1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
8 alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
9 alias Pleroma.{Repo, Activity, User, Object, Notification}
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.TwitterAPI.UserView
12 alias Pleroma.Web.TwitterAPI.NotificationView
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.TwitterAPI.TwitterAPI
18 import Pleroma.Factory
20 @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
22 describe "POST /api/account/update_profile_banner" do
23 test "it updates the banner", %{conn: conn} do
27 |> assign(:user, user)
28 |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
31 user = refresh_record(user)
32 assert user.info.banner["type"] == "Image"
36 describe "POST /api/qvitter/update_background_image" do
37 test "it updates the background", %{conn: conn} do
41 |> assign(:user, user)
42 |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
45 user = refresh_record(user)
46 assert user.info.background["type"] == "Image"
50 describe "POST /api/account/verify_credentials" do
53 test "without valid credentials", %{conn: conn} do
54 conn = post(conn, "/api/account/verify_credentials.json")
55 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
58 test "with credentials", %{conn: conn, user: user} do
61 |> with_credentials(user.nickname, "test")
62 |> post("/api/account/verify_credentials.json")
65 assert response == UserView.render("show.json", %{user: user, token: response["token"]})
69 describe "POST /statuses/update.json" do
72 test "without valid credentials", %{conn: conn} do
73 conn = post(conn, "/api/statuses/update.json")
74 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
77 test "with credentials", %{conn: conn, user: user} do
78 conn_with_creds = conn |> with_credentials(user.nickname, "test")
79 request_path = "/api/statuses/update.json"
82 "request" => request_path,
83 "error" => "Client must provide a 'status' parameter with a value."
90 assert json_response(conn, 400) == error_response
94 |> post(request_path, %{status: ""})
96 assert json_response(conn, 400) == error_response
100 |> post(request_path, %{status: " "})
102 assert json_response(conn, 400) == error_response
104 # we post with visibility private in order to avoid triggering relay
107 |> post(request_path, %{status: "Nice meme.", visibility: "private"})
109 assert json_response(conn, 200) ==
110 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user})
114 describe "GET /statuses/public_timeline.json" do
115 test "returns statuses", %{conn: conn} do
117 activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
118 ActivityBuilder.insert_list(10, %{}, %{user: user})
119 since_id = List.last(activities).id
123 |> get("/api/statuses/public_timeline.json", %{since_id: since_id})
125 response = json_response(conn, 200)
127 assert length(response) == 10
130 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
132 Application.get_env(:pleroma, :instance)
133 |> Keyword.put(:public, false)
135 Application.put_env(:pleroma, :instance, instance)
138 |> get("/api/statuses/public_timeline.json")
139 |> json_response(403)
142 Application.get_env(:pleroma, :instance)
143 |> Keyword.put(:public, true)
145 Application.put_env(:pleroma, :instance, instance)
148 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
150 |> get("/api/statuses/public_timeline.json")
151 |> json_response(200)
155 describe "GET /statuses/public_and_external_timeline.json" do
156 test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
158 Application.get_env(:pleroma, :instance)
159 |> Keyword.put(:public, false)
161 Application.put_env(:pleroma, :instance, instance)
164 |> get("/api/statuses/public_and_external_timeline.json")
165 |> json_response(403)
168 Application.get_env(:pleroma, :instance)
169 |> Keyword.put(:public, true)
171 Application.put_env(:pleroma, :instance, instance)
174 test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
176 |> get("/api/statuses/public_and_external_timeline.json")
177 |> json_response(200)
181 describe "GET /statuses/show/:id.json" do
182 test "returns one status", %{conn: conn} do
184 {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
185 actor = Repo.get_by!(User, ap_id: activity.data["actor"])
189 |> get("/api/statuses/show/#{activity.id}.json")
191 response = json_response(conn, 200)
193 assert response == ActivityRepresenter.to_map(activity, %{user: actor})
197 describe "GET /users/show.json" do
198 test "gets user with screen_name", %{conn: conn} do
203 |> get("/api/users/show.json", %{"screen_name" => user.nickname})
205 response = json_response(conn, 200)
207 assert response["id"] == user.id
210 test "gets user with user_id", %{conn: conn} do
215 |> get("/api/users/show.json", %{"user_id" => user.id})
217 response = json_response(conn, 200)
219 assert response["id"] == user.id
222 test "gets a user for a logged in user", %{conn: conn} do
224 logged_in = insert(:user)
226 {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})
230 |> with_credentials(logged_in.nickname, "test")
231 |> get("/api/users/show.json", %{"user_id" => user.id})
233 response = json_response(conn, 200)
235 assert response["following"] == true
239 describe "GET /statusnet/conversation/:id.json" do
240 test "returns the statuses in the conversation", %{conn: conn} do
241 {:ok, _user} = UserBuilder.insert()
242 {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
243 {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
244 {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
248 |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
250 response = json_response(conn, 200)
252 assert length(response) == 2
256 describe "GET /statuses/friends_timeline.json" do
259 test "without valid credentials", %{conn: conn} do
260 conn = get(conn, "/api/statuses/friends_timeline.json")
261 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
264 test "with credentials", %{conn: conn, user: current_user} do
268 ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})
270 returned_activities =
271 ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})
273 other_user = insert(:user)
274 ActivityBuilder.insert_list(10, %{}, %{user: other_user})
275 since_id = List.last(activities).id
278 Changeset.change(current_user, following: [User.ap_followers(user)])
283 |> with_credentials(current_user.nickname, "test")
284 |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})
286 response = json_response(conn, 200)
288 assert length(response) == 10
291 Enum.map(returned_activities, fn activity ->
292 ActivityRepresenter.to_map(activity, %{
293 user: User.get_cached_by_ap_id(activity.data["actor"]),
300 describe "GET /statuses/dm_timeline.json" do
301 test "it show direct messages", %{conn: conn} do
302 user_one = insert(:user)
303 user_two = insert(:user)
305 {:ok, user_two} = User.follow(user_two, user_one)
308 CommonAPI.post(user_one, %{
309 "status" => "Hi @#{user_two.nickname}!",
310 "visibility" => "direct"
314 CommonAPI.post(user_two, %{
315 "status" => "Hi @#{user_one.nickname}!",
316 "visibility" => "direct"
319 {:ok, _follower_only} =
320 CommonAPI.post(user_one, %{
321 "status" => "Hi @#{user_two.nickname}!",
322 "visibility" => "private"
325 # Only direct should be visible here
328 |> assign(:user, user_two)
329 |> get("/api/statuses/dm_timeline.json")
331 [status, status_two] = json_response(res_conn, 200)
332 assert status["id"] == direct_two.id
333 assert status_two["id"] == direct.id
337 describe "GET /statuses/mentions.json" do
340 test "without valid credentials", %{conn: conn} do
341 conn = get(conn, "/api/statuses/mentions.json")
342 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
345 test "with credentials", %{conn: conn, user: current_user} do
347 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
351 |> with_credentials(current_user.nickname, "test")
352 |> get("/api/statuses/mentions.json")
354 response = json_response(conn, 200)
356 assert length(response) == 1
358 assert Enum.at(response, 0) ==
359 ActivityRepresenter.to_map(activity, %{
361 mentioned: [current_user]
366 describe "GET /api/qvitter/statuses/notifications.json" do
369 test "without valid credentials", %{conn: conn} do
370 conn = get(conn, "/api/qvitter/statuses/notifications.json")
371 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
374 test "with credentials", %{conn: conn, user: current_user} do
375 other_user = insert(:user)
378 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
382 |> with_credentials(current_user.nickname, "test")
383 |> get("/api/qvitter/statuses/notifications.json")
385 response = json_response(conn, 200)
387 assert length(response) == 1
390 NotificationView.render("notification.json", %{
391 notifications: Notification.for_user(current_user),
397 describe "POST /api/qvitter/statuses/notifications/read" do
400 test "without valid credentials", %{conn: conn} do
401 conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
402 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
405 test "with credentials, without any params", %{conn: conn, user: current_user} do
408 |> with_credentials(current_user.nickname, "test")
409 |> post("/api/qvitter/statuses/notifications/read")
411 assert json_response(conn, 400) == %{
412 "error" => "You need to specify latest_id",
413 "request" => "/api/qvitter/statuses/notifications/read"
417 test "with credentials, with params", %{conn: conn, user: current_user} do
418 other_user = insert(:user)
421 ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
425 |> with_credentials(current_user.nickname, "test")
426 |> get("/api/qvitter/statuses/notifications.json")
428 [notification] = response = json_response(response_conn, 200)
430 assert length(response) == 1
432 assert notification["is_seen"] == 0
436 |> with_credentials(current_user.nickname, "test")
437 |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
439 [notification] = response = json_response(response_conn, 200)
441 assert length(response) == 1
443 assert notification["is_seen"] == 1
447 describe "GET /statuses/user_timeline.json" do
450 test "without any params", %{conn: conn} do
451 conn = get(conn, "/api/statuses/user_timeline.json")
453 assert json_response(conn, 400) == %{
454 "error" => "You need to specify screen_name or user_id",
455 "request" => "/api/statuses/user_timeline.json"
459 test "with user_id", %{conn: conn} do
461 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
463 conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
464 response = json_response(conn, 200)
465 assert length(response) == 1
466 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
469 test "with screen_name", %{conn: conn} do
471 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
473 conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
474 response = json_response(conn, 200)
475 assert length(response) == 1
476 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
479 test "with credentials", %{conn: conn, user: current_user} do
480 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
484 |> with_credentials(current_user.nickname, "test")
485 |> get("/api/statuses/user_timeline.json")
487 response = json_response(conn, 200)
489 assert length(response) == 1
490 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: current_user})
493 test "with credentials with user_id", %{conn: conn, user: current_user} do
495 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
499 |> with_credentials(current_user.nickname, "test")
500 |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
502 response = json_response(conn, 200)
504 assert length(response) == 1
505 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
508 test "with credentials screen_name", %{conn: conn, user: current_user} do
510 {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
514 |> with_credentials(current_user.nickname, "test")
515 |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
517 response = json_response(conn, 200)
519 assert length(response) == 1
520 assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
524 describe "POST /friendships/create.json" do
527 test "without valid credentials", %{conn: conn} do
528 conn = post(conn, "/api/friendships/create.json")
529 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
532 test "with credentials", %{conn: conn, user: current_user} do
533 followed = insert(:user)
537 |> with_credentials(current_user.nickname, "test")
538 |> post("/api/friendships/create.json", %{user_id: followed.id})
540 current_user = Repo.get(User, current_user.id)
541 assert User.ap_followers(followed) in current_user.following
543 assert json_response(conn, 200) ==
544 UserView.render("show.json", %{user: followed, for: current_user})
548 describe "POST /friendships/destroy.json" do
551 test "without valid credentials", %{conn: conn} do
552 conn = post(conn, "/api/friendships/destroy.json")
553 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
556 test "with credentials", %{conn: conn, user: current_user} do
557 followed = insert(:user)
559 {:ok, current_user} = User.follow(current_user, followed)
560 assert User.ap_followers(followed) in current_user.following
561 ActivityPub.follow(current_user, followed)
565 |> with_credentials(current_user.nickname, "test")
566 |> post("/api/friendships/destroy.json", %{user_id: followed.id})
568 current_user = Repo.get(User, current_user.id)
569 assert current_user.following == [current_user.ap_id]
571 assert json_response(conn, 200) ==
572 UserView.render("show.json", %{user: followed, for: current_user})
576 describe "POST /blocks/create.json" do
579 test "without valid credentials", %{conn: conn} do
580 conn = post(conn, "/api/blocks/create.json")
581 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
584 test "with credentials", %{conn: conn, user: current_user} do
585 blocked = insert(:user)
589 |> with_credentials(current_user.nickname, "test")
590 |> post("/api/blocks/create.json", %{user_id: blocked.id})
592 current_user = Repo.get(User, current_user.id)
593 assert User.blocks?(current_user, blocked)
595 assert json_response(conn, 200) ==
596 UserView.render("show.json", %{user: blocked, for: current_user})
600 describe "POST /blocks/destroy.json" do
603 test "without valid credentials", %{conn: conn} do
604 conn = post(conn, "/api/blocks/destroy.json")
605 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
608 test "with credentials", %{conn: conn, user: current_user} do
609 blocked = insert(:user)
611 {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
612 assert User.blocks?(current_user, blocked)
616 |> with_credentials(current_user.nickname, "test")
617 |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
619 current_user = Repo.get(User, current_user.id)
620 assert current_user.info.blocks == []
622 assert json_response(conn, 200) ==
623 UserView.render("show.json", %{user: blocked, for: current_user})
627 describe "GET /help/test.json" do
628 test "returns \"ok\"", %{conn: conn} do
629 conn = get(conn, "/api/help/test.json")
630 assert json_response(conn, 200) == "ok"
634 describe "POST /api/qvitter/update_avatar.json" do
637 test "without valid credentials", %{conn: conn} do
638 conn = post(conn, "/api/qvitter/update_avatar.json")
639 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
642 test "with credentials", %{conn: conn, user: current_user} do
643 avatar_image = File.read!("test/fixtures/avatar_data_uri")
647 |> with_credentials(current_user.nickname, "test")
648 |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
650 current_user = Repo.get(User, current_user.id)
651 assert is_map(current_user.avatar)
653 assert json_response(conn, 200) ==
654 UserView.render("show.json", %{user: current_user, for: current_user})
658 describe "GET /api/qvitter/mutes.json" do
661 test "unimplemented mutes without valid credentials", %{conn: conn} do
662 conn = get(conn, "/api/qvitter/mutes.json")
663 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
666 test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
669 |> with_credentials(current_user.nickname, "test")
670 |> get("/api/qvitter/mutes.json")
671 |> json_response(200)
677 describe "POST /api/favorites/create/:id" do
680 test "without valid credentials", %{conn: conn} do
681 note_activity = insert(:note_activity)
682 conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
683 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
686 test "with credentials", %{conn: conn, user: current_user} do
687 note_activity = insert(:note_activity)
691 |> with_credentials(current_user.nickname, "test")
692 |> post("/api/favorites/create/#{note_activity.id}.json")
694 assert json_response(conn, 200)
697 test "with credentials, invalid param", %{conn: conn, user: current_user} do
700 |> with_credentials(current_user.nickname, "test")
701 |> post("/api/favorites/create/wrong.json")
703 assert json_response(conn, 400)
706 test "with credentials, invalid activity", %{conn: conn, user: current_user} do
709 |> with_credentials(current_user.nickname, "test")
710 |> post("/api/favorites/create/1.json")
712 assert json_response(conn, 500)
716 describe "POST /api/favorites/destroy/:id" do
719 test "without valid credentials", %{conn: conn} do
720 note_activity = insert(:note_activity)
721 conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
722 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
725 test "with credentials", %{conn: conn, user: current_user} do
726 note_activity = insert(:note_activity)
727 object = Object.get_by_ap_id(note_activity.data["object"]["id"])
728 ActivityPub.like(current_user, object)
732 |> with_credentials(current_user.nickname, "test")
733 |> post("/api/favorites/destroy/#{note_activity.id}.json")
735 assert json_response(conn, 200)
739 describe "POST /api/statuses/retweet/:id" do
742 test "without valid credentials", %{conn: conn} do
743 note_activity = insert(:note_activity)
744 conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
745 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
748 test "with credentials", %{conn: conn, user: current_user} do
749 note_activity = insert(:note_activity)
751 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
755 |> with_credentials(current_user.nickname, "test")
756 |> post(request_path)
758 activity = Repo.get(Activity, note_activity.id)
759 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
761 assert json_response(response, 200) ==
762 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
766 describe "POST /api/statuses/unretweet/:id" do
769 test "without valid credentials", %{conn: conn} do
770 note_activity = insert(:note_activity)
771 conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
772 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
775 test "with credentials", %{conn: conn, user: current_user} do
776 note_activity = insert(:note_activity)
778 request_path = "/api/statuses/retweet/#{note_activity.id}.json"
782 |> with_credentials(current_user.nickname, "test")
783 |> post(request_path)
785 request_path = String.replace(request_path, "retweet", "unretweet")
789 |> with_credentials(current_user.nickname, "test")
790 |> post(request_path)
792 activity = Repo.get(Activity, note_activity.id)
793 activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
795 assert json_response(response, 200) ==
796 ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
800 describe "POST /api/account/register" do
801 test "it creates a new user", %{conn: conn} do
803 "nickname" => "lain",
804 "email" => "lain@wired.jp",
805 "fullname" => "lain iwakura",
806 "bio" => "close the world.",
807 "password" => "bear",
813 |> post("/api/account/register", data)
815 user = json_response(conn, 200)
817 fetched_user = Repo.get_by(User, nickname: "lain")
818 assert user == UserView.render("show.json", %{user: fetched_user})
821 test "it returns errors on a problem", %{conn: conn} do
823 "email" => "lain@wired.jp",
824 "fullname" => "lain iwakura",
825 "bio" => "close the world.",
826 "password" => "bear",
832 |> post("/api/account/register", data)
834 errors = json_response(conn, 400)
836 assert is_binary(errors["error"])
840 describe "POST /api/account/password_reset, with valid parameters" do
841 setup %{conn: conn} do
843 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
844 %{conn: conn, user: user}
847 test "it returns 204", %{conn: conn} do
848 assert json_response(conn, :no_content)
851 test "it creates a PasswordResetToken record for user", %{user: user} do
852 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
856 test "it sends an email to user", %{user: user} do
857 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
859 Swoosh.TestAssertions.assert_email_sent(
860 Pleroma.UserEmail.password_reset_email(user, token_record.token)
865 describe "POST /api/account/password_reset, with invalid parameters" do
868 test "it returns 500 when user is not found", %{conn: conn, user: user} do
869 conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
870 assert json_response(conn, :internal_server_error)
873 test "it returns 500 when user is not local", %{conn: conn, user: user} do
874 {:ok, user} = Repo.update(Changeset.change(user, local: false))
875 conn = post(conn, "/api/account/password_reset?email=#{user.email}")
876 assert json_response(conn, :internal_server_error)
880 describe "GET /api/account/confirm_email/:id/:token" do
883 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
887 |> Changeset.change()
888 |> Changeset.put_embed(:info, info_change)
891 assert user.info.confirmation_pending
896 test "it redirects to root url", %{conn: conn, user: user} do
897 conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
899 assert 302 == conn.status
902 test "it confirms the user account", %{conn: conn, user: user} do
903 get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
905 user = Repo.get(User, user.id)
907 refute user.info.confirmation_pending
908 refute user.info.confirmation_token
911 test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
912 conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
914 assert 500 == conn.status
917 test "it returns 500 if token is invalid", %{conn: conn, user: user} do
918 conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
920 assert 500 == conn.status
924 describe "POST /api/account/resend_confirmation_email" do
926 setting = Pleroma.Config.get([:instance, :account_activation_required])
929 Pleroma.Config.put([:instance, :account_activation_required], true)
930 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
934 info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
938 |> Changeset.change()
939 |> Changeset.put_embed(:info, info_change)
942 assert user.info.confirmation_pending
947 test "it returns 204 No Content", %{conn: conn, user: user} do
949 |> assign(:user, user)
950 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
951 |> json_response(:no_content)
954 test "it sends confirmation email", %{conn: conn, user: user} do
956 |> assign(:user, user)
957 |> post("/api/account/resend_confirmation_email?email=#{user.email}")
959 Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
963 describe "GET /api/externalprofile/show" do
964 test "it returns the user", %{conn: conn} do
966 other_user = insert(:user)
970 |> assign(:user, user)
971 |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
973 assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
977 describe "GET /api/statuses/followers" do
978 test "it returns a user's followers", %{conn: conn} do
980 follower_one = insert(:user)
981 follower_two = insert(:user)
982 _not_follower = insert(:user)
984 {:ok, follower_one} = User.follow(follower_one, user)
985 {:ok, follower_two} = User.follow(follower_two, user)
989 |> assign(:user, user)
990 |> get("/api/statuses/followers")
992 expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
993 result = json_response(conn, 200)
994 assert Enum.sort(expected) == Enum.sort(result)
997 test "it returns a given user's followers with user_id", %{conn: conn} do
999 follower_one = insert(:user)
1000 follower_two = insert(:user)
1001 not_follower = insert(:user)
1003 {:ok, follower_one} = User.follow(follower_one, user)
1004 {:ok, follower_two} = User.follow(follower_two, user)
1008 |> assign(:user, not_follower)
1009 |> get("/api/statuses/followers", %{"user_id" => user.id})
1011 assert MapSet.equal?(
1012 MapSet.new(json_response(conn, 200)),
1014 UserView.render("index.json", %{
1015 users: [follower_one, follower_two],
1022 test "it returns empty for a hidden network", %{conn: conn} do
1023 user = insert(:user, %{info: %{hide_network: true}})
1024 follower_one = insert(:user)
1025 follower_two = insert(:user)
1026 not_follower = insert(:user)
1028 {:ok, _follower_one} = User.follow(follower_one, user)
1029 {:ok, _follower_two} = User.follow(follower_two, user)
1033 |> assign(:user, not_follower)
1034 |> get("/api/statuses/followers", %{"user_id" => user.id})
1035 |> json_response(200)
1037 assert [] == response
1040 test "it returns the followers for a hidden network if requested by the user themselves", %{
1043 user = insert(:user, %{info: %{hide_network: true}})
1044 follower_one = insert(:user)
1045 follower_two = insert(:user)
1046 _not_follower = insert(:user)
1048 {:ok, _follower_one} = User.follow(follower_one, user)
1049 {:ok, _follower_two} = User.follow(follower_two, user)
1053 |> assign(:user, user)
1054 |> get("/api/statuses/followers", %{"user_id" => user.id})
1056 refute [] == json_response(conn, 200)
1060 describe "GET /api/statuses/friends" do
1061 test "it returns the logged in user's friends", %{conn: conn} do
1062 user = insert(:user)
1063 followed_one = insert(:user)
1064 followed_two = insert(:user)
1065 _not_followed = insert(:user)
1067 {:ok, user} = User.follow(user, followed_one)
1068 {:ok, user} = User.follow(user, followed_two)
1072 |> assign(:user, user)
1073 |> get("/api/statuses/friends")
1075 expected = UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1076 result = json_response(conn, 200)
1077 assert Enum.sort(expected) == Enum.sort(result)
1080 test "it returns a given user's friends with user_id", %{conn: conn} do
1081 user = insert(:user)
1082 followed_one = insert(:user)
1083 followed_two = insert(:user)
1084 _not_followed = insert(:user)
1086 {:ok, user} = User.follow(user, followed_one)
1087 {:ok, user} = User.follow(user, followed_two)
1091 |> assign(:user, user)
1092 |> get("/api/statuses/friends", %{"user_id" => user.id})
1094 assert MapSet.equal?(
1095 MapSet.new(json_response(conn, 200)),
1097 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1102 test "it returns empty for a hidden network", %{conn: conn} do
1103 user = insert(:user, %{info: %{hide_network: true}})
1104 followed_one = insert(:user)
1105 followed_two = insert(:user)
1106 not_followed = insert(:user)
1108 {:ok, user} = User.follow(user, followed_one)
1109 {:ok, user} = User.follow(user, followed_two)
1113 |> assign(:user, not_followed)
1114 |> get("/api/statuses/friends", %{"user_id" => user.id})
1116 assert [] == json_response(conn, 200)
1119 test "it returns friends for a hidden network if the user themselves request it", %{
1122 user = insert(:user, %{info: %{hide_network: true}})
1123 followed_one = insert(:user)
1124 followed_two = insert(:user)
1125 _not_followed = insert(:user)
1127 {:ok, _user} = User.follow(user, followed_one)
1128 {:ok, _user} = User.follow(user, followed_two)
1132 |> assign(:user, user)
1133 |> get("/api/statuses/friends", %{"user_id" => user.id})
1134 |> json_response(200)
1136 refute [] == response
1139 test "it returns a given user's friends with screen_name", %{conn: conn} do
1140 user = insert(:user)
1141 followed_one = insert(:user)
1142 followed_two = insert(:user)
1143 _not_followed = insert(:user)
1145 {:ok, user} = User.follow(user, followed_one)
1146 {:ok, user} = User.follow(user, followed_two)
1150 |> assign(:user, user)
1151 |> get("/api/statuses/friends", %{"screen_name" => user.nickname})
1153 assert MapSet.equal?(
1154 MapSet.new(json_response(conn, 200)),
1156 UserView.render("index.json", %{users: [followed_one, followed_two], for: user})
1162 describe "GET /friends/ids" do
1163 test "it returns a user's friends", %{conn: conn} do
1164 user = insert(:user)
1165 followed_one = insert(:user)
1166 followed_two = insert(:user)
1167 _not_followed = insert(:user)
1169 {:ok, user} = User.follow(user, followed_one)
1170 {:ok, user} = User.follow(user, followed_two)
1174 |> assign(:user, user)
1175 |> get("/api/friends/ids")
1177 expected = [followed_one.id, followed_two.id]
1179 assert MapSet.equal?(
1180 MapSet.new(Poison.decode!(json_response(conn, 200))),
1181 MapSet.new(expected)
1186 describe "POST /api/account/update_profile.json" do
1187 test "it updates a user's profile", %{conn: conn} do
1188 user = insert(:user)
1189 user2 = insert(:user)
1193 |> assign(:user, user)
1194 |> post("/api/account/update_profile.json", %{
1195 "name" => "new name",
1196 "description" => "hi @#{user2.nickname}"
1199 user = Repo.get!(User, user.id)
1200 assert user.name == "new name"
1203 "hi <span><a data-user='#{user2.id}' class='mention' href='#{user2.ap_id}'>@<span>#{
1205 }</span></a></span>"
1207 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1210 test "it sets and un-sets hide_network", %{conn: conn} do
1211 user = insert(:user)
1214 |> assign(:user, user)
1215 |> post("/api/account/update_profile.json", %{
1216 "hide_network" => "true"
1219 user = Repo.get!(User, user.id)
1220 assert user.info.hide_network == true
1224 |> assign(:user, user)
1225 |> post("/api/account/update_profile.json", %{
1226 "hide_network" => "false"
1229 user = Repo.get!(User, user.id)
1230 assert user.info.hide_network == false
1231 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1234 test "it locks an account", %{conn: conn} do
1235 user = insert(:user)
1239 |> assign(:user, user)
1240 |> post("/api/account/update_profile.json", %{
1244 user = Repo.get!(User, user.id)
1245 assert user.info.locked == true
1247 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1250 test "it unlocks an account", %{conn: conn} do
1251 user = insert(:user)
1255 |> assign(:user, user)
1256 |> post("/api/account/update_profile.json", %{
1260 user = Repo.get!(User, user.id)
1261 assert user.info.locked == false
1263 assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
1267 defp valid_user(_context) do
1268 user = insert(:user)
1272 defp with_credentials(conn, username, password) do
1273 header_content = "Basic " <> Base.encode64("#{username}:#{password}")
1274 put_req_header(conn, "authorization", header_content)
1277 describe "GET /api/search.json" do
1278 test "it returns search results", %{conn: conn} do
1279 user = insert(:user)
1280 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1282 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
1283 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1287 |> get("/api/search.json", %{"q" => "2hu", "page" => "1", "rpp" => "1"})
1289 assert [status] = json_response(conn, 200)
1290 assert status["id"] == activity.id
1294 describe "GET /api/statusnet/tags/timeline/:tag.json" do
1295 test "it returns the tags timeline", %{conn: conn} do
1296 user = insert(:user)
1297 user_two = insert(:user, %{nickname: "shp@shitposter.club"})
1299 {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about #2hu"})
1300 {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
1304 |> get("/api/statusnet/tags/timeline/2hu.json")
1306 assert [status] = json_response(conn, 200)
1307 assert status["id"] == activity.id
1311 test "Convert newlines to <br> in bio", %{conn: conn} do
1312 user = insert(:user)
1316 |> assign(:user, user)
1317 |> post("/api/account/update_profile.json", %{
1318 "description" => "Hello,\r\nWorld! I\n am a test."
1321 user = Repo.get!(User, user.id)
1322 assert user.bio == "Hello,<br>World! I<br> am a test."
1325 describe "POST /api/pleroma/change_password" do
1328 test "without credentials", %{conn: conn} do
1329 conn = post(conn, "/api/pleroma/change_password")
1330 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1333 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1336 |> with_credentials(current_user.nickname, "test")
1337 |> post("/api/pleroma/change_password", %{
1339 "new_password" => "newpass",
1340 "new_password_confirmation" => "newpass"
1343 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1346 test "with credentials, valid password and new password and confirmation not matching", %{
1352 |> with_credentials(current_user.nickname, "test")
1353 |> post("/api/pleroma/change_password", %{
1354 "password" => "test",
1355 "new_password" => "newpass",
1356 "new_password_confirmation" => "notnewpass"
1359 assert json_response(conn, 200) == %{
1360 "error" => "New password does not match confirmation."
1364 test "with credentials, valid password and invalid new password", %{
1370 |> with_credentials(current_user.nickname, "test")
1371 |> post("/api/pleroma/change_password", %{
1372 "password" => "test",
1373 "new_password" => "",
1374 "new_password_confirmation" => ""
1377 assert json_response(conn, 200) == %{
1378 "error" => "New password can't be blank."
1382 test "with credentials, valid password and matching new password and confirmation", %{
1388 |> with_credentials(current_user.nickname, "test")
1389 |> post("/api/pleroma/change_password", %{
1390 "password" => "test",
1391 "new_password" => "newpass",
1392 "new_password_confirmation" => "newpass"
1395 assert json_response(conn, 200) == %{"status" => "success"}
1396 fetched_user = Repo.get(User, current_user.id)
1397 assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
1401 describe "POST /api/pleroma/delete_account" do
1404 test "without credentials", %{conn: conn} do
1405 conn = post(conn, "/api/pleroma/delete_account")
1406 assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
1409 test "with credentials and invalid password", %{conn: conn, user: current_user} do
1412 |> with_credentials(current_user.nickname, "test")
1413 |> post("/api/pleroma/delete_account", %{"password" => "hi"})
1415 assert json_response(conn, 200) == %{"error" => "Invalid password."}
1418 test "with credentials and valid password", %{conn: conn, user: current_user} do
1421 |> with_credentials(current_user.nickname, "test")
1422 |> post("/api/pleroma/delete_account", %{"password" => "test"})
1424 assert json_response(conn, 200) == %{"status" => "success"}
1425 # Wait a second for the started task to end
1430 describe "GET /api/pleroma/friend_requests" do
1431 test "it lists friend requests" do
1432 user = insert(:user)
1433 other_user = insert(:user)
1435 {:ok, _activity} = ActivityPub.follow(other_user, user)
1437 user = Repo.get(User, user.id)
1438 other_user = Repo.get(User, other_user.id)
1440 assert User.following?(other_user, user) == false
1444 |> assign(:user, user)
1445 |> get("/api/pleroma/friend_requests")
1447 assert [relationship] = json_response(conn, 200)
1448 assert other_user.id == relationship["id"]
1452 describe "POST /api/pleroma/friendships/approve" do
1453 test "it approves a friend request" do
1454 user = insert(:user)
1455 other_user = insert(:user)
1457 {:ok, _activity} = ActivityPub.follow(other_user, user)
1459 user = Repo.get(User, user.id)
1460 other_user = Repo.get(User, other_user.id)
1462 assert User.following?(other_user, user) == false
1466 |> assign(:user, user)
1467 |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
1469 assert relationship = json_response(conn, 200)
1470 assert other_user.id == relationship["id"]
1471 assert relationship["follows_you"] == true
1475 describe "POST /api/pleroma/friendships/deny" do
1476 test "it denies a friend request" do
1477 user = insert(:user)
1478 other_user = insert(:user)
1480 {:ok, _activity} = ActivityPub.follow(other_user, user)
1482 user = Repo.get(User, user.id)
1483 other_user = Repo.get(User, other_user.id)
1485 assert User.following?(other_user, user) == false
1489 |> assign(:user, user)
1490 |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
1492 assert relationship = json_response(conn, 200)
1493 assert other_user.id == relationship["id"]
1494 assert relationship["follows_you"] == false
1498 describe "GET /api/pleroma/search_user" do
1499 test "it returns users, ordered by similarity", %{conn: conn} do
1500 user = insert(:user, %{name: "eal"})
1501 user_two = insert(:user, %{name: "ean"})
1502 user_three = insert(:user, %{name: "ebn"})
1506 |> get(twitter_api_search__path(conn, :search_user), query: "eal")
1507 |> json_response(200)
1509 assert length(resp) == 3
1510 assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end)
1514 describe "POST /api/media/upload" do
1516 Pleroma.DataCase.ensure_local_uploader(context)
1519 test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{
1522 user = insert(:user)
1524 upload_filename = "test/fixtures/image_tmp.jpg"
1525 File.cp!("test/fixtures/image.jpg", upload_filename)
1527 file = %Plug.Upload{
1528 content_type: "image/jpg",
1529 path: Path.absname(upload_filename),
1530 filename: "image.jpg"
1535 |> assign(:user, user)
1536 |> put_req_header("content-type", "application/octet-stream")
1537 |> post("/api/media/upload", %{
1540 |> json_response(:ok)
1542 assert response["media_id"]
1543 object = Repo.get(Object, response["media_id"])
1545 assert object.data["actor"] == User.ap_id(user)
1549 describe "POST /api/media/metadata/create" do
1551 object = insert(:note)
1552 user = User.get_by_ap_id(object.data["actor"])
1553 %{object: object, user: user}
1556 test "it returns :forbidden status on attempt to modify someone else's upload", %{
1560 initial_description = object.data["name"]
1561 another_user = insert(:user)
1564 |> assign(:user, another_user)
1565 |> post("/api/media/metadata/create", %{"media_id" => object.id})
1566 |> json_response(:forbidden)
1568 object = Repo.get(Object, object.id)
1569 assert object.data["name"] == initial_description
1572 test "it updates `data[name]` of referenced Object with provided value", %{
1577 description = "Informative description of the image. Initial value: #{object.data["name"]}}"
1580 |> assign(:user, user)
1581 |> post("/api/media/metadata/create", %{
1582 "media_id" => object.id,
1583 "alt_text" => %{"text" => description}
1585 |> json_response(:no_content)
1587 object = Repo.get(Object, object.id)
1588 assert object.data["name"] == description