1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
12 import Pleroma.Factory
14 describe "updating credentials" do
15 setup do: oauth_access(["write:accounts"])
16 setup :request_content_type
18 test "sets user settings in a generic way", %{conn: conn} do
20 patch(conn, "/api/v1/accounts/update_credentials", %{
21 "pleroma_settings_store" => %{
28 assert user_data = json_response_and_validate_schema(res_conn, 200)
29 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
31 user = Repo.get(User, user_data["id"])
35 |> assign(:user, user)
36 |> patch("/api/v1/accounts/update_credentials", %{
37 "pleroma_settings_store" => %{
44 assert user_data = json_response_and_validate_schema(res_conn, 200)
46 assert user_data["pleroma"]["settings_store"] ==
48 "pleroma_fe" => %{"theme" => "bla"},
49 "masto_fe" => %{"theme" => "bla"}
52 user = Repo.get(User, user_data["id"])
54 clear_config([:instance, :federating], true)
56 with_mock Pleroma.Web.Federator,
57 publish: fn _activity -> :ok end do
60 |> assign(:user, user)
61 |> patch("/api/v1/accounts/update_credentials", %{
62 "pleroma_settings_store" => %{
69 assert user_data = json_response_and_validate_schema(res_conn, 200)
71 assert user_data["pleroma"]["settings_store"] ==
73 "pleroma_fe" => %{"theme" => "bla"},
74 "masto_fe" => %{"theme" => "blub"}
77 assert_called(Pleroma.Web.Federator.publish(:_))
81 test "updates the user's bio", %{conn: conn} do
84 raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
86 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
88 assert user_data = json_response_and_validate_schema(conn, 200)
90 assert user_data["note"] ==
91 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
93 }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
95 assert user_data["source"]["note"] == raw_bio
97 user = Repo.get(User, user_data["id"])
99 assert user.raw_bio == raw_bio
102 test "updates the user's locking status", %{conn: conn} do
103 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
105 assert user_data = json_response_and_validate_schema(conn, 200)
106 assert user_data["locked"] == true
109 test "updates the user's chat acceptance status", %{conn: conn} do
110 conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
112 assert user_data = json_response_and_validate_schema(conn, 200)
113 assert user_data["pleroma"]["accepts_chat_messages"] == false
116 test "updates the user's allow_following_move", %{user: user, conn: conn} do
117 assert user.allow_following_move == true
119 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
121 assert refresh_record(user).allow_following_move == false
122 assert user_data = json_response_and_validate_schema(conn, 200)
123 assert user_data["pleroma"]["allow_following_move"] == false
126 test "updates the user's default scope", %{conn: conn} do
127 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
129 assert user_data = json_response_and_validate_schema(conn, 200)
130 assert user_data["source"]["privacy"] == "unlisted"
133 test "updates the user's privacy", %{conn: conn} do
134 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
136 assert user_data = json_response_and_validate_schema(conn, 200)
137 assert user_data["source"]["privacy"] == "unlisted"
140 test "updates the user's hide_followers status", %{conn: conn} do
141 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
143 assert user_data = json_response_and_validate_schema(conn, 200)
144 assert user_data["pleroma"]["hide_followers"] == true
147 test "updates the user's discoverable status", %{conn: conn} do
148 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
150 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
151 |> json_response_and_validate_schema(:ok)
153 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
155 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
156 |> json_response_and_validate_schema(:ok)
159 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
161 patch(conn, "/api/v1/accounts/update_credentials", %{
162 hide_followers_count: "true",
163 hide_follows_count: "true"
166 assert user_data = json_response_and_validate_schema(conn, 200)
167 assert user_data["pleroma"]["hide_followers_count"] == true
168 assert user_data["pleroma"]["hide_follows_count"] == true
171 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
174 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
175 |> json_response_and_validate_schema(200)
177 assert response["pleroma"]["skip_thread_containment"] == true
178 assert refresh_record(user).skip_thread_containment
181 test "updates the user's hide_follows status", %{conn: conn} do
182 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
184 assert user_data = json_response_and_validate_schema(conn, 200)
185 assert user_data["pleroma"]["hide_follows"] == true
188 test "updates the user's hide_favorites status", %{conn: conn} do
189 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
191 assert user_data = json_response_and_validate_schema(conn, 200)
192 assert user_data["pleroma"]["hide_favorites"] == true
195 test "updates the user's show_role status", %{conn: conn} do
196 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
198 assert user_data = json_response_and_validate_schema(conn, 200)
199 assert user_data["source"]["pleroma"]["show_role"] == false
202 test "updates the user's no_rich_text status", %{conn: conn} do
203 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
205 assert user_data = json_response_and_validate_schema(conn, 200)
206 assert user_data["source"]["pleroma"]["no_rich_text"] == true
209 test "updates the user's name", %{conn: conn} do
211 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
213 assert user_data = json_response_and_validate_schema(conn, 200)
214 assert user_data["display_name"] == "markorepairs"
216 update_activity = Repo.one(Pleroma.Activity)
217 assert update_activity.data["type"] == "Update"
218 assert update_activity.data["object"]["name"] == "markorepairs"
221 test "updates the user's AKAs", %{conn: conn} do
223 patch(conn, "/api/v1/accounts/update_credentials", %{
224 "also_known_as" => ["https://mushroom.kingdom/users/mario"]
227 assert user_data = json_response_and_validate_schema(conn, 200)
228 assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
231 test "updates the user's avatar", %{user: user, conn: conn} do
232 new_avatar = %Plug.Upload{
233 content_type: "image/jpeg",
234 path: Path.absname("test/fixtures/image.jpg"),
235 filename: "an_image.jpg"
238 assert user.avatar == %{}
240 res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
242 assert user_response = json_response_and_validate_schema(res, 200)
243 assert user_response["avatar"] != User.avatar_url(user)
245 user = User.get_by_id(user.id)
246 refute user.avatar == %{}
249 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
251 user = User.get_by_id(user.id)
252 assert user.avatar == nil
255 test "updates the user's banner", %{user: user, conn: conn} do
256 new_header = %Plug.Upload{
257 content_type: "image/jpeg",
258 path: Path.absname("test/fixtures/image.jpg"),
259 filename: "an_image.jpg"
262 res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
264 assert user_response = json_response_and_validate_schema(res, 200)
265 assert user_response["header"] != User.banner_url(user)
268 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
270 user = User.get_by_id(user.id)
271 assert user.banner == nil
274 test "updates the user's background", %{conn: conn, user: user} do
275 new_header = %Plug.Upload{
276 content_type: "image/jpeg",
277 path: Path.absname("test/fixtures/image.jpg"),
278 filename: "an_image.jpg"
282 patch(conn, "/api/v1/accounts/update_credentials", %{
283 "pleroma_background_image" => new_header
286 assert user_response = json_response_and_validate_schema(res, 200)
287 assert user_response["pleroma"]["background_image"]
291 patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
293 user = User.get_by_id(user.id)
294 assert user.background == nil
297 test "requires 'write:accounts' permission" do
298 token1 = insert(:oauth_token, scopes: ["read"])
299 token2 = insert(:oauth_token, scopes: ["write", "follow"])
301 for token <- [token1, token2] do
304 |> put_req_header("content-type", "multipart/form-data")
305 |> put_req_header("authorization", "Bearer #{token.token}")
306 |> patch("/api/v1/accounts/update_credentials", %{})
308 if token == token1 do
309 assert %{"error" => "Insufficient permissions: write:accounts."} ==
310 json_response_and_validate_schema(conn, 403)
312 assert json_response_and_validate_schema(conn, 200)
317 test "updates profile emojos", %{user: user, conn: conn} do
318 note = "*sips :blank:*"
319 name = "I am :firefox:"
322 patch(conn, "/api/v1/accounts/update_credentials", %{
324 "display_name" => name
327 assert json_response_and_validate_schema(ret_conn, 200)
329 conn = get(conn, "/api/v1/accounts/#{user.id}")
331 assert user_data = json_response_and_validate_schema(conn, 200)
333 assert user_data["note"] == note
334 assert user_data["display_name"] == name
335 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
338 test "update fields", %{conn: conn} do
340 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
341 %{"name" => "link.io", "value" => "cofe.io"}
346 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
347 |> json_response_and_validate_schema(200)
349 assert account_data["fields"] == [
350 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
353 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
357 assert account_data["source"]["fields"] == [
359 "name" => "<a href=\"http://google.com\">foo</a>",
360 "value" => "<script>bar</script>"
362 %{"name" => "link.io", "value" => "cofe.io"}
366 test "emojis in fields labels", %{conn: conn} do
368 %{"name" => ":firefox:", "value" => "is best 2hu"},
369 %{"name" => "they wins", "value" => ":blank:"}
374 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
375 |> json_response_and_validate_schema(200)
377 assert account_data["fields"] == [
378 %{"name" => ":firefox:", "value" => "is best 2hu"},
379 %{"name" => "they wins", "value" => ":blank:"}
382 assert account_data["source"]["fields"] == [
383 %{"name" => ":firefox:", "value" => "is best 2hu"},
384 %{"name" => "they wins", "value" => ":blank:"}
387 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
390 test "update fields via x-www-form-urlencoded", %{conn: conn} do
393 "fields_attributes[1][name]=link",
394 "fields_attributes[1][value]=http://cofe.io",
395 "fields_attributes[0][name]=foo",
396 "fields_attributes[0][value]=bar"
402 |> put_req_header("content-type", "application/x-www-form-urlencoded")
403 |> patch("/api/v1/accounts/update_credentials", fields)
404 |> json_response_and_validate_schema(200)
406 assert account["fields"] == [
407 %{"name" => "foo", "value" => "bar"},
410 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
414 assert account["source"]["fields"] == [
415 %{"name" => "foo", "value" => "bar"},
416 %{"name" => "link", "value" => "http://cofe.io"}
420 test "update fields with empty name", %{conn: conn} do
422 %{"name" => "foo", "value" => ""},
423 %{"name" => "", "value" => "bar"}
428 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
429 |> json_response_and_validate_schema(200)
431 assert account["fields"] == [
432 %{"name" => "foo", "value" => ""}
436 test "update fields when invalid request", %{conn: conn} do
437 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
438 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
440 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
441 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
443 fields = [%{"name" => "foo", "value" => long_value}]
445 assert %{"error" => "Invalid request"} ==
447 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
448 |> json_response_and_validate_schema(403)
450 fields = [%{"name" => long_name, "value" => "bar"}]
452 assert %{"error" => "Invalid request"} ==
454 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
455 |> json_response_and_validate_schema(403)
457 clear_config([:instance, :max_account_fields], 1)
460 %{"name" => "foo", "value" => "bar"},
461 %{"name" => "link", "value" => "cofe.io"}
464 assert %{"error" => "Invalid request"} ==
466 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
467 |> json_response_and_validate_schema(403)
471 describe "Mark account as bot" do
472 setup do: oauth_access(["write:accounts"])
473 setup :request_content_type
475 test "changing actor_type to Service makes account a bot", %{conn: conn} do
478 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
479 |> json_response_and_validate_schema(200)
481 assert account["bot"]
482 assert account["source"]["pleroma"]["actor_type"] == "Service"
485 test "changing actor_type to Person makes account a human", %{conn: conn} do
488 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
489 |> json_response_and_validate_schema(200)
491 refute account["bot"]
492 assert account["source"]["pleroma"]["actor_type"] == "Person"
495 test "changing actor_type to Application causes error", %{conn: conn} do
498 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
499 |> json_response_and_validate_schema(403)
501 assert %{"error" => "Invalid request"} == response
504 test "changing bot field to true changes actor_type to Service", %{conn: conn} do
507 |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
508 |> json_response_and_validate_schema(200)
510 assert account["bot"]
511 assert account["source"]["pleroma"]["actor_type"] == "Service"
514 test "changing bot field to false changes actor_type to Person", %{conn: conn} do
517 |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
518 |> json_response_and_validate_schema(200)
520 refute account["bot"]
521 assert account["source"]["pleroma"]["actor_type"] == "Person"
524 test "actor_type field has a higher priority than bot", %{conn: conn} do
527 |> patch("/api/v1/accounts/update_credentials", %{
528 actor_type: "Person",
531 |> json_response_and_validate_schema(200)
533 refute account["bot"]
534 assert account["source"]["pleroma"]["actor_type"] == "Person"