diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-11-12 12:34:48 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-11-12 12:34:48 +0000 |
| commit | 1172844ed18d94d84724dc6f11c6e9f72e0ba6ec (patch) | |
| tree | 7d48a259e08856ab6db0eba255f20c0c19410463 /test/web/mastodon_api/controllers | |
| parent | a0f5e8b27edbe2224d9c2c3997ad5b8ea484244b (diff) | |
| parent | b4c6b262d6dc12362f0014a864e8aed6c727c39c (diff) | |
| download | pleroma-2.2.0.tar.gz | |
Merge branch 'release/2.2.0' into 'stable'v2.2.0
Release/2.2.0
See merge request pleroma/secteam/pleroma!19
Diffstat (limited to 'test/web/mastodon_api/controllers')
22 files changed, 0 insertions, 7260 deletions
diff --git a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs deleted file mode 100644 index 2e6704726..000000000 --- a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs +++ /dev/null @@ -1,529 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do - alias Pleroma.Repo - alias Pleroma.User - - use Pleroma.Web.ConnCase - - import Mock - import Pleroma.Factory - - setup do: clear_config([:instance, :max_account_fields]) - - describe "updating credentials" do - setup do: oauth_access(["write:accounts"]) - setup :request_content_type - - test "sets user settings in a generic way", %{conn: conn} do - res_conn = - patch(conn, "/api/v1/accounts/update_credentials", %{ - "pleroma_settings_store" => %{ - pleroma_fe: %{ - theme: "bla" - } - } - }) - - assert user_data = json_response_and_validate_schema(res_conn, 200) - assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}} - - user = Repo.get(User, user_data["id"]) - - res_conn = - conn - |> assign(:user, user) - |> patch("/api/v1/accounts/update_credentials", %{ - "pleroma_settings_store" => %{ - masto_fe: %{ - theme: "bla" - } - } - }) - - assert user_data = json_response_and_validate_schema(res_conn, 200) - - assert user_data["pleroma"]["settings_store"] == - %{ - "pleroma_fe" => %{"theme" => "bla"}, - "masto_fe" => %{"theme" => "bla"} - } - - user = Repo.get(User, user_data["id"]) - - clear_config([:instance, :federating], true) - - with_mock Pleroma.Web.Federator, - publish: fn _activity -> :ok end do - res_conn = - conn - |> assign(:user, user) - |> patch("/api/v1/accounts/update_credentials", %{ - "pleroma_settings_store" => %{ - masto_fe: %{ - theme: "blub" - } - } - }) - - assert user_data = json_response_and_validate_schema(res_conn, 200) - - assert user_data["pleroma"]["settings_store"] == - %{ - "pleroma_fe" => %{"theme" => "bla"}, - "masto_fe" => %{"theme" => "blub"} - } - - assert_called(Pleroma.Web.Federator.publish(:_)) - end - end - - test "updates the user's bio", %{conn: conn} do - user2 = insert(:user) - - raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.." - - conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio}) - - assert user_data = json_response_and_validate_schema(conn, 200) - - assert user_data["note"] == - ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{ - user2.id - }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..) - - assert user_data["source"]["note"] == raw_bio - - user = Repo.get(User, user_data["id"]) - - assert user.raw_bio == raw_bio - end - - test "updates the user's locking status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["locked"] == true - end - - test "updates the user's chat acceptance status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["pleroma"]["accepts_chat_messages"] == false - end - - test "updates the user's allow_following_move", %{user: user, conn: conn} do - assert user.allow_following_move == true - - conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"}) - - assert refresh_record(user).allow_following_move == false - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["pleroma"]["allow_following_move"] == false - end - - test "updates the user's default scope", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["source"]["privacy"] == "unlisted" - end - - test "updates the user's privacy", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["source"]["privacy"] == "unlisted" - end - - test "updates the user's hide_followers status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["pleroma"]["hide_followers"] == true - end - - test "updates the user's discoverable status", %{conn: conn} do - assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} = - conn - |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"}) - |> json_response_and_validate_schema(:ok) - - assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} = - conn - |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"}) - |> json_response_and_validate_schema(:ok) - end - - test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do - conn = - patch(conn, "/api/v1/accounts/update_credentials", %{ - hide_followers_count: "true", - hide_follows_count: "true" - }) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["pleroma"]["hide_followers_count"] == true - assert user_data["pleroma"]["hide_follows_count"] == true - end - - test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do - response = - conn - |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"}) - |> json_response_and_validate_schema(200) - - assert response["pleroma"]["skip_thread_containment"] == true - assert refresh_record(user).skip_thread_containment - end - - test "updates the user's hide_follows status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["pleroma"]["hide_follows"] == true - end - - test "updates the user's hide_favorites status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["pleroma"]["hide_favorites"] == true - end - - test "updates the user's show_role status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["source"]["pleroma"]["show_role"] == false - end - - test "updates the user's no_rich_text status", %{conn: conn} do - conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["source"]["pleroma"]["no_rich_text"] == true - end - - test "updates the user's name", %{conn: conn} do - conn = - patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"}) - - assert user_data = json_response_and_validate_schema(conn, 200) - assert user_data["display_name"] == "markorepairs" - - update_activity = Repo.one(Pleroma.Activity) - assert update_activity.data["type"] == "Update" - assert update_activity.data["object"]["name"] == "markorepairs" - end - - test "updates the user's avatar", %{user: user, conn: conn} do - new_avatar = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - assert user.avatar == %{} - - res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar}) - - assert user_response = json_response_and_validate_schema(res, 200) - assert user_response["avatar"] != User.avatar_url(user) - - user = User.get_by_id(user.id) - refute user.avatar == %{} - - # Also resets it - _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""}) - - user = User.get_by_id(user.id) - assert user.avatar == nil - end - - test "updates the user's banner", %{user: user, conn: conn} do - new_header = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header}) - - assert user_response = json_response_and_validate_schema(res, 200) - assert user_response["header"] != User.banner_url(user) - - # Also resets it - _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""}) - - user = User.get_by_id(user.id) - assert user.banner == nil - end - - test "updates the user's background", %{conn: conn, user: user} do - new_header = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - res = - patch(conn, "/api/v1/accounts/update_credentials", %{ - "pleroma_background_image" => new_header - }) - - assert user_response = json_response_and_validate_schema(res, 200) - assert user_response["pleroma"]["background_image"] - # - # Also resets it - _res = - patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""}) - - user = User.get_by_id(user.id) - assert user.background == nil - end - - test "requires 'write:accounts' permission" do - token1 = insert(:oauth_token, scopes: ["read"]) - token2 = insert(:oauth_token, scopes: ["write", "follow"]) - - for token <- [token1, token2] do - conn = - build_conn() - |> put_req_header("content-type", "multipart/form-data") - |> put_req_header("authorization", "Bearer #{token.token}") - |> patch("/api/v1/accounts/update_credentials", %{}) - - if token == token1 do - assert %{"error" => "Insufficient permissions: write:accounts."} == - json_response_and_validate_schema(conn, 403) - else - assert json_response_and_validate_schema(conn, 200) - end - end - end - - test "updates profile emojos", %{user: user, conn: conn} do - note = "*sips :blank:*" - name = "I am :firefox:" - - ret_conn = - patch(conn, "/api/v1/accounts/update_credentials", %{ - "note" => note, - "display_name" => name - }) - - assert json_response_and_validate_schema(ret_conn, 200) - - conn = get(conn, "/api/v1/accounts/#{user.id}") - - assert user_data = json_response_and_validate_schema(conn, 200) - - assert user_data["note"] == note - assert user_data["display_name"] == name - assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"] - end - - test "update fields", %{conn: conn} do - fields = [ - %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"}, - %{"name" => "link.io", "value" => "cofe.io"} - ] - - account_data = - conn - |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) - |> json_response_and_validate_schema(200) - - assert account_data["fields"] == [ - %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"}, - %{ - "name" => "link.io", - "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>) - } - ] - - assert account_data["source"]["fields"] == [ - %{ - "name" => "<a href=\"http://google.com\">foo</a>", - "value" => "<script>bar</script>" - }, - %{"name" => "link.io", "value" => "cofe.io"} - ] - end - - test "emojis in fields labels", %{conn: conn} do - fields = [ - %{"name" => ":firefox:", "value" => "is best 2hu"}, - %{"name" => "they wins", "value" => ":blank:"} - ] - - account_data = - conn - |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) - |> json_response_and_validate_schema(200) - - assert account_data["fields"] == [ - %{"name" => ":firefox:", "value" => "is best 2hu"}, - %{"name" => "they wins", "value" => ":blank:"} - ] - - assert account_data["source"]["fields"] == [ - %{"name" => ":firefox:", "value" => "is best 2hu"}, - %{"name" => "they wins", "value" => ":blank:"} - ] - - assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"] - end - - test "update fields via x-www-form-urlencoded", %{conn: conn} do - fields = - [ - "fields_attributes[1][name]=link", - "fields_attributes[1][value]=http://cofe.io", - "fields_attributes[0][name]=foo", - "fields_attributes[0][value]=bar" - ] - |> Enum.join("&") - - account = - conn - |> put_req_header("content-type", "application/x-www-form-urlencoded") - |> patch("/api/v1/accounts/update_credentials", fields) - |> json_response_and_validate_schema(200) - - assert account["fields"] == [ - %{"name" => "foo", "value" => "bar"}, - %{ - "name" => "link", - "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>) - } - ] - - assert account["source"]["fields"] == [ - %{"name" => "foo", "value" => "bar"}, - %{"name" => "link", "value" => "http://cofe.io"} - ] - end - - test "update fields with empty name", %{conn: conn} do - fields = [ - %{"name" => "foo", "value" => ""}, - %{"name" => "", "value" => "bar"} - ] - - account = - conn - |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) - |> json_response_and_validate_schema(200) - - assert account["fields"] == [ - %{"name" => "foo", "value" => ""} - ] - end - - test "update fields when invalid request", %{conn: conn} do - name_limit = Pleroma.Config.get([:instance, :account_field_name_length]) - value_limit = Pleroma.Config.get([:instance, :account_field_value_length]) - - long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join() - long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join() - - fields = [%{"name" => "foo", "value" => long_value}] - - assert %{"error" => "Invalid request"} == - conn - |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) - |> json_response_and_validate_schema(403) - - fields = [%{"name" => long_name, "value" => "bar"}] - - assert %{"error" => "Invalid request"} == - conn - |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) - |> json_response_and_validate_schema(403) - - Pleroma.Config.put([:instance, :max_account_fields], 1) - - fields = [ - %{"name" => "foo", "value" => "bar"}, - %{"name" => "link", "value" => "cofe.io"} - ] - - assert %{"error" => "Invalid request"} == - conn - |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields}) - |> json_response_and_validate_schema(403) - end - end - - describe "Mark account as bot" do - setup do: oauth_access(["write:accounts"]) - setup :request_content_type - - test "changing actor_type to Service makes account a bot", %{conn: conn} do - account = - conn - |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"}) - |> json_response_and_validate_schema(200) - - assert account["bot"] - assert account["source"]["pleroma"]["actor_type"] == "Service" - end - - test "changing actor_type to Person makes account a human", %{conn: conn} do - account = - conn - |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"}) - |> json_response_and_validate_schema(200) - - refute account["bot"] - assert account["source"]["pleroma"]["actor_type"] == "Person" - end - - test "changing actor_type to Application causes error", %{conn: conn} do - response = - conn - |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"}) - |> json_response_and_validate_schema(403) - - assert %{"error" => "Invalid request"} == response - end - - test "changing bot field to true changes actor_type to Service", %{conn: conn} do - account = - conn - |> patch("/api/v1/accounts/update_credentials", %{bot: "true"}) - |> json_response_and_validate_schema(200) - - assert account["bot"] - assert account["source"]["pleroma"]["actor_type"] == "Service" - end - - test "changing bot field to false changes actor_type to Person", %{conn: conn} do - account = - conn - |> patch("/api/v1/accounts/update_credentials", %{bot: "false"}) - |> json_response_and_validate_schema(200) - - refute account["bot"] - assert account["source"]["pleroma"]["actor_type"] == "Person" - end - - test "actor_type field has a higher priority than bot", %{conn: conn} do - account = - conn - |> patch("/api/v1/accounts/update_credentials", %{ - actor_type: "Person", - bot: "true" - }) - |> json_response_and_validate_schema(200) - - refute account["bot"] - assert account["source"]["pleroma"]["actor_type"] == "Person" - end - end -end diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs deleted file mode 100644 index 17a1e7d66..000000000 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ /dev/null @@ -1,1533 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Repo - alias Pleroma.User - alias Pleroma.Web.ActivityPub.ActivityPub - alias Pleroma.Web.ActivityPub.InternalFetchActor - alias Pleroma.Web.CommonAPI - alias Pleroma.Web.OAuth.Token - - import Pleroma.Factory - - describe "account fetching" do - test "works by id" do - %User{id: user_id} = insert(:user) - - assert %{"id" => ^user_id} = - build_conn() - |> get("/api/v1/accounts/#{user_id}") - |> json_response_and_validate_schema(200) - - assert %{"error" => "Can't find user"} = - build_conn() - |> get("/api/v1/accounts/-1") - |> json_response_and_validate_schema(404) - end - - test "works by nickname" do - user = insert(:user) - - assert %{"id" => user_id} = - build_conn() - |> get("/api/v1/accounts/#{user.nickname}") - |> json_response_and_validate_schema(200) - end - - test "works by nickname for remote users" do - clear_config([:instance, :limit_to_local_content], false) - - user = insert(:user, nickname: "user@example.com", local: false) - - assert %{"id" => user_id} = - build_conn() - |> get("/api/v1/accounts/#{user.nickname}") - |> json_response_and_validate_schema(200) - end - - test "respects limit_to_local_content == :all for remote user nicknames" do - clear_config([:instance, :limit_to_local_content], :all) - - user = insert(:user, nickname: "user@example.com", local: false) - - assert build_conn() - |> get("/api/v1/accounts/#{user.nickname}") - |> json_response_and_validate_schema(404) - end - - test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do - clear_config([:instance, :limit_to_local_content], :unauthenticated) - - user = insert(:user, nickname: "user@example.com", local: false) - reading_user = insert(:user) - - conn = - build_conn() - |> get("/api/v1/accounts/#{user.nickname}") - - assert json_response_and_validate_schema(conn, 404) - - conn = - build_conn() - |> assign(:user, reading_user) - |> assign(:token, insert(:oauth_token, user: reading_user, scopes: ["read:accounts"])) - |> get("/api/v1/accounts/#{user.nickname}") - - assert %{"id" => id} = json_response_and_validate_schema(conn, 200) - assert id == user.id - end - - test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do - # Need to set an old-style integer ID to reproduce the problem - # (these are no longer assigned to new accounts but were preserved - # for existing accounts during the migration to flakeIDs) - user_one = insert(:user, %{id: 1212}) - user_two = insert(:user, %{nickname: "#{user_one.id}garbage"}) - - acc_one = - conn - |> get("/api/v1/accounts/#{user_one.id}") - |> json_response_and_validate_schema(:ok) - - acc_two = - conn - |> get("/api/v1/accounts/#{user_two.nickname}") - |> json_response_and_validate_schema(:ok) - - acc_three = - conn - |> get("/api/v1/accounts/#{user_two.id}") - |> json_response_and_validate_schema(:ok) - - refute acc_one == acc_two - assert acc_two == acc_three - end - - test "returns 404 when user is invisible", %{conn: conn} do - user = insert(:user, %{invisible: true}) - - assert %{"error" => "Can't find user"} = - conn - |> get("/api/v1/accounts/#{user.nickname}") - |> json_response_and_validate_schema(404) - end - - test "returns 404 for internal.fetch actor", %{conn: conn} do - %User{nickname: "internal.fetch"} = InternalFetchActor.get_actor() - - assert %{"error" => "Can't find user"} = - conn - |> get("/api/v1/accounts/internal.fetch") - |> json_response_and_validate_schema(404) - end - - test "returns 404 for deactivated user", %{conn: conn} do - user = insert(:user, deactivated: true) - - assert %{"error" => "Can't find user"} = - conn - |> get("/api/v1/accounts/#{user.id}") - |> json_response_and_validate_schema(:not_found) - end - end - - defp local_and_remote_users do - local = insert(:user) - remote = insert(:user, local: false) - {:ok, local: local, remote: remote} - end - - describe "user fetching with restrict unauthenticated profiles for local and remote" do - setup do: local_and_remote_users() - - setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true) - - setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - assert %{"error" => "This API requires an authenticated user"} == - conn - |> get("/api/v1/accounts/#{local.id}") - |> json_response_and_validate_schema(:unauthorized) - - assert %{"error" => "This API requires an authenticated user"} == - conn - |> get("/api/v1/accounts/#{remote.id}") - |> json_response_and_validate_schema(:unauthorized) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/accounts/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - end - - describe "user fetching with restrict unauthenticated profiles for local" do - setup do: local_and_remote_users() - - setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/accounts/#{local.id}") - - assert json_response_and_validate_schema(res_conn, :unauthorized) == %{ - "error" => "This API requires an authenticated user" - } - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/accounts/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - end - - describe "user fetching with restrict unauthenticated profiles for remote" do - setup do: local_and_remote_users() - - setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/accounts/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}") - - assert json_response_and_validate_schema(res_conn, :unauthorized) == %{ - "error" => "This API requires an authenticated user" - } - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/accounts/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - end - - describe "user timelines" do - setup do: oauth_access(["read:statuses"]) - - test "works with announces that are just addressed to public", %{conn: conn} do - user = insert(:user, ap_id: "https://honktest/u/test", local: false) - other_user = insert(:user) - - {:ok, post} = CommonAPI.post(other_user, %{status: "bonkeronk"}) - - {:ok, announce, _} = - %{ - "@context" => "https://www.w3.org/ns/activitystreams", - "actor" => "https://honktest/u/test", - "id" => "https://honktest/u/test/bonk/1793M7B9MQ48847vdx", - "object" => post.data["object"], - "published" => "2019-06-25T19:33:58Z", - "to" => ["https://www.w3.org/ns/activitystreams#Public"], - "type" => "Announce" - } - |> ActivityPub.persist(local: false) - - assert resp = - conn - |> get("/api/v1/accounts/#{user.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id}] = resp - assert id == announce.id - end - - test "deactivated user", %{conn: conn} do - user = insert(:user, deactivated: true) - - assert %{"error" => "Can't find user"} == - conn - |> get("/api/v1/accounts/#{user.id}/statuses") - |> json_response_and_validate_schema(:not_found) - end - - test "returns 404 when user is invisible", %{conn: conn} do - user = insert(:user, %{invisible: true}) - - assert %{"error" => "Can't find user"} = - conn - |> get("/api/v1/accounts/#{user.id}") - |> json_response_and_validate_schema(404) - end - - test "respects blocks", %{user: user_one, conn: conn} do - user_two = insert(:user) - user_three = insert(:user) - - User.block(user_one, user_two) - - {:ok, activity} = CommonAPI.post(user_two, %{status: "User one sux0rz"}) - {:ok, repeat} = CommonAPI.repeat(activity.id, user_three) - - assert resp = - conn - |> get("/api/v1/accounts/#{user_two.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id}] = resp - assert id == activity.id - - # Even a blocked user will deliver the full user timeline, there would be - # no point in looking at a blocked users timeline otherwise - assert resp = - conn - |> get("/api/v1/accounts/#{user_two.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id}] = resp - assert id == activity.id - - # Third user's timeline includes the repeat when viewed by unauthenticated user - resp = - build_conn() - |> get("/api/v1/accounts/#{user_three.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id}] = resp - assert id == repeat.id - - # When viewing a third user's timeline, the blocked users' statuses will NOT be shown - resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses") - - assert [] == json_response_and_validate_schema(resp, 200) - end - - test "gets users statuses", %{conn: conn} do - user_one = insert(:user) - user_two = insert(:user) - user_three = insert(:user) - - {:ok, _user_three} = User.follow(user_three, user_one) - - {:ok, activity} = CommonAPI.post(user_one, %{status: "HI!!!"}) - - {:ok, direct_activity} = - CommonAPI.post(user_one, %{ - status: "Hi, @#{user_two.nickname}.", - visibility: "direct" - }) - - {:ok, private_activity} = - CommonAPI.post(user_one, %{status: "private", visibility: "private"}) - - # TODO!!! - resp = - conn - |> get("/api/v1/accounts/#{user_one.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id}] = resp - assert id == to_string(activity.id) - - resp = - conn - |> assign(:user, user_two) - |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"])) - |> get("/api/v1/accounts/#{user_one.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id_one}, %{"id" => id_two}] = resp - assert id_one == to_string(direct_activity.id) - assert id_two == to_string(activity.id) - - resp = - conn - |> assign(:user, user_three) - |> assign(:token, insert(:oauth_token, user: user_three, scopes: ["read:statuses"])) - |> get("/api/v1/accounts/#{user_one.id}/statuses") - |> json_response_and_validate_schema(200) - - assert [%{"id" => id_one}, %{"id" => id_two}] = resp - assert id_one == to_string(private_activity.id) - assert id_two == to_string(activity.id) - end - - test "unimplemented pinned statuses feature", %{conn: conn} do - note = insert(:note_activity) - user = User.get_cached_by_ap_id(note.data["actor"]) - - conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?pinned=true") - - assert json_response_and_validate_schema(conn, 200) == [] - end - - test "gets an users media, excludes reblogs", %{conn: conn} do - note = insert(:note_activity) - user = User.get_cached_by_ap_id(note.data["actor"]) - other_user = insert(:user) - - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id) - - {:ok, %{id: image_post_id}} = CommonAPI.post(user, %{status: "cofe", media_ids: [media_id]}) - - {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: other_user.ap_id) - - {:ok, %{id: other_image_post_id}} = - CommonAPI.post(other_user, %{status: "cofe2", media_ids: [media_id]}) - - {:ok, _announce} = CommonAPI.repeat(other_image_post_id, user) - - conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?only_media=true") - - assert [%{"id" => ^image_post_id}] = json_response_and_validate_schema(conn, 200) - - conn = get(build_conn(), "/api/v1/accounts/#{user.id}/statuses?only_media=1") - - assert [%{"id" => ^image_post_id}] = json_response_and_validate_schema(conn, 200) - end - - test "gets a user's statuses without reblogs", %{user: user, conn: conn} do - {:ok, %{id: post_id}} = CommonAPI.post(user, %{status: "HI!!!"}) - {:ok, _} = CommonAPI.repeat(post_id, user) - - conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=true") - assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200) - - conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=1") - assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200) - end - - test "filters user's statuses by a hashtag", %{user: user, conn: conn} do - {:ok, %{id: post_id}} = CommonAPI.post(user, %{status: "#hashtag"}) - {:ok, _post} = CommonAPI.post(user, %{status: "hashtag"}) - - conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?tagged=hashtag") - assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200) - end - - test "the user views their own timelines and excludes direct messages", %{ - user: user, - conn: conn - } do - {:ok, %{id: public_activity_id}} = - CommonAPI.post(user, %{status: ".", visibility: "public"}) - - {:ok, _direct_activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"}) - - conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_visibilities[]=direct") - assert [%{"id" => ^public_activity_id}] = json_response_and_validate_schema(conn, 200) - end - end - - defp local_and_remote_activities(%{local: local, remote: remote}) do - insert(:note_activity, user: local) - insert(:note_activity, user: remote, local: false) - - :ok - end - - describe "statuses with restrict unauthenticated profiles for local and remote" do - setup do: local_and_remote_users() - setup :local_and_remote_activities - - setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true) - - setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - assert %{"error" => "This API requires an authenticated user"} == - conn - |> get("/api/v1/accounts/#{local.id}/statuses") - |> json_response_and_validate_schema(:unauthorized) - - assert %{"error" => "This API requires an authenticated user"} == - conn - |> get("/api/v1/accounts/#{remote.id}/statuses") - |> json_response_and_validate_schema(:unauthorized) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - end - end - - describe "statuses with restrict unauthenticated profiles for local" do - setup do: local_and_remote_users() - setup :local_and_remote_activities - - setup do: clear_config([:restrict_unauthenticated, :profiles, :local], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - assert %{"error" => "This API requires an authenticated user"} == - conn - |> get("/api/v1/accounts/#{local.id}/statuses") - |> json_response_and_validate_schema(:unauthorized) - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - end - end - - describe "statuses with restrict unauthenticated profiles for remote" do - setup do: local_and_remote_users() - setup :local_and_remote_activities - - setup do: clear_config([:restrict_unauthenticated, :profiles, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - assert %{"error" => "This API requires an authenticated user"} == - conn - |> get("/api/v1/accounts/#{remote.id}/statuses") - |> json_response_and_validate_schema(:unauthorized) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/accounts/#{local.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/accounts/#{remote.id}/statuses") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - end - end - - describe "followers" do - setup do: oauth_access(["read:accounts"]) - - test "getting followers", %{user: user, conn: conn} do - other_user = insert(:user) - {:ok, %{id: user_id}} = User.follow(user, other_user) - - conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers") - - assert [%{"id" => ^user_id}] = json_response_and_validate_schema(conn, 200) - end - - test "getting followers, hide_followers", %{user: user, conn: conn} do - other_user = insert(:user, hide_followers: true) - {:ok, _user} = User.follow(user, other_user) - - conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers") - - assert [] == json_response_and_validate_schema(conn, 200) - end - - test "getting followers, hide_followers, same user requesting" do - user = insert(:user) - other_user = insert(:user, hide_followers: true) - {:ok, _user} = User.follow(user, other_user) - - conn = - build_conn() - |> assign(:user, other_user) - |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"])) - |> get("/api/v1/accounts/#{other_user.id}/followers") - - refute [] == json_response_and_validate_schema(conn, 200) - end - - test "getting followers, pagination", %{user: user, conn: conn} do - {:ok, %User{id: follower1_id}} = :user |> insert() |> User.follow(user) - {:ok, %User{id: follower2_id}} = :user |> insert() |> User.follow(user) - {:ok, %User{id: follower3_id}} = :user |> insert() |> User.follow(user) - - assert [%{"id" => ^follower3_id}, %{"id" => ^follower2_id}] = - conn - |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1_id}") - |> json_response_and_validate_schema(200) - - assert [%{"id" => ^follower2_id}, %{"id" => ^follower1_id}] = - conn - |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3_id}") - |> json_response_and_validate_schema(200) - - assert [%{"id" => ^follower2_id}, %{"id" => ^follower1_id}] = - conn - |> get( - "/api/v1/accounts/#{user.id}/followers?id=#{user.id}&limit=20&max_id=#{ - follower3_id - }" - ) - |> json_response_and_validate_schema(200) - - res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3_id}") - - assert [%{"id" => ^follower2_id}] = json_response_and_validate_schema(res_conn, 200) - - assert [link_header] = get_resp_header(res_conn, "link") - assert link_header =~ ~r/min_id=#{follower2_id}/ - assert link_header =~ ~r/max_id=#{follower2_id}/ - end - end - - describe "following" do - setup do: oauth_access(["read:accounts"]) - - test "getting following", %{user: user, conn: conn} do - other_user = insert(:user) - {:ok, user} = User.follow(user, other_user) - - conn = get(conn, "/api/v1/accounts/#{user.id}/following") - - assert [%{"id" => id}] = json_response_and_validate_schema(conn, 200) - assert id == to_string(other_user.id) - end - - test "getting following, hide_follows, other user requesting" do - user = insert(:user, hide_follows: true) - other_user = insert(:user) - {:ok, user} = User.follow(user, other_user) - - conn = - build_conn() - |> assign(:user, other_user) - |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"])) - |> get("/api/v1/accounts/#{user.id}/following") - - assert [] == json_response_and_validate_schema(conn, 200) - end - - test "getting following, hide_follows, same user requesting" do - user = insert(:user, hide_follows: true) - other_user = insert(:user) - {:ok, user} = User.follow(user, other_user) - - conn = - build_conn() - |> assign(:user, user) - |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:accounts"])) - |> get("/api/v1/accounts/#{user.id}/following") - - refute [] == json_response_and_validate_schema(conn, 200) - end - - test "getting following, pagination", %{user: user, conn: conn} do - following1 = insert(:user) - following2 = insert(:user) - following3 = insert(:user) - {:ok, _} = User.follow(user, following1) - {:ok, _} = User.follow(user, following2) - {:ok, _} = User.follow(user, following3) - - res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}") - - assert [%{"id" => id3}, %{"id" => id2}] = json_response_and_validate_schema(res_conn, 200) - assert id3 == following3.id - assert id2 == following2.id - - res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}") - - assert [%{"id" => id2}, %{"id" => id1}] = json_response_and_validate_schema(res_conn, 200) - assert id2 == following2.id - assert id1 == following1.id - - res_conn = - get( - conn, - "/api/v1/accounts/#{user.id}/following?id=#{user.id}&limit=20&max_id=#{following3.id}" - ) - - assert [%{"id" => id2}, %{"id" => id1}] = json_response_and_validate_schema(res_conn, 200) - assert id2 == following2.id - assert id1 == following1.id - - res_conn = - get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}") - - assert [%{"id" => id2}] = json_response_and_validate_schema(res_conn, 200) - assert id2 == following2.id - - assert [link_header] = get_resp_header(res_conn, "link") - assert link_header =~ ~r/min_id=#{following2.id}/ - assert link_header =~ ~r/max_id=#{following2.id}/ - end - end - - describe "follow/unfollow" do - setup do: oauth_access(["follow"]) - - test "following / unfollowing a user", %{conn: conn} do - %{id: other_user_id, nickname: other_user_nickname} = insert(:user) - - assert %{"id" => _id, "following" => true} = - conn - |> post("/api/v1/accounts/#{other_user_id}/follow") - |> json_response_and_validate_schema(200) - - assert %{"id" => _id, "following" => false} = - conn - |> post("/api/v1/accounts/#{other_user_id}/unfollow") - |> json_response_and_validate_schema(200) - - assert %{"id" => ^other_user_id} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/follows", %{"uri" => other_user_nickname}) - |> json_response_and_validate_schema(200) - end - - test "cancelling follow request", %{conn: conn} do - %{id: other_user_id} = insert(:user, %{locked: true}) - - assert %{"id" => ^other_user_id, "following" => false, "requested" => true} = - conn - |> post("/api/v1/accounts/#{other_user_id}/follow") - |> json_response_and_validate_schema(:ok) - - assert %{"id" => ^other_user_id, "following" => false, "requested" => false} = - conn - |> post("/api/v1/accounts/#{other_user_id}/unfollow") - |> json_response_and_validate_schema(:ok) - end - - test "following without reblogs" do - %{conn: conn} = oauth_access(["follow", "read:statuses"]) - followed = insert(:user) - other_user = insert(:user) - - ret_conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/accounts/#{followed.id}/follow", %{reblogs: false}) - - assert %{"showing_reblogs" => false} = json_response_and_validate_schema(ret_conn, 200) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"}) - {:ok, %{id: reblog_id}} = CommonAPI.repeat(activity.id, followed) - - assert [] == - conn - |> get("/api/v1/timelines/home") - |> json_response(200) - - assert %{"showing_reblogs" => true} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/accounts/#{followed.id}/follow", %{reblogs: true}) - |> json_response_and_validate_schema(200) - - assert [%{"id" => ^reblog_id}] = - conn - |> get("/api/v1/timelines/home") - |> json_response(200) - end - - test "following with reblogs" do - %{conn: conn} = oauth_access(["follow", "read:statuses"]) - followed = insert(:user) - other_user = insert(:user) - - ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow") - - assert %{"showing_reblogs" => true} = json_response_and_validate_schema(ret_conn, 200) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"}) - {:ok, %{id: reblog_id}} = CommonAPI.repeat(activity.id, followed) - - assert [%{"id" => ^reblog_id}] = - conn - |> get("/api/v1/timelines/home") - |> json_response(200) - - assert %{"showing_reblogs" => false} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/accounts/#{followed.id}/follow", %{reblogs: false}) - |> json_response_and_validate_schema(200) - - assert [] == - conn - |> get("/api/v1/timelines/home") - |> json_response(200) - end - - test "following / unfollowing errors", %{user: user, conn: conn} do - # self follow - conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow") - - assert %{"error" => "Can not follow yourself"} = - json_response_and_validate_schema(conn_res, 400) - - # self unfollow - user = User.get_cached_by_id(user.id) - conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow") - - assert %{"error" => "Can not unfollow yourself"} = - json_response_and_validate_schema(conn_res, 400) - - # self follow via uri - user = User.get_cached_by_id(user.id) - - assert %{"error" => "Can not follow yourself"} = - conn - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v1/follows", %{"uri" => user.nickname}) - |> json_response_and_validate_schema(400) - - # follow non existing user - conn_res = post(conn, "/api/v1/accounts/doesntexist/follow") - assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn_res, 404) - - # follow non existing user via uri - conn_res = - conn - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v1/follows", %{"uri" => "doesntexist"}) - - assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn_res, 404) - - # unfollow non existing user - conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow") - assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn_res, 404) - end - end - - describe "mute/unmute" do - setup do: oauth_access(["write:mutes"]) - - test "with notifications", %{conn: conn} do - other_user = insert(:user) - - assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = - conn - |> post("/api/v1/accounts/#{other_user.id}/mute") - |> json_response_and_validate_schema(200) - - conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute") - - assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = - json_response_and_validate_schema(conn, 200) - end - - test "without notifications", %{conn: conn} do - other_user = insert(:user) - - ret_conn = - conn - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"}) - - assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = - json_response_and_validate_schema(ret_conn, 200) - - conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute") - - assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = - json_response_and_validate_schema(conn, 200) - end - end - - describe "pinned statuses" do - setup do - user = insert(:user) - {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"}) - %{conn: conn} = oauth_access(["read:statuses"], user: user) - - [conn: conn, user: user, activity: activity] - end - - test "returns pinned statuses", %{conn: conn, user: user, activity: %{id: activity_id}} do - {:ok, _} = CommonAPI.pin(activity_id, user) - - assert [%{"id" => ^activity_id, "pinned" => true}] = - conn - |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true") - |> json_response_and_validate_schema(200) - end - end - - test "blocking / unblocking a user" do - %{conn: conn} = oauth_access(["follow"]) - other_user = insert(:user) - - ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/block") - - assert %{"id" => _id, "blocking" => true} = json_response_and_validate_schema(ret_conn, 200) - - conn = post(conn, "/api/v1/accounts/#{other_user.id}/unblock") - - assert %{"id" => _id, "blocking" => false} = json_response_and_validate_schema(conn, 200) - end - - describe "create account by app" do - setup do - valid_params = %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - agreement: true - } - - [valid_params: valid_params] - end - - test "registers and logs in without :account_activation_required / :account_approval_required", - %{conn: conn} do - clear_config([:instance, :account_activation_required], false) - clear_config([:instance, :account_approval_required], false) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/apps", %{ - client_name: "client_name", - redirect_uris: "urn:ietf:wg:oauth:2.0:oob", - scopes: "read, write, follow" - }) - - assert %{ - "client_id" => client_id, - "client_secret" => client_secret, - "id" => _, - "name" => "client_name", - "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", - "vapid_key" => _, - "website" => nil - } = json_response_and_validate_schema(conn, 200) - - conn = - post(conn, "/oauth/token", %{ - grant_type: "client_credentials", - client_id: client_id, - client_secret: client_secret - }) - - assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = - json_response(conn, 200) - - assert token - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - assert refresh - assert scope == "read write follow" - - clear_config([User, :email_blacklist], ["example.org"]) - - params = %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - bio: "Test Bio", - agreement: true - } - - conn = - build_conn() - |> put_req_header("content-type", "multipart/form-data") - |> put_req_header("authorization", "Bearer " <> token) - |> post("/api/v1/accounts", params) - - assert %{"error" => "{\"email\":[\"Invalid email\"]}"} = - json_response_and_validate_schema(conn, 400) - - Pleroma.Config.put([User, :email_blacklist], []) - - conn = - build_conn() - |> put_req_header("content-type", "multipart/form-data") - |> put_req_header("authorization", "Bearer " <> token) - |> post("/api/v1/accounts", params) - - %{ - "access_token" => token, - "created_at" => _created_at, - "scope" => ^scope, - "token_type" => "Bearer" - } = json_response_and_validate_schema(conn, 200) - - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - user = Repo.preload(token_from_db, :user).user - - assert user - refute user.confirmation_pending - refute user.approval_pending - end - - test "registers but does not log in with :account_activation_required", %{conn: conn} do - clear_config([:instance, :account_activation_required], true) - clear_config([:instance, :account_approval_required], false) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/apps", %{ - client_name: "client_name", - redirect_uris: "urn:ietf:wg:oauth:2.0:oob", - scopes: "read, write, follow" - }) - - assert %{ - "client_id" => client_id, - "client_secret" => client_secret, - "id" => _, - "name" => "client_name", - "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", - "vapid_key" => _, - "website" => nil - } = json_response_and_validate_schema(conn, 200) - - conn = - post(conn, "/oauth/token", %{ - grant_type: "client_credentials", - client_id: client_id, - client_secret: client_secret - }) - - assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = - json_response(conn, 200) - - assert token - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - assert refresh - assert scope == "read write follow" - - conn = - build_conn() - |> put_req_header("content-type", "multipart/form-data") - |> put_req_header("authorization", "Bearer " <> token) - |> post("/api/v1/accounts", %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - bio: "Test Bio", - agreement: true - }) - - response = json_response_and_validate_schema(conn, 200) - assert %{"identifier" => "missing_confirmed_email"} = response - refute response["access_token"] - refute response["token_type"] - - user = Repo.get_by(User, email: "lain@example.org") - assert user.confirmation_pending - end - - test "registers but does not log in with :account_approval_required", %{conn: conn} do - clear_config([:instance, :account_approval_required], true) - clear_config([:instance, :account_activation_required], false) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/apps", %{ - client_name: "client_name", - redirect_uris: "urn:ietf:wg:oauth:2.0:oob", - scopes: "read, write, follow" - }) - - assert %{ - "client_id" => client_id, - "client_secret" => client_secret, - "id" => _, - "name" => "client_name", - "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", - "vapid_key" => _, - "website" => nil - } = json_response_and_validate_schema(conn, 200) - - conn = - post(conn, "/oauth/token", %{ - grant_type: "client_credentials", - client_id: client_id, - client_secret: client_secret - }) - - assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = - json_response(conn, 200) - - assert token - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - assert refresh - assert scope == "read write follow" - - conn = - build_conn() - |> put_req_header("content-type", "multipart/form-data") - |> put_req_header("authorization", "Bearer " <> token) - |> post("/api/v1/accounts", %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - bio: "Test Bio", - agreement: true, - reason: "I'm a cool dude, bro" - }) - - response = json_response_and_validate_schema(conn, 200) - assert %{"identifier" => "awaiting_approval"} = response - refute response["access_token"] - refute response["token_type"] - - user = Repo.get_by(User, email: "lain@example.org") - - assert user.approval_pending - assert user.registration_reason == "I'm a cool dude, bro" - end - - test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do - _user = insert(:user, email: "lain@example.org") - app_token = insert(:oauth_token, user: nil) - - res = - conn - |> put_req_header("authorization", "Bearer " <> app_token.token) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/accounts", valid_params) - - assert json_response_and_validate_schema(res, 400) == %{ - "error" => "{\"email\":[\"has already been taken\"]}" - } - end - - test "returns bad_request if missing required params", %{ - conn: conn, - valid_params: valid_params - } do - app_token = insert(:oauth_token, user: nil) - - conn = - conn - |> put_req_header("authorization", "Bearer " <> app_token.token) - |> put_req_header("content-type", "application/json") - - res = post(conn, "/api/v1/accounts", valid_params) - assert json_response_and_validate_schema(res, 200) - - [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}] - |> Stream.zip(Map.delete(valid_params, :email)) - |> Enum.each(fn {ip, {attr, _}} -> - res = - conn - |> Map.put(:remote_ip, ip) - |> post("/api/v1/accounts", Map.delete(valid_params, attr)) - |> json_response_and_validate_schema(400) - - assert res == %{ - "error" => "Missing field: #{attr}.", - "errors" => [ - %{ - "message" => "Missing field: #{attr}", - "source" => %{"pointer" => "/#{attr}"}, - "title" => "Invalid value" - } - ] - } - end) - end - - test "returns bad_request if missing email params when :account_activation_required is enabled", - %{conn: conn, valid_params: valid_params} do - clear_config([:instance, :account_activation_required], true) - - app_token = insert(:oauth_token, user: nil) - - conn = - conn - |> put_req_header("authorization", "Bearer " <> app_token.token) - |> put_req_header("content-type", "application/json") - - res = - conn - |> Map.put(:remote_ip, {127, 0, 0, 5}) - |> post("/api/v1/accounts", Map.delete(valid_params, :email)) - - assert json_response_and_validate_schema(res, 400) == - %{"error" => "Missing parameter: email"} - - res = - conn - |> Map.put(:remote_ip, {127, 0, 0, 6}) - |> post("/api/v1/accounts", Map.put(valid_params, :email, "")) - - assert json_response_and_validate_schema(res, 400) == %{ - "error" => "{\"email\":[\"can't be blank\"]}" - } - end - - test "allow registration without an email", %{conn: conn, valid_params: valid_params} do - app_token = insert(:oauth_token, user: nil) - conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token) - - res = - conn - |> put_req_header("content-type", "application/json") - |> Map.put(:remote_ip, {127, 0, 0, 7}) - |> post("/api/v1/accounts", Map.delete(valid_params, :email)) - - assert json_response_and_validate_schema(res, 200) - end - - test "allow registration with an empty email", %{conn: conn, valid_params: valid_params} do - app_token = insert(:oauth_token, user: nil) - conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token) - - res = - conn - |> put_req_header("content-type", "application/json") - |> Map.put(:remote_ip, {127, 0, 0, 8}) - |> post("/api/v1/accounts", Map.put(valid_params, :email, "")) - - assert json_response_and_validate_schema(res, 200) - end - - test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do - res = - conn - |> put_req_header("authorization", "Bearer " <> "invalid-token") - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v1/accounts", valid_params) - - assert json_response_and_validate_schema(res, 403) == %{"error" => "Invalid credentials"} - end - - test "registration from trusted app" do - clear_config([Pleroma.Captcha, :enabled], true) - app = insert(:oauth_app, trusted: true, scopes: ["read", "write", "follow", "push"]) - - conn = - build_conn() - |> post("/oauth/token", %{ - "grant_type" => "client_credentials", - "client_id" => app.client_id, - "client_secret" => app.client_secret - }) - - assert %{"access_token" => token, "token_type" => "Bearer"} = json_response(conn, 200) - - response = - build_conn() - |> Plug.Conn.put_req_header("authorization", "Bearer " <> token) - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v1/accounts", %{ - nickname: "nickanme", - agreement: true, - email: "email@example.com", - fullname: "Lain", - username: "Lain", - password: "some_password", - confirm: "some_password" - }) - |> json_response_and_validate_schema(200) - - assert %{ - "access_token" => access_token, - "created_at" => _, - "scope" => "read write follow push", - "token_type" => "Bearer" - } = response - - response = - build_conn() - |> Plug.Conn.put_req_header("authorization", "Bearer " <> access_token) - |> get("/api/v1/accounts/verify_credentials") - |> json_response_and_validate_schema(200) - - assert %{ - "acct" => "Lain", - "bot" => false, - "display_name" => "Lain", - "follow_requests_count" => 0, - "followers_count" => 0, - "following_count" => 0, - "locked" => false, - "note" => "", - "source" => %{ - "fields" => [], - "note" => "", - "pleroma" => %{ - "actor_type" => "Person", - "discoverable" => false, - "no_rich_text" => false, - "show_role" => true - }, - "privacy" => "public", - "sensitive" => false - }, - "statuses_count" => 0, - "username" => "Lain" - } = response - end - end - - describe "create account by app / rate limit" do - setup do: clear_config([:rate_limit, :app_account_creation], {10_000, 2}) - - test "respects rate limit setting", %{conn: conn} do - app_token = insert(:oauth_token, user: nil) - - conn = - conn - |> put_req_header("authorization", "Bearer " <> app_token.token) - |> Map.put(:remote_ip, {15, 15, 15, 15}) - |> put_req_header("content-type", "multipart/form-data") - - for i <- 1..2 do - conn = - conn - |> post("/api/v1/accounts", %{ - username: "#{i}lain", - email: "#{i}lain@example.org", - password: "PlzDontHackLain", - agreement: true - }) - - %{ - "access_token" => token, - "created_at" => _created_at, - "scope" => _scope, - "token_type" => "Bearer" - } = json_response_and_validate_schema(conn, 200) - - token_from_db = Repo.get_by(Token, token: token) - assert token_from_db - token_from_db = Repo.preload(token_from_db, :user) - assert token_from_db.user - end - - conn = - post(conn, "/api/v1/accounts", %{ - username: "6lain", - email: "6lain@example.org", - password: "PlzDontHackLain", - agreement: true - }) - - assert json_response_and_validate_schema(conn, :too_many_requests) == %{ - "error" => "Throttled" - } - end - end - - describe "create account with enabled captcha" do - setup %{conn: conn} do - app_token = insert(:oauth_token, user: nil) - - conn = - conn - |> put_req_header("authorization", "Bearer " <> app_token.token) - |> put_req_header("content-type", "multipart/form-data") - - [conn: conn] - end - - setup do: clear_config([Pleroma.Captcha, :enabled], true) - - test "creates an account and returns 200 if captcha is valid", %{conn: conn} do - %{token: token, answer_data: answer_data} = Pleroma.Captcha.new() - - params = %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - agreement: true, - captcha_solution: Pleroma.Captcha.Mock.solution(), - captcha_token: token, - captcha_answer_data: answer_data - } - - assert %{ - "access_token" => access_token, - "created_at" => _, - "scope" => "read", - "token_type" => "Bearer" - } = - conn - |> post("/api/v1/accounts", params) - |> json_response_and_validate_schema(:ok) - - assert Token |> Repo.get_by(token: access_token) |> Repo.preload(:user) |> Map.get(:user) - - Cachex.del(:used_captcha_cache, token) - end - - test "returns 400 if any captcha field is not provided", %{conn: conn} do - captcha_fields = [:captcha_solution, :captcha_token, :captcha_answer_data] - - valid_params = %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - agreement: true, - captcha_solution: "xx", - captcha_token: "xx", - captcha_answer_data: "xx" - } - - for field <- captcha_fields do - expected = %{ - "error" => "{\"captcha\":[\"Invalid CAPTCHA (Missing parameter: #{field})\"]}" - } - - assert expected == - conn - |> post("/api/v1/accounts", Map.delete(valid_params, field)) - |> json_response_and_validate_schema(:bad_request) - end - end - - test "returns an error if captcha is invalid", %{conn: conn} do - params = %{ - username: "lain", - email: "lain@example.org", - password: "PlzDontHackLain", - agreement: true, - captcha_solution: "cofe", - captcha_token: "cofe", - captcha_answer_data: "cofe" - } - - assert %{"error" => "{\"captcha\":[\"Invalid answer data\"]}"} == - conn - |> post("/api/v1/accounts", params) - |> json_response_and_validate_schema(:bad_request) - end - end - - describe "GET /api/v1/accounts/:id/lists - account_lists" do - test "returns lists to which the account belongs" do - %{user: user, conn: conn} = oauth_access(["read:lists"]) - other_user = insert(:user) - assert {:ok, %Pleroma.List{id: list_id} = list} = Pleroma.List.create("Test List", user) - {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user) - - assert [%{"id" => list_id, "title" => "Test List"}] = - conn - |> get("/api/v1/accounts/#{other_user.id}/lists") - |> json_response_and_validate_schema(200) - end - end - - describe "verify_credentials" do - test "verify_credentials" do - %{user: user, conn: conn} = oauth_access(["read:accounts"]) - [notification | _] = insert_list(7, :notification, user: user) - Pleroma.Notification.set_read_up_to(user, notification.id) - conn = get(conn, "/api/v1/accounts/verify_credentials") - - response = json_response_and_validate_schema(conn, 200) - - assert %{"id" => id, "source" => %{"privacy" => "public"}} = response - assert response["pleroma"]["chat_token"] - assert response["pleroma"]["unread_notifications_count"] == 6 - assert id == to_string(user.id) - end - - test "verify_credentials default scope unlisted" do - user = insert(:user, default_scope: "unlisted") - %{conn: conn} = oauth_access(["read:accounts"], user: user) - - conn = get(conn, "/api/v1/accounts/verify_credentials") - - assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = - json_response_and_validate_schema(conn, 200) - - assert id == to_string(user.id) - end - - test "locked accounts" do - user = insert(:user, default_scope: "private") - %{conn: conn} = oauth_access(["read:accounts"], user: user) - - conn = get(conn, "/api/v1/accounts/verify_credentials") - - assert %{"id" => id, "source" => %{"privacy" => "private"}} = - json_response_and_validate_schema(conn, 200) - - assert id == to_string(user.id) - end - end - - describe "user relationships" do - setup do: oauth_access(["read:follows"]) - - test "returns the relationships for the current user", %{user: user, conn: conn} do - %{id: other_user_id} = other_user = insert(:user) - {:ok, _user} = User.follow(user, other_user) - - assert [%{"id" => ^other_user_id}] = - conn - |> get("/api/v1/accounts/relationships?id=#{other_user.id}") - |> json_response_and_validate_schema(200) - - assert [%{"id" => ^other_user_id}] = - conn - |> get("/api/v1/accounts/relationships?id[]=#{other_user.id}") - |> json_response_and_validate_schema(200) - end - - test "returns an empty list on a bad request", %{conn: conn} do - conn = get(conn, "/api/v1/accounts/relationships", %{}) - - assert [] = json_response_and_validate_schema(conn, 200) - end - end - - test "getting a list of mutes" do - %{user: user, conn: conn} = oauth_access(["read:mutes"]) - other_user = insert(:user) - - {:ok, _user_relationships} = User.mute(user, other_user) - - conn = get(conn, "/api/v1/mutes") - - other_user_id = to_string(other_user.id) - assert [%{"id" => ^other_user_id}] = json_response_and_validate_schema(conn, 200) - end - - test "getting a list of blocks" do - %{user: user, conn: conn} = oauth_access(["read:blocks"]) - other_user = insert(:user) - - {:ok, _user_relationship} = User.block(user, other_user) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/blocks") - - other_user_id = to_string(other_user.id) - assert [%{"id" => ^other_user_id}] = json_response_and_validate_schema(conn, 200) - end -end diff --git a/test/web/mastodon_api/controllers/app_controller_test.exs b/test/web/mastodon_api/controllers/app_controller_test.exs deleted file mode 100644 index a0b8b126c..000000000 --- a/test/web/mastodon_api/controllers/app_controller_test.exs +++ /dev/null @@ -1,60 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.AppControllerTest do - use Pleroma.Web.ConnCase, async: true - - alias Pleroma.Repo - alias Pleroma.Web.OAuth.App - alias Pleroma.Web.Push - - import Pleroma.Factory - - test "apps/verify_credentials", %{conn: conn} do - token = insert(:oauth_token) - - conn = - conn - |> put_req_header("authorization", "Bearer #{token.token}") - |> get("/api/v1/apps/verify_credentials") - - app = Repo.preload(token, :app).app - - expected = %{ - "name" => app.client_name, - "website" => app.website, - "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) - } - - assert expected == json_response_and_validate_schema(conn, 200) - end - - test "creates an oauth app", %{conn: conn} do - user = insert(:user) - app_attrs = build(:oauth_app) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> assign(:user, user) - |> post("/api/v1/apps", %{ - client_name: app_attrs.client_name, - redirect_uris: app_attrs.redirect_uris - }) - - [app] = Repo.all(App) - - expected = %{ - "name" => app.client_name, - "website" => app.website, - "client_id" => app.client_id, - "client_secret" => app.client_secret, - "id" => app.id |> to_string(), - "redirect_uri" => app.redirect_uris, - "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) - } - - assert expected == json_response_and_validate_schema(conn, 200) - end -end diff --git a/test/web/mastodon_api/controllers/auth_controller_test.exs b/test/web/mastodon_api/controllers/auth_controller_test.exs deleted file mode 100644 index 4fa95fce1..000000000 --- a/test/web/mastodon_api/controllers/auth_controller_test.exs +++ /dev/null @@ -1,162 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Config - alias Pleroma.Repo - alias Pleroma.Tests.ObanHelpers - - import Pleroma.Factory - import Swoosh.TestAssertions - - describe "GET /web/login" do - setup %{conn: conn} do - session_opts = [ - store: :cookie, - key: "_test", - signing_salt: "cooldude" - ] - - conn = - conn - |> Plug.Session.call(Plug.Session.init(session_opts)) - |> fetch_session() - - test_path = "/web/statuses/test" - %{conn: conn, path: test_path} - end - - test "redirects to the saved path after log in", %{conn: conn, path: path} do - app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") - auth = insert(:oauth_authorization, app: app) - - conn = - conn - |> put_session(:return_to, path) - |> get("/web/login", %{code: auth.token}) - - assert conn.status == 302 - assert redirected_to(conn) == path - end - - test "redirects to the getting-started page when referer is not present", %{conn: conn} do - app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") - auth = insert(:oauth_authorization, app: app) - - conn = get(conn, "/web/login", %{code: auth.token}) - - assert conn.status == 302 - assert redirected_to(conn) == "/web/getting-started" - end - end - - describe "POST /auth/password, with valid parameters" do - setup %{conn: conn} do - user = insert(:user) - conn = post(conn, "/auth/password?email=#{user.email}") - %{conn: conn, user: user} - end - - test "it returns 204", %{conn: conn} do - assert json_response(conn, :no_content) - end - - test "it creates a PasswordResetToken record for user", %{user: user} do - token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) - assert token_record - end - - test "it sends an email to user", %{user: user} do - ObanHelpers.perform_all() - token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) - - email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token) - notify_email = Config.get([:instance, :notify_email]) - instance_name = Config.get([:instance, :name]) - - assert_email_sent( - from: {instance_name, notify_email}, - to: {user.name, user.email}, - html_body: email.html_body - ) - end - end - - describe "POST /auth/password, with nickname" do - test "it returns 204", %{conn: conn} do - user = insert(:user) - - assert conn - |> post("/auth/password?nickname=#{user.nickname}") - |> json_response(:no_content) - - ObanHelpers.perform_all() - token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id) - - email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token) - notify_email = Config.get([:instance, :notify_email]) - instance_name = Config.get([:instance, :name]) - - assert_email_sent( - from: {instance_name, notify_email}, - to: {user.name, user.email}, - html_body: email.html_body - ) - end - - test "it doesn't fail when a user has no email", %{conn: conn} do - user = insert(:user, %{email: nil}) - - assert conn - |> post("/auth/password?nickname=#{user.nickname}") - |> json_response(:no_content) - end - end - - describe "POST /auth/password, with invalid parameters" do - setup do - user = insert(:user) - {:ok, user: user} - end - - test "it returns 204 when user is not found", %{conn: conn, user: user} do - conn = post(conn, "/auth/password?email=nonexisting_#{user.email}") - - assert conn - |> json_response(:no_content) - end - - test "it returns 204 when user is not local", %{conn: conn, user: user} do - {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false)) - conn = post(conn, "/auth/password?email=#{user.email}") - - assert conn - |> json_response(:no_content) - end - - test "it returns 204 when user is deactivated", %{conn: conn, user: user} do - {:ok, user} = Repo.update(Ecto.Changeset.change(user, deactivated: true, local: true)) - conn = post(conn, "/auth/password?email=#{user.email}") - - assert conn - |> json_response(:no_content) - end - end - - describe "DELETE /auth/sign_out" do - test "redirect to root page", %{conn: conn} do - user = insert(:user) - - conn = - conn - |> assign(:user, user) - |> delete("/auth/sign_out") - - assert conn.status == 302 - assert redirected_to(conn) == "/" - end - end -end diff --git a/test/web/mastodon_api/controllers/conversation_controller_test.exs b/test/web/mastodon_api/controllers/conversation_controller_test.exs deleted file mode 100644 index 3e21e6bf1..000000000 --- a/test/web/mastodon_api/controllers/conversation_controller_test.exs +++ /dev/null @@ -1,209 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.User - alias Pleroma.Web.CommonAPI - - import Pleroma.Factory - - setup do: oauth_access(["read:statuses"]) - - describe "returns a list of conversations" do - setup(%{user: user_one, conn: conn}) do - user_two = insert(:user) - user_three = insert(:user) - - {:ok, user_two} = User.follow(user_two, user_one) - - {:ok, %{user: user_one, user_two: user_two, user_three: user_three, conn: conn}} - end - - test "returns correct conversations", %{ - user: user_one, - user_two: user_two, - user_three: user_three, - conn: conn - } do - assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0 - {:ok, direct} = create_direct_message(user_one, [user_two, user_three]) - - assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1 - - {:ok, _follower_only} = - CommonAPI.post(user_one, %{ - status: "Hi @#{user_two.nickname}!", - visibility: "private" - }) - - res_conn = get(conn, "/api/v1/conversations") - - assert response = json_response_and_validate_schema(res_conn, 200) - - assert [ - %{ - "id" => res_id, - "accounts" => res_accounts, - "last_status" => res_last_status, - "unread" => unread - } - ] = response - - account_ids = Enum.map(res_accounts, & &1["id"]) - assert length(res_accounts) == 2 - assert user_two.id in account_ids - assert user_three.id in account_ids - assert is_binary(res_id) - assert unread == false - assert res_last_status["id"] == direct.id - assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0 - end - - test "observes limit params", %{ - user: user_one, - user_two: user_two, - user_three: user_three, - conn: conn - } do - {:ok, _} = create_direct_message(user_one, [user_two, user_three]) - {:ok, _} = create_direct_message(user_two, [user_one, user_three]) - {:ok, _} = create_direct_message(user_three, [user_two, user_one]) - - res_conn = get(conn, "/api/v1/conversations?limit=1") - - assert response = json_response_and_validate_schema(res_conn, 200) - - assert Enum.count(response) == 1 - - res_conn = get(conn, "/api/v1/conversations?limit=2") - - assert response = json_response_and_validate_schema(res_conn, 200) - - assert Enum.count(response) == 2 - end - end - - test "filters conversations by recipients", %{user: user_one, conn: conn} do - user_two = insert(:user) - user_three = insert(:user) - {:ok, direct1} = create_direct_message(user_one, [user_two]) - {:ok, _direct2} = create_direct_message(user_one, [user_three]) - {:ok, direct3} = create_direct_message(user_one, [user_two, user_three]) - {:ok, _direct4} = create_direct_message(user_two, [user_three]) - {:ok, direct5} = create_direct_message(user_two, [user_one]) - - assert [conversation1, conversation2] = - conn - |> get("/api/v1/conversations?recipients[]=#{user_two.id}") - |> json_response_and_validate_schema(200) - - assert conversation1["last_status"]["id"] == direct5.id - assert conversation2["last_status"]["id"] == direct1.id - - [conversation1] = - conn - |> get("/api/v1/conversations?recipients[]=#{user_two.id}&recipients[]=#{user_three.id}") - |> json_response_and_validate_schema(200) - - assert conversation1["last_status"]["id"] == direct3.id - end - - test "updates the last_status on reply", %{user: user_one, conn: conn} do - user_two = insert(:user) - {:ok, direct} = create_direct_message(user_one, [user_two]) - - {:ok, direct_reply} = - CommonAPI.post(user_two, %{ - status: "reply", - visibility: "direct", - in_reply_to_status_id: direct.id - }) - - [%{"last_status" => res_last_status}] = - conn - |> get("/api/v1/conversations") - |> json_response_and_validate_schema(200) - - assert res_last_status["id"] == direct_reply.id - end - - test "the user marks a conversation as read", %{user: user_one, conn: conn} do - user_two = insert(:user) - {:ok, direct} = create_direct_message(user_one, [user_two]) - - assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0 - assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1 - - user_two_conn = - build_conn() - |> assign(:user, user_two) - |> assign( - :token, - insert(:oauth_token, user: user_two, scopes: ["read:statuses", "write:conversations"]) - ) - - [%{"id" => direct_conversation_id, "unread" => true}] = - user_two_conn - |> get("/api/v1/conversations") - |> json_response_and_validate_schema(200) - - %{"unread" => false} = - user_two_conn - |> post("/api/v1/conversations/#{direct_conversation_id}/read") - |> json_response_and_validate_schema(200) - - assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0 - assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0 - - # The conversation is marked as unread on reply - {:ok, _} = - CommonAPI.post(user_two, %{ - status: "reply", - visibility: "direct", - in_reply_to_status_id: direct.id - }) - - [%{"unread" => true}] = - conn - |> get("/api/v1/conversations") - |> json_response_and_validate_schema(200) - - assert User.get_cached_by_id(user_one.id).unread_conversation_count == 1 - assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0 - - # A reply doesn't increment the user's unread_conversation_count if the conversation is unread - {:ok, _} = - CommonAPI.post(user_two, %{ - status: "reply", - visibility: "direct", - in_reply_to_status_id: direct.id - }) - - assert User.get_cached_by_id(user_one.id).unread_conversation_count == 1 - assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0 - end - - test "(vanilla) Mastodon frontend behaviour", %{user: user_one, conn: conn} do - user_two = insert(:user) - {:ok, direct} = create_direct_message(user_one, [user_two]) - - res_conn = get(conn, "/api/v1/statuses/#{direct.id}/context") - - assert %{"ancestors" => [], "descendants" => []} == json_response(res_conn, 200) - end - - defp create_direct_message(sender, recips) do - hellos = - recips - |> Enum.map(fn s -> "@#{s.nickname}" end) - |> Enum.join(", ") - - CommonAPI.post(sender, %{ - status: "Hi #{hellos}!", - visibility: "direct" - }) - end -end diff --git a/test/web/mastodon_api/controllers/custom_emoji_controller_test.exs b/test/web/mastodon_api/controllers/custom_emoji_controller_test.exs deleted file mode 100644 index ab0027f90..000000000 --- a/test/web/mastodon_api/controllers/custom_emoji_controller_test.exs +++ /dev/null @@ -1,23 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.CustomEmojiControllerTest do - use Pleroma.Web.ConnCase, async: true - - test "with tags", %{conn: conn} do - assert resp = - conn - |> get("/api/v1/custom_emojis") - |> json_response_and_validate_schema(200) - - assert [emoji | _body] = resp - assert Map.has_key?(emoji, "shortcode") - assert Map.has_key?(emoji, "static_url") - assert Map.has_key?(emoji, "tags") - assert is_list(emoji["tags"]) - assert Map.has_key?(emoji, "category") - assert Map.has_key?(emoji, "url") - assert Map.has_key?(emoji, "visible_in_picker") - end -end diff --git a/test/web/mastodon_api/controllers/domain_block_controller_test.exs b/test/web/mastodon_api/controllers/domain_block_controller_test.exs deleted file mode 100644 index 664654500..000000000 --- a/test/web/mastodon_api/controllers/domain_block_controller_test.exs +++ /dev/null @@ -1,79 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.User - - import Pleroma.Factory - - test "blocking / unblocking a domain" do - %{user: user, conn: conn} = oauth_access(["write:blocks"]) - other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"}) - - ret_conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"}) - - assert %{} == json_response_and_validate_schema(ret_conn, 200) - user = User.get_cached_by_ap_id(user.ap_id) - assert User.blocks?(user, other_user) - - ret_conn = - conn - |> put_req_header("content-type", "application/json") - |> delete("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"}) - - assert %{} == json_response_and_validate_schema(ret_conn, 200) - user = User.get_cached_by_ap_id(user.ap_id) - refute User.blocks?(user, other_user) - end - - test "blocking a domain via query params" do - %{user: user, conn: conn} = oauth_access(["write:blocks"]) - other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"}) - - ret_conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/domain_blocks?domain=dogwhistle.zone") - - assert %{} == json_response_and_validate_schema(ret_conn, 200) - user = User.get_cached_by_ap_id(user.ap_id) - assert User.blocks?(user, other_user) - end - - test "unblocking a domain via query params" do - %{user: user, conn: conn} = oauth_access(["write:blocks"]) - other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"}) - - User.block_domain(user, "dogwhistle.zone") - user = refresh_record(user) - assert User.blocks?(user, other_user) - - ret_conn = - conn - |> put_req_header("content-type", "application/json") - |> delete("/api/v1/domain_blocks?domain=dogwhistle.zone") - - assert %{} == json_response_and_validate_schema(ret_conn, 200) - user = User.get_cached_by_ap_id(user.ap_id) - refute User.blocks?(user, other_user) - end - - test "getting a list of domain blocks" do - %{user: user, conn: conn} = oauth_access(["read:blocks"]) - - {:ok, user} = User.block_domain(user, "bad.site") - {:ok, user} = User.block_domain(user, "even.worse.site") - - assert ["even.worse.site", "bad.site"] == - conn - |> assign(:user, user) - |> get("/api/v1/domain_blocks") - |> json_response_and_validate_schema(200) - end -end diff --git a/test/web/mastodon_api/controllers/filter_controller_test.exs b/test/web/mastodon_api/controllers/filter_controller_test.exs deleted file mode 100644 index 0d426ec34..000000000 --- a/test/web/mastodon_api/controllers/filter_controller_test.exs +++ /dev/null @@ -1,152 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Web.MastodonAPI.FilterView - - test "creating a filter" do - %{conn: conn} = oauth_access(["write:filters"]) - - filter = %Pleroma.Filter{ - phrase: "knights", - context: ["home"] - } - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context}) - - assert response = json_response_and_validate_schema(conn, 200) - assert response["phrase"] == filter.phrase - assert response["context"] == filter.context - assert response["irreversible"] == false - assert response["id"] != nil - assert response["id"] != "" - end - - test "fetching a list of filters" do - %{user: user, conn: conn} = oauth_access(["read:filters"]) - - query_one = %Pleroma.Filter{ - user_id: user.id, - filter_id: 1, - phrase: "knights", - context: ["home"] - } - - query_two = %Pleroma.Filter{ - user_id: user.id, - filter_id: 2, - phrase: "who", - context: ["home"] - } - - {:ok, filter_one} = Pleroma.Filter.create(query_one) - {:ok, filter_two} = Pleroma.Filter.create(query_two) - - response = - conn - |> get("/api/v1/filters") - |> json_response_and_validate_schema(200) - - assert response == - render_json( - FilterView, - "index.json", - filters: [filter_two, filter_one] - ) - end - - test "get a filter" do - %{user: user, conn: conn} = oauth_access(["read:filters"]) - - # check whole_word false - query = %Pleroma.Filter{ - user_id: user.id, - filter_id: 2, - phrase: "knight", - context: ["home"], - whole_word: false - } - - {:ok, filter} = Pleroma.Filter.create(query) - - conn = get(conn, "/api/v1/filters/#{filter.filter_id}") - - assert response = json_response_and_validate_schema(conn, 200) - assert response["whole_word"] == false - - # check whole_word true - %{user: user, conn: conn} = oauth_access(["read:filters"]) - - query = %Pleroma.Filter{ - user_id: user.id, - filter_id: 3, - phrase: "knight", - context: ["home"], - whole_word: true - } - - {:ok, filter} = Pleroma.Filter.create(query) - - conn = get(conn, "/api/v1/filters/#{filter.filter_id}") - - assert response = json_response_and_validate_schema(conn, 200) - assert response["whole_word"] == true - end - - test "update a filter" do - %{user: user, conn: conn} = oauth_access(["write:filters"]) - - query = %Pleroma.Filter{ - user_id: user.id, - filter_id: 2, - phrase: "knight", - context: ["home"], - hide: true, - whole_word: true - } - - {:ok, _filter} = Pleroma.Filter.create(query) - - new = %Pleroma.Filter{ - phrase: "nii", - context: ["home"] - } - - conn = - conn - |> put_req_header("content-type", "application/json") - |> put("/api/v1/filters/#{query.filter_id}", %{ - phrase: new.phrase, - context: new.context - }) - - assert response = json_response_and_validate_schema(conn, 200) - assert response["phrase"] == new.phrase - assert response["context"] == new.context - assert response["irreversible"] == true - assert response["whole_word"] == true - end - - test "delete a filter" do - %{user: user, conn: conn} = oauth_access(["write:filters"]) - - query = %Pleroma.Filter{ - user_id: user.id, - filter_id: 2, - phrase: "knight", - context: ["home"] - } - - {:ok, filter} = Pleroma.Filter.create(query) - - conn = delete(conn, "/api/v1/filters/#{filter.filter_id}") - - assert json_response_and_validate_schema(conn, 200) == %{} - end -end diff --git a/test/web/mastodon_api/controllers/follow_request_controller_test.exs b/test/web/mastodon_api/controllers/follow_request_controller_test.exs deleted file mode 100644 index 6749e0e83..000000000 --- a/test/web/mastodon_api/controllers/follow_request_controller_test.exs +++ /dev/null @@ -1,74 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.User - alias Pleroma.Web.CommonAPI - - import Pleroma.Factory - - describe "locked accounts" do - setup do - user = insert(:user, locked: true) - %{conn: conn} = oauth_access(["follow"], user: user) - %{user: user, conn: conn} - end - - test "/api/v1/follow_requests works", %{user: user, conn: conn} do - other_user = insert(:user) - - {:ok, _, _, _activity} = CommonAPI.follow(other_user, user) - {:ok, other_user} = User.follow(other_user, user, :follow_pending) - - assert User.following?(other_user, user) == false - - conn = get(conn, "/api/v1/follow_requests") - - assert [relationship] = json_response_and_validate_schema(conn, 200) - assert to_string(other_user.id) == relationship["id"] - end - - test "/api/v1/follow_requests/:id/authorize works", %{user: user, conn: conn} do - other_user = insert(:user) - - {:ok, _, _, _activity} = CommonAPI.follow(other_user, user) - {:ok, other_user} = User.follow(other_user, user, :follow_pending) - - user = User.get_cached_by_id(user.id) - other_user = User.get_cached_by_id(other_user.id) - - assert User.following?(other_user, user) == false - - conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/authorize") - - assert relationship = json_response_and_validate_schema(conn, 200) - assert to_string(other_user.id) == relationship["id"] - - user = User.get_cached_by_id(user.id) - other_user = User.get_cached_by_id(other_user.id) - - assert User.following?(other_user, user) == true - end - - test "/api/v1/follow_requests/:id/reject works", %{user: user, conn: conn} do - other_user = insert(:user) - - {:ok, _, _, _activity} = CommonAPI.follow(other_user, user) - - user = User.get_cached_by_id(user.id) - - conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/reject") - - assert relationship = json_response_and_validate_schema(conn, 200) - assert to_string(other_user.id) == relationship["id"] - - user = User.get_cached_by_id(user.id) - other_user = User.get_cached_by_id(other_user.id) - - assert User.following?(other_user, user) == false - end - end -end diff --git a/test/web/mastodon_api/controllers/instance_controller_test.exs b/test/web/mastodon_api/controllers/instance_controller_test.exs deleted file mode 100644 index 6a9ccd979..000000000 --- a/test/web/mastodon_api/controllers/instance_controller_test.exs +++ /dev/null @@ -1,87 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.User - import Pleroma.Factory - - test "get instance information", %{conn: conn} do - conn = get(conn, "/api/v1/instance") - assert result = json_response_and_validate_schema(conn, 200) - - email = Pleroma.Config.get([:instance, :email]) - # Note: not checking for "max_toot_chars" since it's optional - assert %{ - "uri" => _, - "title" => _, - "description" => _, - "version" => _, - "email" => from_config_email, - "urls" => %{ - "streaming_api" => _ - }, - "stats" => _, - "thumbnail" => _, - "languages" => _, - "registrations" => _, - "approval_required" => _, - "poll_limits" => _, - "upload_limit" => _, - "avatar_upload_limit" => _, - "background_upload_limit" => _, - "banner_upload_limit" => _, - "background_image" => _, - "chat_limit" => _, - "description_limit" => _ - } = result - - assert result["pleroma"]["metadata"]["account_activation_required"] != nil - assert result["pleroma"]["metadata"]["features"] - assert result["pleroma"]["metadata"]["federation"] - assert result["pleroma"]["metadata"]["fields_limits"] - assert result["pleroma"]["vapid_public_key"] - - assert email == from_config_email - end - - test "get instance stats", %{conn: conn} do - user = insert(:user, %{local: true}) - - user2 = insert(:user, %{local: true}) - {:ok, _user2} = User.deactivate(user2, !user2.deactivated) - - insert(:user, %{local: false, nickname: "u@peer1.com"}) - insert(:user, %{local: false, nickname: "u@peer2.com"}) - - {:ok, _} = Pleroma.Web.CommonAPI.post(user, %{status: "cofe"}) - - Pleroma.Stats.force_update() - - conn = get(conn, "/api/v1/instance") - - assert result = json_response_and_validate_schema(conn, 200) - - stats = result["stats"] - - assert stats - assert stats["user_count"] == 1 - assert stats["status_count"] == 1 - assert stats["domain_count"] == 2 - end - - test "get peers", %{conn: conn} do - insert(:user, %{local: false, nickname: "u@peer1.com"}) - insert(:user, %{local: false, nickname: "u@peer2.com"}) - - Pleroma.Stats.force_update() - - conn = get(conn, "/api/v1/instance/peers") - - assert result = json_response_and_validate_schema(conn, 200) - - assert ["peer1.com", "peer2.com"] == Enum.sort(result) - end -end diff --git a/test/web/mastodon_api/controllers/list_controller_test.exs b/test/web/mastodon_api/controllers/list_controller_test.exs deleted file mode 100644 index 57a9ef4a4..000000000 --- a/test/web/mastodon_api/controllers/list_controller_test.exs +++ /dev/null @@ -1,158 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.ListControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Repo - - import Pleroma.Factory - - test "creating a list" do - %{conn: conn} = oauth_access(["write:lists"]) - - assert %{"title" => "cuties"} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/lists", %{"title" => "cuties"}) - |> json_response_and_validate_schema(:ok) - end - - test "renders error for invalid params" do - %{conn: conn} = oauth_access(["write:lists"]) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/lists", %{"title" => nil}) - - assert %{"error" => "title - null value where string expected."} = - json_response_and_validate_schema(conn, 400) - end - - test "listing a user's lists" do - %{conn: conn} = oauth_access(["read:lists", "write:lists"]) - - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/lists", %{"title" => "cuties"}) - |> json_response_and_validate_schema(:ok) - - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/lists", %{"title" => "cofe"}) - |> json_response_and_validate_schema(:ok) - - conn = get(conn, "/api/v1/lists") - - assert [ - %{"id" => _, "title" => "cofe"}, - %{"id" => _, "title" => "cuties"} - ] = json_response_and_validate_schema(conn, :ok) - end - - test "adding users to a list" do - %{user: user, conn: conn} = oauth_access(["write:lists"]) - other_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - - assert %{} == - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) - |> json_response_and_validate_schema(:ok) - - %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) - assert following == [other_user.follower_address] - end - - test "removing users from a list" do - %{user: user, conn: conn} = oauth_access(["write:lists"]) - other_user = insert(:user) - third_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - {:ok, list} = Pleroma.List.follow(list, third_user) - - assert %{} == - conn - |> put_req_header("content-type", "application/json") - |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) - |> json_response_and_validate_schema(:ok) - - %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) - assert following == [third_user.follower_address] - end - - test "listing users in a list" do - %{user: user, conn: conn} = oauth_access(["read:lists"]) - other_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]}) - - assert [%{"id" => id}] = json_response_and_validate_schema(conn, 200) - assert id == to_string(other_user.id) - end - - test "retrieving a list" do - %{user: user, conn: conn} = oauth_access(["read:lists"]) - {:ok, list} = Pleroma.List.create("name", user) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/lists/#{list.id}") - - assert %{"id" => id} = json_response_and_validate_schema(conn, 200) - assert id == to_string(list.id) - end - - test "renders 404 if list is not found" do - %{conn: conn} = oauth_access(["read:lists"]) - - conn = get(conn, "/api/v1/lists/666") - - assert %{"error" => "List not found"} = json_response_and_validate_schema(conn, :not_found) - end - - test "renaming a list" do - %{user: user, conn: conn} = oauth_access(["write:lists"]) - {:ok, list} = Pleroma.List.create("name", user) - - assert %{"title" => "newname"} = - conn - |> put_req_header("content-type", "application/json") - |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"}) - |> json_response_and_validate_schema(:ok) - end - - test "validates title when renaming a list" do - %{user: user, conn: conn} = oauth_access(["write:lists"]) - {:ok, list} = Pleroma.List.create("name", user) - - conn = - conn - |> assign(:user, user) - |> put_req_header("content-type", "application/json") - |> put("/api/v1/lists/#{list.id}", %{"title" => " "}) - - assert %{"error" => "can't be blank"} == - json_response_and_validate_schema(conn, :unprocessable_entity) - end - - test "deleting a list" do - %{user: user, conn: conn} = oauth_access(["write:lists"]) - {:ok, list} = Pleroma.List.create("name", user) - - conn = delete(conn, "/api/v1/lists/#{list.id}") - - assert %{} = json_response_and_validate_schema(conn, 200) - assert is_nil(Repo.get(Pleroma.List, list.id)) - end -end diff --git a/test/web/mastodon_api/controllers/marker_controller_test.exs b/test/web/mastodon_api/controllers/marker_controller_test.exs deleted file mode 100644 index 6dd40fb4a..000000000 --- a/test/web/mastodon_api/controllers/marker_controller_test.exs +++ /dev/null @@ -1,131 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do - use Pleroma.Web.ConnCase - - import Pleroma.Factory - - describe "GET /api/v1/markers" do - test "gets markers with correct scopes", %{conn: conn} do - user = insert(:user) - token = insert(:oauth_token, user: user, scopes: ["read:statuses"]) - insert_list(7, :notification, user: user) - - {:ok, %{"notifications" => marker}} = - Pleroma.Marker.upsert( - user, - %{"notifications" => %{"last_read_id" => "69420"}} - ) - - response = - conn - |> assign(:user, user) - |> assign(:token, token) - |> get("/api/v1/markers?timeline[]=notifications") - |> json_response_and_validate_schema(200) - - assert response == %{ - "notifications" => %{ - "last_read_id" => "69420", - "updated_at" => NaiveDateTime.to_iso8601(marker.updated_at), - "version" => 0, - "pleroma" => %{"unread_count" => 7} - } - } - end - - test "gets markers with missed scopes", %{conn: conn} do - user = insert(:user) - token = insert(:oauth_token, user: user, scopes: []) - - Pleroma.Marker.upsert(user, %{"notifications" => %{"last_read_id" => "69420"}}) - - response = - conn - |> assign(:user, user) - |> assign(:token, token) - |> get("/api/v1/markers", %{timeline: ["notifications"]}) - |> json_response_and_validate_schema(403) - - assert response == %{"error" => "Insufficient permissions: read:statuses."} - end - end - - describe "POST /api/v1/markers" do - test "creates a marker with correct scopes", %{conn: conn} do - user = insert(:user) - token = insert(:oauth_token, user: user, scopes: ["write:statuses"]) - - response = - conn - |> assign(:user, user) - |> assign(:token, token) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/markers", %{ - home: %{last_read_id: "777"}, - notifications: %{"last_read_id" => "69420"} - }) - |> json_response_and_validate_schema(200) - - assert %{ - "notifications" => %{ - "last_read_id" => "69420", - "updated_at" => _, - "version" => 0, - "pleroma" => %{"unread_count" => 0} - } - } = response - end - - test "updates exist marker", %{conn: conn} do - user = insert(:user) - token = insert(:oauth_token, user: user, scopes: ["write:statuses"]) - - {:ok, %{"notifications" => marker}} = - Pleroma.Marker.upsert( - user, - %{"notifications" => %{"last_read_id" => "69477"}} - ) - - response = - conn - |> assign(:user, user) - |> assign(:token, token) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/markers", %{ - home: %{last_read_id: "777"}, - notifications: %{"last_read_id" => "69888"} - }) - |> json_response_and_validate_schema(200) - - assert response == %{ - "notifications" => %{ - "last_read_id" => "69888", - "updated_at" => NaiveDateTime.to_iso8601(marker.updated_at), - "version" => 0, - "pleroma" => %{"unread_count" => 0} - } - } - end - - test "creates a marker with missed scopes", %{conn: conn} do - user = insert(:user) - token = insert(:oauth_token, user: user, scopes: []) - - response = - conn - |> assign(:user, user) - |> assign(:token, token) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/markers", %{ - home: %{last_read_id: "777"}, - notifications: %{"last_read_id" => "69420"} - }) - |> json_response_and_validate_schema(403) - - assert response == %{"error" => "Insufficient permissions: write:statuses."} - end - end -end diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs deleted file mode 100644 index 906fd940f..000000000 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ /dev/null @@ -1,146 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Object - alias Pleroma.User - alias Pleroma.Web.ActivityPub.ActivityPub - - describe "Upload media" do - setup do: oauth_access(["write:media"]) - - setup do - image = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - [image: image] - end - - setup do: clear_config([:media_proxy]) - setup do: clear_config([Pleroma.Upload]) - - test "/api/v1/media", %{conn: conn, image: image} do - desc = "Description of the image" - - media = - conn - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v1/media", %{"file" => image, "description" => desc}) - |> json_response_and_validate_schema(:ok) - - assert media["type"] == "image" - assert media["description"] == desc - assert media["id"] - - object = Object.get_by_id(media["id"]) - assert object.data["actor"] == User.ap_id(conn.assigns[:user]) - end - - test "/api/v2/media", %{conn: conn, user: user, image: image} do - desc = "Description of the image" - - response = - conn - |> put_req_header("content-type", "multipart/form-data") - |> post("/api/v2/media", %{"file" => image, "description" => desc}) - |> json_response_and_validate_schema(202) - - assert media_id = response["id"] - - %{conn: conn} = oauth_access(["read:media"], user: user) - - media = - conn - |> get("/api/v1/media/#{media_id}") - |> json_response_and_validate_schema(200) - - assert media["type"] == "image" - assert media["description"] == desc - assert media["id"] - - object = Object.get_by_id(media["id"]) - assert object.data["actor"] == user.ap_id - end - end - - describe "Update media description" do - setup do: oauth_access(["write:media"]) - - setup %{user: actor} do - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - {:ok, %Object{} = object} = - ActivityPub.upload( - file, - actor: User.ap_id(actor), - description: "test-m" - ) - - [object: object] - end - - test "/api/v1/media/:id good request", %{conn: conn, object: object} do - media = - conn - |> put_req_header("content-type", "multipart/form-data") - |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"}) - |> json_response_and_validate_schema(:ok) - - assert media["description"] == "test-media" - assert refresh_record(object).data["name"] == "test-media" - end - end - - describe "Get media by id (/api/v1/media/:id)" do - setup do: oauth_access(["read:media"]) - - setup %{user: actor} do - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - {:ok, %Object{} = object} = - ActivityPub.upload( - file, - actor: User.ap_id(actor), - description: "test-media" - ) - - [object: object] - end - - test "it returns media object when requested by owner", %{conn: conn, object: object} do - media = - conn - |> get("/api/v1/media/#{object.id}") - |> json_response_and_validate_schema(:ok) - - assert media["description"] == "test-media" - assert media["type"] == "image" - assert media["id"] - end - - test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do - %{conn: conn, user: other_user} = oauth_access(["read:media"]) - - assert object.data["actor"] == user.ap_id - refute user.id == other_user.id - - conn - |> get("/api/v1/media/#{object.id}") - |> json_response(403) - end - end -end diff --git a/test/web/mastodon_api/controllers/notification_controller_test.exs b/test/web/mastodon_api/controllers/notification_controller_test.exs deleted file mode 100644 index 70ef0e8b5..000000000 --- a/test/web/mastodon_api/controllers/notification_controller_test.exs +++ /dev/null @@ -1,626 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Notification - alias Pleroma.Repo - alias Pleroma.User - alias Pleroma.Web.CommonAPI - - import Pleroma.Factory - - test "does NOT render account/pleroma/relationship by default" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - {:ok, [_notification]} = Notification.create_notifications(activity) - - response = - conn - |> assign(:user, user) - |> get("/api/v1/notifications") - |> json_response_and_validate_schema(200) - - assert Enum.all?(response, fn n -> - get_in(n, ["account", "pleroma", "relationship"]) == %{} - end) - end - - test "list of notifications" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - {:ok, [_notification]} = Notification.create_notifications(activity) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/notifications") - - expected_response = - "hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{ - user.ap_id - }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>" - - assert [%{"status" => %{"content" => response}} | _rest] = - json_response_and_validate_schema(conn, 200) - - assert response == expected_response - end - - test "by default, does not contain pleroma:chat_mention" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, _activity} = CommonAPI.post_chat_message(other_user, user, "hey") - - result = - conn - |> get("/api/v1/notifications") - |> json_response_and_validate_schema(200) - - assert [] == result - - result = - conn - |> get("/api/v1/notifications?include_types[]=pleroma:chat_mention") - |> json_response_and_validate_schema(200) - - assert [_] = result - end - - test "getting a single notification" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - {:ok, [notification]} = Notification.create_notifications(activity) - - conn = get(conn, "/api/v1/notifications/#{notification.id}") - - expected_response = - "hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{ - user.ap_id - }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>" - - assert %{"status" => %{"content" => response}} = json_response_and_validate_schema(conn, 200) - assert response == expected_response - end - - test "dismissing a single notification (deprecated endpoint)" do - %{user: user, conn: conn} = oauth_access(["write:notifications"]) - other_user = insert(:user) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - {:ok, [notification]} = Notification.create_notifications(activity) - - conn = - conn - |> assign(:user, user) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/notifications/dismiss", %{"id" => to_string(notification.id)}) - - assert %{} = json_response_and_validate_schema(conn, 200) - end - - test "dismissing a single notification" do - %{user: user, conn: conn} = oauth_access(["write:notifications"]) - other_user = insert(:user) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - {:ok, [notification]} = Notification.create_notifications(activity) - - conn = - conn - |> assign(:user, user) - |> post("/api/v1/notifications/#{notification.id}/dismiss") - - assert %{} = json_response_and_validate_schema(conn, 200) - end - - test "clearing all notifications" do - %{user: user, conn: conn} = oauth_access(["write:notifications", "read:notifications"]) - other_user = insert(:user) - - {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - {:ok, [_notification]} = Notification.create_notifications(activity) - - ret_conn = post(conn, "/api/v1/notifications/clear") - - assert %{} = json_response_and_validate_schema(ret_conn, 200) - - ret_conn = get(conn, "/api/v1/notifications") - - assert all = json_response_and_validate_schema(ret_conn, 200) - assert all == [] - end - - test "paginates notifications using min_id, since_id, max_id, and limit" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, activity1} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - {:ok, activity2} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - {:ok, activity3} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - {:ok, activity4} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - notification1_id = get_notification_id_by_activity(activity1) - notification2_id = get_notification_id_by_activity(activity2) - notification3_id = get_notification_id_by_activity(activity3) - notification4_id = get_notification_id_by_activity(activity4) - - conn = assign(conn, :user, user) - - # min_id - result = - conn - |> get("/api/v1/notifications?limit=2&min_id=#{notification1_id}") - |> json_response_and_validate_schema(:ok) - - assert [%{"id" => ^notification3_id}, %{"id" => ^notification2_id}] = result - - # since_id - result = - conn - |> get("/api/v1/notifications?limit=2&since_id=#{notification1_id}") - |> json_response_and_validate_schema(:ok) - - assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result - - # max_id - result = - conn - |> get("/api/v1/notifications?limit=2&max_id=#{notification4_id}") - |> json_response_and_validate_schema(:ok) - - assert [%{"id" => ^notification3_id}, %{"id" => ^notification2_id}] = result - end - - describe "exclude_visibilities" do - test "filters notifications for mentions" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, public_activity} = - CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "public"}) - - {:ok, direct_activity} = - CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "direct"}) - - {:ok, unlisted_activity} = - CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "unlisted"}) - - {:ok, private_activity} = - CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "private"}) - - query = params_to_query(%{exclude_visibilities: ["public", "unlisted", "private"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200) - assert id == direct_activity.id - - query = params_to_query(%{exclude_visibilities: ["public", "unlisted", "direct"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200) - assert id == private_activity.id - - query = params_to_query(%{exclude_visibilities: ["public", "private", "direct"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200) - assert id == unlisted_activity.id - - query = params_to_query(%{exclude_visibilities: ["unlisted", "private", "direct"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200) - assert id == public_activity.id - end - - test "filters notifications for Like activities" do - user = insert(:user) - %{user: other_user, conn: conn} = oauth_access(["read:notifications"]) - - {:ok, public_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "public"}) - - {:ok, direct_activity} = - CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "direct"}) - - {:ok, unlisted_activity} = - CommonAPI.post(other_user, %{status: ".", visibility: "unlisted"}) - - {:ok, private_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "private"}) - - {:ok, _} = CommonAPI.favorite(user, public_activity.id) - {:ok, _} = CommonAPI.favorite(user, direct_activity.id) - {:ok, _} = CommonAPI.favorite(user, unlisted_activity.id) - {:ok, _} = CommonAPI.favorite(user, private_activity.id) - - activity_ids = - conn - |> get("/api/v1/notifications?exclude_visibilities[]=direct") - |> json_response_and_validate_schema(200) - |> Enum.map(& &1["status"]["id"]) - - assert public_activity.id in activity_ids - assert unlisted_activity.id in activity_ids - assert private_activity.id in activity_ids - refute direct_activity.id in activity_ids - - activity_ids = - conn - |> get("/api/v1/notifications?exclude_visibilities[]=unlisted") - |> json_response_and_validate_schema(200) - |> Enum.map(& &1["status"]["id"]) - - assert public_activity.id in activity_ids - refute unlisted_activity.id in activity_ids - assert private_activity.id in activity_ids - assert direct_activity.id in activity_ids - - activity_ids = - conn - |> get("/api/v1/notifications?exclude_visibilities[]=private") - |> json_response_and_validate_schema(200) - |> Enum.map(& &1["status"]["id"]) - - assert public_activity.id in activity_ids - assert unlisted_activity.id in activity_ids - refute private_activity.id in activity_ids - assert direct_activity.id in activity_ids - - activity_ids = - conn - |> get("/api/v1/notifications?exclude_visibilities[]=public") - |> json_response_and_validate_schema(200) - |> Enum.map(& &1["status"]["id"]) - - refute public_activity.id in activity_ids - assert unlisted_activity.id in activity_ids - assert private_activity.id in activity_ids - assert direct_activity.id in activity_ids - end - - test "filters notifications for Announce activities" do - user = insert(:user) - %{user: other_user, conn: conn} = oauth_access(["read:notifications"]) - - {:ok, public_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "public"}) - - {:ok, unlisted_activity} = - CommonAPI.post(other_user, %{status: ".", visibility: "unlisted"}) - - {:ok, _} = CommonAPI.repeat(public_activity.id, user) - {:ok, _} = CommonAPI.repeat(unlisted_activity.id, user) - - activity_ids = - conn - |> get("/api/v1/notifications?exclude_visibilities[]=unlisted") - |> json_response_and_validate_schema(200) - |> Enum.map(& &1["status"]["id"]) - - assert public_activity.id in activity_ids - refute unlisted_activity.id in activity_ids - end - - test "doesn't return less than the requested amount of records when the user's reply is liked" do - user = insert(:user) - %{user: other_user, conn: conn} = oauth_access(["read:notifications"]) - - {:ok, mention} = - CommonAPI.post(user, %{status: "@#{other_user.nickname}", visibility: "public"}) - - {:ok, activity} = CommonAPI.post(user, %{status: ".", visibility: "public"}) - - {:ok, reply} = - CommonAPI.post(other_user, %{ - status: ".", - visibility: "public", - in_reply_to_status_id: activity.id - }) - - {:ok, _favorite} = CommonAPI.favorite(user, reply.id) - - activity_ids = - conn - |> get("/api/v1/notifications?exclude_visibilities[]=direct&limit=2") - |> json_response_and_validate_schema(200) - |> Enum.map(& &1["status"]["id"]) - - assert [reply.id, mention.id] == activity_ids - end - end - - test "filters notifications using exclude_types" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, mention_activity} = CommonAPI.post(other_user, %{status: "hey @#{user.nickname}"}) - {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"}) - {:ok, favorite_activity} = CommonAPI.favorite(other_user, create_activity.id) - {:ok, reblog_activity} = CommonAPI.repeat(create_activity.id, other_user) - {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user) - - mention_notification_id = get_notification_id_by_activity(mention_activity) - favorite_notification_id = get_notification_id_by_activity(favorite_activity) - reblog_notification_id = get_notification_id_by_activity(reblog_activity) - follow_notification_id = get_notification_id_by_activity(follow_activity) - - query = params_to_query(%{exclude_types: ["mention", "favourite", "reblog"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"id" => ^follow_notification_id}] = json_response_and_validate_schema(conn_res, 200) - - query = params_to_query(%{exclude_types: ["favourite", "reblog", "follow"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"id" => ^mention_notification_id}] = - json_response_and_validate_schema(conn_res, 200) - - query = params_to_query(%{exclude_types: ["reblog", "follow", "mention"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"id" => ^favorite_notification_id}] = - json_response_and_validate_schema(conn_res, 200) - - query = params_to_query(%{exclude_types: ["follow", "mention", "favourite"]}) - conn_res = get(conn, "/api/v1/notifications?" <> query) - - assert [%{"id" => ^reblog_notification_id}] = json_response_and_validate_schema(conn_res, 200) - end - - test "filters notifications using include_types" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, mention_activity} = CommonAPI.post(other_user, %{status: "hey @#{user.nickname}"}) - {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"}) - {:ok, favorite_activity} = CommonAPI.favorite(other_user, create_activity.id) - {:ok, reblog_activity} = CommonAPI.repeat(create_activity.id, other_user) - {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user) - - mention_notification_id = get_notification_id_by_activity(mention_activity) - favorite_notification_id = get_notification_id_by_activity(favorite_activity) - reblog_notification_id = get_notification_id_by_activity(reblog_activity) - follow_notification_id = get_notification_id_by_activity(follow_activity) - - conn_res = get(conn, "/api/v1/notifications?include_types[]=follow") - - assert [%{"id" => ^follow_notification_id}] = json_response_and_validate_schema(conn_res, 200) - - conn_res = get(conn, "/api/v1/notifications?include_types[]=mention") - - assert [%{"id" => ^mention_notification_id}] = - json_response_and_validate_schema(conn_res, 200) - - conn_res = get(conn, "/api/v1/notifications?include_types[]=favourite") - - assert [%{"id" => ^favorite_notification_id}] = - json_response_and_validate_schema(conn_res, 200) - - conn_res = get(conn, "/api/v1/notifications?include_types[]=reblog") - - assert [%{"id" => ^reblog_notification_id}] = json_response_and_validate_schema(conn_res, 200) - - result = conn |> get("/api/v1/notifications") |> json_response_and_validate_schema(200) - - assert length(result) == 4 - - query = params_to_query(%{include_types: ["follow", "mention", "favourite", "reblog"]}) - - result = - conn - |> get("/api/v1/notifications?" <> query) - |> json_response_and_validate_schema(200) - - assert length(result) == 4 - end - - test "destroy multiple" do - %{user: user, conn: conn} = oauth_access(["read:notifications", "write:notifications"]) - other_user = insert(:user) - - {:ok, activity1} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - {:ok, activity2} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - {:ok, activity3} = CommonAPI.post(user, %{status: "hi @#{other_user.nickname}"}) - {:ok, activity4} = CommonAPI.post(user, %{status: "hi @#{other_user.nickname}"}) - - notification1_id = get_notification_id_by_activity(activity1) - notification2_id = get_notification_id_by_activity(activity2) - notification3_id = get_notification_id_by_activity(activity3) - notification4_id = get_notification_id_by_activity(activity4) - - result = - conn - |> get("/api/v1/notifications") - |> json_response_and_validate_schema(:ok) - - assert [%{"id" => ^notification2_id}, %{"id" => ^notification1_id}] = result - - conn2 = - conn - |> assign(:user, other_user) - |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:notifications"])) - - result = - conn2 - |> get("/api/v1/notifications") - |> json_response_and_validate_schema(:ok) - - assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result - - query = params_to_query(%{ids: [notification1_id, notification2_id]}) - conn_destroy = delete(conn, "/api/v1/notifications/destroy_multiple?" <> query) - - assert json_response_and_validate_schema(conn_destroy, 200) == %{} - - result = - conn2 - |> get("/api/v1/notifications") - |> json_response_and_validate_schema(:ok) - - assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result - end - - test "doesn't see notifications after muting user with notifications" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - user2 = insert(:user) - - {:ok, _, _, _} = CommonAPI.follow(user, user2) - {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"}) - - ret_conn = get(conn, "/api/v1/notifications") - - assert length(json_response_and_validate_schema(ret_conn, 200)) == 1 - - {:ok, _user_relationships} = User.mute(user, user2) - - conn = get(conn, "/api/v1/notifications") - - assert json_response_and_validate_schema(conn, 200) == [] - end - - test "see notifications after muting user without notifications" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - user2 = insert(:user) - - {:ok, _, _, _} = CommonAPI.follow(user, user2) - {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"}) - - ret_conn = get(conn, "/api/v1/notifications") - - assert length(json_response_and_validate_schema(ret_conn, 200)) == 1 - - {:ok, _user_relationships} = User.mute(user, user2, false) - - conn = get(conn, "/api/v1/notifications") - - assert length(json_response_and_validate_schema(conn, 200)) == 1 - end - - test "see notifications after muting user with notifications and with_muted parameter" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - user2 = insert(:user) - - {:ok, _, _, _} = CommonAPI.follow(user, user2) - {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"}) - - ret_conn = get(conn, "/api/v1/notifications") - - assert length(json_response_and_validate_schema(ret_conn, 200)) == 1 - - {:ok, _user_relationships} = User.mute(user, user2) - - conn = get(conn, "/api/v1/notifications?with_muted=true") - - assert length(json_response_and_validate_schema(conn, 200)) == 1 - end - - @tag capture_log: true - test "see move notifications" do - old_user = insert(:user) - new_user = insert(:user, also_known_as: [old_user.ap_id]) - %{user: follower, conn: conn} = oauth_access(["read:notifications"]) - - old_user_url = old_user.ap_id - - body = - File.read!("test/fixtures/users_mock/localhost.json") - |> String.replace("{{nickname}}", old_user.nickname) - |> Jason.encode!() - - Tesla.Mock.mock(fn - %{method: :get, url: ^old_user_url} -> - %Tesla.Env{status: 200, body: body} - end) - - User.follow(follower, old_user) - Pleroma.Web.ActivityPub.ActivityPub.move(old_user, new_user) - Pleroma.Tests.ObanHelpers.perform_all() - - conn = get(conn, "/api/v1/notifications") - - assert length(json_response_and_validate_schema(conn, 200)) == 1 - end - - describe "link headers" do - test "preserves parameters in link headers" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - other_user = insert(:user) - - {:ok, activity1} = - CommonAPI.post(other_user, %{ - status: "hi @#{user.nickname}", - visibility: "public" - }) - - {:ok, activity2} = - CommonAPI.post(other_user, %{ - status: "hi @#{user.nickname}", - visibility: "public" - }) - - notification1 = Repo.get_by(Notification, activity_id: activity1.id) - notification2 = Repo.get_by(Notification, activity_id: activity2.id) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/notifications?limit=5") - - assert [link_header] = get_resp_header(conn, "link") - assert link_header =~ ~r/limit=5/ - assert link_header =~ ~r/min_id=#{notification2.id}/ - assert link_header =~ ~r/max_id=#{notification1.id}/ - end - end - - describe "from specified user" do - test "account_id" do - %{user: user, conn: conn} = oauth_access(["read:notifications"]) - - %{id: account_id} = other_user1 = insert(:user) - other_user2 = insert(:user) - - {:ok, _activity} = CommonAPI.post(other_user1, %{status: "hi @#{user.nickname}"}) - {:ok, _activity} = CommonAPI.post(other_user2, %{status: "bye @#{user.nickname}"}) - - assert [%{"account" => %{"id" => ^account_id}}] = - conn - |> assign(:user, user) - |> get("/api/v1/notifications?account_id=#{account_id}") - |> json_response_and_validate_schema(200) - - assert %{"error" => "Account is not found"} = - conn - |> assign(:user, user) - |> get("/api/v1/notifications?account_id=cofe") - |> json_response_and_validate_schema(404) - end - end - - defp get_notification_id_by_activity(%{id: id}) do - Notification - |> Repo.get_by(activity_id: id) - |> Map.get(:id) - |> to_string() - end - - defp params_to_query(%{} = params) do - Enum.map_join(params, "&", fn - {k, v} when is_list(v) -> Enum.map_join(v, "&", &"#{k}[]=#{&1}") - {k, v} -> k <> "=" <> v - end) - end -end diff --git a/test/web/mastodon_api/controllers/poll_controller_test.exs b/test/web/mastodon_api/controllers/poll_controller_test.exs deleted file mode 100644 index f41de6448..000000000 --- a/test/web/mastodon_api/controllers/poll_controller_test.exs +++ /dev/null @@ -1,171 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.PollControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Object - alias Pleroma.Web.CommonAPI - - import Pleroma.Factory - - describe "GET /api/v1/polls/:id" do - setup do: oauth_access(["read:statuses"]) - - test "returns poll entity for object id", %{user: user, conn: conn} do - {:ok, activity} = - CommonAPI.post(user, %{ - status: "Pleroma does", - poll: %{options: ["what Mastodon't", "n't what Mastodoes"], expires_in: 20} - }) - - object = Object.normalize(activity) - - conn = get(conn, "/api/v1/polls/#{object.id}") - - response = json_response_and_validate_schema(conn, 200) - id = to_string(object.id) - assert %{"id" => ^id, "expired" => false, "multiple" => false} = response - end - - test "does not expose polls for private statuses", %{conn: conn} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(other_user, %{ - status: "Pleroma does", - poll: %{options: ["what Mastodon't", "n't what Mastodoes"], expires_in: 20}, - visibility: "private" - }) - - object = Object.normalize(activity) - - conn = get(conn, "/api/v1/polls/#{object.id}") - - assert json_response_and_validate_schema(conn, 404) - end - end - - describe "POST /api/v1/polls/:id/votes" do - setup do: oauth_access(["write:statuses"]) - - test "votes are added to the poll", %{conn: conn} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(other_user, %{ - status: "A very delicious sandwich", - poll: %{ - options: ["Lettuce", "Grilled Bacon", "Tomato"], - expires_in: 20, - multiple: true - } - }) - - object = Object.normalize(activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]}) - - assert json_response_and_validate_schema(conn, 200) - object = Object.get_by_id(object.id) - - assert Enum.all?(object.data["anyOf"], fn %{"replies" => %{"totalItems" => total_items}} -> - total_items == 1 - end) - end - - test "author can't vote", %{user: user, conn: conn} do - {:ok, activity} = - CommonAPI.post(user, %{ - status: "Am I cute?", - poll: %{options: ["Yes", "No"], expires_in: 20} - }) - - object = Object.normalize(activity) - - assert conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [1]}) - |> json_response_and_validate_schema(422) == %{"error" => "Poll's author can't vote"} - - object = Object.get_by_id(object.id) - - refute Enum.at(object.data["oneOf"], 1)["replies"]["totalItems"] == 1 - end - - test "does not allow multiple choices on a single-choice question", %{conn: conn} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(other_user, %{ - status: "The glass is", - poll: %{options: ["half empty", "half full"], expires_in: 20} - }) - - object = Object.normalize(activity) - - assert conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1]}) - |> json_response_and_validate_schema(422) == %{"error" => "Too many choices"} - - object = Object.get_by_id(object.id) - - refute Enum.any?(object.data["oneOf"], fn %{"replies" => %{"totalItems" => total_items}} -> - total_items == 1 - end) - end - - test "does not allow choice index to be greater than options count", %{conn: conn} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(other_user, %{ - status: "Am I cute?", - poll: %{options: ["Yes", "No"], expires_in: 20} - }) - - object = Object.normalize(activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]}) - - assert json_response_and_validate_schema(conn, 422) == %{"error" => "Invalid indices"} - end - - test "returns 404 error when object is not exist", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/polls/1/votes", %{"choices" => [0]}) - - assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"} - end - - test "returns 404 when poll is private and not available for user", %{conn: conn} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(other_user, %{ - status: "Am I cute?", - poll: %{options: ["Yes", "No"], expires_in: 20}, - visibility: "private" - }) - - object = Object.normalize(activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]}) - - assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"} - end - end -end diff --git a/test/web/mastodon_api/controllers/report_controller_test.exs b/test/web/mastodon_api/controllers/report_controller_test.exs deleted file mode 100644 index 6636cff96..000000000 --- a/test/web/mastodon_api/controllers/report_controller_test.exs +++ /dev/null @@ -1,95 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Web.CommonAPI - - import Pleroma.Factory - - setup do: oauth_access(["write:reports"]) - - setup do - target_user = insert(:user) - - {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"}) - - [target_user: target_user, activity: activity] - end - - test "submit a basic report", %{conn: conn, target_user: target_user} do - assert %{"action_taken" => false, "id" => _} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/reports", %{"account_id" => target_user.id}) - |> json_response_and_validate_schema(200) - end - - test "submit a report with statuses and comment", %{ - conn: conn, - target_user: target_user, - activity: activity - } do - assert %{"action_taken" => false, "id" => _} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/reports", %{ - "account_id" => target_user.id, - "status_ids" => [activity.id], - "comment" => "bad status!", - "forward" => "false" - }) - |> json_response_and_validate_schema(200) - end - - test "account_id is required", %{ - conn: conn, - activity: activity - } do - assert %{"error" => "Missing field: account_id."} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/reports", %{"status_ids" => [activity.id]}) - |> json_response_and_validate_schema(400) - end - - test "comment must be up to the size specified in the config", %{ - conn: conn, - target_user: target_user - } do - max_size = Pleroma.Config.get([:instance, :max_report_comment_size], 1000) - comment = String.pad_trailing("a", max_size + 1, "a") - - error = %{"error" => "Comment must be up to #{max_size} characters"} - - assert ^error = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/reports", %{"account_id" => target_user.id, "comment" => comment}) - |> json_response_and_validate_schema(400) - end - - test "returns error when account is not exist", %{ - conn: conn, - activity: activity - } do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"}) - - assert json_response_and_validate_schema(conn, 400) == %{"error" => "Account not found"} - end - - test "doesn't fail if an admin has no email", %{conn: conn, target_user: target_user} do - insert(:user, %{is_admin: true, email: nil}) - - assert %{"action_taken" => false, "id" => _} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/reports", %{"account_id" => target_user.id}) - |> json_response_and_validate_schema(200) - end -end diff --git a/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs b/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs deleted file mode 100644 index 1ff871c89..000000000 --- a/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs +++ /dev/null @@ -1,139 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Repo - alias Pleroma.ScheduledActivity - - import Pleroma.Factory - import Ecto.Query - - setup do: clear_config([ScheduledActivity, :enabled]) - - test "shows scheduled activities" do - %{user: user, conn: conn} = oauth_access(["read:statuses"]) - - scheduled_activity_id1 = insert(:scheduled_activity, user: user).id |> to_string() - scheduled_activity_id2 = insert(:scheduled_activity, user: user).id |> to_string() - scheduled_activity_id3 = insert(:scheduled_activity, user: user).id |> to_string() - scheduled_activity_id4 = insert(:scheduled_activity, user: user).id |> to_string() - - # min_id - conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&min_id=#{scheduled_activity_id1}") - - result = json_response_and_validate_schema(conn_res, 200) - assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result - - # since_id - conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&since_id=#{scheduled_activity_id1}") - - result = json_response_and_validate_schema(conn_res, 200) - assert [%{"id" => ^scheduled_activity_id4}, %{"id" => ^scheduled_activity_id3}] = result - - # max_id - conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&max_id=#{scheduled_activity_id4}") - - result = json_response_and_validate_schema(conn_res, 200) - assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result - end - - test "shows a scheduled activity" do - %{user: user, conn: conn} = oauth_access(["read:statuses"]) - scheduled_activity = insert(:scheduled_activity, user: user) - - res_conn = get(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}") - - assert %{"id" => scheduled_activity_id} = json_response_and_validate_schema(res_conn, 200) - assert scheduled_activity_id == scheduled_activity.id |> to_string() - - res_conn = get(conn, "/api/v1/scheduled_statuses/404") - - assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404) - end - - test "updates a scheduled activity" do - Pleroma.Config.put([ScheduledActivity, :enabled], true) - %{user: user, conn: conn} = oauth_access(["write:statuses"]) - - scheduled_at = Timex.shift(NaiveDateTime.utc_now(), minutes: 60) - - {:ok, scheduled_activity} = - ScheduledActivity.create( - user, - %{ - scheduled_at: scheduled_at, - params: build(:note).data - } - ) - - job = Repo.one(from(j in Oban.Job, where: j.queue == "scheduled_activities")) - - assert job.args == %{"activity_id" => scheduled_activity.id} - assert DateTime.truncate(job.scheduled_at, :second) == to_datetime(scheduled_at) - - new_scheduled_at = - NaiveDateTime.utc_now() - |> Timex.shift(minutes: 120) - |> Timex.format!("%Y-%m-%dT%H:%M:%S.%fZ", :strftime) - - res_conn = - conn - |> put_req_header("content-type", "application/json") - |> put("/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{ - scheduled_at: new_scheduled_at - }) - - assert %{"scheduled_at" => expected_scheduled_at} = - json_response_and_validate_schema(res_conn, 200) - - assert expected_scheduled_at == Pleroma.Web.CommonAPI.Utils.to_masto_date(new_scheduled_at) - job = refresh_record(job) - - assert DateTime.truncate(job.scheduled_at, :second) == to_datetime(new_scheduled_at) - - res_conn = - conn - |> put_req_header("content-type", "application/json") - |> put("/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at}) - - assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404) - end - - test "deletes a scheduled activity" do - Pleroma.Config.put([ScheduledActivity, :enabled], true) - %{user: user, conn: conn} = oauth_access(["write:statuses"]) - scheduled_at = Timex.shift(NaiveDateTime.utc_now(), minutes: 60) - - {:ok, scheduled_activity} = - ScheduledActivity.create( - user, - %{ - scheduled_at: scheduled_at, - params: build(:note).data - } - ) - - job = Repo.one(from(j in Oban.Job, where: j.queue == "scheduled_activities")) - - assert job.args == %{"activity_id" => scheduled_activity.id} - - res_conn = - conn - |> assign(:user, user) - |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}") - - assert %{} = json_response_and_validate_schema(res_conn, 200) - refute Repo.get(ScheduledActivity, scheduled_activity.id) - refute Repo.get(Oban.Job, job.id) - - res_conn = - conn - |> assign(:user, user) - |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}") - - assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404) - end -end diff --git a/test/web/mastodon_api/controllers/search_controller_test.exs b/test/web/mastodon_api/controllers/search_controller_test.exs deleted file mode 100644 index 24d1959f8..000000000 --- a/test/web/mastodon_api/controllers/search_controller_test.exs +++ /dev/null @@ -1,413 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Object - alias Pleroma.Web - alias Pleroma.Web.CommonAPI - import Pleroma.Factory - import ExUnit.CaptureLog - import Tesla.Mock - import Mock - - setup_all do - mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) - :ok - end - - describe ".search2" do - test "it returns empty result if user or status search return undefined error", %{conn: conn} do - with_mocks [ - {Pleroma.User, [], [search: fn _q, _o -> raise "Oops" end]}, - {Pleroma.Activity, [], [search: fn _u, _q, _o -> raise "Oops" end]} - ] do - capture_log(fn -> - results = - conn - |> get("/api/v2/search?q=2hu") - |> json_response_and_validate_schema(200) - - assert results["accounts"] == [] - assert results["statuses"] == [] - end) =~ - "[error] Elixir.Pleroma.Web.MastodonAPI.SearchController search error: %RuntimeError{message: \"Oops\"}" - end - end - - test "search", %{conn: conn} do - user = insert(:user) - user_two = insert(:user, %{nickname: "shp@shitposter.club"}) - user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) - - {:ok, activity} = CommonAPI.post(user, %{status: "This is about 2hu private 天子"}) - - {:ok, _activity} = - CommonAPI.post(user, %{ - status: "This is about 2hu, but private", - visibility: "private" - }) - - {:ok, _} = CommonAPI.post(user_two, %{status: "This isn't"}) - - results = - conn - |> get("/api/v2/search?#{URI.encode_query(%{q: "2hu #private"})}") - |> json_response_and_validate_schema(200) - - [account | _] = results["accounts"] - assert account["id"] == to_string(user_three.id) - - assert results["hashtags"] == [ - %{"name" => "private", "url" => "#{Web.base_url()}/tag/private"} - ] - - [status] = results["statuses"] - assert status["id"] == to_string(activity.id) - - results = - get(conn, "/api/v2/search?q=天子") - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "天子", "url" => "#{Web.base_url()}/tag/天子"} - ] - - [status] = results["statuses"] - assert status["id"] == to_string(activity.id) - end - - @tag capture_log: true - test "constructs hashtags from search query", %{conn: conn} do - results = - conn - |> get("/api/v2/search?#{URI.encode_query(%{q: "some text with #explicit #hashtags"})}") - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "explicit", "url" => "#{Web.base_url()}/tag/explicit"}, - %{"name" => "hashtags", "url" => "#{Web.base_url()}/tag/hashtags"} - ] - - results = - conn - |> get("/api/v2/search?#{URI.encode_query(%{q: "john doe JOHN DOE"})}") - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "john", "url" => "#{Web.base_url()}/tag/john"}, - %{"name" => "doe", "url" => "#{Web.base_url()}/tag/doe"}, - %{"name" => "JohnDoe", "url" => "#{Web.base_url()}/tag/JohnDoe"} - ] - - results = - conn - |> get("/api/v2/search?#{URI.encode_query(%{q: "accident-prone"})}") - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "accident", "url" => "#{Web.base_url()}/tag/accident"}, - %{"name" => "prone", "url" => "#{Web.base_url()}/tag/prone"}, - %{"name" => "AccidentProne", "url" => "#{Web.base_url()}/tag/AccidentProne"} - ] - - results = - conn - |> get("/api/v2/search?#{URI.encode_query(%{q: "https://shpposter.club/users/shpuld"})}") - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "shpuld", "url" => "#{Web.base_url()}/tag/shpuld"} - ] - - results = - conn - |> get( - "/api/v2/search?#{ - URI.encode_query(%{ - q: - "https://www.washingtonpost.com/sports/2020/06/10/" <> - "nascar-ban-display-confederate-flag-all-events-properties/" - }) - }" - ) - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "nascar", "url" => "#{Web.base_url()}/tag/nascar"}, - %{"name" => "ban", "url" => "#{Web.base_url()}/tag/ban"}, - %{"name" => "display", "url" => "#{Web.base_url()}/tag/display"}, - %{"name" => "confederate", "url" => "#{Web.base_url()}/tag/confederate"}, - %{"name" => "flag", "url" => "#{Web.base_url()}/tag/flag"}, - %{"name" => "all", "url" => "#{Web.base_url()}/tag/all"}, - %{"name" => "events", "url" => "#{Web.base_url()}/tag/events"}, - %{"name" => "properties", "url" => "#{Web.base_url()}/tag/properties"}, - %{ - "name" => "NascarBanDisplayConfederateFlagAllEventsProperties", - "url" => - "#{Web.base_url()}/tag/NascarBanDisplayConfederateFlagAllEventsProperties" - } - ] - end - - test "supports pagination of hashtags search results", %{conn: conn} do - results = - conn - |> get( - "/api/v2/search?#{ - URI.encode_query(%{q: "#some #text #with #hashtags", limit: 2, offset: 1}) - }" - ) - |> json_response_and_validate_schema(200) - - assert results["hashtags"] == [ - %{"name" => "text", "url" => "#{Web.base_url()}/tag/text"}, - %{"name" => "with", "url" => "#{Web.base_url()}/tag/with"} - ] - end - - test "excludes a blocked users from search results", %{conn: conn} do - user = insert(:user) - user_smith = insert(:user, %{nickname: "Agent", name: "I love 2hu"}) - user_neo = insert(:user, %{nickname: "Agent Neo", name: "Agent"}) - - {:ok, act1} = CommonAPI.post(user, %{status: "This is about 2hu private 天子"}) - {:ok, act2} = CommonAPI.post(user_smith, %{status: "Agent Smith"}) - {:ok, act3} = CommonAPI.post(user_neo, %{status: "Agent Smith"}) - Pleroma.User.block(user, user_smith) - - results = - conn - |> assign(:user, user) - |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"])) - |> get("/api/v2/search?q=Agent") - |> json_response_and_validate_schema(200) - - status_ids = Enum.map(results["statuses"], fn g -> g["id"] end) - - assert act3.id in status_ids - refute act2.id in status_ids - refute act1.id in status_ids - end - end - - describe ".account_search" do - test "account search", %{conn: conn} do - user_two = insert(:user, %{nickname: "shp@shitposter.club"}) - user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) - - results = - conn - |> get("/api/v1/accounts/search?q=shp") - |> json_response_and_validate_schema(200) - - result_ids = for result <- results, do: result["acct"] - - assert user_two.nickname in result_ids - assert user_three.nickname in result_ids - - results = - conn - |> get("/api/v1/accounts/search?q=2hu") - |> json_response_and_validate_schema(200) - - result_ids = for result <- results, do: result["acct"] - - assert user_three.nickname in result_ids - end - - test "returns account if query contains a space", %{conn: conn} do - insert(:user, %{nickname: "shp@shitposter.club"}) - - results = - conn - |> get("/api/v1/accounts/search?q=shp@shitposter.club xxx") - |> json_response_and_validate_schema(200) - - assert length(results) == 1 - end - end - - describe ".search" do - test "it returns empty result if user or status search return undefined error", %{conn: conn} do - with_mocks [ - {Pleroma.User, [], [search: fn _q, _o -> raise "Oops" end]}, - {Pleroma.Activity, [], [search: fn _u, _q, _o -> raise "Oops" end]} - ] do - capture_log(fn -> - results = - conn - |> get("/api/v1/search?q=2hu") - |> json_response_and_validate_schema(200) - - assert results["accounts"] == [] - assert results["statuses"] == [] - end) =~ - "[error] Elixir.Pleroma.Web.MastodonAPI.SearchController search error: %RuntimeError{message: \"Oops\"}" - end - end - - test "search", %{conn: conn} do - user = insert(:user) - user_two = insert(:user, %{nickname: "shp@shitposter.club"}) - user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) - - {:ok, activity} = CommonAPI.post(user, %{status: "This is about 2hu"}) - - {:ok, _activity} = - CommonAPI.post(user, %{ - status: "This is about 2hu, but private", - visibility: "private" - }) - - {:ok, _} = CommonAPI.post(user_two, %{status: "This isn't"}) - - results = - conn - |> get("/api/v1/search?q=2hu") - |> json_response_and_validate_schema(200) - - [account | _] = results["accounts"] - assert account["id"] == to_string(user_three.id) - - assert results["hashtags"] == ["2hu"] - - [status] = results["statuses"] - assert status["id"] == to_string(activity.id) - end - - test "search fetches remote statuses and prefers them over other results", %{conn: conn} do - capture_log(fn -> - {:ok, %{id: activity_id}} = - CommonAPI.post(insert(:user), %{ - status: "check out https://shitposter.club/notice/2827873" - }) - - results = - conn - |> get("/api/v1/search?q=https://shitposter.club/notice/2827873") - |> json_response_and_validate_schema(200) - - [status, %{"id" => ^activity_id}] = results["statuses"] - - assert status["uri"] == - "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" - end) - end - - test "search doesn't show statuses that it shouldn't", %{conn: conn} do - {:ok, activity} = - CommonAPI.post(insert(:user), %{ - status: "This is about 2hu, but private", - visibility: "private" - }) - - capture_log(fn -> - q = Object.normalize(activity).data["id"] - - results = - conn - |> get("/api/v1/search?q=#{q}") - |> json_response_and_validate_schema(200) - - [] = results["statuses"] - end) - end - - test "search fetches remote accounts", %{conn: conn} do - user = insert(:user) - - query = URI.encode_query(%{q: " mike@osada.macgirvin.com ", resolve: true}) - - results = - conn - |> assign(:user, user) - |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"])) - |> get("/api/v1/search?#{query}") - |> json_response_and_validate_schema(200) - - [account] = results["accounts"] - assert account["acct"] == "mike@osada.macgirvin.com" - end - - test "search doesn't fetch remote accounts if resolve is false", %{conn: conn} do - results = - conn - |> get("/api/v1/search?q=mike@osada.macgirvin.com&resolve=false") - |> json_response_and_validate_schema(200) - - assert [] == results["accounts"] - end - - test "search with limit and offset", %{conn: conn} do - user = insert(:user) - _user_two = insert(:user, %{nickname: "shp@shitposter.club"}) - _user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) - - {:ok, _activity1} = CommonAPI.post(user, %{status: "This is about 2hu"}) - {:ok, _activity2} = CommonAPI.post(user, %{status: "This is also about 2hu"}) - - result = - conn - |> get("/api/v1/search?q=2hu&limit=1") - - assert results = json_response_and_validate_schema(result, 200) - assert [%{"id" => activity_id1}] = results["statuses"] - assert [_] = results["accounts"] - - results = - conn - |> get("/api/v1/search?q=2hu&limit=1&offset=1") - |> json_response_and_validate_schema(200) - - assert [%{"id" => activity_id2}] = results["statuses"] - assert [] = results["accounts"] - - assert activity_id1 != activity_id2 - end - - test "search returns results only for the given type", %{conn: conn} do - user = insert(:user) - _user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) - - {:ok, _activity} = CommonAPI.post(user, %{status: "This is about 2hu"}) - - assert %{"statuses" => [_activity], "accounts" => [], "hashtags" => []} = - conn - |> get("/api/v1/search?q=2hu&type=statuses") - |> json_response_and_validate_schema(200) - - assert %{"statuses" => [], "accounts" => [_user_two], "hashtags" => []} = - conn - |> get("/api/v1/search?q=2hu&type=accounts") - |> json_response_and_validate_schema(200) - end - - test "search uses account_id to filter statuses by the author", %{conn: conn} do - user = insert(:user, %{nickname: "shp@shitposter.club"}) - user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) - - {:ok, activity1} = CommonAPI.post(user, %{status: "This is about 2hu"}) - {:ok, activity2} = CommonAPI.post(user_two, %{status: "This is also about 2hu"}) - - results = - conn - |> get("/api/v1/search?q=2hu&account_id=#{user.id}") - |> json_response_and_validate_schema(200) - - assert [%{"id" => activity_id1}] = results["statuses"] - assert activity_id1 == activity1.id - assert [_] = results["accounts"] - - results = - conn - |> get("/api/v1/search?q=2hu&account_id=#{user_two.id}") - |> json_response_and_validate_schema(200) - - assert [%{"id" => activity_id2}] = results["statuses"] - assert activity_id2 == activity2.id - end - end -end diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs deleted file mode 100644 index f221884e7..000000000 --- a/test/web/mastodon_api/controllers/status_controller_test.exs +++ /dev/null @@ -1,1704 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Activity - alias Pleroma.ActivityExpiration - alias Pleroma.Config - alias Pleroma.Conversation.Participation - alias Pleroma.Object - alias Pleroma.Repo - alias Pleroma.ScheduledActivity - alias Pleroma.Tests.ObanHelpers - alias Pleroma.User - alias Pleroma.Web.ActivityPub.ActivityPub - alias Pleroma.Web.CommonAPI - - import Pleroma.Factory - - setup do: clear_config([:instance, :federating]) - setup do: clear_config([:instance, :allow_relay]) - setup do: clear_config([:rich_media, :enabled]) - setup do: clear_config([:mrf, :policies]) - setup do: clear_config([:mrf_keyword, :reject]) - - describe "posting statuses" do - setup do: oauth_access(["write:statuses"]) - - test "posting a status does not increment reblog_count when relaying", %{conn: conn} do - Pleroma.Config.put([:instance, :federating], true) - Pleroma.Config.get([:instance, :allow_relay], true) - - response = - conn - |> put_req_header("content-type", "application/json") - |> post("api/v1/statuses", %{ - "content_type" => "text/plain", - "source" => "Pleroma FE", - "status" => "Hello world", - "visibility" => "public" - }) - |> json_response_and_validate_schema(200) - - assert response["reblogs_count"] == 0 - ObanHelpers.perform_all() - - response = - conn - |> get("api/v1/statuses/#{response["id"]}", %{}) - |> json_response_and_validate_schema(200) - - assert response["reblogs_count"] == 0 - end - - test "posting a status", %{conn: conn} do - idempotency_key = "Pikachu rocks!" - - conn_one = - conn - |> put_req_header("content-type", "application/json") - |> put_req_header("idempotency-key", idempotency_key) - |> post("/api/v1/statuses", %{ - "status" => "cofe", - "spoiler_text" => "2hu", - "sensitive" => "0" - }) - - {:ok, ttl} = Cachex.ttl(:idempotency_cache, idempotency_key) - # Six hours - assert ttl > :timer.seconds(6 * 60 * 60 - 1) - - assert %{"content" => "cofe", "id" => id, "spoiler_text" => "2hu", "sensitive" => false} = - json_response_and_validate_schema(conn_one, 200) - - assert Activity.get_by_id(id) - - conn_two = - conn - |> put_req_header("content-type", "application/json") - |> put_req_header("idempotency-key", idempotency_key) - |> post("/api/v1/statuses", %{ - "status" => "cofe", - "spoiler_text" => "2hu", - "sensitive" => 0 - }) - - assert %{"id" => second_id} = json_response(conn_two, 200) - assert id == second_id - - conn_three = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "cofe", - "spoiler_text" => "2hu", - "sensitive" => "False" - }) - - assert %{"id" => third_id} = json_response_and_validate_schema(conn_three, 200) - refute id == third_id - - # An activity that will expire: - # 2 hours - expires_in = 120 * 60 - - conn_four = - conn - |> put_req_header("content-type", "application/json") - |> post("api/v1/statuses", %{ - "status" => "oolong", - "expires_in" => expires_in - }) - - assert fourth_response = - %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200) - - assert activity = Activity.get_by_id(fourth_id) - assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) - - estimated_expires_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(expires_in) - |> NaiveDateTime.truncate(:second) - - # This assert will fail if the test takes longer than a minute. I sure hope it never does: - assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60 - - assert fourth_response["pleroma"]["expires_at"] == - NaiveDateTime.to_iso8601(expiration.scheduled_at) - end - - test "it fails to create a status if `expires_in` is less or equal than an hour", %{ - conn: conn - } do - # 1 hour - expires_in = 60 * 60 - - assert %{"error" => "Expiry date is too soon"} = - conn - |> put_req_header("content-type", "application/json") - |> post("api/v1/statuses", %{ - "status" => "oolong", - "expires_in" => expires_in - }) - |> json_response_and_validate_schema(422) - - # 30 minutes - expires_in = 30 * 60 - - assert %{"error" => "Expiry date is too soon"} = - conn - |> put_req_header("content-type", "application/json") - |> post("api/v1/statuses", %{ - "status" => "oolong", - "expires_in" => expires_in - }) - |> json_response_and_validate_schema(422) - end - - test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do - Pleroma.Config.put([:mrf_keyword, :reject], ["GNO"]) - Pleroma.Config.put([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy]) - - assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} = - conn - |> put_req_header("content-type", "application/json") - |> post("api/v1/statuses", %{"status" => "GNO/Linux"}) - |> json_response_and_validate_schema(422) - end - - test "posting an undefined status with an attachment", %{user: user, conn: conn} do - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "media_ids" => [to_string(upload.id)] - }) - - assert json_response_and_validate_schema(conn, 200) - end - - test "replying to a status", %{user: user, conn: conn} do - {:ok, replied_to} = CommonAPI.post(user, %{status: "cofe"}) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id}) - - assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200) - - activity = Activity.get_by_id(id) - - assert activity.data["context"] == replied_to.data["context"] - assert Activity.get_in_reply_to_activity(activity).id == replied_to.id - end - - test "replying to a direct message with visibility other than direct", %{ - user: user, - conn: conn - } do - {:ok, replied_to} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"}) - - Enum.each(["public", "private", "unlisted"], fn visibility -> - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "@#{user.nickname} hey", - "in_reply_to_id" => replied_to.id, - "visibility" => visibility - }) - - assert json_response_and_validate_schema(conn, 422) == %{ - "error" => "The message visibility must be direct" - } - end) - end - - test "posting a status with an invalid in_reply_to_id", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""}) - - assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn, 200) - assert Activity.get_by_id(id) - end - - test "posting a sensitive status", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true}) - - assert %{"content" => "cofe", "id" => id, "sensitive" => true} = - json_response_and_validate_schema(conn, 200) - - assert Activity.get_by_id(id) - end - - test "posting a fake status", %{conn: conn} do - real_conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => - "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it" - }) - - real_status = json_response_and_validate_schema(real_conn, 200) - - assert real_status - assert Object.get_by_ap_id(real_status["uri"]) - - real_status = - real_status - |> Map.put("id", nil) - |> Map.put("url", nil) - |> Map.put("uri", nil) - |> Map.put("created_at", nil) - |> Kernel.put_in(["pleroma", "conversation_id"], nil) - - fake_conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => - "\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it", - "preview" => true - }) - - fake_status = json_response_and_validate_schema(fake_conn, 200) - - assert fake_status - refute Object.get_by_ap_id(fake_status["uri"]) - - fake_status = - fake_status - |> Map.put("id", nil) - |> Map.put("url", nil) - |> Map.put("uri", nil) - |> Map.put("created_at", nil) - |> Kernel.put_in(["pleroma", "conversation_id"], nil) - - assert real_status == fake_status - end - - test "fake statuses' preview card is not cached", %{conn: conn} do - clear_config([:rich_media, :enabled], true) - - Tesla.Mock.mock(fn - %{ - method: :get, - url: "https://example.com/twitter-card" - } -> - %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/twitter_card.html")} - - env -> - apply(HttpRequestMock, :request, [env]) - end) - - conn1 = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "https://example.com/ogp", - "preview" => true - }) - - conn2 = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "https://example.com/twitter-card", - "preview" => true - }) - - assert %{"card" => %{"title" => "The Rock"}} = json_response_and_validate_schema(conn1, 200) - - assert %{"card" => %{"title" => "Small Island Developing States Photo Submission"}} = - json_response_and_validate_schema(conn2, 200) - end - - test "posting a status with OGP link preview", %{conn: conn} do - Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - clear_config([:rich_media, :enabled], true) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "https://example.com/ogp" - }) - - assert %{"id" => id, "card" => %{"title" => "The Rock"}} = - json_response_and_validate_schema(conn, 200) - - assert Activity.get_by_id(id) - end - - test "posting a direct status", %{conn: conn} do - user2 = insert(:user) - content = "direct cofe @#{user2.nickname}" - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"}) - - assert %{"id" => id} = response = json_response_and_validate_schema(conn, 200) - assert response["visibility"] == "direct" - assert response["pleroma"]["direct_conversation_id"] - assert activity = Activity.get_by_id(id) - assert activity.recipients == [user2.ap_id, conn.assigns[:user].ap_id] - assert activity.data["to"] == [user2.ap_id] - assert activity.data["cc"] == [] - end - end - - describe "posting scheduled statuses" do - setup do: oauth_access(["write:statuses"]) - - test "creates a scheduled activity", %{conn: conn} do - scheduled_at = - NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond) - |> NaiveDateTime.to_iso8601() - |> Kernel.<>("Z") - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "scheduled", - "scheduled_at" => scheduled_at - }) - - assert %{"scheduled_at" => expected_scheduled_at} = - json_response_and_validate_schema(conn, 200) - - assert expected_scheduled_at == CommonAPI.Utils.to_masto_date(scheduled_at) - assert [] == Repo.all(Activity) - end - - test "ignores nil values", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "not scheduled", - "scheduled_at" => nil - }) - - assert result = json_response_and_validate_schema(conn, 200) - assert Activity.get_by_id(result["id"]) - end - - test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do - scheduled_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.minutes(120), :millisecond) - |> NaiveDateTime.to_iso8601() - |> Kernel.<>("Z") - - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } - - {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "media_ids" => [to_string(upload.id)], - "status" => "scheduled", - "scheduled_at" => scheduled_at - }) - - assert %{"media_attachments" => [media_attachment]} = - json_response_and_validate_schema(conn, 200) - - assert %{"type" => "image"} = media_attachment - end - - test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now", - %{conn: conn} do - scheduled_at = - NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond) - |> NaiveDateTime.to_iso8601() - |> Kernel.<>("Z") - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "not scheduled", - "scheduled_at" => scheduled_at - }) - - assert %{"content" => "not scheduled"} = json_response_and_validate_schema(conn, 200) - assert [] == Repo.all(ScheduledActivity) - end - - test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do - today = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.minutes(6), :millisecond) - |> NaiveDateTime.to_iso8601() - # TODO - |> Kernel.<>("Z") - - attrs = %{params: %{}, scheduled_at: today} - {:ok, _} = ScheduledActivity.create(user, attrs) - {:ok, _} = ScheduledActivity.create(user, attrs) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today}) - - assert %{"error" => "daily limit exceeded"} == json_response_and_validate_schema(conn, 422) - end - - test "returns error when total user limit is exceeded", %{user: user, conn: conn} do - today = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.minutes(6), :millisecond) - |> NaiveDateTime.to_iso8601() - |> Kernel.<>("Z") - - tomorrow = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.hours(36), :millisecond) - |> NaiveDateTime.to_iso8601() - |> Kernel.<>("Z") - - attrs = %{params: %{}, scheduled_at: today} - {:ok, _} = ScheduledActivity.create(user, attrs) - {:ok, _} = ScheduledActivity.create(user, attrs) - {:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow}) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow}) - - assert %{"error" => "total limit exceeded"} == json_response_and_validate_schema(conn, 422) - end - end - - describe "posting polls" do - setup do: oauth_access(["write:statuses"]) - - test "posting a poll", %{conn: conn} do - time = NaiveDateTime.utc_now() - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "Who is the #bestgrill?", - "poll" => %{ - "options" => ["Rei", "Asuka", "Misato"], - "expires_in" => 420 - } - }) - - response = json_response_and_validate_schema(conn, 200) - - assert Enum.all?(response["poll"]["options"], fn %{"title" => title} -> - title in ["Rei", "Asuka", "Misato"] - end) - - assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430 - refute response["poll"]["expred"] - - question = Object.get_by_id(response["poll"]["id"]) - - # closed contains utc timezone - assert question.data["closed"] =~ "Z" - end - - test "option limit is enforced", %{conn: conn} do - limit = Config.get([:instance, :poll_limits, :max_options]) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "desu~", - "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1} - }) - - %{"error" => error} = json_response_and_validate_schema(conn, 422) - assert error == "Poll can't contain more than #{limit} options" - end - - test "option character limit is enforced", %{conn: conn} do - limit = Config.get([:instance, :poll_limits, :max_option_chars]) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "...", - "poll" => %{ - "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)], - "expires_in" => 1 - } - }) - - %{"error" => error} = json_response_and_validate_schema(conn, 422) - assert error == "Poll options cannot be longer than #{limit} characters each" - end - - test "minimal date limit is enforced", %{conn: conn} do - limit = Config.get([:instance, :poll_limits, :min_expiration]) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "imagine arbitrary limits", - "poll" => %{ - "options" => ["this post was made by pleroma gang"], - "expires_in" => limit - 1 - } - }) - - %{"error" => error} = json_response_and_validate_schema(conn, 422) - assert error == "Expiration date is too soon" - end - - test "maximum date limit is enforced", %{conn: conn} do - limit = Config.get([:instance, :poll_limits, :max_expiration]) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{ - "status" => "imagine arbitrary limits", - "poll" => %{ - "options" => ["this post was made by pleroma gang"], - "expires_in" => limit + 1 - } - }) - - %{"error" => error} = json_response_and_validate_schema(conn, 422) - assert error == "Expiration date is too far in the future" - end - end - - test "get a status" do - %{conn: conn} = oauth_access(["read:statuses"]) - activity = insert(:note_activity) - - conn = get(conn, "/api/v1/statuses/#{activity.id}") - - assert %{"id" => id} = json_response_and_validate_schema(conn, 200) - assert id == to_string(activity.id) - end - - defp local_and_remote_activities do - local = insert(:note_activity) - remote = insert(:note_activity, local: false) - {:ok, local: local, remote: remote} - end - - describe "status with restrict unauthenticated activities for local and remote" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :activities, :local], true) - - setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/statuses/#{local.id}") - - assert json_response_and_validate_schema(res_conn, :not_found) == %{ - "error" => "Record not found" - } - - res_conn = get(conn, "/api/v1/statuses/#{remote.id}") - - assert json_response_and_validate_schema(res_conn, :not_found) == %{ - "error" => "Record not found" - } - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - res_conn = get(conn, "/api/v1/statuses/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/statuses/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - end - - describe "status with restrict unauthenticated activities for local" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :activities, :local], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/statuses/#{local.id}") - - assert json_response_and_validate_schema(res_conn, :not_found) == %{ - "error" => "Record not found" - } - - res_conn = get(conn, "/api/v1/statuses/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - res_conn = get(conn, "/api/v1/statuses/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/statuses/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - end - - describe "status with restrict unauthenticated activities for remote" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/statuses/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/statuses/#{remote.id}") - - assert json_response_and_validate_schema(res_conn, :not_found) == %{ - "error" => "Record not found" - } - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - res_conn = get(conn, "/api/v1/statuses/#{local.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - - res_conn = get(conn, "/api/v1/statuses/#{remote.id}") - assert %{"id" => _} = json_response_and_validate_schema(res_conn, 200) - end - end - - test "getting a status that doesn't exist returns 404" do - %{conn: conn} = oauth_access(["read:statuses"]) - activity = insert(:note_activity) - - conn = get(conn, "/api/v1/statuses/#{String.downcase(activity.id)}") - - assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"} - end - - test "get a direct status" do - %{user: user, conn: conn} = oauth_access(["read:statuses"]) - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(user, %{status: "@#{other_user.nickname}", visibility: "direct"}) - - conn = - conn - |> assign(:user, user) - |> get("/api/v1/statuses/#{activity.id}") - - [participation] = Participation.for_user(user) - - res = json_response_and_validate_schema(conn, 200) - assert res["pleroma"]["direct_conversation_id"] == participation.id - end - - test "get statuses by IDs" do - %{conn: conn} = oauth_access(["read:statuses"]) - %{id: id1} = insert(:note_activity) - %{id: id2} = insert(:note_activity) - - query_string = "ids[]=#{id1}&ids[]=#{id2}" - conn = get(conn, "/api/v1/statuses/?#{query_string}") - - assert [%{"id" => ^id1}, %{"id" => ^id2}] = - Enum.sort_by(json_response_and_validate_schema(conn, :ok), & &1["id"]) - end - - describe "getting statuses by ids with restricted unauthenticated for local and remote" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :activities, :local], true) - - setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}") - - assert json_response_and_validate_schema(res_conn, 200) == [] - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}") - - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - end - - describe "getting statuses by ids with restricted unauthenticated for local" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :activities, :local], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}") - - remote_id = remote.id - assert [%{"id" => ^remote_id}] = json_response_and_validate_schema(res_conn, 200) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}") - - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - end - - describe "getting statuses by ids with restricted unauthenticated for remote" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true) - - test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do - res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}") - - local_id = local.id - assert [%{"id" => ^local_id}] = json_response_and_validate_schema(res_conn, 200) - end - - test "if user is authenticated", %{local: local, remote: remote} do - %{conn: conn} = oauth_access(["read"]) - - res_conn = get(conn, "/api/v1/statuses?ids[]=#{local.id}&ids[]=#{remote.id}") - - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - end - - describe "deleting a status" do - test "when you created it" do - %{user: author, conn: conn} = oauth_access(["write:statuses"]) - activity = insert(:note_activity, user: author) - object = Object.normalize(activity) - - content = object.data["content"] - source = object.data["source"] - - result = - conn - |> assign(:user, author) - |> delete("/api/v1/statuses/#{activity.id}") - |> json_response_and_validate_schema(200) - - assert match?(%{"content" => ^content, "text" => ^source}, result) - - refute Activity.get_by_id(activity.id) - end - - test "when it doesn't exist" do - %{user: author, conn: conn} = oauth_access(["write:statuses"]) - activity = insert(:note_activity, user: author) - - conn = - conn - |> assign(:user, author) - |> delete("/api/v1/statuses/#{String.downcase(activity.id)}") - - assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404) - end - - test "when you didn't create it" do - %{conn: conn} = oauth_access(["write:statuses"]) - activity = insert(:note_activity) - - conn = delete(conn, "/api/v1/statuses/#{activity.id}") - - assert %{"error" => "Record not found"} == json_response_and_validate_schema(conn, 404) - - assert Activity.get_by_id(activity.id) == activity - end - - test "when you're an admin or moderator", %{conn: conn} do - activity1 = insert(:note_activity) - activity2 = insert(:note_activity) - admin = insert(:user, is_admin: true) - moderator = insert(:user, is_moderator: true) - - res_conn = - conn - |> assign(:user, admin) - |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"])) - |> delete("/api/v1/statuses/#{activity1.id}") - - assert %{} = json_response_and_validate_schema(res_conn, 200) - - res_conn = - conn - |> assign(:user, moderator) - |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"])) - |> delete("/api/v1/statuses/#{activity2.id}") - - assert %{} = json_response_and_validate_schema(res_conn, 200) - - refute Activity.get_by_id(activity1.id) - refute Activity.get_by_id(activity2.id) - end - end - - describe "reblogging" do - setup do: oauth_access(["write:statuses"]) - - test "reblogs and returns the reblogged status", %{conn: conn} do - activity = insert(:note_activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/reblog") - - assert %{ - "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}, - "reblogged" => true - } = json_response_and_validate_schema(conn, 200) - - assert to_string(activity.id) == id - end - - test "returns 404 if the reblogged status doesn't exist", %{conn: conn} do - activity = insert(:note_activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{String.downcase(activity.id)}/reblog") - - assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404) - end - - test "reblogs privately and returns the reblogged status", %{conn: conn} do - activity = insert(:note_activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post( - "/api/v1/statuses/#{activity.id}/reblog", - %{"visibility" => "private"} - ) - - assert %{ - "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}, - "reblogged" => true, - "visibility" => "private" - } = json_response_and_validate_schema(conn, 200) - - assert to_string(activity.id) == id - end - - test "reblogged status for another user" do - activity = insert(:note_activity) - user1 = insert(:user) - user2 = insert(:user) - user3 = insert(:user) - {:ok, _} = CommonAPI.favorite(user2, activity.id) - {:ok, _bookmark} = Pleroma.Bookmark.create(user2.id, activity.id) - {:ok, reblog_activity1} = CommonAPI.repeat(activity.id, user1) - {:ok, _} = CommonAPI.repeat(activity.id, user2) - - conn_res = - build_conn() - |> assign(:user, user3) - |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"])) - |> get("/api/v1/statuses/#{reblog_activity1.id}") - - assert %{ - "reblog" => %{"id" => id, "reblogged" => false, "reblogs_count" => 2}, - "reblogged" => false, - "favourited" => false, - "bookmarked" => false - } = json_response_and_validate_schema(conn_res, 200) - - conn_res = - build_conn() - |> assign(:user, user2) - |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"])) - |> get("/api/v1/statuses/#{reblog_activity1.id}") - - assert %{ - "reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 2}, - "reblogged" => true, - "favourited" => true, - "bookmarked" => true - } = json_response_and_validate_schema(conn_res, 200) - - assert to_string(activity.id) == id - end - end - - describe "unreblogging" do - setup do: oauth_access(["write:statuses"]) - - test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do - activity = insert(:note_activity) - - {:ok, _} = CommonAPI.repeat(activity.id, user) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/unreblog") - - assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} = - json_response_and_validate_schema(conn, 200) - - assert to_string(activity.id) == id - end - - test "returns 404 error when activity does not exist", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/foo/unreblog") - - assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"} - end - end - - describe "favoriting" do - setup do: oauth_access(["write:favourites"]) - - test "favs a status and returns it", %{conn: conn} do - activity = insert(:note_activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/favourite") - - assert %{"id" => id, "favourites_count" => 1, "favourited" => true} = - json_response_and_validate_schema(conn, 200) - - assert to_string(activity.id) == id - end - - test "favoriting twice will just return 200", %{conn: conn} do - activity = insert(:note_activity) - - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/favourite") - - assert conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/favourite") - |> json_response_and_validate_schema(200) - end - - test "returns 404 error for a wrong id", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/1/favourite") - - assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"} - end - end - - describe "unfavoriting" do - setup do: oauth_access(["write:favourites"]) - - test "unfavorites a status and returns it", %{user: user, conn: conn} do - activity = insert(:note_activity) - - {:ok, _} = CommonAPI.favorite(user, activity.id) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/unfavourite") - - assert %{"id" => id, "favourites_count" => 0, "favourited" => false} = - json_response_and_validate_schema(conn, 200) - - assert to_string(activity.id) == id - end - - test "returns 404 error for a wrong id", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/1/unfavourite") - - assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"} - end - end - - describe "pinned statuses" do - setup do: oauth_access(["write:accounts"]) - - setup %{user: user} do - {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"}) - - %{activity: activity} - end - - setup do: clear_config([:instance, :max_pinned_statuses], 1) - - test "pin status", %{conn: conn, user: user, activity: activity} do - id_str = to_string(activity.id) - - assert %{"id" => ^id_str, "pinned" => true} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/pin") - |> json_response_and_validate_schema(200) - - assert [%{"id" => ^id_str, "pinned" => true}] = - conn - |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true") - |> json_response_and_validate_schema(200) - end - - test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do - {:ok, dm} = CommonAPI.post(user, %{status: "test", visibility: "direct"}) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{dm.id}/pin") - - assert json_response_and_validate_schema(conn, 400) == %{"error" => "Could not pin"} - end - - test "unpin status", %{conn: conn, user: user, activity: activity} do - {:ok, _} = CommonAPI.pin(activity.id, user) - user = refresh_record(user) - - id_str = to_string(activity.id) - - assert %{"id" => ^id_str, "pinned" => false} = - conn - |> assign(:user, user) - |> post("/api/v1/statuses/#{activity.id}/unpin") - |> json_response_and_validate_schema(200) - - assert [] = - conn - |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true") - |> json_response_and_validate_schema(200) - end - - test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/1/unpin") - - assert json_response_and_validate_schema(conn, 400) == %{"error" => "Could not unpin"} - end - - test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do - {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"}) - - id_str_one = to_string(activity_one.id) - - assert %{"id" => ^id_str_one, "pinned" => true} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{id_str_one}/pin") - |> json_response_and_validate_schema(200) - - user = refresh_record(user) - - assert %{"error" => "You have already pinned the maximum number of statuses"} = - conn - |> assign(:user, user) - |> post("/api/v1/statuses/#{activity_two.id}/pin") - |> json_response_and_validate_schema(400) - end - end - - describe "cards" do - setup do - Config.put([:rich_media, :enabled], true) - - oauth_access(["read:statuses"]) - end - - test "returns rich-media card", %{conn: conn, user: user} do - Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - - {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp"}) - - card_data = %{ - "image" => "http://ia.media-imdb.com/images/rock.jpg", - "provider_name" => "example.com", - "provider_url" => "https://example.com", - "title" => "The Rock", - "type" => "link", - "url" => "https://example.com/ogp", - "description" => - "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.", - "pleroma" => %{ - "opengraph" => %{ - "image" => "http://ia.media-imdb.com/images/rock.jpg", - "title" => "The Rock", - "type" => "video.movie", - "url" => "https://example.com/ogp", - "description" => - "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer." - } - } - } - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/card") - |> json_response_and_validate_schema(200) - - assert response == card_data - - # works with private posts - {:ok, activity} = - CommonAPI.post(user, %{status: "https://example.com/ogp", visibility: "direct"}) - - response_two = - conn - |> get("/api/v1/statuses/#{activity.id}/card") - |> json_response_and_validate_schema(200) - - assert response_two == card_data - end - - test "replaces missing description with an empty string", %{conn: conn, user: user} do - Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - - {:ok, activity} = CommonAPI.post(user, %{status: "https://example.com/ogp-missing-data"}) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/card") - |> json_response_and_validate_schema(:ok) - - assert response == %{ - "type" => "link", - "title" => "Pleroma", - "description" => "", - "image" => nil, - "provider_name" => "example.com", - "provider_url" => "https://example.com", - "url" => "https://example.com/ogp-missing-data", - "pleroma" => %{ - "opengraph" => %{ - "title" => "Pleroma", - "type" => "website", - "url" => "https://example.com/ogp-missing-data" - } - } - } - end - end - - test "bookmarks" do - bookmarks_uri = "/api/v1/bookmarks" - - %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"]) - author = insert(:user) - - {:ok, activity1} = CommonAPI.post(author, %{status: "heweoo?"}) - {:ok, activity2} = CommonAPI.post(author, %{status: "heweoo!"}) - - response1 = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity1.id}/bookmark") - - assert json_response_and_validate_schema(response1, 200)["bookmarked"] == true - - response2 = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity2.id}/bookmark") - - assert json_response_and_validate_schema(response2, 200)["bookmarked"] == true - - bookmarks = get(conn, bookmarks_uri) - - assert [ - json_response_and_validate_schema(response2, 200), - json_response_and_validate_schema(response1, 200) - ] == - json_response_and_validate_schema(bookmarks, 200) - - response1 = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity1.id}/unbookmark") - - assert json_response_and_validate_schema(response1, 200)["bookmarked"] == false - - bookmarks = get(conn, bookmarks_uri) - - assert [json_response_and_validate_schema(response2, 200)] == - json_response_and_validate_schema(bookmarks, 200) - end - - describe "conversation muting" do - setup do: oauth_access(["write:mutes"]) - - setup do - post_user = insert(:user) - {:ok, activity} = CommonAPI.post(post_user, %{status: "HIE"}) - %{activity: activity} - end - - test "mute conversation", %{conn: conn, activity: activity} do - id_str = to_string(activity.id) - - assert %{"id" => ^id_str, "muted" => true} = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/mute") - |> json_response_and_validate_schema(200) - end - - test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do - {:ok, _} = CommonAPI.add_mute(user, activity) - - conn = - conn - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/mute") - - assert json_response_and_validate_schema(conn, 400) == %{ - "error" => "conversation is already muted" - } - end - - test "unmute conversation", %{conn: conn, user: user, activity: activity} do - {:ok, _} = CommonAPI.add_mute(user, activity) - - id_str = to_string(activity.id) - - assert %{"id" => ^id_str, "muted" => false} = - conn - # |> assign(:user, user) - |> post("/api/v1/statuses/#{activity.id}/unmute") - |> json_response_and_validate_schema(200) - end - end - - test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{conn: conn} do - user1 = insert(:user) - user2 = insert(:user) - user3 = insert(:user) - - {:ok, replied_to} = CommonAPI.post(user1, %{status: "cofe"}) - - # Reply to status from another user - conn1 = - conn - |> assign(:user, user2) - |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"])) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id}) - - assert %{"content" => "xD", "id" => id} = json_response_and_validate_schema(conn1, 200) - - activity = Activity.get_by_id_with_object(id) - - assert Object.normalize(activity).data["inReplyTo"] == Object.normalize(replied_to).data["id"] - assert Activity.get_in_reply_to_activity(activity).id == replied_to.id - - # Reblog from the third user - conn2 = - conn - |> assign(:user, user3) - |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"])) - |> put_req_header("content-type", "application/json") - |> post("/api/v1/statuses/#{activity.id}/reblog") - - assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} = - json_response_and_validate_schema(conn2, 200) - - assert to_string(activity.id) == id - - # Getting third user status - conn3 = - conn - |> assign(:user, user3) - |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"])) - |> get("api/v1/timelines/home") - - [reblogged_activity] = json_response(conn3, 200) - - assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id - - replied_to_user = User.get_by_ap_id(replied_to.data["actor"]) - assert reblogged_activity["reblog"]["in_reply_to_account_id"] == replied_to_user.id - end - - describe "GET /api/v1/statuses/:id/favourited_by" do - setup do: oauth_access(["read:accounts"]) - - setup %{user: user} do - {:ok, activity} = CommonAPI.post(user, %{status: "test"}) - - %{activity: activity} - end - - test "returns users who have favorited the status", %{conn: conn, activity: activity} do - other_user = insert(:user) - {:ok, _} = CommonAPI.favorite(other_user, activity.id) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/favourited_by") - |> json_response_and_validate_schema(:ok) - - [%{"id" => id}] = response - - assert id == other_user.id - end - - test "returns empty array when status has not been favorited yet", %{ - conn: conn, - activity: activity - } do - response = - conn - |> get("/api/v1/statuses/#{activity.id}/favourited_by") - |> json_response_and_validate_schema(:ok) - - assert Enum.empty?(response) - end - - test "does not return users who have favorited the status but are blocked", %{ - conn: %{assigns: %{user: user}} = conn, - activity: activity - } do - other_user = insert(:user) - {:ok, _user_relationship} = User.block(user, other_user) - - {:ok, _} = CommonAPI.favorite(other_user, activity.id) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/favourited_by") - |> json_response_and_validate_schema(:ok) - - assert Enum.empty?(response) - end - - test "does not fail on an unauthenticated request", %{activity: activity} do - other_user = insert(:user) - {:ok, _} = CommonAPI.favorite(other_user, activity.id) - - response = - build_conn() - |> get("/api/v1/statuses/#{activity.id}/favourited_by") - |> json_response_and_validate_schema(:ok) - - [%{"id" => id}] = response - assert id == other_user.id - end - - test "requires authentication for private posts", %{user: user} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(user, %{ - status: "@#{other_user.nickname} wanna get some #cofe together?", - visibility: "direct" - }) - - {:ok, _} = CommonAPI.favorite(other_user, activity.id) - - favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by" - - build_conn() - |> get(favourited_by_url) - |> json_response_and_validate_schema(404) - - conn = - build_conn() - |> assign(:user, other_user) - |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"])) - - conn - |> assign(:token, nil) - |> get(favourited_by_url) - |> json_response_and_validate_schema(404) - - response = - conn - |> get(favourited_by_url) - |> json_response_and_validate_schema(200) - - [%{"id" => id}] = response - assert id == other_user.id - end - - test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do - clear_config([:instance, :show_reactions], false) - - other_user = insert(:user) - {:ok, _} = CommonAPI.favorite(other_user, activity.id) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/favourited_by") - |> json_response_and_validate_schema(:ok) - - assert Enum.empty?(response) - end - end - - describe "GET /api/v1/statuses/:id/reblogged_by" do - setup do: oauth_access(["read:accounts"]) - - setup %{user: user} do - {:ok, activity} = CommonAPI.post(user, %{status: "test"}) - - %{activity: activity} - end - - test "returns users who have reblogged the status", %{conn: conn, activity: activity} do - other_user = insert(:user) - {:ok, _} = CommonAPI.repeat(activity.id, other_user) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(:ok) - - [%{"id" => id}] = response - - assert id == other_user.id - end - - test "returns empty array when status has not been reblogged yet", %{ - conn: conn, - activity: activity - } do - response = - conn - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(:ok) - - assert Enum.empty?(response) - end - - test "does not return users who have reblogged the status but are blocked", %{ - conn: %{assigns: %{user: user}} = conn, - activity: activity - } do - other_user = insert(:user) - {:ok, _user_relationship} = User.block(user, other_user) - - {:ok, _} = CommonAPI.repeat(activity.id, other_user) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(:ok) - - assert Enum.empty?(response) - end - - test "does not return users who have reblogged the status privately", %{ - conn: conn - } do - other_user = insert(:user) - {:ok, activity} = CommonAPI.post(other_user, %{status: "my secret post"}) - - {:ok, _} = CommonAPI.repeat(activity.id, other_user, %{visibility: "private"}) - - response = - conn - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(:ok) - - assert Enum.empty?(response) - end - - test "does not fail on an unauthenticated request", %{activity: activity} do - other_user = insert(:user) - {:ok, _} = CommonAPI.repeat(activity.id, other_user) - - response = - build_conn() - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(:ok) - - [%{"id" => id}] = response - assert id == other_user.id - end - - test "requires authentication for private posts", %{user: user} do - other_user = insert(:user) - - {:ok, activity} = - CommonAPI.post(user, %{ - status: "@#{other_user.nickname} wanna get some #cofe together?", - visibility: "direct" - }) - - build_conn() - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(404) - - response = - build_conn() - |> assign(:user, other_user) - |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"])) - |> get("/api/v1/statuses/#{activity.id}/reblogged_by") - |> json_response_and_validate_schema(200) - - assert [] == response - end - end - - test "context" do - user = insert(:user) - - {:ok, %{id: id1}} = CommonAPI.post(user, %{status: "1"}) - {:ok, %{id: id2}} = CommonAPI.post(user, %{status: "2", in_reply_to_status_id: id1}) - {:ok, %{id: id3}} = CommonAPI.post(user, %{status: "3", in_reply_to_status_id: id2}) - {:ok, %{id: id4}} = CommonAPI.post(user, %{status: "4", in_reply_to_status_id: id3}) - {:ok, %{id: id5}} = CommonAPI.post(user, %{status: "5", in_reply_to_status_id: id4}) - - response = - build_conn() - |> get("/api/v1/statuses/#{id3}/context") - |> json_response_and_validate_schema(:ok) - - assert %{ - "ancestors" => [%{"id" => ^id1}, %{"id" => ^id2}], - "descendants" => [%{"id" => ^id4}, %{"id" => ^id5}] - } = response - end - - test "favorites paginate correctly" do - %{user: user, conn: conn} = oauth_access(["read:favourites"]) - other_user = insert(:user) - {:ok, first_post} = CommonAPI.post(other_user, %{status: "bla"}) - {:ok, second_post} = CommonAPI.post(other_user, %{status: "bla"}) - {:ok, third_post} = CommonAPI.post(other_user, %{status: "bla"}) - - {:ok, _first_favorite} = CommonAPI.favorite(user, third_post.id) - {:ok, _second_favorite} = CommonAPI.favorite(user, first_post.id) - {:ok, third_favorite} = CommonAPI.favorite(user, second_post.id) - - result = - conn - |> get("/api/v1/favourites?limit=1") - - assert [%{"id" => post_id}] = json_response_and_validate_schema(result, 200) - assert post_id == second_post.id - - # Using the header for pagination works correctly - [next, _] = get_resp_header(result, "link") |> hd() |> String.split(", ") - [_, max_id] = Regex.run(~r/max_id=([^&]+)/, next) - - assert max_id == third_favorite.id - - result = - conn - |> get("/api/v1/favourites?max_id=#{max_id}") - - assert [%{"id" => first_post_id}, %{"id" => third_post_id}] = - json_response_and_validate_schema(result, 200) - - assert first_post_id == first_post.id - assert third_post_id == third_post.id - end - - test "returns the favorites of a user" do - %{user: user, conn: conn} = oauth_access(["read:favourites"]) - other_user = insert(:user) - - {:ok, _} = CommonAPI.post(other_user, %{status: "bla"}) - {:ok, activity} = CommonAPI.post(other_user, %{status: "trees are happy"}) - - {:ok, last_like} = CommonAPI.favorite(user, activity.id) - - first_conn = get(conn, "/api/v1/favourites") - - assert [status] = json_response_and_validate_schema(first_conn, 200) - assert status["id"] == to_string(activity.id) - - assert [{"link", _link_header}] = - Enum.filter(first_conn.resp_headers, fn element -> match?({"link", _}, element) end) - - # Honours query params - {:ok, second_activity} = - CommonAPI.post(other_user, %{ - status: "Trees Are Never Sad Look At Them Every Once In Awhile They're Quite Beautiful." - }) - - {:ok, _} = CommonAPI.favorite(user, second_activity.id) - - second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like.id}") - - assert [second_status] = json_response_and_validate_schema(second_conn, 200) - assert second_status["id"] == to_string(second_activity.id) - - third_conn = get(conn, "/api/v1/favourites?limit=0") - - assert [] = json_response_and_validate_schema(third_conn, 200) - end - - test "expires_at is nil for another user" do - %{conn: conn, user: user} = oauth_access(["read:statuses"]) - {:ok, activity} = CommonAPI.post(user, %{status: "foobar", expires_in: 1_000_000}) - - expires_at = - activity.id - |> ActivityExpiration.get_by_activity_id() - |> Map.get(:scheduled_at) - |> NaiveDateTime.to_iso8601() - - assert %{"pleroma" => %{"expires_at" => ^expires_at}} = - conn - |> get("/api/v1/statuses/#{activity.id}") - |> json_response_and_validate_schema(:ok) - - %{conn: conn} = oauth_access(["read:statuses"]) - - assert %{"pleroma" => %{"expires_at" => nil}} = - conn - |> get("/api/v1/statuses/#{activity.id}") - |> json_response_and_validate_schema(:ok) - end -end diff --git a/test/web/mastodon_api/controllers/subscription_controller_test.exs b/test/web/mastodon_api/controllers/subscription_controller_test.exs deleted file mode 100644 index d36bb1ae8..000000000 --- a/test/web/mastodon_api/controllers/subscription_controller_test.exs +++ /dev/null @@ -1,199 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do - use Pleroma.Web.ConnCase - - import Pleroma.Factory - - alias Pleroma.Web.Push - alias Pleroma.Web.Push.Subscription - - @sub %{ - "endpoint" => "https://example.com/example/1234", - "keys" => %{ - "auth" => "8eDyX_uCN0XRhSbY5hs7Hg==", - "p256dh" => - "BCIWgsnyXDv1VkhqL2P7YRBvdeuDnlwAPT2guNhdIoW3IP7GmHh1SMKPLxRf7x8vJy6ZFK3ol2ohgn_-0yP7QQA=" - } - } - @server_key Keyword.get(Push.vapid_config(), :public_key) - - setup do - user = insert(:user) - token = insert(:oauth_token, user: user, scopes: ["push"]) - - conn = - build_conn() - |> assign(:user, user) - |> assign(:token, token) - |> put_req_header("content-type", "application/json") - - %{conn: conn, user: user, token: token} - end - - defmacro assert_error_when_disable_push(do: yield) do - quote do - vapid_details = Application.get_env(:web_push_encryption, :vapid_details, []) - Application.put_env(:web_push_encryption, :vapid_details, []) - - assert %{"error" => "Web push subscription is disabled on this Pleroma instance"} == - unquote(yield) - - Application.put_env(:web_push_encryption, :vapid_details, vapid_details) - end - end - - describe "creates push subscription" do - test "returns error when push disabled ", %{conn: conn} do - assert_error_when_disable_push do - conn - |> post("/api/v1/push/subscription", %{subscription: @sub}) - |> json_response_and_validate_schema(403) - end - end - - test "successful creation", %{conn: conn} do - result = - conn - |> post("/api/v1/push/subscription", %{ - "data" => %{ - "alerts" => %{"mention" => true, "test" => true, "pleroma:chat_mention" => true} - }, - "subscription" => @sub - }) - |> json_response_and_validate_schema(200) - - [subscription] = Pleroma.Repo.all(Subscription) - - assert %{ - "alerts" => %{"mention" => true, "pleroma:chat_mention" => true}, - "endpoint" => subscription.endpoint, - "id" => to_string(subscription.id), - "server_key" => @server_key - } == result - end - end - - describe "gets a user subscription" do - test "returns error when push disabled ", %{conn: conn} do - assert_error_when_disable_push do - conn - |> get("/api/v1/push/subscription", %{}) - |> json_response_and_validate_schema(403) - end - end - - test "returns error when user hasn't subscription", %{conn: conn} do - res = - conn - |> get("/api/v1/push/subscription", %{}) - |> json_response_and_validate_schema(404) - - assert %{"error" => "Record not found"} == res - end - - test "returns a user subsciption", %{conn: conn, user: user, token: token} do - subscription = - insert(:push_subscription, - user: user, - token: token, - data: %{"alerts" => %{"mention" => true}} - ) - - res = - conn - |> get("/api/v1/push/subscription", %{}) - |> json_response_and_validate_schema(200) - - expect = %{ - "alerts" => %{"mention" => true}, - "endpoint" => "https://example.com/example/1234", - "id" => to_string(subscription.id), - "server_key" => @server_key - } - - assert expect == res - end - end - - describe "updates a user subsciption" do - setup %{conn: conn, user: user, token: token} do - subscription = - insert(:push_subscription, - user: user, - token: token, - data: %{"alerts" => %{"mention" => true}} - ) - - %{conn: conn, user: user, token: token, subscription: subscription} - end - - test "returns error when push disabled ", %{conn: conn} do - assert_error_when_disable_push do - conn - |> put("/api/v1/push/subscription", %{data: %{"alerts" => %{"mention" => false}}}) - |> json_response_and_validate_schema(403) - end - end - - test "returns updated subsciption", %{conn: conn, subscription: subscription} do - res = - conn - |> put("/api/v1/push/subscription", %{ - data: %{"alerts" => %{"mention" => false, "follow" => true}} - }) - |> json_response_and_validate_schema(200) - - expect = %{ - "alerts" => %{"follow" => true, "mention" => false}, - "endpoint" => "https://example.com/example/1234", - "id" => to_string(subscription.id), - "server_key" => @server_key - } - - assert expect == res - end - end - - describe "deletes the user subscription" do - test "returns error when push disabled ", %{conn: conn} do - assert_error_when_disable_push do - conn - |> delete("/api/v1/push/subscription", %{}) - |> json_response_and_validate_schema(403) - end - end - - test "returns error when user hasn't subscription", %{conn: conn} do - res = - conn - |> delete("/api/v1/push/subscription", %{}) - |> json_response_and_validate_schema(404) - - assert %{"error" => "Record not found"} == res - end - - test "returns empty result and delete user subsciption", %{ - conn: conn, - user: user, - token: token - } do - subscription = - insert(:push_subscription, - user: user, - token: token, - data: %{"alerts" => %{"mention" => true}} - ) - - res = - conn - |> delete("/api/v1/push/subscription", %{}) - |> json_response_and_validate_schema(200) - - assert %{} == res - refute Pleroma.Repo.get(Subscription, subscription.id) - end - end -end diff --git a/test/web/mastodon_api/controllers/suggestion_controller_test.exs b/test/web/mastodon_api/controllers/suggestion_controller_test.exs deleted file mode 100644 index 7f08e187c..000000000 --- a/test/web/mastodon_api/controllers/suggestion_controller_test.exs +++ /dev/null @@ -1,18 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.SuggestionControllerTest do - use Pleroma.Web.ConnCase - - setup do: oauth_access(["read"]) - - test "returns empty result", %{conn: conn} do - res = - conn - |> get("/api/v1/suggestions") - |> json_response_and_validate_schema(200) - - assert res == [] - end -end diff --git a/test/web/mastodon_api/controllers/timeline_controller_test.exs b/test/web/mastodon_api/controllers/timeline_controller_test.exs deleted file mode 100644 index 517cabcff..000000000 --- a/test/web/mastodon_api/controllers/timeline_controller_test.exs +++ /dev/null @@ -1,552 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do - use Pleroma.Web.ConnCase - - import Pleroma.Factory - import Tesla.Mock - - alias Pleroma.Config - alias Pleroma.User - alias Pleroma.Web.CommonAPI - - setup do - mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - :ok - end - - describe "home" do - setup do: oauth_access(["read:statuses"]) - - test "does NOT embed account/pleroma/relationship in statuses", %{ - user: user, - conn: conn - } do - other_user = insert(:user) - - {:ok, _} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"}) - - response = - conn - |> assign(:user, user) - |> get("/api/v1/timelines/home") - |> json_response_and_validate_schema(200) - - assert Enum.all?(response, fn n -> - get_in(n, ["account", "pleroma", "relationship"]) == %{} - end) - end - - test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do - {:ok, public_activity} = CommonAPI.post(user, %{status: ".", visibility: "public"}) - {:ok, direct_activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"}) - - {:ok, unlisted_activity} = CommonAPI.post(user, %{status: ".", visibility: "unlisted"}) - - {:ok, private_activity} = CommonAPI.post(user, %{status: ".", visibility: "private"}) - - conn = get(conn, "/api/v1/timelines/home?exclude_visibilities[]=direct") - - assert status_ids = json_response_and_validate_schema(conn, :ok) |> Enum.map(& &1["id"]) - assert public_activity.id in status_ids - assert unlisted_activity.id in status_ids - assert private_activity.id in status_ids - refute direct_activity.id in status_ids - end - end - - describe "public" do - @tag capture_log: true - test "the public timeline", %{conn: conn} do - user = insert(:user) - - {:ok, activity} = CommonAPI.post(user, %{status: "test"}) - - _activity = insert(:note_activity, local: false) - - conn = get(conn, "/api/v1/timelines/public?local=False") - - assert length(json_response_and_validate_schema(conn, :ok)) == 2 - - conn = get(build_conn(), "/api/v1/timelines/public?local=True") - - assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok) - - conn = get(build_conn(), "/api/v1/timelines/public?local=1") - - assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok) - - # does not contain repeats - {:ok, _} = CommonAPI.repeat(activity.id, user) - - conn = get(build_conn(), "/api/v1/timelines/public?local=true") - - assert [_] = json_response_and_validate_schema(conn, :ok) - end - - test "the public timeline includes only public statuses for an authenticated user" do - %{user: user, conn: conn} = oauth_access(["read:statuses"]) - - {:ok, _activity} = CommonAPI.post(user, %{status: "test"}) - {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "private"}) - {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "unlisted"}) - {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "direct"}) - - res_conn = get(conn, "/api/v1/timelines/public") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - end - - test "doesn't return replies if follower is posting with blocked user" do - %{conn: conn, user: blocker} = oauth_access(["read:statuses"]) - [blockee, friend] = insert_list(2, :user) - {:ok, blocker} = User.follow(blocker, friend) - {:ok, _} = User.block(blocker, blockee) - - conn = assign(conn, :user, blocker) - - {:ok, %{id: activity_id} = activity} = CommonAPI.post(friend, %{status: "hey!"}) - - {:ok, reply_from_blockee} = - CommonAPI.post(blockee, %{status: "heya", in_reply_to_status_id: activity}) - - {:ok, _reply_from_friend} = - CommonAPI.post(friend, %{status: "status", in_reply_to_status_id: reply_from_blockee}) - - res_conn = get(conn, "/api/v1/timelines/public") - [%{"id" => ^activity_id}] = json_response_and_validate_schema(res_conn, 200) - end - - test "doesn't return replies if follow is posting with users from blocked domain" do - %{conn: conn, user: blocker} = oauth_access(["read:statuses"]) - friend = insert(:user) - blockee = insert(:user, ap_id: "https://example.com/users/blocked") - {:ok, blocker} = User.follow(blocker, friend) - {:ok, blocker} = User.block_domain(blocker, "example.com") - - conn = assign(conn, :user, blocker) - - {:ok, %{id: activity_id} = activity} = CommonAPI.post(friend, %{status: "hey!"}) - - {:ok, reply_from_blockee} = - CommonAPI.post(blockee, %{status: "heya", in_reply_to_status_id: activity}) - - {:ok, _reply_from_friend} = - CommonAPI.post(friend, %{status: "status", in_reply_to_status_id: reply_from_blockee}) - - res_conn = get(conn, "/api/v1/timelines/public") - - activities = json_response_and_validate_schema(res_conn, 200) - [%{"id" => ^activity_id}] = activities - end - end - - defp local_and_remote_activities do - insert(:note_activity) - insert(:note_activity, local: false) - :ok - end - - describe "public with restrict unauthenticated timeline for local and federated timelines" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true) - - setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true) - - test "if user is unauthenticated", %{conn: conn} do - res_conn = get(conn, "/api/v1/timelines/public?local=true") - - assert json_response_and_validate_schema(res_conn, :unauthorized) == %{ - "error" => "authorization required for timeline view" - } - - res_conn = get(conn, "/api/v1/timelines/public?local=false") - - assert json_response_and_validate_schema(res_conn, :unauthorized) == %{ - "error" => "authorization required for timeline view" - } - end - - test "if user is authenticated" do - %{conn: conn} = oauth_access(["read:statuses"]) - - res_conn = get(conn, "/api/v1/timelines/public?local=true") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/timelines/public?local=false") - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - end - - describe "public with restrict unauthenticated timeline for local" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true) - - test "if user is unauthenticated", %{conn: conn} do - res_conn = get(conn, "/api/v1/timelines/public?local=true") - - assert json_response_and_validate_schema(res_conn, :unauthorized) == %{ - "error" => "authorization required for timeline view" - } - - res_conn = get(conn, "/api/v1/timelines/public?local=false") - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - - test "if user is authenticated", %{conn: _conn} do - %{conn: conn} = oauth_access(["read:statuses"]) - - res_conn = get(conn, "/api/v1/timelines/public?local=true") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/timelines/public?local=false") - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - end - - describe "public with restrict unauthenticated timeline for remote" do - setup do: local_and_remote_activities() - - setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true) - - test "if user is unauthenticated", %{conn: conn} do - res_conn = get(conn, "/api/v1/timelines/public?local=true") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/timelines/public?local=false") - - assert json_response_and_validate_schema(res_conn, :unauthorized) == %{ - "error" => "authorization required for timeline view" - } - end - - test "if user is authenticated", %{conn: _conn} do - %{conn: conn} = oauth_access(["read:statuses"]) - - res_conn = get(conn, "/api/v1/timelines/public?local=true") - assert length(json_response_and_validate_schema(res_conn, 200)) == 1 - - res_conn = get(conn, "/api/v1/timelines/public?local=false") - assert length(json_response_and_validate_schema(res_conn, 200)) == 2 - end - end - - describe "direct" do - test "direct timeline", %{conn: conn} do - user_one = insert(:user) - user_two = insert(:user) - - {:ok, user_two} = User.follow(user_two, user_one) - - {:ok, direct} = - CommonAPI.post(user_one, %{ - status: "Hi @#{user_two.nickname}!", - visibility: "direct" - }) - - {:ok, _follower_only} = - CommonAPI.post(user_one, %{ - status: "Hi @#{user_two.nickname}!", - visibility: "private" - }) - - conn_user_two = - conn - |> assign(:user, user_two) - |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"])) - - # Only direct should be visible here - res_conn = get(conn_user_two, "api/v1/timelines/direct") - - assert [status] = json_response_and_validate_schema(res_conn, :ok) - - assert %{"visibility" => "direct"} = status - assert status["url"] != direct.data["id"] - - # User should be able to see their own direct message - res_conn = - build_conn() - |> assign(:user, user_one) - |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"])) - |> get("api/v1/timelines/direct") - - [status] = json_response_and_validate_schema(res_conn, :ok) - - assert %{"visibility" => "direct"} = status - - # Both should be visible here - res_conn = get(conn_user_two, "api/v1/timelines/home") - - [_s1, _s2] = json_response_and_validate_schema(res_conn, :ok) - - # Test pagination - Enum.each(1..20, fn _ -> - {:ok, _} = - CommonAPI.post(user_one, %{ - status: "Hi @#{user_two.nickname}!", - visibility: "direct" - }) - end) - - res_conn = get(conn_user_two, "api/v1/timelines/direct") - - statuses = json_response_and_validate_schema(res_conn, :ok) - assert length(statuses) == 20 - - max_id = List.last(statuses)["id"] - - res_conn = get(conn_user_two, "api/v1/timelines/direct?max_id=#{max_id}") - - assert [status] = json_response_and_validate_schema(res_conn, :ok) - - assert status["url"] != direct.data["id"] - end - - test "doesn't include DMs from blocked users" do - %{user: blocker, conn: conn} = oauth_access(["read:statuses"]) - blocked = insert(:user) - other_user = insert(:user) - {:ok, _user_relationship} = User.block(blocker, blocked) - - {:ok, _blocked_direct} = - CommonAPI.post(blocked, %{ - status: "Hi @#{blocker.nickname}!", - visibility: "direct" - }) - - {:ok, direct} = - CommonAPI.post(other_user, %{ - status: "Hi @#{blocker.nickname}!", - visibility: "direct" - }) - - res_conn = get(conn, "api/v1/timelines/direct") - - [status] = json_response_and_validate_schema(res_conn, :ok) - assert status["id"] == direct.id - end - end - - describe "list" do - setup do: oauth_access(["read:lists"]) - - test "does not contain retoots", %{user: user, conn: conn} do - other_user = insert(:user) - {:ok, activity_one} = CommonAPI.post(user, %{status: "Marisa is cute."}) - {:ok, activity_two} = CommonAPI.post(other_user, %{status: "Marisa is stupid."}) - {:ok, _} = CommonAPI.repeat(activity_one.id, other_user) - - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - - conn = get(conn, "/api/v1/timelines/list/#{list.id}") - - assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok) - - assert id == to_string(activity_two.id) - end - - test "works with pagination", %{user: user, conn: conn} do - other_user = insert(:user) - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - - Enum.each(1..30, fn i -> - CommonAPI.post(other_user, %{status: "post number #{i}"}) - end) - - res = - get(conn, "/api/v1/timelines/list/#{list.id}?limit=1") - |> json_response_and_validate_schema(:ok) - - assert length(res) == 1 - - [first] = res - - res = - get(conn, "/api/v1/timelines/list/#{list.id}?max_id=#{first["id"]}&limit=30") - |> json_response_and_validate_schema(:ok) - - assert length(res) == 29 - end - - test "list timeline", %{user: user, conn: conn} do - other_user = insert(:user) - {:ok, _activity_one} = CommonAPI.post(user, %{status: "Marisa is cute."}) - {:ok, activity_two} = CommonAPI.post(other_user, %{status: "Marisa is cute."}) - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - - conn = get(conn, "/api/v1/timelines/list/#{list.id}") - - assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok) - - assert id == to_string(activity_two.id) - end - - test "list timeline does not leak non-public statuses for unfollowed users", %{ - user: user, - conn: conn - } do - other_user = insert(:user) - {:ok, activity_one} = CommonAPI.post(other_user, %{status: "Marisa is cute."}) - - {:ok, _activity_two} = - CommonAPI.post(other_user, %{ - status: "Marisa is cute.", - visibility: "private" - }) - - {:ok, list} = Pleroma.List.create("name", user) - {:ok, list} = Pleroma.List.follow(list, other_user) - - conn = get(conn, "/api/v1/timelines/list/#{list.id}") - - assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok) - - assert id == to_string(activity_one.id) - end - end - - describe "hashtag" do - setup do: oauth_access(["n/a"]) - - @tag capture_log: true - test "hashtag timeline", %{conn: conn} do - following = insert(:user) - - {:ok, activity} = CommonAPI.post(following, %{status: "test #2hu"}) - - nconn = get(conn, "/api/v1/timelines/tag/2hu") - - assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok) - - assert id == to_string(activity.id) - - # works for different capitalization too - nconn = get(conn, "/api/v1/timelines/tag/2HU") - - assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok) - - assert id == to_string(activity.id) - end - - test "multi-hashtag timeline", %{conn: conn} do - user = insert(:user) - - {:ok, activity_test} = CommonAPI.post(user, %{status: "#test"}) - {:ok, activity_test1} = CommonAPI.post(user, %{status: "#test #test1"}) - {:ok, activity_none} = CommonAPI.post(user, %{status: "#test #none"}) - - any_test = get(conn, "/api/v1/timelines/tag/test?any[]=test1") - - [status_none, status_test1, status_test] = json_response_and_validate_schema(any_test, :ok) - - assert to_string(activity_test.id) == status_test["id"] - assert to_string(activity_test1.id) == status_test1["id"] - assert to_string(activity_none.id) == status_none["id"] - - restricted_test = get(conn, "/api/v1/timelines/tag/test?all[]=test1&none[]=none") - - assert [status_test1] == json_response_and_validate_schema(restricted_test, :ok) - - all_test = get(conn, "/api/v1/timelines/tag/test?all[]=none") - - assert [status_none] == json_response_and_validate_schema(all_test, :ok) - end - end - - describe "hashtag timeline handling of :restrict_unauthenticated setting" do - setup do - user = insert(:user) - {:ok, activity1} = CommonAPI.post(user, %{status: "test #tag1"}) - {:ok, _activity2} = CommonAPI.post(user, %{status: "test #tag1"}) - - activity1 - |> Ecto.Changeset.change(%{local: false}) - |> Pleroma.Repo.update() - - base_uri = "/api/v1/timelines/tag/tag1" - error_response = %{"error" => "authorization required for timeline view"} - - %{base_uri: base_uri, error_response: error_response} - end - - defp ensure_authenticated_access(base_uri) do - %{conn: auth_conn} = oauth_access(["read:statuses"]) - - res_conn = get(auth_conn, "#{base_uri}?local=true") - assert length(json_response(res_conn, 200)) == 1 - - res_conn = get(auth_conn, "#{base_uri}?local=false") - assert length(json_response(res_conn, 200)) == 2 - end - - test "with default settings on private instances, returns 403 for unauthenticated users", %{ - conn: conn, - base_uri: base_uri, - error_response: error_response - } do - clear_config([:instance, :public], false) - clear_config([:restrict_unauthenticated, :timelines]) - - for local <- [true, false] do - res_conn = get(conn, "#{base_uri}?local=#{local}") - - assert json_response(res_conn, :unauthorized) == error_response - end - - ensure_authenticated_access(base_uri) - end - - test "with `%{local: true, federated: true}`, returns 403 for unauthenticated users", %{ - conn: conn, - base_uri: base_uri, - error_response: error_response - } do - clear_config([:restrict_unauthenticated, :timelines, :local], true) - clear_config([:restrict_unauthenticated, :timelines, :federated], true) - - for local <- [true, false] do - res_conn = get(conn, "#{base_uri}?local=#{local}") - - assert json_response(res_conn, :unauthorized) == error_response - end - - ensure_authenticated_access(base_uri) - end - - test "with `%{local: false, federated: true}`, forbids unauthenticated access to federated timeline", - %{conn: conn, base_uri: base_uri, error_response: error_response} do - clear_config([:restrict_unauthenticated, :timelines, :local], false) - clear_config([:restrict_unauthenticated, :timelines, :federated], true) - - res_conn = get(conn, "#{base_uri}?local=true") - assert length(json_response(res_conn, 200)) == 1 - - res_conn = get(conn, "#{base_uri}?local=false") - assert json_response(res_conn, :unauthorized) == error_response - - ensure_authenticated_access(base_uri) - end - - test "with `%{local: true, federated: false}`, forbids unauthenticated access to public timeline" <> - "(but not to local public activities which are delivered as part of federated timeline)", - %{conn: conn, base_uri: base_uri, error_response: error_response} do - clear_config([:restrict_unauthenticated, :timelines, :local], true) - clear_config([:restrict_unauthenticated, :timelines, :federated], false) - - res_conn = get(conn, "#{base_uri}?local=true") - assert json_response(res_conn, :unauthorized) == error_response - - # Note: local activities get delivered as part of federated timeline - res_conn = get(conn, "#{base_uri}?local=false") - assert length(json_response(res_conn, 200)) == 2 - - ensure_authenticated_access(base_uri) - end - end -end |