aboutsummaryrefslogtreecommitdiff
path: root/test/web/twitter_api
diff options
context:
space:
mode:
authorrinpatch <rinpatch@sdf.org>2020-11-12 12:34:48 +0000
committerrinpatch <rinpatch@sdf.org>2020-11-12 12:34:48 +0000
commit1172844ed18d94d84724dc6f11c6e9f72e0ba6ec (patch)
tree7d48a259e08856ab6db0eba255f20c0c19410463 /test/web/twitter_api
parenta0f5e8b27edbe2224d9c2c3997ad5b8ea484244b (diff)
parentb4c6b262d6dc12362f0014a864e8aed6c727c39c (diff)
downloadpleroma-2.2.0.tar.gz
Merge branch 'release/2.2.0' into 'stable'v2.2.0
Release/2.2.0 See merge request pleroma/secteam/pleroma!19
Diffstat (limited to 'test/web/twitter_api')
-rw-r--r--test/web/twitter_api/password_controller_test.exs81
-rw-r--r--test/web/twitter_api/remote_follow_controller_test.exs350
-rw-r--r--test/web/twitter_api/twitter_api_controller_test.exs138
-rw-r--r--test/web/twitter_api/twitter_api_test.exs432
-rw-r--r--test/web/twitter_api/util_controller_test.exs601
5 files changed, 0 insertions, 1602 deletions
diff --git a/test/web/twitter_api/password_controller_test.exs b/test/web/twitter_api/password_controller_test.exs
deleted file mode 100644
index 231a46c67..000000000
--- a/test/web/twitter_api/password_controller_test.exs
+++ /dev/null
@@ -1,81 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
- use Pleroma.Web.ConnCase
-
- alias Pleroma.PasswordResetToken
- alias Pleroma.User
- alias Pleroma.Web.OAuth.Token
- import Pleroma.Factory
-
- describe "GET /api/pleroma/password_reset/token" do
- test "it returns error when token invalid", %{conn: conn} do
- response =
- conn
- |> get("/api/pleroma/password_reset/token")
- |> html_response(:ok)
-
- assert response =~ "<h2>Invalid Token</h2>"
- end
-
- test "it shows password reset form", %{conn: conn} do
- user = insert(:user)
- {:ok, token} = PasswordResetToken.create_token(user)
-
- response =
- conn
- |> get("/api/pleroma/password_reset/#{token.token}")
- |> html_response(:ok)
-
- assert response =~ "<h2>Password Reset for #{user.nickname}</h2>"
- end
- end
-
- describe "POST /api/pleroma/password_reset" do
- test "it returns HTTP 200", %{conn: conn} do
- user = insert(:user)
- {:ok, token} = PasswordResetToken.create_token(user)
- {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{})
-
- params = %{
- "password" => "test",
- password_confirmation: "test",
- token: token.token
- }
-
- response =
- conn
- |> assign(:user, user)
- |> post("/api/pleroma/password_reset", %{data: params})
- |> html_response(:ok)
-
- assert response =~ "<h2>Password changed!</h2>"
-
- user = refresh_record(user)
- assert Pbkdf2.verify_pass("test", user.password_hash)
- assert Enum.empty?(Token.get_user_tokens(user))
- end
-
- test "it sets password_reset_pending to false", %{conn: conn} do
- user = insert(:user, password_reset_pending: true)
-
- {:ok, token} = PasswordResetToken.create_token(user)
- {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{})
-
- params = %{
- "password" => "test",
- password_confirmation: "test",
- token: token.token
- }
-
- conn
- |> assign(:user, user)
- |> post("/api/pleroma/password_reset", %{data: params})
- |> html_response(:ok)
-
- assert User.get_by_id(user.id).password_reset_pending == false
- end
- end
-end
diff --git a/test/web/twitter_api/remote_follow_controller_test.exs b/test/web/twitter_api/remote_follow_controller_test.exs
deleted file mode 100644
index f7e54c26a..000000000
--- a/test/web/twitter_api/remote_follow_controller_test.exs
+++ /dev/null
@@ -1,350 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
- use Pleroma.Web.ConnCase
-
- alias Pleroma.Config
- alias Pleroma.MFA
- alias Pleroma.MFA.TOTP
- alias Pleroma.User
- alias Pleroma.Web.CommonAPI
-
- import ExUnit.CaptureLog
- import Pleroma.Factory
- import Ecto.Query
-
- setup do
- Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
- :ok
- end
-
- setup_all do: clear_config([:instance, :federating], true)
- setup do: clear_config([:instance])
- setup do: clear_config([:frontend_configurations, :pleroma_fe])
- setup do: clear_config([:user, :deny_follow_blocked])
-
- describe "GET /ostatus_subscribe - remote_follow/2" do
- test "adds status to pleroma instance if the `acct` is a status", %{conn: conn} do
- assert conn
- |> get(
- remote_follow_path(conn, :follow, %{
- acct: "https://mastodon.social/users/emelie/statuses/101849165031453009"
- })
- )
- |> redirected_to() =~ "/notice/"
- end
-
- test "show follow account page if the `acct` is a account link", %{conn: conn} do
- response =
- conn
- |> get(remote_follow_path(conn, :follow, %{acct: "https://mastodon.social/users/emelie"}))
- |> html_response(200)
-
- assert response =~ "Log in to follow"
- end
-
- test "show follow page if the `acct` is a account link", %{conn: conn} do
- user = insert(:user)
-
- response =
- conn
- |> assign(:user, user)
- |> get(remote_follow_path(conn, :follow, %{acct: "https://mastodon.social/users/emelie"}))
- |> html_response(200)
-
- assert response =~ "Remote follow"
- end
-
- test "show follow page with error when user cannot fecth by `acct` link", %{conn: conn} do
- user = insert(:user)
-
- assert capture_log(fn ->
- response =
- conn
- |> assign(:user, user)
- |> get(
- remote_follow_path(conn, :follow, %{
- acct: "https://mastodon.social/users/not_found"
- })
- )
- |> html_response(200)
-
- assert response =~ "Error fetching user"
- end) =~ "Object has been deleted"
- end
- end
-
- describe "POST /ostatus_subscribe - do_follow/2 with assigned user " do
- test "required `follow | write:follows` scope", %{conn: conn} do
- user = insert(:user)
- user2 = insert(:user)
- read_token = insert(:oauth_token, user: user, scopes: ["read"])
-
- assert capture_log(fn ->
- response =
- conn
- |> assign(:user, user)
- |> assign(:token, read_token)
- |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
- |> response(200)
-
- assert response =~ "Error following account"
- end) =~ "Insufficient permissions: follow | write:follows."
- end
-
- test "follows user", %{conn: conn} do
- user = insert(:user)
- user2 = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"]))
- |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
-
- assert redirected_to(conn) == "/users/#{user2.id}"
- end
-
- test "returns error when user is deactivated", %{conn: conn} do
- user = insert(:user, deactivated: true)
- user2 = insert(:user)
-
- response =
- conn
- |> assign(:user, user)
- |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
- |> response(200)
-
- assert response =~ "Error following account"
- end
-
- test "returns error when user is blocked", %{conn: conn} do
- Pleroma.Config.put([:user, :deny_follow_blocked], true)
- user = insert(:user)
- user2 = insert(:user)
-
- {:ok, _user_block} = Pleroma.User.block(user2, user)
-
- response =
- conn
- |> assign(:user, user)
- |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
- |> response(200)
-
- assert response =~ "Error following account"
- end
-
- test "returns error when followee not found", %{conn: conn} do
- user = insert(:user)
-
- response =
- conn
- |> assign(:user, user)
- |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => "jimm"}})
- |> response(200)
-
- assert response =~ "Error following account"
- end
-
- test "returns success result when user already in followers", %{conn: conn} do
- user = insert(:user)
- user2 = insert(:user)
- {:ok, _, _, _} = CommonAPI.follow(user, user2)
-
- conn =
- conn
- |> assign(:user, refresh_record(user))
- |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"]))
- |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
-
- assert redirected_to(conn) == "/users/#{user2.id}"
- end
- end
-
- describe "POST /ostatus_subscribe - follow/2 with enabled Two-Factor Auth " do
- test "render the MFA login form", %{conn: conn} do
- otp_secret = TOTP.generate_secret()
-
- user =
- insert(:user,
- multi_factor_authentication_settings: %MFA.Settings{
- enabled: true,
- totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
- }
- )
-
- user2 = insert(:user)
-
- response =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
- })
- |> response(200)
-
- mfa_token = Pleroma.Repo.one(from(q in Pleroma.MFA.Token, where: q.user_id == ^user.id))
-
- assert response =~ "Two-factor authentication"
- assert response =~ "Authentication code"
- assert response =~ mfa_token.token
- refute user2.follower_address in User.following(user)
- end
-
- test "returns error when password is incorrect", %{conn: conn} do
- otp_secret = TOTP.generate_secret()
-
- user =
- insert(:user,
- multi_factor_authentication_settings: %MFA.Settings{
- enabled: true,
- totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
- }
- )
-
- user2 = insert(:user)
-
- response =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => user.nickname, "password" => "test1", "id" => user2.id}
- })
- |> response(200)
-
- assert response =~ "Wrong username or password"
- refute user2.follower_address in User.following(user)
- end
-
- test "follows", %{conn: conn} do
- otp_secret = TOTP.generate_secret()
-
- user =
- insert(:user,
- multi_factor_authentication_settings: %MFA.Settings{
- enabled: true,
- totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
- }
- )
-
- {:ok, %{token: token}} = MFA.Token.create_token(user)
-
- user2 = insert(:user)
- otp_token = TOTP.generate_token(otp_secret)
-
- conn =
- conn
- |> post(
- remote_follow_path(conn, :do_follow),
- %{
- "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id}
- }
- )
-
- assert redirected_to(conn) == "/users/#{user2.id}"
- assert user2.follower_address in User.following(user)
- end
-
- test "returns error when auth code is incorrect", %{conn: conn} do
- otp_secret = TOTP.generate_secret()
-
- user =
- insert(:user,
- multi_factor_authentication_settings: %MFA.Settings{
- enabled: true,
- totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
- }
- )
-
- {:ok, %{token: token}} = MFA.Token.create_token(user)
-
- user2 = insert(:user)
- otp_token = TOTP.generate_token(TOTP.generate_secret())
-
- response =
- conn
- |> post(
- remote_follow_path(conn, :do_follow),
- %{
- "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id}
- }
- )
- |> response(200)
-
- assert response =~ "Wrong authentication code"
- refute user2.follower_address in User.following(user)
- end
- end
-
- describe "POST /ostatus_subscribe - follow/2 without assigned user " do
- test "follows", %{conn: conn} do
- user = insert(:user)
- user2 = insert(:user)
-
- conn =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
- })
-
- assert redirected_to(conn) == "/users/#{user2.id}"
- assert user2.follower_address in User.following(user)
- end
-
- test "returns error when followee not found", %{conn: conn} do
- user = insert(:user)
-
- response =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => user.nickname, "password" => "test", "id" => "jimm"}
- })
- |> response(200)
-
- assert response =~ "Error following account"
- end
-
- test "returns error when login invalid", %{conn: conn} do
- user = insert(:user)
-
- response =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => "jimm", "password" => "test", "id" => user.id}
- })
- |> response(200)
-
- assert response =~ "Wrong username or password"
- end
-
- test "returns error when password invalid", %{conn: conn} do
- user = insert(:user)
- user2 = insert(:user)
-
- response =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => user.nickname, "password" => "42", "id" => user2.id}
- })
- |> response(200)
-
- assert response =~ "Wrong username or password"
- end
-
- test "returns error when user is blocked", %{conn: conn} do
- Pleroma.Config.put([:user, :deny_follow_blocked], true)
- user = insert(:user)
- user2 = insert(:user)
- {:ok, _user_block} = Pleroma.User.block(user2, user)
-
- response =
- conn
- |> post(remote_follow_path(conn, :do_follow), %{
- "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
- })
- |> response(200)
-
- assert response =~ "Error following account"
- end
- end
-end
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
deleted file mode 100644
index 464d0ea2e..000000000
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ /dev/null
@@ -1,138 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.TwitterAPI.ControllerTest do
- use Pleroma.Web.ConnCase
-
- alias Pleroma.Builders.ActivityBuilder
- alias Pleroma.Repo
- alias Pleroma.User
- alias Pleroma.Web.OAuth.Token
-
- import Pleroma.Factory
-
- describe "POST /api/qvitter/statuses/notifications/read" do
- test "without valid credentials", %{conn: conn} do
- conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
- end
-
- test "with credentials, without any params" do
- %{conn: conn} = oauth_access(["write:notifications"])
-
- conn = post(conn, "/api/qvitter/statuses/notifications/read")
-
- assert json_response(conn, 400) == %{
- "error" => "You need to specify latest_id",
- "request" => "/api/qvitter/statuses/notifications/read"
- }
- end
-
- test "with credentials, with params" do
- %{user: current_user, conn: conn} =
- oauth_access(["read:notifications", "write:notifications"])
-
- other_user = insert(:user)
-
- {:ok, _activity} =
- ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
-
- response_conn =
- conn
- |> assign(:user, current_user)
- |> get("/api/v1/notifications")
-
- [notification] = response = json_response(response_conn, 200)
-
- assert length(response) == 1
-
- assert notification["pleroma"]["is_seen"] == false
-
- response_conn =
- conn
- |> assign(:user, current_user)
- |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
-
- [notification] = response = json_response(response_conn, 200)
-
- assert length(response) == 1
-
- assert notification["pleroma"]["is_seen"] == true
- end
- end
-
- describe "GET /api/account/confirm_email/:id/:token" do
- setup do
- {:ok, user} =
- insert(:user)
- |> User.confirmation_changeset(need_confirmation: true)
- |> Repo.update()
-
- assert user.confirmation_pending
-
- [user: user]
- end
-
- test "it redirects to root url", %{conn: conn, user: user} do
- conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.confirmation_token}")
-
- assert 302 == conn.status
- end
-
- test "it confirms the user account", %{conn: conn, user: user} do
- get(conn, "/api/account/confirm_email/#{user.id}/#{user.confirmation_token}")
-
- user = User.get_cached_by_id(user.id)
-
- refute user.confirmation_pending
- refute user.confirmation_token
- end
-
- test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
- conn = get(conn, "/api/account/confirm_email/0/#{user.confirmation_token}")
-
- assert 500 == conn.status
- end
-
- test "it returns 500 if token is invalid", %{conn: conn, user: user} do
- conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
-
- assert 500 == conn.status
- end
- end
-
- describe "GET /api/oauth_tokens" do
- setup do
- token = insert(:oauth_token) |> Repo.preload(:user)
-
- %{token: token}
- end
-
- test "renders list", %{token: token} do
- response =
- build_conn()
- |> assign(:user, token.user)
- |> get("/api/oauth_tokens")
-
- keys =
- json_response(response, 200)
- |> hd()
- |> Map.keys()
-
- assert keys -- ["id", "app_name", "valid_until"] == []
- end
-
- test "revoke token", %{token: token} do
- response =
- build_conn()
- |> assign(:user, token.user)
- |> delete("/api/oauth_tokens/#{token.id}")
-
- tokens = Token.get_user_tokens(token.user)
-
- assert tokens == []
- assert response.status == 201
- end
- end
-end
diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs
deleted file mode 100644
index 20a45cb6f..000000000
--- a/test/web/twitter_api/twitter_api_test.exs
+++ /dev/null
@@ -1,432 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
- use Pleroma.DataCase
- import Pleroma.Factory
- alias Pleroma.Repo
- alias Pleroma.Tests.ObanHelpers
- alias Pleroma.User
- alias Pleroma.UserInviteToken
- alias Pleroma.Web.TwitterAPI.TwitterAPI
-
- setup_all do
- Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
- :ok
- end
-
- test "it registers a new user and returns the user." do
- data = %{
- :username => "lain",
- :email => "lain@wired.jp",
- :fullname => "lain iwakura",
- :password => "bear",
- :confirm => "bear"
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
-
- assert user == User.get_cached_by_nickname("lain")
- end
-
- test "it registers a new user with empty string in bio and returns the user" do
- data = %{
- :username => "lain",
- :email => "lain@wired.jp",
- :fullname => "lain iwakura",
- :bio => "",
- :password => "bear",
- :confirm => "bear"
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
-
- assert user == User.get_cached_by_nickname("lain")
- end
-
- test "it sends confirmation email if :account_activation_required is specified in instance config" do
- setting = Pleroma.Config.get([:instance, :account_activation_required])
-
- unless setting do
- Pleroma.Config.put([:instance, :account_activation_required], true)
- on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
- end
-
- data = %{
- :username => "lain",
- :email => "lain@wired.jp",
- :fullname => "lain iwakura",
- :bio => "",
- :password => "bear",
- :confirm => "bear"
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
- ObanHelpers.perform_all()
-
- assert user.confirmation_pending
-
- email = Pleroma.Emails.UserEmail.account_confirmation_email(user)
-
- notify_email = Pleroma.Config.get([:instance, :notify_email])
- instance_name = Pleroma.Config.get([:instance, :name])
-
- Swoosh.TestAssertions.assert_email_sent(
- from: {instance_name, notify_email},
- to: {user.name, user.email},
- html_body: email.html_body
- )
- end
-
- test "it sends an admin email if :account_approval_required is specified in instance config" do
- admin = insert(:user, is_admin: true)
- setting = Pleroma.Config.get([:instance, :account_approval_required])
-
- unless setting do
- Pleroma.Config.put([:instance, :account_approval_required], true)
- on_exit(fn -> Pleroma.Config.put([:instance, :account_approval_required], setting) end)
- end
-
- data = %{
- :username => "lain",
- :email => "lain@wired.jp",
- :fullname => "lain iwakura",
- :bio => "",
- :password => "bear",
- :confirm => "bear",
- :reason => "I love anime"
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
- ObanHelpers.perform_all()
-
- assert user.approval_pending
-
- email = Pleroma.Emails.AdminEmail.new_unapproved_registration(admin, user)
-
- notify_email = Pleroma.Config.get([:instance, :notify_email])
- instance_name = Pleroma.Config.get([:instance, :name])
-
- Swoosh.TestAssertions.assert_email_sent(
- from: {instance_name, notify_email},
- to: {admin.name, admin.email},
- html_body: email.html_body
- )
- end
-
- test "it registers a new user and parses mentions in the bio" do
- data1 = %{
- :username => "john",
- :email => "john@gmail.com",
- :fullname => "John Doe",
- :bio => "test",
- :password => "bear",
- :confirm => "bear"
- }
-
- {:ok, user1} = TwitterAPI.register_user(data1)
-
- data2 = %{
- :username => "lain",
- :email => "lain@wired.jp",
- :fullname => "lain iwakura",
- :bio => "@john test",
- :password => "bear",
- :confirm => "bear"
- }
-
- {:ok, user2} = TwitterAPI.register_user(data2)
-
- expected_text =
- ~s(<span class="h-card"><a class="u-url mention" data-user="#{user1.id}" href="#{
- user1.ap_id
- }" rel="ugc">@<span>john</span></a></span> test)
-
- assert user2.bio == expected_text
- end
-
- describe "register with one time token" do
- setup do: clear_config([:instance, :registrations_open], false)
-
- test "returns user on success" do
- {:ok, invite} = UserInviteToken.create_invite()
-
- data = %{
- :username => "vinny",
- :email => "pasta@pizza.vs",
- :fullname => "Vinny Vinesauce",
- :bio => "streamer",
- :password => "hiptofbees",
- :confirm => "hiptofbees",
- :token => invite.token
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
-
- assert user == User.get_cached_by_nickname("vinny")
-
- invite = Repo.get_by(UserInviteToken, token: invite.token)
- assert invite.used == true
- end
-
- test "returns error on invalid token" do
- data = %{
- :username => "GrimReaper",
- :email => "death@reapers.afterlife",
- :fullname => "Reaper Grim",
- :bio => "Your time has come",
- :password => "scythe",
- :confirm => "scythe",
- :token => "DudeLetMeInImAFairy"
- }
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Invalid token"
- refute User.get_cached_by_nickname("GrimReaper")
- end
-
- test "returns error on expired token" do
- {:ok, invite} = UserInviteToken.create_invite()
- UserInviteToken.update_invite!(invite, used: true)
-
- data = %{
- :username => "GrimReaper",
- :email => "death@reapers.afterlife",
- :fullname => "Reaper Grim",
- :bio => "Your time has come",
- :password => "scythe",
- :confirm => "scythe",
- :token => invite.token
- }
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Expired token"
- refute User.get_cached_by_nickname("GrimReaper")
- end
- end
-
- describe "registers with date limited token" do
- setup do: clear_config([:instance, :registrations_open], false)
-
- setup do
- data = %{
- :username => "vinny",
- :email => "pasta@pizza.vs",
- :fullname => "Vinny Vinesauce",
- :bio => "streamer",
- :password => "hiptofbees",
- :confirm => "hiptofbees"
- }
-
- check_fn = fn invite ->
- data = Map.put(data, :token, invite.token)
- {:ok, user} = TwitterAPI.register_user(data)
-
- assert user == User.get_cached_by_nickname("vinny")
- end
-
- {:ok, data: data, check_fn: check_fn}
- end
-
- test "returns user on success", %{check_fn: check_fn} do
- {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today()})
-
- check_fn.(invite)
-
- invite = Repo.get_by(UserInviteToken, token: invite.token)
-
- refute invite.used
- end
-
- test "returns user on token which expired tomorrow", %{check_fn: check_fn} do
- {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), 1)})
-
- check_fn.(invite)
-
- invite = Repo.get_by(UserInviteToken, token: invite.token)
-
- refute invite.used
- end
-
- test "returns an error on overdue date", %{data: data} do
- {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1)})
-
- data = Map.put(data, "token", invite.token)
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Expired token"
- refute User.get_cached_by_nickname("vinny")
- invite = Repo.get_by(UserInviteToken, token: invite.token)
-
- refute invite.used
- end
- end
-
- describe "registers with reusable token" do
- setup do: clear_config([:instance, :registrations_open], false)
-
- test "returns user on success, after him registration fails" do
- {:ok, invite} = UserInviteToken.create_invite(%{max_use: 100})
-
- UserInviteToken.update_invite!(invite, uses: 99)
-
- data = %{
- :username => "vinny",
- :email => "pasta@pizza.vs",
- :fullname => "Vinny Vinesauce",
- :bio => "streamer",
- :password => "hiptofbees",
- :confirm => "hiptofbees",
- :token => invite.token
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
- assert user == User.get_cached_by_nickname("vinny")
-
- invite = Repo.get_by(UserInviteToken, token: invite.token)
- assert invite.used == true
-
- data = %{
- :username => "GrimReaper",
- :email => "death@reapers.afterlife",
- :fullname => "Reaper Grim",
- :bio => "Your time has come",
- :password => "scythe",
- :confirm => "scythe",
- :token => invite.token
- }
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Expired token"
- refute User.get_cached_by_nickname("GrimReaper")
- end
- end
-
- describe "registers with reusable date limited token" do
- setup do: clear_config([:instance, :registrations_open], false)
-
- test "returns user on success" do
- {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100})
-
- data = %{
- :username => "vinny",
- :email => "pasta@pizza.vs",
- :fullname => "Vinny Vinesauce",
- :bio => "streamer",
- :password => "hiptofbees",
- :confirm => "hiptofbees",
- :token => invite.token
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
- assert user == User.get_cached_by_nickname("vinny")
-
- invite = Repo.get_by(UserInviteToken, token: invite.token)
- refute invite.used
- end
-
- test "error after max uses" do
- {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100})
-
- UserInviteToken.update_invite!(invite, uses: 99)
-
- data = %{
- :username => "vinny",
- :email => "pasta@pizza.vs",
- :fullname => "Vinny Vinesauce",
- :bio => "streamer",
- :password => "hiptofbees",
- :confirm => "hiptofbees",
- :token => invite.token
- }
-
- {:ok, user} = TwitterAPI.register_user(data)
- assert user == User.get_cached_by_nickname("vinny")
-
- invite = Repo.get_by(UserInviteToken, token: invite.token)
- assert invite.used == true
-
- data = %{
- :username => "GrimReaper",
- :email => "death@reapers.afterlife",
- :fullname => "Reaper Grim",
- :bio => "Your time has come",
- :password => "scythe",
- :confirm => "scythe",
- :token => invite.token
- }
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Expired token"
- refute User.get_cached_by_nickname("GrimReaper")
- end
-
- test "returns error on overdue date" do
- {:ok, invite} =
- UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100})
-
- data = %{
- :username => "GrimReaper",
- :email => "death@reapers.afterlife",
- :fullname => "Reaper Grim",
- :bio => "Your time has come",
- :password => "scythe",
- :confirm => "scythe",
- :token => invite.token
- }
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Expired token"
- refute User.get_cached_by_nickname("GrimReaper")
- end
-
- test "returns error on with overdue date and after max" do
- {:ok, invite} =
- UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100})
-
- UserInviteToken.update_invite!(invite, uses: 100)
-
- data = %{
- :username => "GrimReaper",
- :email => "death@reapers.afterlife",
- :fullname => "Reaper Grim",
- :bio => "Your time has come",
- :password => "scythe",
- :confirm => "scythe",
- :token => invite.token
- }
-
- {:error, msg} = TwitterAPI.register_user(data)
-
- assert msg == "Expired token"
- refute User.get_cached_by_nickname("GrimReaper")
- end
- end
-
- test "it returns the error on registration problems" do
- data = %{
- :username => "lain",
- :email => "lain@wired.jp",
- :fullname => "lain iwakura",
- :bio => "close the world."
- }
-
- {:error, error} = TwitterAPI.register_user(data)
-
- assert is_binary(error)
- refute User.get_cached_by_nickname("lain")
- end
-
- setup do
- Supervisor.terminate_child(Pleroma.Supervisor, Cachex)
- Supervisor.restart_child(Pleroma.Supervisor, Cachex)
- :ok
- end
-end
diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs
deleted file mode 100644
index 354d77b56..000000000
--- a/test/web/twitter_api/util_controller_test.exs
+++ /dev/null
@@ -1,601 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
- use Pleroma.Web.ConnCase
- use Oban.Testing, repo: Pleroma.Repo
-
- alias Pleroma.Config
- alias Pleroma.Tests.ObanHelpers
- alias Pleroma.User
-
- import Pleroma.Factory
- import Mock
-
- setup do
- Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
- :ok
- end
-
- setup do: clear_config([:instance])
- setup do: clear_config([:frontend_configurations, :pleroma_fe])
-
- describe "POST /api/pleroma/follow_import" do
- setup do: oauth_access(["follow"])
-
- test "it returns HTTP 200", %{conn: conn} do
- user2 = insert(:user)
-
- response =
- conn
- |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"})
- |> json_response(:ok)
-
- assert response == "job started"
- end
-
- test "it imports follow lists from file", %{user: user1, conn: conn} do
- user2 = insert(:user)
-
- with_mocks([
- {File, [],
- read!: fn "follow_list.txt" ->
- "Account address,Show boosts\n#{user2.ap_id},true"
- end}
- ]) do
- response =
- conn
- |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}})
- |> json_response(:ok)
-
- assert response == "job started"
-
- assert ObanHelpers.member?(
- %{
- "op" => "follow_import",
- "follower_id" => user1.id,
- "followed_identifiers" => [user2.ap_id]
- },
- all_enqueued(worker: Pleroma.Workers.BackgroundWorker)
- )
- end
- end
-
- test "it imports new-style mastodon follow lists", %{conn: conn} do
- user2 = insert(:user)
-
- response =
- conn
- |> post("/api/pleroma/follow_import", %{
- "list" => "Account address,Show boosts\n#{user2.ap_id},true"
- })
- |> json_response(:ok)
-
- assert response == "job started"
- end
-
- test "requires 'follow' or 'write:follows' permissions" do
- token1 = insert(:oauth_token, scopes: ["read", "write"])
- token2 = insert(:oauth_token, scopes: ["follow"])
- token3 = insert(:oauth_token, scopes: ["something"])
- another_user = insert(:user)
-
- for token <- [token1, token2, token3] do
- conn =
- build_conn()
- |> put_req_header("authorization", "Bearer #{token.token}")
- |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"})
-
- if token == token3 do
- assert %{"error" => "Insufficient permissions: follow | write:follows."} ==
- json_response(conn, 403)
- else
- assert json_response(conn, 200)
- end
- end
- end
-
- test "it imports follows with different nickname variations", %{conn: conn} do
- [user2, user3, user4, user5, user6] = insert_list(5, :user)
-
- identifiers =
- [
- user2.ap_id,
- user3.nickname,
- " ",
- "@" <> user4.nickname,
- user5.nickname <> "@localhost",
- "@" <> user6.nickname <> "@localhost"
- ]
- |> Enum.join("\n")
-
- response =
- conn
- |> post("/api/pleroma/follow_import", %{"list" => identifiers})
- |> json_response(:ok)
-
- assert response == "job started"
- assert [{:ok, job_result}] = ObanHelpers.perform_all()
- assert job_result == [user2, user3, user4, user5, user6]
- end
- end
-
- describe "POST /api/pleroma/blocks_import" do
- # Note: "follow" or "write:blocks" permission is required
- setup do: oauth_access(["write:blocks"])
-
- test "it returns HTTP 200", %{conn: conn} do
- user2 = insert(:user)
-
- response =
- conn
- |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"})
- |> json_response(:ok)
-
- assert response == "job started"
- end
-
- test "it imports blocks users from file", %{user: user1, conn: conn} do
- user2 = insert(:user)
- user3 = insert(:user)
-
- with_mocks([
- {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end}
- ]) do
- response =
- conn
- |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}})
- |> json_response(:ok)
-
- assert response == "job started"
-
- assert ObanHelpers.member?(
- %{
- "op" => "blocks_import",
- "blocker_id" => user1.id,
- "blocked_identifiers" => [user2.ap_id, user3.ap_id]
- },
- all_enqueued(worker: Pleroma.Workers.BackgroundWorker)
- )
- end
- end
-
- test "it imports blocks with different nickname variations", %{conn: conn} do
- [user2, user3, user4, user5, user6] = insert_list(5, :user)
-
- identifiers =
- [
- user2.ap_id,
- user3.nickname,
- "@" <> user4.nickname,
- user5.nickname <> "@localhost",
- "@" <> user6.nickname <> "@localhost"
- ]
- |> Enum.join(" ")
-
- response =
- conn
- |> post("/api/pleroma/blocks_import", %{"list" => identifiers})
- |> json_response(:ok)
-
- assert response == "job started"
- assert [{:ok, job_result}] = ObanHelpers.perform_all()
- assert job_result == [user2, user3, user4, user5, user6]
- end
- end
-
- describe "PUT /api/pleroma/notification_settings" do
- setup do: oauth_access(["write:accounts"])
-
- test "it updates notification settings", %{user: user, conn: conn} do
- conn
- |> put("/api/pleroma/notification_settings", %{
- "block_from_strangers" => true,
- "bar" => 1
- })
- |> json_response(:ok)
-
- user = refresh_record(user)
-
- assert %Pleroma.User.NotificationSetting{
- block_from_strangers: true,
- hide_notification_contents: false
- } == user.notification_settings
- end
-
- test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
- conn
- |> put("/api/pleroma/notification_settings", %{"hide_notification_contents" => "1"})
- |> json_response(:ok)
-
- user = refresh_record(user)
-
- assert %Pleroma.User.NotificationSetting{
- block_from_strangers: false,
- hide_notification_contents: true
- } == user.notification_settings
- end
- end
-
- describe "GET /api/pleroma/frontend_configurations" do
- test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
- config = [
- frontend_a: %{
- x: 1,
- y: 2
- },
- frontend_b: %{
- z: 3
- }
- ]
-
- Config.put(:frontend_configurations, config)
-
- response =
- conn
- |> get("/api/pleroma/frontend_configurations")
- |> json_response(:ok)
-
- assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
- end
- end
-
- describe "/api/pleroma/emoji" do
- test "returns json with custom emoji with tags", %{conn: conn} do
- emoji =
- conn
- |> get("/api/pleroma/emoji")
- |> json_response(200)
-
- assert Enum.all?(emoji, fn
- {_key,
- %{
- "image_url" => url,
- "tags" => tags
- }} ->
- is_binary(url) and is_list(tags)
- end)
- end
- end
-
- describe "GET /api/pleroma/healthcheck" do
- setup do: clear_config([:instance, :healthcheck])
-
- test "returns 503 when healthcheck disabled", %{conn: conn} do
- Config.put([:instance, :healthcheck], false)
-
- response =
- conn
- |> get("/api/pleroma/healthcheck")
- |> json_response(503)
-
- assert response == %{}
- end
-
- test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
- Config.put([:instance, :healthcheck], true)
-
- with_mock Pleroma.Healthcheck,
- system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
- response =
- conn
- |> get("/api/pleroma/healthcheck")
- |> json_response(200)
-
- assert %{
- "active" => _,
- "healthy" => true,
- "idle" => _,
- "memory_used" => _,
- "pool_size" => _
- } = response
- end
- end
-
- test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
- Config.put([:instance, :healthcheck], true)
-
- with_mock Pleroma.Healthcheck,
- system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
- response =
- conn
- |> get("/api/pleroma/healthcheck")
- |> json_response(503)
-
- assert %{
- "active" => _,
- "healthy" => false,
- "idle" => _,
- "memory_used" => _,
- "pool_size" => _
- } = response
- end
- end
- end
-
- describe "POST /api/pleroma/disable_account" do
- setup do: oauth_access(["write:accounts"])
-
- test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
- response =
- conn
- |> post("/api/pleroma/disable_account", %{"password" => "test"})
- |> json_response(:ok)
-
- assert response == %{"status" => "success"}
- ObanHelpers.perform_all()
-
- user = User.get_cached_by_id(user.id)
-
- assert user.deactivated == true
- end
-
- test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
- user = insert(:user)
-
- response =
- conn
- |> post("/api/pleroma/disable_account", %{"password" => "test1"})
- |> json_response(:ok)
-
- assert response == %{"error" => "Invalid password."}
- user = User.get_cached_by_id(user.id)
-
- refute user.deactivated
- end
- end
-
- describe "POST /main/ostatus - remote_subscribe/2" do
- setup do: clear_config([:instance, :federating], true)
-
- test "renders subscribe form", %{conn: conn} do
- user = insert(:user)
-
- response =
- conn
- |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
- |> response(:ok)
-
- refute response =~ "Could not find user"
- assert response =~ "Remotely follow #{user.nickname}"
- end
-
- test "renders subscribe form with error when user not found", %{conn: conn} do
- response =
- conn
- |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
- |> response(:ok)
-
- assert response =~ "Could not find user"
- refute response =~ "Remotely follow"
- end
-
- test "it redirect to webfinger url", %{conn: conn} do
- user = insert(:user)
- user2 = insert(:user, ap_id: "shp@social.heldscal.la")
-
- conn =
- conn
- |> post("/main/ostatus", %{
- "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
- })
-
- assert redirected_to(conn) ==
- "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
- end
-
- test "it renders form with error when user not found", %{conn: conn} do
- user2 = insert(:user, ap_id: "shp@social.heldscal.la")
-
- response =
- conn
- |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
- |> response(:ok)
-
- assert response =~ "Something went wrong."
- end
- end
-
- test "it returns new captcha", %{conn: conn} do
- with_mock Pleroma.Captcha,
- new: fn -> "test_captcha" end do
- resp =
- conn
- |> get("/api/pleroma/captcha")
- |> response(200)
-
- assert resp == "\"test_captcha\""
- assert called(Pleroma.Captcha.new())
- end
- end
-
- describe "POST /api/pleroma/change_email" do
- setup do: oauth_access(["write:accounts"])
-
- test "without permissions", %{conn: conn} do
- conn =
- conn
- |> assign(:token, nil)
- |> post("/api/pleroma/change_email")
-
- assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
- end
-
- test "with proper permissions and invalid password", %{conn: conn} do
- conn =
- post(conn, "/api/pleroma/change_email", %{
- "password" => "hi",
- "email" => "test@test.com"
- })
-
- assert json_response(conn, 200) == %{"error" => "Invalid password."}
- end
-
- test "with proper permissions, valid password and invalid email", %{
- conn: conn
- } do
- conn =
- post(conn, "/api/pleroma/change_email", %{
- "password" => "test",
- "email" => "foobar"
- })
-
- assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
- end
-
- test "with proper permissions, valid password and no email", %{
- conn: conn
- } do
- conn =
- post(conn, "/api/pleroma/change_email", %{
- "password" => "test"
- })
-
- assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
- end
-
- test "with proper permissions, valid password and blank email", %{
- conn: conn
- } do
- conn =
- post(conn, "/api/pleroma/change_email", %{
- "password" => "test",
- "email" => ""
- })
-
- assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
- end
-
- test "with proper permissions, valid password and non unique email", %{
- conn: conn
- } do
- user = insert(:user)
-
- conn =
- post(conn, "/api/pleroma/change_email", %{
- "password" => "test",
- "email" => user.email
- })
-
- assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
- end
-
- test "with proper permissions, valid password and valid email", %{
- conn: conn
- } do
- conn =
- post(conn, "/api/pleroma/change_email", %{
- "password" => "test",
- "email" => "cofe@foobar.com"
- })
-
- assert json_response(conn, 200) == %{"status" => "success"}
- end
- end
-
- describe "POST /api/pleroma/change_password" do
- setup do: oauth_access(["write:accounts"])
-
- test "without permissions", %{conn: conn} do
- conn =
- conn
- |> assign(:token, nil)
- |> post("/api/pleroma/change_password")
-
- assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
- end
-
- test "with proper permissions and invalid password", %{conn: conn} do
- conn =
- post(conn, "/api/pleroma/change_password", %{
- "password" => "hi",
- "new_password" => "newpass",
- "new_password_confirmation" => "newpass"
- })
-
- assert json_response(conn, 200) == %{"error" => "Invalid password."}
- end
-
- test "with proper permissions, valid password and new password and confirmation not matching",
- %{
- conn: conn
- } do
- conn =
- post(conn, "/api/pleroma/change_password", %{
- "password" => "test",
- "new_password" => "newpass",
- "new_password_confirmation" => "notnewpass"
- })
-
- assert json_response(conn, 200) == %{
- "error" => "New password does not match confirmation."
- }
- end
-
- test "with proper permissions, valid password and invalid new password", %{
- conn: conn
- } do
- conn =
- post(conn, "/api/pleroma/change_password", %{
- "password" => "test",
- "new_password" => "",
- "new_password_confirmation" => ""
- })
-
- assert json_response(conn, 200) == %{
- "error" => "New password can't be blank."
- }
- end
-
- test "with proper permissions, valid password and matching new password and confirmation", %{
- conn: conn,
- user: user
- } do
- conn =
- post(conn, "/api/pleroma/change_password", %{
- "password" => "test",
- "new_password" => "newpass",
- "new_password_confirmation" => "newpass"
- })
-
- assert json_response(conn, 200) == %{"status" => "success"}
- fetched_user = User.get_cached_by_id(user.id)
- assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
- end
- end
-
- describe "POST /api/pleroma/delete_account" do
- setup do: oauth_access(["write:accounts"])
-
- test "without permissions", %{conn: conn} do
- conn =
- conn
- |> assign(:token, nil)
- |> post("/api/pleroma/delete_account")
-
- assert json_response(conn, 403) ==
- %{"error" => "Insufficient permissions: write:accounts."}
- end
-
- test "with proper permissions and wrong or missing password", %{conn: conn} do
- for params <- [%{"password" => "hi"}, %{}] do
- ret_conn = post(conn, "/api/pleroma/delete_account", params)
-
- assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
- end
- end
-
- test "with proper permissions and valid password", %{conn: conn, user: user} do
- conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
- ObanHelpers.perform_all()
- assert json_response(conn, 200) == %{"status" => "success"}
-
- user = User.get_by_id(user.id)
- assert user.deactivated == true
- assert user.name == nil
- assert user.bio == nil
- assert user.password_hash == nil
- end
- end
-end
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-22 03:47:40 +0000