1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
11 import Pleroma.Factory
12 clear_config([:instance, :max_account_fields])
14 describe "updating credentials" do
15 test "sets user settings in a generic way", %{conn: conn} do
20 |> assign(:user, user)
21 |> patch("/api/v1/accounts/update_credentials", %{
22 "pleroma_settings_store" => %{
29 assert user = json_response(res_conn, 200)
30 assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
32 user = Repo.get(User, user["id"])
36 |> assign(:user, user)
37 |> patch("/api/v1/accounts/update_credentials", %{
38 "pleroma_settings_store" => %{
45 assert user = json_response(res_conn, 200)
47 assert user["pleroma"]["settings_store"] ==
49 "pleroma_fe" => %{"theme" => "bla"},
50 "masto_fe" => %{"theme" => "bla"}
53 user = Repo.get(User, user["id"])
57 |> assign(:user, user)
58 |> patch("/api/v1/accounts/update_credentials", %{
59 "pleroma_settings_store" => %{
66 assert user = json_response(res_conn, 200)
68 assert user["pleroma"]["settings_store"] ==
70 "pleroma_fe" => %{"theme" => "bla"},
71 "masto_fe" => %{"theme" => "blub"}
75 test "updates the user's bio", %{conn: conn} do
81 |> assign(:user, user)
82 |> patch("/api/v1/accounts/update_credentials", %{
83 "note" => "I drink #cofe with @#{user2.nickname}"
86 assert user = json_response(conn, 200)
88 assert user["note"] ==
89 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe" rel="tag">#cofe</a> with <span class="h-card"><a data-user=") <>
91 ~s(" class="u-url mention" href=") <>
92 user2.ap_id <> ~s(">@<span>) <> user2.nickname <> ~s(</span></a></span>)
95 test "updates the user's locking status", %{conn: conn} do
100 |> assign(:user, user)
101 |> patch("/api/v1/accounts/update_credentials", %{locked: "true"})
103 assert user = json_response(conn, 200)
104 assert user["locked"] == true
107 test "updates the user's default scope", %{conn: conn} do
112 |> assign(:user, user)
113 |> patch("/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
115 assert user = json_response(conn, 200)
116 assert user["source"]["privacy"] == "cofe"
119 test "updates the user's hide_followers status", %{conn: conn} do
124 |> assign(:user, user)
125 |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
127 assert user = json_response(conn, 200)
128 assert user["pleroma"]["hide_followers"] == true
131 test "updates the user's skip_thread_containment option", %{conn: conn} do
136 |> assign(:user, user)
137 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
138 |> json_response(200)
140 assert response["pleroma"]["skip_thread_containment"] == true
141 assert refresh_record(user).info.skip_thread_containment
144 test "updates the user's hide_follows status", %{conn: conn} do
149 |> assign(:user, user)
150 |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
152 assert user = json_response(conn, 200)
153 assert user["pleroma"]["hide_follows"] == true
156 test "updates the user's hide_favorites status", %{conn: conn} do
161 |> assign(:user, user)
162 |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
164 assert user = json_response(conn, 200)
165 assert user["pleroma"]["hide_favorites"] == true
168 test "updates the user's show_role status", %{conn: conn} do
173 |> assign(:user, user)
174 |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
176 assert user = json_response(conn, 200)
177 assert user["source"]["pleroma"]["show_role"] == false
180 test "updates the user's no_rich_text status", %{conn: conn} do
185 |> assign(:user, user)
186 |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
188 assert user = json_response(conn, 200)
189 assert user["source"]["pleroma"]["no_rich_text"] == true
192 test "updates the user's name", %{conn: conn} do
197 |> assign(:user, user)
198 |> patch("/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
200 assert user = json_response(conn, 200)
201 assert user["display_name"] == "markorepairs"
204 test "updates the user's avatar", %{conn: conn} do
207 new_avatar = %Plug.Upload{
208 content_type: "image/jpg",
209 path: Path.absname("test/fixtures/image.jpg"),
210 filename: "an_image.jpg"
215 |> assign(:user, user)
216 |> patch("/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
218 assert user_response = json_response(conn, 200)
219 assert user_response["avatar"] != User.avatar_url(user)
222 test "updates the user's banner", %{conn: conn} do
225 new_header = %Plug.Upload{
226 content_type: "image/jpg",
227 path: Path.absname("test/fixtures/image.jpg"),
228 filename: "an_image.jpg"
233 |> assign(:user, user)
234 |> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
236 assert user_response = json_response(conn, 200)
237 assert user_response["header"] != User.banner_url(user)
240 test "updates the user's background", %{conn: conn} do
243 new_header = %Plug.Upload{
244 content_type: "image/jpg",
245 path: Path.absname("test/fixtures/image.jpg"),
246 filename: "an_image.jpg"
251 |> assign(:user, user)
252 |> patch("/api/v1/accounts/update_credentials", %{
253 "pleroma_background_image" => new_header
256 assert user_response = json_response(conn, 200)
257 assert user_response["pleroma"]["background_image"]
260 test "requires 'write' permission", %{conn: conn} do
261 token1 = insert(:oauth_token, scopes: ["read"])
262 token2 = insert(:oauth_token, scopes: ["write", "follow"])
264 for token <- [token1, token2] do
267 |> put_req_header("authorization", "Bearer #{token.token}")
268 |> patch("/api/v1/accounts/update_credentials", %{})
270 if token == token1 do
271 assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
273 assert json_response(conn, 200)
278 test "updates profile emojos", %{conn: conn} do
281 note = "*sips :blank:*"
282 name = "I am :firefox:"
286 |> assign(:user, user)
287 |> patch("/api/v1/accounts/update_credentials", %{
289 "display_name" => name
292 assert json_response(conn, 200)
296 |> get("/api/v1/accounts/#{user.id}")
298 assert user = json_response(conn, 200)
300 assert user["note"] == note
301 assert user["display_name"] == name
302 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user["emojis"]
305 test "update fields", %{conn: conn} do
309 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
310 %{"name" => "link", "value" => "cofe.io"}
315 |> assign(:user, user)
316 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
317 |> json_response(200)
319 assert account["fields"] == [
320 %{"name" => "foo", "value" => "bar"},
321 %{"name" => "link", "value" => "<a href=\"http://cofe.io\">cofe.io</a>"}
324 assert account["source"]["fields"] == [
326 "name" => "<a href=\"http://google.com\">foo</a>",
327 "value" => "<script>bar</script>"
329 %{"name" => "link", "value" => "cofe.io"}
332 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
333 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
335 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
337 fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
339 assert %{"error" => "Invalid request"} ==
341 |> assign(:user, user)
342 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
343 |> json_response(403)
345 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
347 fields = [%{"name" => long_name, "value" => "bar"}]
349 assert %{"error" => "Invalid request"} ==
351 |> assign(:user, user)
352 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
353 |> json_response(403)
355 Pleroma.Config.put([:instance, :max_account_fields], 1)
358 %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
359 %{"name" => "link", "value" => "cofe.io"}
362 assert %{"error" => "Invalid request"} ==
364 |> assign(:user, user)
365 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
366 |> json_response(403)
369 %{"name" => "foo", "value" => ""},
370 %{"name" => "", "value" => "bar"}
375 |> assign(:user, user)
376 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
377 |> json_response(200)
379 assert account["fields"] == [
380 %{"name" => "foo", "value" => ""}