7 files changed, 131 insertions, 119 deletions

diff --git a/test/pleroma/html_test.exs b/test/pleroma/html_test.exs
index 1be161971..d17b07540 100644
--- a/test/pleroma/html_test.exs
+++ b/test/pleroma/html_test.exs
@@ -41,6 +41,10 @@ defmodule Pleroma.HTMLTest do
   <span class="h-card"><a class="u-url mention animate-spin">@<span>foo</span></a></span>
   """
 
+  @mention_hashtags_sample """
+  <a href="https://mastodon.example/tags/linux" class="mention hashtag" rel="tag">#<span>linux</span></a>
+  """
+
   describe "StripTags scrubber" do
     test "works as expected" do
       expected = """
@@ -126,6 +130,15 @@ defmodule Pleroma.HTMLTest do
                  Pleroma.HTML.Scrubber.TwitterText
                )
     end
+
+    test "does allow mention hashtags" do
+      expected = """
+      <a href="https://mastodon.example/tags/linux" class="mention hashtag" rel="tag">#<span>linux</span></a>
+      """
+
+      assert expected ==
+               HTML.filter_tags(@mention_hashtags_sample, Pleroma.HTML.Scrubber.Default)
+    end
   end
 
   describe "default scrubber" do
@@ -189,6 +202,15 @@ defmodule Pleroma.HTMLTest do
                  Pleroma.HTML.Scrubber.Default
                )
     end
+
+    test "does allow mention hashtags" do
+      expected = """
+      <a href="https://mastodon.example/tags/linux" class="mention hashtag" rel="tag">#<span>linux</span></a>
+      """
+
+      assert expected ==
+               HTML.filter_tags(@mention_hashtags_sample, Pleroma.HTML.Scrubber.Default)
+    end
   end
 
   describe "extract_first_external_url_from_object" do
diff --git a/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs
index df28f2010..bc9d4048c 100644
--- a/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs
@@ -89,114 +89,4 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
     assert expected == json_response_and_validate_schema(conn, 200)
     assert app.user_id == user.id
   end
-
-  test "creates an oauth app without a user", %{conn: conn} do
-    app_attrs = build(:oauth_app)
-
-    conn =
-      conn
-      |> put_req_header("content-type", "application/json")
-      |> post("/api/v1/apps", %{
-        client_name: app_attrs.client_name,
-        redirect_uris: app_attrs.redirect_uris
-      })
-
-    [app] = Repo.all(App)
-
-    expected = %{
-      "name" => app.client_name,
-      "website" => app.website,
-      "client_id" => app.client_id,
-      "client_secret" => app.client_secret,
-      "id" => app.id |> to_string(),
-      "redirect_uri" => app.redirect_uris,
-      "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
-    }
-
-    assert expected == json_response_and_validate_schema(conn, 200)
-  end
-
-  test "does not duplicate apps with the same client name", %{conn: conn} do
-    client_name = "BleromaSE"
-    redirect_uris = "https://bleroma.app/oauth-callback"
-
-    for _i <- 1..3 do
-      conn
-      |> put_req_header("content-type", "application/json")
-      |> post("/api/v1/apps", %{
-        client_name: client_name,
-        redirect_uris: redirect_uris
-      })
-      |> json_response_and_validate_schema(200)
-    end
-
-    apps = Repo.all(App)
-
-    assert length(apps) == 1
-    assert List.first(apps).client_name == client_name
-    assert List.first(apps).redirect_uris == redirect_uris
-  end
-
-  test "app scopes can be updated", %{conn: conn} do
-    client_name = "BleromaSE"
-    redirect_uris = "https://bleroma.app/oauth-callback"
-    website = "https://bleromase.com"
-    scopes = "read write"
-
-    conn
-    |> put_req_header("content-type", "application/json")
-    |> post("/api/v1/apps", %{
-      client_name: client_name,
-      redirect_uris: redirect_uris,
-      website: website,
-      scopes: scopes
-    })
-    |> json_response_and_validate_schema(200)
-
-    assert List.first(Repo.all(App)).scopes == String.split(scopes, " ")
-
-    updated_scopes = "read write push"
-
-    conn
-    |> put_req_header("content-type", "application/json")
-    |> post("/api/v1/apps", %{
-      client_name: client_name,
-      redirect_uris: redirect_uris,
-      website: website,
-      scopes: updated_scopes
-    })
-    |> json_response_and_validate_schema(200)
-
-    assert List.first(Repo.all(App)).scopes == String.split(updated_scopes, " ")
-  end
-
-  test "app website URL can be updated", %{conn: conn} do
-    client_name = "BleromaSE"
-    redirect_uris = "https://bleroma.app/oauth-callback"
-    website = "https://bleromase.com"
-
-    conn
-    |> put_req_header("content-type", "application/json")
-    |> post("/api/v1/apps", %{
-      client_name: client_name,
-      redirect_uris: redirect_uris,
-      website: website
-    })
-    |> json_response_and_validate_schema(200)
-
-    assert List.first(Repo.all(App)).website == website
-
-    updated_website = "https://bleromase2ultimateedition.com"
-
-    conn
-    |> put_req_header("content-type", "application/json")
-    |> post("/api/v1/apps", %{
-      client_name: client_name,
-      redirect_uris: redirect_uris,
-      website: updated_website
-    })
-    |> json_response_and_validate_schema(200)
-
-    assert List.first(Repo.all(App)).website == updated_website
-  end
 end
diff --git a/test/pleroma/web/mastodon_api/views/account_view_test.exs b/test/pleroma/web/mastodon_api/views/account_view_test.exs
index dca64853d..f88b90955 100644
--- a/test/pleroma/web/mastodon_api/views/account_view_test.exs
+++ b/test/pleroma/web/mastodon_api/views/account_view_test.exs
@@ -456,6 +456,45 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       test_relationship_rendering(user, other_user, expected)
     end
 
+    test "relationship does not indicate following if a FollowingRelationship is missing" do
+      user = insert(:user)
+      other_user = insert(:user, local: false)
+
+      # Create a follow relationship with the real Follow Activity and Accept it
+      assert {:ok, _, _, _} = CommonAPI.follow(other_user, user)
+      assert {:ok, _} = CommonAPI.accept_follow_request(user, other_user)
+
+      assert %{data: %{"state" => "accept"}} =
+               Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(user, other_user)
+
+      # Fetch the relationship and forcibly delete it to simulate
+      # a Follow Accept that did not complete processing
+      %{following_relationships: [relationship]} =
+        Pleroma.UserRelationship.view_relationships_option(user, [other_user])
+
+      assert {:ok, _} = Pleroma.Repo.delete(relationship)
+
+      assert %{following_relationships: [], user_relationships: []} ==
+               Pleroma.UserRelationship.view_relationships_option(user, [other_user])
+
+      expected =
+        Map.merge(
+          @blank_response,
+          %{
+            following: false,
+            followed_by: false,
+            muting: false,
+            muting_notifications: false,
+            subscribing: false,
+            notifying: false,
+            showing_reblogs: true,
+            id: to_string(other_user.id)
+          }
+        )
+
+      test_relationship_rendering(user, other_user, expected)
+    end
+
     test "represent a relationship for the blocking and blocked user" do
       user = insert(:user)
       other_user = insert(:user)
diff --git a/test/pleroma/web/node_info_test.exs b/test/pleroma/web/node_info_test.exs
index f474220be..afe4ebb36 100644
--- a/test/pleroma/web/node_info_test.exs
+++ b/test/pleroma/web/node_info_test.exs
@@ -24,6 +24,19 @@ defmodule Pleroma.Web.NodeInfoTest do
       |> get(href)
       |> json_response(200)
     end)
+
+    accept_types = [
+      "application/activity+json",
+      "application/json",
+      "application/jrd+json"
+    ]
+
+    for type <- accept_types do
+      conn
+      |> put_req_header("accept", type)
+      |> get("/.well-known/nodeinfo")
+      |> json_response(200)
+    end
   end
 
   test "nodeinfo shows staff accounts", %{conn: conn} do
diff --git a/test/pleroma/web/o_auth/app_test.exs b/test/pleroma/web/o_auth/app_test.exs
index 423b660ea..44219cf90 100644
--- a/test/pleroma/web/o_auth/app_test.exs
+++ b/test/pleroma/web/o_auth/app_test.exs
@@ -12,23 +12,20 @@ defmodule Pleroma.Web.OAuth.AppTest do
     test "gets exist app" do
       attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
       app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]}))
-      {:ok, %App{} = exist_app} = App.get_or_make(attrs)
+      {:ok, %App{} = exist_app} = App.get_or_make(attrs, [])
       assert exist_app == app
     end
 
     test "make app" do
-      attrs = %{client_name: "Mastodon-Local", redirect_uris: ".", scopes: ["write"]}
-      {:ok, %App{} = app} = App.get_or_make(attrs)
+      attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
+      {:ok, %App{} = app} = App.get_or_make(attrs, ["write"])
       assert app.scopes == ["write"]
     end
 
     test "gets exist app and updates scopes" do
-      attrs = %{client_name: "Mastodon-Local", redirect_uris: ".", scopes: ["read", "write"]}
-      app = insert(:oauth_app, attrs)
-
-      {:ok, %App{} = exist_app} =
-        App.get_or_make(%{attrs | scopes: ["read", "write", "follow", "push"]})
-
+      attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
+      app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]}))
+      {:ok, %App{} = exist_app} = App.get_or_make(attrs, ["read", "write", "follow", "push"])
       assert exist_app.id == app.id
       assert exist_app.scopes == ["read", "write", "follow", "push"]
     end
@@ -56,4 +53,21 @@ defmodule Pleroma.Web.OAuth.AppTest do
 
     assert Enum.sort(App.get_user_apps(user)) == Enum.sort(apps)
   end
+
+  test "removes orphaned apps" do
+    attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
+    {:ok, %App{} = old_app} = App.get_or_make(attrs, ["write"])
+
+    attrs = %{client_name: "PleromaFE", redirect_uris: "."}
+    {:ok, %App{} = app} = App.get_or_make(attrs, ["write"])
+
+    # backdate the old app so it's within the threshold for being cleaned up
+    {:ok, _} =
+      "UPDATE apps SET inserted_at = now() - interval '1 hour' WHERE id = #{old_app.id}"
+      |> Pleroma.Repo.query()
+
+    App.remove_orphans()
+
+    assert [app] == Pleroma.Repo.all(App)
+  end
 end
diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs
index 83a08d9fc..260442771 100644
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@@ -12,6 +12,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
   alias Pleroma.MFA.TOTP
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.Web.OAuth.App
   alias Pleroma.Web.OAuth.Authorization
   alias Pleroma.Web.OAuth.OAuthController
   alias Pleroma.Web.OAuth.Token
@@ -770,6 +771,9 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       {:ok, auth} = Authorization.create_authorization(app, user, ["write"])
 
+      # Verify app has no associated user yet
+      assert %Pleroma.Web.OAuth.App{user_id: nil} = Repo.get_by(App, %{id: app.id})
+
       conn =
         build_conn()
         |> post("/oauth/token", %{
@@ -786,6 +790,10 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       assert token
       assert token.scopes == auth.scopes
       assert user.ap_id == ap_id
+
+      # Verify app has an associated user now
+      user_id = user.id
+      assert %Pleroma.Web.OAuth.App{user_id: ^user_id} = Repo.get_by(App, %{id: app.id})
     end
 
     test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
diff --git a/test/pleroma/web/plugs/authentication_plug_test.exs b/test/pleroma/web/plugs/authentication_plug_test.exs
index b8acd01c5..bdbf3de32 100644
--- a/test/pleroma/web/plugs/authentication_plug_test.exs
+++ b/test/pleroma/web/plugs/authentication_plug_test.exs
@@ -70,6 +70,24 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
     assert "$pbkdf2" <> _ = user.password_hash
   end
 
+  test "with an argon2 hash, it updates to a pkbdf2 hash", %{conn: conn} do
+    user = insert(:user, password_hash: Argon2.hash_pwd_salt("123"))
+    assert "$argon2" <> _ = user.password_hash
+
+    conn =
+      conn
+      |> assign(:auth_user, user)
+      |> assign(:auth_credentials, %{password: "123"})
+      |> AuthenticationPlug.call(%{})
+
+    assert conn.assigns.user.id == conn.assigns.auth_user.id
+    assert conn.assigns.token == nil
+    assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
+
+    user = User.get_by_id(user.id)
+    assert "$pbkdf2" <> _ = user.password_hash
+  end
+
   describe "checkpw/2" do
     test "check pbkdf2 hash" do
       hash =
@@ -86,6 +104,14 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
       refute AuthenticationPlug.checkpw("password1", hash)
     end
 
+    test "check argon2 hash" do
+      hash =
+        "$argon2id$v=19$m=65536,t=8,p=2$zEMMsTuK5KkL5AFWbX7jyQ$VyaQD7PF6e9btz0oH1YiAkWwIGZ7WNDZP8l+a/O171g"
+
+      assert AuthenticationPlug.checkpw("password", hash)
+      refute AuthenticationPlug.checkpw("password1", hash)
+    end
+
     test "it returns false when hash invalid" do
       hash =
         "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"