1 files changed, 69 insertions, 2 deletions

diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index 8fc2d9300..fa08ae4df 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.InternalFetchActor
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.OAuth.Token
 
@@ -118,9 +119,75 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       refute acc_one == acc_two
       assert acc_two == acc_three
     end
+
+    test "returns 404 when user is invisible", %{conn: conn} do
+      user = insert(:user, %{invisible: true})
+
+      resp =
+        conn
+        |> get("/api/v1/accounts/#{user.nickname}")
+        |> json_response(404)
+
+      assert %{"error" => "Can't find user"} = resp
+    end
+
+    test "returns 404 for internal.fetch actor", %{conn: conn} do
+      %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor()
+
+      resp =
+        conn
+        |> get("/api/v1/accounts/internal.fetch")
+        |> json_response(404)
+
+      assert %{"error" => "Can't find user"} = resp
+    end
   end
 
   describe "user timelines" do
+    test "respects blocks", %{conn: conn} do
+      user_one = insert(:user)
+      user_two = insert(:user)
+      user_three = insert(:user)
+
+      User.block(user_one, user_two)
+
+      {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
+      {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
+
+      resp =
+        conn
+        |> get("/api/v1/accounts/#{user_two.id}/statuses")
+
+      assert [%{"id" => id}] = json_response(resp, 200)
+      assert id == activity.id
+
+      # Even a blocked user will deliver the full user timeline, there would be
+      # no point in looking at a blocked users timeline otherwise
+      resp =
+        conn
+        |> assign(:user, user_one)
+        |> get("/api/v1/accounts/#{user_two.id}/statuses")
+
+      assert [%{"id" => id}] = json_response(resp, 200)
+      assert id == activity.id
+
+      resp =
+        conn
+        |> get("/api/v1/accounts/#{user_three.id}/statuses")
+
+      assert [%{"id" => id}] = json_response(resp, 200)
+      assert id == repeat.id
+
+      # When viewing a third user's timeline, the blocked users will NOT be
+      # shown.
+      resp =
+        conn
+        |> assign(:user, user_one)
+        |> get("/api/v1/accounts/#{user_three.id}/statuses")
+
+      assert [] = json_response(resp, 200)
+    end
+
     test "gets a users statuses", %{conn: conn} do
       user_one = insert(:user)
       user_two = insert(:user)
@@ -868,7 +935,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, user} = User.mute(user, other_user)
+    {:ok, _user_relationships} = User.mute(user, other_user)
 
     conn =
       conn
@@ -883,7 +950,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, user} = User.block(user, other_user)
+    {:ok, _user_relationship} = User.block(user, other_user)
 
     conn =
       conn