Merge branch 'feature/mastoapi-new-config' into 'develop'

Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API This patch: - Fixes `rights` in TwitterAPI ignoring `show_role` - Fixes exposing default scope of the user to anyone in Mastodon API - Extends Mastodon API to be able to show and set `no_rich_text`, `default_scope`, `hide_follows`, `hide_followers`, `hide_favorites` (requested by the FE in #674) Sorry in advance for 500 line one commit diff, I should have split it up to separate MRs See merge request pleroma/pleroma!1093
author: kaniini <nenolod@gmail.com> 2019-04-26 02:41:35 +0000
committer: kaniini <nenolod@gmail.com> 2019-04-26 02:41:35 +0000
commit: 48f68fd133468d193223122d3b528dd2e6836cff (patch)
tree: faef9766c1294dac8ea07255aa17f66990200a84 /test/web
parent: fd45c74e6f695783d6a8e0940e17e00c0636d72f (diff)
parent: dfc8425659620d023540538ec943490cf523f434 (diff)
download: pleroma-48f68fd133468d193223122d3b528dd2e6836cff.tar.gz
pleroma-48f68fd133468d193223122d3b528dd2e6836cff.zip
3 files changed, 90 insertions, 32 deletions
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs
index 0730201bd..a24f2a050 100644
--- a/test/web/mastodon_api/account_view_test.exs
+++ b/test/web/mastodon_api/account_view_test.exs
@@ -56,14 +56,17 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       bot: false,
       source: %{
         note: "",
-        privacy: "public",
-        sensitive: false
+        sensitive: false,
+        pleroma: %{}
       },
       pleroma: %{
         confirmation_pending: false,
         tags: [],
         is_admin: false,
         is_moderator: false,
+        hide_favorites: true,
+        hide_followers: false,
+        hide_follows: false,
         relationship: %{}
       }
     }
@@ -81,8 +84,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       "follows" => true
     }
 
-    assert %{pleroma: %{notification_settings: ^notification_settings}} =
-             AccountView.render("account.json", %{user: user, for: user})
+    privacy = user.info.default_scope
+
+    assert %{
+             pleroma: %{notification_settings: ^notification_settings},
+             source: %{privacy: ^privacy}
+           } = AccountView.render("account.json", %{user: user, for: user})
   end
 
   test "Represent a Service(bot) account" do
@@ -114,14 +121,17 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       bot: true,
       source: %{
         note: "",
-        privacy: "public",
-        sensitive: false
+        sensitive: false,
+        pleroma: %{}
       },
       pleroma: %{
         confirmation_pending: false,
         tags: [],
         is_admin: false,
         is_moderator: false,
+        hide_favorites: true,
+        hide_followers: false,
+        hide_follows: false,
         relationship: %{}
       }
     }
@@ -200,14 +210,17 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       bot: true,
       source: %{
         note: "",
-        privacy: "public",
-        sensitive: false
+        sensitive: false,
+        pleroma: %{}
       },
       pleroma: %{
         confirmation_pending: false,
         tags: [],
         is_admin: false,
         is_moderator: false,
+        hide_favorites: true,
+        hide_followers: false,
+        hide_follows: false,
         relationship: %{
           id: to_string(user.id),
           following: false,
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index a22944088..efcadcbf5 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -2214,6 +2214,66 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       assert user["locked"] == true
     end
 
+    test "updates the user's hide_followers status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_followers"] == true
+    end
+
+    test "updates the user's hide_follows status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_follows"] == true
+    end
+
+    test "updates the user's hide_favorites status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_favorites"] == true
+    end
+
+    test "updates the user's show_role status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["pleroma"]["show_role"] == false
+    end
+
+    test "updates the user's no_rich_text status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["pleroma"]["no_rich_text"] == true
+    end
+
     test "updates the user's name", %{conn: conn} do
       user = insert(:user)
 
diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index 36b461992..2f9b2af01 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -89,17 +89,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => false,
       "follows_you" => false,
       "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
@@ -112,6 +106,15 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
     assert represented == UserView.render("show.json", %{user: user})
   end
 
+  test "User exposes settings for themselves and only for themselves", %{user: user} do
+    as_user = UserView.render("show.json", %{user: user, for: user})
+    assert as_user["default_scope"] == user.info.default_scope
+    assert as_user["no_rich_text"] == user.info.no_rich_text
+    as_stranger = UserView.render("show.json", %{user: user})
+    refute as_stranger["default_scope"]
+    refute as_stranger["no_rich_text"]
+  end
+
   test "A user for a given other follower", %{user: user} do
     follower = insert(:user, %{following: [User.ap_followers(user)]})
     {:ok, user} = User.update_follower_count(user)
@@ -137,17 +140,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => true,
       "follows_you" => false,
       "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
@@ -186,17 +183,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => false,
       "follows_you" => true,
       "statusnet_blocking" => false,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => follower.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
@@ -272,17 +263,11 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "following" => false,
       "follows_you" => false,
       "statusnet_blocking" => true,
-      "rights" => %{
-        "delete_others_notice" => false,
-        "admin" => false
-      },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
       "is_local" => true,
       "locked" => false,
-      "default_scope" => "public",
-      "no_rich_text" => false,
       "hide_follows" => false,
       "hide_followers" => false,
       "fields" => [],
author	kaniini <nenolod@gmail.com>	2019-04-26 02:41:35 +0000
committer	kaniini <nenolod@gmail.com>	2019-04-26 02:41:35 +0000
commit	48f68fd133468d193223122d3b528dd2e6836cff (patch)
tree	faef9766c1294dac8ea07255aa17f66990200a84 /test/web
parent	fd45c74e6f695783d6a8e0940e17e00c0636d72f (diff)
parent	dfc8425659620d023540538ec943490cf523f434 (diff)
download	pleroma-48f68fd133468d193223122d3b528dd2e6836cff.tar.gz pleroma-48f68fd133468d193223122d3b528dd2e6836cff.zip