9 files changed, 129 insertions, 16 deletions

diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs
index d71f9f13a..cb455ca79 100644
--- a/test/media_proxy_test.exs
+++ b/test/media_proxy_test.exs
@@ -1,6 +1,7 @@
 defmodule Pleroma.MediaProxyTest do
   use ExUnit.Case
   import Pleroma.Web.MediaProxy
+  alias Pleroma.Web.MediaProxy.MediaProxyController
 
   describe "when enabled" do
     setup do
@@ -65,6 +66,14 @@ defmodule Pleroma.MediaProxyTest do
       assert decode_result(encoded) == url
     end
 
+    test "ensures urls are url-encoded" do
+      assert decode_result(url("https://pleroma.social/Hello world.jpg")) ==
+               "https://pleroma.social/Hello%20world.jpg"
+
+      assert decode_result(url("https://pleroma.social/Hello%20world.jpg")) ==
+               "https://pleroma.social/Hello%20world.jpg"
+    end
+
     test "validates signature" do
       secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
 
@@ -83,6 +92,34 @@ defmodule Pleroma.MediaProxyTest do
       assert decode_url(sig, base64) == {:error, :invalid_signature}
     end
 
+    test "filename_matches matches url encoded paths" do
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello%20world.jpg",
+               "http://pleroma.social/Hello world.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello%20world.jpg",
+               "http://pleroma.social/Hello%20world.jpg"
+             ) == :ok
+    end
+
+    test "filename_matches matches non-url encoded paths" do
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello world.jpg",
+               "http://pleroma.social/Hello%20world.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello world.jpg",
+               "http://pleroma.social/Hello world.jpg"
+             ) == :ok
+    end
+
     test "uses the configured base_url" do
       base_url = Pleroma.Config.get([:media_proxy, :base_url])
 
diff --git a/test/support/builders/activity_builder.ex b/test/support/builders/activity_builder.ex
index eb72d5ba9..6e5a8e059 100644
--- a/test/support/builders/activity_builder.ex
+++ b/test/support/builders/activity_builder.ex
@@ -1,5 +1,4 @@
 defmodule Pleroma.Builders.ActivityBuilder do
-  alias Pleroma.Builders.UserBuilder
   alias Pleroma.Web.ActivityPub.ActivityPub
 
   def build(data \\ %{}, opts \\ %{}) do
diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex
index 391342ad7..6f98fc5d0 100644
--- a/test/support/http_request_mock.ex
+++ b/test/support/http_request_mock.ex
@@ -13,7 +13,7 @@ defmodule HttpRequestMock do
     with {:ok, res} <- apply(__MODULE__, method, [url, query, body, headers]) do
       res
     else
-      {_, r} = error ->
+      {_, _r} = error ->
         # Logger.warn(r)
         error
     end
diff --git a/test/support/websub_mock.ex b/test/support/websub_mock.ex
new file mode 100644
index 000000000..0cba0b740
--- /dev/null
+++ b/test/support/websub_mock.ex
@@ -0,0 +1,5 @@
+defmodule Pleroma.Web.WebsubMock do
+  def verify(sub) do
+    {:ok, sub}
+  end
+end
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 9634ad7c5..ba3b77fb6 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -37,6 +37,78 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
   end
 
+  describe "PUT /api/pleroma/admin/users/tag" do
+    setup do
+      admin = insert(:user, info: %{is_admin: true})
+      user1 = insert(:user, %{tags: ["x"]})
+      user2 = insert(:user, %{tags: ["y"]})
+      user3 = insert(:user, %{tags: ["unchanged"]})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> put_req_header("accept", "application/json")
+        |> put(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
+            user2.nickname
+          }&tags[]=foo&tags[]=bar"
+        )
+
+      %{conn: conn, user1: user1, user2: user2, user3: user3}
+    end
+
+    test "it appends specified tags to users with specified nicknames", %{
+      conn: conn,
+      user1: user1,
+      user2: user2
+    } do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user1.id).tags == ["x", "foo", "bar"]
+      assert Repo.get(User, user2.id).tags == ["y", "foo", "bar"]
+    end
+
+    test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user3.id).tags == ["unchanged"]
+    end
+  end
+
+  describe "DELETE /api/pleroma/admin/users/tag" do
+    setup do
+      admin = insert(:user, info: %{is_admin: true})
+      user1 = insert(:user, %{tags: ["x"]})
+      user2 = insert(:user, %{tags: ["y", "z"]})
+      user3 = insert(:user, %{tags: ["unchanged"]})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> put_req_header("accept", "application/json")
+        |> delete(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
+            user2.nickname
+          }&tags[]=x&tags[]=z"
+        )
+
+      %{conn: conn, user1: user1, user2: user2, user3: user3}
+    end
+
+    test "it removes specified tags from users with specified nicknames", %{
+      conn: conn,
+      user1: user1,
+      user2: user2
+    } do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user1.id).tags == []
+      assert Repo.get(User, user2.id).tags == ["y"]
+    end
+
+    test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user3.id).tags == ["unchanged"]
+    end
+  end
+
   describe "/api/pleroma/admin/permission_group" do
     test "GET is giving user_info" do
       admin = insert(:user, info: %{is_admin: true})
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs
index a2d3a2547..3cb9b9c5b 100644
--- a/test/web/mastodon_api/account_view_test.exs
+++ b/test/web/mastodon_api/account_view_test.exs
@@ -54,7 +54,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         note: "",
         privacy: "public",
         sensitive: false
-      }
+      },
+      pleroma: %{tags: []}
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
@@ -91,7 +92,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         note: "",
         privacy: "public",
         sensitive: false
-      }
+      },
+      pleroma: %{tags: []}
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs
index 9e69b3189..d10d59d6c 100644
--- a/test/web/mastodon_api/status_view_test.exs
+++ b/test/web/mastodon_api/status_view_test.exs
@@ -24,7 +24,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       note
       |> Map.put(:data, data)
 
-    user = User.get_cached_by_ap_id(note.data["actor"])
+    User.get_cached_by_ap_id(note.data["actor"])
 
     status = StatusView.render("status.json", %{activity: note})
 
@@ -62,7 +62,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       visibility: "public",
       media_attachments: [],
       mentions: [],
-      tags: [],
+      tags: note.data["object"]["tag"],
       application: %{
         name: "Web",
         website: nil
diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index e69ca24a9..9898c217d 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -96,7 +96,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     assert represented == UserView.render("show.json", %{user: user})
@@ -137,7 +138,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     assert represented == UserView.render("show.json", %{user: user, for: follower})
@@ -179,7 +181,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     assert represented == UserView.render("show.json", %{user: follower, for: user})
@@ -228,7 +231,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     blocker = Repo.get(User, blocker.id)
diff --git a/test/web/websub/websub_test.exs b/test/web/websub/websub_test.exs
index 47d1a88e1..fd559743f 100644
--- a/test/web/websub/websub_test.exs
+++ b/test/web/websub/websub_test.exs
@@ -1,9 +1,3 @@
-defmodule Pleroma.Web.WebsubMock do
-  def verify(sub) do
-    {:ok, sub}
-  end
-end
-
 defmodule Pleroma.Web.WebsubTest do
   use Pleroma.DataCase
   alias Pleroma.Web.Websub