git.squeep.com Git - akkoma/blob - test/pleroma/web/mastodon_api/update_credentials_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
   6   alias Pleroma.Repo
   7   alias Pleroma.User
   8
   9   use Pleroma.Web.ConnCase
  10
  11   import Mock
  12   import Pleroma.Factory
  13
  14   setup do: clear_config([:instance, :max_account_fields])
  15
  16   describe "updating credentials" do
  17     setup do: oauth_access(["write:accounts"])
  18     setup :request_content_type
  19
  20     test "sets user settings in a generic way", %{conn: conn} do
  21       res_conn =
  22         patch(conn, "/api/v1/accounts/update_credentials", %{
  23           "pleroma_settings_store" => %{
  24             pleroma_fe: %{
  25               theme: "bla"
  26             }
  27           }
  28         })
  29
  30       assert user_data = json_response_and_validate_schema(res_conn, 200)
  31       assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
  32
  33       user = Repo.get(User, user_data["id"])
  34
  35       res_conn =
  36         conn
  37         |> assign(:user, user)
  38         |> patch("/api/v1/accounts/update_credentials", %{
  39           "pleroma_settings_store" => %{
  40             masto_fe: %{
  41               theme: "bla"
  42             }
  43           }
  44         })
  45
  46       assert user_data = json_response_and_validate_schema(res_conn, 200)
  47
  48       assert user_data["pleroma"]["settings_store"] ==
  49                %{
  50                  "pleroma_fe" => %{"theme" => "bla"},
  51                  "masto_fe" => %{"theme" => "bla"}
  52                }
  53
  54       user = Repo.get(User, user_data["id"])
  55
  56       clear_config([:instance, :federating], true)
  57
  58       with_mock Pleroma.Web.Federator,
  59         publish: fn _activity -> :ok end do
  60         res_conn =
  61           conn
  62           |> assign(:user, user)
  63           |> patch("/api/v1/accounts/update_credentials", %{
  64             "pleroma_settings_store" => %{
  65               masto_fe: %{
  66                 theme: "blub"
  67               }
  68             }
  69           })
  70
  71         assert user_data = json_response_and_validate_schema(res_conn, 200)
  72
  73         assert user_data["pleroma"]["settings_store"] ==
  74                  %{
  75                    "pleroma_fe" => %{"theme" => "bla"},
  76                    "masto_fe" => %{"theme" => "blub"}
  77                  }
  78
  79         assert_called(Pleroma.Web.Federator.publish(:_))
  80       end
  81     end
  82
  83     test "updates the user's bio", %{conn: conn} do
  84       user2 = insert(:user)
  85
  86       raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
  87
  88       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
  89
  90       assert user_data = json_response_and_validate_schema(conn, 200)
  91
  92       assert user_data["note"] ==
  93                ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
  94                  user2.id
  95                }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
  96
  97       assert user_data["source"]["note"] == raw_bio
  98
  99       user = Repo.get(User, user_data["id"])
 100
 101       assert user.raw_bio == raw_bio
 102     end
 103
 104     test "updates the user's locking status", %{conn: conn} do
 105       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
 106
 107       assert user_data = json_response_and_validate_schema(conn, 200)
 108       assert user_data["locked"] == true
 109     end
 110
 111     test "updates the user's chat acceptance status", %{conn: conn} do
 112       conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
 113
 114       assert user_data = json_response_and_validate_schema(conn, 200)
 115       assert user_data["pleroma"]["accepts_chat_messages"] == false
 116     end
 117
 118     test "updates the user's allow_following_move", %{user: user, conn: conn} do
 119       assert user.allow_following_move == true
 120
 121       conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
 122
 123       assert refresh_record(user).allow_following_move == false
 124       assert user_data = json_response_and_validate_schema(conn, 200)
 125       assert user_data["pleroma"]["allow_following_move"] == false
 126     end
 127
 128     test "updates the user's default scope", %{conn: conn} do
 129       conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
 130
 131       assert user_data = json_response_and_validate_schema(conn, 200)
 132       assert user_data["source"]["privacy"] == "unlisted"
 133     end
 134
 135     test "updates the user's privacy", %{conn: conn} do
 136       conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
 137
 138       assert user_data = json_response_and_validate_schema(conn, 200)
 139       assert user_data["source"]["privacy"] == "unlisted"
 140     end
 141
 142     test "updates the user's hide_followers status", %{conn: conn} do
 143       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
 144
 145       assert user_data = json_response_and_validate_schema(conn, 200)
 146       assert user_data["pleroma"]["hide_followers"] == true
 147     end
 148
 149     test "updates the user's discoverable status", %{conn: conn} do
 150       assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
 151                conn
 152                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
 153                |> json_response_and_validate_schema(:ok)
 154
 155       assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
 156                conn
 157                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
 158                |> json_response_and_validate_schema(:ok)
 159     end
 160
 161     test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
 162       conn =
 163         patch(conn, "/api/v1/accounts/update_credentials", %{
 164           hide_followers_count: "true",
 165           hide_follows_count: "true"
 166         })
 167
 168       assert user_data = json_response_and_validate_schema(conn, 200)
 169       assert user_data["pleroma"]["hide_followers_count"] == true
 170       assert user_data["pleroma"]["hide_follows_count"] == true
 171     end
 172
 173     test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
 174       response =
 175         conn
 176         |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
 177         |> json_response_and_validate_schema(200)
 178
 179       assert response["pleroma"]["skip_thread_containment"] == true
 180       assert refresh_record(user).skip_thread_containment
 181     end
 182
 183     test "updates the user's hide_follows status", %{conn: conn} do
 184       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
 185
 186       assert user_data = json_response_and_validate_schema(conn, 200)
 187       assert user_data["pleroma"]["hide_follows"] == true
 188     end
 189
 190     test "updates the user's hide_favorites status", %{conn: conn} do
 191       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
 192
 193       assert user_data = json_response_and_validate_schema(conn, 200)
 194       assert user_data["pleroma"]["hide_favorites"] == true
 195     end
 196
 197     test "updates the user's show_role status", %{conn: conn} do
 198       conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
 199
 200       assert user_data = json_response_and_validate_schema(conn, 200)
 201       assert user_data["source"]["pleroma"]["show_role"] == false
 202     end
 203
 204     test "updates the user's no_rich_text status", %{conn: conn} do
 205       conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
 206
 207       assert user_data = json_response_and_validate_schema(conn, 200)
 208       assert user_data["source"]["pleroma"]["no_rich_text"] == true
 209     end
 210
 211     test "updates the user's name", %{conn: conn} do
 212       conn =
 213         patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
 214
 215       assert user_data = json_response_and_validate_schema(conn, 200)
 216       assert user_data["display_name"] == "markorepairs"
 217
 218       update_activity = Repo.one(Pleroma.Activity)
 219       assert update_activity.data["type"] == "Update"
 220       assert update_activity.data["object"]["name"] == "markorepairs"
 221     end
 222
 223     test "updates the user's AKAs", %{conn: conn} do
 224       conn =
 225         patch(conn, "/api/v1/accounts/update_credentials", %{
 226           "also_known_as" => ["https://mushroom.kingdom/users/mario"]
 227         })
 228
 229       assert user_data = json_response_and_validate_schema(conn, 200)
 230       assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
 231     end
 232
 233     test "updates the user's avatar", %{user: user, conn: conn} do
 234       new_avatar = %Plug.Upload{
 235         content_type: "image/jpeg",
 236         path: Path.absname("test/fixtures/image.jpg"),
 237         filename: "an_image.jpg"
 238       }
 239
 240       assert user.avatar == %{}
 241
 242       res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
 243
 244       assert user_response = json_response_and_validate_schema(res, 200)
 245       assert user_response["avatar"] != User.avatar_url(user)
 246
 247       user = User.get_by_id(user.id)
 248       refute user.avatar == %{}
 249
 250       # Also resets it
 251       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
 252
 253       user = User.get_by_id(user.id)
 254       assert user.avatar == nil
 255     end
 256
 257     test "updates the user's banner", %{user: user, conn: conn} do
 258       new_header = %Plug.Upload{
 259         content_type: "image/jpeg",
 260         path: Path.absname("test/fixtures/image.jpg"),
 261         filename: "an_image.jpg"
 262       }
 263
 264       res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
 265
 266       assert user_response = json_response_and_validate_schema(res, 200)
 267       assert user_response["header"] != User.banner_url(user)
 268
 269       # Also resets it
 270       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
 271
 272       user = User.get_by_id(user.id)
 273       assert user.banner == nil
 274     end
 275
 276     test "updates the user's background", %{conn: conn, user: user} do
 277       new_header = %Plug.Upload{
 278         content_type: "image/jpeg",
 279         path: Path.absname("test/fixtures/image.jpg"),
 280         filename: "an_image.jpg"
 281       }
 282
 283       res =
 284         patch(conn, "/api/v1/accounts/update_credentials", %{
 285           "pleroma_background_image" => new_header
 286         })
 287
 288       assert user_response = json_response_and_validate_schema(res, 200)
 289       assert user_response["pleroma"]["background_image"]
 290       #
 291       # Also resets it
 292       _res =
 293         patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
 294
 295       user = User.get_by_id(user.id)
 296       assert user.background == nil
 297     end
 298
 299     test "requires 'write:accounts' permission" do
 300       token1 = insert(:oauth_token, scopes: ["read"])
 301       token2 = insert(:oauth_token, scopes: ["write", "follow"])
 302
 303       for token <- [token1, token2] do
 304         conn =
 305           build_conn()
 306           |> put_req_header("content-type", "multipart/form-data")
 307           |> put_req_header("authorization", "Bearer #{token.token}")
 308           |> patch("/api/v1/accounts/update_credentials", %{})
 309
 310         if token == token1 do
 311           assert %{"error" => "Insufficient permissions: write:accounts."} ==
 312                    json_response_and_validate_schema(conn, 403)
 313         else
 314           assert json_response_and_validate_schema(conn, 200)
 315         end
 316       end
 317     end
 318
 319     test "updates profile emojos", %{user: user, conn: conn} do
 320       note = "*sips :blank:*"
 321       name = "I am :firefox:"
 322
 323       ret_conn =
 324         patch(conn, "/api/v1/accounts/update_credentials", %{
 325           "note" => note,
 326           "display_name" => name
 327         })
 328
 329       assert json_response_and_validate_schema(ret_conn, 200)
 330
 331       conn = get(conn, "/api/v1/accounts/#{user.id}")
 332
 333       assert user_data = json_response_and_validate_schema(conn, 200)
 334
 335       assert user_data["note"] == note
 336       assert user_data["display_name"] == name
 337       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
 338     end
 339
 340     test "update fields", %{conn: conn} do
 341       fields = [
 342         %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
 343         %{"name" => "link.io", "value" => "cofe.io"}
 344       ]
 345
 346       account_data =
 347         conn
 348         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 349         |> json_response_and_validate_schema(200)
 350
 351       assert account_data["fields"] == [
 352                %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
 353                %{
 354                  "name" => "link.io",
 355                  "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
 356                }
 357              ]
 358
 359       assert account_data["source"]["fields"] == [
 360                %{
 361                  "name" => "<a href=\"http://google.com\">foo</a>",
 362                  "value" => "<script>bar</script>"
 363                },
 364                %{"name" => "link.io", "value" => "cofe.io"}
 365              ]
 366     end
 367
 368     test "emojis in fields labels", %{conn: conn} do
 369       fields = [
 370         %{"name" => ":firefox:", "value" => "is best 2hu"},
 371         %{"name" => "they wins", "value" => ":blank:"}
 372       ]
 373
 374       account_data =
 375         conn
 376         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 377         |> json_response_and_validate_schema(200)
 378
 379       assert account_data["fields"] == [
 380                %{"name" => ":firefox:", "value" => "is best 2hu"},
 381                %{"name" => "they wins", "value" => ":blank:"}
 382              ]
 383
 384       assert account_data["source"]["fields"] == [
 385                %{"name" => ":firefox:", "value" => "is best 2hu"},
 386                %{"name" => "they wins", "value" => ":blank:"}
 387              ]
 388
 389       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
 390     end
 391
 392     test "update fields via x-www-form-urlencoded", %{conn: conn} do
 393       fields =
 394         [
 395           "fields_attributes[1][name]=link",
 396           "fields_attributes[1][value]=http://cofe.io",
 397           "fields_attributes[0][name]=foo",
 398           "fields_attributes[0][value]=bar"
 399         ]
 400         |> Enum.join("&")
 401
 402       account =
 403         conn
 404         |> put_req_header("content-type", "application/x-www-form-urlencoded")
 405         |> patch("/api/v1/accounts/update_credentials", fields)
 406         |> json_response_and_validate_schema(200)
 407
 408       assert account["fields"] == [
 409                %{"name" => "foo", "value" => "bar"},
 410                %{
 411                  "name" => "link",
 412                  "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
 413                }
 414              ]
 415
 416       assert account["source"]["fields"] == [
 417                %{"name" => "foo", "value" => "bar"},
 418                %{"name" => "link", "value" => "http://cofe.io"}
 419              ]
 420     end
 421
 422     test "update fields with empty name", %{conn: conn} do
 423       fields = [
 424         %{"name" => "foo", "value" => ""},
 425         %{"name" => "", "value" => "bar"}
 426       ]
 427
 428       account =
 429         conn
 430         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 431         |> json_response_and_validate_schema(200)
 432
 433       assert account["fields"] == [
 434                %{"name" => "foo", "value" => ""}
 435              ]
 436     end
 437
 438     test "update fields when invalid request", %{conn: conn} do
 439       name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
 440       value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
 441
 442       long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
 443       long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
 444
 445       fields = [%{"name" => "foo", "value" => long_value}]
 446
 447       assert %{"error" => "Invalid request"} ==
 448                conn
 449                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 450                |> json_response_and_validate_schema(403)
 451
 452       fields = [%{"name" => long_name, "value" => "bar"}]
 453
 454       assert %{"error" => "Invalid request"} ==
 455                conn
 456                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 457                |> json_response_and_validate_schema(403)
 458
 459       Pleroma.Config.put([:instance, :max_account_fields], 1)
 460
 461       fields = [
 462         %{"name" => "foo", "value" => "bar"},
 463         %{"name" => "link", "value" => "cofe.io"}
 464       ]
 465
 466       assert %{"error" => "Invalid request"} ==
 467                conn
 468                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
 469                |> json_response_and_validate_schema(403)
 470     end
 471   end
 472
 473   describe "Mark account as bot" do
 474     setup do: oauth_access(["write:accounts"])
 475     setup :request_content_type
 476
 477     test "changing actor_type to Service makes account a bot", %{conn: conn} do
 478       account =
 479         conn
 480         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
 481         |> json_response_and_validate_schema(200)
 482
 483       assert account["bot"]
 484       assert account["source"]["pleroma"]["actor_type"] == "Service"
 485     end
 486
 487     test "changing actor_type to Person makes account a human", %{conn: conn} do
 488       account =
 489         conn
 490         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
 491         |> json_response_and_validate_schema(200)
 492
 493       refute account["bot"]
 494       assert account["source"]["pleroma"]["actor_type"] == "Person"
 495     end
 496
 497     test "changing actor_type to Application causes error", %{conn: conn} do
 498       response =
 499         conn
 500         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
 501         |> json_response_and_validate_schema(403)
 502
 503       assert %{"error" => "Invalid request"} == response
 504     end
 505
 506     test "changing bot field to true changes actor_type to Service", %{conn: conn} do
 507       account =
 508         conn
 509         |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
 510         |> json_response_and_validate_schema(200)
 511
 512       assert account["bot"]
 513       assert account["source"]["pleroma"]["actor_type"] == "Service"
 514     end
 515
 516     test "changing bot field to false changes actor_type to Person", %{conn: conn} do
 517       account =
 518         conn
 519         |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
 520         |> json_response_and_validate_schema(200)
 521
 522       refute account["bot"]
 523       assert account["source"]["pleroma"]["actor_type"] == "Person"
 524     end
 525
 526     test "actor_type field has a higher priority than bot", %{conn: conn} do
 527       account =
 528         conn
 529         |> patch("/api/v1/accounts/update_credentials", %{
 530           actor_type: "Person",
 531           bot: "true"
 532         })
 533         |> json_response_and_validate_schema(200)
 534
 535       refute account["bot"]
 536       assert account["source"]["pleroma"]["actor_type"] == "Person"
 537     end
 538   end
 539 end