1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
8 alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
9 alias Pleroma.{Repo, Activity, User, Object, Notification}
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.TwitterAPI.UserView
12 alias Pleroma.Web.TwitterAPI.NotificationView
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.TwitterAPI.TwitterAPI
18 import Pleroma.Factory
20 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
22 describe "POST /api/account/update_profile_banner" do
23 test "it updates the banner", %{conn: conn} do
27 |> assign(:user, user)
28 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
31 user = refresh_record(user)
32 assert user.info.banner["type"] == "Image"
36 describe "POST /api/qvitter/update_background_image" do
37 test "it updates the background", %{conn: conn} do
41 |> assign(:user, user)
42 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
45 user = refresh_record(user)
46 assert user.info.background["type"] == "Image"
50 describe "POST /api/account/verify_credentials" do
53 test "without valid credentials", %{conn: conn} do
54 conn = post(conn, "/api/account/verify_credentials.json")
55 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
58 test "with credentials", %{conn: conn, user: user} do
61 |> with_credentials(user.nickname, "test")
62 |> post("/api/account/verify_credentials.json")
65 assert response == UserView.render("show.json", %{user: user, token: response["token"]})
69 describe "POST /statuses/update.json" do
72 test "without valid credentials", %{conn: conn} do
73 conn = post(conn, "/api/statuses/update.json")
74 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
77 test "with credentials", %{conn: conn, user: user} do
78 conn_with_creds = conn |> with_credentials(user.nickname, "test")
79 request_path = "/api/statuses/update.json"
82 "request" => request_path,
83 "error" => "Client must provide a 'status' parameter with a value."
90 assert json_response(conn, 400) == error_response
94 |> post(request_path, %{status: ""})
96 assert json_response(conn, 400) == error_response
100 |> post(request_path, %{status: " "})
102 assert json_response(conn, 400) == error_response
104 # we post with visibility private in order to avoid triggering relay
107 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
109 assert json_response(conn, 200) ==
110 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user})
114 describe "GET /statuses/public_timeline.json" do
115 test "returns statuses", %{conn: conn} do
117 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
118 ActivityBuilder.insert_list(10, %{}, %{user: user})
119 since_id = List.last(activities).id
123 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
125 response = json_response(conn, 200)
127 assert length(response) == 10
130 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
132 Application.get_env(:pleroma, :instance)
133 |> Keyword.put(:public, false)
135 Application.put_env(:pleroma, :instance, instance)
138 |> get("/api/statuses/public_timeline.json")
139 |> json_response(403)
142 Application.get_env(:pleroma, :instance)
143 |> Keyword.put(:public, true)
145 Application.put_env(:pleroma, :instance, instance)
148 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
150 |> get("/api/statuses/public_timeline.json")
151 |> json_response(200)
155 describe "GET /statuses/public_and_external_timeline.json" do
156 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
158 Application.get_env(:pleroma, :instance)
159 |> Keyword.put(:public, false)
161 Application.put_env(:pleroma, :instance, instance)
164 |> get("/api/statuses/public_and_external_timeline.json")
165 |> json_response(403)
168 Application.get_env(:pleroma, :instance)
169 |> Keyword.put(:public, true)
171 Application.put_env(:pleroma, :instance, instance)
174 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
176 |> get("/api/statuses/public_and_external_timeline.json")
177 |> json_response(200)
181 describe "GET /statuses/show/:id.json" do
182 test "returns one status", %{conn: conn} do
184 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
185 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
189 |> get("/api/statuses/show/#{activity.id}.json")
191 response = json_response(conn, 200)
193 assert response == ActivityRepresenter.to_map(activity, %{user: actor})
197 describe "GET /users/show.json" do
198 test "gets user with screen_name", %{conn: conn} do
203 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
205 response = json_response(conn, 200)
207 assert response["id"] == user.id
210 test "gets user with user_id", %{conn: conn} do
215 |> get("/api/users/show.json", %{"user_id" => user.id})
217 response = json_response(conn, 200)
219 assert response["id"] == user.id
222 test "gets a user for a logged in user", %{conn: conn} do
224 logged_in = insert(:user)
226 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
230 |> with_credentials(logged_in.nickname, "test")
231 |> get("/api/users/show.json", %{"user_id" => user.id})
233 response = json_response(conn, 200)
235 assert response["following"] == true
239 describe "GET /statusnet/conversation/:id.json" do
240 test "returns the statuses in the conversation", %{conn: conn} do
241 {:ok, _user} = UserBuilder.insert()
242 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
243 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
244 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
248 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
250 response = json_response(conn, 200)
252 assert length(response) == 2
256 describe "GET /statuses/friends_timeline.json" do
259 test "without valid credentials", %{conn: conn} do
260 conn = get(conn, "/api/statuses/friends_timeline.json")
261 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
264 test "with credentials", %{conn: conn, user: current_user} do
268 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
270 returned_activities =
271 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
273 other_user = insert(:user)
274 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
275 since_id = List.last(activities).id
278 Changeset.change(current_user, following: [User.ap_followers(user)])
283 |> with_credentials(current_user.nickname, "test")
284 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
286 response = json_response(conn, 200)
288 assert length(response) == 10
291 Enum.map(returned_activities, fn activity ->
292 ActivityRepresenter.to_map(activity, %{
293 user: User.get_cached_by_ap_id(activity.data["actor"]),
300 describe "GET /statuses/dm_timeline.json" do
301 test "it show direct messages", %{conn: conn} do
302 user_one = insert(:user)
303 user_two = insert(:user)
305 {:ok, user_two} = User.follow(user_two, user_one)
308 CommonAPI.post(user_one, %{
309 "status" => "Hi @#{user_two.nickname}!",
310 "visibility" => "direct"
314 CommonAPI.post(user_two, %{
315 "status" => "Hi @#{user_one.nickname}!",
316 "visibility" => "direct"
319 {:ok, _follower_only} =
320 CommonAPI.post(user_one, %{
321 "status" => "Hi @#{user_two.nickname}!",
322 "visibility" => "private"
325 # Only direct should be visible here
328 |> assign(:user, user_two)
329 |> get("/api/statuses/dm_timeline.json")
331 [status, status_two] = json_response(res_conn, 200)
332 assert status["id"] == direct_two.id
333 assert status_two["id"] == direct.id
337 describe "GET /statuses/mentions.json" do
340 test "without valid credentials", %{conn: conn} do
341 conn = get(conn, "/api/statuses/mentions.json")
342 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
345 test "with credentials", %{conn: conn, user: current_user} do
347 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
351 |> with_credentials(current_user.nickname, "test")
352 |> get("/api/statuses/mentions.json")
354 response = json_response(conn, 200)
356 assert length(response) == 1
358 assert Enum.at(response, 0) ==
359 ActivityRepresenter.to_map(activity, %{
361 mentioned: [current_user]
366 describe "GET /api/qvitter/statuses/notifications.json" do
369 test "without valid credentials", %{conn: conn} do
370 conn = get(conn, "/api/qvitter/statuses/notifications.json")
371 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
374 test "with credentials", %{conn: conn, user: current_user} do
375 other_user = insert(:user)
378 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
382 |> with_credentials(current_user.nickname, "test")
383 |> get("/api/qvitter/statuses/notifications.json")
385 response = json_response(conn, 200)
387 assert length(response) == 1
390 NotificationView.render("notification.json", %{
391 notifications: Notification.for_user(current_user),
397 describe "POST /api/qvitter/statuses/notifications/read" do
400 test "without valid credentials", %{conn: conn} do
401 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
402 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
405 test "with credentials, without any params", %{conn: conn, user: current_user} do
408 |> with_credentials(current_user.nickname, "test")
409 |> post("/api/qvitter/statuses/notifications/read")
411 assert json_response(conn, 400) == %{
412 "error" => "You need to specify latest_id",
413 "request" => "/api/qvitter/statuses/notifications/read"
417 test "with credentials, with params", %{conn: conn, user: current_user} do
418 other_user = insert(:user)
421 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
425 |> with_credentials(current_user.nickname, "test")
426 |> get("/api/qvitter/statuses/notifications.json")
428 [notification] = response = json_response(response_conn, 200)
430 assert length(response) == 1
432 assert notification["is_seen"] == 0
436 |> with_credentials(current_user.nickname, "test")
437 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
439 [notification] = response = json_response(response_conn, 200)
441 assert length(response) == 1
443 assert notification["is_seen"] == 1
447 describe "GET /statuses/user_timeline.json" do
450 test "without any params", %{conn: conn} do
451 conn = get(conn, "/api/statuses/user_timeline.json")
453 assert json_response(conn, 400) == %{
454 "error" => "You need to specify screen_name or user_id",
455 "request" => "/api/statuses/user_timeline.json"
459 test "with user_id", %{conn: conn} do
461 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
463 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
464 response = json_response(conn, 200)
465 assert length(response) == 1
466 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
469 test "with screen_name", %{conn: conn} do
471 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
473 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
474 response = json_response(conn, 200)
475 assert length(response) == 1
476 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
479 test "with credentials", %{conn: conn, user: current_user} do
480 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
484 |> with_credentials(current_user.nickname, "test")
485 |> get("/api/statuses/user_timeline.json")
487 response = json_response(conn, 200)
489 assert length(response) == 1
490 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: current_user})
493 test "with credentials with user_id", %{conn: conn, user: current_user} do
495 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
499 |> with_credentials(current_user.nickname, "test")
500 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
502 response = json_response(conn, 200)
504 assert length(response) == 1
505 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
508 test "with credentials screen_name", %{conn: conn, user: current_user} do
510 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
514 |> with_credentials(current_user.nickname, "test")
515 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
517 response = json_response(conn, 200)
519 assert length(response) == 1
520 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
523 test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
525 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
526 {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
530 |> with_credentials(current_user.nickname, "test")
531 |> get("/api/statuses/user_timeline.json", %{
532 "user_id" => user.id,
533 "include_rts" => "false"
536 response = json_response(conn, 200)
538 assert length(response) == 1
539 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
543 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
545 response = json_response(conn, 200)
547 assert length(response) == 1
548 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
552 describe "POST /friendships/create.json" do
555 test "without valid credentials", %{conn: conn} do
556 conn = post(conn, "/api/friendships/create.json")
557 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
560 test "with credentials", %{conn: conn, user: current_user} do
561 followed = insert(:user)
565 |> with_credentials(current_user.nickname, "test")
566 |> post("/api/friendships/create.json", %{user_id: followed.id})
568 current_user = Repo.get(User, current_user.id)
569 assert User.ap_followers(followed) in current_user.following
571 assert json_response(conn, 200) ==
572 UserView.render("show.json", %{user: followed, for: current_user})
576 describe "POST /friendships/destroy.json" do
579 test "without valid credentials", %{conn: conn} do
580 conn = post(conn, "/api/friendships/destroy.json")
581 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
584 test "with credentials", %{conn: conn, user: current_user} do
585 followed = insert(:user)
587 {:ok, current_user} = User.follow(current_user, followed)
588 assert User.ap_followers(followed) in current_user.following
589 ActivityPub.follow(current_user, followed)
593 |> with_credentials(current_user.nickname, "test")
594 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
596 current_user = Repo.get(User, current_user.id)
597 assert current_user.following == [current_user.ap_id]
599 assert json_response(conn, 200) ==
600 UserView.render("show.json", %{user: followed, for: current_user})
604 describe "POST /blocks/create.json" do
607 test "without valid credentials", %{conn: conn} do
608 conn = post(conn, "/api/blocks/create.json")
609 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
612 test "with credentials", %{conn: conn, user: current_user} do
613 blocked = insert(:user)
617 |> with_credentials(current_user.nickname, "test")
618 |> post("/api/blocks/create.json", %{user_id: blocked.id})
620 current_user = Repo.get(User, current_user.id)
621 assert User.blocks?(current_user, blocked)
623 assert json_response(conn, 200) ==
624 UserView.render("show.json", %{user: blocked, for: current_user})
628 describe "POST /blocks/destroy.json" do
631 test "without valid credentials", %{conn: conn} do
632 conn = post(conn, "/api/blocks/destroy.json")
633 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
636 test "with credentials", %{conn: conn, user: current_user} do
637 blocked = insert(:user)
639 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
640 assert User.blocks?(current_user, blocked)
644 |> with_credentials(current_user.nickname, "test")
645 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
647 current_user = Repo.get(User, current_user.id)
648 assert current_user.info.blocks == []
650 assert json_response(conn, 200) ==
651 UserView.render("show.json", %{user: blocked, for: current_user})
655 describe "GET /help/test.json" do
656 test "returns \"ok\"", %{conn: conn} do
657 conn = get(conn, "/api/help/test.json")
658 assert json_response(conn, 200) == "ok"
662 describe "POST /api/qvitter/update_avatar.json" do
665 test "without valid credentials", %{conn: conn} do
666 conn = post(conn, "/api/qvitter/update_avatar.json")
667 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
670 test "with credentials", %{conn: conn, user: current_user} do
671 avatar_image = File.read!("test/fixtures/avatar_data_uri")
675 |> with_credentials(current_user.nickname, "test")
676 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
678 current_user = Repo.get(User, current_user.id)
679 assert is_map(current_user.avatar)
681 assert json_response(conn, 200) ==
682 UserView.render("show.json", %{user: current_user, for: current_user})
686 describe "GET /api/qvitter/mutes.json" do
689 test "unimplemented mutes without valid credentials", %{conn: conn} do
690 conn = get(conn, "/api/qvitter/mutes.json")
691 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
694 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
697 |> with_credentials(current_user.nickname, "test")
698 |> get("/api/qvitter/mutes.json")
699 |> json_response(200)
705 describe "POST /api/favorites/create/:id" do
708 test "without valid credentials", %{conn: conn} do
709 note_activity = insert(:note_activity)
710 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
711 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
714 test "with credentials", %{conn: conn, user: current_user} do
715 note_activity = insert(:note_activity)
719 |> with_credentials(current_user.nickname, "test")
720 |> post("/api/favorites/create/#{note_activity.id}.json")
722 assert json_response(conn, 200)
725 test "with credentials, invalid param", %{conn: conn, user: current_user} do
728 |> with_credentials(current_user.nickname, "test")
729 |> post("/api/favorites/create/wrong.json")
731 assert json_response(conn, 400)
734 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
737 |> with_credentials(current_user.nickname, "test")
738 |> post("/api/favorites/create/1.json")
740 assert json_response(conn, 500)
744 describe "POST /api/favorites/destroy/:id" do
747 test "without valid credentials", %{conn: conn} do
748 note_activity = insert(:note_activity)
749 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
750 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
753 test "with credentials", %{conn: conn, user: current_user} do
754 note_activity = insert(:note_activity)
755 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
756 ActivityPub.like(current_user, object)
760 |> with_credentials(current_user.nickname, "test")
761 |> post("/api/favorites/destroy/#{note_activity.id}.json")
763 assert json_response(conn, 200)
767 describe "POST /api/statuses/retweet/:id" do
770 test "without valid credentials", %{conn: conn} do
771 note_activity = insert(:note_activity)
772 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
773 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
776 test "with credentials", %{conn: conn, user: current_user} do
777 note_activity = insert(:note_activity)
779 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
783 |> with_credentials(current_user.nickname, "test")
784 |> post(request_path)
786 activity = Repo.get(Activity, note_activity.id)
787 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
789 assert json_response(response, 200) ==
790 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
794 describe "POST /api/statuses/unretweet/:id" do
797 test "without valid credentials", %{conn: conn} do
798 note_activity = insert(:note_activity)
799 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
800 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
803 test "with credentials", %{conn: conn, user: current_user} do
804 note_activity = insert(:note_activity)
806 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
810 |> with_credentials(current_user.nickname, "test")
811 |> post(request_path)
813 request_path = String.replace(request_path, "retweet", "unretweet")
817 |> with_credentials(current_user.nickname, "test")
818 |> post(request_path)
820 activity = Repo.get(Activity, note_activity.id)
821 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
823 assert json_response(response, 200) ==
824 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
828 describe "POST /api/account/register" do
829 test "it creates a new user", %{conn: conn} do
831 "nickname" => "lain",
832 "email" => "lain@wired.jp",
833 "fullname" => "lain iwakura",
834 "bio" => "close the world.",
835 "password" => "bear",
841 |> post("/api/account/register", data)
843 user = json_response(conn, 200)
845 fetched_user = Repo.get_by(User, nickname: "lain")
846 assert user == UserView.render("show.json", %{user: fetched_user})
849 test "it returns errors on a problem", %{conn: conn} do
851 "email" => "lain@wired.jp",
852 "fullname" => "lain iwakura",
853 "bio" => "close the world.",
854 "password" => "bear",
860 |> post("/api/account/register", data)
862 errors = json_response(conn, 400)
864 assert is_binary(errors["error"])
868 describe "POST /api/account/password_reset, with valid parameters" do
869 setup %{conn: conn} do
871 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
872 %{conn: conn, user: user}
875 test "it returns 204", %{conn: conn} do
876 assert json_response(conn, :no_content)
879 test "it creates a PasswordResetToken record for user", %{user: user} do
880 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
884 test "it sends an email to user", %{user: user} do
885 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
887 Swoosh.TestAssertions.assert_email_sent(
888 Pleroma.UserEmail.password_reset_email(user, token_record.token)
893 describe "POST /api/account/password_reset, with invalid parameters" do
896 test "it returns 500 when user is not found", %{conn: conn, user: user} do
897 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
898 assert json_response(conn, :internal_server_error)
901 test "it returns 500 when user is not local", %{conn: conn, user: user} do
902 {:ok, user} = Repo.update(Changeset.change(user, local: false))
903 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
904 assert json_response(conn, :internal_server_error)
908 describe "GET /api/account/confirm_email/:id/:token" do
911 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
915 |> Changeset.change()
916 |> Changeset.put_embed(:info, info_change)
919 assert user.info.confirmation_pending
924 test "it redirects to root url", %{conn: conn, user: user} do
925 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
927 assert 302 == conn.status
930 test "it confirms the user account", %{conn: conn, user: user} do
931 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
933 user = Repo.get(User, user.id)
935 refute user.info.confirmation_pending
936 refute user.info.confirmation_token
939 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
940 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
942 assert 500 == conn.status
945 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
946 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
948 assert 500 == conn.status
952 describe "POST /api/account/resend_confirmation_email" do
954 setting = Pleroma.Config.get([:instance, :account_activation_required])
957 Pleroma.Config.put([:instance, :account_activation_required], true)
958 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
962 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
966 |> Changeset.change()
967 |> Changeset.put_embed(:info, info_change)
970 assert user.info.confirmation_pending
975 test "it returns 204 No Content", %{conn: conn, user: user} do
977 |> assign(:user, user)
978 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
979 |> json_response(:no_content)
982 test "it sends confirmation email", %{conn: conn, user: user} do
984 |> assign(:user, user)
985 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
987 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
991 describe "GET /api/externalprofile/show" do
992 test "it returns the user", %{conn: conn} do
994 other_user = insert(:user)
998 |> assign(:user, user)
999 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
1001 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
1005 describe "GET /api/statuses/followers" do
1006 test "it returns a user's followers", %{conn: conn} do
1007 user = insert(:user)
1008 follower_one = insert(:user)
1009 follower_two = insert(:user)
1010 _not_follower = insert(:user)
1012 {:ok, follower_one} = User.follow(follower_one, user)
1013 {:ok, follower_two} = User.follow(follower_two, user)
1017 |> assign(:user, user)
1018 |> get("/api/statuses/followers")
1020 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
1021 result = json_response(conn, 200)
1022 assert Enum.sort(expected) == Enum.sort(result)
1025 test "it returns a given user's followers with user_id", %{conn: conn} do
1026 user = insert(:user)
1027 follower_one = insert(:user)
1028 follower_two = insert(:user)
1029 not_follower = insert(:user)
1031 {:ok, follower_one} = User.follow(follower_one, user)
1032 {:ok, follower_two} = User.follow(follower_two, user)
1036 |> assign(:user, not_follower)
1037 |> get("/api/statuses/followers", %{"user_id" => user.id})
1039 assert MapSet.equal?(
1040 MapSet.new(json_response(conn, 200)),
1042 UserView.render("index.json", %{
1043 users: [follower_one, follower_two],
1050 test "it returns empty for a hidden network", %{conn: conn} do
1051 user = insert(:user, %{info: %{hide_network: true}})
1052 follower_one = insert(:user)
1053 follower_two = insert(:user)
1054 not_follower = insert(:user)
1056 {:ok, _follower_one} = User.follow(follower_one, user)
1057 {:ok, _follower_two} = User.follow(follower_two, user)
1061 |> assign(:user, not_follower)
1062 |> get("/api/statuses/followers", %{"user_id" => user.id})
1063 |> json_response(200)
1065 assert [] == response
1068 test "it returns the followers for a hidden network if requested by the user themselves", %{
1071 user = insert(:user, %{info: %{hide_network: true}})
1072 follower_one = insert(:user)
1073 follower_two = insert(:user)
1074 _not_follower = insert(:user)
1076 {:ok, _follower_one} = User.follow(follower_one, user)
1077 {:ok, _follower_two} = User.follow(follower_two, user)
1081 |> assign(:user, user)
1082 |> get("/api/statuses/followers", %{"user_id" => user.id})
1084 refute [] == json_response(conn, 200)
1088 describe "GET /api/statuses/blocks" do
1089 test "it returns the list of users blocked by requester", %{conn: conn} do
1090 user = insert(:user)
1091 other_user = insert(:user)
1093 {:ok, user} = User.block(user, other_user)
1097 |> assign(:user, user)
1098 |> get("/api/statuses/blocks")
1100 expected = UserView.render("index.json", %{users: [other_user], for: user})
1101 result = json_response(conn, 200)
1102 assert Enum.sort(expected) == Enum.sort(result)
1106 describe "GET /api/statuses/friends" do
1107 test "it returns the logged in user's friends", %{conn: conn} do
1108 user = insert(:user)
1109 followed_one = insert(:user)
1110 followed_two = insert(:user)
1111 _not_followed = insert(:user)
1113 {:ok, user} = User.follow(user, followed_one)
1114 {:ok, user} = User.follow(user, followed_two)
1118 |> assign(:user, user)
1119 |> get("/api/statuses/friends")
1121 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1122 result = json_response(conn, 200)
1123 assert Enum.sort(expected) == Enum.sort(result)
1126 test "it returns a given user's friends with user_id", %{conn: conn} do
1127 user = insert(:user)
1128 followed_one = insert(:user)
1129 followed_two = insert(:user)
1130 _not_followed = insert(:user)
1132 {:ok, user} = User.follow(user, followed_one)
1133 {:ok, user} = User.follow(user, followed_two)
1137 |> assign(:user, user)
1138 |> get("/api/statuses/friends", %{"user_id" => user.id})
1140 assert MapSet.equal?(
1141 MapSet.new(json_response(conn, 200)),
1143 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1148 test "it returns empty for a hidden network", %{conn: conn} do
1149 user = insert(:user, %{info: %{hide_network: true}})
1150 followed_one = insert(:user)
1151 followed_two = insert(:user)
1152 not_followed = insert(:user)
1154 {:ok, user} = User.follow(user, followed_one)
1155 {:ok, user} = User.follow(user, followed_two)
1159 |> assign(:user, not_followed)
1160 |> get("/api/statuses/friends", %{"user_id" => user.id})
1162 assert [] == json_response(conn, 200)
1165 test "it returns friends for a hidden network if the user themselves request it", %{
1168 user = insert(:user, %{info: %{hide_network: true}})
1169 followed_one = insert(:user)
1170 followed_two = insert(:user)
1171 _not_followed = insert(:user)
1173 {:ok, _user} = User.follow(user, followed_one)
1174 {:ok, _user} = User.follow(user, followed_two)
1178 |> assign(:user, user)
1179 |> get("/api/statuses/friends", %{"user_id" => user.id})
1180 |> json_response(200)
1182 refute [] == response
1185 test "it returns a given user's friends with screen_name", %{conn: conn} do
1186 user = insert(:user)
1187 followed_one = insert(:user)
1188 followed_two = insert(:user)
1189 _not_followed = insert(:user)
1191 {:ok, user} = User.follow(user, followed_one)
1192 {:ok, user} = User.follow(user, followed_two)
1196 |> assign(:user, user)
1197 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1199 assert MapSet.equal?(
1200 MapSet.new(json_response(conn, 200)),
1202 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1208 describe "GET /friends/ids" do
1209 test "it returns a user's friends", %{conn: conn} do
1210 user = insert(:user)
1211 followed_one = insert(:user)
1212 followed_two = insert(:user)
1213 _not_followed = insert(:user)
1215 {:ok, user} = User.follow(user, followed_one)
1216 {:ok, user} = User.follow(user, followed_two)
1220 |> assign(:user, user)
1221 |> get("/api/friends/ids")
1223 expected = [followed_one.id, followed_two.id]
1225 assert MapSet.equal?(
1226 MapSet.new(Poison.decode!(json_response(conn, 200))),
1227 MapSet.new(expected)
1232 describe "POST /api/account/update_profile.json" do
1233 test "it updates a user's profile", %{conn: conn} do
1234 user = insert(:user)
1235 user2 = insert(:user)
1239 |> assign(:user, user)
1240 |> post("/api/account/update_profile.json", %{
1241 "name" => "new name",
1242 "description" => "hi @#{user2.nickname}"
1245 user = Repo.get!(User, user.id)
1246 assert user.name == "new name"
1249 "hi <span><a data-user='#{user2.id}' class='mention' href='#{user2.ap_id}'>@<span>#{
1251 }</span></a></span>"
1253 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1256 test "it sets and un-sets hide_network", %{conn: conn} do
1257 user = insert(:user)
1260 |> assign(:user, user)
1261 |> post("/api/account/update_profile.json", %{
1262 "hide_network" => "true"
1265 user = Repo.get!(User, user.id)
1266 assert user.info.hide_network == true
1270 |> assign(:user, user)
1271 |> post("/api/account/update_profile.json", %{
1272 "hide_network" => "false"
1275 user = Repo.get!(User, user.id)
1276 assert user.info.hide_network == false
1277 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1280 test "it locks an account", %{conn: conn} do
1281 user = insert(:user)
1285 |> assign(:user, user)
1286 |> post("/api/account/update_profile.json", %{
1290 user = Repo.get!(User, user.id)
1291 assert user.info.locked == true
1293 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1296 test "it unlocks an account", %{conn: conn} do
1297 user = insert(:user)
1301 |> assign(:user, user)
1302 |> post("/api/account/update_profile.json", %{
1306 user = Repo.get!(User, user.id)
1307 assert user.info.locked == false
1309 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1313 defp valid_user(_context) do
1314 user = insert(:user)
1318 defp with_credentials(conn, username, password) do
1319 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1320 put_req_header(conn, "authorization", header_content)
1323 describe "GET /api/search.json" do
1324 test "it returns search results", %{conn: conn} do
1325 user = insert(:user)
1326 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1328 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1329 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1333 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1335 assert [status] = json_response(conn, 200)
1336 assert status["id"] == activity.id
1340 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1341 test "it returns the tags timeline", %{conn: conn} do
1342 user = insert(:user)
1343 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1345 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1346 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1350 |> get("/api/statusnet/tags/timeline/2hu.json")
1352 assert [status] = json_response(conn, 200)
1353 assert status["id"] == activity.id
1357 test "Convert newlines to <br> in bio", %{conn: conn} do
1358 user = insert(:user)
1362 |> assign(:user, user)
1363 |> post("/api/account/update_profile.json", %{
1364 "description" => "Hello,\r\nWorld! I\n am a test."
1367 user = Repo.get!(User, user.id)
1368 assert user.bio == "Hello,<br>World! I<br> am a test."
1371 describe "POST /api/pleroma/change_password" do
1374 test "without credentials", %{conn: conn} do
1375 conn = post(conn, "/api/pleroma/change_password")
1376 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1379 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1382 |> with_credentials(current_user.nickname, "test")
1383 |> post("/api/pleroma/change_password", %{
1385 "new_password" => "newpass",
1386 "new_password_confirmation" => "newpass"
1389 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1392 test "with credentials, valid password and new password and confirmation not matching", %{
1398 |> with_credentials(current_user.nickname, "test")
1399 |> post("/api/pleroma/change_password", %{
1400 "password" => "test",
1401 "new_password" => "newpass",
1402 "new_password_confirmation" => "notnewpass"
1405 assert json_response(conn, 200) == %{
1406 "error" => "New password does not match confirmation."
1410 test "with credentials, valid password and invalid new password", %{
1416 |> with_credentials(current_user.nickname, "test")
1417 |> post("/api/pleroma/change_password", %{
1418 "password" => "test",
1419 "new_password" => "",
1420 "new_password_confirmation" => ""
1423 assert json_response(conn, 200) == %{
1424 "error" => "New password can't be blank."
1428 test "with credentials, valid password and matching new password and confirmation", %{
1434 |> with_credentials(current_user.nickname, "test")
1435 |> post("/api/pleroma/change_password", %{
1436 "password" => "test",
1437 "new_password" => "newpass",
1438 "new_password_confirmation" => "newpass"
1441 assert json_response(conn, 200) == %{"status" => "success"}
1442 fetched_user = Repo.get(User, current_user.id)
1443 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1447 describe "POST /api/pleroma/delete_account" do
1450 test "without credentials", %{conn: conn} do
1451 conn = post(conn, "/api/pleroma/delete_account")
1452 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1455 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1458 |> with_credentials(current_user.nickname, "test")
1459 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1461 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1464 test "with credentials and valid password", %{conn: conn, user: current_user} do
1467 |> with_credentials(current_user.nickname, "test")
1468 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1470 assert json_response(conn, 200) == %{"status" => "success"}
1471 # Wait a second for the started task to end
1476 describe "GET /api/pleroma/friend_requests" do
1477 test "it lists friend requests" do
1478 user = insert(:user)
1479 other_user = insert(:user)
1481 {:ok, _activity} = ActivityPub.follow(other_user, user)
1483 user = Repo.get(User, user.id)
1484 other_user = Repo.get(User, other_user.id)
1486 assert User.following?(other_user, user) == false
1490 |> assign(:user, user)
1491 |> get("/api/pleroma/friend_requests")
1493 assert [relationship] = json_response(conn, 200)
1494 assert other_user.id == relationship["id"]
1498 describe "POST /api/pleroma/friendships/approve" do
1499 test "it approves a friend request" do
1500 user = insert(:user)
1501 other_user = insert(:user)
1503 {:ok, _activity} = ActivityPub.follow(other_user, user)
1505 user = Repo.get(User, user.id)
1506 other_user = Repo.get(User, other_user.id)
1508 assert User.following?(other_user, user) == false
1512 |> assign(:user, user)
1513 |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
1515 assert relationship = json_response(conn, 200)
1516 assert other_user.id == relationship["id"]
1517 assert relationship["follows_you"] == true
1521 describe "POST /api/pleroma/friendships/deny" do
1522 test "it denies a friend request" do
1523 user = insert(:user)
1524 other_user = insert(:user)
1526 {:ok, _activity} = ActivityPub.follow(other_user, user)
1528 user = Repo.get(User, user.id)
1529 other_user = Repo.get(User, other_user.id)
1531 assert User.following?(other_user, user) == false
1535 |> assign(:user, user)
1536 |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
1538 assert relationship = json_response(conn, 200)
1539 assert other_user.id == relationship["id"]
1540 assert relationship["follows_you"] == false
1544 describe "GET /api/pleroma/search_user" do
1545 test "it returns users, ordered by similarity", %{conn: conn} do
1546 user = insert(:user, %{name: "eal"})
1547 user_two = insert(:user, %{name: "ean"})
1548 user_three = insert(:user, %{name: "ebn"})
1552 |> get(twitter_api_search__path(conn, :search_user), query: "eal")
1553 |> json_response(200)
1555 assert length(resp) == 3
1556 assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1560 describe "POST /api/media/upload" do
1562 Pleroma.DataCase.ensure_local_uploader(context)
1565 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1568 user = insert(:user)
1570 upload_filename = "test/fixtures/image_tmp.jpg"
1571 File.cp!("test/fixtures/image.jpg", upload_filename)
1573 file = %Plug.Upload{
1574 content_type: "image/jpg",
1575 path: Path.absname(upload_filename),
1576 filename: "image.jpg"
1581 |> assign(:user, user)
1582 |> put_req_header("content-type", "application/octet-stream")
1583 |> post("/api/media/upload", %{
1586 |> json_response(:ok)
1588 assert response["media_id"]
1589 object = Repo.get(Object, response["media_id"])
1591 assert object.data["actor"] == User.ap_id(user)
1595 describe "POST /api/media/metadata/create" do
1597 object = insert(:note)
1598 user = User.get_by_ap_id(object.data["actor"])
1599 %{object: object, user: user}
1602 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1606 initial_description = object.data["name"]
1607 another_user = insert(:user)
1610 |> assign(:user, another_user)
1611 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1612 |> json_response(:forbidden)
1614 object = Repo.get(Object, object.id)
1615 assert object.data["name"] == initial_description
1618 test "it updates `data[name]` of referenced Object with provided value", %{
1623 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1626 |> assign(:user, user)
1627 |> post("/api/media/metadata/create", %{
1628 "media_id" => object.id,
1629 "alt_text" => %{"text" => description}
1631 |> json_response(:no_content)
1633 object = Repo.get(Object, object.id)
1634 assert object.data["name"] == description