diff options
Diffstat (limited to 'test/web/mastodon_api')
| -rw-r--r-- | test/web/mastodon_api/account_view_test.exs | 3 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 50 |
2 files changed, 51 insertions, 2 deletions
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 8bf194e6b..35c8a1fb0 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -20,6 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do info: %{"note_count" => 5, "follower_count" => 3, "source_data" => source_data}, nickname: "shp@shitposter.club", name: ":karjalanpiirakka: shp", + bio: "<script src=\"invalid-html\"></script><span>valid html</span>", inserted_at: ~N[2017-08-15 15:47:06.597036] }) @@ -33,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do followers_count: 3, following_count: 0, statuses_count: 5, - note: user.bio, + note: "<span>valid html</span>", url: user.ap_id, avatar: "http://localhost:4001/images/avi.png", avatar_static: "http://localhost:4001/images/avi.png", diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 9e33c1d04..60dafcf03 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -206,7 +206,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") - assert %{"id" => id} = json_response(conn, 200) + assert %{"id" => id, "source" => %{"privacy" => "public"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + + test "verify_credentials default scope unlisted", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "unlisted"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) assert id == to_string(user.id) end @@ -368,6 +380,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert id == to_string(activity_two.id) end + + test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + + {:ok, activity_two} = + TwitterAPI.create_status(other_user, %{ + "status" => "Marisa is cute.", + "visibility" => "private" + }) + + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/timelines/list/#{list.id}") + + assert [%{"id" => id}] = json_response(conn, 200) + + assert id == to_string(activity_one.id) + end end describe "notifications" do @@ -691,6 +727,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert User.following?(other_user, user) == true end + test "verify_credentials", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "private"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + test "/api/v1/follow_requests/:id/reject works" do user = insert(:user, %{info: %{"locked" => true}}) other_user = insert(:user) |