1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
11 alias Pleroma.Web.ActivityPub.ActivityPub
12 alias Pleroma.Web.ActivityPub.InternalFetchActor
13 alias Pleroma.Web.ApiSpec
14 alias Pleroma.Web.CommonAPI
15 alias Pleroma.Web.OAuth.Token
17 import OpenApiSpex.TestAssertions
18 import Pleroma.Factory
20 describe "account fetching" do
21 setup do: clear_config([:instance, :limit_to_local_content])
28 |> get("/api/v1/accounts/#{user.id}")
30 assert %{"id" => id} = json_response(conn, 200)
31 assert id == to_string(user.id)
35 |> get("/api/v1/accounts/-1")
37 assert %{"error" => "Can't find user"} = json_response(conn, 404)
40 test "works by nickname" do
45 |> get("/api/v1/accounts/#{user.nickname}")
47 assert %{"id" => id} = json_response(conn, 200)
51 test "works by nickname for remote users" do
52 Config.put([:instance, :limit_to_local_content], false)
53 user = insert(:user, nickname: "user@example.com", local: false)
57 |> get("/api/v1/accounts/#{user.nickname}")
59 assert %{"id" => id} = json_response(conn, 200)
63 test "respects limit_to_local_content == :all for remote user nicknames" do
64 Config.put([:instance, :limit_to_local_content], :all)
66 user = insert(:user, nickname: "user@example.com", local: false)
70 |> get("/api/v1/accounts/#{user.nickname}")
72 assert json_response(conn, 404)
75 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
76 Config.put([:instance, :limit_to_local_content], :unauthenticated)
78 user = insert(:user, nickname: "user@example.com", local: false)
79 reading_user = insert(:user)
83 |> get("/api/v1/accounts/#{user.nickname}")
85 assert json_response(conn, 404)
89 |> assign(:user, reading_user)
90 |> assign(:token, insert(:oauth_token, user: reading_user, scopes: ["read:accounts"]))
91 |> get("/api/v1/accounts/#{user.nickname}")
93 assert %{"id" => id} = json_response(conn, 200)
97 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
98 # Need to set an old-style integer ID to reproduce the problem
99 # (these are no longer assigned to new accounts but were preserved
100 # for existing accounts during the migration to flakeIDs)
101 user_one = insert(:user, %{id: 1212})
102 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
106 |> get("/api/v1/accounts/#{user_one.id}")
110 |> get("/api/v1/accounts/#{user_two.nickname}")
114 |> get("/api/v1/accounts/#{user_two.id}")
116 acc_one = json_response(resp_one, 200)
117 acc_two = json_response(resp_two, 200)
118 acc_three = json_response(resp_three, 200)
119 refute acc_one == acc_two
120 assert acc_two == acc_three
123 test "returns 404 when user is invisible", %{conn: conn} do
124 user = insert(:user, %{invisible: true})
128 |> get("/api/v1/accounts/#{user.nickname}")
129 |> json_response(404)
131 assert %{"error" => "Can't find user"} = resp
134 test "returns 404 for internal.fetch actor", %{conn: conn} do
135 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
139 |> get("/api/v1/accounts/internal.fetch")
140 |> json_response(404)
142 assert %{"error" => "Can't find user"} = resp
146 defp local_and_remote_users do
147 local = insert(:user)
148 remote = insert(:user, local: false)
149 {:ok, local: local, remote: remote}
152 describe "user fetching with restrict unauthenticated profiles for local and remote" do
153 setup do: local_and_remote_users()
155 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
157 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
159 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
160 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
162 assert json_response(res_conn, :not_found) == %{
163 "error" => "Can't find user"
166 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
168 assert json_response(res_conn, :not_found) == %{
169 "error" => "Can't find user"
173 test "if user is authenticated", %{local: local, remote: remote} do
174 %{conn: conn} = oauth_access(["read"])
176 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
177 assert %{"id" => _} = json_response(res_conn, 200)
179 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
180 assert %{"id" => _} = json_response(res_conn, 200)
184 describe "user fetching with restrict unauthenticated profiles for local" do
185 setup do: local_and_remote_users()
187 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
189 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
190 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
192 assert json_response(res_conn, :not_found) == %{
193 "error" => "Can't find user"
196 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
197 assert %{"id" => _} = json_response(res_conn, 200)
200 test "if user is authenticated", %{local: local, remote: remote} do
201 %{conn: conn} = oauth_access(["read"])
203 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
204 assert %{"id" => _} = json_response(res_conn, 200)
206 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
207 assert %{"id" => _} = json_response(res_conn, 200)
211 describe "user fetching with restrict unauthenticated profiles for remote" do
212 setup do: local_and_remote_users()
214 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
216 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
217 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
218 assert %{"id" => _} = json_response(res_conn, 200)
220 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
222 assert json_response(res_conn, :not_found) == %{
223 "error" => "Can't find user"
227 test "if user is authenticated", %{local: local, remote: remote} do
228 %{conn: conn} = oauth_access(["read"])
230 res_conn = get(conn, "/api/v1/accounts/#{local.id}")
231 assert %{"id" => _} = json_response(res_conn, 200)
233 res_conn = get(conn, "/api/v1/accounts/#{remote.id}")
234 assert %{"id" => _} = json_response(res_conn, 200)
238 describe "user timelines" do
239 setup do: oauth_access(["read:statuses"])
241 test "respects blocks", %{user: user_one, conn: conn} do
242 user_two = insert(:user)
243 user_three = insert(:user)
245 User.block(user_one, user_two)
247 {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
248 {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
250 assert resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses") |> json_response(200)
251 assert [%{"id" => id}] = resp
252 assert_schema(resp, "StatusesResponse", ApiSpec.spec())
253 assert id == activity.id
255 # Even a blocked user will deliver the full user timeline, there would be
256 # no point in looking at a blocked users timeline otherwise
257 assert resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses") |> json_response(200)
258 assert [%{"id" => id}] = resp
259 assert id == activity.id
260 assert_schema(resp, "StatusesResponse", ApiSpec.spec())
262 # Third user's timeline includes the repeat when viewed by unauthenticated user
263 resp = get(build_conn(), "/api/v1/accounts/#{user_three.id}/statuses") |> json_response(200)
264 assert [%{"id" => id}] = resp
265 assert id == repeat.id
266 assert_schema(resp, "StatusesResponse", ApiSpec.spec())
268 # When viewing a third user's timeline, the blocked users' statuses will NOT be shown
269 resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses")
271 assert [] = json_response(resp, 200)
274 test "gets users statuses", %{conn: conn} do
275 user_one = insert(:user)
276 user_two = insert(:user)
277 user_three = insert(:user)
279 {:ok, _user_three} = User.follow(user_three, user_one)
281 {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
283 {:ok, direct_activity} =
284 CommonAPI.post(user_one, %{
285 "status" => "Hi, @#{user_two.nickname}.",
286 "visibility" => "direct"
289 {:ok, private_activity} =
290 CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
292 resp = get(conn, "/api/v1/accounts/#{user_one.id}/statuses") |> json_response(200)
293 assert [%{"id" => id}] = resp
294 assert id == to_string(activity.id)
295 assert_schema(resp, "StatusesResponse", ApiSpec.spec())
299 |> assign(:user, user_two)
300 |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
301 |> get("/api/v1/accounts/#{user_one.id}/statuses")
302 |> json_response(200)
304 assert [%{"id" => id_one}, %{"id" => id_two}] = resp
305 assert id_one == to_string(direct_activity.id)
306 assert id_two == to_string(activity.id)
307 assert_schema(resp, "StatusesResponse", ApiSpec.spec())
311 |> assign(:user, user_three)
312 |> assign(:token, insert(:oauth_token, user: user_three, scopes: ["read:statuses"]))
313 |> get("/api/v1/accounts/#{user_one.id}/statuses")
314 |> json_response(200)
316 assert [%{"id" => id_one}, %{"id" => id_two}] = resp
317 assert id_one == to_string(private_activity.id)
318 assert id_two == to_string(activity.id)
319 assert_schema(resp, "StatusesResponse", ApiSpec.spec())
322 test "unimplemented pinned statuses feature", %{conn: conn} do
323 note = insert(:note_activity)
324 user = User.get_cached_by_ap_id(note.data["actor"])
326 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?pinned=true")
328 assert json_response(conn, 200) == []
331 test "gets an users media", %{conn: conn} do
332 note = insert(:note_activity)
333 user = User.get_cached_by_ap_id(note.data["actor"])
336 content_type: "image/jpg",
337 path: Path.absname("test/fixtures/image.jpg"),
338 filename: "an_image.jpg"
341 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
343 {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
345 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?only_media=true")
347 assert [%{"id" => id}] = json_response(conn, 200)
348 assert id == to_string(image_post.id)
349 assert_schema(json_response(conn, 200), "StatusesResponse", ApiSpec.spec())
351 conn = get(build_conn(), "/api/v1/accounts/#{user.id}/statuses?only_media=1")
353 assert [%{"id" => id}] = json_response(conn, 200)
354 assert id == to_string(image_post.id)
355 assert_schema(json_response(conn, 200), "StatusesResponse", ApiSpec.spec())
358 test "gets a user's statuses without reblogs", %{user: user, conn: conn} do
359 {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
360 {:ok, _, _} = CommonAPI.repeat(post.id, user)
362 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=true")
364 assert [%{"id" => id}] = json_response(conn, 200)
365 assert id == to_string(post.id)
366 assert_schema(json_response(conn, 200), "StatusesResponse", ApiSpec.spec())
368 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=1")
370 assert [%{"id" => id}] = json_response(conn, 200)
371 assert id == to_string(post.id)
372 assert_schema(json_response(conn, 200), "StatusesResponse", ApiSpec.spec())
375 test "filters user's statuses by a hashtag", %{user: user, conn: conn} do
376 {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
377 {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
379 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?tagged=hashtag")
381 assert [%{"id" => id}] = json_response(conn, 200)
382 assert id == to_string(post.id)
383 assert_schema(json_response(conn, 200), "StatusesResponse", ApiSpec.spec())
386 test "the user views their own timelines and excludes direct messages", %{
390 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
391 {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
393 conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_visibilities[]=direct")
395 assert [%{"id" => id}] = json_response(conn, 200)
396 assert id == to_string(public_activity.id)
397 assert_schema(json_response(conn, 200), "StatusesResponse", ApiSpec.spec())
401 defp local_and_remote_activities(%{local: local, remote: remote}) do
402 insert(:note_activity, user: local)
403 insert(:note_activity, user: remote, local: false)
408 describe "statuses with restrict unauthenticated profiles for local and remote" do
409 setup do: local_and_remote_users()
410 setup :local_and_remote_activities
412 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
414 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
416 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
417 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
419 assert json_response(res_conn, :not_found) == %{
420 "error" => "Can't find user"
423 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
425 assert json_response(res_conn, :not_found) == %{
426 "error" => "Can't find user"
430 test "if user is authenticated", %{local: local, remote: remote} do
431 %{conn: conn} = oauth_access(["read"])
433 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
434 assert length(json_response(res_conn, 200)) == 1
435 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
437 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
438 assert length(json_response(res_conn, 200)) == 1
439 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
443 describe "statuses with restrict unauthenticated profiles for local" do
444 setup do: local_and_remote_users()
445 setup :local_and_remote_activities
447 setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true)
449 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
450 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
452 assert json_response(res_conn, :not_found) == %{
453 "error" => "Can't find user"
456 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
457 assert length(json_response(res_conn, 200)) == 1
458 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
461 test "if user is authenticated", %{local: local, remote: remote} do
462 %{conn: conn} = oauth_access(["read"])
464 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
465 assert length(json_response(res_conn, 200)) == 1
466 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
468 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
469 assert length(json_response(res_conn, 200)) == 1
470 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
474 describe "statuses with restrict unauthenticated profiles for remote" do
475 setup do: local_and_remote_users()
476 setup :local_and_remote_activities
478 setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true)
480 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
481 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
482 assert length(json_response(res_conn, 200)) == 1
483 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
485 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
487 assert json_response(res_conn, :not_found) == %{
488 "error" => "Can't find user"
492 test "if user is authenticated", %{local: local, remote: remote} do
493 %{conn: conn} = oauth_access(["read"])
495 res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses")
496 assert length(json_response(res_conn, 200)) == 1
497 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
499 res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses")
500 assert length(json_response(res_conn, 200)) == 1
501 assert_schema(json_response(res_conn, 200), "StatusesResponse", ApiSpec.spec())
505 describe "followers" do
506 setup do: oauth_access(["read:accounts"])
508 test "getting followers", %{user: user, conn: conn} do
509 other_user = insert(:user)
510 {:ok, user} = User.follow(user, other_user)
512 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
514 assert [%{"id" => id}] = json_response(conn, 200)
515 assert id == to_string(user.id)
516 assert_schema(json_response(conn, 200), "AccountsResponse", ApiSpec.spec())
519 test "getting followers, hide_followers", %{user: user, conn: conn} do
520 other_user = insert(:user, hide_followers: true)
521 {:ok, _user} = User.follow(user, other_user)
523 conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
525 assert [] == json_response(conn, 200)
528 test "getting followers, hide_followers, same user requesting" do
530 other_user = insert(:user, hide_followers: true)
531 {:ok, _user} = User.follow(user, other_user)
535 |> assign(:user, other_user)
536 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
537 |> get("/api/v1/accounts/#{other_user.id}/followers")
539 refute [] == json_response(conn, 200)
540 assert_schema(json_response(conn, 200), "AccountsResponse", ApiSpec.spec())
543 test "getting followers, pagination", %{user: user, conn: conn} do
544 follower1 = insert(:user)
545 follower2 = insert(:user)
546 follower3 = insert(:user)
547 {:ok, _} = User.follow(follower1, user)
548 {:ok, _} = User.follow(follower2, user)
549 {:ok, _} = User.follow(follower3, user)
551 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
553 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
554 assert id3 == follower3.id
555 assert id2 == follower2.id
556 assert_schema(json_response(res_conn, 200), "AccountsResponse", ApiSpec.spec())
558 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
560 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
561 assert id2 == follower2.id
562 assert id1 == follower1.id
564 res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
566 assert [%{"id" => id2}] = json_response(res_conn, 200)
567 assert id2 == follower2.id
569 assert [link_header] = get_resp_header(res_conn, "link")
570 assert link_header =~ ~r/min_id=#{follower2.id}/
571 assert link_header =~ ~r/max_id=#{follower2.id}/
572 assert_schema(json_response(res_conn, 200), "AccountsResponse", ApiSpec.spec())
576 describe "following" do
577 setup do: oauth_access(["read:accounts"])
579 test "getting following", %{user: user, conn: conn} do
580 other_user = insert(:user)
581 {:ok, user} = User.follow(user, other_user)
583 conn = get(conn, "/api/v1/accounts/#{user.id}/following")
585 assert [%{"id" => id}] = json_response(conn, 200)
586 assert id == to_string(other_user.id)
587 assert_schema(json_response(conn, 200), "AccountsResponse", ApiSpec.spec())
590 test "getting following, hide_follows, other user requesting" do
591 user = insert(:user, hide_follows: true)
592 other_user = insert(:user)
593 {:ok, user} = User.follow(user, other_user)
597 |> assign(:user, other_user)
598 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
599 |> get("/api/v1/accounts/#{user.id}/following")
601 assert [] == json_response(conn, 200)
602 assert_schema(json_response(conn, 200), "AccountsResponse", ApiSpec.spec())
605 test "getting following, hide_follows, same user requesting" do
606 user = insert(:user, hide_follows: true)
607 other_user = insert(:user)
608 {:ok, user} = User.follow(user, other_user)
612 |> assign(:user, user)
613 |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:accounts"]))
614 |> get("/api/v1/accounts/#{user.id}/following")
616 refute [] == json_response(conn, 200)
619 test "getting following, pagination", %{user: user, conn: conn} do
620 following1 = insert(:user)
621 following2 = insert(:user)
622 following3 = insert(:user)
623 {:ok, _} = User.follow(user, following1)
624 {:ok, _} = User.follow(user, following2)
625 {:ok, _} = User.follow(user, following3)
627 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
629 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
630 assert id3 == following3.id
631 assert id2 == following2.id
632 assert_schema(json_response(res_conn, 200), "AccountsResponse", ApiSpec.spec())
634 res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
636 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
637 assert id2 == following2.id
638 assert id1 == following1.id
639 assert_schema(json_response(res_conn, 200), "AccountsResponse", ApiSpec.spec())
642 get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
644 assert [%{"id" => id2}] = json_response(res_conn, 200)
645 assert id2 == following2.id
647 assert [link_header] = get_resp_header(res_conn, "link")
648 assert link_header =~ ~r/min_id=#{following2.id}/
649 assert link_header =~ ~r/max_id=#{following2.id}/
650 assert_schema(json_response(res_conn, 200), "AccountsResponse", ApiSpec.spec())
654 describe "follow/unfollow" do
655 setup do: oauth_access(["follow"])
657 test "following / unfollowing a user", %{conn: conn} do
658 other_user = insert(:user)
660 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/follow")
662 assert %{"id" => _id, "following" => true} = json_response(ret_conn, 200)
663 assert_schema(json_response(ret_conn, 200), "AccountRelationship", ApiSpec.spec())
665 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/unfollow")
667 assert %{"id" => _id, "following" => false} = json_response(ret_conn, 200)
668 assert_schema(json_response(ret_conn, 200), "AccountRelationship", ApiSpec.spec())
670 conn = post(conn, "/api/v1/follows", %{"uri" => other_user.nickname})
672 assert %{"id" => id} = json_response(conn, 200)
673 assert id == to_string(other_user.id)
674 assert_schema(json_response(conn, 200), "AccountRelationship", ApiSpec.spec())
677 test "cancelling follow request", %{conn: conn} do
678 %{id: other_user_id} = insert(:user, %{locked: true})
680 resp = conn |> post("/api/v1/accounts/#{other_user_id}/follow") |> json_response(:ok)
682 assert %{"id" => ^other_user_id, "following" => false, "requested" => true} = resp
683 assert_schema(resp, "AccountRelationship", ApiSpec.spec())
685 resp = conn |> post("/api/v1/accounts/#{other_user_id}/unfollow") |> json_response(:ok)
687 assert %{"id" => ^other_user_id, "following" => false, "requested" => false} = resp
688 assert_schema(resp, "AccountRelationship", ApiSpec.spec())
691 test "following without reblogs" do
692 %{conn: conn} = oauth_access(["follow", "read:statuses"])
693 followed = insert(:user)
694 other_user = insert(:user)
696 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=false")
698 assert %{"showing_reblogs" => false} = json_response(ret_conn, 200)
699 assert_schema(json_response(ret_conn, 200), "AccountRelationship", ApiSpec.spec())
701 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
702 {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
704 ret_conn = get(conn, "/api/v1/timelines/home")
706 assert [] == json_response(ret_conn, 200)
708 ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=true")
710 assert %{"showing_reblogs" => true} = json_response(ret_conn, 200)
711 assert_schema(json_response(ret_conn, 200), "AccountRelationship", ApiSpec.spec())
713 conn = get(conn, "/api/v1/timelines/home")
715 expected_activity_id = reblog.id
716 assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
719 test "following / unfollowing errors", %{user: user, conn: conn} do
721 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
722 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
725 user = User.get_cached_by_id(user.id)
726 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
727 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
729 # self follow via uri
730 user = User.get_cached_by_id(user.id)
731 conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
732 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
734 # follow non existing user
735 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
736 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
738 # follow non existing user via uri
739 conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
740 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
742 # unfollow non existing user
743 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
744 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
748 describe "mute/unmute" do
749 setup do: oauth_access(["write:mutes"])
751 test "with notifications", %{conn: conn} do
752 other_user = insert(:user)
756 |> put_req_header("content-type", "application/json")
757 |> post("/api/v1/accounts/#{other_user.id}/mute")
759 response = json_response(ret_conn, 200)
761 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
762 assert_schema(response, "AccountRelationship", ApiSpec.spec())
764 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
766 response = json_response(conn, 200)
767 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
768 assert_schema(response, "AccountRelationship", ApiSpec.spec())
771 test "without notifications", %{conn: conn} do
772 other_user = insert(:user)
776 |> put_req_header("content-type", "multipart/form-data")
777 |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
779 response = json_response(ret_conn, 200)
781 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
782 assert_schema(response, "AccountRelationship", ApiSpec.spec())
784 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
786 response = json_response(conn, 200)
787 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
788 assert_schema(response, "AccountRelationship", ApiSpec.spec())
792 describe "pinned statuses" do
795 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
796 %{conn: conn} = oauth_access(["read:statuses"], user: user)
798 [conn: conn, user: user, activity: activity]
801 test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
802 {:ok, _} = CommonAPI.pin(activity.id, user)
806 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
807 |> json_response(200)
809 id_str = to_string(activity.id)
811 assert [%{"id" => ^id_str, "pinned" => true}] = result
815 test "blocking / unblocking a user" do
816 %{conn: conn} = oauth_access(["follow"])
817 other_user = insert(:user)
819 ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/block")
821 assert %{"id" => _id, "blocking" => true} = json_response(ret_conn, 200)
822 assert_schema(json_response(ret_conn, 200), "AccountRelationship", ApiSpec.spec())
824 conn = post(conn, "/api/v1/accounts/#{other_user.id}/unblock")
826 assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
827 assert_schema(json_response(ret_conn, 200), "AccountRelationship", ApiSpec.spec())
830 describe "create account by app" do
834 email: "lain@example.org",
835 password: "PlzDontHackLain",
839 [valid_params: valid_params]
842 setup do: clear_config([:instance, :account_activation_required])
844 test "Account registration via Application", %{conn: conn} do
847 |> put_req_header("content-type", "application/json")
848 |> post("/api/v1/apps", %{
849 client_name: "client_name",
850 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
851 scopes: "read, write, follow"
855 "client_id" => client_id,
856 "client_secret" => client_secret,
858 "name" => "client_name",
859 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
862 } = json_response(conn, 200)
865 post(conn, "/oauth/token", %{
866 grant_type: "client_credentials",
867 client_id: client_id,
868 client_secret: client_secret
871 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
872 json_response(conn, 200)
875 token_from_db = Repo.get_by(Token, token: token)
878 assert scope == "read write follow"
882 |> put_req_header("content-type", "multipart/form-data")
883 |> put_req_header("authorization", "Bearer " <> token)
884 |> post("/api/v1/accounts", %{
886 email: "lain@example.org",
887 password: "PlzDontHackLain",
893 "access_token" => token,
894 "created_at" => _created_at,
896 "token_type" => "Bearer"
897 } = json_response(conn, 200)
899 token_from_db = Repo.get_by(Token, token: token)
901 token_from_db = Repo.preload(token_from_db, :user)
902 assert token_from_db.user
904 assert token_from_db.user.confirmation_pending
907 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
908 _user = insert(:user, email: "lain@example.org")
909 app_token = insert(:oauth_token, user: nil)
913 |> put_req_header("authorization", "Bearer " <> app_token.token)
914 |> put_req_header("content-type", "application/json")
915 |> post("/api/v1/accounts", valid_params)
917 assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
920 test "returns bad_request if missing required params", %{
922 valid_params: valid_params
924 app_token = insert(:oauth_token, user: nil)
928 |> put_req_header("authorization", "Bearer " <> app_token.token)
929 |> put_req_header("content-type", "application/json")
931 res = post(conn, "/api/v1/accounts", valid_params)
932 assert json_response(res, 200)
934 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
935 |> Stream.zip(Map.delete(valid_params, :email))
936 |> Enum.each(fn {ip, {attr, _}} ->
939 |> Map.put(:remote_ip, ip)
940 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
941 |> json_response(400)
943 assert res == %{"error" => "Missing parameters"}
947 setup do: clear_config([:instance, :account_activation_required])
949 test "returns bad_request if missing email params when :account_activation_required is enabled",
950 %{conn: conn, valid_params: valid_params} do
951 Pleroma.Config.put([:instance, :account_activation_required], true)
953 app_token = insert(:oauth_token, user: nil)
957 |> put_req_header("authorization", "Bearer " <> app_token.token)
958 |> put_req_header("content-type", "application/json")
962 |> Map.put(:remote_ip, {127, 0, 0, 5})
963 |> post("/api/v1/accounts", Map.delete(valid_params, :email))
965 assert json_response(res, 400) == %{"error" => "Missing parameters"}
969 |> Map.put(:remote_ip, {127, 0, 0, 6})
970 |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
972 assert json_response(res, 400) == %{"error" => "{\"email\":[\"can't be blank\"]}"}
975 test "allow registration without an email", %{conn: conn, valid_params: valid_params} do
976 app_token = insert(:oauth_token, user: nil)
977 conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
981 |> put_req_header("content-type", "application/json")
982 |> Map.put(:remote_ip, {127, 0, 0, 7})
983 |> post("/api/v1/accounts", Map.delete(valid_params, :email))
985 assert json_response(res, 200)
988 test "allow registration with an empty email", %{conn: conn, valid_params: valid_params} do
989 app_token = insert(:oauth_token, user: nil)
990 conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
994 |> put_req_header("content-type", "application/json")
995 |> Map.put(:remote_ip, {127, 0, 0, 8})
996 |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
998 assert json_response(res, 200)
1001 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
1004 |> put_req_header("authorization", "Bearer " <> "invalid-token")
1005 |> put_req_header("content-type", "multipart/form-data")
1006 |> post("/api/v1/accounts", valid_params)
1008 assert json_response(res, 403) == %{"error" => "Invalid credentials"}
1012 describe "create account by app / rate limit" do
1013 setup do: clear_config([:rate_limit, :app_account_creation], {10_000, 2})
1015 test "respects rate limit setting", %{conn: conn} do
1016 app_token = insert(:oauth_token, user: nil)
1020 |> put_req_header("authorization", "Bearer " <> app_token.token)
1021 |> Map.put(:remote_ip, {15, 15, 15, 15})
1022 |> put_req_header("content-type", "multipart/form-data")
1027 |> post("/api/v1/accounts", %{
1028 username: "#{i}lain",
1029 email: "#{i}lain@example.org",
1030 password: "PlzDontHackLain",
1035 "access_token" => token,
1036 "created_at" => _created_at,
1038 "token_type" => "Bearer"
1039 } = json_response(conn, 200)
1041 token_from_db = Repo.get_by(Token, token: token)
1042 assert token_from_db
1043 token_from_db = Repo.preload(token_from_db, :user)
1044 assert token_from_db.user
1046 assert token_from_db.user.confirmation_pending
1050 post(conn, "/api/v1/accounts", %{
1052 email: "6lain@example.org",
1053 password: "PlzDontHackLain",
1057 assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
1061 describe "GET /api/v1/accounts/:id/lists - account_lists" do
1062 test "returns lists to which the account belongs" do
1063 %{user: user, conn: conn} = oauth_access(["read:lists"])
1064 other_user = insert(:user)
1065 assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
1066 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
1070 |> get("/api/v1/accounts/#{other_user.id}/lists")
1071 |> json_response(200)
1073 assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
1074 assert_schema(res, "ListsResponse", ApiSpec.spec())
1078 describe "verify_credentials" do
1079 test "verify_credentials" do
1080 %{user: user, conn: conn} = oauth_access(["read:accounts"])
1081 conn = get(conn, "/api/v1/accounts/verify_credentials")
1083 response = json_response(conn, 200)
1085 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
1086 assert response["pleroma"]["chat_token"]
1087 assert id == to_string(user.id)
1090 test "verify_credentials default scope unlisted" do
1091 user = insert(:user, default_scope: "unlisted")
1092 %{conn: conn} = oauth_access(["read:accounts"], user: user)
1094 conn = get(conn, "/api/v1/accounts/verify_credentials")
1096 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
1097 assert id == to_string(user.id)
1100 test "locked accounts" do
1101 user = insert(:user, default_scope: "private")
1102 %{conn: conn} = oauth_access(["read:accounts"], user: user)
1104 conn = get(conn, "/api/v1/accounts/verify_credentials")
1106 assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
1107 assert id == to_string(user.id)
1111 describe "user relationships" do
1112 setup do: oauth_access(["read:follows"])
1114 test "returns the relationships for the current user", %{user: user, conn: conn} do
1115 %{id: other_user_id} = other_user = insert(:user)
1116 {:ok, _user} = User.follow(user, other_user)
1118 assert [%{"id" => ^other_user_id}] =
1120 |> get("/api/v1/accounts/relationships?id=#{other_user.id}")
1121 |> json_response(200)
1123 assert [%{"id" => ^other_user_id}] =
1125 |> get("/api/v1/accounts/relationships?id[]=#{other_user.id}")
1126 |> json_response(200)
1129 test "returns an empty list on a bad request", %{conn: conn} do
1130 conn = get(conn, "/api/v1/accounts/relationships", %{})
1132 assert [] = json_response(conn, 200)
1136 test "getting a list of mutes" do
1137 %{user: user, conn: conn} = oauth_access(["read:mutes"])
1138 other_user = insert(:user)
1140 {:ok, _user_relationships} = User.mute(user, other_user)
1142 conn = get(conn, "/api/v1/mutes")
1144 other_user_id = to_string(other_user.id)
1145 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
1148 test "getting a list of blocks" do
1149 %{user: user, conn: conn} = oauth_access(["read:blocks"])
1150 other_user = insert(:user)
1152 {:ok, _user_relationship} = User.block(user, other_user)
1156 |> assign(:user, user)
1157 |> get("/api/v1/blocks")
1159 other_user_id = to_string(other_user.id)
1160 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)