git.squeep.com Git - akkoma/blob - test/pleroma/web/twitter_api/util_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
   6   use Pleroma.Web.ConnCase
   7   use Oban.Testing, repo: Pleroma.Repo
   8
   9   alias Pleroma.Tests.ObanHelpers
  10   alias Pleroma.User
  11
  12   import Pleroma.Factory
  13   import Mock
  14
  15   setup do
  16     Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
  17     :ok
  18   end
  19
  20   setup do: clear_config([:instance])
  21   setup do: clear_config([:frontend_configurations, :pleroma_fe])
  22
  23   describe "PUT /api/pleroma/notification_settings" do
  24     setup do: oauth_access(["write:accounts"])
  25
  26     test "it updates notification settings", %{user: user, conn: conn} do
  27       conn
  28       |> put(
  29         "/api/pleroma/notification_settings?#{
  30           URI.encode_query(%{
  31             block_from_strangers: true
  32           })
  33         }"
  34       )
  35       |> json_response_and_validate_schema(:ok)
  36
  37       user = refresh_record(user)
  38
  39       assert %Pleroma.User.NotificationSetting{
  40                block_from_strangers: true,
  41                hide_notification_contents: false
  42              } == user.notification_settings
  43     end
  44
  45     test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
  46       conn
  47       |> put(
  48         "/api/pleroma/notification_settings?#{
  49           URI.encode_query(%{
  50             hide_notification_contents: 1
  51           })
  52         }"
  53       )
  54       |> json_response_and_validate_schema(:ok)
  55
  56       user = refresh_record(user)
  57
  58       assert %Pleroma.User.NotificationSetting{
  59                block_from_strangers: false,
  60                hide_notification_contents: true
  61              } == user.notification_settings
  62     end
  63   end
  64
  65   describe "GET /api/pleroma/frontend_configurations" do
  66     test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
  67       config = [
  68         frontend_a: %{
  69           x: 1,
  70           y: 2
  71         },
  72         frontend_b: %{
  73           z: 3
  74         }
  75       ]
  76
  77       clear_config(:frontend_configurations, config)
  78
  79       response =
  80         conn
  81         |> get("/api/pleroma/frontend_configurations")
  82         |> json_response_and_validate_schema(:ok)
  83
  84       assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
  85     end
  86   end
  87
  88   describe "/api/pleroma/emoji" do
  89     test "returns json with custom emoji with tags", %{conn: conn} do
  90       emoji =
  91         conn
  92         |> get("/api/pleroma/emoji")
  93         |> json_response_and_validate_schema(200)
  94
  95       assert Enum.all?(emoji, fn
  96                {_key,
  97                 %{
  98                   "image_url" => url,
  99                   "tags" => tags
 100                 }} ->
 101                  is_binary(url) and is_list(tags)
 102              end)
 103     end
 104   end
 105
 106   describe "GET /api/pleroma/healthcheck" do
 107     setup do: clear_config([:instance, :healthcheck])
 108
 109     test "returns 503 when healthcheck disabled", %{conn: conn} do
 110       clear_config([:instance, :healthcheck], false)
 111
 112       response =
 113         conn
 114         |> get("/api/pleroma/healthcheck")
 115         |> json_response_and_validate_schema(503)
 116
 117       assert response == %{}
 118     end
 119
 120     test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
 121       clear_config([:instance, :healthcheck], true)
 122
 123       with_mock Pleroma.Healthcheck,
 124         system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
 125         response =
 126           conn
 127           |> get("/api/pleroma/healthcheck")
 128           |> json_response_and_validate_schema(200)
 129
 130         assert %{
 131                  "active" => _,
 132                  "healthy" => true,
 133                  "idle" => _,
 134                  "memory_used" => _,
 135                  "pool_size" => _
 136                } = response
 137       end
 138     end
 139
 140     test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
 141       clear_config([:instance, :healthcheck], true)
 142
 143       with_mock Pleroma.Healthcheck,
 144         system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
 145         response =
 146           conn
 147           |> get("/api/pleroma/healthcheck")
 148           |> json_response_and_validate_schema(503)
 149
 150         assert %{
 151                  "active" => _,
 152                  "healthy" => false,
 153                  "idle" => _,
 154                  "memory_used" => _,
 155                  "pool_size" => _
 156                } = response
 157       end
 158     end
 159   end
 160
 161   describe "POST /api/pleroma/disable_account" do
 162     setup do: oauth_access(["write:accounts"])
 163
 164     test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
 165       response =
 166         conn
 167         |> post("/api/pleroma/disable_account?password=test")
 168         |> json_response_and_validate_schema(:ok)
 169
 170       assert response == %{"status" => "success"}
 171       ObanHelpers.perform_all()
 172
 173       user = User.get_cached_by_id(user.id)
 174
 175       refute user.is_active
 176     end
 177
 178     test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
 179       user = insert(:user)
 180
 181       response =
 182         conn
 183         |> post("/api/pleroma/disable_account?password=test1")
 184         |> json_response_and_validate_schema(:ok)
 185
 186       assert response == %{"error" => "Invalid password."}
 187       user = User.get_cached_by_id(user.id)
 188
 189       assert user.is_active
 190     end
 191   end
 192
 193   describe "POST /main/ostatus - remote_subscribe/2" do
 194     setup do: clear_config([:instance, :federating], true)
 195
 196     test "renders subscribe form", %{conn: conn} do
 197       user = insert(:user)
 198
 199       response =
 200         conn
 201         |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
 202         |> response(:ok)
 203
 204       refute response =~ "Could not find user"
 205       assert response =~ "Remotely follow #{user.nickname}"
 206     end
 207
 208     test "renders subscribe form with error when user not found", %{conn: conn} do
 209       response =
 210         conn
 211         |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
 212         |> response(:ok)
 213
 214       assert response =~ "Could not find user"
 215       refute response =~ "Remotely follow"
 216     end
 217
 218     test "it redirect to webfinger url", %{conn: conn} do
 219       user = insert(:user)
 220       user2 = insert(:user, ap_id: "shp@social.heldscal.la")
 221
 222       conn =
 223         conn
 224         |> post("/main/ostatus", %{
 225           "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
 226         })
 227
 228       assert redirected_to(conn) ==
 229                "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
 230     end
 231
 232     test "it renders form with error when user not found", %{conn: conn} do
 233       user2 = insert(:user, ap_id: "shp@social.heldscal.la")
 234
 235       response =
 236         conn
 237         |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
 238         |> response(:ok)
 239
 240       assert response =~ "Something went wrong."
 241     end
 242   end
 243
 244   test "it returns new captcha", %{conn: conn} do
 245     with_mock Pleroma.Captcha,
 246       new: fn -> "test_captcha" end do
 247       resp =
 248         conn
 249         |> get("/api/pleroma/captcha")
 250         |> response(200)
 251
 252       assert resp == "\"test_captcha\""
 253       assert called(Pleroma.Captcha.new())
 254     end
 255   end
 256
 257   describe "POST /api/pleroma/change_email" do
 258     setup do: oauth_access(["write:accounts"])
 259
 260     test "without permissions", %{conn: conn} do
 261       conn =
 262         conn
 263         |> assign(:token, nil)
 264         |> post(
 265           "/api/pleroma/change_email?#{
 266             URI.encode_query(%{password: "hi", email: "test@test.com"})
 267           }"
 268         )
 269
 270       assert json_response_and_validate_schema(conn, 403) == %{
 271                "error" => "Insufficient permissions: write:accounts."
 272              }
 273     end
 274
 275     test "with proper permissions and invalid password", %{conn: conn} do
 276       conn =
 277         post(
 278           conn,
 279           "/api/pleroma/change_email?#{
 280             URI.encode_query(%{password: "hi", email: "test@test.com"})
 281           }"
 282         )
 283
 284       assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
 285     end
 286
 287     test "with proper permissions, valid password and invalid email", %{
 288       conn: conn
 289     } do
 290       conn =
 291         post(
 292           conn,
 293           "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: "foobar"})}"
 294         )
 295
 296       assert json_response_and_validate_schema(conn, 200) == %{
 297                "error" => "Email has invalid format."
 298              }
 299     end
 300
 301     test "with proper permissions, valid password and no email", %{
 302       conn: conn
 303     } do
 304       conn = post(conn, "/api/pleroma/change_email?#{URI.encode_query(%{password: "test"})}")
 305
 306       assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
 307     end
 308
 309     test "with proper permissions, valid password and blank email", %{
 310       conn: conn
 311     } do
 312       conn =
 313         post(
 314           conn,
 315           "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: ""})}"
 316         )
 317
 318       assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
 319     end
 320
 321     test "with proper permissions, valid password and non unique email", %{
 322       conn: conn
 323     } do
 324       user = insert(:user)
 325
 326       conn =
 327         post(
 328           conn,
 329           "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: user.email})}"
 330         )
 331
 332       assert json_response_and_validate_schema(conn, 200) == %{
 333                "error" => "Email has already been taken."
 334              }
 335     end
 336
 337     test "with proper permissions, valid password and valid email", %{
 338       conn: conn
 339     } do
 340       conn =
 341         post(
 342           conn,
 343           "/api/pleroma/change_email?#{
 344             URI.encode_query(%{password: "test", email: "cofe@foobar.com"})
 345           }"
 346         )
 347
 348       assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
 349     end
 350   end
 351
 352   describe "POST /api/pleroma/change_password" do
 353     setup do: oauth_access(["write:accounts"])
 354
 355     test "without permissions", %{conn: conn} do
 356       conn =
 357         conn
 358         |> assign(:token, nil)
 359         |> put_req_header("content-type", "multipart/form-data")
 360         |> post("/api/pleroma/change_password", %{
 361           "password" => "hi",
 362           "new_password" => "newpass",
 363           "new_password_confirmation" => "newpass"
 364         })
 365
 366       assert json_response_and_validate_schema(conn, 403) == %{
 367                "error" => "Insufficient permissions: write:accounts."
 368              }
 369     end
 370
 371     test "with proper permissions and invalid password", %{conn: conn} do
 372       conn =
 373         conn
 374         |> put_req_header("content-type", "multipart/form-data")
 375         |> post("/api/pleroma/change_password", %{
 376           "password" => "hi",
 377           "new_password" => "newpass",
 378           "new_password_confirmation" => "newpass"
 379         })
 380
 381       assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
 382     end
 383
 384     test "with proper permissions, valid password and new password and confirmation not matching",
 385          %{
 386            conn: conn
 387          } do
 388       conn =
 389         conn
 390         |> put_req_header("content-type", "multipart/form-data")
 391         |> post("/api/pleroma/change_password", %{
 392           "password" => "test",
 393           "new_password" => "newpass",
 394           "new_password_confirmation" => "notnewpass"
 395         })
 396
 397       assert json_response_and_validate_schema(conn, 200) == %{
 398                "error" => "New password does not match confirmation."
 399              }
 400     end
 401
 402     test "with proper permissions, valid password and invalid new password", %{
 403       conn: conn
 404     } do
 405       conn =
 406         conn
 407         |> put_req_header("content-type", "multipart/form-data")
 408         |> post("/api/pleroma/change_password", %{
 409           password: "test",
 410           new_password: "",
 411           new_password_confirmation: ""
 412         })
 413
 414       assert json_response_and_validate_schema(conn, 200) == %{
 415                "error" => "New password can't be blank."
 416              }
 417     end
 418
 419     test "with proper permissions, valid password and matching new password and confirmation", %{
 420       conn: conn,
 421       user: user
 422     } do
 423       conn =
 424         conn
 425         |> put_req_header("content-type", "multipart/form-data")
 426         |> post(
 427           "/api/pleroma/change_password",
 428           %{
 429             password: "test",
 430             new_password: "newpass",
 431             new_password_confirmation: "newpass"
 432           }
 433         )
 434
 435       assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
 436       fetched_user = User.get_cached_by_id(user.id)
 437       assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
 438     end
 439   end
 440
 441   describe "POST /api/pleroma/delete_account" do
 442     setup do: oauth_access(["write:accounts"])
 443
 444     test "without permissions", %{conn: conn} do
 445       conn =
 446         conn
 447         |> assign(:token, nil)
 448         |> post("/api/pleroma/delete_account")
 449
 450       assert json_response_and_validate_schema(conn, 403) ==
 451                %{"error" => "Insufficient permissions: write:accounts."}
 452     end
 453
 454     test "with proper permissions and wrong or missing password", %{conn: conn} do
 455       for params <- [%{"password" => "hi"}, %{}] do
 456         ret_conn = post(conn, "/api/pleroma/delete_account", params)
 457
 458         assert json_response_and_validate_schema(ret_conn, 200) == %{
 459                  "error" => "Invalid password."
 460                }
 461       end
 462     end
 463
 464     test "with proper permissions and valid password", %{conn: conn, user: user} do
 465       conn = post(conn, "/api/pleroma/delete_account?password=test")
 466       ObanHelpers.perform_all()
 467       assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
 468
 469       user = User.get_by_id(user.id)
 470       refute user.is_active
 471       assert user.name == nil
 472       assert user.bio == ""
 473       assert user.password_hash == nil
 474     end
 475   end
 476 end