1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
8 alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
9 alias Pleroma.{Repo, Activity, User, Object, Notification}
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.TwitterAPI.UserView
12 alias Pleroma.Web.TwitterAPI.NotificationView
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.TwitterAPI.TwitterAPI
18 import Pleroma.Factory
20 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
22 describe "POST /api/account/update_profile_banner" do
23 test "it updates the banner", %{conn: conn} do
27 |> assign(:user, user)
28 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
31 user = refresh_record(user)
32 assert user.info.banner["type"] == "Image"
36 describe "POST /api/qvitter/update_background_image" do
37 test "it updates the background", %{conn: conn} do
41 |> assign(:user, user)
42 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
45 user = refresh_record(user)
46 assert user.info.background["type"] == "Image"
50 describe "POST /api/account/verify_credentials" do
53 test "without valid credentials", %{conn: conn} do
54 conn = post(conn, "/api/account/verify_credentials.json")
55 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
58 test "with credentials", %{conn: conn, user: user} do
61 |> with_credentials(user.nickname, "test")
62 |> post("/api/account/verify_credentials.json")
65 assert response == UserView.render("show.json", %{user: user, token: response["token"]})
69 describe "POST /statuses/update.json" do
72 test "without valid credentials", %{conn: conn} do
73 conn = post(conn, "/api/statuses/update.json")
74 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
77 test "with credentials", %{conn: conn, user: user} do
78 conn_with_creds = conn |> with_credentials(user.nickname, "test")
79 request_path = "/api/statuses/update.json"
82 "request" => request_path,
83 "error" => "Client must provide a 'status' parameter with a value."
90 assert json_response(conn, 400) == error_response
94 |> post(request_path, %{status: ""})
96 assert json_response(conn, 400) == error_response
100 |> post(request_path, %{status: " "})
102 assert json_response(conn, 400) == error_response
104 # we post with visibility private in order to avoid triggering relay
107 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
109 assert json_response(conn, 200) ==
110 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user})
114 describe "GET /statuses/public_timeline.json" do
115 test "returns statuses", %{conn: conn} do
117 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
118 ActivityBuilder.insert_list(10, %{}, %{user: user})
119 since_id = List.last(activities).id
123 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
125 response = json_response(conn, 200)
127 assert length(response) == 10
130 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
132 Application.get_env(:pleroma, :instance)
133 |> Keyword.put(:public, false)
135 Application.put_env(:pleroma, :instance, instance)
138 |> get("/api/statuses/public_timeline.json")
139 |> json_response(403)
142 Application.get_env(:pleroma, :instance)
143 |> Keyword.put(:public, true)
145 Application.put_env(:pleroma, :instance, instance)
148 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
150 |> get("/api/statuses/public_timeline.json")
151 |> json_response(200)
155 describe "GET /statuses/public_and_external_timeline.json" do
156 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
158 Application.get_env(:pleroma, :instance)
159 |> Keyword.put(:public, false)
161 Application.put_env(:pleroma, :instance, instance)
164 |> get("/api/statuses/public_and_external_timeline.json")
165 |> json_response(403)
168 Application.get_env(:pleroma, :instance)
169 |> Keyword.put(:public, true)
171 Application.put_env(:pleroma, :instance, instance)
174 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
176 |> get("/api/statuses/public_and_external_timeline.json")
177 |> json_response(200)
181 describe "GET /statuses/show/:id.json" do
182 test "returns one status", %{conn: conn} do
184 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
185 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
189 |> get("/api/statuses/show/#{activity.id}.json")
191 response = json_response(conn, 200)
193 assert response == ActivityRepresenter.to_map(activity, %{user: actor})
197 describe "GET /users/show.json" do
198 test "gets user with screen_name", %{conn: conn} do
203 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
205 response = json_response(conn, 200)
207 assert response["id"] == user.id
210 test "gets user with user_id", %{conn: conn} do
215 |> get("/api/users/show.json", %{"user_id" => user.id})
217 response = json_response(conn, 200)
219 assert response["id"] == user.id
222 test "gets a user for a logged in user", %{conn: conn} do
224 logged_in = insert(:user)
226 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
230 |> with_credentials(logged_in.nickname, "test")
231 |> get("/api/users/show.json", %{"user_id" => user.id})
233 response = json_response(conn, 200)
235 assert response["following"] == true
239 describe "GET /statusnet/conversation/:id.json" do
240 test "returns the statuses in the conversation", %{conn: conn} do
241 {:ok, _user} = UserBuilder.insert()
242 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
243 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
244 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
248 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
250 response = json_response(conn, 200)
252 assert length(response) == 2
256 describe "GET /statuses/friends_timeline.json" do
259 test "without valid credentials", %{conn: conn} do
260 conn = get(conn, "/api/statuses/friends_timeline.json")
261 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
264 test "with credentials", %{conn: conn, user: current_user} do
268 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
270 returned_activities =
271 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
273 other_user = insert(:user)
274 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
275 since_id = List.last(activities).id
278 Changeset.change(current_user, following: [User.ap_followers(user)])
283 |> with_credentials(current_user.nickname, "test")
284 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
286 response = json_response(conn, 200)
288 assert length(response) == 10
291 Enum.map(returned_activities, fn activity ->
292 ActivityRepresenter.to_map(activity, %{
293 user: User.get_cached_by_ap_id(activity.data["actor"]),
300 describe "GET /statuses/dm_timeline.json" do
301 test "it show direct messages", %{conn: conn} do
302 user_one = insert(:user)
303 user_two = insert(:user)
305 {:ok, user_two} = User.follow(user_two, user_one)
308 CommonAPI.post(user_one, %{
309 "status" => "Hi @#{user_two.nickname}!",
310 "visibility" => "direct"
314 CommonAPI.post(user_two, %{
315 "status" => "Hi @#{user_one.nickname}!",
316 "visibility" => "direct"
319 {:ok, _follower_only} =
320 CommonAPI.post(user_one, %{
321 "status" => "Hi @#{user_two.nickname}!",
322 "visibility" => "private"
325 # Only direct should be visible here
328 |> assign(:user, user_two)
329 |> get("/api/statuses/dm_timeline.json")
331 [status, status_two] = json_response(res_conn, 200)
332 assert status["id"] == direct_two.id
333 assert status_two["id"] == direct.id
337 describe "GET /statuses/mentions.json" do
340 test "without valid credentials", %{conn: conn} do
341 conn = get(conn, "/api/statuses/mentions.json")
342 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
345 test "with credentials", %{conn: conn, user: current_user} do
347 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
351 |> with_credentials(current_user.nickname, "test")
352 |> get("/api/statuses/mentions.json")
354 response = json_response(conn, 200)
356 assert length(response) == 1
358 assert Enum.at(response, 0) ==
359 ActivityRepresenter.to_map(activity, %{
361 mentioned: [current_user]
366 describe "GET /api/qvitter/statuses/notifications.json" do
369 test "without valid credentials", %{conn: conn} do
370 conn = get(conn, "/api/qvitter/statuses/notifications.json")
371 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
374 test "with credentials", %{conn: conn, user: current_user} do
375 other_user = insert(:user)
378 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
382 |> with_credentials(current_user.nickname, "test")
383 |> get("/api/qvitter/statuses/notifications.json")
385 response = json_response(conn, 200)
387 assert length(response) == 1
390 NotificationView.render("notification.json", %{
391 notifications: Notification.for_user(current_user),
397 describe "POST /api/qvitter/statuses/notifications/read" do
400 test "without valid credentials", %{conn: conn} do
401 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
402 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
405 test "with credentials, without any params", %{conn: conn, user: current_user} do
408 |> with_credentials(current_user.nickname, "test")
409 |> post("/api/qvitter/statuses/notifications/read")
411 assert json_response(conn, 400) == %{
412 "error" => "You need to specify latest_id",
413 "request" => "/api/qvitter/statuses/notifications/read"
417 test "with credentials, with params", %{conn: conn, user: current_user} do
418 other_user = insert(:user)
421 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
425 |> with_credentials(current_user.nickname, "test")
426 |> get("/api/qvitter/statuses/notifications.json")
428 [notification] = response = json_response(response_conn, 200)
430 assert length(response) == 1
432 assert notification["is_seen"] == 0
436 |> with_credentials(current_user.nickname, "test")
437 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
439 [notification] = response = json_response(response_conn, 200)
441 assert length(response) == 1
443 assert notification["is_seen"] == 1
447 describe "GET /statuses/user_timeline.json" do
450 test "without any params", %{conn: conn} do
451 conn = get(conn, "/api/statuses/user_timeline.json")
453 assert json_response(conn, 400) == %{
454 "error" => "You need to specify screen_name or user_id",
455 "request" => "/api/statuses/user_timeline.json"
459 test "with user_id", %{conn: conn} do
461 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
463 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
464 response = json_response(conn, 200)
465 assert length(response) == 1
466 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
469 test "with screen_name", %{conn: conn} do
471 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
473 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
474 response = json_response(conn, 200)
475 assert length(response) == 1
476 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
479 test "with credentials", %{conn: conn, user: current_user} do
480 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
484 |> with_credentials(current_user.nickname, "test")
485 |> get("/api/statuses/user_timeline.json")
487 response = json_response(conn, 200)
489 assert length(response) == 1
490 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: current_user})
493 test "with credentials with user_id", %{conn: conn, user: current_user} do
495 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
499 |> with_credentials(current_user.nickname, "test")
500 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
502 response = json_response(conn, 200)
504 assert length(response) == 1
505 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
508 test "with credentials screen_name", %{conn: conn, user: current_user} do
510 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
514 |> with_credentials(current_user.nickname, "test")
515 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
517 response = json_response(conn, 200)
519 assert length(response) == 1
520 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
523 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
525 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
526 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
530 |> with_credentials(current_user.nickname, "test")
531 |> get("/api/statuses/user_timeline.json", %{
532 "user_id" => user.id,
533 "include_rts" => "false"
536 response = json_response(conn, 200)
538 assert length(response) == 1
539 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
543 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
545 response = json_response(conn, 200)
547 assert length(response) == 1
548 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
552 describe "POST /friendships/create.json" do
555 test "without valid credentials", %{conn: conn} do
556 conn = post(conn, "/api/friendships/create.json")
557 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
560 test "with credentials", %{conn: conn, user: current_user} do
561 followed = insert(:user)
565 |> with_credentials(current_user.nickname, "test")
566 |> post("/api/friendships/create.json", %{user_id: followed.id})
568 current_user = Repo.get(User, current_user.id)
569 assert User.ap_followers(followed) in current_user.following
571 assert json_response(conn, 200) ==
572 UserView.render("show.json", %{user: followed, for: current_user})
576 describe "POST /friendships/destroy.json" do
579 test "without valid credentials", %{conn: conn} do
580 conn = post(conn, "/api/friendships/destroy.json")
581 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
584 test "with credentials", %{conn: conn, user: current_user} do
585 followed = insert(:user)
587 {:ok, current_user} = User.follow(current_user, followed)
588 assert User.ap_followers(followed) in current_user.following
589 ActivityPub.follow(current_user, followed)
593 |> with_credentials(current_user.nickname, "test")
594 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
596 current_user = Repo.get(User, current_user.id)
597 assert current_user.following == [current_user.ap_id]
599 assert json_response(conn, 200) ==
600 UserView.render("show.json", %{user: followed, for: current_user})
604 describe "POST /blocks/create.json" do
607 test "without valid credentials", %{conn: conn} do
608 conn = post(conn, "/api/blocks/create.json")
609 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
612 test "with credentials", %{conn: conn, user: current_user} do
613 blocked = insert(:user)
617 |> with_credentials(current_user.nickname, "test")
618 |> post("/api/blocks/create.json", %{user_id: blocked.id})
620 current_user = Repo.get(User, current_user.id)
621 assert User.blocks?(current_user, blocked)
623 assert json_response(conn, 200) ==
624 UserView.render("show.json", %{user: blocked, for: current_user})
628 describe "POST /blocks/destroy.json" do
631 test "without valid credentials", %{conn: conn} do
632 conn = post(conn, "/api/blocks/destroy.json")
633 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
636 test "with credentials", %{conn: conn, user: current_user} do
637 blocked = insert(:user)
639 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
640 assert User.blocks?(current_user, blocked)
644 |> with_credentials(current_user.nickname, "test")
645 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
647 current_user = Repo.get(User, current_user.id)
648 assert current_user.info.blocks == []
650 assert json_response(conn, 200) ==
651 UserView.render("show.json", %{user: blocked, for: current_user})
655 describe "GET /help/test.json" do
656 test "returns \"ok\"", %{conn: conn} do
657 conn = get(conn, "/api/help/test.json")
658 assert json_response(conn, 200) == "ok"
662 describe "POST /api/qvitter/update_avatar.json" do
665 test "without valid credentials", %{conn: conn} do
666 conn = post(conn, "/api/qvitter/update_avatar.json")
667 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
670 test "with credentials", %{conn: conn, user: current_user} do
671 avatar_image = File.read!("test/fixtures/avatar_data_uri")
675 |> with_credentials(current_user.nickname, "test")
676 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
678 current_user = Repo.get(User, current_user.id)
679 assert is_map(current_user.avatar)
681 assert json_response(conn, 200) ==
682 UserView.render("show.json", %{user: current_user, for: current_user})
686 describe "GET /api/qvitter/mutes.json" do
689 test "unimplemented mutes without valid credentials", %{conn: conn} do
690 conn = get(conn, "/api/qvitter/mutes.json")
691 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
694 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
697 |> with_credentials(current_user.nickname, "test")
698 |> get("/api/qvitter/mutes.json")
699 |> json_response(200)
705 describe "POST /api/favorites/create/:id" do
708 test "without valid credentials", %{conn: conn} do
709 note_activity = insert(:note_activity)
710 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
711 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
714 test "with credentials", %{conn: conn, user: current_user} do
715 note_activity = insert(:note_activity)
719 |> with_credentials(current_user.nickname, "test")
720 |> post("/api/favorites/create/#{note_activity.id}.json")
722 assert json_response(conn, 200)
725 test "with credentials, invalid param", %{conn: conn, user: current_user} do
728 |> with_credentials(current_user.nickname, "test")
729 |> post("/api/favorites/create/wrong.json")
731 assert json_response(conn, 400)
734 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
737 |> with_credentials(current_user.nickname, "test")
738 |> post("/api/favorites/create/1.json")
740 assert json_response(conn, 500)
744 describe "POST /api/favorites/destroy/:id" do
747 test "without valid credentials", %{conn: conn} do
748 note_activity = insert(:note_activity)
749 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
750 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
753 test "with credentials", %{conn: conn, user: current_user} do
754 note_activity = insert(:note_activity)
755 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
756 ActivityPub.like(current_user, object)
760 |> with_credentials(current_user.nickname, "test")
761 |> post("/api/favorites/destroy/#{note_activity.id}.json")
763 assert json_response(conn, 200)
767 describe "POST /api/statuses/retweet/:id" do
770 test "without valid credentials", %{conn: conn} do
771 note_activity = insert(:note_activity)
772 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
773 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
776 test "with credentials", %{conn: conn, user: current_user} do
777 note_activity = insert(:note_activity)
779 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
783 |> with_credentials(current_user.nickname, "test")
784 |> post(request_path)
786 activity = Repo.get(Activity, note_activity.id)
787 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
789 assert json_response(response, 200) ==
790 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
794 describe "POST /api/statuses/unretweet/:id" do
797 test "without valid credentials", %{conn: conn} do
798 note_activity = insert(:note_activity)
799 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
800 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
803 test "with credentials", %{conn: conn, user: current_user} do
804 note_activity = insert(:note_activity)
806 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
810 |> with_credentials(current_user.nickname, "test")
811 |> post(request_path)
813 request_path = String.replace(request_path, "retweet", "unretweet")
817 |> with_credentials(current_user.nickname, "test")
818 |> post(request_path)
820 activity = Repo.get(Activity, note_activity.id)
821 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
823 assert json_response(response, 200) ==
824 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
828 describe "POST /api/account/register" do
829 test "it creates a new user", %{conn: conn} do
831 "nickname" => "lain",
832 "email" => "lain@wired.jp",
833 "fullname" => "lain iwakura",
834 "bio" => "close the world.",
835 "password" => "bear",
841 |> post("/api/account/register", data)
843 user = json_response(conn, 200)
845 fetched_user = Repo.get_by(User, nickname: "lain")
846 assert user == UserView.render("show.json", %{user: fetched_user})
849 test "it returns errors on a problem", %{conn: conn} do
851 "email" => "lain@wired.jp",
852 "fullname" => "lain iwakura",
853 "bio" => "close the world.",
854 "password" => "bear",
860 |> post("/api/account/register", data)
862 errors = json_response(conn, 400)
864 assert is_binary(errors["error"])
868 describe "POST /api/account/password_reset, with valid parameters" do
869 setup %{conn: conn} do
871 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
872 %{conn: conn, user: user}
875 test "it returns 204", %{conn: conn} do
876 assert json_response(conn, :no_content)
879 test "it creates a PasswordResetToken record for user", %{user: user} do
880 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
884 test "it sends an email to user", %{user: user} do
885 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
887 Swoosh.TestAssertions.assert_email_sent(
888 Pleroma.UserEmail.password_reset_email(user, token_record.token)
893 describe "POST /api/account/password_reset, with invalid parameters" do
896 test "it returns 500 when user is not found", %{conn: conn, user: user} do
897 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
898 assert json_response(conn, :internal_server_error)
901 test "it returns 500 when user is not local", %{conn: conn, user: user} do
902 {:ok, user} = Repo.update(Changeset.change(user, local: false))
903 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
904 assert json_response(conn, :internal_server_error)
908 describe "GET /api/account/confirm_email/:id/:token" do
911 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
915 |> Changeset.change()
916 |> Changeset.put_embed(:info, info_change)
919 assert user.info.confirmation_pending
924 test "it redirects to root url", %{conn: conn, user: user} do
925 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
927 assert 302 == conn.status
930 test "it confirms the user account", %{conn: conn, user: user} do
931 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
933 user = Repo.get(User, user.id)
935 refute user.info.confirmation_pending
936 refute user.info.confirmation_token
939 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
940 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
942 assert 500 == conn.status
945 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
946 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
948 assert 500 == conn.status
952 describe "POST /api/account/resend_confirmation_email" do
954 setting = Pleroma.Config.get([:instance, :account_activation_required])
957 Pleroma.Config.put([:instance, :account_activation_required], true)
958 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
962 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
966 |> Changeset.change()
967 |> Changeset.put_embed(:info, info_change)
970 assert user.info.confirmation_pending
975 test "it returns 204 No Content", %{conn: conn, user: user} do
977 |> assign(:user, user)
978 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
979 |> json_response(:no_content)
982 test "it sends confirmation email", %{conn: conn, user: user} do
984 |> assign(:user, user)
985 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
987 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
991 describe "GET /api/externalprofile/show" do
992 test "it returns the user", %{conn: conn} do
994 other_user = insert(:user)
998 |> assign(:user, user)
999 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1001 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1005 describe "GET /api/statuses/followers" do
1006 test "it returns a user's followers", %{conn: conn} do
1007 user = insert(:user)
1008 follower_one = insert(:user)
1009 follower_two = insert(:user)
1010 _not_follower = insert(:user)
1012 {:ok, follower_one} = User.follow(follower_one, user)
1013 {:ok, follower_two} = User.follow(follower_two, user)
1017 |> assign(:user, user)
1018 |> get("/api/statuses/followers")
1020 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1021 result = json_response(conn, 200)
1022 assert Enum.sort(expected) == Enum.sort(result)
1025 test "it returns a given user's followers with user_id", %{conn: conn} do
1026 user = insert(:user)
1027 follower_one = insert(:user)
1028 follower_two = insert(:user)
1029 not_follower = insert(:user)
1031 {:ok, follower_one} = User.follow(follower_one, user)
1032 {:ok, follower_two} = User.follow(follower_two, user)
1036 |> assign(:user, not_follower)
1037 |> get("/api/statuses/followers", %{"user_id" => user.id})
1039 assert MapSet.equal?(
1040 MapSet.new(json_response(conn, 200)),
1042 UserView.render("index.json", %{
1043 users: [follower_one, follower_two],
1050 test "it returns empty for a hidden network", %{conn: conn} do
1051 user = insert(:user, %{info: %{hide_network: true}})
1052 follower_one = insert(:user)
1053 follower_two = insert(:user)
1054 not_follower = insert(:user)
1056 {:ok, _follower_one} = User.follow(follower_one, user)
1057 {:ok, _follower_two} = User.follow(follower_two, user)
1061 |> assign(:user, not_follower)
1062 |> get("/api/statuses/followers", %{"user_id" => user.id})
1063 |> json_response(200)
1065 assert [] == response
1068 test "it returns the followers for a hidden network if requested by the user themselves", %{
1071 user = insert(:user, %{info: %{hide_network: true}})
1072 follower_one = insert(:user)
1073 follower_two = insert(:user)
1074 _not_follower = insert(:user)
1076 {:ok, _follower_one} = User.follow(follower_one, user)
1077 {:ok, _follower_two} = User.follow(follower_two, user)
1081 |> assign(:user, user)
1082 |> get("/api/statuses/followers", %{"user_id" => user.id})
1084 refute [] == json_response(conn, 200)
1088 describe "GET /api/statuses/friends" do
1089 test "it returns the logged in user's friends", %{conn: conn} do
1090 user = insert(:user)
1091 followed_one = insert(:user)
1092 followed_two = insert(:user)
1093 _not_followed = insert(:user)
1095 {:ok, user} = User.follow(user, followed_one)
1096 {:ok, user} = User.follow(user, followed_two)
1100 |> assign(:user, user)
1101 |> get("/api/statuses/friends")
1103 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1104 result = json_response(conn, 200)
1105 assert Enum.sort(expected) == Enum.sort(result)
1108 test "it returns a given user's friends with user_id", %{conn: conn} do
1109 user = insert(:user)
1110 followed_one = insert(:user)
1111 followed_two = insert(:user)
1112 _not_followed = insert(:user)
1114 {:ok, user} = User.follow(user, followed_one)
1115 {:ok, user} = User.follow(user, followed_two)
1119 |> assign(:user, user)
1120 |> get("/api/statuses/friends", %{"user_id" => user.id})
1122 assert MapSet.equal?(
1123 MapSet.new(json_response(conn, 200)),
1125 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1130 test "it returns empty for a hidden network", %{conn: conn} do
1131 user = insert(:user, %{info: %{hide_network: true}})
1132 followed_one = insert(:user)
1133 followed_two = insert(:user)
1134 not_followed = insert(:user)
1136 {:ok, user} = User.follow(user, followed_one)
1137 {:ok, user} = User.follow(user, followed_two)
1141 |> assign(:user, not_followed)
1142 |> get("/api/statuses/friends", %{"user_id" => user.id})
1144 assert [] == json_response(conn, 200)
1147 test "it returns friends for a hidden network if the user themselves request it", %{
1150 user = insert(:user, %{info: %{hide_network: true}})
1151 followed_one = insert(:user)
1152 followed_two = insert(:user)
1153 _not_followed = insert(:user)
1155 {:ok, _user} = User.follow(user, followed_one)
1156 {:ok, _user} = User.follow(user, followed_two)
1160 |> assign(:user, user)
1161 |> get("/api/statuses/friends", %{"user_id" => user.id})
1162 |> json_response(200)
1164 refute [] == response
1167 test "it returns a given user's friends with screen_name", %{conn: conn} do
1168 user = insert(:user)
1169 followed_one = insert(:user)
1170 followed_two = insert(:user)
1171 _not_followed = insert(:user)
1173 {:ok, user} = User.follow(user, followed_one)
1174 {:ok, user} = User.follow(user, followed_two)
1178 |> assign(:user, user)
1179 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1181 assert MapSet.equal?(
1182 MapSet.new(json_response(conn, 200)),
1184 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1190 describe "GET /friends/ids" do
1191 test "it returns a user's friends", %{conn: conn} do
1192 user = insert(:user)
1193 followed_one = insert(:user)
1194 followed_two = insert(:user)
1195 _not_followed = insert(:user)
1197 {:ok, user} = User.follow(user, followed_one)
1198 {:ok, user} = User.follow(user, followed_two)
1202 |> assign(:user, user)
1203 |> get("/api/friends/ids")
1205 expected = [followed_one.id, followed_two.id]
1207 assert MapSet.equal?(
1208 MapSet.new(Poison.decode!(json_response(conn, 200))),
1209 MapSet.new(expected)
1214 describe "POST /api/account/update_profile.json" do
1215 test "it updates a user's profile", %{conn: conn} do
1216 user = insert(:user)
1217 user2 = insert(:user)
1221 |> assign(:user, user)
1222 |> post("/api/account/update_profile.json", %{
1223 "name" => "new name",
1224 "description" => "hi @#{user2.nickname}"
1227 user = Repo.get!(User, user.id)
1228 assert user.name == "new name"
1231 "hi <span><a data-user='#{user2.id}' class='mention' href='#{user2.ap_id}'>@<span>#{
1233 }</span></a></span>"
1235 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1238 test "it sets and un-sets hide_network", %{conn: conn} do
1239 user = insert(:user)
1242 |> assign(:user, user)
1243 |> post("/api/account/update_profile.json", %{
1244 "hide_network" => "true"
1247 user = Repo.get!(User, user.id)
1248 assert user.info.hide_network == true
1252 |> assign(:user, user)
1253 |> post("/api/account/update_profile.json", %{
1254 "hide_network" => "false"
1257 user = Repo.get!(User, user.id)
1258 assert user.info.hide_network == false
1259 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1262 test "it locks an account", %{conn: conn} do
1263 user = insert(:user)
1267 |> assign(:user, user)
1268 |> post("/api/account/update_profile.json", %{
1272 user = Repo.get!(User, user.id)
1273 assert user.info.locked == true
1275 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1278 test "it unlocks an account", %{conn: conn} do
1279 user = insert(:user)
1283 |> assign(:user, user)
1284 |> post("/api/account/update_profile.json", %{
1288 user = Repo.get!(User, user.id)
1289 assert user.info.locked == false
1291 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1295 defp valid_user(_context) do
1296 user = insert(:user)
1300 defp with_credentials(conn, username, password) do
1301 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1302 put_req_header(conn, "authorization", header_content)
1305 describe "GET /api/search.json" do
1306 test "it returns search results", %{conn: conn} do
1307 user = insert(:user)
1308 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1310 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1311 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1315 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1317 assert [status] = json_response(conn, 200)
1318 assert status["id"] == activity.id
1322 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1323 test "it returns the tags timeline", %{conn: conn} do
1324 user = insert(:user)
1325 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1327 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1328 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1332 |> get("/api/statusnet/tags/timeline/2hu.json")
1334 assert [status] = json_response(conn, 200)
1335 assert status["id"] == activity.id
1339 test "Convert newlines to <br> in bio", %{conn: conn} do
1340 user = insert(:user)
1344 |> assign(:user, user)
1345 |> post("/api/account/update_profile.json", %{
1346 "description" => "Hello,\r\nWorld! I\n am a test."
1349 user = Repo.get!(User, user.id)
1350 assert user.bio == "Hello,<br>World! I<br> am a test."
1353 describe "POST /api/pleroma/change_password" do
1356 test "without credentials", %{conn: conn} do
1357 conn = post(conn, "/api/pleroma/change_password")
1358 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1361 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1364 |> with_credentials(current_user.nickname, "test")
1365 |> post("/api/pleroma/change_password", %{
1367 "new_password" => "newpass",
1368 "new_password_confirmation" => "newpass"
1371 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1374 test "with credentials, valid password and new password and confirmation not matching", %{
1380 |> with_credentials(current_user.nickname, "test")
1381 |> post("/api/pleroma/change_password", %{
1382 "password" => "test",
1383 "new_password" => "newpass",
1384 "new_password_confirmation" => "notnewpass"
1387 assert json_response(conn, 200) == %{
1388 "error" => "New password does not match confirmation."
1392 test "with credentials, valid password and invalid new password", %{
1398 |> with_credentials(current_user.nickname, "test")
1399 |> post("/api/pleroma/change_password", %{
1400 "password" => "test",
1401 "new_password" => "",
1402 "new_password_confirmation" => ""
1405 assert json_response(conn, 200) == %{
1406 "error" => "New password can't be blank."
1410 test "with credentials, valid password and matching new password and confirmation", %{
1416 |> with_credentials(current_user.nickname, "test")
1417 |> post("/api/pleroma/change_password", %{
1418 "password" => "test",
1419 "new_password" => "newpass",
1420 "new_password_confirmation" => "newpass"
1423 assert json_response(conn, 200) == %{"status" => "success"}
1424 fetched_user = Repo.get(User, current_user.id)
1425 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1429 describe "POST /api/pleroma/delete_account" do
1432 test "without credentials", %{conn: conn} do
1433 conn = post(conn, "/api/pleroma/delete_account")
1434 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1437 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1440 |> with_credentials(current_user.nickname, "test")
1441 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1443 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1446 test "with credentials and valid password", %{conn: conn, user: current_user} do
1449 |> with_credentials(current_user.nickname, "test")
1450 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1452 assert json_response(conn, 200) == %{"status" => "success"}
1453 # Wait a second for the started task to end
1458 describe "GET /api/pleroma/friend_requests" do
1459 test "it lists friend requests" do
1460 user = insert(:user)
1461 other_user = insert(:user)
1463 {:ok, _activity} = ActivityPub.follow(other_user, user)
1465 user = Repo.get(User, user.id)
1466 other_user = Repo.get(User, other_user.id)
1468 assert User.following?(other_user, user) == false
1472 |> assign(:user, user)
1473 |> get("/api/pleroma/friend_requests")
1475 assert [relationship] = json_response(conn, 200)
1476 assert other_user.id == relationship["id"]
1480 describe "POST /api/pleroma/friendships/approve" do
1481 test "it approves a friend request" do
1482 user = insert(:user)
1483 other_user = insert(:user)
1485 {:ok, _activity} = ActivityPub.follow(other_user, user)
1487 user = Repo.get(User, user.id)
1488 other_user = Repo.get(User, other_user.id)
1490 assert User.following?(other_user, user) == false
1494 |> assign(:user, user)
1495 |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
1497 assert relationship = json_response(conn, 200)
1498 assert other_user.id == relationship["id"]
1499 assert relationship["follows_you"] == true
1503 describe "POST /api/pleroma/friendships/deny" do
1504 test "it denies a friend request" do
1505 user = insert(:user)
1506 other_user = insert(:user)
1508 {:ok, _activity} = ActivityPub.follow(other_user, user)
1510 user = Repo.get(User, user.id)
1511 other_user = Repo.get(User, other_user.id)
1513 assert User.following?(other_user, user) == false
1517 |> assign(:user, user)
1518 |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
1520 assert relationship = json_response(conn, 200)
1521 assert other_user.id == relationship["id"]
1522 assert relationship["follows_you"] == false
1526 describe "GET /api/pleroma/search_user" do
1527 test "it returns users, ordered by similarity", %{conn: conn} do
1528 user = insert(:user, %{name: "eal"})
1529 user_two = insert(:user, %{name: "ean"})
1530 user_three = insert(:user, %{name: "ebn"})
1534 |> get(twitter_api_search__path(conn, :search_user), query: "eal")
1535 |> json_response(200)
1537 assert length(resp) == 3
1538 assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1542 describe "POST /api/media/upload" do
1544 Pleroma.DataCase.ensure_local_uploader(context)
1547 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1550 user = insert(:user)
1552 upload_filename = "test/fixtures/image_tmp.jpg"
1553 File.cp!("test/fixtures/image.jpg", upload_filename)
1555 file = %Plug.Upload{
1556 content_type: "image/jpg",
1557 path: Path.absname(upload_filename),
1558 filename: "image.jpg"
1563 |> assign(:user, user)
1564 |> put_req_header("content-type", "application/octet-stream")
1565 |> post("/api/media/upload", %{
1568 |> json_response(:ok)
1570 assert response["media_id"]
1571 object = Repo.get(Object, response["media_id"])
1573 assert object.data["actor"] == User.ap_id(user)
1577 describe "POST /api/media/metadata/create" do
1579 object = insert(:note)
1580 user = User.get_by_ap_id(object.data["actor"])
1581 %{object: object, user: user}
1584 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1588 initial_description = object.data["name"]
1589 another_user = insert(:user)
1592 |> assign(:user, another_user)
1593 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1594 |> json_response(:forbidden)
1596 object = Repo.get(Object, object.id)
1597 assert object.data["name"] == initial_description
1600 test "it updates `data[name]` of referenced Object with provided value", %{
1605 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1608 |> assign(:user, user)
1609 |> post("/api/media/metadata/create", %{
1610 "media_id" => object.id,
1611 "alt_text" => %{"text" => description}
1613 |> json_response(:no_content)
1615 object = Repo.get(Object, object.id)
1616 assert object.data["name"] == description