Merge remote-tracking branch 'pleroma/develop' into cycles-streaming
[akkoma] / test / pleroma / web / twitter_api / util_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
8
9 alias Pleroma.Tests.ObanHelpers
10 alias Pleroma.User
11
12 import Pleroma.Factory
13 import Mock
14
15 setup do
16 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
17 :ok
18 end
19
20 setup do: clear_config([:instance])
21 setup do: clear_config([:frontend_configurations, :pleroma_fe])
22
23 describe "PUT /api/pleroma/notification_settings" do
24 setup do: oauth_access(["write:accounts"])
25
26 test "it updates notification settings", %{user: user, conn: conn} do
27 conn
28 |> put("/api/pleroma/notification_settings", %{
29 "block_from_strangers" => true,
30 "bar" => 1
31 })
32 |> json_response(:ok)
33
34 user = refresh_record(user)
35
36 assert %Pleroma.User.NotificationSetting{
37 block_from_strangers: true,
38 hide_notification_contents: false
39 } == user.notification_settings
40 end
41
42 test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
43 conn
44 |> put("/api/pleroma/notification_settings", %{"hide_notification_contents" => "1"})
45 |> json_response(:ok)
46
47 user = refresh_record(user)
48
49 assert %Pleroma.User.NotificationSetting{
50 block_from_strangers: false,
51 hide_notification_contents: true
52 } == user.notification_settings
53 end
54 end
55
56 describe "GET /api/pleroma/frontend_configurations" do
57 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
58 config = [
59 frontend_a: %{
60 x: 1,
61 y: 2
62 },
63 frontend_b: %{
64 z: 3
65 }
66 ]
67
68 clear_config(:frontend_configurations, config)
69
70 response =
71 conn
72 |> get("/api/pleroma/frontend_configurations")
73 |> json_response(:ok)
74
75 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
76 end
77 end
78
79 describe "/api/pleroma/emoji" do
80 test "returns json with custom emoji with tags", %{conn: conn} do
81 emoji =
82 conn
83 |> get("/api/pleroma/emoji")
84 |> json_response(200)
85
86 assert Enum.all?(emoji, fn
87 {_key,
88 %{
89 "image_url" => url,
90 "tags" => tags
91 }} ->
92 is_binary(url) and is_list(tags)
93 end)
94 end
95 end
96
97 describe "GET /api/pleroma/healthcheck" do
98 setup do: clear_config([:instance, :healthcheck])
99
100 test "returns 503 when healthcheck disabled", %{conn: conn} do
101 clear_config([:instance, :healthcheck], false)
102
103 response =
104 conn
105 |> get("/api/pleroma/healthcheck")
106 |> json_response(503)
107
108 assert response == %{}
109 end
110
111 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
112 clear_config([:instance, :healthcheck], true)
113
114 with_mock Pleroma.Healthcheck,
115 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
116 response =
117 conn
118 |> get("/api/pleroma/healthcheck")
119 |> json_response(200)
120
121 assert %{
122 "active" => _,
123 "healthy" => true,
124 "idle" => _,
125 "memory_used" => _,
126 "pool_size" => _
127 } = response
128 end
129 end
130
131 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
132 clear_config([:instance, :healthcheck], true)
133
134 with_mock Pleroma.Healthcheck,
135 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
136 response =
137 conn
138 |> get("/api/pleroma/healthcheck")
139 |> json_response(503)
140
141 assert %{
142 "active" => _,
143 "healthy" => false,
144 "idle" => _,
145 "memory_used" => _,
146 "pool_size" => _
147 } = response
148 end
149 end
150 end
151
152 describe "POST /api/pleroma/disable_account" do
153 setup do: oauth_access(["write:accounts"])
154
155 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
156 response =
157 conn
158 |> post("/api/pleroma/disable_account", %{"password" => "test"})
159 |> json_response(:ok)
160
161 assert response == %{"status" => "success"}
162 ObanHelpers.perform_all()
163
164 user = User.get_cached_by_id(user.id)
165
166 refute user.is_active
167 end
168
169 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
170 user = insert(:user)
171
172 response =
173 conn
174 |> post("/api/pleroma/disable_account", %{"password" => "test1"})
175 |> json_response(:ok)
176
177 assert response == %{"error" => "Invalid password."}
178 user = User.get_cached_by_id(user.id)
179
180 assert user.is_active
181 end
182 end
183
184 describe "POST /main/ostatus - remote_subscribe/2" do
185 setup do: clear_config([:instance, :federating], true)
186
187 test "renders subscribe form", %{conn: conn} do
188 user = insert(:user)
189
190 response =
191 conn
192 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
193 |> response(:ok)
194
195 refute response =~ "Could not find user"
196 assert response =~ "Remotely follow #{user.nickname}"
197 end
198
199 test "renders subscribe form with error when user not found", %{conn: conn} do
200 response =
201 conn
202 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
203 |> response(:ok)
204
205 assert response =~ "Could not find user"
206 refute response =~ "Remotely follow"
207 end
208
209 test "it redirect to webfinger url", %{conn: conn} do
210 user = insert(:user)
211 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
212
213 conn =
214 conn
215 |> post("/main/ostatus", %{
216 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
217 })
218
219 assert redirected_to(conn) ==
220 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
221 end
222
223 test "it renders form with error when user not found", %{conn: conn} do
224 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
225
226 response =
227 conn
228 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
229 |> response(:ok)
230
231 assert response =~ "Something went wrong."
232 end
233 end
234
235 test "it returns new captcha", %{conn: conn} do
236 with_mock Pleroma.Captcha,
237 new: fn -> "test_captcha" end do
238 resp =
239 conn
240 |> get("/api/pleroma/captcha")
241 |> response(200)
242
243 assert resp == "\"test_captcha\""
244 assert called(Pleroma.Captcha.new())
245 end
246 end
247
248 describe "POST /api/pleroma/change_email" do
249 setup do: oauth_access(["write:accounts"])
250
251 test "without permissions", %{conn: conn} do
252 conn =
253 conn
254 |> assign(:token, nil)
255 |> post("/api/pleroma/change_email")
256
257 assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
258 end
259
260 test "with proper permissions and invalid password", %{conn: conn} do
261 conn =
262 post(conn, "/api/pleroma/change_email", %{
263 "password" => "hi",
264 "email" => "test@test.com"
265 })
266
267 assert json_response(conn, 200) == %{"error" => "Invalid password."}
268 end
269
270 test "with proper permissions, valid password and invalid email", %{
271 conn: conn
272 } do
273 conn =
274 post(conn, "/api/pleroma/change_email", %{
275 "password" => "test",
276 "email" => "foobar"
277 })
278
279 assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
280 end
281
282 test "with proper permissions, valid password and no email", %{
283 conn: conn
284 } do
285 conn =
286 post(conn, "/api/pleroma/change_email", %{
287 "password" => "test"
288 })
289
290 assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
291 end
292
293 test "with proper permissions, valid password and blank email", %{
294 conn: conn
295 } do
296 conn =
297 post(conn, "/api/pleroma/change_email", %{
298 "password" => "test",
299 "email" => ""
300 })
301
302 assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
303 end
304
305 test "with proper permissions, valid password and non unique email", %{
306 conn: conn
307 } do
308 user = insert(:user)
309
310 conn =
311 post(conn, "/api/pleroma/change_email", %{
312 "password" => "test",
313 "email" => user.email
314 })
315
316 assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
317 end
318
319 test "with proper permissions, valid password and valid email", %{
320 conn: conn
321 } do
322 conn =
323 post(conn, "/api/pleroma/change_email", %{
324 "password" => "test",
325 "email" => "cofe@foobar.com"
326 })
327
328 assert json_response(conn, 200) == %{"status" => "success"}
329 end
330 end
331
332 describe "POST /api/pleroma/change_password" do
333 setup do: oauth_access(["write:accounts"])
334
335 test "without permissions", %{conn: conn} do
336 conn =
337 conn
338 |> assign(:token, nil)
339 |> post("/api/pleroma/change_password")
340
341 assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
342 end
343
344 test "with proper permissions and invalid password", %{conn: conn} do
345 conn =
346 post(conn, "/api/pleroma/change_password", %{
347 "password" => "hi",
348 "new_password" => "newpass",
349 "new_password_confirmation" => "newpass"
350 })
351
352 assert json_response(conn, 200) == %{"error" => "Invalid password."}
353 end
354
355 test "with proper permissions, valid password and new password and confirmation not matching",
356 %{
357 conn: conn
358 } do
359 conn =
360 post(conn, "/api/pleroma/change_password", %{
361 "password" => "test",
362 "new_password" => "newpass",
363 "new_password_confirmation" => "notnewpass"
364 })
365
366 assert json_response(conn, 200) == %{
367 "error" => "New password does not match confirmation."
368 }
369 end
370
371 test "with proper permissions, valid password and invalid new password", %{
372 conn: conn
373 } do
374 conn =
375 post(conn, "/api/pleroma/change_password", %{
376 "password" => "test",
377 "new_password" => "",
378 "new_password_confirmation" => ""
379 })
380
381 assert json_response(conn, 200) == %{
382 "error" => "New password can't be blank."
383 }
384 end
385
386 test "with proper permissions, valid password and matching new password and confirmation", %{
387 conn: conn,
388 user: user
389 } do
390 conn =
391 post(conn, "/api/pleroma/change_password", %{
392 "password" => "test",
393 "new_password" => "newpass",
394 "new_password_confirmation" => "newpass"
395 })
396
397 assert json_response(conn, 200) == %{"status" => "success"}
398 fetched_user = User.get_cached_by_id(user.id)
399 assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
400 end
401 end
402
403 describe "POST /api/pleroma/delete_account" do
404 setup do: oauth_access(["write:accounts"])
405
406 test "without permissions", %{conn: conn} do
407 conn =
408 conn
409 |> assign(:token, nil)
410 |> post("/api/pleroma/delete_account")
411
412 assert json_response(conn, 403) ==
413 %{"error" => "Insufficient permissions: write:accounts."}
414 end
415
416 test "with proper permissions and wrong or missing password", %{conn: conn} do
417 for params <- [%{"password" => "hi"}, %{}] do
418 ret_conn = post(conn, "/api/pleroma/delete_account", params)
419
420 assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
421 end
422 end
423
424 test "with proper permissions and valid password", %{conn: conn, user: user} do
425 conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
426 ObanHelpers.perform_all()
427 assert json_response(conn, 200) == %{"status" => "success"}
428
429 user = User.get_by_id(user.id)
430 refute user.is_active
431 assert user.name == nil
432 assert user.bio == ""
433 assert user.password_hash == nil
434 end
435 end
436 end