implement Move activities (#45)

[akkoma] / test / pleroma / web / twitter_api / util_controller_test.exs
diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs

index 283c616780636a1b57d0310f4727f74c41b78abe..fb7da93f8fd6c0ab28986c88ee252670e5f7e342 100644 (file)
--- a/test/pleroma/web/twitter_api/util_controller_test.exs
+++ b/test/pleroma/web/twitter_api/util_controller_test.exs
@@ -6,7 +6,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
    use Pleroma.Web.ConnCase
    use Oban.Testing, repo: Pleroma.Repo
  
-  alias Pleroma.Config
    alias Pleroma.Tests.ObanHelpers
    alias Pleroma.User
  
@@ -26,11 +25,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
  
      test "it updates notification settings", %{user: user, conn: conn} do
        conn
-      |> put("/api/pleroma/notification_settings", %{
-        "block_from_strangers" => true,
-        "bar" => 1
-      })
-      |> json_response(:ok)
+      |> put(
+        "/api/pleroma/notification_settings?#{URI.encode_query(%{block_from_strangers: true})}"
+      )
+      |> json_response_and_validate_schema(:ok)
  
        user = refresh_record(user)
  
@@ -42,8 +40,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
  
      test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
        conn
-      |> put("/api/pleroma/notification_settings", %{"hide_notification_contents" => "1"})
-      |> json_response(:ok)
+      |> put(
+        "/api/pleroma/notification_settings?#{URI.encode_query(%{hide_notification_contents: 1})}"
+      )
+      |> json_response_and_validate_schema(:ok)
  
        user = refresh_record(user)
  
@@ -66,12 +66,12 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
          }
        ]
  
-      Config.put(:frontend_configurations, config)
+      clear_config(:frontend_configurations, config)
  
        response =
          conn
          |> get("/api/pleroma/frontend_configurations")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)
  
        assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
      end
@@ -82,7 +82,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        emoji =
          conn
          |> get("/api/pleroma/emoji")
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
  
        assert Enum.all?(emoji, fn
                 {_key,
@@ -99,25 +99,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
      setup do: clear_config([:instance, :healthcheck])
  
      test "returns 503 when healthcheck disabled", %{conn: conn} do
-      Config.put([:instance, :healthcheck], false)
+      clear_config([:instance, :healthcheck], false)
  
        response =
          conn
          |> get("/api/pleroma/healthcheck")
-        |> json_response(503)
+        |> json_response_and_validate_schema(503)
  
        assert response == %{}
      end
  
      test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
-      Config.put([:instance, :healthcheck], true)
+      clear_config([:instance, :healthcheck], true)
  
        with_mock Pleroma.Healthcheck,
          system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
          response =
            conn
            |> get("/api/pleroma/healthcheck")
-          |> json_response(200)
+          |> json_response_and_validate_schema(200)
  
          assert %{
                   "active" => _,
@@ -130,14 +130,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
      end
  
      test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
-      Config.put([:instance, :healthcheck], true)
+      clear_config([:instance, :healthcheck], true)
  
        with_mock Pleroma.Healthcheck,
          system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
          response =
            conn
            |> get("/api/pleroma/healthcheck")
-          |> json_response(503)
+          |> json_response_and_validate_schema(503)
  
          assert %{
                   "active" => _,
@@ -156,8 +156,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
      test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
        response =
          conn
-        |> post("/api/pleroma/disable_account", %{"password" => "test"})
-        |> json_response(:ok)
+        |> post("/api/pleroma/disable_account?password=test")
+        |> json_response_and_validate_schema(:ok)
  
        assert response == %{"status" => "success"}
        ObanHelpers.perform_all()
@@ -172,8 +172,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
  
        response =
          conn
-        |> post("/api/pleroma/disable_account", %{"password" => "test1"})
-        |> json_response(:ok)
+        |> post("/api/pleroma/disable_account?password=test1")
+        |> json_response_and_validate_schema(:ok)
  
        assert response == %{"error" => "Invalid password."}
        user = User.get_cached_by_id(user.id)
@@ -253,54 +253,93 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        conn =
          conn
          |> assign(:token, nil)
-        |> post("/api/pleroma/change_email")
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
  
-      assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
+      assert json_response_and_validate_schema(conn, 403) == %{
+               "error" => "Insufficient permissions: write:accounts."
+             }
      end
  
      test "with proper permissions and invalid password", %{conn: conn} do
        conn =
-        post(conn, "/api/pleroma/change_email", %{
-          "password" => "hi",
-          "email" => "test@test.com"
-        })
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
  
-      assert json_response(conn, 200) == %{"error" => "Invalid password."}
+      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
      end
  
      test "with proper permissions, valid password and invalid email", %{
        conn: conn
      } do
        conn =
-        post(conn, "/api/pleroma/change_email", %{
-          "password" => "test",
-          "email" => "foobar"
-        })
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
  
-      assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
+      assert json_response_and_validate_schema(conn, 200) == %{
+               "error" => "Email has invalid format."
+             }
      end
  
      test "with proper permissions, valid password and no email", %{
        conn: conn
      } do
        conn =
-        post(conn, "/api/pleroma/change_email", %{
-          "password" => "test"
-        })
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "test"})
  
-      assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
+      assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
      end
  
-    test "with proper permissions, valid password and blank email", %{
-      conn: conn
-    } do
+    test "with proper permissions, valid password and blank email, when instance requires user email",
+         %{
+           conn: conn
+         } do
+      orig_account_activation_required =
+        Pleroma.Config.get([:instance, :account_activation_required])
+
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put(
+          [:instance, :account_activation_required],
+          orig_account_activation_required
+        )
+      end)
+
        conn =
-        post(conn, "/api/pleroma/change_email", %{
-          "password" => "test",
-          "email" => ""
-        })
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "test", email: ""})
+
+      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
+    end
+
+    test "with proper permissions, valid password and blank email, when instance does not require user email",
+         %{
+           conn: conn
+         } do
+      orig_account_activation_required =
+        Pleroma.Config.get([:instance, :account_activation_required])
+
+      Pleroma.Config.put([:instance, :account_activation_required], false)
+
+      on_exit(fn ->
+        Pleroma.Config.put(
+          [:instance, :account_activation_required],
+          orig_account_activation_required
+        )
+      end)
  
-      assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "test", email: ""})
+
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
      end
  
      test "with proper permissions, valid password and non unique email", %{
@@ -309,24 +348,24 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        user = insert(:user)
  
        conn =
-        post(conn, "/api/pleroma/change_email", %{
-          "password" => "test",
-          "email" => user.email
-        })
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
  
-      assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
+      assert json_response_and_validate_schema(conn, 200) == %{
+               "error" => "Email has already been taken."
+             }
      end
  
      test "with proper permissions, valid password and valid email", %{
        conn: conn
      } do
        conn =
-        post(conn, "/api/pleroma/change_email", %{
-          "password" => "test",
-          "email" => "cofe@foobar.com"
-        })
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
  
-      assert json_response(conn, 200) == %{"status" => "success"}
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
      end
    end
  
@@ -337,20 +376,29 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        conn =
          conn
          |> assign(:token, nil)
-        |> post("/api/pleroma/change_password")
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_password", %{
+          "password" => "hi",
+          "new_password" => "newpass",
+          "new_password_confirmation" => "newpass"
+        })
  
-      assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
+      assert json_response_and_validate_schema(conn, 403) == %{
+               "error" => "Insufficient permissions: write:accounts."
+             }
      end
  
      test "with proper permissions and invalid password", %{conn: conn} do
        conn =
-        post(conn, "/api/pleroma/change_password", %{
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_password", %{
            "password" => "hi",
            "new_password" => "newpass",
            "new_password_confirmation" => "newpass"
          })
  
-      assert json_response(conn, 200) == %{"error" => "Invalid password."}
+      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
      end
  
      test "with proper permissions, valid password and new password and confirmation not matching",
@@ -358,13 +406,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
             conn: conn
           } do
        conn =
-        post(conn, "/api/pleroma/change_password", %{
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_password", %{
            "password" => "test",
            "new_password" => "newpass",
            "new_password_confirmation" => "notnewpass"
          })
  
-      assert json_response(conn, 200) == %{
+      assert json_response_and_validate_schema(conn, 200) == %{
                 "error" => "New password does not match confirmation."
               }
      end
@@ -373,13 +423,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        conn: conn
      } do
        conn =
-        post(conn, "/api/pleroma/change_password", %{
-          "password" => "test",
-          "new_password" => "",
-          "new_password_confirmation" => ""
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/change_password", %{
+          password: "test",
+          new_password: "",
+          new_password_confirmation: ""
          })
  
-      assert json_response(conn, 200) == %{
+      assert json_response_and_validate_schema(conn, 200) == %{
                 "error" => "New password can't be blank."
               }
      end
@@ -389,13 +441,18 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        user: user
      } do
        conn =
-        post(conn, "/api/pleroma/change_password", %{
-          "password" => "test",
-          "new_password" => "newpass",
-          "new_password_confirmation" => "newpass"
-        })
-
-      assert json_response(conn, 200) == %{"status" => "success"}
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post(
+          "/api/pleroma/change_password",
+          %{
+            password: "test",
+            new_password: "newpass",
+            new_password_confirmation: "newpass"
+          }
+        )
+
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
        fetched_user = User.get_cached_by_id(user.id)
        assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
      end
@@ -410,22 +467,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
          |> assign(:token, nil)
          |> post("/api/pleroma/delete_account")
  
-      assert json_response(conn, 403) ==
+      assert json_response_and_validate_schema(conn, 403) ==
                 %{"error" => "Insufficient permissions: write:accounts."}
      end
  
      test "with proper permissions and wrong or missing password", %{conn: conn} do
        for params <- [%{"password" => "hi"}, %{}] do
-        ret_conn = post(conn, "/api/pleroma/delete_account", params)
+        ret_conn =
+          conn
+          |> put_req_header("content-type", "application/json")
+          |> post("/api/pleroma/delete_account", params)
  
-        assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
+        assert json_response_and_validate_schema(ret_conn, 200) == %{
+                 "error" => "Invalid password."
+               }
        end
      end
  
-    test "with proper permissions and valid password", %{conn: conn, user: user} do
-      conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
+    test "with proper permissions and valid password (URL query)", %{conn: conn, user: user} do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/pleroma/delete_account?password=test")
+
        ObanHelpers.perform_all()
-      assert json_response(conn, 200) == %{"status" => "success"}
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
  
        user = User.get_by_id(user.id)
        refute user.is_active
@@ -433,5 +499,388 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        assert user.bio == ""
        assert user.password_hash == nil
      end
+
+    test "with proper permissions and valid password (JSON body)", %{conn: conn, user: user} do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/pleroma/delete_account", %{password: "test"})
+
+      ObanHelpers.perform_all()
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
+
+      user = User.get_by_id(user.id)
+      refute user.is_active
+      assert user.name == nil
+      assert user.bio == ""
+      assert user.password_hash == nil
+    end
+  end
+
+  describe "POST /api/pleroma/move_account" do
+    setup do: oauth_access(["write:accounts"])
+
+    test "without permissions", %{conn: conn} do
+      target_user = insert(:user)
+      target_nick = target_user |> User.full_nickname()
+
+      conn =
+        conn
+        |> assign(:token, nil)
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "hi",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 403) == %{
+               "error" => "Insufficient permissions: write:accounts."
+             }
+    end
+
+    test "with proper permissions and invalid password", %{conn: conn} do
+      target_user = insert(:user)
+      target_nick = target_user |> User.full_nickname()
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "hi",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
+    end
+
+    test "with proper permissions, valid password and target account does not alias this",
+         %{
+           conn: conn
+         } do
+      target_user = insert(:user)
+      target_nick = target_user |> User.full_nickname()
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "test",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 200) == %{
+               "error" => "Target account must have the origin in `alsoKnownAs`"
+             }
+    end
+
+    test "with proper permissions, valid password and target account does not exist",
+         %{
+           conn: conn
+         } do
+      target_nick = "not_found@mastodon.social"
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "test",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 404) == %{
+               "error" => "Target account not found."
+             }
+    end
+
+    test "with proper permissions, valid password, remote target account aliases this and local cache does not exist",
+         %{} do
+      user = insert(:user, ap_id: "https://lm.kazv.moe/users/testuser")
+      %{user: _user, conn: conn} = oauth_access(["write:accounts"], user: user)
+
+      target_nick = "mewmew@lm.kazv.moe"
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "test",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
+    end
+
+    test "with proper permissions, valid password, remote target account aliases this and local cache does not alias this",
+         %{} do
+      user = insert(:user, ap_id: "https://lm.kazv.moe/users/testuser")
+      %{user: _user, conn: conn} = oauth_access(["write:accounts"], user: user)
+
+      target_user =
+        insert(
+          :user,
+          ap_id: "https://lm.kazv.moe/users/mewmew",
+          nickname: "mewmew@lm.kazv.moe",
+          local: false
+        )
+
+      target_nick = target_user |> User.full_nickname()
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "test",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
+    end
+
+    test "with proper permissions, valid password, remote target account does not alias this and local cache aliases this",
+         %{
+           user: user,
+           conn: conn
+         } do
+      target_user =
+        insert(
+          :user,
+          ap_id: "https://lm.kazv.moe/users/mewmew",
+          nickname: "mewmew@lm.kazv.moe",
+          local: false,
+          also_known_as: [user.ap_id]
+        )
+
+      target_nick = target_user |> User.full_nickname()
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/pleroma/move_account", %{
+          "password" => "test",
+          "target_account" => target_nick
+        })
+
+      assert json_response_and_validate_schema(conn, 200) == %{
+               "error" => "Target account must have the origin in `alsoKnownAs`"
+             }
+    end
+
+    test "with proper permissions, valid password and target account aliases this", %{
+      conn: conn,
+      user: user
+    } do
+      target_user = insert(:user, also_known_as: [user.ap_id])
+      target_nick = target_user |> User.full_nickname()
+      follower = insert(:user)
+
+      User.follow(follower, user)
+
+      assert User.following?(follower, user)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post(
+          "/api/pleroma/move_account",
+          %{
+            password: "test",
+            target_account: target_nick
+          }
+        )
+
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
+
+      params = %{
+        "op" => "move_following",
+        "origin_id" => user.id,
+        "target_id" => target_user.id
+      }
+
+      assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)
+
+      Pleroma.Workers.BackgroundWorker.perform(%Oban.Job{args: params})
+
+      refute User.following?(follower, user)
+      assert User.following?(follower, target_user)
+    end
+
+    test "prefix nickname by @ should work", %{
+      conn: conn,
+      user: user
+    } do
+      target_user = insert(:user, also_known_as: [user.ap_id])
+      target_nick = target_user |> User.full_nickname()
+      follower = insert(:user)
+
+      User.follow(follower, user)
+
+      assert User.following?(follower, user)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post(
+          "/api/pleroma/move_account",
+          %{
+            password: "test",
+            target_account: "@" <> target_nick
+          }
+        )
+
+      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
+
+      params = %{
+        "op" => "move_following",
+        "origin_id" => user.id,
+        "target_id" => target_user.id
+      }
+
+      assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)
+
+      Pleroma.Workers.BackgroundWorker.perform(%Oban.Job{args: params})
+
+      refute User.following?(follower, user)
+      assert User.following?(follower, target_user)
+    end
+  end
+
+  describe "GET /api/pleroma/aliases" do
+    setup do: oauth_access(["read:accounts"])
+
+    test "without permissions", %{conn: conn} do
+      conn =
+        conn
+        |> assign(:token, nil)
+        |> get("/api/pleroma/aliases")
+
+      assert json_response_and_validate_schema(conn, 403) == %{
+               "error" => "Insufficient permissions: read:accounts."
+             }
+    end
+
+    test "with permissions", %{
+      conn: conn
+    } do
+      assert %{"aliases" => []} =
+               conn
+               |> get("/api/pleroma/aliases")
+               |> json_response_and_validate_schema(200)
+    end
+
+    test "with permissions and aliases", %{} do
+      user = insert(:user)
+      user2 = insert(:user)
+
+      assert {:ok, user} = user |> User.add_alias(user2)
+
+      %{user: _user, conn: conn} = oauth_access(["read:accounts"], user: user)
+
+      assert %{"aliases" => aliases} =
+               conn
+               |> get("/api/pleroma/aliases")
+               |> json_response_and_validate_schema(200)
+
+      assert aliases == [user2 |> User.full_nickname()]
+    end
+  end
+
+  describe "PUT /api/pleroma/aliases" do
+    setup do: oauth_access(["write:accounts"])
+
+    test "without permissions", %{conn: conn} do
+      conn =
+        conn
+        |> assign(:token, nil)
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/aliases", %{alias: "none"})
+
+      assert json_response_and_validate_schema(conn, 403) == %{
+               "error" => "Insufficient permissions: write:accounts."
+             }
+    end
+
+    test "with permissions, no alias param", %{
+      conn: conn
+    } do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/aliases", %{})
+
+      assert %{"error" => "Missing field: alias."} = json_response_and_validate_schema(conn, 400)
+    end
+
+    test "with permissions, with alias param", %{
+      conn: conn
+    } do
+      user2 = insert(:user)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/aliases", %{alias: user2 |> User.full_nickname()})
+
+      assert json_response_and_validate_schema(conn, 200) == %{
+               "status" => "success"
+             }
+    end
+  end
+
+  describe "DELETE /api/pleroma/aliases" do
+    setup do
+      alias_user = insert(:user)
+      non_alias_user = insert(:user)
+      user = insert(:user, also_known_as: [alias_user.ap_id])
+
+      oauth_access(["write:accounts"], user: user)
+      |> Map.put(:alias_user, alias_user)
+      |> Map.put(:non_alias_user, non_alias_user)
+    end
+
+    test "without permissions", %{conn: conn} do
+      conn =
+        conn
+        |> assign(:token, nil)
+        |> put_req_header("content-type", "application/json")
+        |> delete("/api/pleroma/aliases", %{alias: "none"})
+
+      assert json_response_and_validate_schema(conn, 403) == %{
+               "error" => "Insufficient permissions: write:accounts."
+             }
+    end
+
+    test "with permissions, no alias param", %{conn: conn} do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> delete("/api/pleroma/aliases", %{})
+
+      assert %{"error" => "Missing field: alias."} = json_response_and_validate_schema(conn, 400)
+    end
+
+    test "with permissions, account does not have such alias", %{
+      conn: conn,
+      non_alias_user: non_alias_user
+    } do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> delete("/api/pleroma/aliases", %{alias: non_alias_user |> User.full_nickname()})
+
+      assert %{"error" => "Account has no such alias."} =
+               json_response_and_validate_schema(conn, 404)
+    end
+
+    test "with permissions, account does have such alias", %{
+      conn: conn,
+      alias_user: alias_user
+    } do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> delete("/api/pleroma/aliases", %{alias: alias_user |> User.full_nickname()})
+
+      assert %{"status" => "success"} = json_response_and_validate_schema(conn, 200)
+    end
    end
  end