7 files changed, 279 insertions, 7 deletions

diff --git a/test/list_test.exs b/test/list_test.exs
index ced012093..da3b88024 100644
--- a/test/list_test.exs
+++ b/test/list_test.exs
@@ -74,4 +74,20 @@ defmodule Pleroma.ListTest do
     assert list_two in lists
     refute list_three in lists
   end
+
+  test "getting all lists the user is a member of" do
+    user = insert(:user)
+    other_user = insert(:user)
+    {:ok, list_one} = Pleroma.List.create("title", user)
+    {:ok, list_two} = Pleroma.List.create("other title", user)
+    {:ok, list_three} = Pleroma.List.create("third title", other_user)
+    {:ok, list_one} = Pleroma.List.follow(list_one, other_user)
+    {:ok, list_two} = Pleroma.List.follow(list_two, other_user)
+    {:ok, list_three} = Pleroma.List.follow(list_three, user)
+
+    lists = Pleroma.List.get_lists_from_activity(%Pleroma.Activity{actor: other_user.ap_id})
+    assert list_one in lists
+    assert list_two in lists
+    refute list_three in lists
+  end
 end
diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex
index 6e8336a93..befebad8a 100644
--- a/test/support/httpoison_mock.ex
+++ b/test/support/httpoison_mock.ex
@@ -4,7 +4,7 @@ defmodule HTTPoisonMock do
   def get(url, body \\ [], headers \\ [])
 
   def get(
-        "http://gerzilla.de/.well-known/webfinger?resource=acct:kaniini@gerzilla.de",
+        "https://gerzilla.de/.well-known/webfinger?resource=acct:kaniini@gerzilla.de",
         [Accept: "application/xrd+xml,application/jrd+json"],
         follow_redirect: true
       ) do
@@ -16,7 +16,7 @@ defmodule HTTPoisonMock do
   end
 
   def get(
-        "http://framatube.org/.well-known/webfinger?resource=acct:framasoft@framatube.org",
+        "https://framatube.org/.well-known/webfinger?resource=acct:framasoft@framatube.org",
         [Accept: "application/xrd+xml,application/jrd+json"],
         follow_redirect: true
       ) do
@@ -28,7 +28,7 @@ defmodule HTTPoisonMock do
   end
 
   def get(
-        "http://gnusocial.de/.well-known/webfinger?resource=acct:winterdienst@gnusocial.de",
+        "https://gnusocial.de/.well-known/webfinger?resource=acct:winterdienst@gnusocial.de",
         [Accept: "application/xrd+xml,application/jrd+json"],
         follow_redirect: true
       ) do
diff --git a/test/user_test.exs b/test/user_test.exs
index 8c8cfd673..200352981 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -361,6 +361,27 @@ defmodule Pleroma.UserTest do
     end
   end
 
+  describe "domain blocking" do
+    test "blocks domains" do
+      user = insert(:user)
+      collateral_user = insert(:user, %{ap_id: "https://awful-and-rude-instance.com/user/bully"})
+
+      {:ok, user} = User.block_domain(user, "awful-and-rude-instance.com")
+
+      assert User.blocks?(user, collateral_user)
+    end
+
+    test "unblocks domains" do
+      user = insert(:user)
+      collateral_user = insert(:user, %{ap_id: "https://awful-and-rude-instance.com/user/bully"})
+
+      {:ok, user} = User.block_domain(user, "awful-and-rude-instance.com")
+      {:ok, user} = User.unblock_domain(user, "awful-and-rude-instance.com")
+
+      refute User.blocks?(user, collateral_user)
+    end
+  end
+
   test "get recipients from activity" do
     actor = insert(:user)
     user = insert(:user, local: true)
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index 384844095..7e771b9f8 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -266,6 +266,29 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert user.bio == "<p>Some bio</p>"
     end
 
+    test "it works for incoming update activities which lock the account" do
+      data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+      update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!()
+
+      object =
+        update_data["object"]
+        |> Map.put("actor", data["actor"])
+        |> Map.put("id", data["actor"])
+        |> Map.put("manuallyApprovesFollowers", true)
+
+      update_data =
+        update_data
+        |> Map.put("actor", data["actor"])
+        |> Map.put("object", object)
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(update_data)
+
+      user = User.get_cached_by_ap_id(data["actor"])
+      assert user.info["locked"] == true
+    end
+
     test "it works for incoming deletes" do
       activity = insert(:note_activity)
 
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 1291c3693..d1812457d 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -4,6 +4,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
   alias Pleroma.Web.TwitterAPI.TwitterAPI
   alias Pleroma.{Repo, User, Activity, Notification}
   alias Pleroma.Web.{OStatus, CommonAPI}
+  alias Pleroma.Web.ActivityPub.ActivityPub
 
   import Pleroma.Factory
   import ExUnit.CaptureLog
@@ -644,6 +645,73 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     end
   end
 
+  describe "locked accounts" do
+    test "/api/v1/follow_requests works" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> get("/api/v1/follow_requests")
+
+      assert [relationship] = json_response(conn, 200)
+      assert to_string(other_user.id) == relationship["id"]
+    end
+
+    test "/api/v1/follow_requests/:id/authorize works" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/follow_requests/#{other_user.id}/authorize")
+
+      assert relationship = json_response(conn, 200)
+      assert to_string(other_user.id) == relationship["id"]
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == true
+    end
+
+    test "/api/v1/follow_requests/:id/reject works" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/follow_requests/#{other_user.id}/reject")
+
+      assert relationship = json_response(conn, 200)
+      assert to_string(other_user.id) == relationship["id"]
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+    end
+  end
+
   test "account fetching", %{conn: conn} do
     user = insert(:user)
 
@@ -792,6 +860,46 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
   end
 
+  test "blocking / unblocking a domain", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+
+    assert %{} = json_response(conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    assert User.blocks?(user, other_user)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> delete("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+
+    assert %{} = json_response(conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    refute User.blocks?(user, other_user)
+  end
+
+  test "getting a list of domain blocks" do
+    user = insert(:user)
+
+    {:ok, user} = User.block_domain(user, "bad.site")
+    {:ok, user} = User.block_domain(user, "even.worse.site")
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/domain_blocks")
+
+    domain_blocks = json_response(conn, 200)
+
+    assert "bad.site" in domain_blocks
+    assert "even.worse.site" in domain_blocks
+  end
+
   test "unimplemented mute endpoints" do
     user = insert(:user)
     other_user = insert(:user)
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 68f4331df..bd11551df 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -762,6 +762,38 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
 
       assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
     end
+
+    test "it locks an account", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/account/update_profile.json", %{
+          "locked" => "true"
+        })
+
+      user = Repo.get!(User, user.id)
+      assert user.info["locked"] == true
+
+      assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
+    end
+
+    test "it unlocks an account", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/account/update_profile.json", %{
+          "locked" => "false"
+        })
+
+      user = Repo.get!(User, user.id)
+      assert user.info["locked"] == false
+
+      assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user})
+    end
   end
 
   defp valid_user(_context) do
@@ -926,4 +958,72 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       :timer.sleep(1000)
     end
   end
+
+  describe "GET /api/pleroma/friend_requests" do
+    test "it lists friend requests" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> get("/api/pleroma/friend_requests")
+
+      assert [relationship] = json_response(conn, 200)
+      assert other_user.id == relationship["id"]
+    end
+  end
+
+  describe "POST /api/pleroma/friendships/approve" do
+    test "it approves a friend request" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
+
+      assert relationship = json_response(conn, 200)
+      assert other_user.id == relationship["id"]
+      assert relationship["follows_you"] == true
+    end
+  end
+
+  describe "POST /api/pleroma/friendships/deny" do
+    test "it denies a friend request" do
+      user = insert(:user, %{info: %{"locked" => true}})
+      other_user = insert(:user)
+
+      {:ok, activity} = ActivityPub.follow(other_user, user)
+
+      user = Repo.get(User, user.id)
+      other_user = Repo.get(User, other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
+
+      assert relationship = json_response(conn, 200)
+      assert other_user.id == relationship["id"]
+      assert relationship["follows_you"] == false
+    end
+  end
 end
diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index 9f8bf4cdc..eea743b32 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -59,7 +59,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
-      "is_local" => true
+      "is_local" => true,
+      "locked" => false
     }
 
     assert represented == UserView.render("show.json", %{user: user})
@@ -94,7 +95,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
-      "is_local" => true
+      "is_local" => true,
+      "locked" => false
     }
 
     assert represented == UserView.render("show.json", %{user: user, for: follower})
@@ -130,7 +132,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "statusnet_profile_url" => follower.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
-      "is_local" => true
+      "is_local" => true,
+      "locked" => false
     }
 
     assert represented == UserView.render("show.json", %{user: follower, for: user})
@@ -173,7 +176,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
       "background_image" => nil,
-      "is_local" => true
+      "is_local" => true,
+      "locked" => false
     }
 
     blocker = Repo.get(User, blocker.id)