diff options
| author | rinpatch <rinpatch@sdf.org> | 2019-04-24 20:01:42 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2019-04-24 20:01:42 +0300 |
| commit | 4baea6e6d9efa619402a031a84f74787653df2b5 (patch) | |
| tree | 02fe60e2fc34ca6164ae67b1ab47bc4b4179890b /test/web/mastodon_api | |
| parent | 030a7876b42a0c925fd52474de514ae5e9171e55 (diff) | |
| download | pleroma-4baea6e6d9efa619402a031a84f74787653df2b5.tar.gz pleroma-4baea6e6d9efa619402a031a84f74787653df2b5.zip | |
Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API
This patch:
- Fixes `rights` in twitterapi ignoring `show_role`
- Fixes exposing default scope of the user to anyone in Mastodon API
- Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674)
Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs
Diffstat (limited to 'test/web/mastodon_api')
| -rw-r--r-- | test/web/mastodon_api/account_view_test.exs | 20 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 60 |
2 files changed, 75 insertions, 5 deletions
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 0730201bd..db870f1d1 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -56,7 +56,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do bot: false, source: %{ note: "", - privacy: "public", sensitive: false }, pleroma: %{ @@ -64,6 +63,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do tags: [], is_admin: false, is_moderator: false, + hide_favorites: true, + hide_followers: false, + hide_follows: false, relationship: %{} } } @@ -81,8 +83,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do "follows" => true } - assert %{pleroma: %{notification_settings: ^notification_settings}} = - AccountView.render("account.json", %{user: user, for: user}) + privacy = user.info.default_scope + + assert %{ + pleroma: %{notification_settings: ^notification_settings}, + source: %{privacy: ^privacy} + } = AccountView.render("account.json", %{user: user, for: user}) end test "Represent a Service(bot) account" do @@ -114,7 +120,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do bot: true, source: %{ note: "", - privacy: "public", sensitive: false }, pleroma: %{ @@ -122,6 +127,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do tags: [], is_admin: false, is_moderator: false, + hide_favorites: true, + hide_followers: false, + hide_follows: false, relationship: %{} } } @@ -200,7 +208,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do bot: true, source: %{ note: "", - privacy: "public", sensitive: false }, pleroma: %{ @@ -208,6 +215,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do tags: [], is_admin: false, is_moderator: false, + hide_favorites: true, + hide_followers: false, + hide_follows: false, relationship: %{ id: to_string(user.id), following: false, diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index a22944088..0c52dd3e3 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -2214,6 +2214,66 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert user["locked"] == true end + test "updates the user's hide_followers status", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"}) + + assert user = json_response(conn, 200) + assert user["pleroma"]["hide_followers"] == true + end + + test "updates the user's hide_follows status", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"}) + + assert user = json_response(conn, 200) + assert user["pleroma"]["hide_follows"] == true + end + + test "updates the user's hide_favorites status", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"}) + + assert user = json_response(conn, 200) + assert user["pleroma"]["hide_favorites"] == true + end + + test "updates the user's show_role status", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"}) + + assert user = json_response(conn, 200) + assert user["pleroma"]["show_role"] == false + end + + test "updates the user's no_rich_text status", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"}) + + assert user = json_response(conn, 200) + assert user["pleroma"]["show_role"] == true + end + test "updates the user's name", %{conn: conn} do user = insert(:user) |