From 5ddf0415c4fd6021422eb38b4625c01ad27582c5 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 14 Jul 2020 00:22:12 -0500 Subject: Accept `reason` in POST /api/v1/accounts and store in DB --- .../controllers/account_controller_test.exs | 70 ++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 9c7b5e9b2..28d21371a 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -885,6 +885,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end setup do: clear_config([:instance, :account_activation_required]) + setup do: clear_config([:instance, :account_approval_required]) test "Account registration via Application", %{conn: conn} do conn = @@ -949,6 +950,75 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert token_from_db.user.confirmation_pending end + test "Account registration via app with account_approval_required", %{conn: conn} do + Pleroma.Config.put([:instance, :account_approval_required], true) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/apps", %{ + client_name: "client_name", + redirect_uris: "urn:ietf:wg:oauth:2.0:oob", + scopes: "read, write, follow" + }) + + assert %{ + "client_id" => client_id, + "client_secret" => client_secret, + "id" => _, + "name" => "client_name", + "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", + "vapid_key" => _, + "website" => nil + } = json_response_and_validate_schema(conn, 200) + + conn = + post(conn, "/oauth/token", %{ + grant_type: "client_credentials", + client_id: client_id, + client_secret: client_secret + }) + + assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = + json_response(conn, 200) + + assert token + token_from_db = Repo.get_by(Token, token: token) + assert token_from_db + assert refresh + assert scope == "read write follow" + + conn = + build_conn() + |> put_req_header("content-type", "multipart/form-data") + |> put_req_header("authorization", "Bearer " <> token) + |> post("/api/v1/accounts", %{ + username: "lain", + email: "lain@example.org", + password: "PlzDontHackLain", + bio: "Test Bio", + agreement: true, + reason: "I'm a cool dude, bro" + }) + + %{ + "access_token" => token, + "created_at" => _created_at, + "scope" => ^scope, + "token_type" => "Bearer" + } = json_response_and_validate_schema(conn, 200) + + token_from_db = Repo.get_by(Token, token: token) + assert token_from_db + token_from_db = Repo.preload(token_from_db, :user) + assert token_from_db.user + + assert token_from_db.user.confirmation_pending + assert token_from_db.user.approval_pending + + assert token_from_db.user.registration_reason == "I'm a cool dude, bro" + end + test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do _user = insert(:user, email: "lain@example.org") app_token = insert(:oauth_token, user: nil) -- cgit v1.2.3 From 48f8b26c92880c0898daac3d691c61be0b891d0b Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Thu, 16 Jul 2020 21:39:10 -0500 Subject: OpenAPI: Add :id to follower/following endpoints, fixes #1958 --- .../controllers/account_controller_test.exs | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 9c7b5e9b2..c304487ea 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -583,6 +583,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3_id}") |> json_response_and_validate_schema(200) + assert [%{"id" => ^follower2_id}, %{"id" => ^follower1_id}] = + conn + |> get( + "/api/v1/accounts/#{user.id}/followers?id=#{user.id}&limit=20&max_id=#{ + follower3_id + }" + ) + |> json_response_and_validate_schema(200) + res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3_id}") assert [%{"id" => ^follower2_id}] = json_response_and_validate_schema(res_conn, 200) @@ -654,6 +663,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert id2 == following2.id assert id1 == following1.id + res_conn = + get( + conn, + "/api/v1/accounts/#{user.id}/following?id=#{user.id}&limit=20&max_id=#{following3.id}" + ) + + assert [%{"id" => id2}, %{"id" => id1}] = json_response_and_validate_schema(res_conn, 200) + assert id2 == following2.id + assert id1 == following1.id + res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}") -- cgit v1.2.3 From f43518eb7433a6c50d635d6536c3fbe3a37ea82b Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 27 Jul 2020 19:19:14 -0500 Subject: Lint, fix test --- test/web/mastodon_api/controllers/account_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index e6b283aab..1ba5bc964 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do password: "PlzDontHackLain", bio: "Test Bio", agreement: true, - reason: "I'm a cool dude, bro" + reason: "I am a cool dude, bro" }) %{ @@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert token_from_db.user.confirmation_pending assert token_from_db.user.approval_pending - assert token_from_db.user.registration_reason == "I'm a cool dude, bro" + assert token_from_db.user.registration_reason == "I am a cool dude, bro" end test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do -- cgit v1.2.3 From f688c8df82b955b50552b3198ddc153a716451c2 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 27 Jul 2020 20:36:31 -0500 Subject: Fix User.registration_reason HTML sanitizing issues --- test/web/mastodon_api/controllers/account_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 1ba5bc964..e6b283aab 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -1017,7 +1017,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do password: "PlzDontHackLain", bio: "Test Bio", agreement: true, - reason: "I am a cool dude, bro" + reason: "I'm a cool dude, bro" }) %{ @@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert token_from_db.user.confirmation_pending assert token_from_db.user.approval_pending - assert token_from_db.user.registration_reason == "I am a cool dude, bro" + assert token_from_db.user.registration_reason == "I'm a cool dude, bro" end test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do -- cgit v1.2.3 From c25c21dd22202fe0fc827ef57e5a69631fa35bf7 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 29 Jul 2020 11:47:03 +0200 Subject: AccountController: Don't explicitly ask to keep users unconfirmed. Confirmation is set in User.register_changeset based on the config settings. --- .../controllers/account_controller_test.exs | 68 +++++++++++++++++++++- 1 file changed, 65 insertions(+), 3 deletions(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index c304487ea..a2332d2af 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -903,9 +903,73 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do [valid_params: valid_params] end - setup do: clear_config([:instance, :account_activation_required]) + test "Account registration via Application, no confirmation required", %{conn: conn} do + clear_config([:instance, :account_activation_required], false) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/apps", %{ + client_name: "client_name", + redirect_uris: "urn:ietf:wg:oauth:2.0:oob", + scopes: "read, write, follow" + }) + + assert %{ + "client_id" => client_id, + "client_secret" => client_secret, + "id" => _, + "name" => "client_name", + "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", + "vapid_key" => _, + "website" => nil + } = json_response_and_validate_schema(conn, 200) + + conn = + post(conn, "/oauth/token", %{ + grant_type: "client_credentials", + client_id: client_id, + client_secret: client_secret + }) + + assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = + json_response(conn, 200) + + assert token + token_from_db = Repo.get_by(Token, token: token) + assert token_from_db + assert refresh + assert scope == "read write follow" + + conn = + build_conn() + |> put_req_header("content-type", "multipart/form-data") + |> put_req_header("authorization", "Bearer " <> token) + |> post("/api/v1/accounts", %{ + username: "lain", + email: "lain@example.org", + password: "PlzDontHackLain", + bio: "Test Bio", + agreement: true + }) + + %{ + "access_token" => token, + "created_at" => _created_at, + "scope" => ^scope, + "token_type" => "Bearer" + } = json_response_and_validate_schema(conn, 200) + + token_from_db = Repo.get_by(Token, token: token) + assert token_from_db + token_from_db = Repo.preload(token_from_db, :user) + assert token_from_db.user + refute token_from_db.user.confirmation_pending + end test "Account registration via Application", %{conn: conn} do + clear_config([:instance, :account_activation_required], true) + conn = conn |> put_req_header("content-type", "application/json") @@ -1188,8 +1252,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert token_from_db token_from_db = Repo.preload(token_from_db, :user) assert token_from_db.user - - assert token_from_db.user.confirmation_pending end conn = -- cgit v1.2.3 From 27b0a8b15542c645f70937a124ab8190cc399313 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 31 Jul 2020 14:13:38 +0300 Subject: [#1985] Prevented force login on registration if account approval and/or email confirmation needed. Refactored login code in OAuthController, reused in AccountController. Added tests. --- .../controllers/account_controller_test.exs | 73 +++++++++------------- 1 file changed, 30 insertions(+), 43 deletions(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 708f8b5b3..d390c3ce1 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -5,7 +5,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do use Pleroma.Web.ConnCase - alias Pleroma.Config alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub @@ -16,8 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do import Pleroma.Factory describe "account fetching" do - setup do: clear_config([:instance, :limit_to_local_content]) - test "works by id" do %User{id: user_id} = insert(:user) @@ -42,7 +39,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end test "works by nickname for remote users" do - Config.put([:instance, :limit_to_local_content], false) + clear_config([:instance, :limit_to_local_content], false) user = insert(:user, nickname: "user@example.com", local: false) @@ -53,7 +50,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end test "respects limit_to_local_content == :all for remote user nicknames" do - Config.put([:instance, :limit_to_local_content], :all) + clear_config([:instance, :limit_to_local_content], :all) user = insert(:user, nickname: "user@example.com", local: false) @@ -63,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do - Config.put([:instance, :limit_to_local_content], :unauthenticated) + clear_config([:instance, :limit_to_local_content], :unauthenticated) user = insert(:user, nickname: "user@example.com", local: false) reading_user = insert(:user) @@ -903,8 +900,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do [valid_params: valid_params] end - test "Account registration via Application, no confirmation required", %{conn: conn} do + test "registers and logs in without :account_activation_required / :account_approval_required", + %{conn: conn} do clear_config([:instance, :account_activation_required], false) + clear_config([:instance, :account_approval_required], false) conn = conn @@ -962,15 +961,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do token_from_db = Repo.get_by(Token, token: token) assert token_from_db - token_from_db = Repo.preload(token_from_db, :user) - assert token_from_db.user - refute token_from_db.user.confirmation_pending - end + user = Repo.preload(token_from_db, :user).user - setup do: clear_config([:instance, :account_approval_required]) + assert user + refute user.confirmation_pending + refute user.approval_pending + end - test "Account registration via Application", %{conn: conn} do + test "registers but does not log in with :account_activation_required", %{conn: conn} do clear_config([:instance, :account_activation_required], true) + clear_config([:instance, :account_approval_required], false) conn = conn @@ -1019,23 +1019,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do agreement: true }) - %{ - "access_token" => token, - "created_at" => _created_at, - "scope" => ^scope, - "token_type" => "Bearer" - } = json_response_and_validate_schema(conn, 200) - - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - token_from_db = Repo.preload(token_from_db, :user) - assert token_from_db.user + response = json_response_and_validate_schema(conn, 200) + assert %{"identifier" => "missing_confirmed_email"} = response + refute response["access_token"] + refute response["token_type"] - assert token_from_db.user.confirmation_pending + user = Repo.get_by(User, email: "lain@example.org") + assert user.confirmation_pending end - test "Account registration via app with account_approval_required", %{conn: conn} do - Pleroma.Config.put([:instance, :account_approval_required], true) + test "registers but does not log in with :account_approval_required", %{conn: conn} do + clear_config([:instance, :account_approval_required], true) + clear_config([:instance, :account_activation_required], false) conn = conn @@ -1085,21 +1080,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do reason: "I'm a cool dude, bro" }) - %{ - "access_token" => token, - "created_at" => _created_at, - "scope" => ^scope, - "token_type" => "Bearer" - } = json_response_and_validate_schema(conn, 200) - - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - token_from_db = Repo.preload(token_from_db, :user) - assert token_from_db.user + response = json_response_and_validate_schema(conn, 200) + assert %{"identifier" => "awaiting_approval"} = response + refute response["access_token"] + refute response["token_type"] - assert token_from_db.user.approval_pending + user = Repo.get_by(User, email: "lain@example.org") - assert token_from_db.user.registration_reason == "I'm a cool dude, bro" + assert user.approval_pending + assert user.registration_reason == "I'm a cool dude, bro" end test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do @@ -1153,11 +1142,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end) end - setup do: clear_config([:instance, :account_activation_required]) - test "returns bad_request if missing email params when :account_activation_required is enabled", %{conn: conn, valid_params: valid_params} do - Pleroma.Config.put([:instance, :account_activation_required], true) + clear_config([:instance, :account_activation_required], true) app_token = insert(:oauth_token, user: nil) -- cgit v1.2.3 From de3bdc63adac0141500bdc2692124cd104330bda Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 3 Aug 2020 15:00:14 +0200 Subject: AccountControllerTest: Add test for message returned. --- .../controllers/account_controller_test.exs | 29 ++++++++++++++++------ 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index d390c3ce1..2cb388655 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -940,17 +940,32 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert refresh assert scope == "read write follow" + clear_config([User, :email_blacklist], ["example.org"]) + + params = %{ + username: "lain", + email: "lain@example.org", + password: "PlzDontHackLain", + bio: "Test Bio", + agreement: true + } + conn = build_conn() |> put_req_header("content-type", "multipart/form-data") |> put_req_header("authorization", "Bearer " <> token) - |> post("/api/v1/accounts", %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - bio: "Test Bio", - agreement: true - }) + |> post("/api/v1/accounts", params) + + assert %{"error" => "{\"email\":[\"Email domain is blacklisted\"]}"} = + json_response_and_validate_schema(conn, 400) + + Pleroma.Config.put([User, :email_blacklist], []) + + conn = + build_conn() + |> put_req_header("content-type", "multipart/form-data") + |> put_req_header("authorization", "Bearer " <> token) + |> post("/api/v1/accounts", params) %{ "access_token" => token, -- cgit v1.2.3 From 058daf498f10e58221bd29a42799f52e56a800a9 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 3 Aug 2020 19:57:53 -0500 Subject: Email blacklist: Update response phrasing --- test/web/mastodon_api/controllers/account_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 2cb388655..86e3ac3e7 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -956,7 +956,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do |> put_req_header("authorization", "Bearer " <> token) |> post("/api/v1/accounts", params) - assert %{"error" => "{\"email\":[\"Email domain is blacklisted\"]}"} = + assert %{"error" => "{\"credentials\":[\"Invalid credentials\"]}"} = json_response_and_validate_schema(conn, 400) Pleroma.Config.put([User, :email_blacklist], []) -- cgit v1.2.3 From 4f57e85ab9c80fb7cb51428cef978793ba22971c Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 3 Aug 2020 22:20:49 -0500 Subject: Email blacklist: Update phrasing again --- test/web/mastodon_api/controllers/account_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 86e3ac3e7..17a1e7d66 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -956,7 +956,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do |> put_req_header("authorization", "Bearer " <> token) |> post("/api/v1/accounts", params) - assert %{"error" => "{\"credentials\":[\"Invalid credentials\"]}"} = + assert %{"error" => "{\"email\":[\"Invalid email\"]}"} = json_response_and_validate_schema(conn, 400) Pleroma.Config.put([User, :email_blacklist], []) -- cgit v1.2.3