1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
6 use Pleroma.DataCase, async: false
9 alias Pleroma.UserRelationship
10 alias Pleroma.Web.CommonAPI
11 alias Pleroma.Web.MastodonAPI.AccountView
13 import Pleroma.Factory
18 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
22 test "Represent a user account" do
24 "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
29 ap_id: "https://example.com/users/chikichikibanban",
32 background: background_image,
33 nickname: "shp@shitposter.club",
34 name: ":karjalanpiirakka: shp",
36 "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
37 inserted_at: ~N[2017-08-15 15:47:06.597036],
38 emoji: %{"karjalanpiirakka" => "/file.png"},
39 raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
40 also_known_as: ["https://shitposter.zone/users/shp"]
43 insert(:instance, %{host: "example.com", nodeinfo: %{version: "2.1"}})
46 id: to_string(user.id),
49 display_name: user.name,
51 created_at: "2017-08-15T15:47:06.000Z",
55 note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f '&<>"",
66 avatar: "http://localhost:4001/images/avi.png",
67 avatar_static: "http://localhost:4001/images/avi.png",
68 header: "http://localhost:4001/images/banner.png",
69 header_static: "http://localhost:4001/images/banner.png",
72 static_url: "/file.png",
74 shortcode: "karjalanpiirakka",
75 visible_in_picker: false
81 note: "valid html. a\nb\nc\nd\nf '&<>\"",
89 fqn: "shp@shitposter.club",
93 also_known_as: ["https://shitposter.zone/users/shp"],
94 background_image: "https://example.com/images/asuka_hospital.png",
101 hide_favorites: true,
102 hide_followers: false,
104 hide_followers_count: false,
105 hide_follows_count: false,
107 skip_thread_containment: false
111 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
114 describe "nodeinfo" do
117 user: insert(:user, ap_id: "https://somewhere.example.com/users/chikichikibanban"),
120 host: "somewhere.example.com",
121 favicon: "https://example.com/favicon.ico"
126 test "is embedded in the account view", %{user: user} do
130 name: "somewhere.example.com",
134 favicon: "https://example.com/favicon.ico"
137 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
140 test "uses local nodeinfo for local users" do
154 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
158 describe "favicon" do
161 user: insert(:user, ap_id: "https://example.com/users/chikichikibanban"),
163 insert(:instance, %{host: "example.com", favicon: "https://example.com/favicon.ico"})
167 test "is parsed when :instance_favicons is enabled", %{user: user} do
168 clear_config([:instances_favicons, :enabled], true)
172 favicon: "https://example.com/favicon.ico"
174 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
177 test "is nil when we have no instance", %{user: user} do
178 user = %{user | ap_id: "https://wowee.example.com/users/2"}
180 assert %{pleroma: %{favicon: nil}} =
181 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
185 test "Represent the user account for the account owner" do
188 notification_settings = %{
189 block_from_strangers: false,
190 hide_notification_contents: false
193 privacy = user.default_scope
196 pleroma: %{notification_settings: ^notification_settings, allow_following_move: true},
197 source: %{privacy: ^privacy}
198 } = AccountView.render("show.json", %{user: user, for: user})
201 test "Represent a Service(bot) account" do
206 actor_type: "Service",
207 nickname: "shp@shitposter.club",
208 inserted_at: ~N[2017-08-15 15:47:06.597036]
212 id: to_string(user.id),
215 display_name: user.name,
217 created_at: "2017-08-15T15:47:06.000Z",
223 avatar: "http://localhost:4001/images/avi.png",
224 avatar_static: "http://localhost:4001/images/avi.png",
225 header: "http://localhost:4001/images/banner.png",
226 header_static: "http://localhost:4001/images/banner.png",
234 actor_type: "Service",
239 fqn: "shp@shitposter.club",
244 favicon: "http://localhost:4001/favicon.png",
245 nodeinfo: %{version: "2.0"}
251 background_image: nil,
252 favicon: "http://localhost:4001/favicon.png",
258 hide_favorites: true,
259 hide_followers: false,
261 hide_followers_count: false,
262 hide_follows_count: false,
264 skip_thread_containment: false
269 Pleroma.Web.Nodeinfo.NodeinfoController,
270 raw_nodeinfo: fn -> %{version: "2.0"} end
273 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
277 test "Represent a Funkwhale channel" do
279 User.get_or_fetch_by_ap_id(
280 "https://channels.tests.funkwhale.audio/federation/actors/compositions"
284 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
286 assert represented.acct == "compositions@channels.tests.funkwhale.audio"
287 assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
290 test "Represent a deactivated user for an admin" do
291 admin = insert(:user, is_admin: true)
292 deactivated_user = insert(:user, is_active: false)
293 represented = AccountView.render("show.json", %{user: deactivated_user, for: admin})
294 assert represented[:pleroma][:deactivated] == true
297 test "Represent a smaller mention" do
301 id: to_string(user.id),
303 username: user.nickname,
307 assert expected == AccountView.render("mention.json", %{user: user})
310 test "demands :for or :skip_visibility_check option for account rendering" do
311 clear_config([:restrict_unauthenticated, :profiles, :local], false)
316 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
317 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
319 assert %{id: ^user_id} =
320 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
322 assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
323 AccountView.render("show.json", %{user: user})
327 describe "relationship" do
328 defp test_relationship_rendering(user, other_user, expected_result) do
329 opts = %{user: user, target: other_user, relationships: nil}
330 assert expected_result == AccountView.render("relationship.json", opts)
332 relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
333 opts = Map.put(opts, :relationships, relationships_opt)
334 assert expected_result == AccountView.render("relationship.json", opts)
336 assert [expected_result] ==
337 AccountView.render("relationships.json", %{user: user, targets: [other_user]})
346 muting_notifications: false,
351 domain_blocking: false,
352 showing_reblogs: true,
357 test "represent a relationship for the following and followed user" do
359 other_user = insert(:user)
361 {:ok, user, other_user} = User.follow(user, other_user)
362 {:ok, other_user, user} = User.follow(other_user, user)
363 {:ok, _subscription} = User.subscribe(user, other_user)
364 {:ok, _user_relationships} = User.mute(user, other_user, %{notifications: true})
365 {:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, other_user)
374 muting_notifications: true,
377 showing_reblogs: false,
378 id: to_string(other_user.id)
382 test_relationship_rendering(user, other_user, expected)
385 test "represent a relationship for the blocking and blocked user" do
387 other_user = insert(:user)
389 {:ok, user, other_user} = User.follow(user, other_user)
390 {:ok, _subscription} = User.subscribe(user, other_user)
391 {:ok, _user_relationship} = User.block(user, other_user)
392 {:ok, _user_relationship} = User.block(other_user, user)
397 %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
400 test_relationship_rendering(user, other_user, expected)
403 test "represent a relationship for the user blocking a domain" do
405 other_user = insert(:user, ap_id: "https://bad.site/users/other_user")
407 {:ok, user} = User.block_domain(user, "bad.site")
412 %{domain_blocking: true, blocking: false, id: to_string(other_user.id)}
415 test_relationship_rendering(user, other_user, expected)
418 test "represent a relationship for the user with a pending follow request" do
420 other_user = insert(:user, is_locked: true)
422 {:ok, user, other_user, _} = CommonAPI.follow(user, other_user)
423 user = User.get_cached_by_id(user.id)
424 other_user = User.get_cached_by_id(other_user.id)
429 %{requested: true, following: false, id: to_string(other_user.id)}
432 test_relationship_rendering(user, other_user, expected)
436 test "represent a relationship for a user with an inbound pending follow request" do
437 follower = insert(:user)
438 followed = insert(:user, is_locked: true)
440 {:ok, follower, followed, _} = CommonAPI.follow(follower, followed)
442 follower = User.get_cached_by_id(follower.id)
443 followed = User.get_cached_by_id(followed.id)
448 %{requested_by: true, followed_by: false, id: to_string(follower.id)}
451 test_relationship_rendering(followed, follower, expected)
454 test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
455 user = insert(:user, pleroma_settings_store: %{fe: "test"})
458 AccountView.render("show.json", %{user: user, for: user, with_pleroma_settings: true})
460 assert result.pleroma.settings_store == %{:fe => "test"}
462 result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
463 assert result.pleroma[:settings_store] == nil
465 result = AccountView.render("show.json", %{user: user, for: user})
466 assert result.pleroma[:settings_store] == nil
469 test "doesn't sanitize display names" do
470 user = insert(:user, name: "<marquee> username </marquee>")
471 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
472 assert result.display_name == "<marquee> username </marquee>"
475 test "never display nil user follow counts" do
476 user = insert(:user, following_count: 0, follower_count: 0)
477 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
479 assert result.following_count == 0
480 assert result.followers_count == 0
483 describe "hiding follows/following" do
484 test "shows when follows/followers stats are hidden and sets follow/follower count to 0" do
487 hide_followers: true,
488 hide_followers_count: true,
490 hide_follows_count: true
493 other_user = insert(:user)
494 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
495 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
500 pleroma: %{hide_follows_count: true, hide_followers_count: true}
501 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
504 test "shows when follows/followers are hidden" do
505 user = insert(:user, hide_followers: true, hide_follows: true)
506 other_user = insert(:user)
507 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
508 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
513 pleroma: %{hide_follows: true, hide_followers: true}
514 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
517 test "shows actual follower/following count to the account owner" do
518 user = insert(:user, hide_followers: true, hide_follows: true)
519 other_user = insert(:user)
520 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
522 assert User.following?(user, other_user)
523 assert Pleroma.FollowingRelationship.follower_count(other_user) == 1
524 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
529 } = AccountView.render("show.json", %{user: user, for: user})
532 test "shows unread_conversation_count only to the account owner" do
534 other_user = insert(:user)
537 CommonAPI.post(other_user, %{
538 status: "Hey @#{user.nickname}.",
542 user = User.get_cached_by_ap_id(user.ap_id)
544 assert AccountView.render("show.json", %{user: user, for: other_user})[:pleroma][
545 :unread_conversation_count
548 assert AccountView.render("show.json", %{user: user, for: user})[:pleroma][
549 :unread_conversation_count
553 test "shows unread_count only to the account owner" do
555 insert_list(7, :notification, user: user, activity: insert(:note_activity))
556 other_user = insert(:user)
558 user = User.get_cached_by_ap_id(user.ap_id)
560 assert AccountView.render(
562 %{user: user, for: other_user}
563 )[:pleroma][:unread_notifications_count] == nil
565 assert AccountView.render(
567 %{user: user, for: user}
568 )[:pleroma][:unread_notifications_count] == 7
571 test "shows email only to the account owner" do
573 other_user = insert(:user)
575 user = User.get_cached_by_ap_id(user.ap_id)
577 assert AccountView.render(
579 %{user: user, for: other_user}
580 )[:pleroma][:email] == nil
582 assert AccountView.render(
584 %{user: user, for: user}
585 )[:pleroma][:email] == user.email
589 describe "follow requests counter" do
590 test "shows zero when no follow requests are pending" do
593 assert %{follow_requests_count: 0} =
594 AccountView.render("show.json", %{user: user, for: user})
596 other_user = insert(:user)
597 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
599 assert %{follow_requests_count: 0} =
600 AccountView.render("show.json", %{user: user, for: user})
603 test "shows non-zero when follow requests are pending" do
604 user = insert(:user, is_locked: true)
606 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
608 other_user = insert(:user)
609 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
611 assert %{locked: true, follow_requests_count: 1} =
612 AccountView.render("show.json", %{user: user, for: user})
615 test "decreases when accepting a follow request" do
616 user = insert(:user, is_locked: true)
618 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
620 other_user = insert(:user)
621 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
623 assert %{locked: true, follow_requests_count: 1} =
624 AccountView.render("show.json", %{user: user, for: user})
626 {:ok, _other_user} = CommonAPI.accept_follow_request(other_user, user)
628 assert %{locked: true, follow_requests_count: 0} =
629 AccountView.render("show.json", %{user: user, for: user})
632 test "decreases when rejecting a follow request" do
633 user = insert(:user, is_locked: true)
635 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
637 other_user = insert(:user)
638 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
640 assert %{locked: true, follow_requests_count: 1} =
641 AccountView.render("show.json", %{user: user, for: user})
643 {:ok, _other_user} = CommonAPI.reject_follow_request(other_user, user)
645 assert %{locked: true, follow_requests_count: 0} =
646 AccountView.render("show.json", %{user: user, for: user})
649 test "shows non-zero when historical unapproved requests are present" do
650 user = insert(:user, is_locked: true)
652 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
654 other_user = insert(:user)
655 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
657 {:ok, user} = User.update_and_set_cache(user, %{is_locked: false})
659 assert %{locked: false, follow_requests_count: 1} =
660 AccountView.render("show.json", %{user: user, for: user})
664 test "uses mediaproxy urls when it's enabled (regardless of media preview proxy state)" do
665 clear_config([:media_proxy, :enabled], true)
666 clear_config([:media_preview_proxy, :enabled])
670 avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
671 banner: %{"url" => [%{"href" => "https://evil.website/banner.png"}]},
672 emoji: %{"joker_smile" => "https://evil.website/society.png"}
675 insert(:instance, %{host: "localhost", favicon: "https://evil.website/favicon.png"})
677 with media_preview_enabled <- [false, true] do
678 clear_config([:media_preview_proxy, :enabled], media_preview_enabled)
680 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
682 {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
683 String.starts_with?(url, Pleroma.Web.Endpoint.url())
685 {:akkoma, %{instance: %{favicon: favicon_url}}} ->
686 String.starts_with?(favicon_url, Pleroma.Web.Endpoint.url())
689 Enum.all?(emojis, fn %{url: url, static_url: static_url} ->
690 String.starts_with?(url, Pleroma.Web.Endpoint.url()) &&
691 String.starts_with?(static_url, Pleroma.Web.Endpoint.url())
701 test "returns nil in the instance field when no instance is held locally" do
702 user = insert(:user, ap_id: "https://example.com/users/1")
703 view = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
704 assert view[:akkoma][:instance] == nil