Merge branch 'develop' into admin-be

12 files changed, 157 insertions, 58 deletions

diff --git a/test/notification_test.exs b/test/notification_test.exs
index f5f23bb5a..9a1c2f2b5 100644
--- a/test/notification_test.exs
+++ b/test/notification_test.exs
@@ -745,7 +745,7 @@ defmodule Pleroma.NotificationTest do
 
       {:ok, _activity} = CommonAPI.post(blocked, %{"status" => "hey @#{user.nickname}"})
 
-      assert length(Notification.for_user(user, %{with_muted: true})) == 0
+      assert Enum.empty?(Notification.for_user(user, %{with_muted: true}))
     end
 
     test "it doesn't return notifications from a domain-blocked user when with_muted is set" do
@@ -755,7 +755,7 @@ defmodule Pleroma.NotificationTest do
 
       {:ok, _activity} = CommonAPI.post(blocked, %{"status" => "hey @#{user.nickname}"})
 
-      assert length(Notification.for_user(user, %{with_muted: true})) == 0
+      assert Enum.empty?(Notification.for_user(user, %{with_muted: true}))
     end
 
     test "it returns notifications from muted threads when with_muted is set" do
diff --git a/test/repo_test.exs b/test/repo_test.exs
index 85b64d4d1..5526b0327 100644
--- a/test/repo_test.exs
+++ b/test/repo_test.exs
@@ -4,7 +4,10 @@
 
 defmodule Pleroma.RepoTest do
   use Pleroma.DataCase
+  import ExUnit.CaptureLog
   import Pleroma.Factory
+  import Mock
+
   alias Pleroma.User
 
   describe "find_resource/1" do
@@ -46,4 +49,44 @@ defmodule Pleroma.RepoTest do
       assert Repo.get_assoc(token, :user) == {:error, :not_found}
     end
   end
+
+  describe "check_migrations_applied!" do
+    setup_with_mocks([
+      {Ecto.Migrator, [],
+       [
+         with_repo: fn repo, fun -> passthrough([repo, fun]) end,
+         migrations: fn Pleroma.Repo ->
+           [
+             {:up, 20_191_128_153_944, "fix_missing_following_count"},
+             {:up, 20_191_203_043_610, "create_report_notes"},
+             {:down, 20_191_220_174_645, "add_scopes_to_pleroma_feo_auth_records"}
+           ]
+         end
+       ]}
+    ]) do
+      :ok
+    end
+
+    test "raises if it detects unapplied migrations" do
+      assert_raise Pleroma.Repo.UnappliedMigrationsError, fn ->
+        capture_log(&Repo.check_migrations_applied!/0)
+      end
+    end
+
+    test "doesn't do anything if disabled" do
+      disable_migration_check =
+        Pleroma.Config.get([:i_am_aware_this_may_cause_data_loss, :disable_migration_check])
+
+      Pleroma.Config.put([:i_am_aware_this_may_cause_data_loss, :disable_migration_check], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put(
+          [:i_am_aware_this_may_cause_data_loss, :disable_migration_check],
+          disable_migration_check
+        )
+      end)
+
+      assert :ok == Repo.check_migrations_applied!()
+    end
+  end
 end
diff --git a/test/web/activity_pub/transmogrifier/follow_handling_test.exs b/test/web/activity_pub/transmogrifier/follow_handling_test.exs
index 7d6d0814d..1c88b05c2 100644
--- a/test/web/activity_pub/transmogrifier/follow_handling_test.exs
+++ b/test/web/activity_pub/transmogrifier/follow_handling_test.exs
@@ -78,7 +78,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.FollowHandlingTest do
         )
         |> Repo.all()
 
-      assert length(accepts) == 0
+      assert Enum.empty?(accepts)
     end
 
     test "it works for follow requests when you are already followed, creating a new accept activity" do
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 509a6f4f4..f4cdaebf9 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -1364,6 +1364,30 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       }
     end
 
+    test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
+      read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+      write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
+
+      response =
+        conn
+        |> assign(:token, read_token)
+        |> patch("/api/pleroma/admin/reports", %{
+          "reports" => [%{"state" => "resolved", "id" => id}]
+        })
+        |> json_response(403)
+
+      assert response == %{
+               "error" => "Insufficient permissions: admin:write:reports."
+             }
+
+      conn
+      |> assign(:token, write_token)
+      |> patch("/api/pleroma/admin/reports", %{
+        "reports" => [%{"state" => "resolved", "id" => id}]
+      })
+      |> json_response(:no_content)
+    end
+
     test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
       conn
       |> patch("/api/pleroma/admin/reports", %{
@@ -3294,7 +3318,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       response = json_response(ret_conn, 200)
 
-      assert length(response) == 0
+      assert Enum.empty?(response)
     end
   end
 
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index b5d6d4055..f8963e42e 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -284,22 +284,22 @@ defmodule Pleroma.Web.CommonAPITest do
       {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
     end
 
-    test "retweeting a status twice returns an error" do
+    test "retweeting a status twice returns the status" do
       user = insert(:user)
       other_user = insert(:user)
 
       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, %Activity{}, _object} = CommonAPI.repeat(activity.id, user)
-      {:error, _} = CommonAPI.repeat(activity.id, user)
+      {:ok, %Activity{} = activity, object} = CommonAPI.repeat(activity.id, user)
+      {:ok, ^activity, ^object} = CommonAPI.repeat(activity.id, user)
     end
 
-    test "favoriting a status twice returns an error" do
+    test "favoriting a status twice returns the status" do
       user = insert(:user)
       other_user = insert(:user)
 
       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, %Activity{}, _object} = CommonAPI.favorite(activity.id, user)
-      {:error, _} = CommonAPI.favorite(activity.id, user)
+      {:ok, %Activity{} = activity, object} = CommonAPI.favorite(activity.id, user)
+      {:ok, ^activity, ^object} = CommonAPI.favorite(activity.id, user)
     end
   end
 
diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs
index 2588898d0..4b761e039 100644
--- a/test/web/common_api/common_api_utils_test.exs
+++ b/test/web/common_api/common_api_utils_test.exs
@@ -307,7 +307,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
 
       {to, cc} = Utils.get_to_and_cc(user, mentions, nil, "private", nil)
       assert length(to) == 2
-      assert length(cc) == 0
+      assert Enum.empty?(cc)
 
       assert mentioned_user.ap_id in to
       assert user.follower_address in to
@@ -323,7 +323,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "private", nil)
 
       assert length(to) == 3
-      assert length(cc) == 0
+      assert Enum.empty?(cc)
 
       assert mentioned_user.ap_id in to
       assert third_user.ap_id in to
@@ -338,7 +338,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       {to, cc} = Utils.get_to_and_cc(user, mentions, nil, "direct", nil)
 
       assert length(to) == 1
-      assert length(cc) == 0
+      assert Enum.empty?(cc)
 
       assert mentioned_user.ap_id in to
     end
@@ -353,7 +353,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "direct", nil)
 
       assert length(to) == 2
-      assert length(cc) == 0
+      assert Enum.empty?(cc)
 
       assert mentioned_user.ap_id in to
       assert third_user.ap_id in to
diff --git a/test/web/mastodon_api/controllers/notification_controller_test.exs b/test/web/mastodon_api/controllers/notification_controller_test.exs
index 86303f92f..6f0606250 100644
--- a/test/web/mastodon_api/controllers/notification_controller_test.exs
+++ b/test/web/mastodon_api/controllers/notification_controller_test.exs
@@ -457,6 +457,30 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     end
   end
 
+  describe "from specified user" do
+    test "account_id" do
+      %{user: user, conn: conn} = oauth_access(["read:notifications"])
+
+      %{id: account_id} = other_user1 = insert(:user)
+      other_user2 = insert(:user)
+
+      {:ok, _activity} = CommonAPI.post(other_user1, %{"status" => "hi @#{user.nickname}"})
+      {:ok, _activity} = CommonAPI.post(other_user2, %{"status" => "bye @#{user.nickname}"})
+
+      assert [%{"account" => %{"id" => ^account_id}}] =
+               conn
+               |> assign(:user, user)
+               |> get("/api/v1/notifications", %{account_id: account_id})
+               |> json_response(200)
+
+      assert %{"error" => "Account is not found"} =
+               conn
+               |> assign(:user, user)
+               |> get("/api/v1/notifications", %{account_id: "cofe"})
+               |> json_response(404)
+    end
+  end
+
   defp get_notification_id_by_activity(%{id: id}) do
     Notification
     |> Repo.get_by(activity_id: id)
diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs
index 307221c5d..b03b4b344 100644
--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
@@ -638,6 +638,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert to_string(activity.id) == id
     end
 
+    test "favoriting twice will just return 200", %{conn: conn} do
+      activity = insert(:note_activity)
+
+      post(conn, "/api/v1/statuses/#{activity.id}/favourite")
+      assert post(conn, "/api/v1/statuses/#{activity.id}/favourite") |> json_response(200)
+    end
+
     test "returns 400 error for a wrong id", %{conn: conn} do
       conn = post(conn, "/api/v1/statuses/1/favourite")
 
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index 9cc534f57..59f4674eb 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -568,29 +568,34 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
   describe "POST /oauth/authorize" do
     test "redirects with oauth authorization, " <>
-           "keeping only non-admin scopes for non-admin user" do
-      app = insert(:oauth_app, scopes: ["read", "write", "admin"])
+           "granting requested app-supported scopes to both admin- and non-admin users" do
+      app_scopes = ["read", "write", "admin", "secret_scope"]
+      app = insert(:oauth_app, scopes: app_scopes)
       redirect_uri = OAuthController.default_redirect_uri(app)
 
       non_admin = insert(:user, is_admin: false)
       admin = insert(:user, is_admin: true)
+      scopes_subset = ["read:subscope", "write", "admin"]
 
-      for {user, expected_scopes} <- %{
-            non_admin => ["read:subscope", "write"],
-            admin => ["read:subscope", "write", "admin"]
-          } do
+      # In case scope param is missing, expecting _all_ app-supported scopes to be granted
+      for user <- [non_admin, admin],
+          {requested_scopes, expected_scopes} <-
+            %{scopes_subset => scopes_subset, nil => app_scopes} do
         conn =
-          build_conn()
-          |> post("/oauth/authorize", %{
-            "authorization" => %{
-              "name" => user.nickname,
-              "password" => "test",
-              "client_id" => app.client_id,
-              "redirect_uri" => redirect_uri,
-              "scope" => "read:subscope write admin",
-              "state" => "statepassed"
+          post(
+            build_conn(),
+            "/oauth/authorize",
+            %{
+              "authorization" => %{
+                "name" => user.nickname,
+                "password" => "test",
+                "client_id" => app.client_id,
+                "redirect_uri" => redirect_uri,
+                "scope" => requested_scopes,
+                "state" => "statepassed"
+              }
             }
-          })
+          )
 
         target = redirected_to(conn)
         assert target =~ redirect_uri
@@ -631,34 +636,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       assert result =~ "Invalid Username/Password"
     end
 
-    test "returns 401 for missing scopes " <>
-           "(including all admin-only scopes for non-admin user)" do
+    test "returns 401 for missing scopes" do
       user = insert(:user, is_admin: false)
       app = insert(:oauth_app, scopes: ["read", "write", "admin"])
       redirect_uri = OAuthController.default_redirect_uri(app)
 
-      for scope_param <- ["", "admin:read admin:write"] do
-        result =
-          build_conn()
-          |> post("/oauth/authorize", %{
-            "authorization" => %{
-              "name" => user.nickname,
-              "password" => "test",
-              "client_id" => app.client_id,
-              "redirect_uri" => redirect_uri,
-              "state" => "statepassed",
-              "scope" => scope_param
-            }
-          })
-          |> html_response(:unauthorized)
+      result =
+        build_conn()
+        |> post("/oauth/authorize", %{
+          "authorization" => %{
+            "name" => user.nickname,
+            "password" => "test",
+            "client_id" => app.client_id,
+            "redirect_uri" => redirect_uri,
+            "state" => "statepassed",
+            "scope" => ""
+          }
+        })
+        |> html_response(:unauthorized)
 
-        # Keep the details
-        assert result =~ app.client_id
-        assert result =~ redirect_uri
+      # Keep the details
+      assert result =~ app.client_id
+      assert result =~ redirect_uri
 
-        # Error message
-        assert result =~ "This action is outside the authorized scopes"
-      end
+      # Error message
+      assert result =~ "This action is outside the authorized scopes"
     end
 
     test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do
diff --git a/test/web/pleroma_api/controllers/emoji_api_controller_test.exs b/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
index e1b484dae..8e76f2f3d 100644
--- a/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
@@ -14,6 +14,10 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                     "emoji"
                   )
 
+  clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+    Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+  end
+
   test "shared & non-shared pack information in list_packs is ok" do
     conn = build_conn()
     resp = conn |> get(emoji_api_path(conn, :list_packs)) |> json_response(200)
diff --git a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
index 3f7ef13bc..fb7500134 100644
--- a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
@@ -57,11 +57,6 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
     {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
 
-    conn =
-      conn
-      |> assign(:user, user)
-      |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:statuses"]))
-
     result =
       conn
       |> get("/api/v1/pleroma/statuses/#{activity.id}/emoji_reactions_by")
diff --git a/test/web/twitter_api/password_controller_test.exs b/test/web/twitter_api/password_controller_test.exs
index 840c84a05..29ba7d265 100644
--- a/test/web/twitter_api/password_controller_test.exs
+++ b/test/web/twitter_api/password_controller_test.exs
@@ -55,7 +55,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
 
       user = refresh_record(user)
       assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
-      assert length(Token.get_user_tokens(user)) == 0
+      assert Enum.empty?(Token.get_user_tokens(user))
     end
 
     test "it sets password_reset_pending to false", %{conn: conn} do