Merge remote-tracking branch 'remotes/upstream/develop' into 1335-user-api-id-fields...
[akkoma] / test / web / mastodon_api / controllers / account_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
7
8 alias Pleroma.Repo
9 alias Pleroma.User
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.ActivityPub.InternalFetchActor
12 alias Pleroma.Web.CommonAPI
13 alias Pleroma.Web.OAuth.Token
14
15 import Pleroma.Factory
16
17 describe "account fetching" do
18 test "works by id" do
19 user = insert(:user)
20
21 conn =
22 build_conn()
23 |> get("/api/v1/accounts/#{user.id}")
24
25 assert %{"id" => id} = json_response(conn, 200)
26 assert id == to_string(user.id)
27
28 conn =
29 build_conn()
30 |> get("/api/v1/accounts/-1")
31
32 assert %{"error" => "Can't find user"} = json_response(conn, 404)
33 end
34
35 test "works by nickname" do
36 user = insert(:user)
37
38 conn =
39 build_conn()
40 |> get("/api/v1/accounts/#{user.nickname}")
41
42 assert %{"id" => id} = json_response(conn, 200)
43 assert id == user.id
44 end
45
46 test "works by nickname for remote users" do
47 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
48 Pleroma.Config.put([:instance, :limit_to_local_content], false)
49 user = insert(:user, nickname: "user@example.com", local: false)
50
51 conn =
52 build_conn()
53 |> get("/api/v1/accounts/#{user.nickname}")
54
55 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
56 assert %{"id" => id} = json_response(conn, 200)
57 assert id == user.id
58 end
59
60 test "respects limit_to_local_content == :all for remote user nicknames" do
61 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
62 Pleroma.Config.put([:instance, :limit_to_local_content], :all)
63
64 user = insert(:user, nickname: "user@example.com", local: false)
65
66 conn =
67 build_conn()
68 |> get("/api/v1/accounts/#{user.nickname}")
69
70 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
71 assert json_response(conn, 404)
72 end
73
74 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
75 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
76 Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
77
78 user = insert(:user, nickname: "user@example.com", local: false)
79 reading_user = insert(:user)
80
81 conn =
82 build_conn()
83 |> get("/api/v1/accounts/#{user.nickname}")
84
85 assert json_response(conn, 404)
86
87 conn =
88 build_conn()
89 |> assign(:user, reading_user)
90 |> get("/api/v1/accounts/#{user.nickname}")
91
92 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
93 assert %{"id" => id} = json_response(conn, 200)
94 assert id == user.id
95 end
96
97 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
98 # Need to set an old-style integer ID to reproduce the problem
99 # (these are no longer assigned to new accounts but were preserved
100 # for existing accounts during the migration to flakeIDs)
101 user_one = insert(:user, %{id: 1212})
102 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
103
104 resp_one =
105 conn
106 |> get("/api/v1/accounts/#{user_one.id}")
107
108 resp_two =
109 conn
110 |> get("/api/v1/accounts/#{user_two.nickname}")
111
112 resp_three =
113 conn
114 |> get("/api/v1/accounts/#{user_two.id}")
115
116 acc_one = json_response(resp_one, 200)
117 acc_two = json_response(resp_two, 200)
118 acc_three = json_response(resp_three, 200)
119 refute acc_one == acc_two
120 assert acc_two == acc_three
121 end
122
123 test "returns 404 when user is invisible", %{conn: conn} do
124 user = insert(:user, %{invisible: true})
125
126 resp =
127 conn
128 |> get("/api/v1/accounts/#{user.nickname}")
129 |> json_response(404)
130
131 assert %{"error" => "Can't find user"} = resp
132 end
133
134 test "returns 404 for internal.fetch actor", %{conn: conn} do
135 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
136
137 resp =
138 conn
139 |> get("/api/v1/accounts/internal.fetch")
140 |> json_response(404)
141
142 assert %{"error" => "Can't find user"} = resp
143 end
144 end
145
146 describe "user timelines" do
147 test "gets a users statuses", %{conn: conn} do
148 user_one = insert(:user)
149 user_two = insert(:user)
150 user_three = insert(:user)
151
152 {:ok, user_three} = User.follow(user_three, user_one)
153
154 {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
155
156 {:ok, direct_activity} =
157 CommonAPI.post(user_one, %{
158 "status" => "Hi, @#{user_two.nickname}.",
159 "visibility" => "direct"
160 })
161
162 {:ok, private_activity} =
163 CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
164
165 resp =
166 conn
167 |> get("/api/v1/accounts/#{user_one.id}/statuses")
168
169 assert [%{"id" => id}] = json_response(resp, 200)
170 assert id == to_string(activity.id)
171
172 resp =
173 conn
174 |> assign(:user, user_two)
175 |> get("/api/v1/accounts/#{user_one.id}/statuses")
176
177 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
178 assert id_one == to_string(direct_activity.id)
179 assert id_two == to_string(activity.id)
180
181 resp =
182 conn
183 |> assign(:user, user_three)
184 |> get("/api/v1/accounts/#{user_one.id}/statuses")
185
186 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
187 assert id_one == to_string(private_activity.id)
188 assert id_two == to_string(activity.id)
189 end
190
191 test "unimplemented pinned statuses feature", %{conn: conn} do
192 note = insert(:note_activity)
193 user = User.get_cached_by_ap_id(note.data["actor"])
194
195 conn =
196 conn
197 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
198
199 assert json_response(conn, 200) == []
200 end
201
202 test "gets an users media", %{conn: conn} do
203 note = insert(:note_activity)
204 user = User.get_cached_by_ap_id(note.data["actor"])
205
206 file = %Plug.Upload{
207 content_type: "image/jpg",
208 path: Path.absname("test/fixtures/image.jpg"),
209 filename: "an_image.jpg"
210 }
211
212 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
213
214 {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
215
216 conn =
217 conn
218 |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
219
220 assert [%{"id" => id}] = json_response(conn, 200)
221 assert id == to_string(image_post.id)
222
223 conn =
224 build_conn()
225 |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
226
227 assert [%{"id" => id}] = json_response(conn, 200)
228 assert id == to_string(image_post.id)
229 end
230
231 test "gets a user's statuses without reblogs", %{conn: conn} do
232 user = insert(:user)
233 {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
234 {:ok, _, _} = CommonAPI.repeat(post.id, user)
235
236 conn =
237 conn
238 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
239
240 assert [%{"id" => id}] = json_response(conn, 200)
241 assert id == to_string(post.id)
242
243 conn =
244 conn
245 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
246
247 assert [%{"id" => id}] = json_response(conn, 200)
248 assert id == to_string(post.id)
249 end
250
251 test "filters user's statuses by a hashtag", %{conn: conn} do
252 user = insert(:user)
253 {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
254 {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
255
256 conn =
257 conn
258 |> get("/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
259
260 assert [%{"id" => id}] = json_response(conn, 200)
261 assert id == to_string(post.id)
262 end
263
264 test "the user views their own timelines and excludes direct messages", %{conn: conn} do
265 user = insert(:user)
266 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
267 {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
268
269 conn =
270 conn
271 |> assign(:user, user)
272 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
273
274 assert [%{"id" => id}] = json_response(conn, 200)
275 assert id == to_string(public_activity.id)
276 end
277 end
278
279 describe "followers" do
280 test "getting followers", %{conn: conn} do
281 user = insert(:user)
282 other_user = insert(:user)
283 {:ok, user} = User.follow(user, other_user)
284
285 conn =
286 conn
287 |> get("/api/v1/accounts/#{other_user.id}/followers")
288
289 assert [%{"id" => id}] = json_response(conn, 200)
290 assert id == to_string(user.id)
291 end
292
293 test "getting followers, hide_followers", %{conn: conn} do
294 user = insert(:user)
295 other_user = insert(:user, hide_followers: true)
296 {:ok, _user} = User.follow(user, other_user)
297
298 conn =
299 conn
300 |> get("/api/v1/accounts/#{other_user.id}/followers")
301
302 assert [] == json_response(conn, 200)
303 end
304
305 test "getting followers, hide_followers, same user requesting", %{conn: conn} do
306 user = insert(:user)
307 other_user = insert(:user, hide_followers: true)
308 {:ok, _user} = User.follow(user, other_user)
309
310 conn =
311 conn
312 |> assign(:user, other_user)
313 |> get("/api/v1/accounts/#{other_user.id}/followers")
314
315 refute [] == json_response(conn, 200)
316 end
317
318 test "getting followers, pagination", %{conn: conn} do
319 user = insert(:user)
320 follower1 = insert(:user)
321 follower2 = insert(:user)
322 follower3 = insert(:user)
323 {:ok, _} = User.follow(follower1, user)
324 {:ok, _} = User.follow(follower2, user)
325 {:ok, _} = User.follow(follower3, user)
326
327 conn =
328 conn
329 |> assign(:user, user)
330
331 res_conn =
332 conn
333 |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
334
335 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
336 assert id3 == follower3.id
337 assert id2 == follower2.id
338
339 res_conn =
340 conn
341 |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
342
343 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
344 assert id2 == follower2.id
345 assert id1 == follower1.id
346
347 res_conn =
348 conn
349 |> get("/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
350
351 assert [%{"id" => id2}] = json_response(res_conn, 200)
352 assert id2 == follower2.id
353
354 assert [link_header] = get_resp_header(res_conn, "link")
355 assert link_header =~ ~r/min_id=#{follower2.id}/
356 assert link_header =~ ~r/max_id=#{follower2.id}/
357 end
358 end
359
360 describe "following" do
361 test "getting following", %{conn: conn} do
362 user = insert(:user)
363 other_user = insert(:user)
364 {:ok, user} = User.follow(user, other_user)
365
366 conn =
367 conn
368 |> get("/api/v1/accounts/#{user.id}/following")
369
370 assert [%{"id" => id}] = json_response(conn, 200)
371 assert id == to_string(other_user.id)
372 end
373
374 test "getting following, hide_follows", %{conn: conn} do
375 user = insert(:user, hide_follows: true)
376 other_user = insert(:user)
377 {:ok, user} = User.follow(user, other_user)
378
379 conn =
380 conn
381 |> get("/api/v1/accounts/#{user.id}/following")
382
383 assert [] == json_response(conn, 200)
384 end
385
386 test "getting following, hide_follows, same user requesting", %{conn: conn} do
387 user = insert(:user, hide_follows: true)
388 other_user = insert(:user)
389 {:ok, user} = User.follow(user, other_user)
390
391 conn =
392 conn
393 |> assign(:user, user)
394 |> get("/api/v1/accounts/#{user.id}/following")
395
396 refute [] == json_response(conn, 200)
397 end
398
399 test "getting following, pagination", %{conn: conn} do
400 user = insert(:user)
401 following1 = insert(:user)
402 following2 = insert(:user)
403 following3 = insert(:user)
404 {:ok, _} = User.follow(user, following1)
405 {:ok, _} = User.follow(user, following2)
406 {:ok, _} = User.follow(user, following3)
407
408 conn =
409 conn
410 |> assign(:user, user)
411
412 res_conn =
413 conn
414 |> get("/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
415
416 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
417 assert id3 == following3.id
418 assert id2 == following2.id
419
420 res_conn =
421 conn
422 |> get("/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
423
424 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
425 assert id2 == following2.id
426 assert id1 == following1.id
427
428 res_conn =
429 conn
430 |> get("/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
431
432 assert [%{"id" => id2}] = json_response(res_conn, 200)
433 assert id2 == following2.id
434
435 assert [link_header] = get_resp_header(res_conn, "link")
436 assert link_header =~ ~r/min_id=#{following2.id}/
437 assert link_header =~ ~r/max_id=#{following2.id}/
438 end
439 end
440
441 describe "follow/unfollow" do
442 test "following / unfollowing a user", %{conn: conn} do
443 user = insert(:user)
444 other_user = insert(:user)
445
446 conn =
447 conn
448 |> assign(:user, user)
449 |> post("/api/v1/accounts/#{other_user.id}/follow")
450
451 assert %{"id" => _id, "following" => true} = json_response(conn, 200)
452
453 user = User.get_cached_by_id(user.id)
454
455 conn =
456 build_conn()
457 |> assign(:user, user)
458 |> post("/api/v1/accounts/#{other_user.id}/unfollow")
459
460 assert %{"id" => _id, "following" => false} = json_response(conn, 200)
461
462 user = User.get_cached_by_id(user.id)
463
464 conn =
465 build_conn()
466 |> assign(:user, user)
467 |> post("/api/v1/follows", %{"uri" => other_user.nickname})
468
469 assert %{"id" => id} = json_response(conn, 200)
470 assert id == to_string(other_user.id)
471 end
472
473 test "following without reblogs" do
474 follower = insert(:user)
475 followed = insert(:user)
476 other_user = insert(:user)
477
478 conn =
479 build_conn()
480 |> assign(:user, follower)
481 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=false")
482
483 assert %{"showing_reblogs" => false} = json_response(conn, 200)
484
485 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
486 {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
487
488 conn =
489 build_conn()
490 |> assign(:user, User.get_cached_by_id(follower.id))
491 |> get("/api/v1/timelines/home")
492
493 assert [] == json_response(conn, 200)
494
495 conn =
496 build_conn()
497 |> assign(:user, User.get_cached_by_id(follower.id))
498 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=true")
499
500 assert %{"showing_reblogs" => true} = json_response(conn, 200)
501
502 conn =
503 build_conn()
504 |> assign(:user, User.get_cached_by_id(follower.id))
505 |> get("/api/v1/timelines/home")
506
507 expected_activity_id = reblog.id
508 assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
509 end
510
511 test "following / unfollowing errors" do
512 user = insert(:user)
513
514 conn =
515 build_conn()
516 |> assign(:user, user)
517
518 # self follow
519 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
520 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
521
522 # self unfollow
523 user = User.get_cached_by_id(user.id)
524 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
525 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
526
527 # self follow via uri
528 user = User.get_cached_by_id(user.id)
529 conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
530 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
531
532 # follow non existing user
533 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
534 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
535
536 # follow non existing user via uri
537 conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
538 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
539
540 # unfollow non existing user
541 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
542 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
543 end
544 end
545
546 describe "mute/unmute" do
547 test "with notifications", %{conn: conn} do
548 user = insert(:user)
549 other_user = insert(:user)
550
551 conn =
552 conn
553 |> assign(:user, user)
554 |> post("/api/v1/accounts/#{other_user.id}/mute")
555
556 response = json_response(conn, 200)
557
558 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
559 user = User.get_cached_by_id(user.id)
560
561 conn =
562 build_conn()
563 |> assign(:user, user)
564 |> post("/api/v1/accounts/#{other_user.id}/unmute")
565
566 response = json_response(conn, 200)
567 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
568 end
569
570 test "without notifications", %{conn: conn} do
571 user = insert(:user)
572 other_user = insert(:user)
573
574 conn =
575 conn
576 |> assign(:user, user)
577 |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
578
579 response = json_response(conn, 200)
580
581 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
582 user = User.get_cached_by_id(user.id)
583
584 conn =
585 build_conn()
586 |> assign(:user, user)
587 |> post("/api/v1/accounts/#{other_user.id}/unmute")
588
589 response = json_response(conn, 200)
590 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
591 end
592 end
593
594 describe "pinned statuses" do
595 setup do
596 user = insert(:user)
597 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
598
599 [user: user, activity: activity]
600 end
601
602 test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
603 {:ok, _} = CommonAPI.pin(activity.id, user)
604
605 result =
606 conn
607 |> assign(:user, user)
608 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
609 |> json_response(200)
610
611 id_str = to_string(activity.id)
612
613 assert [%{"id" => ^id_str, "pinned" => true}] = result
614 end
615 end
616
617 test "blocking / unblocking a user", %{conn: conn} do
618 user = insert(:user)
619 other_user = insert(:user)
620
621 conn =
622 conn
623 |> assign(:user, user)
624 |> post("/api/v1/accounts/#{other_user.id}/block")
625
626 assert %{"id" => _id, "blocking" => true} = json_response(conn, 200)
627
628 user = User.get_cached_by_id(user.id)
629
630 conn =
631 build_conn()
632 |> assign(:user, user)
633 |> post("/api/v1/accounts/#{other_user.id}/unblock")
634
635 assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
636 end
637
638 describe "create account by app" do
639 setup do
640 valid_params = %{
641 username: "lain",
642 email: "lain@example.org",
643 password: "PlzDontHackLain",
644 agreement: true
645 }
646
647 [valid_params: valid_params]
648 end
649
650 test "Account registration via Application", %{conn: conn} do
651 conn =
652 conn
653 |> post("/api/v1/apps", %{
654 client_name: "client_name",
655 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
656 scopes: "read, write, follow"
657 })
658
659 %{
660 "client_id" => client_id,
661 "client_secret" => client_secret,
662 "id" => _,
663 "name" => "client_name",
664 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
665 "vapid_key" => _,
666 "website" => nil
667 } = json_response(conn, 200)
668
669 conn =
670 conn
671 |> post("/oauth/token", %{
672 grant_type: "client_credentials",
673 client_id: client_id,
674 client_secret: client_secret
675 })
676
677 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
678 json_response(conn, 200)
679
680 assert token
681 token_from_db = Repo.get_by(Token, token: token)
682 assert token_from_db
683 assert refresh
684 assert scope == "read write follow"
685
686 conn =
687 build_conn()
688 |> put_req_header("authorization", "Bearer " <> token)
689 |> post("/api/v1/accounts", %{
690 username: "lain",
691 email: "lain@example.org",
692 password: "PlzDontHackLain",
693 bio: "Test Bio",
694 agreement: true
695 })
696
697 %{
698 "access_token" => token,
699 "created_at" => _created_at,
700 "scope" => _scope,
701 "token_type" => "Bearer"
702 } = json_response(conn, 200)
703
704 token_from_db = Repo.get_by(Token, token: token)
705 assert token_from_db
706 token_from_db = Repo.preload(token_from_db, :user)
707 assert token_from_db.user
708
709 assert token_from_db.user.confirmation_pending
710 end
711
712 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
713 _user = insert(:user, email: "lain@example.org")
714 app_token = insert(:oauth_token, user: nil)
715
716 conn =
717 conn
718 |> put_req_header("authorization", "Bearer " <> app_token.token)
719
720 res = post(conn, "/api/v1/accounts", valid_params)
721 assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
722 end
723
724 test "rate limit", %{conn: conn} do
725 app_token = insert(:oauth_token, user: nil)
726
727 conn =
728 put_req_header(conn, "authorization", "Bearer " <> app_token.token)
729 |> Map.put(:remote_ip, {15, 15, 15, 15})
730
731 for i <- 1..5 do
732 conn =
733 conn
734 |> post("/api/v1/accounts", %{
735 username: "#{i}lain",
736 email: "#{i}lain@example.org",
737 password: "PlzDontHackLain",
738 agreement: true
739 })
740
741 %{
742 "access_token" => token,
743 "created_at" => _created_at,
744 "scope" => _scope,
745 "token_type" => "Bearer"
746 } = json_response(conn, 200)
747
748 token_from_db = Repo.get_by(Token, token: token)
749 assert token_from_db
750 token_from_db = Repo.preload(token_from_db, :user)
751 assert token_from_db.user
752
753 assert token_from_db.user.confirmation_pending
754 end
755
756 conn =
757 conn
758 |> post("/api/v1/accounts", %{
759 username: "6lain",
760 email: "6lain@example.org",
761 password: "PlzDontHackLain",
762 agreement: true
763 })
764
765 assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
766 end
767
768 test "returns bad_request if missing required params", %{
769 conn: conn,
770 valid_params: valid_params
771 } do
772 app_token = insert(:oauth_token, user: nil)
773
774 conn =
775 conn
776 |> put_req_header("authorization", "Bearer " <> app_token.token)
777
778 res = post(conn, "/api/v1/accounts", valid_params)
779 assert json_response(res, 200)
780
781 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
782 |> Stream.zip(valid_params)
783 |> Enum.each(fn {ip, {attr, _}} ->
784 res =
785 conn
786 |> Map.put(:remote_ip, ip)
787 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
788 |> json_response(400)
789
790 assert res == %{"error" => "Missing parameters"}
791 end)
792 end
793
794 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
795 conn =
796 conn
797 |> put_req_header("authorization", "Bearer " <> "invalid-token")
798
799 res = post(conn, "/api/v1/accounts", valid_params)
800 assert json_response(res, 403) == %{"error" => "Invalid credentials"}
801 end
802 end
803
804 describe "GET /api/v1/accounts/:id/lists - account_lists" do
805 test "returns lists to which the account belongs", %{conn: conn} do
806 user = insert(:user)
807 other_user = insert(:user)
808 assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
809 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
810
811 res =
812 conn
813 |> assign(:user, user)
814 |> get("/api/v1/accounts/#{other_user.id}/lists")
815 |> json_response(200)
816
817 assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
818 end
819 end
820
821 describe "verify_credentials" do
822 test "verify_credentials", %{conn: conn} do
823 user = insert(:user)
824
825 conn =
826 conn
827 |> assign(:user, user)
828 |> get("/api/v1/accounts/verify_credentials")
829
830 response = json_response(conn, 200)
831
832 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
833 assert response["pleroma"]["chat_token"]
834 assert id == to_string(user.id)
835 end
836
837 test "verify_credentials default scope unlisted", %{conn: conn} do
838 user = insert(:user, default_scope: "unlisted")
839
840 conn =
841 conn
842 |> assign(:user, user)
843 |> get("/api/v1/accounts/verify_credentials")
844
845 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
846 assert id == to_string(user.id)
847 end
848
849 test "locked accounts", %{conn: conn} do
850 user = insert(:user, default_scope: "private")
851
852 conn =
853 conn
854 |> assign(:user, user)
855 |> get("/api/v1/accounts/verify_credentials")
856
857 assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
858 assert id == to_string(user.id)
859 end
860 end
861
862 describe "user relationships" do
863 test "returns the relationships for the current user", %{conn: conn} do
864 user = insert(:user)
865 other_user = insert(:user)
866 {:ok, user} = User.follow(user, other_user)
867
868 conn =
869 conn
870 |> assign(:user, user)
871 |> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
872
873 assert [relationship] = json_response(conn, 200)
874
875 assert to_string(other_user.id) == relationship["id"]
876 end
877
878 test "returns an empty list on a bad request", %{conn: conn} do
879 user = insert(:user)
880
881 conn =
882 conn
883 |> assign(:user, user)
884 |> get("/api/v1/accounts/relationships", %{})
885
886 assert [] = json_response(conn, 200)
887 end
888 end
889
890 test "getting a list of mutes", %{conn: conn} do
891 user = insert(:user)
892 other_user = insert(:user)
893
894 {:ok, _user_relationships} = User.mute(user, other_user)
895
896 conn =
897 conn
898 |> assign(:user, user)
899 |> get("/api/v1/mutes")
900
901 other_user_id = to_string(other_user.id)
902 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
903 end
904
905 test "getting a list of blocks", %{conn: conn} do
906 user = insert(:user)
907 other_user = insert(:user)
908
909 {:ok, _user_relationship} = User.block(user, other_user)
910
911 conn =
912 conn
913 |> assign(:user, user)
914 |> get("/api/v1/blocks")
915
916 other_user_id = to_string(other_user.id)
917 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
918 end
919 end