token = assigns[:token]
scopes = transform_scopes(scopes, options)
- matched_scopes = token && filter_descendants(scopes, token.scopes)
+ matched_scopes = (token && filter_descendants(scopes, token.scopes)) || []
cond do
- is_nil(token) ->
- maybe_perform_instance_privacy_check(conn, options)
-
- op == :| && Enum.any?(matched_scopes) ->
+ token && op == :| && Enum.any?(matched_scopes) ->
conn
- op == :& && matched_scopes == scopes ->
+ token && op == :& && matched_scopes == scopes ->
conn
options[:fallback] == :proceed_unauthenticated ->
])
with {:ok, updated_user} <- update_and_set_cache(changeset) do
- if user.is_admin && !updated_user.is_admin do
- # Tokens & authorizations containing any admin scopes must be revoked (revoking all).
- # This is an extra safety measure (tokens' admin scopes won't be accepted for non-admins).
+ if user.is_admin != updated_user.is_admin do
+ # Admin status change results in change of accessible OAuth scopes, and instead of changing
+ # already issued tokens we revoke them, requiring user to sign in again
global_sign_out(user)
end
@doc """
Lists the packs available on the instance as JSON.
- The information is public and does not require authentification. The format is
+ The information is public and does not require authentication. The format is
a map of "pack directory name" to pack.json contents.
"""
def list_packs(conn, _params) do
plug(
OAuthScopesPlug,
- %{scopes: ["read:statuses"]} when action in [:conversation, :conversation_statuses]
+ %{scopes: ["read:statuses"]}
+ when action in [:conversation, :conversation_statuses, :emoji_reactions_by]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:statuses"]}
+ when action in [:react_with_emoji, :unreact_with_emoji]
)
plug(
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]}
- when action in [:do_remote_follow, :follow_import]
+ when action == :follow_import
+ )
+
+ # Note: follower can submit the form (with password auth) not being signed in (having no token)
+ plug(
+ OAuthScopesPlug,
+ %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
+ when action == :do_remote_follow
)
plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)
end
end
+ def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}})
+ when not is_nil(user) do
+ with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
+ {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
+ conn
+ |> render("followed.html", %{error: false})
+ else
+ # Was already following user
+ {:error, "Could not follow user:" <> _rest} ->
+ render(conn, "followed.html", %{error: "Error following account"})
+
+ {:fetch_user, error} ->
+ Logger.debug("Remote follow failed with error #{inspect(error)}")
+ render(conn, "followed.html", %{error: "Could not find user"})
+
+ e ->
+ Logger.debug("Remote follow failed with error #{inspect(e)}")
+ render(conn, "followed.html", %{error: "Something went wrong."})
+ end
+ end
+
+ # Note: "id" is the id of followee user, disregard incorrect placing under "authorization"
def do_remote_follow(conn, %{
"authorization" => %{"name" => username, "password" => password, "id" => id}
}) do
end
end
- def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
- with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
- {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
- conn
- |> render("followed.html", %{error: false})
- else
- # Was already following user
- {:error, "Could not follow user:" <> _rest} ->
- render(conn, "followed.html", %{error: "Error following account"})
-
- {:fetch_user, error} ->
- Logger.debug("Remote follow failed with error #{inspect(error)}")
- render(conn, "followed.html", %{error: "Could not find user"})
+ def do_remote_follow(%{assigns: %{user: nil}} = conn, _) do
+ render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."})
+ end
- e ->
- Logger.debug("Remote follow failed with error #{inspect(e)}")
- render(conn, "followed.html", %{error: "Something went wrong."})
- end
+ def do_remote_follow(conn, _) do
+ render(conn, "followed.html", %{error: "Something went wrong."})
end
def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
end
def delete_account(%{assigns: %{user: user}} = conn, params) do
- case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+ password = params["password"] || ""
+
+ case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} ->
User.delete(user)
json(conn, %{status: "success"})
assert Notification.create_notification(activity, user)
end
- test "it creates a notificatin for the user if the user mutes the activity author" do
+ test "it creates a notification for the user if the user mutes the activity author" do
muter = insert(:user)
muted = insert(:user)
{:ok, _} = User.mute(muter, muted)
:ok
end
- describe "when `assigns[:token]` is nil, " do
- test "with :skip_instance_privacy_check option, proceeds with no op", %{conn: conn} do
- conn =
- conn
- |> assign(:user, insert(:user))
- |> OAuthScopesPlug.call(%{scopes: ["read"], skip_instance_privacy_check: true})
-
- refute conn.halted
- assert conn.assigns[:user]
-
- refute called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
- end
-
- test "without :skip_instance_privacy_check option, calls EnsurePublicOrAuthenticatedPlug", %{
- conn: conn
- } do
- conn =
- conn
- |> assign(:user, insert(:user))
- |> OAuthScopesPlug.call(%{scopes: ["read"]})
-
- refute conn.halted
- assert conn.assigns[:user]
-
- assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
- end
- end
-
test "if `token.scopes` fulfills specified 'any of' conditions, " <>
"proceeds with no op",
%{conn: conn} do
end
describe "with `fallback: :proceed_unauthenticated` option, " do
- test "if `token.scopes` doesn't fulfill specified 'any of' conditions, " <>
- "clears `assigns[:user]` and calls EnsurePublicOrAuthenticatedPlug",
- %{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
-
- conn =
- conn
- |> assign(:user, token.user)
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{scopes: ["follow"], fallback: :proceed_unauthenticated})
-
- refute conn.halted
- refute conn.assigns[:user]
-
- assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
- end
-
- test "if `token.scopes` doesn't fulfill specified 'all of' conditions, " <>
- "clears `assigns[:user] and calls EnsurePublicOrAuthenticatedPlug",
+ test "if `token.scopes` doesn't fulfill specified conditions, " <>
+ "clears :user and :token assigns and calls EnsurePublicOrAuthenticatedPlug",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
-
- conn =
- conn
- |> assign(:user, token.user)
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{
- scopes: ["read", "follow"],
- op: :&,
- fallback: :proceed_unauthenticated
- })
-
- refute conn.halted
- refute conn.assigns[:user]
-
- assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ user = insert(:user)
+ token1 = insert(:oauth_token, scopes: ["read", "write"], user: user)
+
+ for token <- [token1, nil], op <- [:|, :&] do
+ ret_conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{
+ scopes: ["follow"],
+ op: op,
+ fallback: :proceed_unauthenticated
+ })
+
+ refute ret_conn.halted
+ refute ret_conn.assigns[:user]
+ refute ret_conn.assigns[:token]
+
+ assert called(EnsurePublicOrAuthenticatedPlug.call(ret_conn, :_))
+ end
end
test "with :skip_instance_privacy_check option, " <>
"if `token.scopes` doesn't fulfill specified conditions, " <>
- "clears `assigns[:user]` and does not call EnsurePublicOrAuthenticatedPlug",
+ "clears :user and :token assigns and does NOT call EnsurePublicOrAuthenticatedPlug",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read:statuses", "write"]) |> Repo.preload(:user)
-
- conn =
- conn
- |> assign(:user, token.user)
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{
- scopes: ["read"],
- fallback: :proceed_unauthenticated,
- skip_instance_privacy_check: true
- })
-
- refute conn.halted
- refute conn.assigns[:user]
-
- refute called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ user = insert(:user)
+ token1 = insert(:oauth_token, scopes: ["read:statuses", "write"], user: user)
+
+ for token <- [token1, nil], op <- [:|, :&] do
+ ret_conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{
+ scopes: ["read"],
+ op: op,
+ fallback: :proceed_unauthenticated,
+ skip_instance_privacy_check: true
+ })
+
+ refute ret_conn.halted
+ refute ret_conn.assigns[:user]
+ refute ret_conn.assigns[:token]
+
+ refute called(EnsurePublicOrAuthenticatedPlug.call(ret_conn, :_))
+ end
end
end
test "if `token.scopes` does not fulfill specified 'any of' conditions, " <>
"returns 403 and halts",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"])
- any_of_scopes = ["follow"]
+ for token <- [insert(:oauth_token, scopes: ["read", "write"]), nil] do
+ any_of_scopes = ["follow", "push"]
- conn =
- conn
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{scopes: any_of_scopes})
+ ret_conn =
+ conn
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{scopes: any_of_scopes})
- assert conn.halted
- assert 403 == conn.status
+ assert ret_conn.halted
+ assert 403 == ret_conn.status
- expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, ", ")}."
- assert Jason.encode!(%{error: expected_error}) == conn.resp_body
+ expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, " | ")}."
+ assert Jason.encode!(%{error: expected_error}) == ret_conn.resp_body
+ end
end
test "if `token.scopes` does not fulfill specified 'all of' conditions, " <>
"returns 403 and halts",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"])
- all_of_scopes = ["write", "follow"]
+ for token <- [insert(:oauth_token, scopes: ["read", "write"]), nil] do
+ token_scopes = (token && token.scopes) || []
+ all_of_scopes = ["write", "follow"]
- conn =
- conn
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})
+ conn =
+ conn
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})
- assert conn.halted
- assert 403 == conn.status
+ assert conn.halted
+ assert 403 == conn.status
- expected_error =
- "Insufficient permissions: #{Enum.join(all_of_scopes -- token.scopes, ", ")}."
+ expected_error =
+ "Insufficient permissions: #{Enum.join(all_of_scopes -- token_scopes, " & ")}."
- assert Jason.encode!(%{error: expected_error}) == conn.resp_body
+ assert Jason.encode!(%{error: expected_error}) == conn.resp_body
+ end
end
end
# The default endpoint for testing
@endpoint Pleroma.Web.Endpoint
+
+ # Sets up OAuth access with specified scopes
+ defp oauth_access(scopes, opts \\ %{}) do
+ user =
+ Map.get_lazy(opts, :user, fn ->
+ Pleroma.Factory.insert(:user)
+ end)
+
+ token =
+ Map.get_lazy(opts, :oauth_token, fn ->
+ Pleroma.Factory.insert(:oauth_token, user: user, scopes: scopes)
+ end)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> assign(:token, token)
+
+ %{user: user, token: token, conn: conn}
+ end
end
end
%Pleroma.Web.OAuth.App{
client_name: "Some client",
redirect_uris: "https://example.com/callback",
- scopes: ["read", "write", "follow", "push"],
+ scopes: ["read", "write", "follow", "push", "admin"],
website: "https://example.com",
client_id: Ecto.UUID.generate(),
client_secret: "aaa;/&bbb"
}
end
- def oauth_token_factory do
- oauth_app = insert(:oauth_app)
+ def oauth_token_factory(attrs \\ %{}) do
+ scopes = Map.get(attrs, :scopes, ["read"])
+ oauth_app = Map.get_lazy(attrs, :app, fn -> insert(:oauth_app, scopes: scopes) end)
+ user = Map.get_lazy(attrs, :user, fn -> build(:user) end)
+
+ valid_until =
+ Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
%Pleroma.Web.OAuth.Token{
token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
- scopes: ["read"],
refresh_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
- user: build(:user),
- app_id: oauth_app.id,
- valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)
+ scopes: scopes,
+ user: user,
+ app: oauth_app,
+ valid_until: valid_until
}
end
+ def oauth_admin_token_factory(attrs \\ %{}) do
+ user = Map.get_lazy(attrs, :user, fn -> build(:user, is_admin: true) end)
+
+ scopes =
+ attrs
+ |> Map.get(:scopes, ["admin"])
+ |> Kernel.++(["admin"])
+ |> Enum.uniq()
+
+ attrs = Map.merge(attrs, %{user: user, scopes: scopes})
+ oauth_token_factory(attrs)
+ end
+
def oauth_authorization_factory do
%Pleroma.Web.OAuth.Authorization{
token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false),
:ok
end
- clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
- Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+ setup do
+ admin = insert(:user, is_admin: true)
+ token = insert(:oauth_admin_token, user: admin)
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, token)
+
+ {:ok, %{admin: admin, token: token, conn: conn}}
end
describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
end
- test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope" do
+ test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
+ %{admin: admin} do
user = insert(:user)
- admin = insert(:user, is_admin: true)
url = "/api/pleroma/admin/users/#{user.nickname}"
good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
end
end
+ describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
+ clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+ end
+
+ test "GET /api/pleroma/admin/users/:nickname requires " <>
+ "read:accounts or admin:read:accounts or broader scope",
+ %{admin: admin} do
+ user = insert(:user)
+ url = "/api/pleroma/admin/users/#{user.nickname}"
+
+ good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+ good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+ good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+ good_token4 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+ good_token5 = insert(:oauth_token, user: admin, scopes: ["read"])
+
+ good_tokens = [good_token1, good_token2, good_token3, good_token4, good_token5]
+
+ bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts:partial"])
+ bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+ bad_token3 = nil
+
+ for good_token <- good_tokens do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, 200)
+ end
+
+ for good_token <- good_tokens do
+ conn =
+ build_conn()
+ |> assign(:user, nil)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+
+ for bad_token <- [bad_token1, bad_token2, bad_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, bad_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+ end
+ end
+
describe "DELETE /api/pleroma/admin/users" do
- test "single user" do
- admin = insert(:user, is_admin: true)
+ test "single user", %{admin: admin, conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")
assert json_response(conn, 200) == user.nickname
end
- test "multiple users" do
- admin = insert(:user, is_admin: true)
+ test "multiple users", %{admin: admin, conn: conn} do
user_one = insert(:user)
user_two = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users", %{
nicknames: [user_one.nickname, user_two.nickname]
end
describe "/api/pleroma/admin/users" do
- test "Create" do
- admin = insert(:user, is_admin: true)
-
+ test "Create", %{conn: conn} do
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
assert ["lain", "lain2"] -- Enum.map(log_entry.data["subjects"], & &1["nickname"]) == []
end
- test "Cannot create user with existing email" do
- admin = insert(:user, is_admin: true)
+ test "Cannot create user with existing email", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
]
end
- test "Cannot create user with existing nickname" do
- admin = insert(:user, is_admin: true)
+ test "Cannot create user with existing nickname", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
]
end
- test "Multiple user creation works in transaction" do
- admin = insert(:user, is_admin: true)
+ test "Multiple user creation works in transaction", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
describe "/api/pleroma/admin/users/:nickname" do
test "Show", %{conn: conn} do
- admin = insert(:user, is_admin: true)
user = insert(:user)
- conn =
- conn
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users/#{user.nickname}")
+ conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")
expected = %{
"deactivated" => false,
end
test "when the user doesn't exist", %{conn: conn} do
- admin = insert(:user, is_admin: true)
user = build(:user)
- conn =
- conn
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users/#{user.nickname}")
+ conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")
assert "Not found" == json_response(conn, 404)
end
end
describe "/api/pleroma/admin/users/follow" do
- test "allows to force-follow another user" do
- admin = insert(:user, is_admin: true)
+ test "allows to force-follow another user", %{admin: admin, conn: conn} do
user = insert(:user)
follower = insert(:user)
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/follow", %{
"follower" => follower.nickname,
end
describe "/api/pleroma/admin/users/unfollow" do
- test "allows to force-unfollow another user" do
- admin = insert(:user, is_admin: true)
+ test "allows to force-unfollow another user", %{admin: admin, conn: conn} do
user = insert(:user)
follower = insert(:user)
User.follow(follower, user)
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/unfollow", %{
"follower" => follower.nickname,
end
describe "PUT /api/pleroma/admin/users/tag" do
- setup do
- admin = insert(:user, is_admin: true)
+ setup %{conn: conn} do
user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y"]})
user3 = insert(:user, %{tags: ["unchanged"]})
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> put(
- "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
- user2.nickname
- }&tags[]=foo&tags[]=bar"
+ "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+ "#{user2.nickname}&tags[]=foo&tags[]=bar"
)
- %{conn: conn, admin: admin, user1: user1, user2: user2, user3: user3}
+ %{conn: conn, user1: user1, user2: user2, user3: user3}
end
test "it appends specified tags to users with specified nicknames", %{
end
describe "DELETE /api/pleroma/admin/users/tag" do
- setup do
- admin = insert(:user, is_admin: true)
+ setup %{conn: conn} do
user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y", "z"]})
user3 = insert(:user, %{tags: ["unchanged"]})
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete(
- "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
- user2.nickname
- }&tags[]=x&tags[]=z"
+ "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+ "#{user2.nickname}&tags[]=x&tags[]=z"
)
- %{conn: conn, admin: admin, user1: user1, user2: user2, user3: user3}
+ %{conn: conn, user1: user1, user2: user2, user3: user3}
end
test "it removes specified tags from users with specified nicknames", %{
end
describe "/api/pleroma/admin/users/:nickname/permission_group" do
- test "GET is giving user_info" do
- admin = insert(:user, is_admin: true)
-
+ test "GET is giving user_info", %{admin: admin, conn: conn} do
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> get("/api/pleroma/admin/users/#{admin.nickname}/permission_group/")
}
end
- test "/:right POST, can add to a permission group" do
- admin = insert(:user, is_admin: true)
+ test "/:right POST, can add to a permission group", %{admin: admin, conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
"@#{admin.nickname} made @#{user.nickname} admin"
end
- test "/:right POST, can add to a permission group (multiple)" do
- admin = insert(:user, is_admin: true)
+ test "/:right POST, can add to a permission group (multiple)", %{admin: admin, conn: conn} do
user_one = insert(:user)
user_two = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/permission_group/admin", %{
nicknames: [user_one.nickname, user_two.nickname]
})
- assert json_response(conn, 200) == %{
- "is_admin" => true
- }
+ assert json_response(conn, 200) == %{"is_admin" => true}
log_entry = Repo.one(ModerationLog)
"@#{admin.nickname} made @#{user_one.nickname}, @#{user_two.nickname} admin"
end
- test "/:right DELETE, can remove from a permission group" do
- admin = insert(:user, is_admin: true)
+ test "/:right DELETE, can remove from a permission group", %{admin: admin, conn: conn} do
user = insert(:user, is_admin: true)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
- assert json_response(conn, 200) == %{
- "is_admin" => false
- }
+ assert json_response(conn, 200) == %{"is_admin" => false}
log_entry = Repo.one(ModerationLog)
"@#{admin.nickname} revoked admin role from @#{user.nickname}"
end
- test "/:right DELETE, can remove from a permission group (multiple)" do
- admin = insert(:user, is_admin: true)
+ test "/:right DELETE, can remove from a permission group (multiple)", %{
+ admin: admin,
+ conn: conn
+ } do
user_one = insert(:user, is_admin: true)
user_two = insert(:user, is_admin: true)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users/permission_group/admin", %{
nicknames: [user_one.nickname, user_two.nickname]
})
- assert json_response(conn, 200) == %{
- "is_admin" => false
- }
+ assert json_response(conn, 200) == %{"is_admin" => false}
log_entry = Repo.one(ModerationLog)
end
describe "POST /api/pleroma/admin/email_invite, with valid config" do
- setup do
- [user: insert(:user, is_admin: true)]
- end
-
clear_config([:instance, :registrations_open]) do
Pleroma.Config.put([:instance, :registrations_open], false)
end
Pleroma.Config.put([:instance, :invites_enabled], true)
end
- test "sends invitation and returns 204", %{conn: conn, user: user} do
+ test "sends invitation and returns 204", %{admin: admin, conn: conn} do
recipient_email = "foo@bar.com"
recipient_name = "J. D."
conn =
- conn
- |> assign(:user, user)
- |> post(
+ post(
+ conn,
"/api/pleroma/admin/users/email_invite?email=#{recipient_email}&name=#{recipient_name}"
)
email =
Pleroma.Emails.UserEmail.user_invitation_email(
- user,
+ admin,
token_record,
recipient_email,
recipient_name
)
end
- test "it returns 403 if requested by a non-admin", %{conn: conn} do
+ test "it returns 403 if requested by a non-admin" do
non_admin_user = insert(:user)
+ token = insert(:oauth_token, user: non_admin_user)
conn =
- conn
+ build_conn()
|> assign(:user, non_admin_user)
+ |> assign(:token, token)
|> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
assert json_response(conn, :forbidden)
end
describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
- setup do
- [user: insert(:user, is_admin: true)]
- end
-
clear_config([:instance, :registrations_open])
clear_config([:instance, :invites_enabled])
- test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
+ test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
Pleroma.Config.put([:instance, :registrations_open], false)
Pleroma.Config.put([:instance, :invites_enabled], false)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
+ conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
assert json_response(conn, :internal_server_error)
end
- test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
+ test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
Pleroma.Config.put([:instance, :registrations_open], true)
Pleroma.Config.put([:instance, :invites_enabled], true)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
+ conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
assert json_response(conn, :internal_server_error)
end
end
- test "/api/pleroma/admin/users/:nickname/password_reset" do
- admin = insert(:user, is_admin: true)
+ test "/api/pleroma/admin/users/:nickname/password_reset", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> get("/api/pleroma/admin/users/#{user.nickname}/password_reset")
end
describe "GET /api/pleroma/admin/users" do
- setup do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn, admin: admin}
- end
-
test "renders users array for the first page", %{conn: conn, admin: admin} do
user = insert(:user, local: false, tags: ["foo", "bar"])
conn = get(conn, "/api/pleroma/admin/users?page=1")
test "only local users" do
admin = insert(:user, is_admin: true, nickname: "john")
+ token = insert(:oauth_admin_token, user: admin)
user = insert(:user, nickname: "bob")
insert(:user, nickname: "bobb", local: false)
conn =
build_conn()
|> assign(:user, admin)
+ |> assign(:token, token)
|> get("/api/pleroma/admin/users?query=bo&filters=local")
assert json_response(conn, 200) == %{
}
end
- test "only local users with no query", %{admin: old_admin} do
+ test "only local users with no query", %{conn: conn, admin: old_admin} do
admin = insert(:user, is_admin: true, nickname: "john")
user = insert(:user, nickname: "bob")
insert(:user, nickname: "bobb", local: false)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users?filters=local")
+ conn = get(conn, "/api/pleroma/admin/users?filters=local")
users =
[
test "it works with multiple filters" do
admin = insert(:user, nickname: "john", is_admin: true)
+ token = insert(:oauth_admin_token, user: admin)
user = insert(:user, nickname: "bob", local: false, deactivated: true)
insert(:user, nickname: "ken", local: true, deactivated: true)
conn =
build_conn()
|> assign(:user, admin)
+ |> assign(:token, token)
|> get("/api/pleroma/admin/users?filters=deactivated,external")
assert json_response(conn, 200) == %{
}
end
- test "it omits relay user", %{admin: admin} do
+ test "it omits relay user", %{admin: admin, conn: conn} do
assert %User{} = Relay.get_actor()
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users")
+ conn = get(conn, "/api/pleroma/admin/users")
assert json_response(conn, 200) == %{
"count" => 1,
end
end
- test "PATCH /api/pleroma/admin/users/activate" do
- admin = insert(:user, is_admin: true)
+ test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
user_one = insert(:user, deactivated: true)
user_two = insert(:user, deactivated: true)
conn =
- build_conn()
- |> assign(:user, admin)
- |> patch(
+ patch(
+ conn,
"/api/pleroma/admin/users/activate",
%{nicknames: [user_one.nickname, user_two.nickname]}
)
"@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
end
- test "PATCH /api/pleroma/admin/users/deactivate" do
- admin = insert(:user, is_admin: true)
+ test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
user_one = insert(:user, deactivated: false)
user_two = insert(:user, deactivated: false)
conn =
- build_conn()
- |> assign(:user, admin)
- |> patch(
+ patch(
+ conn,
"/api/pleroma/admin/users/deactivate",
%{nicknames: [user_one.nickname, user_two.nickname]}
)
"@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
end
- test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
- admin = insert(:user, is_admin: true)
+ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
user = insert(:user)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
+ conn = patch(conn, "/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
assert json_response(conn, 200) ==
%{
end
describe "POST /api/pleroma/admin/users/invite_token" do
- setup do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn}
- end
-
test "without options", %{conn: conn} do
conn = post(conn, "/api/pleroma/admin/users/invite_token")
end
describe "GET /api/pleroma/admin/users/invites" do
- setup do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn}
- end
-
test "no invites", %{conn: conn} do
conn = get(conn, "/api/pleroma/admin/users/invites")
end
describe "POST /api/pleroma/admin/users/revoke_invite" do
- test "with token" do
- admin = insert(:user, is_admin: true)
+ test "with token", %{conn: conn} do
{:ok, invite} = UserInviteToken.create_invite()
- conn =
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
+ conn = post(conn, "/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
assert json_response(conn, 200) == %{
"expires_at" => nil,
}
end
- test "with invalid token" do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
+ test "with invalid token", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
assert json_response(conn, :not_found) == "Not found"
end
end
describe "GET /api/pleroma/admin/reports/:id" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin)}
- end
-
test "returns report by its id", %{conn: conn} do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
end
describe "PATCH /api/pleroma/admin/reports" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
})
%{
- conn: assign(conn, :user, admin),
id: report_id,
- admin: admin,
second_report_id: second_report_id
}
end
end
describe "GET /api/pleroma/admin/reports" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin)}
- end
-
test "returns empty response when no reports created", %{conn: conn} do
response =
conn
test "returns 403 when requested by a non-admin" do
user = insert(:user)
+ token = insert(:oauth_token, user: user)
conn =
build_conn()
|> assign(:user, user)
+ |> assign(:token, token)
|> get("/api/pleroma/admin/reports")
assert json_response(conn, :forbidden) ==
end
test "returns 403 when requested by anonymous" do
- conn =
- build_conn()
- |> get("/api/pleroma/admin/reports")
+ conn = get(build_conn(), "/api/pleroma/admin/reports")
assert json_response(conn, :forbidden) == %{"error" => "Invalid credentials."}
end
end
describe "GET /api/pleroma/admin/grouped_reports" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
[reporter, target_user] = insert_pair(:user)
date1 = (DateTime.to_unix(DateTime.utc_now()) + 1000) |> DateTime.from_unix!()
})
%{
- conn: assign(conn, :user, admin),
first_status: Activity.get_by_ap_id_with_object(first_status.data["id"]),
second_status: Activity.get_by_ap_id_with_object(second_status.data["id"]),
third_status: Activity.get_by_ap_id_with_object(third_status.data["id"]),
end
describe "PUT /api/pleroma/admin/statuses/:id" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
activity = insert(:note_activity)
- %{conn: assign(conn, :user, admin), id: activity.id, admin: admin}
+ %{id: activity.id}
end
test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do
end
test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
- conn =
- conn
- |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "test"})
+ conn = put(conn, "/api/pleroma/admin/statuses/#{id}", %{"visibility" => "test"})
assert json_response(conn, :bad_request) == "Unsupported visibility"
end
end
describe "DELETE /api/pleroma/admin/statuses/:id" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
activity = insert(:note_activity)
- %{conn: assign(conn, :user, admin), id: activity.id, admin: admin}
+ %{id: activity.id}
end
test "deletes status", %{conn: conn, id: id, admin: admin} do
end
test "returns error when status is not exist", %{conn: conn} do
- conn =
- conn
- |> delete("/api/pleroma/admin/statuses/test")
+ conn = delete(conn, "/api/pleroma/admin/statuses/test")
assert json_response(conn, :bad_request) == "Could not delete"
end
end
describe "GET /api/pleroma/admin/config" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin)}
- end
-
test "without any settings in db", %{conn: conn} do
conn = get(conn, "/api/pleroma/admin/config")
end
describe "POST /api/pleroma/admin/config" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
+ setup do
temp_file = "config/test.exported_from_db.secret.exs"
on_exit(fn ->
Application.delete_env(:pleroma, Pleroma.Captcha.NotReal)
:ok = File.rm(temp_file)
end)
-
- %{conn: assign(conn, :user, admin)}
end
clear_config([:instance, :dynamic_configuration]) do
end
describe "config mix tasks run" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
+ setup do
temp_file = "config/test.exported_from_db.secret.exs"
Mix.shell(Mix.Shell.Quiet)
:ok = File.rm(temp_file)
end)
- %{conn: assign(conn, :user, admin), admin: admin}
+ :ok
end
clear_config([:instance, :dynamic_configuration]) do
Pleroma.Config.put([:feed, :post_title], %{max_length: 100, omission: "…"})
end
- test "transfer settings to DB and to file", %{conn: conn, admin: admin} do
+ test "transfer settings to DB and to file", %{conn: conn} do
assert Pleroma.Repo.all(Pleroma.Web.AdminAPI.Config) == []
- conn = get(conn, "/api/pleroma/admin/config/migrate_to_db")
- assert json_response(conn, 200) == %{}
+ ret_conn = get(conn, "/api/pleroma/admin/config/migrate_to_db")
+ assert json_response(ret_conn, 200) == %{}
assert Pleroma.Repo.all(Pleroma.Web.AdminAPI.Config) > 0
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/config/migrate_from_db")
+ ret_conn = get(conn, "/api/pleroma/admin/config/migrate_from_db")
- assert json_response(conn, 200) == %{}
+ assert json_response(ret_conn, 200) == %{}
assert Pleroma.Repo.all(Pleroma.Web.AdminAPI.Config) == []
end
end
describe "GET /api/pleroma/admin/users/:nickname/statuses" do
setup do
- admin = insert(:user, is_admin: true)
user = insert(:user)
date1 = (DateTime.to_unix(DateTime.utc_now()) + 2000) |> DateTime.from_unix!()
insert(:note_activity, user: user, published: date2)
insert(:note_activity, user: user, published: date3)
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn, user: user}
+ %{user: user}
end
test "renders user's statuses", %{conn: conn, user: user} do
end
describe "GET /api/pleroma/admin/moderation_log" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
moderator = insert(:user, is_moderator: true)
- %{conn: assign(conn, :user, admin), admin: admin, moderator: moderator}
+ %{moderator: moderator}
end
test "returns the log", %{conn: conn, admin: admin} do
end
describe "PATCH /users/:nickname/force_password_reset" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ test "sets password_reset_pending to true", %{conn: conn} do
user = insert(:user)
-
- %{conn: assign(conn, :user, admin), admin: admin, user: user}
- end
-
- test "sets password_reset_pending to true", %{admin: admin, user: user} do
assert user.password_reset_pending == false
conn =
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/force_password_reset", %{nicknames: [user.nickname]})
+ patch(conn, "/api/pleroma/admin/users/force_password_reset", %{nicknames: [user.nickname]})
assert json_response(conn, 204) == ""
end
describe "relays" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "POST /relay", %{admin: admin} do
+ test "POST /relay", %{conn: conn, admin: admin} do
conn =
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/relay", %{
+ post(conn, "/api/pleroma/admin/relay", %{
relay_url: "http://mastodon.example.org/users/admin"
})
"@#{admin.nickname} followed relay: http://mastodon.example.org/users/admin"
end
- test "GET /relay", %{admin: admin} do
+ test "GET /relay", %{conn: conn} do
relay_user = Pleroma.Web.ActivityPub.Relay.get_actor()
["http://mastodon.example.org/users/admin", "https://mstdn.io/users/mayuutann"]
User.follow(relay_user, user)
end)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/relay")
+ conn = get(conn, "/api/pleroma/admin/relay")
assert json_response(conn, 200)["relays"] -- ["mastodon.example.org", "mstdn.io"] == []
end
- test "DELETE /relay", %{admin: admin} do
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/relay", %{
+ test "DELETE /relay", %{conn: conn, admin: admin} do
+ post(conn, "/api/pleroma/admin/relay", %{
relay_url: "http://mastodon.example.org/users/admin"
})
conn =
- build_conn()
- |> assign(:user, admin)
- |> delete("/api/pleroma/admin/relay", %{
+ delete(conn, "/api/pleroma/admin/relay", %{
relay_url: "http://mastodon.example.org/users/admin"
})
end
describe "instances" do
- test "GET /instances/:instance/statuses" do
- admin = insert(:user, is_admin: true)
+ test "GET /instances/:instance/statuses", %{conn: conn} do
user = insert(:user, local: false, nickname: "archaeme@archae.me")
user2 = insert(:user, local: false, nickname: "test@test.com")
insert_pair(:note_activity, user: user)
insert(:note_activity, user: user2)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/instances/archae.me/statuses")
+ ret_conn = get(conn, "/api/pleroma/admin/instances/archae.me/statuses")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert length(response) == 2
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/instances/test.com/statuses")
+ ret_conn = get(conn, "/api/pleroma/admin/instances/test.com/statuses")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert length(response) == 1
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/instances/nonexistent.com/statuses")
+ ret_conn = get(conn, "/api/pleroma/admin/instances/nonexistent.com/statuses")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert length(response) == 0
end
end
describe "PATCH /confirm_email" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "it confirms emails of two users", %{admin: admin} do
+ test "it confirms emails of two users", %{conn: conn, admin: admin} do
[first_user, second_user] = insert_pair(:user, confirmation_pending: true)
assert first_user.confirmation_pending == true
assert second_user.confirmation_pending == true
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/confirm_email", %{
- nicknames: [
- first_user.nickname,
- second_user.nickname
- ]
- })
+ ret_conn =
+ patch(conn, "/api/pleroma/admin/users/confirm_email", %{
+ nicknames: [
+ first_user.nickname,
+ second_user.nickname
+ ]
+ })
+
+ assert ret_conn.status == 200
assert first_user.confirmation_pending == true
assert second_user.confirmation_pending == true
end
describe "PATCH /resend_confirmation_email" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "it resend emails for two users", %{admin: admin} do
+ test "it resend emails for two users", %{conn: conn, admin: admin} do
[first_user, second_user] = insert_pair(:user, confirmation_pending: true)
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/resend_confirmation_email", %{
- nicknames: [
- first_user.nickname,
- second_user.nickname
- ]
- })
+ ret_conn =
+ patch(conn, "/api/pleroma/admin/users/resend_confirmation_email", %{
+ nicknames: [
+ first_user.nickname,
+ second_user.nickname
+ ]
+ })
+
+ assert ret_conn.status == 200
log_entry = Repo.one(ModerationLog)
end
describe "POST /reports/:id/notes" do
- setup do
- admin = insert(:user, is_admin: true)
+ setup %{conn: conn, admin: admin} do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
"status_ids" => [activity.id]
})
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+ post(conn, "/api/pleroma/admin/reports/#{report_id}/notes", %{
content: "this is disgusting!"
})
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+ post(conn, "/api/pleroma/admin/reports/#{report_id}/notes", %{
content: "this is disgusting2!"
})
%{
admin_id: admin.id,
- report_id: report_id,
- admin: admin
+ report_id: report_id
}
end
} = note
end
- test "it returns reports with notes", %{admin: admin} do
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/reports")
+ test "it returns reports with notes", %{conn: conn, admin: admin} do
+ conn = get(conn, "/api/pleroma/admin/reports")
response = json_response(conn, 200)
notes = hd(response["reports"])["notes"]
assert response["total"] == 1
end
- test "it deletes the note", %{admin: admin, report_id: report_id} do
+ test "it deletes the note", %{conn: conn, report_id: report_id} do
assert ReportNote |> Repo.all() |> length() == 2
[note, _] = Repo.all(ReportNote)
- build_conn()
- |> assign(:user, admin)
- |> delete("/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
+ delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
assert ReportNote |> Repo.all() |> length() == 1
end
clear_config([:instance, :allow_relay])
describe "posting statuses" do
- setup do
- user = insert(:user)
-
- conn =
- build_conn()
- |> assign(:user, user)
-
- [conn: conn]
- end
+ setup do: oauth_access(["write:statuses"])
test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
Pleroma.Config.put([:instance, :federating], true)
Pleroma.Config.get([:instance, :allow_relay], true)
- user = insert(:user)
response =
conn
- |> assign(:user, user)
|> post("api/v1/statuses", %{
"content_type" => "text/plain",
"source" => "Pleroma FE",
response =
conn
- |> assign(:user, user)
|> get("api/v1/statuses/#{response["id"]}", %{})
|> json_response(200)
NaiveDateTime.to_iso8601(expiration.scheduled_at)
end
- test "posting an undefined status with an attachment", %{conn: conn} do
- user = insert(:user)
-
+ test "posting an undefined status with an attachment", %{user: user, conn: conn} do
file = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
{:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"media_ids" => [to_string(upload.id)]
})
assert json_response(conn, 200)
end
- test "replying to a status", %{conn: conn} do
- user = insert(:user)
+ test "replying to a status", %{user: user, conn: conn} do
{:ok, replied_to} = CommonAPI.post(user, %{"status" => "cofe"})
conn =
assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
end
- test "replying to a direct message with visibility other than direct", %{conn: conn} do
- user = insert(:user)
+ test "replying to a direct message with visibility other than direct", %{
+ user: user,
+ conn: conn
+ } do
{:ok, replied_to} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
Enum.each(["public", "private", "unlisted"], fn visibility ->
end
test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
- conn =
- conn
- |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
+ conn = post(conn, "/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
assert %{"content" => "xD", "id" => id} = json_response(conn, 200)
assert Activity.get_by_id(id)
end
test "posting a sensitive status", %{conn: conn} do
- conn =
- conn
- |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
+ conn = post(conn, "/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
assert %{"content" => "cofe", "id" => id, "sensitive" => true} = json_response(conn, 200)
assert Activity.get_by_id(id)
test "posting a fake status", %{conn: conn} do
real_conn =
- conn
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" =>
"\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
})
|> Kernel.put_in(["pleroma", "conversation_id"], nil)
fake_conn =
- conn
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" =>
"\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
"preview" => true
Config.put([:rich_media, :enabled], true)
conn =
- conn
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "https://example.com/ogp"
})
user2 = insert(:user)
content = "direct cofe @#{user2.nickname}"
- conn =
- conn
- |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
+ conn = post(conn, "api/v1/statuses", %{"status" => content, "visibility" => "direct"})
assert %{"id" => id} = response = json_response(conn, 200)
assert response["visibility"] == "direct"
end
describe "posting scheduled statuses" do
+ setup do: oauth_access(["write:statuses"])
+
test "creates a scheduled activity", %{conn: conn} do
- user = insert(:user)
scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "scheduled",
"scheduled_at" => scheduled_at
})
assert [] == Repo.all(Activity)
end
- test "creates a scheduled activity with a media attachment", %{conn: conn} do
- user = insert(:user)
+ test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
file = %Plug.Upload{
{:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"media_ids" => [to_string(upload.id)],
"status" => "scheduled",
"scheduled_at" => scheduled_at
test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
%{conn: conn} do
- user = insert(:user)
-
scheduled_at =
NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "not scheduled",
"scheduled_at" => scheduled_at
})
assert [] == Repo.all(ScheduledActivity)
end
- test "returns error when daily user limit is exceeded", %{conn: conn} do
- user = insert(:user)
-
+ test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
today =
NaiveDateTime.utc_now()
|> NaiveDateTime.add(:timer.minutes(6), :millisecond)
{:ok, _} = ScheduledActivity.create(user, attrs)
{:ok, _} = ScheduledActivity.create(user, attrs)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
+ conn = post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
assert %{"error" => "daily limit exceeded"} == json_response(conn, 422)
end
- test "returns error when total user limit is exceeded", %{conn: conn} do
- user = insert(:user)
-
+ test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
today =
NaiveDateTime.utc_now()
|> NaiveDateTime.add(:timer.minutes(6), :millisecond)
{:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
+ post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
assert %{"error" => "total limit exceeded"} == json_response(conn, 422)
end
end
describe "posting polls" do
+ setup do: oauth_access(["write:statuses"])
+
test "posting a poll", %{conn: conn} do
- user = insert(:user)
time = NaiveDateTime.utc_now()
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "Who is the #bestgrill?",
"poll" => %{"options" => ["Rei", "Asuka", "Misato"], "expires_in" => 420}
})
end
test "option limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :max_options])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "desu~",
"poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
})
end
test "option character limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :max_option_chars])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "...",
"poll" => %{
"options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
end
test "minimal date limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :min_expiration])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "imagine arbitrary limits",
"poll" => %{
"options" => ["this post was made by pleroma gang"],
end
test "maximum date limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :max_expiration])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "imagine arbitrary limits",
"poll" => %{
"options" => ["this post was made by pleroma gang"],
end
end
- test "get a status", %{conn: conn} do
+ test "get a status" do
+ %{conn: conn} = oauth_access(["read:statuses"])
activity = insert(:note_activity)
- conn =
- conn
- |> get("/api/v1/statuses/#{activity.id}")
+ conn = get(conn, "/api/v1/statuses/#{activity.id}")
assert %{"id" => id} = json_response(conn, 200)
assert id == to_string(activity.id)
end
- test "get a direct status", %{conn: conn} do
- user = insert(:user)
+ test "get a direct status" do
+ %{user: user, conn: conn} = oauth_access(["read:statuses"])
other_user = insert(:user)
{:ok, activity} =
assert res["pleroma"]["direct_conversation_id"] == participation.id
end
- test "get statuses by IDs", %{conn: conn} do
+ test "get statuses by IDs" do
+ %{conn: conn} = oauth_access(["read:statuses"])
%{id: id1} = insert(:note_activity)
%{id: id2} = insert(:note_activity)
end
describe "deleting a status" do
- test "when you created it", %{conn: conn} do
- activity = insert(:note_activity)
- author = User.get_cached_by_ap_id(activity.data["actor"])
+ test "when you created it" do
+ %{user: author, conn: conn} = oauth_access(["write:statuses"])
+ activity = insert(:note_activity, user: author)
conn =
conn
refute Activity.get_by_id(activity.id)
end
- test "when you didn't create it", %{conn: conn} do
+ test "when you didn't create it" do
+ %{conn: conn} = oauth_access(["write:statuses"])
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> delete("/api/v1/statuses/#{activity.id}")
+ conn = delete(conn, "/api/v1/statuses/#{activity.id}")
assert %{"error" => _} = json_response(conn, 403)
res_conn =
conn
|> assign(:user, admin)
+ |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
|> delete("/api/v1/statuses/#{activity1.id}")
assert %{} = json_response(res_conn, 200)
res_conn =
conn
|> assign(:user, moderator)
+ |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
|> delete("/api/v1/statuses/#{activity2.id}")
assert %{} = json_response(res_conn, 200)
end
describe "reblogging" do
+ setup do: oauth_access(["write:statuses"])
+
test "reblogs and returns the reblogged status", %{conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/reblog")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog")
assert %{
"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
test "reblogs privately and returns the reblogged status", %{conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
assert %{
"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
assert to_string(activity.id) == id
end
- test "reblogged status for another user", %{conn: conn} do
+ test "reblogged status for another user" do
activity = insert(:note_activity)
user1 = insert(:user)
user2 = insert(:user)
{:ok, _, _object} = CommonAPI.repeat(activity.id, user2)
conn_res =
- conn
+ build_conn()
|> assign(:user, user3)
+ |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
|> get("/api/v1/statuses/#{reblog_activity1.id}")
assert %{
} = json_response(conn_res, 200)
conn_res =
- conn
+ build_conn()
|> assign(:user, user2)
+ |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
|> get("/api/v1/statuses/#{reblog_activity1.id}")
assert %{
end
test "returns 400 error when activity is not exist", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/foo/reblog")
+ conn = post(conn, "/api/v1/statuses/foo/reblog")
assert json_response(conn, 400) == %{"error" => "Could not repeat"}
end
end
describe "unreblogging" do
- test "unreblogs and returns the unreblogged status", %{conn: conn} do
+ setup do: oauth_access(["write:statuses"])
+
+ test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/unreblog")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/unreblog")
assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} = json_response(conn, 200)
end
test "returns 400 error when activity is not exist", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/foo/unreblog")
+ conn = post(conn, "/api/v1/statuses/foo/unreblog")
assert json_response(conn, 400) == %{"error" => "Could not unrepeat"}
end
end
describe "favoriting" do
+ setup do: oauth_access(["write:favourites"])
+
test "favs a status and returns it", %{conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/favourite")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/favourite")
assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
json_response(conn, 200)
end
test "returns 400 error for a wrong id", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/1/favourite")
+ conn = post(conn, "/api/v1/statuses/1/favourite")
assert json_response(conn, 400) == %{"error" => "Could not favorite"}
end
end
describe "unfavoriting" do
- test "unfavorites a status and returns it", %{conn: conn} do
+ setup do: oauth_access(["write:favourites"])
+
+ test "unfavorites a status and returns it", %{user: user, conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
{:ok, _, _} = CommonAPI.favorite(activity.id, user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/unfavourite")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/unfavourite")
assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
json_response(conn, 200)
end
test "returns 400 error for a wrong id", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/1/unfavourite")
+ conn = post(conn, "/api/v1/statuses/1/unfavourite")
assert json_response(conn, 400) == %{"error" => "Could not unfavorite"}
end
end
describe "pinned statuses" do
- setup do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+
+ setup %{user: user} do
{:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
- [user: user, activity: activity]
+ %{activity: activity}
end
clear_config([:instance, :max_pinned_statuses]) do
assert %{"id" => ^id_str, "pinned" => true} =
conn
- |> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/pin")
|> json_response(200)
assert [%{"id" => ^id_str, "pinned" => true}] =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
|> json_response(200)
end
test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
{:ok, dm} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{dm.id}/pin")
+ conn = post(conn, "/api/v1/statuses/#{dm.id}/pin")
assert json_response(conn, 400) == %{"error" => "Could not pin"}
end
test "unpin status", %{conn: conn, user: user, activity: activity} do
{:ok, _} = CommonAPI.pin(activity.id, user)
+ user = refresh_record(user)
id_str = to_string(activity.id)
- user = refresh_record(user)
assert %{"id" => ^id_str, "pinned" => false} =
conn
assert [] =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
|> json_response(200)
end
- test "/unpin: returns 400 error when activity is not exist", %{conn: conn, user: user} do
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/1/unpin")
+ test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do
+ conn = post(conn, "/api/v1/statuses/1/unpin")
assert json_response(conn, 400) == %{"error" => "Could not unpin"}
end
assert %{"id" => ^id_str_one, "pinned" => true} =
conn
- |> assign(:user, user)
|> post("/api/v1/statuses/#{id_str_one}/pin")
|> json_response(200)
setup do
Config.put([:rich_media, :enabled], true)
- user = insert(:user)
- %{user: user}
+ oauth_access(["read:statuses"])
end
test "returns rich-media card", %{conn: conn, user: user} do
response_two =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/card")
|> json_response(200)
end
test "bookmarks" do
- user = insert(:user)
- for_user = insert(:user)
+ %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
+ author = insert(:user)
{:ok, activity1} =
- CommonAPI.post(user, %{
+ CommonAPI.post(author, %{
"status" => "heweoo?"
})
{:ok, activity2} =
- CommonAPI.post(user, %{
+ CommonAPI.post(author, %{
"status" => "heweoo!"
})
- response1 =
- build_conn()
- |> assign(:user, for_user)
- |> post("/api/v1/statuses/#{activity1.id}/bookmark")
+ response1 = post(conn, "/api/v1/statuses/#{activity1.id}/bookmark")
assert json_response(response1, 200)["bookmarked"] == true
- response2 =
- build_conn()
- |> assign(:user, for_user)
- |> post("/api/v1/statuses/#{activity2.id}/bookmark")
+ response2 = post(conn, "/api/v1/statuses/#{activity2.id}/bookmark")
assert json_response(response2, 200)["bookmarked"] == true
- bookmarks =
- build_conn()
- |> assign(:user, for_user)
- |> get("/api/v1/bookmarks")
+ bookmarks = get(conn, "/api/v1/bookmarks")
assert [json_response(response2, 200), json_response(response1, 200)] ==
json_response(bookmarks, 200)
- response1 =
- build_conn()
- |> assign(:user, for_user)
- |> post("/api/v1/statuses/#{activity1.id}/unbookmark")
+ response1 = post(conn, "/api/v1/statuses/#{activity1.id}/unbookmark")
assert json_response(response1, 200)["bookmarked"] == false
- bookmarks =
- build_conn()
- |> assign(:user, for_user)
- |> get("/api/v1/bookmarks")
+ bookmarks = get(conn, "/api/v1/bookmarks")
assert [json_response(response2, 200)] == json_response(bookmarks, 200)
end
describe "conversation muting" do
+ setup do: oauth_access(["write:mutes"])
+
setup do
post_user = insert(:user)
- user = insert(:user)
-
{:ok, activity} = CommonAPI.post(post_user, %{"status" => "HIE"})
-
- [user: user, activity: activity]
+ %{activity: activity}
end
- test "mute conversation", %{conn: conn, user: user, activity: activity} do
+ test "mute conversation", %{conn: conn, activity: activity} do
id_str = to_string(activity.id)
assert %{"id" => ^id_str, "muted" => true} =
conn
- |> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/mute")
|> json_response(200)
end
test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
{:ok, _} = CommonAPI.add_mute(user, activity)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/mute")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/mute")
assert json_response(conn, 400) == %{"error" => "conversation is already muted"}
end
{:ok, _} = CommonAPI.add_mute(user, activity)
id_str = to_string(activity.id)
- user = refresh_record(user)
assert %{"id" => ^id_str, "muted" => false} =
conn
- |> assign(:user, user)
+ # |> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/unmute")
|> json_response(200)
end
conn1 =
conn
|> assign(:user, user2)
+ |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
|> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
assert %{"content" => "xD", "id" => id} = json_response(conn1, 200)
conn2 =
conn
|> assign(:user, user3)
+ |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
|> post("/api/v1/statuses/#{activity.id}/reblog")
assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
conn3 =
conn
|> assign(:user, user3)
+ |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
|> get("api/v1/timelines/home")
[reblogged_activity] = json_response(conn3, 200)
end
describe "GET /api/v1/statuses/:id/favourited_by" do
- setup do
- user = insert(:user)
- {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
+ setup do: oauth_access(["read:accounts"])
- conn =
- build_conn()
- |> assign(:user, user)
+ setup %{user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
- [conn: conn, activity: activity, user: user]
+ %{activity: activity}
end
test "returns users who have favorited the status", %{conn: conn, activity: activity} do
response =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/favourited_by")
|> json_response(:ok)
assert Enum.empty?(response)
end
- test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
+ test "does not fail on an unauthenticated request", %{activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
response =
- conn
- |> assign(:user, nil)
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}/favourited_by")
|> json_response(:ok)
assert id == other_user.id
end
- test "requires authentification for private posts", %{conn: conn, user: user} do
+ test "requires authentication for private posts", %{user: user} do
other_user = insert(:user)
{:ok, activity} =
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
- conn
- |> assign(:user, nil)
- |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+ favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
+
+ build_conn()
+ |> get(favourited_by_url)
|> json_response(404)
- response =
+ conn =
build_conn()
|> assign(:user, other_user)
- |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
+
+ conn
+ |> assign(:token, nil)
+ |> get(favourited_by_url)
+ |> json_response(404)
+
+ response =
+ conn
+ |> get(favourited_by_url)
|> json_response(200)
[%{"id" => id}] = response
end
describe "GET /api/v1/statuses/:id/reblogged_by" do
- setup do
- user = insert(:user)
- {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
+ setup do: oauth_access(["read:accounts"])
- conn =
- build_conn()
- |> assign(:user, user)
+ setup %{user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
- [conn: conn, activity: activity, user: user]
+ %{activity: activity}
end
test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
response =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
end
test "does not return users who have reblogged the status privately", %{
- conn: %{assigns: %{user: user}} = conn,
+ conn: conn,
activity: activity
} do
other_user = insert(:user)
response =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
assert Enum.empty?(response)
end
- test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
+ test "does not fail on an unauthenticated request", %{activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
response =
- conn
- |> assign(:user, nil)
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
assert id == other_user.id
end
- test "requires authentification for private posts", %{conn: conn, user: user} do
+ test "requires authentication for private posts", %{user: user} do
other_user = insert(:user)
{:ok, activity} =
"visibility" => "direct"
})
- conn
- |> assign(:user, nil)
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(404)
response =
build_conn()
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(200)
response =
build_conn()
- |> assign(:user, nil)
|> get("/api/v1/statuses/#{id3}/context")
|> json_response(:ok)
} = response
end
- test "returns the favorites of a user", %{conn: conn} do
- user = insert(:user)
+ test "returns the favorites of a user" do
+ %{user: user, conn: conn} = oauth_access(["read:favourites"])
other_user = insert(:user)
{:ok, _} = CommonAPI.post(other_user, %{"status" => "bla"})
{:ok, _, _} = CommonAPI.favorite(activity.id, user)
- first_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/favourites")
+ first_conn = get(conn, "/api/v1/favourites")
assert [status] = json_response(first_conn, 200)
assert status["id"] == to_string(activity.id)
last_like = status["id"]
- second_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/favourites?since_id=#{last_like}")
+ second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like}")
assert [second_status] = json_response(second_conn, 200)
assert second_status["id"] == to_string(second_activity.id)
- third_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/favourites?limit=0")
+ third_conn = get(conn, "/api/v1/favourites?limit=0")
assert [] = json_response(third_conn, 200)
end
test "renders authentication page if user is already authenticated but `force_login` is tru-ish",
%{app: app, conn: conn} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
app: app,
conn: conn
} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
app: app,
conn: conn
} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
conn: conn
} do
unlisted_redirect_uri = "http://cross-site-request.com"
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
app: app,
conn: conn
} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
result =
conn
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
|> post("/api/v1/pleroma/statuses/#{activity.id}/react_with_emoji", %{"emoji" => "☕"})
assert %{"id" => id} = json_response(result, 200)
result =
conn
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
|> post("/api/v1/pleroma/statuses/#{activity.id}/unreact_with_emoji", %{"emoji" => "☕"})
assert %{"id" => id} = json_response(result, 200)
{:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
+ conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:statuses"]))
+
result =
conn
|> get("/api/v1/pleroma/statuses/#{activity.id}/emoji_reactions_by")
assert represented_user["id"] == other_user.id
end
- test "/api/v1/pleroma/conversations/:id", %{conn: conn} do
+ test "/api/v1/pleroma/conversations/:id" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
{:ok, _activity} =
CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}!", "visibility" => "direct"})
result =
conn
- |> assign(:user, other_user)
|> get("/api/v1/pleroma/conversations/#{participation.id}")
|> json_response(200)
assert result["id"] == participation.id |> to_string()
end
- test "/api/v1/pleroma/conversations/:id/statuses", %{conn: conn} do
+ test "/api/v1/pleroma/conversations/:id/statuses" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
third_user = insert(:user)
{:ok, _activity} =
result =
conn
- |> assign(:user, other_user)
|> get("/api/v1/pleroma/conversations/#{participation.id}/statuses")
|> json_response(200)
assert [%{"id" => ^id_one}, %{"id" => ^id_two}] = result
end
- test "PATCH /api/v1/pleroma/conversations/:id", %{conn: conn} do
- user = insert(:user)
+ test "PATCH /api/v1/pleroma/conversations/:id" do
+ %{user: user, conn: conn} = oauth_access(["write:conversations"])
other_user = insert(:user)
{:ok, _activity} = CommonAPI.post(user, %{"status" => "Hi", "visibility" => "direct"})
result =
conn
- |> assign(:user, user)
|> patch("/api/v1/pleroma/conversations/#{participation.id}", %{
"recipients" => [user.id, other_user.id]
})
assert other_user in participation.recipients
end
- test "POST /api/v1/pleroma/conversations/read", %{conn: conn} do
+ test "POST /api/v1/pleroma/conversations/read" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["write:notifications"])
{:ok, _activity} =
CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}", "visibility" => "direct"})
[%{"unread" => false}, %{"unread" => false}] =
conn
- |> assign(:user, other_user)
|> post("/api/v1/pleroma/conversations/read", %{})
|> json_response(200)
end
describe "POST /api/v1/pleroma/notifications/read" do
- test "it marks a single notification as read", %{conn: conn} do
- user1 = insert(:user)
+ setup do: oauth_access(["write:notifications"])
+
+ test "it marks a single notification as read", %{user: user1, conn: conn} do
user2 = insert(:user)
{:ok, activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
{:ok, activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
response =
conn
- |> assign(:user, user1)
|> post("/api/v1/pleroma/notifications/read", %{"id" => "#{notification1.id}"})
|> json_response(:ok)
refute Repo.get(Notification, notification2.id).seen
end
- test "it marks multiple notifications as read", %{conn: conn} do
- user1 = insert(:user)
+ test "it marks multiple notifications as read", %{user: user1, conn: conn} do
user2 = insert(:user)
{:ok, _activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
{:ok, _activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
[response1, response2] =
conn
- |> assign(:user, user1)
|> post("/api/v1/pleroma/notifications/read", %{"max_id" => "#{notification2.id}"})
|> json_response(:ok)
end
test "it returns error when notification not found", %{conn: conn} do
- user1 = insert(:user)
-
response =
conn
- |> assign(:user, user1)
|> post("/api/v1/pleroma/notifications/read", %{"id" => "22222222222222"})
|> json_response(:bad_request)
use Pleroma.Web.ConnCase
use Oban.Testing, repo: Pleroma.Repo
- alias Pleroma.Repo
alias Pleroma.Tests.ObanHelpers
alias Pleroma.User
alias Pleroma.Web.CommonAPI
+
import ExUnit.CaptureLog
import Pleroma.Factory
import Mock
clear_config([:user, :deny_follow_blocked])
describe "POST /api/pleroma/follow_import" do
+ setup do: oauth_access(["follow"])
+
test "it returns HTTP 200", %{conn: conn} do
- user1 = insert(:user)
user2 = insert(:user)
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"})
|> json_response(:ok)
assert response == "job started"
end
- test "it imports follow lists from file", %{conn: conn} do
- user1 = insert(:user)
+ test "it imports follow lists from file", %{user: user1, conn: conn} do
user2 = insert(:user)
with_mocks([
]) do
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}})
|> json_response(:ok)
end
test "it imports new-style mastodon follow lists", %{conn: conn} do
- user1 = insert(:user)
user2 = insert(:user)
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/follow_import", %{
"list" => "Account address,Show boosts\n#{user2.ap_id},true"
})
assert response == "job started"
end
- test "requires 'follow' or 'write:follows' permissions", %{conn: conn} do
+ test "requires 'follow' or 'write:follows' permissions" do
token1 = insert(:oauth_token, scopes: ["read", "write"])
token2 = insert(:oauth_token, scopes: ["follow"])
token3 = insert(:oauth_token, scopes: ["something"])
for token <- [token1, token2, token3] do
conn =
- conn
+ build_conn()
|> put_req_header("authorization", "Bearer #{token.token}")
|> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"})
end
describe "POST /api/pleroma/blocks_import" do
+ # Note: "follow" or "write:blocks" permission is required
+ setup do: oauth_access(["write:blocks"])
+
test "it returns HTTP 200", %{conn: conn} do
- user1 = insert(:user)
user2 = insert(:user)
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"})
|> json_response(:ok)
assert response == "job started"
end
- test "it imports blocks users from file", %{conn: conn} do
- user1 = insert(:user)
+ test "it imports blocks users from file", %{user: user1, conn: conn} do
user2 = insert(:user)
user3 = insert(:user)
]) do
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}})
|> json_response(:ok)
end
describe "PUT /api/pleroma/notification_settings" do
- test "it updates notification settings", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+ test "it updates notification settings", %{user: user, conn: conn} do
conn
- |> assign(:user, user)
|> put("/api/pleroma/notification_settings", %{
"followers" => false,
"bar" => 1
})
|> json_response(:ok)
- user = Repo.get(User, user.id)
+ user = refresh_record(user)
assert %Pleroma.User.NotificationSetting{
followers: false,
} == user.notification_settings
end
- test "it update notificatin privacy option", %{conn: conn} do
- user = insert(:user)
-
+ test "it updates notification privacy option", %{user: user, conn: conn} do
conn
- |> assign(:user, user)
|> put("/api/pleroma/notification_settings", %{"privacy_option" => "1"})
|> json_response(:ok)
end
end
- describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user " do
- test "follows user", %{conn: conn} do
- user = insert(:user)
+ describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user" do
+ setup do: oauth_access(["follow"])
+
+ test "follows user", %{user: user, conn: conn} do
user2 = insert(:user)
response =
conn
- |> assign(:user, user)
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
assert user2.follower_address in User.following(user)
end
- test "returns error when user is deactivated", %{conn: conn} do
+ test "returns error when user is deactivated" do
user = insert(:user, deactivated: true)
user2 = insert(:user)
response =
- conn
+ build_conn()
|> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["follow"]))
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
assert response =~ "Error following account"
end
- test "returns error when user is blocked", %{conn: conn} do
+ test "returns error when user is blocked", %{user: user, conn: conn} do
Pleroma.Config.put([:user, :deny_follow_blocked], true)
- user = insert(:user)
user2 = insert(:user)
{:ok, _user_block} = Pleroma.User.block(user2, user)
response =
conn
- |> assign(:user, user)
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
assert response =~ "Error following account"
end
- test "returns error when followee not found", %{conn: conn} do
- user = insert(:user)
+ test "returns error on insufficient permissions", %{user: user, conn: conn} do
+ user2 = insert(:user)
+ for token <- [nil, insert(:oauth_token, user: user, scopes: ["read"])] do
+ response =
+ conn
+ |> assign(:token, token)
+ |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
+ |> response(200)
+
+ assert response =~ "Error following account"
+ end
+ end
+
+ test "returns error when followee not found", %{conn: conn} do
response =
conn
- |> assign(:user, user)
|> post("/ostatus_subscribe", %{"user" => %{"id" => "jimm"}})
|> response(200)
assert response =~ "Error following account"
end
- test "returns success result when user already in followers", %{conn: conn} do
- user = insert(:user)
+ test "returns success result when user already in followers", %{user: user, conn: conn} do
user2 = insert(:user)
{:ok, _, _, _} = CommonAPI.follow(user, user2)
response =
conn
- |> assign(:user, refresh_record(user))
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
end
end
- describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user " do
+ describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user" do
test "follows", %{conn: conn} do
user = insert(:user)
user2 = insert(:user)
end
end
- test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
+ test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
Pleroma.Config.put([:instance, :healthcheck], true)
with_mock Pleroma.Healthcheck,
end
describe "POST /api/pleroma/disable_account" do
- test "it returns HTTP 200", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+ test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
response =
conn
- |> assign(:user, user)
|> post("/api/pleroma/disable_account", %{"password" => "test"})
|> json_response(:ok)
assert user.deactivated == true
end
- test "it returns returns when password invalid", %{conn: conn} do
+ test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
user = insert(:user)
response =
conn
- |> assign(:user, user)
|> post("/api/pleroma/disable_account", %{"password" => "test1"})
|> json_response(:ok)
"https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
end
- test "it renders form with error when use not found", %{conn: conn} do
+ test "it renders form with error when user not found", %{conn: conn} do
user2 = insert(:user, ap_id: "shp@social.heldscal.la")
response =
end
end
- defp with_credentials(conn, username, password) do
- header_content = "Basic " <> Base.encode64("#{username}:#{password}")
- put_req_header(conn, "authorization", header_content)
- end
-
- defp valid_user(_context) do
- user = insert(:user)
- [user: user]
- end
-
describe "POST /api/pleroma/change_email" do
- setup [:valid_user]
+ setup do: oauth_access(["write:accounts"])
- test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/pleroma/change_email")
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ test "without permissions", %{conn: conn} do
+ conn =
+ conn
+ |> assign(:token, nil)
+ |> post("/api/pleroma/change_email")
+
+ assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
end
- test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ test "with proper permissions and invalid password", %{conn: conn} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "hi",
"email" => "test@test.com"
})
assert json_response(conn, 200) == %{"error" => "Invalid password."}
end
- test "with credentials, valid password and invalid email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and invalid email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => "foobar"
})
assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
end
- test "with credentials, valid password and no email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and no email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test"
})
assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
end
- test "with credentials, valid password and blank email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and blank email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => ""
})
assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
end
- test "with credentials, valid password and non unique email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and non unique email", %{
+ conn: conn
} do
user = insert(:user)
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => user.email
})
assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
end
- test "with credentials, valid password and valid email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and valid email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => "cofe@foobar.com"
})
end
describe "POST /api/pleroma/change_password" do
- setup [:valid_user]
+ setup do: oauth_access(["write:accounts"])
+
+ test "without permissions", %{conn: conn} do
+ conn =
+ conn
+ |> assign(:token, nil)
+ |> post("/api/pleroma/change_password")
- test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/pleroma/change_password")
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
end
- test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ test "with proper permissions and invalid password", %{conn: conn} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "hi",
"new_password" => "newpass",
"new_password_confirmation" => "newpass"
assert json_response(conn, 200) == %{"error" => "Invalid password."}
end
- test "with credentials, valid password and new password and confirmation not matching", %{
- conn: conn,
- user: current_user
- } do
+ test "with proper permissions, valid password and new password and confirmation not matching",
+ %{
+ conn: conn
+ } do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "newpass",
"new_password_confirmation" => "notnewpass"
}
end
- test "with credentials, valid password and invalid new password", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and invalid new password", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "",
"new_password_confirmation" => ""
}
end
- test "with credentials, valid password and matching new password and confirmation", %{
+ test "with proper permissions, valid password and matching new password and confirmation", %{
conn: conn,
- user: current_user
+ user: user
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "newpass",
"new_password_confirmation" => "newpass"
})
assert json_response(conn, 200) == %{"status" => "success"}
- fetched_user = User.get_cached_by_id(current_user.id)
+ fetched_user = User.get_cached_by_id(user.id)
assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
end
end
describe "POST /api/pleroma/delete_account" do
- setup [:valid_user]
+ setup do: oauth_access(["write:accounts"])
- test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/pleroma/delete_account")
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
- end
-
- test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ test "without permissions", %{conn: conn} do
conn =
conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/delete_account", %{"password" => "hi"})
+ |> assign(:token, nil)
+ |> post("/api/pleroma/delete_account")
- assert json_response(conn, 200) == %{"error" => "Invalid password."}
+ assert json_response(conn, 403) ==
+ %{"error" => "Insufficient permissions: write:accounts."}
end
- test "with credentials and valid password", %{conn: conn, user: current_user} do
- conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/delete_account", %{"password" => "test"})
+ test "with proper permissions and wrong or missing password", %{conn: conn} do
+ for params <- [%{"password" => "hi"}, %{}] do
+ ret_conn = post(conn, "/api/pleroma/delete_account", params)
+
+ assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
+ end
+ end
+
+ test "with proper permissions and valid password", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
assert json_response(conn, 200) == %{"status" => "success"}
- # Wait a second for the started task to end
- :timer.sleep(1000)
end
end
end
projects / akkoma / commitdiff