diff options
| author | rinpatch <rinpatch@sdf.org> | 2019-04-17 12:22:32 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2019-04-17 12:22:32 +0300 |
| commit | 627e5a0a4992cc19fc65a7e93a09c470c8e2bf33 (patch) | |
| tree | 0f38b475e8554863a1cbbd7750c19d4cd1336eb1 /test/web/twitter_api/twitter_api_controller_test.exs | |
| parent | d6ab701a14f7c9fb4d59953648c425e04725fc62 (diff) | |
| parent | 73df3046e014ae16e03f16a9c82921652cefcb54 (diff) | |
| download | pleroma-627e5a0a4992cc19fc65a7e93a09c470c8e2bf33.tar.gz pleroma-627e5a0a4992cc19fc65a7e93a09c470c8e2bf33.zip | |
Merge branch 'develop' into feature/database-compaction
Diffstat (limited to 'test/web/twitter_api/twitter_api_controller_test.exs')
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 971 |
1 files changed, 892 insertions, 79 deletions
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index a6495ffc1..9a9630c19 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -1,31 +1,43 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.TwitterAPI.ControllerTest do use Pleroma.Web.ConnCase - alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter - alias Pleroma.Builders.{ActivityBuilder, UserBuilder} - alias Pleroma.{Repo, Activity, User, Object, Notification} + alias Comeonin.Pbkdf2 + alias Ecto.Changeset + alias Pleroma.Activity + alias Pleroma.Builders.ActivityBuilder + alias Pleroma.Builders.UserBuilder + alias Pleroma.Notification + alias Pleroma.Object + alias Pleroma.Repo + alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub - alias Pleroma.Web.TwitterAPI.UserView - alias Pleroma.Web.TwitterAPI.NotificationView alias Pleroma.Web.CommonAPI + alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.TwitterAPI.ActivityView + alias Pleroma.Web.TwitterAPI.Controller + alias Pleroma.Web.TwitterAPI.NotificationView alias Pleroma.Web.TwitterAPI.TwitterAPI - alias Comeonin.Pbkdf2 + alias Pleroma.Web.TwitterAPI.UserView + import Mock import Pleroma.Factory + import Swoosh.TestAssertions + + @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7" describe "POST /api/account/update_profile_banner" do test "it updates the banner", %{conn: conn} do user = insert(:user) - new_banner = - "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7" - - response = - conn - |> assign(:user, user) - |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => new_banner}) - |> json_response(200) + conn + |> assign(:user, user) + |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner}) + |> json_response(200) - user = Repo.get(User, user.id) + user = refresh_record(user) assert user.info.banner["type"] == "Image" end end @@ -34,16 +46,12 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do test "it updates the background", %{conn: conn} do user = insert(:user) - new_bg = - "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7" - - response = - conn - |> assign(:user, user) - |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => new_bg}) - |> json_response(200) + conn + |> assign(:user, user) + |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner}) + |> json_response(200) - user = Repo.get(User, user.id) + user = refresh_record(user) assert user.info.background["type"] == "Image" end end @@ -57,13 +65,14 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end test "with credentials", %{conn: conn, user: user} do - conn = + response = conn |> with_credentials(user.nickname, "test") |> post("/api/account/verify_credentials.json") + |> json_response(200) - assert response = json_response(conn, 200) - assert response == UserView.render("show.json", %{user: user, token: response["token"]}) + assert response == + UserView.render("show.json", %{user: user, token: response["token"], for: user}) end end @@ -84,24 +93,41 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do "error" => "Client must provide a 'status' parameter with a value." } - conn = conn_with_creds |> post(request_path) + conn = + conn_with_creds + |> post(request_path) + assert json_response(conn, 400) == error_response - conn = conn_with_creds |> post(request_path, %{status: ""}) + conn = + conn_with_creds + |> post(request_path, %{status: ""}) + assert json_response(conn, 400) == error_response - conn = conn_with_creds |> post(request_path, %{status: " "}) + conn = + conn_with_creds + |> post(request_path, %{status: " "}) + assert json_response(conn, 400) == error_response # we post with visibility private in order to avoid triggering relay - conn = conn_with_creds |> post(request_path, %{status: "Nice meme.", visibility: "private"}) + conn = + conn_with_creds + |> post(request_path, %{status: "Nice meme.", visibility: "private"}) assert json_response(conn, 200) == - ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) + ActivityView.render("activity.json", %{ + activity: Repo.one(Activity), + user: user, + for: user + }) end end describe "GET /statuses/public_timeline.json" do + setup [:valid_user] + test "returns statuses", %{conn: conn} do user = insert(:user) activities = ActivityBuilder.insert_list(30, %{}, %{user: user}) @@ -117,7 +143,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert length(response) == 10 end - test "returns 403 to unauthenticated request when the instance is not public" do + test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do instance = Application.get_env(:pleroma, :instance) |> Keyword.put(:public, false) @@ -135,15 +161,59 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do Application.put_env(:pleroma, :instance, instance) end - test "returns 200 to unauthenticated request when the instance is public" do + test "returns 200 to authenticated request when the instance is not public", + %{conn: conn, user: user} do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> with_credentials(user.nickname, "test") + |> get("/api/statuses/public_timeline.json") + |> json_response(200) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do conn |> get("/api/statuses/public_timeline.json") |> json_response(200) end + + test "returns 200 to authenticated request when the instance is public", + %{conn: conn, user: user} do + conn + |> with_credentials(user.nickname, "test") + |> get("/api/statuses/public_timeline.json") + |> json_response(200) + end + + test_with_mock "treats user as unauthenticated if `assigns[:token]` is present but lacks `read` permission", + Controller, + [:passthrough], + [] do + token = insert(:oauth_token, scopes: ["write"]) + + build_conn() + |> put_req_header("authorization", "Bearer #{token.token}") + |> get("/api/statuses/public_timeline.json") + |> json_response(200) + + assert called(Controller.public_timeline(%{assigns: %{user: nil}}, :_)) + end end describe "GET /statuses/public_and_external_timeline.json" do - test "returns 403 to unauthenticated request when the instance is not public" do + setup [:valid_user] + + test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do instance = Application.get_env(:pleroma, :instance) |> Keyword.put(:public, false) @@ -161,8 +231,36 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do Application.put_env(:pleroma, :instance, instance) end - test "returns 200 to unauthenticated request when the instance is public" do + test "returns 200 to authenticated request when the instance is not public", + %{conn: conn, user: user} do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> with_credentials(user.nickname, "test") + |> get("/api/statuses/public_and_external_timeline.json") + |> json_response(200) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do + conn + |> get("/api/statuses/public_and_external_timeline.json") + |> json_response(200) + end + + test "returns 200 to authenticated request when the instance is public", + %{conn: conn, user: user} do conn + |> with_credentials(user.nickname, "test") |> get("/api/statuses/public_and_external_timeline.json") |> json_response(200) end @@ -180,7 +278,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do response = json_response(conn, 200) - assert response == ActivityRepresenter.to_map(activity, %{user: actor}) + assert response == ActivityView.render("activity.json", %{activity: activity, user: actor}) end end @@ -265,7 +363,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do since_id = List.last(activities).id current_user = - Ecto.Changeset.change(current_user, following: [User.ap_followers(user)]) + Changeset.change(current_user, following: [User.ap_followers(user)]) |> Repo.update!() conn = @@ -279,7 +377,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert response == Enum.map(returned_activities, fn activity -> - ActivityRepresenter.to_map(activity, %{ + ActivityView.render("activity.json", %{ + activity: activity, user: User.get_cached_by_ap_id(activity.data["actor"]), for: current_user }) @@ -322,6 +421,33 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert status["id"] == direct_two.id assert status_two["id"] == direct.id end + + test "doesn't include DMs from blocked users", %{conn: conn} do + blocker = insert(:user) + blocked = insert(:user) + user = insert(:user) + {:ok, blocker} = User.block(blocker, blocked) + + {:ok, _blocked_direct} = + CommonAPI.post(blocked, %{ + "status" => "Hi @#{blocker.nickname}!", + "visibility" => "direct" + }) + + {:ok, direct} = + CommonAPI.post(user, %{ + "status" => "Hi @#{blocker.nickname}!", + "visibility" => "direct" + }) + + res_conn = + conn + |> assign(:user, blocker) + |> get("/api/statuses/dm_timeline.json") + + [status] = json_response(res_conn, 200) + assert status["id"] == direct.id + end end describe "GET /statuses/mentions.json" do @@ -334,7 +460,10 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do test "with credentials", %{conn: conn, user: current_user} do {:ok, activity} = - ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user}) + CommonAPI.post(current_user, %{ + "status" => "why is tenshi eating a corndog so cute?", + "visibility" => "public" + }) conn = conn @@ -346,11 +475,29 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert length(response) == 1 assert Enum.at(response, 0) == - ActivityRepresenter.to_map(activity, %{ + ActivityView.render("activity.json", %{ user: current_user, - mentioned: [current_user] + for: current_user, + activity: activity }) end + + test "does not show DMs in mentions timeline", %{conn: conn, user: current_user} do + {:ok, _activity} = + CommonAPI.post(current_user, %{ + "status" => "Have you guys ever seen how cute tenshi eating a corndog is?", + "visibility" => "direct" + }) + + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> get("/api/statuses/mentions.json") + + response = json_response(conn, 200) + + assert Enum.empty?(response) + end end describe "GET /api/qvitter/statuses/notifications.json" do @@ -453,7 +600,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id}) response = json_response(conn, 200) assert length(response) == 1 - assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user}) + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{user: user, activity: activity}) end test "with screen_name", %{conn: conn} do @@ -463,7 +612,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname}) response = json_response(conn, 200) assert length(response) == 1 - assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user}) + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{user: user, activity: activity}) end test "with credentials", %{conn: conn, user: current_user} do @@ -477,7 +628,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do response = json_response(conn, 200) assert length(response) == 1 - assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: current_user}) + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{ + user: current_user, + for: current_user, + activity: activity + }) end test "with credentials with user_id", %{conn: conn, user: current_user} do @@ -492,7 +649,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do response = json_response(conn, 200) assert length(response) == 1 - assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user}) + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{user: user, activity: activity}) end test "with credentials screen_name", %{conn: conn, user: current_user} do @@ -507,7 +666,41 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do response = json_response(conn, 200) assert length(response) == 1 - assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user}) + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{user: user, activity: activity}) + end + + test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do + user = insert(:user) + {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user}) + {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user}) + + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> get("/api/statuses/user_timeline.json", %{ + "user_id" => user.id, + "include_rts" => "false" + }) + + response = json_response(conn, 200) + + assert length(response) == 1 + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{user: user, activity: activity}) + + conn = + conn + |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"}) + + response = json_response(conn, 200) + + assert length(response) == 1 + + assert Enum.at(response, 0) == + ActivityView.render("activity.json", %{user: user, activity: activity}) end end @@ -527,12 +720,29 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post("/api/friendships/create.json", %{user_id: followed.id}) - current_user = Repo.get(User, current_user.id) + current_user = User.get_by_id(current_user.id) assert User.ap_followers(followed) in current_user.following assert json_response(conn, 200) == UserView.render("show.json", %{user: followed, for: current_user}) end + + test "for restricted account", %{conn: conn, user: current_user} do + followed = insert(:user, info: %User.Info{locked: true}) + + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/friendships/create.json", %{user_id: followed.id}) + + current_user = User.get_by_id(current_user.id) + followed = User.get_by_id(followed.id) + + refute User.ap_followers(followed) in current_user.following + + assert json_response(conn, 200) == + UserView.render("show.json", %{user: followed, for: current_user}) + end end describe "POST /friendships/destroy.json" do @@ -555,7 +765,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post("/api/friendships/destroy.json", %{user_id: followed.id}) - current_user = Repo.get(User, current_user.id) + current_user = User.get_by_id(current_user.id) assert current_user.following == [current_user.ap_id] assert json_response(conn, 200) == @@ -579,7 +789,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post("/api/blocks/create.json", %{user_id: blocked.id}) - current_user = Repo.get(User, current_user.id) + current_user = User.get_by_id(current_user.id) assert User.blocks?(current_user, blocked) assert json_response(conn, 200) == @@ -606,7 +816,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post("/api/blocks/destroy.json", %{user_id: blocked.id}) - current_user = Repo.get(User, current_user.id) + current_user = User.get_by_id(current_user.id) assert current_user.info.blocks == [] assert json_response(conn, 200) == @@ -637,7 +847,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post("/api/qvitter/update_avatar.json", %{img: avatar_image}) - current_user = Repo.get(User, current_user.id) + current_user = User.get_by_id(current_user.id) assert is_map(current_user.avatar) assert json_response(conn, 200) == @@ -654,14 +864,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do - conn = + response = conn |> with_credentials(current_user.nickname, "test") |> get("/api/qvitter/mutes.json") + |> json_response(200) - current_user = Repo.get(User, current_user.id) - - assert [] = json_response(conn, 200) + assert [] = response end end @@ -700,7 +909,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post("/api/favorites/create/1.json") - assert json_response(conn, 500) + assert json_response(conn, 400) end end @@ -746,11 +955,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post(request_path) - activity = Repo.get(Activity, note_activity.id) - activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"]) + activity = Activity.get_by_id(note_activity.id) + activity_user = User.get_by_ap_id(note_activity.data["actor"]) assert json_response(response, 200) == - ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user}) + ActivityView.render("activity.json", %{ + user: activity_user, + for: current_user, + activity: activity + }) end end @@ -780,11 +993,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> with_credentials(current_user.nickname, "test") |> post(request_path) - activity = Repo.get(Activity, note_activity.id) - activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"]) + activity = Activity.get_by_id(note_activity.id) + activity_user = User.get_by_ap_id(note_activity.data["actor"]) assert json_response(response, 200) == - ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user}) + ActivityView.render("activity.json", %{ + user: activity_user, + for: current_user, + activity: activity + }) end end @@ -805,7 +1022,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do user = json_response(conn, 200) - fetched_user = Repo.get_by(User, nickname: "lain") + fetched_user = User.get_by_nickname("lain") assert user == UserView.render("show.json", %{user: fetched_user}) end @@ -828,6 +1045,143 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end + describe "POST /api/account/password_reset, with valid parameters" do + setup %{conn: conn} do + user = insert(:user) + conn = post(conn, "/api/account/password_reset?email=#{user.email}") + %{conn: conn, user: user} + end + + test "it returns 204", %{conn: conn} do + assert json_response(conn, :no_content) + end + + test "it creates a PasswordResetToken record for user", %{user: user} do + token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) + assert token_record + end + + test "it sends an email to user", %{user: user} do + token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) + + email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token) + notify_email = Pleroma.Config.get([:instance, :notify_email]) + instance_name = Pleroma.Config.get([:instance, :name]) + + assert_email_sent( + from: {instance_name, notify_email}, + to: {user.name, user.email}, + html_body: email.html_body + ) + end + end + + describe "POST /api/account/password_reset, with invalid parameters" do + setup [:valid_user] + + test "it returns 500 when user is not found", %{conn: conn, user: user} do + conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}") + assert json_response(conn, :internal_server_error) + end + + test "it returns 500 when user is not local", %{conn: conn, user: user} do + {:ok, user} = Repo.update(Changeset.change(user, local: false)) + conn = post(conn, "/api/account/password_reset?email=#{user.email}") + assert json_response(conn, :internal_server_error) + end + end + + describe "GET /api/account/confirm_email/:id/:token" do + setup do + user = insert(:user) + info_change = User.Info.confirmation_changeset(user.info, :unconfirmed) + + {:ok, user} = + user + |> Changeset.change() + |> Changeset.put_embed(:info, info_change) + |> Repo.update() + + assert user.info.confirmation_pending + + [user: user] + end + + test "it redirects to root url", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}") + + assert 302 == conn.status + end + + test "it confirms the user account", %{conn: conn, user: user} do + get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}") + + user = User.get_by_id(user.id) + + refute user.info.confirmation_pending + refute user.info.confirmation_token + end + + test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}") + + assert 500 == conn.status + end + + test "it returns 500 if token is invalid", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token") + + assert 500 == conn.status + end + end + + describe "POST /api/account/resend_confirmation_email" do + setup do + setting = Pleroma.Config.get([:instance, :account_activation_required]) + + unless setting do + Pleroma.Config.put([:instance, :account_activation_required], true) + on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end) + end + + user = insert(:user) + info_change = User.Info.confirmation_changeset(user.info, :unconfirmed) + + {:ok, user} = + user + |> Changeset.change() + |> Changeset.put_embed(:info, info_change) + |> Repo.update() + + assert user.info.confirmation_pending + + [user: user] + end + + test "it returns 204 No Content", %{conn: conn, user: user} do + conn + |> assign(:user, user) + |> post("/api/account/resend_confirmation_email?email=#{user.email}") + |> json_response(:no_content) + end + + test "it sends confirmation email", %{conn: conn, user: user} do + conn + |> assign(:user, user) + |> post("/api/account/resend_confirmation_email?email=#{user.email}") + + email = Pleroma.Emails.UserEmail.account_confirmation_email(user) + notify_email = Pleroma.Config.get([:instance, :notify_email]) + instance_name = Pleroma.Config.get([:instance, :name]) + + assert_email_sent( + from: {instance_name, notify_email}, + to: {user.name, user.email}, + html_body: email.html_body + ) + end + end + describe "GET /api/externalprofile/show" do test "it returns the user", %{conn: conn} do user = insert(:user) @@ -861,6 +1215,112 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do result = json_response(conn, 200) assert Enum.sort(expected) == Enum.sort(result) end + + test "it returns 20 followers per page", %{conn: conn} do + user = insert(:user) + followers = insert_list(21, :user) + + Enum.each(followers, fn follower -> + User.follow(follower, user) + end) + + res_conn = + conn + |> assign(:user, user) + |> get("/api/statuses/followers") + + result = json_response(res_conn, 200) + assert length(result) == 20 + + res_conn = + conn + |> assign(:user, user) + |> get("/api/statuses/followers?page=2") + + result = json_response(res_conn, 200) + assert length(result) == 1 + end + + test "it returns a given user's followers with user_id", %{conn: conn} do + user = insert(:user) + follower_one = insert(:user) + follower_two = insert(:user) + not_follower = insert(:user) + + {:ok, follower_one} = User.follow(follower_one, user) + {:ok, follower_two} = User.follow(follower_two, user) + + conn = + conn + |> assign(:user, not_follower) + |> get("/api/statuses/followers", %{"user_id" => user.id}) + + assert MapSet.equal?( + MapSet.new(json_response(conn, 200)), + MapSet.new( + UserView.render("index.json", %{ + users: [follower_one, follower_two], + for: not_follower + }) + ) + ) + end + + test "it returns empty when hide_followers is set to true", %{conn: conn} do + user = insert(:user, %{info: %{hide_followers: true}}) + follower_one = insert(:user) + follower_two = insert(:user) + not_follower = insert(:user) + + {:ok, _follower_one} = User.follow(follower_one, user) + {:ok, _follower_two} = User.follow(follower_two, user) + + response = + conn + |> assign(:user, not_follower) + |> get("/api/statuses/followers", %{"user_id" => user.id}) + |> json_response(200) + + assert [] == response + end + + test "it returns the followers when hide_followers is set to true if requested by the user themselves", + %{ + conn: conn + } do + user = insert(:user, %{info: %{hide_followers: true}}) + follower_one = insert(:user) + follower_two = insert(:user) + _not_follower = insert(:user) + + {:ok, _follower_one} = User.follow(follower_one, user) + {:ok, _follower_two} = User.follow(follower_two, user) + + conn = + conn + |> assign(:user, user) + |> get("/api/statuses/followers", %{"user_id" => user.id}) + + refute [] == json_response(conn, 200) + end + end + + describe "GET /api/statuses/blocks" do + test "it returns the list of users blocked by requester", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, user} = User.block(user, other_user) + + conn = + conn + |> assign(:user, user) + |> get("/api/statuses/blocks") + + expected = UserView.render("index.json", %{users: [other_user], for: user}) + result = json_response(conn, 200) + assert Enum.sort(expected) == Enum.sort(result) + end end describe "GET /api/statuses/friends" do @@ -883,6 +1343,40 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert Enum.sort(expected) == Enum.sort(result) end + test "it returns 20 friends per page, except if 'export' is set to true", %{conn: conn} do + user = insert(:user) + followeds = insert_list(21, :user) + + {:ok, user} = + Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} -> + User.follow(user, followed) + end) + + res_conn = + conn + |> assign(:user, user) + |> get("/api/statuses/friends") + + result = json_response(res_conn, 200) + assert length(result) == 20 + + res_conn = + conn + |> assign(:user, user) + |> get("/api/statuses/friends", %{page: 2}) + + result = json_response(res_conn, 200) + assert length(result) == 1 + + res_conn = + conn + |> assign(:user, user) + |> get("/api/statuses/friends", %{all: true}) + + result = json_response(res_conn, 200) + assert length(result) == 21 + end + test "it returns a given user's friends with user_id", %{conn: conn} do user = insert(:user) followed_one = insert(:user) @@ -905,6 +1399,44 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do ) end + test "it returns empty when hide_follows is set to true", %{conn: conn} do + user = insert(:user, %{info: %{hide_follows: true}}) + followed_one = insert(:user) + followed_two = insert(:user) + not_followed = insert(:user) + + {:ok, user} = User.follow(user, followed_one) + {:ok, user} = User.follow(user, followed_two) + + conn = + conn + |> assign(:user, not_followed) + |> get("/api/statuses/friends", %{"user_id" => user.id}) + + assert [] == json_response(conn, 200) + end + + test "it returns friends when hide_follows is set to true if the user themselves request it", + %{ + conn: conn + } do + user = insert(:user, %{info: %{hide_follows: true}}) + followed_one = insert(:user) + followed_two = insert(:user) + _not_followed = insert(:user) + + {:ok, _user} = User.follow(user, followed_one) + {:ok, _user} = User.follow(user, followed_two) + + response = + conn + |> assign(:user, user) + |> get("/api/statuses/friends", %{"user_id" => user.id}) + |> json_response(200) + + refute [] == response + end + test "it returns a given user's friends with screen_name", %{conn: conn} do user = insert(:user) followed_one = insert(:user) @@ -969,11 +1501,85 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert user.name == "new name" assert user.bio == - "hi <span><a class='mention' href='#{user2.ap_id}'>@<span>#{user2.nickname}</span></a></span>" + "hi <span class='h-card'><a data-user='#{user2.id}' class='u-url mention' href='#{ + user2.ap_id + }'>@<span>#{user2.nickname}</span></a></span>" assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) end + test "it sets and un-sets hide_follows", %{conn: conn} do + user = insert(:user) + + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "hide_follows" => "true" + }) + + user = Repo.get!(User, user.id) + assert user.info.hide_follows == true + + conn = + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "hide_follows" => "false" + }) + + user = Repo.get!(User, user.id) + assert user.info.hide_follows == false + assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) + end + + test "it sets and un-sets hide_followers", %{conn: conn} do + user = insert(:user) + + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "hide_followers" => "true" + }) + + user = Repo.get!(User, user.id) + assert user.info.hide_followers == true + + conn = + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "hide_followers" => "false" + }) + + user = Repo.get!(User, user.id) + assert user.info.hide_followers == false + assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) + end + + test "it sets and un-sets show_role", %{conn: conn} do + user = insert(:user) + + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "show_role" => "true" + }) + + user = Repo.get!(User, user.id) + assert user.info.show_role == true + + conn = + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "show_role" => "false" + }) + + user = Repo.get!(User, user.id) + assert user.info.show_role == false + assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) + end + test "it locks an account", %{conn: conn} do user = insert(:user) @@ -1136,7 +1742,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do }) assert json_response(conn, 200) == %{"status" => "success"} - fetched_user = Repo.get(User, current_user.id) + fetched_user = User.get_by_id(current_user.id) assert Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true end end @@ -1177,8 +1783,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do {:ok, _activity} = ActivityPub.follow(other_user, user) - user = Repo.get(User, user.id) - other_user = Repo.get(User, other_user.id) + user = User.get_by_id(user.id) + other_user = User.get_by_id(other_user.id) assert User.following?(other_user, user) == false @@ -1190,6 +1796,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert [relationship] = json_response(conn, 200) assert other_user.id == relationship["id"] end + + test "requires 'read' permission", %{conn: conn} do + token1 = insert(:oauth_token, scopes: ["write"]) + token2 = insert(:oauth_token, scopes: ["read"]) + + for token <- [token1, token2] do + conn = + conn + |> put_req_header("authorization", "Bearer #{token.token}") + |> get("/api/pleroma/friend_requests") + + if token == token1 do + assert %{"error" => "Insufficient permissions: read."} == json_response(conn, 403) + else + assert json_response(conn, 200) + end + end + end end describe "POST /api/pleroma/friendships/approve" do @@ -1199,15 +1823,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do {:ok, _activity} = ActivityPub.follow(other_user, user) - user = Repo.get(User, user.id) - other_user = Repo.get(User, other_user.id) + user = User.get_by_id(user.id) + other_user = User.get_by_id(other_user.id) assert User.following?(other_user, user) == false conn = build_conn() |> assign(:user, user) - |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)}) + |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id}) assert relationship = json_response(conn, 200) assert other_user.id == relationship["id"] @@ -1222,15 +1846,15 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do {:ok, _activity} = ActivityPub.follow(other_user, user) - user = Repo.get(User, user.id) - other_user = Repo.get(User, other_user.id) + user = User.get_by_id(user.id) + other_user = User.get_by_id(other_user.id) assert User.following?(other_user, user) == false conn = build_conn() |> assign(:user, user) - |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)}) + |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id}) assert relationship = json_response(conn, 200) assert other_user.id == relationship["id"] @@ -1241,16 +1865,205 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "GET /api/pleroma/search_user" do test "it returns users, ordered by similarity", %{conn: conn} do user = insert(:user, %{name: "eal"}) - user_two = insert(:user, %{name: "ean"}) - user_three = insert(:user, %{name: "ebn"}) + user_two = insert(:user, %{name: "eal me"}) + _user_three = insert(:user, %{name: "zzz"}) + + resp = + conn + |> get(twitter_api_search__path(conn, :search_user), query: "eal me") + |> json_response(200) + + assert length(resp) == 2 + assert [user_two.id, user.id] == Enum.map(resp, fn %{"id" => id} -> id end) + end + end + + describe "POST /api/media/upload" do + setup context do + Pleroma.DataCase.ensure_local_uploader(context) + end + + test "it performs the upload and sets `data[actor]` with AP id of uploader user", %{ + conn: conn + } do + user = insert(:user) + + upload_filename = "test/fixtures/image_tmp.jpg" + File.cp!("test/fixtures/image.jpg", upload_filename) + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname(upload_filename), + filename: "image.jpg" + } + + response = + conn + |> assign(:user, user) + |> put_req_header("content-type", "application/octet-stream") + |> post("/api/media/upload", %{ + "media" => file + }) + |> json_response(:ok) + + assert response["media_id"] + object = Repo.get(Object, response["media_id"]) + assert object + assert object.data["actor"] == User.ap_id(user) + end + end + + describe "POST /api/media/metadata/create" do + setup do + object = insert(:note) + user = User.get_by_ap_id(object.data["actor"]) + %{object: object, user: user} + end + + test "it returns :forbidden status on attempt to modify someone else's upload", %{ + conn: conn, + object: object + } do + initial_description = object.data["name"] + another_user = insert(:user) + + conn + |> assign(:user, another_user) + |> post("/api/media/metadata/create", %{"media_id" => object.id}) + |> json_response(:forbidden) + + object = Repo.get(Object, object.id) + assert object.data["name"] == initial_description + end + + test "it updates `data[name]` of referenced Object with provided value", %{ + conn: conn, + object: object, + user: user + } do + description = "Informative description of the image. Initial value: #{object.data["name"]}}" + + conn + |> assign(:user, user) + |> post("/api/media/metadata/create", %{ + "media_id" => object.id, + "alt_text" => %{"text" => description} + }) + |> json_response(:no_content) + + object = Repo.get(Object, object.id) + assert object.data["name"] == description + end + end + + describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do + test "it returns a list of pinned statuses", %{conn: conn} do + Pleroma.Config.put([:instance, :max_pinned_statuses], 1) + + user = insert(:user, %{name: "egor"}) + {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"}) + {:ok, _} = CommonAPI.pin(activity_id, user) resp = conn - |> get(twitter_api_search__path(conn, :search_user), query: "eal") + |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true}) |> json_response(200) - assert length(resp) == 3 - assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end) + assert length(resp) == 1 + assert [%{"id" => ^activity_id, "pinned" => true}] = resp + end + end + + describe "POST /api/statuses/pin/:id" do + setup do + Pleroma.Config.put([:instance, :max_pinned_statuses], 1) + [user: insert(:user)] + end + + test "without valid credentials", %{conn: conn} do + note_activity = insert(:note_activity) + conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json") + assert json_response(conn, 403) == %{"error" => "Invalid credentials."} + end + + test "with credentials", %{conn: conn, user: user} do + {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"}) + + request_path = "/api/statuses/pin/#{activity.id}.json" + + response = + conn + |> with_credentials(user.nickname, "test") + |> post(request_path) + + user = refresh_record(user) + + assert json_response(response, 200) == + ActivityView.render("activity.json", %{user: user, for: user, activity: activity}) + end + end + + describe "POST /api/statuses/unpin/:id" do + setup do + Pleroma.Config.put([:instance, :max_pinned_statuses], 1) + [user: insert(:user)] + end + + test "without valid credentials", %{conn: conn} do + note_activity = insert(:note_activity) + conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json") + assert json_response(conn, 403) == %{"error" => "Invalid credentials."} + end + + test "with credentials", %{conn: conn, user: user} do + {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"}) + {:ok, activity} = CommonAPI.pin(activity.id, user) + + request_path = "/api/statuses/unpin/#{activity.id}.json" + + response = + conn + |> with_credentials(user.nickname, "test") + |> post(request_path) + + user = refresh_record(user) + + assert json_response(response, 200) == + ActivityView.render("activity.json", %{user: user, for: user, activity: activity}) + end + end + + describe "GET /api/oauth_tokens" do + setup do + token = insert(:oauth_token) |> Repo.preload(:user) + + %{token: token} + end + + test "renders list", %{token: token} do + response = + build_conn() + |> assign(:user, token.user) + |> get("/api/oauth_tokens") + + keys = + json_response(response, 200) + |> hd() + |> Map.keys() + + assert keys -- ["id", "app_name", "valid_until"] == [] + end + + test "revoke token", %{token: token} do + response = + build_conn() + |> assign(:user, token.user) + |> delete("/api/oauth_tokens/#{token.id}") + + tokens = Token.get_user_tokens(token.user) + + assert tokens == [] + assert response.status == 201 end end end |