projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Disable rate limiter for socket/localhost (unless RemoteIp is enabled)
[akkoma] / test / web / mastodon_api / controllers / account_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
6 use Pleroma.Web.ConnCase
7
8 alias Pleroma.Repo
9 alias Pleroma.User
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.ActivityPub.InternalFetchActor
12 alias Pleroma.Web.CommonAPI
13 alias Pleroma.Web.OAuth.Token
14
15 import Pleroma.Factory
16
17 describe "account fetching" do
18 test "works by id" do
19 user = insert(:user)
20
21 conn =
22 build_conn()
23 |> get("/api/v1/accounts/#{user.id}")
24
25 assert %{"id" => id} = json_response(conn, 200)
26 assert id == to_string(user.id)
27
28 conn =
29 build_conn()
30 |> get("/api/v1/accounts/-1")
31
32 assert %{"error" => "Can't find user"} = json_response(conn, 404)
33 end
34
35 test "works by nickname" do
36 user = insert(:user)
37
38 conn =
39 build_conn()
40 |> get("/api/v1/accounts/#{user.nickname}")
41
42 assert %{"id" => id} = json_response(conn, 200)
43 assert id == user.id
44 end
45
46 test "works by nickname for remote users" do
47 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
48 Pleroma.Config.put([:instance, :limit_to_local_content], false)
49 user = insert(:user, nickname: "user@example.com", local: false)
50
51 conn =
52 build_conn()
53 |> get("/api/v1/accounts/#{user.nickname}")
54
55 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
56 assert %{"id" => id} = json_response(conn, 200)
57 assert id == user.id
58 end
59
60 test "respects limit_to_local_content == :all for remote user nicknames" do
61 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
62 Pleroma.Config.put([:instance, :limit_to_local_content], :all)
63
64 user = insert(:user, nickname: "user@example.com", local: false)
65
66 conn =
67 build_conn()
68 |> get("/api/v1/accounts/#{user.nickname}")
69
70 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
71 assert json_response(conn, 404)
72 end
73
74 test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
75 limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
76 Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
77
78 user = insert(:user, nickname: "user@example.com", local: false)
79 reading_user = insert(:user)
80
81 conn =
82 build_conn()
83 |> get("/api/v1/accounts/#{user.nickname}")
84
85 assert json_response(conn, 404)
86
87 conn =
88 build_conn()
89 |> assign(:user, reading_user)
90 |> get("/api/v1/accounts/#{user.nickname}")
91
92 Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
93 assert %{"id" => id} = json_response(conn, 200)
94 assert id == user.id
95 end
96
97 test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
98 # Need to set an old-style integer ID to reproduce the problem
99 # (these are no longer assigned to new accounts but were preserved
100 # for existing accounts during the migration to flakeIDs)
101 user_one = insert(:user, %{id: 1212})
102 user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
103
104 resp_one =
105 conn
106 |> get("/api/v1/accounts/#{user_one.id}")
107
108 resp_two =
109 conn
110 |> get("/api/v1/accounts/#{user_two.nickname}")
111
112 resp_three =
113 conn
114 |> get("/api/v1/accounts/#{user_two.id}")
115
116 acc_one = json_response(resp_one, 200)
117 acc_two = json_response(resp_two, 200)
118 acc_three = json_response(resp_three, 200)
119 refute acc_one == acc_two
120 assert acc_two == acc_three
121 end
122
123 test "returns 404 when user is invisible", %{conn: conn} do
124 user = insert(:user, %{invisible: true})
125
126 resp =
127 conn
128 |> get("/api/v1/accounts/#{user.nickname}")
129 |> json_response(404)
130
131 assert %{"error" => "Can't find user"} = resp
132 end
133
134 test "returns 404 for internal.fetch actor", %{conn: conn} do
135 %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
136
137 resp =
138 conn
139 |> get("/api/v1/accounts/internal.fetch")
140 |> json_response(404)
141
142 assert %{"error" => "Can't find user"} = resp
143 end
144 end
145
146 describe "user timelines" do
147 test "respects blocks", %{conn: conn} do
148 user_one = insert(:user)
149 user_two = insert(:user)
150 user_three = insert(:user)
151
152 User.block(user_one, user_two)
153
154 {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
155 {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
156
157 resp =
158 conn
159 |> get("/api/v1/accounts/#{user_two.id}/statuses")
160
161 assert [%{"id" => id}] = json_response(resp, 200)
162 assert id == activity.id
163
164 # Even a blocked user will deliver the full user timeline, there would be
165 # no point in looking at a blocked users timeline otherwise
166 resp =
167 conn
168 |> assign(:user, user_one)
169 |> get("/api/v1/accounts/#{user_two.id}/statuses")
170
171 assert [%{"id" => id}] = json_response(resp, 200)
172 assert id == activity.id
173
174 resp =
175 conn
176 |> get("/api/v1/accounts/#{user_three.id}/statuses")
177
178 assert [%{"id" => id}] = json_response(resp, 200)
179 assert id == repeat.id
180
181 # When viewing a third user's timeline, the blocked users will NOT be
182 # shown.
183 resp =
184 conn
185 |> assign(:user, user_one)
186 |> get("/api/v1/accounts/#{user_three.id}/statuses")
187
188 assert [] = json_response(resp, 200)
189 end
190
191 test "gets a users statuses", %{conn: conn} do
192 user_one = insert(:user)
193 user_two = insert(:user)
194 user_three = insert(:user)
195
196 {:ok, user_three} = User.follow(user_three, user_one)
197
198 {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
199
200 {:ok, direct_activity} =
201 CommonAPI.post(user_one, %{
202 "status" => "Hi, @#{user_two.nickname}.",
203 "visibility" => "direct"
204 })
205
206 {:ok, private_activity} =
207 CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
208
209 resp =
210 conn
211 |> get("/api/v1/accounts/#{user_one.id}/statuses")
212
213 assert [%{"id" => id}] = json_response(resp, 200)
214 assert id == to_string(activity.id)
215
216 resp =
217 conn
218 |> assign(:user, user_two)
219 |> get("/api/v1/accounts/#{user_one.id}/statuses")
220
221 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
222 assert id_one == to_string(direct_activity.id)
223 assert id_two == to_string(activity.id)
224
225 resp =
226 conn
227 |> assign(:user, user_three)
228 |> get("/api/v1/accounts/#{user_one.id}/statuses")
229
230 assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
231 assert id_one == to_string(private_activity.id)
232 assert id_two == to_string(activity.id)
233 end
234
235 test "unimplemented pinned statuses feature", %{conn: conn} do
236 note = insert(:note_activity)
237 user = User.get_cached_by_ap_id(note.data["actor"])
238
239 conn =
240 conn
241 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
242
243 assert json_response(conn, 200) == []
244 end
245
246 test "gets an users media", %{conn: conn} do
247 note = insert(:note_activity)
248 user = User.get_cached_by_ap_id(note.data["actor"])
249
250 file = %Plug.Upload{
251 content_type: "image/jpg",
252 path: Path.absname("test/fixtures/image.jpg"),
253 filename: "an_image.jpg"
254 }
255
256 {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
257
258 {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
259
260 conn =
261 conn
262 |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
263
264 assert [%{"id" => id}] = json_response(conn, 200)
265 assert id == to_string(image_post.id)
266
267 conn =
268 build_conn()
269 |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
270
271 assert [%{"id" => id}] = json_response(conn, 200)
272 assert id == to_string(image_post.id)
273 end
274
275 test "gets a user's statuses without reblogs", %{conn: conn} do
276 user = insert(:user)
277 {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
278 {:ok, _, _} = CommonAPI.repeat(post.id, user)
279
280 conn =
281 conn
282 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
283
284 assert [%{"id" => id}] = json_response(conn, 200)
285 assert id == to_string(post.id)
286
287 conn =
288 conn
289 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
290
291 assert [%{"id" => id}] = json_response(conn, 200)
292 assert id == to_string(post.id)
293 end
294
295 test "filters user's statuses by a hashtag", %{conn: conn} do
296 user = insert(:user)
297 {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
298 {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
299
300 conn =
301 conn
302 |> get("/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
303
304 assert [%{"id" => id}] = json_response(conn, 200)
305 assert id == to_string(post.id)
306 end
307
308 test "the user views their own timelines and excludes direct messages", %{conn: conn} do
309 user = insert(:user)
310 {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
311 {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
312
313 conn =
314 conn
315 |> assign(:user, user)
316 |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
317
318 assert [%{"id" => id}] = json_response(conn, 200)
319 assert id == to_string(public_activity.id)
320 end
321 end
322
323 describe "followers" do
324 test "getting followers", %{conn: conn} do
325 user = insert(:user)
326 other_user = insert(:user)
327 {:ok, user} = User.follow(user, other_user)
328
329 conn =
330 conn
331 |> get("/api/v1/accounts/#{other_user.id}/followers")
332
333 assert [%{"id" => id}] = json_response(conn, 200)
334 assert id == to_string(user.id)
335 end
336
337 test "getting followers, hide_followers", %{conn: conn} do
338 user = insert(:user)
339 other_user = insert(:user, hide_followers: true)
340 {:ok, _user} = User.follow(user, other_user)
341
342 conn =
343 conn
344 |> get("/api/v1/accounts/#{other_user.id}/followers")
345
346 assert [] == json_response(conn, 200)
347 end
348
349 test "getting followers, hide_followers, same user requesting", %{conn: conn} do
350 user = insert(:user)
351 other_user = insert(:user, hide_followers: true)
352 {:ok, _user} = User.follow(user, other_user)
353
354 conn =
355 conn
356 |> assign(:user, other_user)
357 |> get("/api/v1/accounts/#{other_user.id}/followers")
358
359 refute [] == json_response(conn, 200)
360 end
361
362 test "getting followers, pagination", %{conn: conn} do
363 user = insert(:user)
364 follower1 = insert(:user)
365 follower2 = insert(:user)
366 follower3 = insert(:user)
367 {:ok, _} = User.follow(follower1, user)
368 {:ok, _} = User.follow(follower2, user)
369 {:ok, _} = User.follow(follower3, user)
370
371 conn =
372 conn
373 |> assign(:user, user)
374
375 res_conn =
376 conn
377 |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
378
379 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
380 assert id3 == follower3.id
381 assert id2 == follower2.id
382
383 res_conn =
384 conn
385 |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
386
387 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
388 assert id2 == follower2.id
389 assert id1 == follower1.id
390
391 res_conn =
392 conn
393 |> get("/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
394
395 assert [%{"id" => id2}] = json_response(res_conn, 200)
396 assert id2 == follower2.id
397
398 assert [link_header] = get_resp_header(res_conn, "link")
399 assert link_header =~ ~r/min_id=#{follower2.id}/
400 assert link_header =~ ~r/max_id=#{follower2.id}/
401 end
402 end
403
404 describe "following" do
405 test "getting following", %{conn: conn} do
406 user = insert(:user)
407 other_user = insert(:user)
408 {:ok, user} = User.follow(user, other_user)
409
410 conn =
411 conn
412 |> get("/api/v1/accounts/#{user.id}/following")
413
414 assert [%{"id" => id}] = json_response(conn, 200)
415 assert id == to_string(other_user.id)
416 end
417
418 test "getting following, hide_follows", %{conn: conn} do
419 user = insert(:user, hide_follows: true)
420 other_user = insert(:user)
421 {:ok, user} = User.follow(user, other_user)
422
423 conn =
424 conn
425 |> get("/api/v1/accounts/#{user.id}/following")
426
427 assert [] == json_response(conn, 200)
428 end
429
430 test "getting following, hide_follows, same user requesting", %{conn: conn} do
431 user = insert(:user, hide_follows: true)
432 other_user = insert(:user)
433 {:ok, user} = User.follow(user, other_user)
434
435 conn =
436 conn
437 |> assign(:user, user)
438 |> get("/api/v1/accounts/#{user.id}/following")
439
440 refute [] == json_response(conn, 200)
441 end
442
443 test "getting following, pagination", %{conn: conn} do
444 user = insert(:user)
445 following1 = insert(:user)
446 following2 = insert(:user)
447 following3 = insert(:user)
448 {:ok, _} = User.follow(user, following1)
449 {:ok, _} = User.follow(user, following2)
450 {:ok, _} = User.follow(user, following3)
451
452 conn =
453 conn
454 |> assign(:user, user)
455
456 res_conn =
457 conn
458 |> get("/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
459
460 assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
461 assert id3 == following3.id
462 assert id2 == following2.id
463
464 res_conn =
465 conn
466 |> get("/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
467
468 assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
469 assert id2 == following2.id
470 assert id1 == following1.id
471
472 res_conn =
473 conn
474 |> get("/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
475
476 assert [%{"id" => id2}] = json_response(res_conn, 200)
477 assert id2 == following2.id
478
479 assert [link_header] = get_resp_header(res_conn, "link")
480 assert link_header =~ ~r/min_id=#{following2.id}/
481 assert link_header =~ ~r/max_id=#{following2.id}/
482 end
483 end
484
485 describe "follow/unfollow" do
486 test "following / unfollowing a user", %{conn: conn} do
487 user = insert(:user)
488 other_user = insert(:user)
489
490 conn =
491 conn
492 |> assign(:user, user)
493 |> post("/api/v1/accounts/#{other_user.id}/follow")
494
495 assert %{"id" => _id, "following" => true} = json_response(conn, 200)
496
497 user = User.get_cached_by_id(user.id)
498
499 conn =
500 build_conn()
501 |> assign(:user, user)
502 |> post("/api/v1/accounts/#{other_user.id}/unfollow")
503
504 assert %{"id" => _id, "following" => false} = json_response(conn, 200)
505
506 user = User.get_cached_by_id(user.id)
507
508 conn =
509 build_conn()
510 |> assign(:user, user)
511 |> post("/api/v1/follows", %{"uri" => other_user.nickname})
512
513 assert %{"id" => id} = json_response(conn, 200)
514 assert id == to_string(other_user.id)
515 end
516
517 test "following without reblogs" do
518 follower = insert(:user)
519 followed = insert(:user)
520 other_user = insert(:user)
521
522 conn =
523 build_conn()
524 |> assign(:user, follower)
525 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=false")
526
527 assert %{"showing_reblogs" => false} = json_response(conn, 200)
528
529 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
530 {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
531
532 conn =
533 build_conn()
534 |> assign(:user, User.get_cached_by_id(follower.id))
535 |> get("/api/v1/timelines/home")
536
537 assert [] == json_response(conn, 200)
538
539 conn =
540 build_conn()
541 |> assign(:user, User.get_cached_by_id(follower.id))
542 |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=true")
543
544 assert %{"showing_reblogs" => true} = json_response(conn, 200)
545
546 conn =
547 build_conn()
548 |> assign(:user, User.get_cached_by_id(follower.id))
549 |> get("/api/v1/timelines/home")
550
551 expected_activity_id = reblog.id
552 assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
553 end
554
555 test "following / unfollowing errors" do
556 user = insert(:user)
557
558 conn =
559 build_conn()
560 |> assign(:user, user)
561
562 # self follow
563 conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
564 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
565
566 # self unfollow
567 user = User.get_cached_by_id(user.id)
568 conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
569 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
570
571 # self follow via uri
572 user = User.get_cached_by_id(user.id)
573 conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
574 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
575
576 # follow non existing user
577 conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
578 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
579
580 # follow non existing user via uri
581 conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
582 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
583
584 # unfollow non existing user
585 conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
586 assert %{"error" => "Record not found"} = json_response(conn_res, 404)
587 end
588 end
589
590 describe "mute/unmute" do
591 test "with notifications", %{conn: conn} do
592 user = insert(:user)
593 other_user = insert(:user)
594
595 conn =
596 conn
597 |> assign(:user, user)
598 |> post("/api/v1/accounts/#{other_user.id}/mute")
599
600 response = json_response(conn, 200)
601
602 assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
603 user = User.get_cached_by_id(user.id)
604
605 conn =
606 build_conn()
607 |> assign(:user, user)
608 |> post("/api/v1/accounts/#{other_user.id}/unmute")
609
610 response = json_response(conn, 200)
611 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
612 end
613
614 test "without notifications", %{conn: conn} do
615 user = insert(:user)
616 other_user = insert(:user)
617
618 conn =
619 conn
620 |> assign(:user, user)
621 |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
622
623 response = json_response(conn, 200)
624
625 assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
626 user = User.get_cached_by_id(user.id)
627
628 conn =
629 build_conn()
630 |> assign(:user, user)
631 |> post("/api/v1/accounts/#{other_user.id}/unmute")
632
633 response = json_response(conn, 200)
634 assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
635 end
636 end
637
638 describe "pinned statuses" do
639 setup do
640 user = insert(:user)
641 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
642
643 [user: user, activity: activity]
644 end
645
646 test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
647 {:ok, _} = CommonAPI.pin(activity.id, user)
648
649 result =
650 conn
651 |> assign(:user, user)
652 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
653 |> json_response(200)
654
655 id_str = to_string(activity.id)
656
657 assert [%{"id" => ^id_str, "pinned" => true}] = result
658 end
659 end
660
661 test "blocking / unblocking a user", %{conn: conn} do
662 user = insert(:user)
663 other_user = insert(:user)
664
665 conn =
666 conn
667 |> assign(:user, user)
668 |> post("/api/v1/accounts/#{other_user.id}/block")
669
670 assert %{"id" => _id, "blocking" => true} = json_response(conn, 200)
671
672 user = User.get_cached_by_id(user.id)
673
674 conn =
675 build_conn()
676 |> assign(:user, user)
677 |> post("/api/v1/accounts/#{other_user.id}/unblock")
678
679 assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
680 end
681
682 describe "create account by app" do
683 setup do
684 valid_params = %{
685 username: "lain",
686 email: "lain@example.org",
687 password: "PlzDontHackLain",
688 agreement: true
689 }
690
691 [valid_params: valid_params]
692 end
693
694 test "Account registration via Application", %{conn: conn} do
695 conn =
696 conn
697 |> post("/api/v1/apps", %{
698 client_name: "client_name",
699 redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
700 scopes: "read, write, follow"
701 })
702
703 %{
704 "client_id" => client_id,
705 "client_secret" => client_secret,
706 "id" => _,
707 "name" => "client_name",
708 "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
709 "vapid_key" => _,
710 "website" => nil
711 } = json_response(conn, 200)
712
713 conn =
714 conn
715 |> post("/oauth/token", %{
716 grant_type: "client_credentials",
717 client_id: client_id,
718 client_secret: client_secret
719 })
720
721 assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
722 json_response(conn, 200)
723
724 assert token
725 token_from_db = Repo.get_by(Token, token: token)
726 assert token_from_db
727 assert refresh
728 assert scope == "read write follow"
729
730 conn =
731 build_conn()
732 |> put_req_header("authorization", "Bearer " <> token)
733 |> post("/api/v1/accounts", %{
734 username: "lain",
735 email: "lain@example.org",
736 password: "PlzDontHackLain",
737 bio: "Test Bio",
738 agreement: true
739 })
740
741 %{
742 "access_token" => token,
743 "created_at" => _created_at,
744 "scope" => _scope,
745 "token_type" => "Bearer"
746 } = json_response(conn, 200)
747
748 token_from_db = Repo.get_by(Token, token: token)
749 assert token_from_db
750 token_from_db = Repo.preload(token_from_db, :user)
751 assert token_from_db.user
752
753 assert token_from_db.user.confirmation_pending
754 end
755
756 test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
757 _user = insert(:user, email: "lain@example.org")
758 app_token = insert(:oauth_token, user: nil)
759
760 conn =
761 conn
762 |> put_req_header("authorization", "Bearer " <> app_token.token)
763
764 res = post(conn, "/api/v1/accounts", valid_params)
765 assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
766 end
767
768 test "rate limit", %{conn: conn} do
769 Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
770 app_token = insert(:oauth_token, user: nil)
771
772 conn =
773 put_req_header(conn, "authorization", "Bearer " <> app_token.token)
774 |> Map.put(:remote_ip, {15, 15, 15, 15})
775
776 for i <- 1..5 do
777 conn =
778 conn
779 |> post("/api/v1/accounts", %{
780 username: "#{i}lain",
781 email: "#{i}lain@example.org",
782 password: "PlzDontHackLain",
783 agreement: true
784 })
785
786 %{
787 "access_token" => token,
788 "created_at" => _created_at,
789 "scope" => _scope,
790 "token_type" => "Bearer"
791 } = json_response(conn, 200)
792
793 token_from_db = Repo.get_by(Token, token: token)
794 assert token_from_db
795 token_from_db = Repo.preload(token_from_db, :user)
796 assert token_from_db.user
797
798 assert token_from_db.user.confirmation_pending
799 end
800
801 conn =
802 conn
803 |> post("/api/v1/accounts", %{
804 username: "6lain",
805 email: "6lain@example.org",
806 password: "PlzDontHackLain",
807 agreement: true
808 })
809
810 assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
811 end
812
813 test "returns bad_request if missing required params", %{
814 conn: conn,
815 valid_params: valid_params
816 } do
817 app_token = insert(:oauth_token, user: nil)
818
819 conn =
820 conn
821 |> put_req_header("authorization", "Bearer " <> app_token.token)
822
823 res = post(conn, "/api/v1/accounts", valid_params)
824 assert json_response(res, 200)
825
826 [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
827 |> Stream.zip(valid_params)
828 |> Enum.each(fn {ip, {attr, _}} ->
829 res =
830 conn
831 |> Map.put(:remote_ip, ip)
832 |> post("/api/v1/accounts", Map.delete(valid_params, attr))
833 |> json_response(400)
834
835 assert res == %{"error" => "Missing parameters"}
836 end)
837 end
838
839 test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
840 conn =
841 conn
842 |> put_req_header("authorization", "Bearer " <> "invalid-token")
843
844 res = post(conn, "/api/v1/accounts", valid_params)
845 assert json_response(res, 403) == %{"error" => "Invalid credentials"}
846 end
847 end
848
849 describe "GET /api/v1/accounts/:id/lists - account_lists" do
850 test "returns lists to which the account belongs", %{conn: conn} do
851 user = insert(:user)
852 other_user = insert(:user)
853 assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
854 {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
855
856 res =
857 conn
858 |> assign(:user, user)
859 |> get("/api/v1/accounts/#{other_user.id}/lists")
860 |> json_response(200)
861
862 assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
863 end
864 end
865
866 describe "verify_credentials" do
867 test "verify_credentials", %{conn: conn} do
868 user = insert(:user)
869
870 conn =
871 conn
872 |> assign(:user, user)
873 |> get("/api/v1/accounts/verify_credentials")
874
875 response = json_response(conn, 200)
876
877 assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
878 assert response["pleroma"]["chat_token"]
879 assert id == to_string(user.id)
880 end
881
882 test "verify_credentials default scope unlisted", %{conn: conn} do
883 user = insert(:user, default_scope: "unlisted")
884
885 conn =
886 conn
887 |> assign(:user, user)
888 |> get("/api/v1/accounts/verify_credentials")
889
890 assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
891 assert id == to_string(user.id)
892 end
893
894 test "locked accounts", %{conn: conn} do
895 user = insert(:user, default_scope: "private")
896
897 conn =
898 conn
899 |> assign(:user, user)
900 |> get("/api/v1/accounts/verify_credentials")
901
902 assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
903 assert id == to_string(user.id)
904 end
905 end
906
907 describe "user relationships" do
908 test "returns the relationships for the current user", %{conn: conn} do
909 user = insert(:user)
910 other_user = insert(:user)
911 {:ok, user} = User.follow(user, other_user)
912
913 conn =
914 conn
915 |> assign(:user, user)
916 |> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
917
918 assert [relationship] = json_response(conn, 200)
919
920 assert to_string(other_user.id) == relationship["id"]
921 end
922
923 test "returns an empty list on a bad request", %{conn: conn} do
924 user = insert(:user)
925
926 conn =
927 conn
928 |> assign(:user, user)
929 |> get("/api/v1/accounts/relationships", %{})
930
931 assert [] = json_response(conn, 200)
932 end
933 end
934
935 test "getting a list of mutes", %{conn: conn} do
936 user = insert(:user)
937 other_user = insert(:user)
938
939 {:ok, _user_relationships} = User.mute(user, other_user)
940
941 conn =
942 conn
943 |> assign(:user, user)
944 |> get("/api/v1/mutes")
945
946 other_user_id = to_string(other_user.id)
947 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
948 end
949
950 test "getting a list of blocks", %{conn: conn} do
951 user = insert(:user)
952 other_user = insert(:user)
953
954 {:ok, _user_relationship} = User.block(user, other_user)
955
956 conn =
957 conn
958 |> assign(:user, user)
959 |> get("/api/v1/blocks")
960
961 other_user_id = to_string(other_user.id)
962 assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
963 end
964 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git