projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
TwitterAPI: Make change_email require body params instead of query
[akkoma] / test / pleroma / web / twitter_api / util_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
8
9 alias Pleroma.Tests.ObanHelpers
10 alias Pleroma.User
11
12 import Pleroma.Factory
13 import Mock
14
15 setup do
16 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
17 :ok
18 end
19
20 setup do: clear_config([:instance])
21 setup do: clear_config([:frontend_configurations, :pleroma_fe])
22
23 describe "PUT /api/pleroma/notification_settings" do
24 setup do: oauth_access(["write:accounts"])
25
26 test "it updates notification settings", %{user: user, conn: conn} do
27 conn
28 |> put(
29 "/api/pleroma/notification_settings?#{
30 URI.encode_query(%{
31 block_from_strangers: true
32 })
33 }"
34 )
35 |> json_response_and_validate_schema(:ok)
36
37 user = refresh_record(user)
38
39 assert %Pleroma.User.NotificationSetting{
40 block_from_strangers: true,
41 hide_notification_contents: false
42 } == user.notification_settings
43 end
44
45 test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
46 conn
47 |> put(
48 "/api/pleroma/notification_settings?#{
49 URI.encode_query(%{
50 hide_notification_contents: 1
51 })
52 }"
53 )
54 |> json_response_and_validate_schema(:ok)
55
56 user = refresh_record(user)
57
58 assert %Pleroma.User.NotificationSetting{
59 block_from_strangers: false,
60 hide_notification_contents: true
61 } == user.notification_settings
62 end
63 end
64
65 describe "GET /api/pleroma/frontend_configurations" do
66 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
67 config = [
68 frontend_a: %{
69 x: 1,
70 y: 2
71 },
72 frontend_b: %{
73 z: 3
74 }
75 ]
76
77 clear_config(:frontend_configurations, config)
78
79 response =
80 conn
81 |> get("/api/pleroma/frontend_configurations")
82 |> json_response_and_validate_schema(:ok)
83
84 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
85 end
86 end
87
88 describe "/api/pleroma/emoji" do
89 test "returns json with custom emoji with tags", %{conn: conn} do
90 emoji =
91 conn
92 |> get("/api/pleroma/emoji")
93 |> json_response_and_validate_schema(200)
94
95 assert Enum.all?(emoji, fn
96 {_key,
97 %{
98 "image_url" => url,
99 "tags" => tags
100 }} ->
101 is_binary(url) and is_list(tags)
102 end)
103 end
104 end
105
106 describe "GET /api/pleroma/healthcheck" do
107 setup do: clear_config([:instance, :healthcheck])
108
109 test "returns 503 when healthcheck disabled", %{conn: conn} do
110 clear_config([:instance, :healthcheck], false)
111
112 response =
113 conn
114 |> get("/api/pleroma/healthcheck")
115 |> json_response_and_validate_schema(503)
116
117 assert response == %{}
118 end
119
120 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
121 clear_config([:instance, :healthcheck], true)
122
123 with_mock Pleroma.Healthcheck,
124 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
125 response =
126 conn
127 |> get("/api/pleroma/healthcheck")
128 |> json_response_and_validate_schema(200)
129
130 assert %{
131 "active" => _,
132 "healthy" => true,
133 "idle" => _,
134 "memory_used" => _,
135 "pool_size" => _
136 } = response
137 end
138 end
139
140 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
141 clear_config([:instance, :healthcheck], true)
142
143 with_mock Pleroma.Healthcheck,
144 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
145 response =
146 conn
147 |> get("/api/pleroma/healthcheck")
148 |> json_response_and_validate_schema(503)
149
150 assert %{
151 "active" => _,
152 "healthy" => false,
153 "idle" => _,
154 "memory_used" => _,
155 "pool_size" => _
156 } = response
157 end
158 end
159 end
160
161 describe "POST /api/pleroma/disable_account" do
162 setup do: oauth_access(["write:accounts"])
163
164 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
165 response =
166 conn
167 |> post("/api/pleroma/disable_account?password=test")
168 |> json_response_and_validate_schema(:ok)
169
170 assert response == %{"status" => "success"}
171 ObanHelpers.perform_all()
172
173 user = User.get_cached_by_id(user.id)
174
175 refute user.is_active
176 end
177
178 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
179 user = insert(:user)
180
181 response =
182 conn
183 |> post("/api/pleroma/disable_account?password=test1")
184 |> json_response_and_validate_schema(:ok)
185
186 assert response == %{"error" => "Invalid password."}
187 user = User.get_cached_by_id(user.id)
188
189 assert user.is_active
190 end
191 end
192
193 describe "POST /main/ostatus - remote_subscribe/2" do
194 setup do: clear_config([:instance, :federating], true)
195
196 test "renders subscribe form", %{conn: conn} do
197 user = insert(:user)
198
199 response =
200 conn
201 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
202 |> response(:ok)
203
204 refute response =~ "Could not find user"
205 assert response =~ "Remotely follow #{user.nickname}"
206 end
207
208 test "renders subscribe form with error when user not found", %{conn: conn} do
209 response =
210 conn
211 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
212 |> response(:ok)
213
214 assert response =~ "Could not find user"
215 refute response =~ "Remotely follow"
216 end
217
218 test "it redirect to webfinger url", %{conn: conn} do
219 user = insert(:user)
220 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
221
222 conn =
223 conn
224 |> post("/main/ostatus", %{
225 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
226 })
227
228 assert redirected_to(conn) ==
229 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
230 end
231
232 test "it renders form with error when user not found", %{conn: conn} do
233 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
234
235 response =
236 conn
237 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
238 |> response(:ok)
239
240 assert response =~ "Something went wrong."
241 end
242 end
243
244 test "it returns new captcha", %{conn: conn} do
245 with_mock Pleroma.Captcha,
246 new: fn -> "test_captcha" end do
247 resp =
248 conn
249 |> get("/api/pleroma/captcha")
250 |> response(200)
251
252 assert resp == "\"test_captcha\""
253 assert called(Pleroma.Captcha.new())
254 end
255 end
256
257 describe "POST /api/pleroma/change_email" do
258 setup do: oauth_access(["write:accounts"])
259
260 test "without permissions", %{conn: conn} do
261 conn =
262 conn
263 |> assign(:token, nil)
264 |> put_req_header("content-type", "multipart/form-data")
265 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
266
267 assert json_response_and_validate_schema(conn, 403) == %{
268 "error" => "Insufficient permissions: write:accounts."
269 }
270 end
271
272 test "with proper permissions and invalid password", %{conn: conn} do
273 conn =
274 conn
275 |> put_req_header("content-type", "multipart/form-data")
276 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
277
278 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
279 end
280
281 test "with proper permissions, valid password and invalid email", %{
282 conn: conn
283 } do
284 conn =
285 conn
286 |> put_req_header("content-type", "multipart/form-data")
287 |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
288
289 assert json_response_and_validate_schema(conn, 200) == %{
290 "error" => "Email has invalid format."
291 }
292 end
293
294 test "with proper permissions, valid password and no email", %{
295 conn: conn
296 } do
297 conn =
298 conn
299 |> put_req_header("content-type", "multipart/form-data")
300 |> post("/api/pleroma/change_email", %{password: "test"})
301
302 assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
303 end
304
305 test "with proper permissions, valid password and blank email", %{
306 conn: conn
307 } do
308 conn =
309 conn
310 |> put_req_header("content-type", "multipart/form-data")
311 |> post("/api/pleroma/change_email", %{password: "test", email: ""})
312
313 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
314 end
315
316 test "with proper permissions, valid password and non unique email", %{
317 conn: conn
318 } do
319 user = insert(:user)
320
321 conn =
322 conn
323 |> put_req_header("content-type", "multipart/form-data")
324 |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
325
326 assert json_response_and_validate_schema(conn, 200) == %{
327 "error" => "Email has already been taken."
328 }
329 end
330
331 test "with proper permissions, valid password and valid email", %{
332 conn: conn
333 } do
334 conn =
335 conn
336 |> put_req_header("content-type", "multipart/form-data")
337 |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
338
339 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
340 end
341 end
342
343 describe "POST /api/pleroma/change_password" do
344 setup do: oauth_access(["write:accounts"])
345
346 test "without permissions", %{conn: conn} do
347 conn =
348 conn
349 |> assign(:token, nil)
350 |> put_req_header("content-type", "multipart/form-data")
351 |> post("/api/pleroma/change_password", %{
352 "password" => "hi",
353 "new_password" => "newpass",
354 "new_password_confirmation" => "newpass"
355 })
356
357 assert json_response_and_validate_schema(conn, 403) == %{
358 "error" => "Insufficient permissions: write:accounts."
359 }
360 end
361
362 test "with proper permissions and invalid password", %{conn: conn} do
363 conn =
364 conn
365 |> put_req_header("content-type", "multipart/form-data")
366 |> post("/api/pleroma/change_password", %{
367 "password" => "hi",
368 "new_password" => "newpass",
369 "new_password_confirmation" => "newpass"
370 })
371
372 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
373 end
374
375 test "with proper permissions, valid password and new password and confirmation not matching",
376 %{
377 conn: conn
378 } do
379 conn =
380 conn
381 |> put_req_header("content-type", "multipart/form-data")
382 |> post("/api/pleroma/change_password", %{
383 "password" => "test",
384 "new_password" => "newpass",
385 "new_password_confirmation" => "notnewpass"
386 })
387
388 assert json_response_and_validate_schema(conn, 200) == %{
389 "error" => "New password does not match confirmation."
390 }
391 end
392
393 test "with proper permissions, valid password and invalid new password", %{
394 conn: conn
395 } do
396 conn =
397 conn
398 |> put_req_header("content-type", "multipart/form-data")
399 |> post("/api/pleroma/change_password", %{
400 password: "test",
401 new_password: "",
402 new_password_confirmation: ""
403 })
404
405 assert json_response_and_validate_schema(conn, 200) == %{
406 "error" => "New password can't be blank."
407 }
408 end
409
410 test "with proper permissions, valid password and matching new password and confirmation", %{
411 conn: conn,
412 user: user
413 } do
414 conn =
415 conn
416 |> put_req_header("content-type", "multipart/form-data")
417 |> post(
418 "/api/pleroma/change_password",
419 %{
420 password: "test",
421 new_password: "newpass",
422 new_password_confirmation: "newpass"
423 }
424 )
425
426 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
427 fetched_user = User.get_cached_by_id(user.id)
428 assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
429 end
430 end
431
432 describe "POST /api/pleroma/delete_account" do
433 setup do: oauth_access(["write:accounts"])
434
435 test "without permissions", %{conn: conn} do
436 conn =
437 conn
438 |> assign(:token, nil)
439 |> post("/api/pleroma/delete_account")
440
441 assert json_response_and_validate_schema(conn, 403) ==
442 %{"error" => "Insufficient permissions: write:accounts."}
443 end
444
445 test "with proper permissions and wrong or missing password", %{conn: conn} do
446 for params <- [%{"password" => "hi"}, %{}] do
447 ret_conn = post(conn, "/api/pleroma/delete_account", params)
448
449 assert json_response_and_validate_schema(ret_conn, 200) == %{
450 "error" => "Invalid password."
451 }
452 end
453 end
454
455 test "with proper permissions and valid password", %{conn: conn, user: user} do
456 conn = post(conn, "/api/pleroma/delete_account?password=test")
457 ObanHelpers.perform_all()
458 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
459
460 user = User.get_by_id(user.id)
461 refute user.is_active
462 assert user.name == nil
463 assert user.bio == ""
464 assert user.password_hash == nil
465 end
466 end
467 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git