1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
9 alias Pleroma.UserRelationship
10 alias Pleroma.Web.CommonAPI
11 alias Pleroma.Web.MastodonAPI.AccountView
13 import Pleroma.Factory
17 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
21 test "Represent a user account" do
23 "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
30 background: background_image,
31 nickname: "shp@shitposter.club",
32 name: ":karjalanpiirakka: shp",
34 "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
35 inserted_at: ~N[2017-08-15 15:47:06.597036],
36 emoji: %{"karjalanpiirakka" => "/file.png"},
37 raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
38 also_known_as: ["https://shitposter.zone/users/shp"]
42 id: to_string(user.id),
45 display_name: user.name,
47 created_at: "2017-08-15T15:47:06.000Z",
51 note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f '&<>"",
53 avatar: "http://localhost:4001/images/avi.png",
54 avatar_static: "http://localhost:4001/images/avi.png",
55 header: "http://localhost:4001/images/banner.png",
56 header_static: "http://localhost:4001/images/banner.png",
59 static_url: "/file.png",
61 shortcode: "karjalanpiirakka",
62 visible_in_picker: false
68 note: "valid html. a\nb\nc\nd\nf '&<>\"",
76 fqn: "shp@shitposter.club",
80 also_known_as: ["https://shitposter.zone/users/shp"],
81 background_image: "https://example.com/images/asuka_hospital.png",
89 hide_followers: false,
91 hide_followers_count: false,
92 hide_follows_count: false,
94 skip_thread_containment: false
98 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
101 describe "favicon" do
103 [user: insert(:user)]
106 test "is parsed when :instance_favicons is enabled", %{user: user} do
107 clear_config([:instances_favicons, :enabled], true)
112 "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
114 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
117 test "is nil when :instances_favicons is disabled", %{user: user} do
118 assert %{pleroma: %{favicon: nil}} =
119 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
123 test "Represent the user account for the account owner" do
126 notification_settings = %{
127 block_from_strangers: false,
128 hide_notification_contents: false
131 privacy = user.default_scope
134 pleroma: %{notification_settings: ^notification_settings, allow_following_move: true},
135 source: %{privacy: ^privacy}
136 } = AccountView.render("show.json", %{user: user, for: user})
139 test "Represent a Service(bot) account" do
144 actor_type: "Service",
145 nickname: "shp@shitposter.club",
146 inserted_at: ~N[2017-08-15 15:47:06.597036]
150 id: to_string(user.id),
153 display_name: user.name,
155 created_at: "2017-08-15T15:47:06.000Z",
161 avatar: "http://localhost:4001/images/avi.png",
162 avatar_static: "http://localhost:4001/images/avi.png",
163 header: "http://localhost:4001/images/banner.png",
164 header_static: "http://localhost:4001/images/banner.png",
172 actor_type: "Service",
177 fqn: "shp@shitposter.club",
182 background_image: nil,
189 hide_favorites: true,
190 hide_followers: false,
192 hide_followers_count: false,
193 hide_follows_count: false,
195 skip_thread_containment: false
199 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
202 test "Represent a Funkwhale channel" do
204 User.get_or_fetch_by_ap_id(
205 "https://channels.tests.funkwhale.audio/federation/actors/compositions"
209 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
211 assert represented.acct == "compositions@channels.tests.funkwhale.audio"
212 assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
215 test "Represent a deactivated user for an admin" do
216 admin = insert(:user, is_admin: true)
217 deactivated_user = insert(:user, is_active: false)
218 represented = AccountView.render("show.json", %{user: deactivated_user, for: admin})
219 assert represented[:pleroma][:deactivated] == true
222 test "Represent a smaller mention" do
226 id: to_string(user.id),
228 username: user.nickname,
232 assert expected == AccountView.render("mention.json", %{user: user})
235 test "demands :for or :skip_visibility_check option for account rendering" do
236 clear_config([:restrict_unauthenticated, :profiles, :local], false)
241 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
242 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
244 assert %{id: ^user_id} =
245 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
247 assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
248 AccountView.render("show.json", %{user: user})
252 describe "relationship" do
253 defp test_relationship_rendering(user, other_user, expected_result) do
254 opts = %{user: user, target: other_user, relationships: nil}
255 assert expected_result == AccountView.render("relationship.json", opts)
257 relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
258 opts = Map.put(opts, :relationships, relationships_opt)
259 assert expected_result == AccountView.render("relationship.json", opts)
261 assert [expected_result] ==
262 AccountView.render("relationships.json", %{user: user, targets: [other_user]})
271 muting_notifications: false,
275 domain_blocking: false,
276 showing_reblogs: true,
281 test "represent a relationship for the following and followed user" do
283 other_user = insert(:user)
285 {:ok, user, other_user} = User.follow(user, other_user)
286 {:ok, other_user, user} = User.follow(other_user, user)
287 {:ok, _subscription} = User.subscribe(user, other_user)
288 {:ok, _user_relationships} = User.mute(user, other_user, %{notifications: true})
289 {:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, other_user)
298 muting_notifications: true,
301 showing_reblogs: false,
302 id: to_string(other_user.id)
306 test_relationship_rendering(user, other_user, expected)
309 test "represent a relationship for the blocking and blocked user" do
311 other_user = insert(:user)
313 {:ok, user, other_user} = User.follow(user, other_user)
314 {:ok, _subscription} = User.subscribe(user, other_user)
315 {:ok, _user_relationship} = User.block(user, other_user)
316 {:ok, _user_relationship} = User.block(other_user, user)
321 %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
324 test_relationship_rendering(user, other_user, expected)
327 test "represent a relationship for the user blocking a domain" do
329 other_user = insert(:user, ap_id: "https://bad.site/users/other_user")
331 {:ok, user} = User.block_domain(user, "bad.site")
336 %{domain_blocking: true, blocking: false, id: to_string(other_user.id)}
339 test_relationship_rendering(user, other_user, expected)
342 test "represent a relationship for the user with a pending follow request" do
344 other_user = insert(:user, is_locked: true)
346 {:ok, user, other_user, _} = CommonAPI.follow(user, other_user)
347 user = User.get_cached_by_id(user.id)
348 other_user = User.get_cached_by_id(other_user.id)
353 %{requested: true, following: false, id: to_string(other_user.id)}
356 test_relationship_rendering(user, other_user, expected)
360 test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
361 user = insert(:user, pleroma_settings_store: %{fe: "test"})
364 AccountView.render("show.json", %{user: user, for: user, with_pleroma_settings: true})
366 assert result.pleroma.settings_store == %{:fe => "test"}
368 result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
369 assert result.pleroma[:settings_store] == nil
371 result = AccountView.render("show.json", %{user: user, for: user})
372 assert result.pleroma[:settings_store] == nil
375 test "doesn't sanitize display names" do
376 user = insert(:user, name: "<marquee> username </marquee>")
377 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
378 assert result.display_name == "<marquee> username </marquee>"
381 test "never display nil user follow counts" do
382 user = insert(:user, following_count: 0, follower_count: 0)
383 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
385 assert result.following_count == 0
386 assert result.followers_count == 0
389 describe "hiding follows/following" do
390 test "shows when follows/followers stats are hidden and sets follow/follower count to 0" do
393 hide_followers: true,
394 hide_followers_count: true,
396 hide_follows_count: true
399 other_user = insert(:user)
400 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
401 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
406 pleroma: %{hide_follows_count: true, hide_followers_count: true}
407 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
410 test "shows when follows/followers are hidden" do
411 user = insert(:user, hide_followers: true, hide_follows: true)
412 other_user = insert(:user)
413 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
414 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
419 pleroma: %{hide_follows: true, hide_followers: true}
420 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
423 test "shows actual follower/following count to the account owner" do
424 user = insert(:user, hide_followers: true, hide_follows: true)
425 other_user = insert(:user)
426 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
428 assert User.following?(user, other_user)
429 assert Pleroma.FollowingRelationship.follower_count(other_user) == 1
430 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
435 } = AccountView.render("show.json", %{user: user, for: user})
438 test "shows unread_conversation_count only to the account owner" do
440 other_user = insert(:user)
443 CommonAPI.post(other_user, %{
444 status: "Hey @#{user.nickname}.",
448 user = User.get_cached_by_ap_id(user.ap_id)
450 assert AccountView.render("show.json", %{user: user, for: other_user})[:pleroma][
451 :unread_conversation_count
454 assert AccountView.render("show.json", %{user: user, for: user})[:pleroma][
455 :unread_conversation_count
459 test "shows unread_count only to the account owner" do
461 insert_list(7, :notification, user: user, activity: insert(:note_activity))
462 other_user = insert(:user)
464 user = User.get_cached_by_ap_id(user.ap_id)
466 assert AccountView.render(
468 %{user: user, for: other_user}
469 )[:pleroma][:unread_notifications_count] == nil
471 assert AccountView.render(
473 %{user: user, for: user}
474 )[:pleroma][:unread_notifications_count] == 7
477 test "shows email only to the account owner" do
479 other_user = insert(:user)
481 user = User.get_cached_by_ap_id(user.ap_id)
483 assert AccountView.render(
485 %{user: user, for: other_user}
486 )[:pleroma][:email] == nil
488 assert AccountView.render(
490 %{user: user, for: user}
491 )[:pleroma][:email] == user.email
495 describe "follow requests counter" do
496 test "shows zero when no follow requests are pending" do
499 assert %{follow_requests_count: 0} =
500 AccountView.render("show.json", %{user: user, for: user})
502 other_user = insert(:user)
503 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
505 assert %{follow_requests_count: 0} =
506 AccountView.render("show.json", %{user: user, for: user})
509 test "shows non-zero when follow requests are pending" do
510 user = insert(:user, is_locked: true)
512 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
514 other_user = insert(:user)
515 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
517 assert %{locked: true, follow_requests_count: 1} =
518 AccountView.render("show.json", %{user: user, for: user})
521 test "decreases when accepting a follow request" do
522 user = insert(:user, is_locked: true)
524 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
526 other_user = insert(:user)
527 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
529 assert %{locked: true, follow_requests_count: 1} =
530 AccountView.render("show.json", %{user: user, for: user})
532 {:ok, _other_user} = CommonAPI.accept_follow_request(other_user, user)
534 assert %{locked: true, follow_requests_count: 0} =
535 AccountView.render("show.json", %{user: user, for: user})
538 test "decreases when rejecting a follow request" do
539 user = insert(:user, is_locked: true)
541 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
543 other_user = insert(:user)
544 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
546 assert %{locked: true, follow_requests_count: 1} =
547 AccountView.render("show.json", %{user: user, for: user})
549 {:ok, _other_user} = CommonAPI.reject_follow_request(other_user, user)
551 assert %{locked: true, follow_requests_count: 0} =
552 AccountView.render("show.json", %{user: user, for: user})
555 test "shows non-zero when historical unapproved requests are present" do
556 user = insert(:user, is_locked: true)
558 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
560 other_user = insert(:user)
561 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
563 {:ok, user} = User.update_and_set_cache(user, %{is_locked: false})
565 assert %{locked: false, follow_requests_count: 1} =
566 AccountView.render("show.json", %{user: user, for: user})
570 test "uses mediaproxy urls when it's enabled (regardless of media preview proxy state)" do
571 clear_config([:media_proxy, :enabled], true)
572 clear_config([:media_preview_proxy, :enabled])
576 avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
577 banner: %{"url" => [%{"href" => "https://evil.website/banner.png"}]},
578 emoji: %{"joker_smile" => "https://evil.website/society.png"}
581 with media_preview_enabled <- [false, true] do
582 clear_config([:media_preview_proxy, :enabled], media_preview_enabled)
584 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
586 {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
587 String.starts_with?(url, Pleroma.Web.Endpoint.url())
590 Enum.all?(emojis, fn %{url: url, static_url: static_url} ->
591 String.starts_with?(url, Pleroma.Web.Endpoint.url()) &&
592 String.starts_with?(static_url, Pleroma.Web.Endpoint.url())