1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
9 alias Pleroma.Tests.ObanHelpers
12 import Pleroma.Factory
16 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
20 setup do: clear_config([:instance])
21 setup do: clear_config([:frontend_configurations, :pleroma_fe])
23 describe "PUT /api/pleroma/notification_settings" do
24 setup do: oauth_access(["write:accounts"])
26 test "it updates notification settings", %{user: user, conn: conn} do
29 "/api/pleroma/notification_settings?#{
31 block_from_strangers: true
35 |> json_response_and_validate_schema(:ok)
37 user = refresh_record(user)
39 assert %Pleroma.User.NotificationSetting{
40 block_from_strangers: true,
41 hide_notification_contents: false
42 } == user.notification_settings
45 test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
48 "/api/pleroma/notification_settings?#{
50 hide_notification_contents: 1
54 |> json_response_and_validate_schema(:ok)
56 user = refresh_record(user)
58 assert %Pleroma.User.NotificationSetting{
59 block_from_strangers: false,
60 hide_notification_contents: true
61 } == user.notification_settings
65 describe "GET /api/pleroma/frontend_configurations" do
66 test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
77 clear_config(:frontend_configurations, config)
81 |> get("/api/pleroma/frontend_configurations")
82 |> json_response_and_validate_schema(:ok)
84 assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
88 describe "/api/pleroma/emoji" do
89 test "returns json with custom emoji with tags", %{conn: conn} do
92 |> get("/api/pleroma/emoji")
93 |> json_response_and_validate_schema(200)
95 assert Enum.all?(emoji, fn
101 is_binary(url) and is_list(tags)
106 describe "GET /api/pleroma/healthcheck" do
107 setup do: clear_config([:instance, :healthcheck])
109 test "returns 503 when healthcheck disabled", %{conn: conn} do
110 clear_config([:instance, :healthcheck], false)
114 |> get("/api/pleroma/healthcheck")
115 |> json_response_and_validate_schema(503)
117 assert response == %{}
120 test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
121 clear_config([:instance, :healthcheck], true)
123 with_mock Pleroma.Healthcheck,
124 system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
127 |> get("/api/pleroma/healthcheck")
128 |> json_response_and_validate_schema(200)
140 test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
141 clear_config([:instance, :healthcheck], true)
143 with_mock Pleroma.Healthcheck,
144 system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
147 |> get("/api/pleroma/healthcheck")
148 |> json_response_and_validate_schema(503)
161 describe "POST /api/pleroma/disable_account" do
162 setup do: oauth_access(["write:accounts"])
164 test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
167 |> post("/api/pleroma/disable_account?password=test")
168 |> json_response_and_validate_schema(:ok)
170 assert response == %{"status" => "success"}
171 ObanHelpers.perform_all()
173 user = User.get_cached_by_id(user.id)
175 refute user.is_active
178 test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
183 |> post("/api/pleroma/disable_account?password=test1")
184 |> json_response_and_validate_schema(:ok)
186 assert response == %{"error" => "Invalid password."}
187 user = User.get_cached_by_id(user.id)
189 assert user.is_active
193 describe "POST /main/ostatus - remote_subscribe/2" do
194 setup do: clear_config([:instance, :federating], true)
196 test "renders subscribe form", %{conn: conn} do
201 |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
204 refute response =~ "Could not find user"
205 assert response =~ "Remotely follow #{user.nickname}"
208 test "renders subscribe form with error when user not found", %{conn: conn} do
211 |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
214 assert response =~ "Could not find user"
215 refute response =~ "Remotely follow"
218 test "it redirect to webfinger url", %{conn: conn} do
220 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
224 |> post("/main/ostatus", %{
225 "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
228 assert redirected_to(conn) ==
229 "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
232 test "it renders form with error when user not found", %{conn: conn} do
233 user2 = insert(:user, ap_id: "shp@social.heldscal.la")
237 |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
240 assert response =~ "Something went wrong."
244 test "it returns new captcha", %{conn: conn} do
245 with_mock Pleroma.Captcha,
246 new: fn -> "test_captcha" end do
249 |> get("/api/pleroma/captcha")
252 assert resp == "\"test_captcha\""
253 assert called(Pleroma.Captcha.new())
257 describe "POST /api/pleroma/change_email" do
258 setup do: oauth_access(["write:accounts"])
260 test "without permissions", %{conn: conn} do
263 |> assign(:token, nil)
264 |> put_req_header("content-type", "multipart/form-data")
265 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
267 assert json_response_and_validate_schema(conn, 403) == %{
268 "error" => "Insufficient permissions: write:accounts."
272 test "with proper permissions and invalid password", %{conn: conn} do
275 |> put_req_header("content-type", "multipart/form-data")
276 |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
278 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
281 test "with proper permissions, valid password and invalid email", %{
286 |> put_req_header("content-type", "multipart/form-data")
287 |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
289 assert json_response_and_validate_schema(conn, 200) == %{
290 "error" => "Email has invalid format."
294 test "with proper permissions, valid password and no email", %{
299 |> put_req_header("content-type", "multipart/form-data")
300 |> post("/api/pleroma/change_email", %{password: "test"})
302 assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
305 test "with proper permissions, valid password and blank email, when instance requires user email",
309 orig_account_activation_required =
310 Pleroma.Config.get([:instance, :account_activation_required])
312 Pleroma.Config.put([:instance, :account_activation_required], true)
316 [:instance, :account_activation_required],
317 orig_account_activation_required
323 |> put_req_header("content-type", "multipart/form-data")
324 |> post("/api/pleroma/change_email", %{password: "test", email: ""})
326 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
329 test "with proper permissions, valid password and blank email, when instance does not require user email",
333 orig_account_activation_required =
334 Pleroma.Config.get([:instance, :account_activation_required])
336 Pleroma.Config.put([:instance, :account_activation_required], false)
340 [:instance, :account_activation_required],
341 orig_account_activation_required
347 |> put_req_header("content-type", "multipart/form-data")
348 |> post("/api/pleroma/change_email", %{password: "test", email: ""})
350 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
353 test "with proper permissions, valid password and non unique email", %{
360 |> put_req_header("content-type", "multipart/form-data")
361 |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
363 assert json_response_and_validate_schema(conn, 200) == %{
364 "error" => "Email has already been taken."
368 test "with proper permissions, valid password and valid email", %{
373 |> put_req_header("content-type", "multipart/form-data")
374 |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
376 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
380 describe "POST /api/pleroma/change_password" do
381 setup do: oauth_access(["write:accounts"])
383 test "without permissions", %{conn: conn} do
386 |> assign(:token, nil)
387 |> put_req_header("content-type", "multipart/form-data")
388 |> post("/api/pleroma/change_password", %{
390 "new_password" => "newpass",
391 "new_password_confirmation" => "newpass"
394 assert json_response_and_validate_schema(conn, 403) == %{
395 "error" => "Insufficient permissions: write:accounts."
399 test "with proper permissions and invalid password", %{conn: conn} do
402 |> put_req_header("content-type", "multipart/form-data")
403 |> post("/api/pleroma/change_password", %{
405 "new_password" => "newpass",
406 "new_password_confirmation" => "newpass"
409 assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
412 test "with proper permissions, valid password and new password and confirmation not matching",
418 |> put_req_header("content-type", "multipart/form-data")
419 |> post("/api/pleroma/change_password", %{
420 "password" => "test",
421 "new_password" => "newpass",
422 "new_password_confirmation" => "notnewpass"
425 assert json_response_and_validate_schema(conn, 200) == %{
426 "error" => "New password does not match confirmation."
430 test "with proper permissions, valid password and invalid new password", %{
435 |> put_req_header("content-type", "multipart/form-data")
436 |> post("/api/pleroma/change_password", %{
439 new_password_confirmation: ""
442 assert json_response_and_validate_schema(conn, 200) == %{
443 "error" => "New password can't be blank."
447 test "with proper permissions, valid password and matching new password and confirmation", %{
453 |> put_req_header("content-type", "multipart/form-data")
455 "/api/pleroma/change_password",
458 new_password: "newpass",
459 new_password_confirmation: "newpass"
463 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
464 fetched_user = User.get_cached_by_id(user.id)
465 assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
469 describe "POST /api/pleroma/delete_account" do
470 setup do: oauth_access(["write:accounts"])
472 test "without permissions", %{conn: conn} do
475 |> assign(:token, nil)
476 |> post("/api/pleroma/delete_account")
478 assert json_response_and_validate_schema(conn, 403) ==
479 %{"error" => "Insufficient permissions: write:accounts."}
482 test "with proper permissions and wrong or missing password", %{conn: conn} do
483 for params <- [%{"password" => "hi"}, %{}] do
484 ret_conn = post(conn, "/api/pleroma/delete_account", params)
486 assert json_response_and_validate_schema(ret_conn, 200) == %{
487 "error" => "Invalid password."
492 test "with proper permissions and valid password", %{conn: conn, user: user} do
493 conn = post(conn, "/api/pleroma/delete_account?password=test")
494 ObanHelpers.perform_all()
495 assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
497 user = User.get_by_id(user.id)
498 refute user.is_active
499 assert user.name == nil
500 assert user.bio == ""
501 assert user.password_hash == nil