1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.ActivityExpiration
11 alias Pleroma.Conversation.Participation
14 alias Pleroma.ScheduledActivity
15 alias Pleroma.Tests.ObanHelpers
17 alias Pleroma.Web.ActivityPub.ActivityPub
18 alias Pleroma.Web.CommonAPI
20 import Pleroma.Factory
22 clear_config([:instance, :federating])
23 clear_config([:instance, :allow_relay])
24 clear_config([:rich_media, :enabled])
26 describe "posting statuses" do
27 setup do: oauth_access(["write:statuses"])
29 test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
30 Pleroma.Config.put([:instance, :federating], true)
31 Pleroma.Config.get([:instance, :allow_relay], true)
35 |> post("api/v1/statuses", %{
36 "content_type" => "text/plain",
37 "source" => "Pleroma FE",
38 "status" => "Hello world",
39 "visibility" => "public"
43 assert response["reblogs_count"] == 0
44 ObanHelpers.perform_all()
48 |> get("api/v1/statuses/#{response["id"]}", %{})
51 assert response["reblogs_count"] == 0
54 test "posting a status", %{conn: conn} do
55 idempotency_key = "Pikachu rocks!"
59 |> put_req_header("idempotency-key", idempotency_key)
60 |> post("/api/v1/statuses", %{
62 "spoiler_text" => "2hu",
63 "sensitive" => "false"
66 {:ok, ttl} = Cachex.ttl(:idempotency_cache, idempotency_key)
68 assert ttl > :timer.seconds(6 * 60 * 60 - 1)
70 assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} =
71 json_response(conn_one, 200)
73 assert Activity.get_by_id(id)
77 |> put_req_header("idempotency-key", idempotency_key)
78 |> post("/api/v1/statuses", %{
80 "spoiler_text" => "2hu",
81 "sensitive" => "false"
84 assert %{"id" => second_id} = json_response(conn_two, 200)
85 assert id == second_id
89 |> post("/api/v1/statuses", %{
91 "spoiler_text" => "2hu",
92 "sensitive" => "false"
95 assert %{"id" => third_id} = json_response(conn_three, 200)
98 # An activity that will expire:
100 expires_in = 120 * 60
104 |> post("api/v1/statuses", %{
105 "status" => "oolong",
106 "expires_in" => expires_in
109 assert fourth_response = %{"id" => fourth_id} = json_response(conn_four, 200)
110 assert activity = Activity.get_by_id(fourth_id)
111 assert expiration = ActivityExpiration.get_by_activity_id(fourth_id)
113 estimated_expires_at =
114 NaiveDateTime.utc_now()
115 |> NaiveDateTime.add(expires_in)
116 |> NaiveDateTime.truncate(:second)
118 # This assert will fail if the test takes longer than a minute. I sure hope it never does:
119 assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60
121 assert fourth_response["pleroma"]["expires_at"] ==
122 NaiveDateTime.to_iso8601(expiration.scheduled_at)
125 test "it fails to create a status if `expires_in` is less or equal than an hour", %{
131 assert %{"error" => "Expiry date is too soon"} =
133 |> post("api/v1/statuses", %{
134 "status" => "oolong",
135 "expires_in" => expires_in
137 |> json_response(422)
142 assert %{"error" => "Expiry date is too soon"} =
144 |> post("api/v1/statuses", %{
145 "status" => "oolong",
146 "expires_in" => expires_in
148 |> json_response(422)
151 test "posting an undefined status with an attachment", %{user: user, conn: conn} do
153 content_type: "image/jpg",
154 path: Path.absname("test/fixtures/image.jpg"),
155 filename: "an_image.jpg"
158 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
161 post(conn, "/api/v1/statuses", %{
162 "media_ids" => [to_string(upload.id)]
165 assert json_response(conn, 200)
168 test "replying to a status", %{user: user, conn: conn} do
169 {:ok, replied_to} = CommonAPI.post(user, %{"status" => "cofe"})
173 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
175 assert %{"content" => "xD", "id" => id} = json_response(conn, 200)
177 activity = Activity.get_by_id(id)
179 assert activity.data["context"] == replied_to.data["context"]
180 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
183 test "replying to a direct message with visibility other than direct", %{
187 {:ok, replied_to} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
189 Enum.each(["public", "private", "unlisted"], fn visibility ->
192 |> post("/api/v1/statuses", %{
193 "status" => "@#{user.nickname} hey",
194 "in_reply_to_id" => replied_to.id,
195 "visibility" => visibility
198 assert json_response(conn, 422) == %{"error" => "The message visibility must be direct"}
202 test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
203 conn = post(conn, "/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
205 assert %{"content" => "xD", "id" => id} = json_response(conn, 200)
206 assert Activity.get_by_id(id)
209 test "posting a sensitive status", %{conn: conn} do
210 conn = post(conn, "/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
212 assert %{"content" => "cofe", "id" => id, "sensitive" => true} = json_response(conn, 200)
213 assert Activity.get_by_id(id)
216 test "posting a fake status", %{conn: conn} do
218 post(conn, "/api/v1/statuses", %{
220 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
223 real_status = json_response(real_conn, 200)
226 assert Object.get_by_ap_id(real_status["uri"])
230 |> Map.put("id", nil)
231 |> Map.put("url", nil)
232 |> Map.put("uri", nil)
233 |> Map.put("created_at", nil)
234 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
237 post(conn, "/api/v1/statuses", %{
239 "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
243 fake_status = json_response(fake_conn, 200)
246 refute Object.get_by_ap_id(fake_status["uri"])
250 |> Map.put("id", nil)
251 |> Map.put("url", nil)
252 |> Map.put("uri", nil)
253 |> Map.put("created_at", nil)
254 |> Kernel.put_in(["pleroma", "conversation_id"], nil)
256 assert real_status == fake_status
259 test "posting a status with OGP link preview", %{conn: conn} do
260 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
261 Config.put([:rich_media, :enabled], true)
264 post(conn, "/api/v1/statuses", %{
265 "status" => "https://example.com/ogp"
268 assert %{"id" => id, "card" => %{"title" => "The Rock"}} = json_response(conn, 200)
269 assert Activity.get_by_id(id)
272 test "posting a direct status", %{conn: conn} do
273 user2 = insert(:user)
274 content = "direct cofe @#{user2.nickname}"
276 conn = post(conn, "api/v1/statuses", %{"status" => content, "visibility" => "direct"})
278 assert %{"id" => id} = response = json_response(conn, 200)
279 assert response["visibility"] == "direct"
280 assert response["pleroma"]["direct_conversation_id"]
281 assert activity = Activity.get_by_id(id)
282 assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id]
283 assert activity.data["to"] == [user2.ap_id]
284 assert activity.data["cc"] == []
288 describe "posting scheduled statuses" do
289 setup do: oauth_access(["write:statuses"])
291 test "creates a scheduled activity", %{conn: conn} do
292 scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
295 post(conn, "/api/v1/statuses", %{
296 "status" => "scheduled",
297 "scheduled_at" => scheduled_at
300 assert %{"scheduled_at" => expected_scheduled_at} = json_response(conn, 200)
301 assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at)
302 assert [] == Repo.all(Activity)
305 test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
306 scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
309 content_type: "image/jpg",
310 path: Path.absname("test/fixtures/image.jpg"),
311 filename: "an_image.jpg"
314 {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
317 post(conn, "/api/v1/statuses", %{
318 "media_ids" => [to_string(upload.id)],
319 "status" => "scheduled",
320 "scheduled_at" => scheduled_at
323 assert %{"media_attachments" => [media_attachment]} = json_response(conn, 200)
324 assert %{"type" => "image"} = media_attachment
327 test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
330 NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
333 post(conn, "/api/v1/statuses", %{
334 "status" => "not scheduled",
335 "scheduled_at" => scheduled_at
338 assert %{"content" => "not scheduled"} = json_response(conn, 200)
339 assert [] == Repo.all(ScheduledActivity)
342 test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
344 NaiveDateTime.utc_now()
345 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
346 |> NaiveDateTime.to_iso8601()
348 attrs = %{params: %{}, scheduled_at: today}
349 {:ok, _} = ScheduledActivity.create(user, attrs)
350 {:ok, _} = ScheduledActivity.create(user, attrs)
352 conn = post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
354 assert %{"error" => "daily limit exceeded"} == json_response(conn, 422)
357 test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
359 NaiveDateTime.utc_now()
360 |> NaiveDateTime.add(:timer.minutes(6), :millisecond)
361 |> NaiveDateTime.to_iso8601()
364 NaiveDateTime.utc_now()
365 |> NaiveDateTime.add(:timer.hours(36), :millisecond)
366 |> NaiveDateTime.to_iso8601()
368 attrs = %{params: %{}, scheduled_at: today}
369 {:ok, _} = ScheduledActivity.create(user, attrs)
370 {:ok, _} = ScheduledActivity.create(user, attrs)
371 {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
374 post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
376 assert %{"error" => "total limit exceeded"} == json_response(conn, 422)
380 describe "posting polls" do
381 setup do: oauth_access(["write:statuses"])
383 test "posting a poll", %{conn: conn} do
384 time = NaiveDateTime.utc_now()
387 post(conn, "/api/v1/statuses", %{
388 "status" => "Who is the #bestgrill?",
389 "poll" => %{"options" => ["Rei", "Asuka", "Misato"], "expires_in" => 420}
392 response = json_response(conn, 200)
394 assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
395 title in ["Rei", "Asuka", "Misato"]
398 assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
399 refute response["poll"]["expred"]
401 question = Object.get_by_id(response["poll"]["id"])
403 # closed contains utc timezone
404 assert question.data["closed"] =~ "Z"
407 test "option limit is enforced", %{conn: conn} do
408 limit = Config.get([:instance, :poll_limits, :max_options])
411 post(conn, "/api/v1/statuses", %{
413 "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
416 %{"error" => error} = json_response(conn, 422)
417 assert error == "Poll can't contain more than #{limit} options"
420 test "option character limit is enforced", %{conn: conn} do
421 limit = Config.get([:instance, :poll_limits, :max_option_chars])
424 post(conn, "/api/v1/statuses", %{
427 "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
432 %{"error" => error} = json_response(conn, 422)
433 assert error == "Poll options cannot be longer than #{limit} characters each"
436 test "minimal date limit is enforced", %{conn: conn} do
437 limit = Config.get([:instance, :poll_limits, :min_expiration])
440 post(conn, "/api/v1/statuses", %{
441 "status" => "imagine arbitrary limits",
443 "options" => ["this post was made by pleroma gang"],
444 "expires_in" => limit - 1
448 %{"error" => error} = json_response(conn, 422)
449 assert error == "Expiration date is too soon"
452 test "maximum date limit is enforced", %{conn: conn} do
453 limit = Config.get([:instance, :poll_limits, :max_expiration])
456 post(conn, "/api/v1/statuses", %{
457 "status" => "imagine arbitrary limits",
459 "options" => ["this post was made by pleroma gang"],
460 "expires_in" => limit + 1
464 %{"error" => error} = json_response(conn, 422)
465 assert error == "Expiration date is too far in the future"
469 test "get a status" do
470 %{conn: conn} = oauth_access(["read:statuses"])
471 activity = insert(:note_activity)
473 conn = get(conn, "/api/v1/statuses/#{activity.id}")
475 assert %{"id" => id} = json_response(conn, 200)
476 assert id == to_string(activity.id)
479 defp local_and_remote_activities do
480 local = insert(:note_activity)
481 remote = insert(:note_activity, local: false)
482 {:ok, local: local, remote: remote}
485 describe "status with restrict unauthenticated activities for local and remote" do
486 setup do: local_and_remote_activities()
488 clear_config([:restrict_unauthenticated, :activities, :local]) do
489 Config.put([:restrict_unauthenticated, :activities, :local], true)
492 clear_config([:restrict_unauthenticated, :activities, :remote]) do
493 Config.put([:restrict_unauthenticated, :activities, :remote], true)
496 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
497 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
499 assert json_response(res_conn, :not_found) == %{
500 "error" => "Record not found"
503 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
505 assert json_response(res_conn, :not_found) == %{
506 "error" => "Record not found"
510 test "if user is authenticated", %{local: local, remote: remote} do
511 %{conn: conn} = oauth_access(["read"])
512 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
513 assert %{"id" => _} = json_response(res_conn, 200)
515 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
516 assert %{"id" => _} = json_response(res_conn, 200)
520 describe "status with restrict unauthenticated activities for local" do
521 setup do: local_and_remote_activities()
523 clear_config([:restrict_unauthenticated, :activities, :local]) do
524 Config.put([:restrict_unauthenticated, :activities, :local], true)
527 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
528 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
530 assert json_response(res_conn, :not_found) == %{
531 "error" => "Record not found"
534 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
535 assert %{"id" => _} = json_response(res_conn, 200)
538 test "if user is authenticated", %{local: local, remote: remote} do
539 %{conn: conn} = oauth_access(["read"])
540 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
541 assert %{"id" => _} = json_response(res_conn, 200)
543 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
544 assert %{"id" => _} = json_response(res_conn, 200)
548 describe "status with restrict unauthenticated activities for remote" do
549 setup do: local_and_remote_activities()
551 clear_config([:restrict_unauthenticated, :activities, :remote]) do
552 Config.put([:restrict_unauthenticated, :activities, :remote], true)
555 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
556 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
557 assert %{"id" => _} = json_response(res_conn, 200)
559 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
561 assert json_response(res_conn, :not_found) == %{
562 "error" => "Record not found"
566 test "if user is authenticated", %{local: local, remote: remote} do
567 %{conn: conn} = oauth_access(["read"])
568 res_conn = get(conn, "/api/v1/statuses/#{local.id}")
569 assert %{"id" => _} = json_response(res_conn, 200)
571 res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
572 assert %{"id" => _} = json_response(res_conn, 200)
576 test "getting a status that doesn't exist returns 404" do
577 %{conn: conn} = oauth_access(["read:statuses"])
578 activity = insert(:note_activity)
580 conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}")
582 assert json_response(conn, 404) == %{"error" => "Record not found"}
585 test "get a direct status" do
586 %{user: user, conn: conn} = oauth_access(["read:statuses"])
587 other_user = insert(:user)
590 CommonAPI.post(user, %{"status" => "@#{other_user.nickname}", "visibility" => "direct"})
594 |> assign(:user, user)
595 |> get("/api/v1/statuses/#{activity.id}")
597 [participation] = Participation.for_user(user)
599 res = json_response(conn, 200)
600 assert res["pleroma"]["direct_conversation_id"] == participation.id
603 test "get statuses by IDs" do
604 %{conn: conn} = oauth_access(["read:statuses"])
605 %{id: id1} = insert(:note_activity)
606 %{id: id2} = insert(:note_activity)
608 query_string = "ids[]=#{id1}&ids[]=#{id2}"
609 conn = get(conn, "/api/v1/statuses/?#{query_string}")
611 assert [%{"id" => ^id1}, %{"id" => ^id2}] = Enum.sort_by(json_response(conn, :ok), & &1["id"])
614 describe "getting statuses by ids with restricted unauthenticated for local and remote" do
615 setup do: local_and_remote_activities()
617 clear_config([:restrict_unauthenticated, :activities, :local]) do
618 Config.put([:restrict_unauthenticated, :activities, :local], true)
621 clear_config([:restrict_unauthenticated, :activities, :remote]) do
622 Config.put([:restrict_unauthenticated, :activities, :remote], true)
625 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
626 res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
628 assert json_response(res_conn, 200) == []
631 test "if user is authenticated", %{local: local, remote: remote} do
632 %{conn: conn} = oauth_access(["read"])
634 res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
636 assert length(json_response(res_conn, 200)) == 2
640 describe "getting statuses by ids with restricted unauthenticated for local" do
641 setup do: local_and_remote_activities()
643 clear_config([:restrict_unauthenticated, :activities, :local]) do
644 Config.put([:restrict_unauthenticated, :activities, :local], true)
647 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
648 res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
650 remote_id = remote.id
651 assert [%{"id" => ^remote_id}] = json_response(res_conn, 200)
654 test "if user is authenticated", %{local: local, remote: remote} do
655 %{conn: conn} = oauth_access(["read"])
657 res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
659 assert length(json_response(res_conn, 200)) == 2
663 describe "getting statuses by ids with restricted unauthenticated for remote" do
664 setup do: local_and_remote_activities()
666 clear_config([:restrict_unauthenticated, :activities, :remote]) do
667 Config.put([:restrict_unauthenticated, :activities, :remote], true)
670 test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
671 res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
674 assert [%{"id" => ^local_id}] = json_response(res_conn, 200)
677 test "if user is authenticated", %{local: local, remote: remote} do
678 %{conn: conn} = oauth_access(["read"])
680 res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
682 assert length(json_response(res_conn, 200)) == 2
686 describe "deleting a status" do
687 test "when you created it" do
688 %{user: author, conn: conn} = oauth_access(["write:statuses"])
689 activity = insert(:note_activity, user: author)
693 |> assign(:user, author)
694 |> delete("/api/v1/statuses/#{activity.id}")
696 assert %{} = json_response(conn, 200)
698 refute Activity.get_by_id(activity.id)
701 test "when it doesn't exist" do
702 %{user: author, conn: conn} = oauth_access(["write:statuses"])
703 activity = insert(:note_activity, user: author)
707 |> assign(:user, author)
708 |> delete("/api/v1/statuses/#{String.downcase(activity.id)}")
710 assert %{"error" => "Record not found"} == json_response(conn, 404)
713 test "when you didn't create it" do
714 %{conn: conn} = oauth_access(["write:statuses"])
715 activity = insert(:note_activity)
717 conn = delete(conn, "/api/v1/statuses/#{activity.id}")
719 assert %{"error" => _} = json_response(conn, 403)
721 assert Activity.get_by_id(activity.id) == activity
724 test "when you're an admin or moderator", %{conn: conn} do
725 activity1 = insert(:note_activity)
726 activity2 = insert(:note_activity)
727 admin = insert(:user, is_admin: true)
728 moderator = insert(:user, is_moderator: true)
732 |> assign(:user, admin)
733 |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
734 |> delete("/api/v1/statuses/#{activity1.id}")
736 assert %{} = json_response(res_conn, 200)
740 |> assign(:user, moderator)
741 |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
742 |> delete("/api/v1/statuses/#{activity2.id}")
744 assert %{} = json_response(res_conn, 200)
746 refute Activity.get_by_id(activity1.id)
747 refute Activity.get_by_id(activity2.id)
751 describe "reblogging" do
752 setup do: oauth_access(["write:statuses"])
754 test "reblogs and returns the reblogged status", %{conn: conn} do
755 activity = insert(:note_activity)
757 conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog")
760 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
762 } = json_response(conn, 200)
764 assert to_string(activity.id) == id
767 test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do
768 activity = insert(:note_activity)
770 conn = post(conn, "/api/v1/statuses/#{String.downcase(activity.id)}/reblog")
772 assert %{"error" => "Record not found"} = json_response(conn, 404)
775 test "reblogs privately and returns the reblogged status", %{conn: conn} do
776 activity = insert(:note_activity)
778 conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
781 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
783 "visibility" => "private"
784 } = json_response(conn, 200)
786 assert to_string(activity.id) == id
789 test "reblogged status for another user" do
790 activity = insert(:note_activity)
791 user1 = insert(:user)
792 user2 = insert(:user)
793 user3 = insert(:user)
794 CommonAPI.favorite(activity.id, user2)
795 {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id)
796 {:ok, reblog_activity1, _object} = CommonAPI.repeat(activity.id, user1)
797 {:ok, _, _object} = CommonAPI.repeat(activity.id, user2)
801 |> assign(:user, user3)
802 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
803 |> get("/api/v1/statuses/#{reblog_activity1.id}")
806 "reblog" => %{"id" => id, "reblogged" => false, "reblogs_count" => 2},
807 "reblogged" => false,
808 "favourited" => false,
809 "bookmarked" => false
810 } = json_response(conn_res, 200)
814 |> assign(:user, user2)
815 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
816 |> get("/api/v1/statuses/#{reblog_activity1.id}")
819 "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2},
821 "favourited" => true,
823 } = json_response(conn_res, 200)
825 assert to_string(activity.id) == id
829 describe "unreblogging" do
830 setup do: oauth_access(["write:statuses"])
832 test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
833 activity = insert(:note_activity)
835 {:ok, _, _} = CommonAPI.repeat(activity.id, user)
837 conn = post(conn, "/api/v1/statuses/#{activity.id}/unreblog")
839 assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} = json_response(conn, 200)
841 assert to_string(activity.id) == id
844 test "returns 404 error when activity does not exist", %{conn: conn} do
845 conn = post(conn, "/api/v1/statuses/foo/unreblog")
847 assert json_response(conn, 404) == %{"error" => "Record not found"}
851 describe "favoriting" do
852 setup do: oauth_access(["write:favourites"])
854 test "favs a status and returns it", %{conn: conn} do
855 activity = insert(:note_activity)
857 conn = post(conn, "/api/v1/statuses/#{activity.id}/favourite")
859 assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
860 json_response(conn, 200)
862 assert to_string(activity.id) == id
865 test "favoriting twice will just return 200", %{conn: conn} do
866 activity = insert(:note_activity)
868 post(conn, "/api/v1/statuses/#{activity.id}/favourite")
869 assert post(conn, "/api/v1/statuses/#{activity.id}/favourite") |> json_response(200)
872 test "returns 404 error for a wrong id", %{conn: conn} do
873 conn = post(conn, "/api/v1/statuses/1/favourite")
875 assert json_response(conn, 404) == %{"error" => "Record not found"}
879 describe "unfavoriting" do
880 setup do: oauth_access(["write:favourites"])
882 test "unfavorites a status and returns it", %{user: user, conn: conn} do
883 activity = insert(:note_activity)
885 {:ok, _, _} = CommonAPI.favorite(activity.id, user)
887 conn = post(conn, "/api/v1/statuses/#{activity.id}/unfavourite")
889 assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
890 json_response(conn, 200)
892 assert to_string(activity.id) == id
895 test "returns 404 error for a wrong id", %{conn: conn} do
896 conn = post(conn, "/api/v1/statuses/1/unfavourite")
898 assert json_response(conn, 404) == %{"error" => "Record not found"}
902 describe "pinned statuses" do
903 setup do: oauth_access(["write:accounts"])
905 setup %{user: user} do
906 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
908 %{activity: activity}
911 clear_config([:instance, :max_pinned_statuses]) do
912 Config.put([:instance, :max_pinned_statuses], 1)
915 test "pin status", %{conn: conn, user: user, activity: activity} do
916 id_str = to_string(activity.id)
918 assert %{"id" => ^id_str, "pinned" => true} =
920 |> post("/api/v1/statuses/#{activity.id}/pin")
921 |> json_response(200)
923 assert [%{"id" => ^id_str, "pinned" => true}] =
925 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
926 |> json_response(200)
929 test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
930 {:ok, dm} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
932 conn = post(conn, "/api/v1/statuses/#{dm.id}/pin")
934 assert json_response(conn, 400) == %{"error" => "Could not pin"}
937 test "unpin status", %{conn: conn, user: user, activity: activity} do
938 {:ok, _} = CommonAPI.pin(activity.id, user)
939 user = refresh_record(user)
941 id_str = to_string(activity.id)
943 assert %{"id" => ^id_str, "pinned" => false} =
945 |> assign(:user, user)
946 |> post("/api/v1/statuses/#{activity.id}/unpin")
947 |> json_response(200)
951 |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
952 |> json_response(200)
955 test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do
956 conn = post(conn, "/api/v1/statuses/1/unpin")
958 assert json_response(conn, 400) == %{"error" => "Could not unpin"}
961 test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
962 {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
964 id_str_one = to_string(activity_one.id)
966 assert %{"id" => ^id_str_one, "pinned" => true} =
968 |> post("/api/v1/statuses/#{id_str_one}/pin")
969 |> json_response(200)
971 user = refresh_record(user)
973 assert %{"error" => "You have already pinned the maximum number of statuses"} =
975 |> assign(:user, user)
976 |> post("/api/v1/statuses/#{activity_two.id}/pin")
977 |> json_response(400)
983 Config.put([:rich_media, :enabled], true)
985 oauth_access(["read:statuses"])
988 test "returns rich-media card", %{conn: conn, user: user} do
989 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
991 {:ok, activity} = CommonAPI.post(user, %{"status" => "https://example.com/ogp"})
994 "image" => "http://ia.media-imdb.com/images/rock.jpg",
995 "provider_name" => "example.com",
996 "provider_url" => "https://example.com",
997 "title" => "The Rock",
999 "url" => "https://example.com/ogp",
1001 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
1004 "image" => "http://ia.media-imdb.com/images/rock.jpg",
1005 "title" => "The Rock",
1006 "type" => "video.movie",
1007 "url" => "https://example.com/ogp",
1009 "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer."
1016 |> get("/api/v1/statuses/#{activity.id}/card")
1017 |> json_response(200)
1019 assert response == card_data
1021 # works with private posts
1023 CommonAPI.post(user, %{"status" => "https://example.com/ogp", "visibility" => "direct"})
1027 |> get("/api/v1/statuses/#{activity.id}/card")
1028 |> json_response(200)
1030 assert response_two == card_data
1033 test "replaces missing description with an empty string", %{conn: conn, user: user} do
1034 Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
1037 CommonAPI.post(user, %{"status" => "https://example.com/ogp-missing-data"})
1041 |> get("/api/v1/statuses/#{activity.id}/card")
1042 |> json_response(:ok)
1044 assert response == %{
1046 "title" => "Pleroma",
1047 "description" => "",
1049 "provider_name" => "example.com",
1050 "provider_url" => "https://example.com",
1051 "url" => "https://example.com/ogp-missing-data",
1054 "title" => "Pleroma",
1055 "type" => "website",
1056 "url" => "https://example.com/ogp-missing-data"
1064 %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
1065 author = insert(:user)
1068 CommonAPI.post(author, %{
1069 "status" => "heweoo?"
1073 CommonAPI.post(author, %{
1074 "status" => "heweoo!"
1077 response1 = post(conn, "/api/v1/statuses/#{activity1.id}/bookmark")
1079 assert json_response(response1, 200)["bookmarked"] == true
1081 response2 = post(conn, "/api/v1/statuses/#{activity2.id}/bookmark")
1083 assert json_response(response2, 200)["bookmarked"] == true
1085 bookmarks = get(conn, "/api/v1/bookmarks")
1087 assert [json_response(response2, 200), json_response(response1, 200)] ==
1088 json_response(bookmarks, 200)
1090 response1 = post(conn, "/api/v1/statuses/#{activity1.id}/unbookmark")
1092 assert json_response(response1, 200)["bookmarked"] == false
1094 bookmarks = get(conn, "/api/v1/bookmarks")
1096 assert [json_response(response2, 200)] == json_response(bookmarks, 200)
1099 describe "conversation muting" do
1100 setup do: oauth_access(["write:mutes"])
1103 post_user = insert(:user)
1104 {:ok, activity} = CommonAPI.post(post_user, %{"status" => "HIE"})
1105 %{activity: activity}
1108 test "mute conversation", %{conn: conn, activity: activity} do
1109 id_str = to_string(activity.id)
1111 assert %{"id" => ^id_str, "muted" => true} =
1113 |> post("/api/v1/statuses/#{activity.id}/mute")
1114 |> json_response(200)
1117 test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
1118 {:ok, _} = CommonAPI.add_mute(user, activity)
1120 conn = post(conn, "/api/v1/statuses/#{activity.id}/mute")
1122 assert json_response(conn, 400) == %{"error" => "conversation is already muted"}
1125 test "unmute conversation", %{conn: conn, user: user, activity: activity} do
1126 {:ok, _} = CommonAPI.add_mute(user, activity)
1128 id_str = to_string(activity.id)
1130 assert %{"id" => ^id_str, "muted" => false} =
1132 # |> assign(:user, user)
1133 |> post("/api/v1/statuses/#{activity.id}/unmute")
1134 |> json_response(200)
1138 test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do
1139 user1 = insert(:user)
1140 user2 = insert(:user)
1141 user3 = insert(:user)
1143 {:ok, replied_to} = CommonAPI.post(user1, %{"status" => "cofe"})
1145 # Reply to status from another user
1148 |> assign(:user, user2)
1149 |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
1150 |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
1152 assert %{"content" => "xD", "id" => id} = json_response(conn1, 200)
1154 activity = Activity.get_by_id_with_object(id)
1156 assert Object.normalize(activity).data["inReplyTo"] == Object.normalize(replied_to).data["id"]
1157 assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
1159 # Reblog from the third user
1162 |> assign(:user, user3)
1163 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
1164 |> post("/api/v1/statuses/#{activity.id}/reblog")
1166 assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
1167 json_response(conn2, 200)
1169 assert to_string(activity.id) == id
1171 # Getting third user status
1174 |> assign(:user, user3)
1175 |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
1176 |> get("api/v1/timelines/home")
1178 [reblogged_activity] = json_response(conn3, 200)
1180 assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
1182 replied_to_user = User.get_by_ap_id(replied_to.data["actor"])
1183 assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id
1186 describe "GET /api/v1/statuses/:id/favourited_by" do
1187 setup do: oauth_access(["read:accounts"])
1189 setup %{user: user} do
1190 {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
1192 %{activity: activity}
1195 test "returns users who have favorited the status", %{conn: conn, activity: activity} do
1196 other_user = insert(:user)
1197 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1201 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1202 |> json_response(:ok)
1204 [%{"id" => id}] = response
1206 assert id == other_user.id
1209 test "returns empty array when status has not been favorited yet", %{
1215 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1216 |> json_response(:ok)
1218 assert Enum.empty?(response)
1221 test "does not return users who have favorited the status but are blocked", %{
1222 conn: %{assigns: %{user: user}} = conn,
1225 other_user = insert(:user)
1226 {:ok, _user_relationship} = User.block(user, other_user)
1228 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1232 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1233 |> json_response(:ok)
1235 assert Enum.empty?(response)
1238 test "does not fail on an unauthenticated request", %{activity: activity} do
1239 other_user = insert(:user)
1240 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1244 |> get("/api/v1/statuses/#{activity.id}/favourited_by")
1245 |> json_response(:ok)
1247 [%{"id" => id}] = response
1248 assert id == other_user.id
1251 test "requires authentication for private posts", %{user: user} do
1252 other_user = insert(:user)
1255 CommonAPI.post(user, %{
1256 "status" => "@#{other_user.nickname} wanna get some #cofe together?",
1257 "visibility" => "direct"
1260 {:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
1262 favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
1265 |> get(favourited_by_url)
1266 |> json_response(404)
1270 |> assign(:user, other_user)
1271 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1274 |> assign(:token, nil)
1275 |> get(favourited_by_url)
1276 |> json_response(404)
1280 |> get(favourited_by_url)
1281 |> json_response(200)
1283 [%{"id" => id}] = response
1284 assert id == other_user.id
1288 describe "GET /api/v1/statuses/:id/reblogged_by" do
1289 setup do: oauth_access(["read:accounts"])
1291 setup %{user: user} do
1292 {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
1294 %{activity: activity}
1297 test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
1298 other_user = insert(:user)
1299 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
1303 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1304 |> json_response(:ok)
1306 [%{"id" => id}] = response
1308 assert id == other_user.id
1311 test "returns empty array when status has not been reblogged yet", %{
1317 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1318 |> json_response(:ok)
1320 assert Enum.empty?(response)
1323 test "does not return users who have reblogged the status but are blocked", %{
1324 conn: %{assigns: %{user: user}} = conn,
1327 other_user = insert(:user)
1328 {:ok, _user_relationship} = User.block(user, other_user)
1330 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
1334 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1335 |> json_response(:ok)
1337 assert Enum.empty?(response)
1340 test "does not return users who have reblogged the status privately", %{
1344 other_user = insert(:user)
1346 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user, %{"visibility" => "private"})
1350 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1351 |> json_response(:ok)
1353 assert Enum.empty?(response)
1356 test "does not fail on an unauthenticated request", %{activity: activity} do
1357 other_user = insert(:user)
1358 {:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
1362 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1363 |> json_response(:ok)
1365 [%{"id" => id}] = response
1366 assert id == other_user.id
1369 test "requires authentication for private posts", %{user: user} do
1370 other_user = insert(:user)
1373 CommonAPI.post(user, %{
1374 "status" => "@#{other_user.nickname} wanna get some #cofe together?",
1375 "visibility" => "direct"
1379 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1380 |> json_response(404)
1384 |> assign(:user, other_user)
1385 |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
1386 |> get("/api/v1/statuses/#{activity.id}/reblogged_by")
1387 |> json_response(200)
1389 assert [] == response
1394 user = insert(:user)
1396 {:ok, %{id: id1}} = CommonAPI.post(user, %{"status" => "1"})
1397 {:ok, %{id: id2}} = CommonAPI.post(user, %{"status" => "2", "in_reply_to_status_id" => id1})
1398 {:ok, %{id: id3}} = CommonAPI.post(user, %{"status" => "3", "in_reply_to_status_id" => id2})
1399 {:ok, %{id: id4}} = CommonAPI.post(user, %{"status" => "4", "in_reply_to_status_id" => id3})
1400 {:ok, %{id: id5}} = CommonAPI.post(user, %{"status" => "5", "in_reply_to_status_id" => id4})
1404 |> get("/api/v1/statuses/#{id3}/context")
1405 |> json_response(:ok)
1408 "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}],
1409 "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}]
1413 test "returns the favorites of a user" do
1414 %{user: user, conn: conn} = oauth_access(["read:favourites"])
1415 other_user = insert(:user)
1417 {:ok, _} = CommonAPI.post(other_user, %{"status" => "bla"})
1418 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "traps are happy"})
1420 {:ok, _, _} = CommonAPI.favorite(activity.id, user)
1422 first_conn = get(conn, "/api/v1/favourites")
1424 assert [status] = json_response(first_conn, 200)
1425 assert status["id"] == to_string(activity.id)
1427 assert [{"link", _link_header}] =
1428 Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end)
1430 # Honours query params
1431 {:ok, second_activity} =
1432 CommonAPI.post(other_user, %{
1434 "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful."
1437 {:ok, _, _} = CommonAPI.favorite(second_activity.id, user)
1439 last_like = status["id"]
1441 second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like}")
1443 assert [second_status] = json_response(second_conn, 200)
1444 assert second_status["id"] == to_string(second_activity.id)
1446 third_conn = get(conn, "/api/v1/favourites?limit=0")
1448 assert [] = json_response(third_conn, 200)
1451 test "expires_at is nil for another user" do
1452 %{conn: conn, user: user} = oauth_access(["read:statuses"])
1453 {:ok, activity} = CommonAPI.post(user, %{"status" => "foobar", "expires_in" => 1_000_000})
1457 |> ActivityExpiration.get_by_activity_id()
1458 |> Map.get(:scheduled_at)
1459 |> NaiveDateTime.to_iso8601()
1461 assert %{"pleroma" => %{"expires_at" => ^expires_at}} =
1462 conn |> get("/api/v1/statuses/#{activity.id}") |> json_response(:ok)
1464 %{conn: conn} = oauth_access(["read:statuses"])
1466 assert %{"pleroma" => %{"expires_at" => nil}} =
1467 conn |> get("/api/v1/statuses/#{activity.id}") |> json_response(:ok)