ed1921c9145d2b503b6a1c7160bdab4cbba89961
[akkoma] / test / pleroma / web / mastodon_api / update_credentials_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
6 alias Pleroma.Repo
7 alias Pleroma.User
8
9 use Pleroma.Web.ConnCase
10
11 import Mock
12 import Pleroma.Factory
13
14 setup do: clear_config([:instance, :max_account_fields])
15
16 describe "updating credentials" do
17 setup do: oauth_access(["write:accounts"])
18 setup :request_content_type
19
20 test "sets user settings in a generic way", %{conn: conn} do
21 res_conn =
22 patch(conn, "/api/v1/accounts/update_credentials", %{
23 "pleroma_settings_store" => %{
24 pleroma_fe: %{
25 theme: "bla"
26 }
27 }
28 })
29
30 assert user_data = json_response_and_validate_schema(res_conn, 200)
31 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
32
33 user = Repo.get(User, user_data["id"])
34
35 res_conn =
36 conn
37 |> assign(:user, user)
38 |> patch("/api/v1/accounts/update_credentials", %{
39 "pleroma_settings_store" => %{
40 masto_fe: %{
41 theme: "bla"
42 }
43 }
44 })
45
46 assert user_data = json_response_and_validate_schema(res_conn, 200)
47
48 assert user_data["pleroma"]["settings_store"] ==
49 %{
50 "pleroma_fe" => %{"theme" => "bla"},
51 "masto_fe" => %{"theme" => "bla"}
52 }
53
54 user = Repo.get(User, user_data["id"])
55
56 clear_config([:instance, :federating], true)
57
58 with_mock Pleroma.Web.Federator,
59 publish: fn _activity -> :ok end do
60 res_conn =
61 conn
62 |> assign(:user, user)
63 |> patch("/api/v1/accounts/update_credentials", %{
64 "pleroma_settings_store" => %{
65 masto_fe: %{
66 theme: "blub"
67 }
68 }
69 })
70
71 assert user_data = json_response_and_validate_schema(res_conn, 200)
72
73 assert user_data["pleroma"]["settings_store"] ==
74 %{
75 "pleroma_fe" => %{"theme" => "bla"},
76 "masto_fe" => %{"theme" => "blub"}
77 }
78
79 assert_called(Pleroma.Web.Federator.publish(:_))
80 end
81 end
82
83 test "updates the user's bio", %{conn: conn} do
84 user2 = insert(:user)
85
86 raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
87
88 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
89
90 assert user_data = json_response_and_validate_schema(conn, 200)
91
92 assert user_data["note"] ==
93 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
94 user2.id
95 }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
96
97 assert user_data["source"]["note"] == raw_bio
98
99 user = Repo.get(User, user_data["id"])
100
101 assert user.raw_bio == raw_bio
102 end
103
104 test "updates the user's locking status", %{conn: conn} do
105 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
106
107 assert user_data = json_response_and_validate_schema(conn, 200)
108 assert user_data["locked"] == true
109 end
110
111 test "updates the user's chat acceptance status", %{conn: conn} do
112 conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
113
114 assert user_data = json_response_and_validate_schema(conn, 200)
115 assert user_data["pleroma"]["accepts_chat_messages"] == false
116 end
117
118 test "updates the user's allow_following_move", %{user: user, conn: conn} do
119 assert user.allow_following_move == true
120
121 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
122
123 assert refresh_record(user).allow_following_move == false
124 assert user_data = json_response_and_validate_schema(conn, 200)
125 assert user_data["pleroma"]["allow_following_move"] == false
126 end
127
128 test "updates the user's default scope", %{conn: conn} do
129 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
130
131 assert user_data = json_response_and_validate_schema(conn, 200)
132 assert user_data["source"]["privacy"] == "unlisted"
133 end
134
135 test "updates the user's privacy", %{conn: conn} do
136 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
137
138 assert user_data = json_response_and_validate_schema(conn, 200)
139 assert user_data["source"]["privacy"] == "unlisted"
140 end
141
142 test "updates the user's hide_followers status", %{conn: conn} do
143 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
144
145 assert user_data = json_response_and_validate_schema(conn, 200)
146 assert user_data["pleroma"]["hide_followers"] == true
147 end
148
149 test "updates the user's discoverable status", %{conn: conn} do
150 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
151 conn
152 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
153 |> json_response_and_validate_schema(:ok)
154
155 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
156 conn
157 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
158 |> json_response_and_validate_schema(:ok)
159 end
160
161 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
162 conn =
163 patch(conn, "/api/v1/accounts/update_credentials", %{
164 hide_followers_count: "true",
165 hide_follows_count: "true"
166 })
167
168 assert user_data = json_response_and_validate_schema(conn, 200)
169 assert user_data["pleroma"]["hide_followers_count"] == true
170 assert user_data["pleroma"]["hide_follows_count"] == true
171 end
172
173 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
174 response =
175 conn
176 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
177 |> json_response_and_validate_schema(200)
178
179 assert response["pleroma"]["skip_thread_containment"] == true
180 assert refresh_record(user).skip_thread_containment
181 end
182
183 test "updates the user's hide_follows status", %{conn: conn} do
184 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
185
186 assert user_data = json_response_and_validate_schema(conn, 200)
187 assert user_data["pleroma"]["hide_follows"] == true
188 end
189
190 test "updates the user's hide_favorites status", %{conn: conn} do
191 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
192
193 assert user_data = json_response_and_validate_schema(conn, 200)
194 assert user_data["pleroma"]["hide_favorites"] == true
195 end
196
197 test "updates the user's show_role status", %{conn: conn} do
198 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
199
200 assert user_data = json_response_and_validate_schema(conn, 200)
201 assert user_data["source"]["pleroma"]["show_role"] == false
202 end
203
204 test "updates the user's no_rich_text status", %{conn: conn} do
205 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
206
207 assert user_data = json_response_and_validate_schema(conn, 200)
208 assert user_data["source"]["pleroma"]["no_rich_text"] == true
209 end
210
211 test "updates the user's name", %{conn: conn} do
212 conn =
213 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
214
215 assert user_data = json_response_and_validate_schema(conn, 200)
216 assert user_data["display_name"] == "markorepairs"
217
218 update_activity = Repo.one(Pleroma.Activity)
219 assert update_activity.data["type"] == "Update"
220 assert update_activity.data["object"]["name"] == "markorepairs"
221 end
222
223 test "updates the user's avatar", %{user: user, conn: conn} do
224 new_avatar = %Plug.Upload{
225 content_type: "image/jpeg",
226 path: Path.absname("test/fixtures/image.jpg"),
227 filename: "an_image.jpg"
228 }
229
230 assert user.avatar == %{}
231
232 res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
233
234 assert user_response = json_response_and_validate_schema(res, 200)
235 assert user_response["avatar"] != User.avatar_url(user)
236
237 user = User.get_by_id(user.id)
238 refute user.avatar == %{}
239
240 # Also resets it
241 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
242
243 user = User.get_by_id(user.id)
244 assert user.avatar == nil
245 end
246
247 test "updates the user's banner", %{user: user, conn: conn} do
248 new_header = %Plug.Upload{
249 content_type: "image/jpeg",
250 path: Path.absname("test/fixtures/image.jpg"),
251 filename: "an_image.jpg"
252 }
253
254 res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
255
256 assert user_response = json_response_and_validate_schema(res, 200)
257 assert user_response["header"] != User.banner_url(user)
258
259 # Also resets it
260 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
261
262 user = User.get_by_id(user.id)
263 assert user.banner == nil
264 end
265
266 test "updates the user's background", %{conn: conn, user: user} do
267 new_header = %Plug.Upload{
268 content_type: "image/jpeg",
269 path: Path.absname("test/fixtures/image.jpg"),
270 filename: "an_image.jpg"
271 }
272
273 res =
274 patch(conn, "/api/v1/accounts/update_credentials", %{
275 "pleroma_background_image" => new_header
276 })
277
278 assert user_response = json_response_and_validate_schema(res, 200)
279 assert user_response["pleroma"]["background_image"]
280 #
281 # Also resets it
282 _res =
283 patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
284
285 user = User.get_by_id(user.id)
286 assert user.background == nil
287 end
288
289 test "requires 'write:accounts' permission" do
290 token1 = insert(:oauth_token, scopes: ["read"])
291 token2 = insert(:oauth_token, scopes: ["write", "follow"])
292
293 for token <- [token1, token2] do
294 conn =
295 build_conn()
296 |> put_req_header("content-type", "multipart/form-data")
297 |> put_req_header("authorization", "Bearer #{token.token}")
298 |> patch("/api/v1/accounts/update_credentials", %{})
299
300 if token == token1 do
301 assert %{"error" => "Insufficient permissions: write:accounts."} ==
302 json_response_and_validate_schema(conn, 403)
303 else
304 assert json_response_and_validate_schema(conn, 200)
305 end
306 end
307 end
308
309 test "updates profile emojos", %{user: user, conn: conn} do
310 note = "*sips :blank:*"
311 name = "I am :firefox:"
312
313 ret_conn =
314 patch(conn, "/api/v1/accounts/update_credentials", %{
315 "note" => note,
316 "display_name" => name
317 })
318
319 assert json_response_and_validate_schema(ret_conn, 200)
320
321 conn = get(conn, "/api/v1/accounts/#{user.id}")
322
323 assert user_data = json_response_and_validate_schema(conn, 200)
324
325 assert user_data["note"] == note
326 assert user_data["display_name"] == name
327 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
328 end
329
330 test "update fields", %{conn: conn} do
331 fields = [
332 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
333 %{"name" => "link.io", "value" => "cofe.io"}
334 ]
335
336 account_data =
337 conn
338 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
339 |> json_response_and_validate_schema(200)
340
341 assert account_data["fields"] == [
342 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
343 %{
344 "name" => "link.io",
345 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
346 }
347 ]
348
349 assert account_data["source"]["fields"] == [
350 %{
351 "name" => "<a href=\"http://google.com\">foo</a>",
352 "value" => "<script>bar</script>"
353 },
354 %{"name" => "link.io", "value" => "cofe.io"}
355 ]
356 end
357
358 test "emojis in fields labels", %{conn: conn} do
359 fields = [
360 %{"name" => ":firefox:", "value" => "is best 2hu"},
361 %{"name" => "they wins", "value" => ":blank:"}
362 ]
363
364 account_data =
365 conn
366 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
367 |> json_response_and_validate_schema(200)
368
369 assert account_data["fields"] == [
370 %{"name" => ":firefox:", "value" => "is best 2hu"},
371 %{"name" => "they wins", "value" => ":blank:"}
372 ]
373
374 assert account_data["source"]["fields"] == [
375 %{"name" => ":firefox:", "value" => "is best 2hu"},
376 %{"name" => "they wins", "value" => ":blank:"}
377 ]
378
379 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
380 end
381
382 test "update fields via x-www-form-urlencoded", %{conn: conn} do
383 fields =
384 [
385 "fields_attributes[1][name]=link",
386 "fields_attributes[1][value]=http://cofe.io",
387 "fields_attributes[0][name]=foo",
388 "fields_attributes[0][value]=bar"
389 ]
390 |> Enum.join("&")
391
392 account =
393 conn
394 |> put_req_header("content-type", "application/x-www-form-urlencoded")
395 |> patch("/api/v1/accounts/update_credentials", fields)
396 |> json_response_and_validate_schema(200)
397
398 assert account["fields"] == [
399 %{"name" => "foo", "value" => "bar"},
400 %{
401 "name" => "link",
402 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
403 }
404 ]
405
406 assert account["source"]["fields"] == [
407 %{"name" => "foo", "value" => "bar"},
408 %{"name" => "link", "value" => "http://cofe.io"}
409 ]
410 end
411
412 test "update fields with empty name", %{conn: conn} do
413 fields = [
414 %{"name" => "foo", "value" => ""},
415 %{"name" => "", "value" => "bar"}
416 ]
417
418 account =
419 conn
420 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
421 |> json_response_and_validate_schema(200)
422
423 assert account["fields"] == [
424 %{"name" => "foo", "value" => ""}
425 ]
426 end
427
428 test "update fields when invalid request", %{conn: conn} do
429 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
430 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
431
432 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
433 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
434
435 fields = [%{"name" => "foo", "value" => long_value}]
436
437 assert %{"error" => "Invalid request"} ==
438 conn
439 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
440 |> json_response_and_validate_schema(403)
441
442 fields = [%{"name" => long_name, "value" => "bar"}]
443
444 assert %{"error" => "Invalid request"} ==
445 conn
446 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
447 |> json_response_and_validate_schema(403)
448
449 Pleroma.Config.put([:instance, :max_account_fields], 1)
450
451 fields = [
452 %{"name" => "foo", "value" => "bar"},
453 %{"name" => "link", "value" => "cofe.io"}
454 ]
455
456 assert %{"error" => "Invalid request"} ==
457 conn
458 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
459 |> json_response_and_validate_schema(403)
460 end
461 end
462
463 describe "Mark account as bot" do
464 setup do: oauth_access(["write:accounts"])
465 setup :request_content_type
466
467 test "changing actor_type to Service makes account a bot", %{conn: conn} do
468 account =
469 conn
470 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
471 |> json_response_and_validate_schema(200)
472
473 assert account["bot"]
474 assert account["source"]["pleroma"]["actor_type"] == "Service"
475 end
476
477 test "changing actor_type to Person makes account a human", %{conn: conn} do
478 account =
479 conn
480 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
481 |> json_response_and_validate_schema(200)
482
483 refute account["bot"]
484 assert account["source"]["pleroma"]["actor_type"] == "Person"
485 end
486
487 test "changing actor_type to Application causes error", %{conn: conn} do
488 response =
489 conn
490 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
491 |> json_response_and_validate_schema(403)
492
493 assert %{"error" => "Invalid request"} == response
494 end
495
496 test "changing bot field to true changes actor_type to Service", %{conn: conn} do
497 account =
498 conn
499 |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
500 |> json_response_and_validate_schema(200)
501
502 assert account["bot"]
503 assert account["source"]["pleroma"]["actor_type"] == "Service"
504 end
505
506 test "changing bot field to false changes actor_type to Person", %{conn: conn} do
507 account =
508 conn
509 |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
510 |> json_response_and_validate_schema(200)
511
512 refute account["bot"]
513 assert account["source"]["pleroma"]["actor_type"] == "Person"
514 end
515
516 test "actor_type field has a higher priority than bot", %{conn: conn} do
517 account =
518 conn
519 |> patch("/api/v1/accounts/update_credentials", %{
520 actor_type: "Person",
521 bot: "true"
522 })
523 |> json_response_and_validate_schema(200)
524
525 refute account["bot"]
526 assert account["source"]["pleroma"]["actor_type"] == "Person"
527 end
528 end
529 end