conn, user: user} do
349 new_header = %Plug.Upload{
350 content_type: "image/jpeg",
351 path: Path.absname("test/fixtures/image.jpg"),
352 filename: "an_image.jpg"
356 patch(conn, "/api/v1/accounts/update_credentials", %{
357 "pleroma_background_image" => new_header
360 assert user_response = json_response_and_validate_schema(res, 200)
361 assert user_response["pleroma"]["background_image"]
365 patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
367 user = User.get_by_id(user.id)
368 assert user.background == nil
371 test "updates the user's background, upload_limit, returns a HTTP 413", %{
375 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
378 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
380 new_background_oversized = %Plug.Upload{
382 path: Path.absname("test/tmp/large_binary.data"),
383 filename: "large_binary.data"
387 patch(conn, "/api/v1/accounts/update_credentials", %{
388 "pleroma_background_image" => new_background_oversized
391 assert json_response_and_validate_schema(res, 413)
392 assert user.background == %{}
394 clear_config([:instance, :upload_limit], upload_limit)
396 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
399 test "Strip / from upload files", %{user: user, conn: conn} do
400 new_image = %Plug.Upload{
401 content_type: "image/jpeg",
402 path: Path.absname("test/fixtures/image.jpg"),
403 filename: "../../../../nested/an_image.jpg"
406 assert user.avatar == %{}
409 patch(conn, "/api/v1/accounts/update_credentials", %{
410 "avatar" => new_image,
411 "header" => new_image,
412 "pleroma_background_image" => new_image
415 assert user_response = json_response_and_validate_schema(res, 200)
416 assert user_response["avatar"]
417 assert user_response["header"]
418 assert user_response["pleroma"]["background_image"]
419 refute Regex.match?(~r"/nested/", user_response["avatar"])
420 refute Regex.match?(~r"/nested/", user_response["header"])
421 refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
423 user = User.get_by_id(user.id)
424 refute user.avatar == %{}
427 test "requires 'write:accounts' permission" do
428 token1 = insert(:oauth_token, scopes: ["read"])
429 token2 = insert(:oauth_token, scopes: ["write", "follow"])
431 for token <- [token1, token2] do
434 |> put_req_header("content-type", "multipart/form-data")
435 |> put_req_header("authorization", "Bearer #{token.token}")
436 |> patch("/api/v1/accounts/update_credentials", %{})
438 if token == token1 do
439 assert %{"error" => "Insufficient permissions: write:accounts."} ==
440 json_response_and_validate_schema(conn, 403)
442 assert json_response_and_validate_schema(conn, 200)
447 test "updates profile emojos", %{user: user, conn: conn} do
448 note = "*sips :blank:*"
449 name = "I am :firefox:"
452 patch(conn, "/api/v1/accounts/update_credentials", %{
454 "display_name" => name
457 assert json_response_and_validate_schema(ret_conn, 200)
459 conn = get(conn, "/api/v1/accounts/#{user.id}")
461 assert user_data = json_response_and_validate_schema(conn, 200)
463 assert user_data["note"] == note
464 assert user_data["display_name"] == name
465 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
468 test "update fields", %{conn: conn} do
470 %{name: "<a href=\"http://google.com\">foo</a>", value: "<script>bar</script>"},
471 %{name: "link.io", value: "cofe.io"}
476 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
477 |> json_response_and_validate_schema(200)
479 assert account_data["fields"] == [
480 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
483 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
487 assert account_data["source"]["fields"] == [
489 "name" => "<a href=\"http://google.com\">foo</a>",
490 "value" => "<script>bar</script>"
492 %{"name" => "link.io", "value" => "cofe.io"}
496 test "update fields with a link to content with rel=me, with ap id", %{user: user, conn: conn} do
498 %{url: "http://example.com/rel_me/ap_id"} ->
501 body: ~s[<html><head><link rel="me" href="#{user.ap_id}"></head></html>]
505 field = %{name: "Website", value: "http://example.com/rel_me/ap_id"}
509 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: [field]})
510 |> json_response_and_validate_schema(200)
516 ~s[<a href="http://example.com/rel_me/ap_id" rel="ugc">http://example.com/rel_me/ap_id</a>],
517 "verified_at" => verified_at
519 ] = account_data["fields"]
521 {:ok, verified_at, _} = DateTime.from_iso8601(verified_at)
522 assert DateTime.diff(DateTime.utc_now(), verified_at) < 10
525 test "update fields with a link to content with rel=me, with frontend path", %{
529 fe_url = "#{Pleroma.Web.Endpoint.url()}/#{user.nickname}"
532 %{url: "http://example.com/rel_me/fe_path"} ->
535 body: ~s[<html><head><link rel="me" href="#{fe_url}"></head></html>]
539 field = %{name: "Website", value: "http://example.com/rel_me/fe_path"}
543 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: [field]})
544 |> json_response_and_validate_schema(200)
550 ~s[<a href="http://example.com/rel_me/fe_path" rel="ugc">http://example.com/rel_me/fe_path</a>],
551 "verified_at" => verified_at
553 ] = account_data["fields"]
555 {:ok, verified_at, _} = DateTime.from_iso8601(verified_at)
556 assert DateTime.diff(DateTime.utc_now(), verified_at) < 10
559 test "emojis in fields labels", %{conn: conn} do
561 %{name: ":firefox:", value: "is best 2hu"},
562 %{name: "they wins", value: ":blank:"}
567 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
568 |> json_response_and_validate_schema(200)
570 assert account_data["fields"] == [
571 %{"name" => ":firefox:", "value" => "is best 2hu"},
572 %{"name" => "they wins", "value" => ":blank:"}
575 assert account_data["source"]["fields"] == [
576 %{"name" => ":firefox:", "value" => "is best 2hu"},
577 %{"name" => "they wins", "value" => ":blank:"}
580 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
583 test "update fields via x-www-form-urlencoded", %{conn: conn} do
586 "fields_attributes[1][name]=link",
587 "fields_attributes[1][value]=http://cofe.io",
588 "fields_attributes[0][name]=foo",
589 "fields_attributes[0][value]=bar"
595 |> put_req_header("content-type", "application/x-www-form-urlencoded")
596 |> patch("/api/v1/accounts/update_credentials", fields)
597 |> json_response_and_validate_schema(200)
599 assert account["fields"] == [
600 %{"name" => "foo", "value" => "bar"},
603 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
607 assert account["source"]["fields"] == [
608 %{"name" => "foo", "value" => "bar"},
609 %{"name" => "link", "value" => "http://cofe.io"}
613 test "update fields with empty name", %{conn: conn} do
615 %{name: "foo", value: ""},
616 %{name: "", value: "bar"}
621 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
622 |> json_response_and_validate_schema(200)
624 assert account["fields"] == [
625 %{"name" => "foo", "value" => ""}
629 test "update fields when invalid request", %{conn: conn} do
630 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
631 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
633 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
634 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
636 fields = [%{name: "foo", value: long_value}]
638 assert %{"error" => "Invalid request"} ==
640 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
641 |> json_response_and_validate_schema(403)
643 fields = [%{name: long_name, value: "bar"}]
645 assert %{"error" => "Invalid request"} ==
647 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
648 |> json_response_and_validate_schema(403)
650 clear_config([:instance, :max_account_fields], 1)
653 %{name: "foo", value: "bar"},
654 %{"name" => "link", "value" => "cofe.io"}
657 assert %{"error" => "Invalid request"} ==
659 |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: fields})
660 |> json_response_and_validate_schema(403)
664 describe "Mark account as bot" do
665 setup do: oauth_access(["write:accounts"])
666 setup :request_content_type
668 test "changing actor_type to Service makes account a bot", %{conn: conn} do
671 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
672 |> json_response_and_validate_schema(200)
674 assert account["bot"]
675 assert account["source"]["pleroma"]["actor_type"] == "Service"
678 test "changing actor_type to Person makes account a human", %{conn: conn} do
681 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
682 |> json_response_and_validate_schema(200)
684 refute account["bot"]
685 assert account["source"]["pleroma"]["actor_type"] == "Person"
688 test "changing actor_type to Application causes error", %{conn: conn} do
691 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
692 |> json_response_and_validate_schema(403)
694 assert %{"error" => "Invalid request"} == response
697 test "changing bot field to true changes actor_type to Service", %{conn: conn} do
700 |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
701 |> json_response_and_validate_schema(200)
703 assert account["bot"]
704 assert account["source"]["pleroma"]["actor_type"] == "Service"
707 test "changing bot field to false changes actor_type to Person", %{conn: conn} do
710 |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
711 |> json_response_and_validate_schema(200)
713 refute account["bot"]
714 assert account["source"]["pleroma"]["actor_type"] == "Person"
717 test "actor_type field has a higher priority than bot", %{conn: conn} do
720 |> patch("/api/v1/accounts/update_credentials", %{
721 actor_type: "Person",
724 |> json_response_and_validate_schema(200)
726 refute account["bot"]
727 assert account["source"]["pleroma"]["actor_type"] == "Person"
projects / akkoma / blob