Merge branch 'warnings-as-errors' into 'develop'
[akkoma] / test / pleroma / web / twitter_api / util_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
8
9 alias Pleroma.Tests.ObanHelpers
10 alias Pleroma.User
11
12 import Pleroma.Factory
13 import Mock
14
15 setup do
16 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
17 :ok
18 end
19
20 setup do: clear_config([:instance])
21 setup do: clear_config([:frontend_configurations, :pleroma_fe])
22
23 describe "PUT /api/pleroma/notification_settings" do
24 setup do: oauth_access(["write:accounts"])
25
26 test "it updates notification settings", %{user: user, conn: conn} do
27 conn
28 |> put(
29 "/api/pleroma/notification_settings?#{URI.encode_query(%{block_from_strangers: true})}"
30 )
31 |> json_response_and_validate_schema(:ok)
32
33 user = refresh_record(user)
34
35 assert %Pleroma.User.NotificationSetting{
36 block_from_strangers: true,
37 hide_notification_contents: false
38 } == user.notification_settings
39 end
40
41 test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
42 conn
43 |> put(
44 "/api/pleroma/notification_settings?#{URI.encode_query(%{hide_notification_contents: 1})}"
45 )
46 |> json_response_and_validate_schema(:ok)
47
48 user = refresh_record(user)
49
50 assert %Pleroma.User.NotificationSetting{
51 block_from_strangers: false,
52 hide_notification_contents: true
53 } == user.notification_settings
54 end
55 end
56
57 describe "GET /api/pleroma/frontend_configurations" do
58 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
59 config = [
60 frontend_a: %{
61 x: 1,
62 y: 2
63 },
64 frontend_b: %{
65 z: 3
66 }
67 ]
68
69 clear_config(:frontend_configurations, config)
70
71 response =
72 conn
73 |> get("/api/pleroma/frontend_configurations")
74 |> json_response_and_validate_schema(:ok)
75
76 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
77 end
78 end
79
80 describe "/api/pleroma/emoji" do
81 test "returns json with custom emoji with tags", %{conn: conn} do
82 emoji =
83 conn
84 |> get("/api/pleroma/emoji")
85 |> json_response_and_validate_schema(200)
86
87 assert Enum.all?(emoji, fn
88 {_key,
89 %{
90 "image_url" => url,
91 "tags" => tags
92 }} ->
93 is_binary(url) and is_list(tags)
94 end)
95 end
96 end
97
98 describe "GET /api/pleroma/healthcheck" do
99 setup do: clear_config([:instance, :healthcheck])
100
101 test "returns 503 when healthcheck disabled", %{conn: conn} do
102 clear_config([:instance, :healthcheck], false)
103
104 response =
105 conn
106 |> get("/api/pleroma/healthcheck")
107 |> json_response_and_validate_schema(503)
108
109 assert response == %{}
110 end
111
112 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
113 clear_config([:instance, :healthcheck], true)
114
115 with_mock Pleroma.Healthcheck,
116 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
117 response =
118 conn
119 |> get("/api/pleroma/healthcheck")
120 |> json_response_and_validate_schema(200)
121
122 assert %{
123 "active" => _,
124 "healthy" => true,
125 "idle" => _,
126 "memory_used" => _,
127 "pool_size" => _
128 } = response
129 end
130 end
131
132 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
133 clear_config([:instance, :healthcheck], true)
134
135 with_mock Pleroma.Healthcheck,
136 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
137 response =
138 conn
139 |> get("/api/pleroma/healthcheck")
140 |> json_response_and_validate_schema(503)
141
142 assert %{
143 "active" => _,
144 "healthy" => false,
145 "idle" => _,
146 "memory_used" => _,
147 "pool_size" => _
148 } = response
149 end
150 end
151 end
152
153 describe "POST /api/pleroma/disable_account" do
154 setup do: oauth_access(["write:accounts"])
155
156 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
157 response =
158 conn
159 |> post("/api/pleroma/disable_account?password=test")
160 |> json_response_and_validate_schema(:ok)
161
162 assert response == %{"status" => "success"}
163 ObanHelpers.perform_all()
164
165 user = User.get_cached_by_id(user.id)
166
167 refute user.is_active
168 end
169
170 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
171 user = insert(:user)
172
173 response =
174 conn
175 |> post("/api/pleroma/disable_account?password=test1")
176 |> json_response_and_validate_schema(:ok)
177
178 assert response == %{"error" => "Invalid password."}
179 user = User.get_cached_by_id(user.id)
180
181 assert user.is_active
182 end
183 end
184
185 describe "POST /main/ostatus - remote_subscribe/2" do
186 setup do: clear_config([:instance, :federating], true)
187
188 test "renders subscribe form", %{conn: conn} do
189 user = insert(:user)
190
191 response =
192 conn
193 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
194 |> response(:ok)
195
196 refute response =~ "Could not find user"
197 assert response =~ "Remotely follow #{user.nickname}"
198 end
199
200 test "renders subscribe form with error when user not found", %{conn: conn} do
201 response =
202 conn
203 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
204 |> response(:ok)
205
206 assert response =~ "Could not find user"
207 refute response =~ "Remotely follow"
208 end
209
210 test "it redirect to webfinger url", %{conn: conn} do
211 user = insert(:user)
212 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
213
214 conn =
215 conn
216 |> post("/main/ostatus", %{
217 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
218 })
219
220 assert redirected_to(conn) ==
221 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
222 end
223
224 test "it renders form with error when user not found", %{conn: conn} do
225 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
226
227 response =
228 conn
229 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
230 |> response(:ok)
231
232 assert response =~ "Something went wrong."
233 end
234 end
235
236 test "it returns new captcha", %{conn: conn} do
237 with_mock Pleroma.Captcha,
238 new: fn -> "test_captcha" end do
239 resp =
240 conn
241 |> get("/api/pleroma/captcha")
242 |> response(200)
243
244 assert resp == "\"test_captcha\""
245 assert called(Pleroma.Captcha.new())
246 end
247 end
248
249 describe "POST /api/pleroma/change_email" do
250 setup do: oauth_access(["write:accounts"])
251
252 test "without permissions", %{conn: conn} do
253 conn =
254 conn
255 |> assign(:token, nil)
256 |> put_req_header("content-type", "multipart/form-data")
257 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
258
259 assert json_response_and_validate_schema(conn, 403) == %{
260 "error" => "Insufficient permissions: write:accounts."
261 }
262 end
263
264 test "with proper permissions and invalid password", %{conn: conn} do
265 conn =
266 conn
267 |> put_req_header("content-type", "multipart/form-data")
268 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
269
270 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
271 end
272
273 test "with proper permissions, valid password and invalid email", %{
274 conn: conn
275 } do
276 conn =
277 conn
278 |> put_req_header("content-type", "multipart/form-data")
279 |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
280
281 assert json_response_and_validate_schema(conn, 200) == %{
282 "error" => "Email has invalid format."
283 }
284 end
285
286 test "with proper permissions, valid password and no email", %{
287 conn: conn
288 } do
289 conn =
290 conn
291 |> put_req_header("content-type", "multipart/form-data")
292 |> post("/api/pleroma/change_email", %{password: "test"})
293
294 assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
295 end
296
297 test "with proper permissions, valid password and blank email, when instance requires user email",
298 %{
299 conn: conn
300 } do
301 orig_account_activation_required =
302 Pleroma.Config.get([:instance, :account_activation_required])
303
304 Pleroma.Config.put([:instance, :account_activation_required], true)
305
306 on_exit(fn ->
307 Pleroma.Config.put(
308 [:instance, :account_activation_required],
309 orig_account_activation_required
310 )
311 end)
312
313 conn =
314 conn
315 |> put_req_header("content-type", "multipart/form-data")
316 |> post("/api/pleroma/change_email", %{password: "test", email: ""})
317
318 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
319 end
320
321 test "with proper permissions, valid password and blank email, when instance does not require user email",
322 %{
323 conn: conn
324 } do
325 orig_account_activation_required =
326 Pleroma.Config.get([:instance, :account_activation_required])
327
328 Pleroma.Config.put([:instance, :account_activation_required], false)
329
330 on_exit(fn ->
331 Pleroma.Config.put(
332 [:instance, :account_activation_required],
333 orig_account_activation_required
334 )
335 end)
336
337 conn =
338 conn
339 |> put_req_header("content-type", "multipart/form-data")
340 |> post("/api/pleroma/change_email", %{password: "test", email: ""})
341
342 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
343 end
344
345 test "with proper permissions, valid password and non unique email", %{
346 conn: conn
347 } do
348 user = insert(:user)
349
350 conn =
351 conn
352 |> put_req_header("content-type", "multipart/form-data")
353 |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
354
355 assert json_response_and_validate_schema(conn, 200) == %{
356 "error" => "Email has already been taken."
357 }
358 end
359
360 test "with proper permissions, valid password and valid email", %{
361 conn: conn
362 } do
363 conn =
364 conn
365 |> put_req_header("content-type", "multipart/form-data")
366 |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
367
368 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
369 end
370 end
371
372 describe "POST /api/pleroma/change_password" do
373 setup do: oauth_access(["write:accounts"])
374
375 test "without permissions", %{conn: conn} do
376 conn =
377 conn
378 |> assign(:token, nil)
379 |> put_req_header("content-type", "multipart/form-data")
380 |> post("/api/pleroma/change_password", %{
381 "password" => "hi",
382 "new_password" => "newpass",
383 "new_password_confirmation" => "newpass"
384 })
385
386 assert json_response_and_validate_schema(conn, 403) == %{
387 "error" => "Insufficient permissions: write:accounts."
388 }
389 end
390
391 test "with proper permissions and invalid password", %{conn: conn} do
392 conn =
393 conn
394 |> put_req_header("content-type", "multipart/form-data")
395 |> post("/api/pleroma/change_password", %{
396 "password" => "hi",
397 "new_password" => "newpass",
398 "new_password_confirmation" => "newpass"
399 })
400
401 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
402 end
403
404 test "with proper permissions, valid password and new password and confirmation not matching",
405 %{
406 conn: conn
407 } do
408 conn =
409 conn
410 |> put_req_header("content-type", "multipart/form-data")
411 |> post("/api/pleroma/change_password", %{
412 "password" => "test",
413 "new_password" => "newpass",
414 "new_password_confirmation" => "notnewpass"
415 })
416
417 assert json_response_and_validate_schema(conn, 200) == %{
418 "error" => "New password does not match confirmation."
419 }
420 end
421
422 test "with proper permissions, valid password and invalid new password", %{
423 conn: conn
424 } do
425 conn =
426 conn
427 |> put_req_header("content-type", "multipart/form-data")
428 |> post("/api/pleroma/change_password", %{
429 password: "test",
430 new_password: "",
431 new_password_confirmation: ""
432 })
433
434 assert json_response_and_validate_schema(conn, 200) == %{
435 "error" => "New password can't be blank."
436 }
437 end
438
439 test "with proper permissions, valid password and matching new password and confirmation", %{
440 conn: conn,
441 user: user
442 } do
443 conn =
444 conn
445 |> put_req_header("content-type", "multipart/form-data")
446 |> post(
447 "/api/pleroma/change_password",
448 %{
449 password: "test",
450 new_password: "newpass",
451 new_password_confirmation: "newpass"
452 }
453 )
454
455 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
456 fetched_user = User.get_cached_by_id(user.id)
457 assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
458 end
459 end
460
461 describe "POST /api/pleroma/delete_account" do
462 setup do: oauth_access(["write:accounts"])
463
464 test "without permissions", %{conn: conn} do
465 conn =
466 conn
467 |> assign(:token, nil)
468 |> post("/api/pleroma/delete_account")
469
470 assert json_response_and_validate_schema(conn, 403) ==
471 %{"error" => "Insufficient permissions: write:accounts."}
472 end
473
474 test "with proper permissions and wrong or missing password", %{conn: conn} do
475 for params <- [%{"password" => "hi"}, %{}] do
476 ret_conn =
477 conn
478 |> put_req_header("content-type", "application/json")
479 |> post("/api/pleroma/delete_account", params)
480
481 assert json_response_and_validate_schema(ret_conn, 200) == %{
482 "error" => "Invalid password."
483 }
484 end
485 end
486
487 test "with proper permissions and valid password (URL query)", %{conn: conn, user: user} do
488 conn =
489 conn
490 |> put_req_header("content-type", "application/json")
491 |> post("/api/pleroma/delete_account?password=test")
492
493 ObanHelpers.perform_all()
494 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
495
496 user = User.get_by_id(user.id)
497 refute user.is_active
498 assert user.name == nil
499 assert user.bio == ""
500 assert user.password_hash == nil
501 end
502
503 test "with proper permissions and valid password (JSON body)", %{conn: conn, user: user} do
504 conn =
505 conn
506 |> put_req_header("content-type", "application/json")
507 |> post("/api/pleroma/delete_account", %{password: "test"})
508
509 ObanHelpers.perform_all()
510 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
511
512 user = User.get_by_id(user.id)
513 refute user.is_active
514 assert user.name == nil
515 assert user.bio == ""
516 assert user.password_hash == nil
517 end
518 end
519 end