v2 Suggestions: actually flter out dismissed suggestions
[akkoma] / test / pleroma / web / mastodon_api / update_credentials_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
6 alias Pleroma.Repo
7 alias Pleroma.User
8
9 use Pleroma.Web.ConnCase
10
11 import Mock
12 import Pleroma.Factory
13
14 describe "updating credentials" do
15 setup do: oauth_access(["write:accounts"])
16 setup :request_content_type
17
18 test "sets user settings in a generic way", %{conn: conn} do
19 res_conn =
20 patch(conn, "/api/v1/accounts/update_credentials", %{
21 "pleroma_settings_store" => %{
22 pleroma_fe: %{
23 theme: "bla"
24 }
25 }
26 })
27
28 assert user_data = json_response_and_validate_schema(res_conn, 200)
29 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
30
31 user = Repo.get(User, user_data["id"])
32
33 res_conn =
34 conn
35 |> assign(:user, user)
36 |> patch("/api/v1/accounts/update_credentials", %{
37 "pleroma_settings_store" => %{
38 masto_fe: %{
39 theme: "bla"
40 }
41 }
42 })
43
44 assert user_data = json_response_and_validate_schema(res_conn, 200)
45
46 assert user_data["pleroma"]["settings_store"] ==
47 %{
48 "pleroma_fe" => %{"theme" => "bla"},
49 "masto_fe" => %{"theme" => "bla"}
50 }
51
52 user = Repo.get(User, user_data["id"])
53
54 clear_config([:instance, :federating], true)
55
56 with_mock Pleroma.Web.Federator,
57 publish: fn _activity -> :ok end do
58 res_conn =
59 conn
60 |> assign(:user, user)
61 |> patch("/api/v1/accounts/update_credentials", %{
62 "pleroma_settings_store" => %{
63 masto_fe: %{
64 theme: "blub"
65 }
66 }
67 })
68
69 assert user_data = json_response_and_validate_schema(res_conn, 200)
70
71 assert user_data["pleroma"]["settings_store"] ==
72 %{
73 "pleroma_fe" => %{"theme" => "bla"},
74 "masto_fe" => %{"theme" => "blub"}
75 }
76
77 assert_called(Pleroma.Web.Federator.publish(:_))
78 end
79 end
80
81 test "updates the user's bio", %{conn: conn} do
82 user2 = insert(:user)
83
84 raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
85
86 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
87
88 assert user_data = json_response_and_validate_schema(conn, 200)
89
90 assert user_data["note"] ==
91 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
92 user2.id
93 }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
94
95 assert user_data["source"]["note"] == raw_bio
96
97 user = Repo.get(User, user_data["id"])
98
99 assert user.raw_bio == raw_bio
100 end
101
102 test "updates the user's locking status", %{conn: conn} do
103 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
104
105 assert user_data = json_response_and_validate_schema(conn, 200)
106 assert user_data["locked"] == true
107 end
108
109 test "updates the user's chat acceptance status", %{conn: conn} do
110 conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
111
112 assert user_data = json_response_and_validate_schema(conn, 200)
113 assert user_data["pleroma"]["accepts_chat_messages"] == false
114 end
115
116 test "updates the user's allow_following_move", %{user: user, conn: conn} do
117 assert user.allow_following_move == true
118
119 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
120
121 assert refresh_record(user).allow_following_move == false
122 assert user_data = json_response_and_validate_schema(conn, 200)
123 assert user_data["pleroma"]["allow_following_move"] == false
124 end
125
126 test "updates the user's default scope", %{conn: conn} do
127 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
128
129 assert user_data = json_response_and_validate_schema(conn, 200)
130 assert user_data["source"]["privacy"] == "unlisted"
131 end
132
133 test "updates the user's privacy", %{conn: conn} do
134 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
135
136 assert user_data = json_response_and_validate_schema(conn, 200)
137 assert user_data["source"]["privacy"] == "unlisted"
138 end
139
140 test "updates the user's hide_followers status", %{conn: conn} do
141 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
142
143 assert user_data = json_response_and_validate_schema(conn, 200)
144 assert user_data["pleroma"]["hide_followers"] == true
145 end
146
147 test "updates the user's discoverable status", %{conn: conn} do
148 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
149 conn
150 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
151 |> json_response_and_validate_schema(:ok)
152
153 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
154 conn
155 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
156 |> json_response_and_validate_schema(:ok)
157 end
158
159 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
160 conn =
161 patch(conn, "/api/v1/accounts/update_credentials", %{
162 hide_followers_count: "true",
163 hide_follows_count: "true"
164 })
165
166 assert user_data = json_response_and_validate_schema(conn, 200)
167 assert user_data["pleroma"]["hide_followers_count"] == true
168 assert user_data["pleroma"]["hide_follows_count"] == true
169 end
170
171 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
172 response =
173 conn
174 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
175 |> json_response_and_validate_schema(200)
176
177 assert response["pleroma"]["skip_thread_containment"] == true
178 assert refresh_record(user).skip_thread_containment
179 end
180
181 test "updates the user's hide_follows status", %{conn: conn} do
182 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
183
184 assert user_data = json_response_and_validate_schema(conn, 200)
185 assert user_data["pleroma"]["hide_follows"] == true
186 end
187
188 test "updates the user's hide_favorites status", %{conn: conn} do
189 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
190
191 assert user_data = json_response_and_validate_schema(conn, 200)
192 assert user_data["pleroma"]["hide_favorites"] == true
193 end
194
195 test "updates the user's show_role status", %{conn: conn} do
196 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
197
198 assert user_data = json_response_and_validate_schema(conn, 200)
199 assert user_data["source"]["pleroma"]["show_role"] == false
200 end
201
202 test "updates the user's no_rich_text status", %{conn: conn} do
203 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
204
205 assert user_data = json_response_and_validate_schema(conn, 200)
206 assert user_data["source"]["pleroma"]["no_rich_text"] == true
207 end
208
209 test "updates the user's name", %{conn: conn} do
210 conn =
211 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
212
213 assert user_data = json_response_and_validate_schema(conn, 200)
214 assert user_data["display_name"] == "markorepairs"
215
216 update_activity = Repo.one(Pleroma.Activity)
217 assert update_activity.data["type"] == "Update"
218 assert update_activity.data["object"]["name"] == "markorepairs"
219 end
220
221 test "updates the user's AKAs", %{conn: conn} do
222 conn =
223 patch(conn, "/api/v1/accounts/update_credentials", %{
224 "also_known_as" => ["https://mushroom.kingdom/users/mario"]
225 })
226
227 assert user_data = json_response_and_validate_schema(conn, 200)
228 assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
229 end
230
231 test "doesn't update non-url akas", %{conn: conn} do
232 conn =
233 patch(conn, "/api/v1/accounts/update_credentials", %{
234 "also_known_as" => ["aReallyCoolGuy"]
235 })
236
237 assert json_response_and_validate_schema(conn, 403)
238 end
239
240 test "updates the user's avatar", %{user: user, conn: conn} do
241 new_avatar = %Plug.Upload{
242 content_type: "image/jpeg",
243 path: Path.absname("test/fixtures/image.jpg"),
244 filename: "an_image.jpg"
245 }
246
247 assert user.avatar == %{}
248
249 res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
250
251 assert user_response = json_response_and_validate_schema(res, 200)
252 assert user_response["avatar"] != User.avatar_url(user)
253
254 user = User.get_by_id(user.id)
255 refute user.avatar == %{}
256
257 # Also resets it
258 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
259
260 user = User.get_by_id(user.id)
261 assert user.avatar == nil
262 end
263
264 test "updates the user's banner", %{user: user, conn: conn} do
265 new_header = %Plug.Upload{
266 content_type: "image/jpeg",
267 path: Path.absname("test/fixtures/image.jpg"),
268 filename: "an_image.jpg"
269 }
270
271 res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
272
273 assert user_response = json_response_and_validate_schema(res, 200)
274 assert user_response["header"] != User.banner_url(user)
275
276 # Also resets it
277 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
278
279 user = User.get_by_id(user.id)
280 assert user.banner == nil
281 end
282
283 test "updates the user's background", %{conn: conn, user: user} do
284 new_header = %Plug.Upload{
285 content_type: "image/jpeg",
286 path: Path.absname("test/fixtures/image.jpg"),
287 filename: "an_image.jpg"
288 }
289
290 res =
291 patch(conn, "/api/v1/accounts/update_credentials", %{
292 "pleroma_background_image" => new_header
293 })
294
295 assert user_response = json_response_and_validate_schema(res, 200)
296 assert user_response["pleroma"]["background_image"]
297 #
298 # Also resets it
299 _res =
300 patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
301
302 user = User.get_by_id(user.id)
303 assert user.background == nil
304 end
305
306 test "requires 'write:accounts' permission" do
307 token1 = insert(:oauth_token, scopes: ["read"])
308 token2 = insert(:oauth_token, scopes: ["write", "follow"])
309
310 for token <- [token1, token2] do
311 conn =
312 build_conn()
313 |> put_req_header("content-type", "multipart/form-data")
314 |> put_req_header("authorization", "Bearer #{token.token}")
315 |> patch("/api/v1/accounts/update_credentials", %{})
316
317 if token == token1 do
318 assert %{"error" => "Insufficient permissions: write:accounts."} ==
319 json_response_and_validate_schema(conn, 403)
320 else
321 assert json_response_and_validate_schema(conn, 200)
322 end
323 end
324 end
325
326 test "updates profile emojos", %{user: user, conn: conn} do
327 note = "*sips :blank:*"
328 name = "I am :firefox:"
329
330 ret_conn =
331 patch(conn, "/api/v1/accounts/update_credentials", %{
332 "note" => note,
333 "display_name" => name
334 })
335
336 assert json_response_and_validate_schema(ret_conn, 200)
337
338 conn = get(conn, "/api/v1/accounts/#{user.id}")
339
340 assert user_data = json_response_and_validate_schema(conn, 200)
341
342 assert user_data["note"] == note
343 assert user_data["display_name"] == name
344 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
345 end
346
347 test "update fields", %{conn: conn} do
348 fields = [
349 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
350 %{"name" => "link.io", "value" => "cofe.io"}
351 ]
352
353 account_data =
354 conn
355 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
356 |> json_response_and_validate_schema(200)
357
358 assert account_data["fields"] == [
359 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
360 %{
361 "name" => "link.io",
362 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
363 }
364 ]
365
366 assert account_data["source"]["fields"] == [
367 %{
368 "name" => "<a href=\"http://google.com\">foo</a>",
369 "value" => "<script>bar</script>"
370 },
371 %{"name" => "link.io", "value" => "cofe.io"}
372 ]
373 end
374
375 test "emojis in fields labels", %{conn: conn} do
376 fields = [
377 %{"name" => ":firefox:", "value" => "is best 2hu"},
378 %{"name" => "they wins", "value" => ":blank:"}
379 ]
380
381 account_data =
382 conn
383 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
384 |> json_response_and_validate_schema(200)
385
386 assert account_data["fields"] == [
387 %{"name" => ":firefox:", "value" => "is best 2hu"},
388 %{"name" => "they wins", "value" => ":blank:"}
389 ]
390
391 assert account_data["source"]["fields"] == [
392 %{"name" => ":firefox:", "value" => "is best 2hu"},
393 %{"name" => "they wins", "value" => ":blank:"}
394 ]
395
396 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
397 end
398
399 test "update fields via x-www-form-urlencoded", %{conn: conn} do
400 fields =
401 [
402 "fields_attributes[1][name]=link",
403 "fields_attributes[1][value]=http://cofe.io",
404 "fields_attributes[0][name]=foo",
405 "fields_attributes[0][value]=bar"
406 ]
407 |> Enum.join("&")
408
409 account =
410 conn
411 |> put_req_header("content-type", "application/x-www-form-urlencoded")
412 |> patch("/api/v1/accounts/update_credentials", fields)
413 |> json_response_and_validate_schema(200)
414
415 assert account["fields"] == [
416 %{"name" => "foo", "value" => "bar"},
417 %{
418 "name" => "link",
419 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
420 }
421 ]
422
423 assert account["source"]["fields"] == [
424 %{"name" => "foo", "value" => "bar"},
425 %{"name" => "link", "value" => "http://cofe.io"}
426 ]
427 end
428
429 test "update fields with empty name", %{conn: conn} do
430 fields = [
431 %{"name" => "foo", "value" => ""},
432 %{"name" => "", "value" => "bar"}
433 ]
434
435 account =
436 conn
437 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
438 |> json_response_and_validate_schema(200)
439
440 assert account["fields"] == [
441 %{"name" => "foo", "value" => ""}
442 ]
443 end
444
445 test "update fields when invalid request", %{conn: conn} do
446 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
447 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
448
449 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
450 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
451
452 fields = [%{"name" => "foo", "value" => long_value}]
453
454 assert %{"error" => "Invalid request"} ==
455 conn
456 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
457 |> json_response_and_validate_schema(403)
458
459 fields = [%{"name" => long_name, "value" => "bar"}]
460
461 assert %{"error" => "Invalid request"} ==
462 conn
463 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
464 |> json_response_and_validate_schema(403)
465
466 clear_config([:instance, :max_account_fields], 1)
467
468 fields = [
469 %{"name" => "foo", "value" => "bar"},
470 %{"name" => "link", "value" => "cofe.io"}
471 ]
472
473 assert %{"error" => "Invalid request"} ==
474 conn
475 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
476 |> json_response_and_validate_schema(403)
477 end
478 end
479
480 describe "Mark account as bot" do
481 setup do: oauth_access(["write:accounts"])
482 setup :request_content_type
483
484 test "changing actor_type to Service makes account a bot", %{conn: conn} do
485 account =
486 conn
487 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
488 |> json_response_and_validate_schema(200)
489
490 assert account["bot"]
491 assert account["source"]["pleroma"]["actor_type"] == "Service"
492 end
493
494 test "changing actor_type to Person makes account a human", %{conn: conn} do
495 account =
496 conn
497 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
498 |> json_response_and_validate_schema(200)
499
500 refute account["bot"]
501 assert account["source"]["pleroma"]["actor_type"] == "Person"
502 end
503
504 test "changing actor_type to Application causes error", %{conn: conn} do
505 response =
506 conn
507 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
508 |> json_response_and_validate_schema(403)
509
510 assert %{"error" => "Invalid request"} == response
511 end
512
513 test "changing bot field to true changes actor_type to Service", %{conn: conn} do
514 account =
515 conn
516 |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
517 |> json_response_and_validate_schema(200)
518
519 assert account["bot"]
520 assert account["source"]["pleroma"]["actor_type"] == "Service"
521 end
522
523 test "changing bot field to false changes actor_type to Person", %{conn: conn} do
524 account =
525 conn
526 |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
527 |> json_response_and_validate_schema(200)
528
529 refute account["bot"]
530 assert account["source"]["pleroma"]["actor_type"] == "Person"
531 end
532
533 test "actor_type field has a higher priority than bot", %{conn: conn} do
534 account =
535 conn
536 |> patch("/api/v1/accounts/update_credentials", %{
537 actor_type: "Person",
538 bot: "true"
539 })
540 |> json_response_and_validate_schema(200)
541
542 refute account["bot"]
543 assert account["source"]["pleroma"]["actor_type"] == "Person"
544 end
545 end
546 end