4 files changed, 121 insertions, 6 deletions

diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs
index d71f9f13a..cb455ca79 100644
--- a/test/media_proxy_test.exs
+++ b/test/media_proxy_test.exs
@@ -1,6 +1,7 @@
 defmodule Pleroma.MediaProxyTest do
   use ExUnit.Case
   import Pleroma.Web.MediaProxy
+  alias Pleroma.Web.MediaProxy.MediaProxyController
 
   describe "when enabled" do
     setup do
@@ -65,6 +66,14 @@ defmodule Pleroma.MediaProxyTest do
       assert decode_result(encoded) == url
     end
 
+    test "ensures urls are url-encoded" do
+      assert decode_result(url("https://pleroma.social/Hello world.jpg")) ==
+               "https://pleroma.social/Hello%20world.jpg"
+
+      assert decode_result(url("https://pleroma.social/Hello%20world.jpg")) ==
+               "https://pleroma.social/Hello%20world.jpg"
+    end
+
     test "validates signature" do
       secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
 
@@ -83,6 +92,34 @@ defmodule Pleroma.MediaProxyTest do
       assert decode_url(sig, base64) == {:error, :invalid_signature}
     end
 
+    test "filename_matches matches url encoded paths" do
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello%20world.jpg",
+               "http://pleroma.social/Hello world.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello%20world.jpg",
+               "http://pleroma.social/Hello%20world.jpg"
+             ) == :ok
+    end
+
+    test "filename_matches matches non-url encoded paths" do
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello world.jpg",
+               "http://pleroma.social/Hello%20world.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               true,
+               "/Hello world.jpg",
+               "http://pleroma.social/Hello world.jpg"
+             ) == :ok
+    end
+
     test "uses the configured base_url" do
       base_url = Pleroma.Config.get([:media_proxy, :base_url])
 
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 9634ad7c5..ba3b77fb6 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -37,6 +37,78 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
   end
 
+  describe "PUT /api/pleroma/admin/users/tag" do
+    setup do
+      admin = insert(:user, info: %{is_admin: true})
+      user1 = insert(:user, %{tags: ["x"]})
+      user2 = insert(:user, %{tags: ["y"]})
+      user3 = insert(:user, %{tags: ["unchanged"]})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> put_req_header("accept", "application/json")
+        |> put(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
+            user2.nickname
+          }&tags[]=foo&tags[]=bar"
+        )
+
+      %{conn: conn, user1: user1, user2: user2, user3: user3}
+    end
+
+    test "it appends specified tags to users with specified nicknames", %{
+      conn: conn,
+      user1: user1,
+      user2: user2
+    } do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user1.id).tags == ["x", "foo", "bar"]
+      assert Repo.get(User, user2.id).tags == ["y", "foo", "bar"]
+    end
+
+    test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user3.id).tags == ["unchanged"]
+    end
+  end
+
+  describe "DELETE /api/pleroma/admin/users/tag" do
+    setup do
+      admin = insert(:user, info: %{is_admin: true})
+      user1 = insert(:user, %{tags: ["x"]})
+      user2 = insert(:user, %{tags: ["y", "z"]})
+      user3 = insert(:user, %{tags: ["unchanged"]})
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> put_req_header("accept", "application/json")
+        |> delete(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
+            user2.nickname
+          }&tags[]=x&tags[]=z"
+        )
+
+      %{conn: conn, user1: user1, user2: user2, user3: user3}
+    end
+
+    test "it removes specified tags from users with specified nicknames", %{
+      conn: conn,
+      user1: user1,
+      user2: user2
+    } do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user1.id).tags == []
+      assert Repo.get(User, user2.id).tags == ["y"]
+    end
+
+    test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
+      assert json_response(conn, :no_content)
+      assert Repo.get(User, user3.id).tags == ["unchanged"]
+    end
+  end
+
   describe "/api/pleroma/admin/permission_group" do
     test "GET is giving user_info" do
       admin = insert(:user, info: %{is_admin: true})
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs
index a2d3a2547..3cb9b9c5b 100644
--- a/test/web/mastodon_api/account_view_test.exs
+++ b/test/web/mastodon_api/account_view_test.exs
@@ -54,7 +54,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         note: "",
         privacy: "public",
         sensitive: false
-      }
+      },
+      pleroma: %{tags: []}
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
@@ -91,7 +92,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         note: "",
         privacy: "public",
         sensitive: false
-      }
+      },
+      pleroma: %{tags: []}
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index e69ca24a9..9898c217d 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -96,7 +96,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     assert represented == UserView.render("show.json", %{user: user})
@@ -137,7 +138,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     assert represented == UserView.render("show.json", %{user: user, for: follower})
@@ -179,7 +181,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     assert represented == UserView.render("show.json", %{user: follower, for: user})
@@ -228,7 +231,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
-      "fields" => []
+      "fields" => [],
+      "pleroma" => %{"tags" => []}
     }
 
     blocker = Repo.get(User, blocker.id)