1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
9 alias Pleroma.Tests.ObanHelpers
12 import Pleroma.Factory
16 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
20 setup do: clear_config([:instance])
21 setup do: clear_config([:frontend_configurations, :pleroma_fe])
23 describe "PUT /api/pleroma/notification_settings" do
24 setup do: oauth_access(["write:accounts"])
26 test "it updates notification settings", %{user: user, conn: conn} do
29 "/api/pleroma/notification_settings?#{
31 block_from_strangers: true
35 |> json_response_and_validate_schema(:ok)
37 user = refresh_record(user)
39 assert %Pleroma.User.NotificationSetting{
40 block_from_strangers: true,
41 hide_notification_contents: false
42 } == user.notification_settings
45 test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
48 "/api/pleroma/notification_settings?#{
50 hide_notification_contents: 1
54 |> json_response_and_validate_schema(:ok)
56 user = refresh_record(user)
58 assert %Pleroma.User.NotificationSetting{
59 block_from_strangers: false,
60 hide_notification_contents: true
61 } == user.notification_settings
65 describe "GET /api/pleroma/frontend_configurations" do
66 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
77 clear_config(:frontend_configurations, config)
81 |> get("/api/pleroma/frontend_configurations")
82 |> json_response_and_validate_schema(:ok)
84 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
88 describe "/api/pleroma/emoji" do
89 test "returns json with custom emoji with tags", %{conn: conn} do
92 |> get("/api/pleroma/emoji")
93 |> json_response_and_validate_schema(200)
95 assert Enum.all?(emoji, fn
101 is_binary(url) and is_list(tags)
106 describe "GET /api/pleroma/healthcheck" do
107 setup do: clear_config([:instance, :healthcheck])
109 test "returns 503 when healthcheck disabled", %{conn: conn} do
110 clear_config([:instance, :healthcheck], false)
114 |> get("/api/pleroma/healthcheck")
115 |> json_response_and_validate_schema(503)
117 assert response == %{}
120 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
121 clear_config([:instance, :healthcheck], true)
123 with_mock Pleroma.Healthcheck,
124 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
127 |> get("/api/pleroma/healthcheck")
128 |> json_response_and_validate_schema(200)
140 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
141 clear_config([:instance, :healthcheck], true)
143 with_mock Pleroma.Healthcheck,
144 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
147 |> get("/api/pleroma/healthcheck")
148 |> json_response_and_validate_schema(503)
161 describe "POST /api/pleroma/disable_account" do
162 setup do: oauth_access(["write:accounts"])
164 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
167 |> post("/api/pleroma/disable_account?password=test")
168 |> json_response_and_validate_schema(:ok)
170 assert response == %{"status" => "success"}
171 ObanHelpers.perform_all()
173 user = User.get_cached_by_id(user.id)
175 refute user.is_active
178 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
183 |> post("/api/pleroma/disable_account?password=test1")
184 |> json_response_and_validate_schema(:ok)
186 assert response == %{"error" => "Invalid password."}
187 user = User.get_cached_by_id(user.id)
189 assert user.is_active
193 describe "POST /main/ostatus - remote_subscribe/2" do
194 setup do: clear_config([:instance, :federating], true)
196 test "renders subscribe form", %{conn: conn} do
201 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
204 refute response =~ "Could not find user"
205 assert response =~ "Remotely follow #{user.nickname}"
208 test "renders subscribe form with error when user not found", %{conn: conn} do
211 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
214 assert response =~ "Could not find user"
215 refute response =~ "Remotely follow"
218 test "it redirect to webfinger url", %{conn: conn} do
220 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
224 |> post("/main/ostatus", %{
225 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
228 assert redirected_to(conn) ==
229 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
232 test "it renders form with error when user not found", %{conn: conn} do
233 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
237 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
240 assert response =~ "Something went wrong."
244 test "it returns new captcha", %{conn: conn} do
245 with_mock Pleroma.Captcha,
246 new: fn -> "test_captcha" end do
249 |> get("/api/pleroma/captcha")
252 assert resp == "\"test_captcha\""
253 assert called(Pleroma.Captcha.new())
257 describe "POST /api/pleroma/change_email" do
258 setup do: oauth_access(["write:accounts"])
260 test "without permissions", %{conn: conn} do
263 |> assign(:token, nil)
264 |> put_req_header("content-type", "multipart/form-data")
265 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
267 assert json_response_and_validate_schema(conn, 403) == %{
268 "error" => "Insufficient permissions: write:accounts."
272 test "with proper permissions and invalid password", %{conn: conn} do
275 |> put_req_header("content-type", "multipart/form-data")
276 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
278 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
281 test "with proper permissions, valid password and invalid email", %{
286 |> put_req_header("content-type", "multipart/form-data")
287 |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
289 assert json_response_and_validate_schema(conn, 200) == %{
290 "error" => "Email has invalid format."
294 test "with proper permissions, valid password and no email", %{
299 |> put_req_header("content-type", "multipart/form-data")
300 |> post("/api/pleroma/change_email", %{password: "test"})
302 assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
305 test "with proper permissions, valid password and blank email", %{
310 |> put_req_header("content-type", "multipart/form-data")
311 |> post("/api/pleroma/change_email", %{password: "test", email: ""})
313 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
316 test "with proper permissions, valid password and non unique email", %{
323 |> put_req_header("content-type", "multipart/form-data")
324 |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
326 assert json_response_and_validate_schema(conn, 200) == %{
327 "error" => "Email has already been taken."
331 test "with proper permissions, valid password and valid email", %{
336 |> put_req_header("content-type", "multipart/form-data")
337 |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
339 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
343 describe "POST /api/pleroma/change_password" do
344 setup do: oauth_access(["write:accounts"])
346 test "without permissions", %{conn: conn} do
349 |> assign(:token, nil)
350 |> put_req_header("content-type", "multipart/form-data")
351 |> post("/api/pleroma/change_password", %{
353 "new_password" => "newpass",
354 "new_password_confirmation" => "newpass"
357 assert json_response_and_validate_schema(conn, 403) == %{
358 "error" => "Insufficient permissions: write:accounts."
362 test "with proper permissions and invalid password", %{conn: conn} do
365 |> put_req_header("content-type", "multipart/form-data")
366 |> post("/api/pleroma/change_password", %{
368 "new_password" => "newpass",
369 "new_password_confirmation" => "newpass"
372 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
375 test "with proper permissions, valid password and new password and confirmation not matching",
381 |> put_req_header("content-type", "multipart/form-data")
382 |> post("/api/pleroma/change_password", %{
383 "password" => "test",
384 "new_password" => "newpass",
385 "new_password_confirmation" => "notnewpass"
388 assert json_response_and_validate_schema(conn, 200) == %{
389 "error" => "New password does not match confirmation."
393 test "with proper permissions, valid password and invalid new password", %{
398 |> put_req_header("content-type", "multipart/form-data")
399 |> post("/api/pleroma/change_password", %{
402 new_password_confirmation: ""
405 assert json_response_and_validate_schema(conn, 200) == %{
406 "error" => "New password can't be blank."
410 test "with proper permissions, valid password and matching new password and confirmation", %{
416 |> put_req_header("content-type", "multipart/form-data")
418 "/api/pleroma/change_password",
421 new_password: "newpass",
422 new_password_confirmation: "newpass"
426 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
427 fetched_user = User.get_cached_by_id(user.id)
428 assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
432 describe "POST /api/pleroma/delete_account" do
433 setup do: oauth_access(["write:accounts"])
435 test "without permissions", %{conn: conn} do
438 |> assign(:token, nil)
439 |> post("/api/pleroma/delete_account")
441 assert json_response_and_validate_schema(conn, 403) ==
442 %{"error" => "Insufficient permissions: write:accounts."}
445 test "with proper permissions and wrong or missing password", %{conn: conn} do
446 for params <- [%{"password" => "hi"}, %{}] do
447 ret_conn = post(conn, "/api/pleroma/delete_account", params)
449 assert json_response_and_validate_schema(ret_conn, 200) == %{
450 "error" => "Invalid password."
455 test "with proper permissions and valid password", %{conn: conn, user: user} do
456 conn = post(conn, "/api/pleroma/delete_account?password=test")
457 ObanHelpers.perform_all()
458 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
460 user = User.get_by_id(user.id)
461 refute user.is_active
462 assert user.name == nil
463 assert user.bio == ""
464 assert user.password_hash == nil