4 files changed, 26 insertions, 12 deletions

diff --git a/lib/pleroma/web/api_spec/operations/account_operation.ex b/lib/pleroma/web/api_spec/operations/account_operation.ex
index fcf030037..bf8d21059 100644
--- a/lib/pleroma/web/api_spec/operations/account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/account_operation.ex
@@ -7,6 +7,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
   alias OpenApiSpex.Reference
   alias OpenApiSpex.Schema
   alias Pleroma.Web.ApiSpec.Schemas.Account
+  alias Pleroma.Web.ApiSpec.Schemas.ApiError
   alias Pleroma.Web.ApiSpec.Schemas.AccountCreateRequest
   alias Pleroma.Web.ApiSpec.Schemas.AccountCreateResponse
   alias Pleroma.Web.ApiSpec.Schemas.AccountFollowsRequest
@@ -38,7 +39,10 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
       operationId: "AccountController.create",
       requestBody: request_body("Parameters", AccountCreateRequest, required: true),
       responses: %{
-        200 => Operation.response("Account", "application/json", AccountCreateResponse)
+        200 => Operation.response("Account", "application/json", AccountCreateResponse),
+        400 => Operation.response("Error", "application/json", ApiError),
+        403 => Operation.response("Error", "application/json", ApiError),
+        429 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
@@ -65,7 +69,8 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
       security: [%{"oAuth" => ["write:accounts"]}],
       requestBody: request_body("Parameters", AccountUpdateCredentialsRequest, required: true),
       responses: %{
-        200 => Operation.response("Account", "application/json", Account)
+        200 => Operation.response("Account", "application/json", Account),
+        403 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
@@ -102,7 +107,8 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
       description: "View information about a profile.",
       parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
       responses: %{
-        200 => Operation.response("Account", "application/json", Account)
+        200 => Operation.response("Account", "application/json", Account),
+        404 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
@@ -140,7 +146,8 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
           )
         ] ++ pagination_params(),
       responses: %{
-        200 => Operation.response("Statuses", "application/json", StatusesResponse)
+        200 => Operation.response("Statuses", "application/json", StatusesResponse),
+        404 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
@@ -204,7 +211,9 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
         )
       ],
       responses: %{
-        200 => Operation.response("Relationship", "application/json", AccountRelationship)
+        200 => Operation.response("Relationship", "application/json", AccountRelationship),
+        400 => Operation.response("Error", "application/json", ApiError),
+        404 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
@@ -218,7 +227,9 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
       description: "Unfollow the given account",
       parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
       responses: %{
-        200 => Operation.response("Relationship", "application/json", AccountRelationship)
+        200 => Operation.response("Relationship", "application/json", AccountRelationship),
+        400 => Operation.response("Error", "application/json", ApiError),
+        404 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
@@ -298,7 +309,9 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
       security: [%{"oAuth" => ["follow", "write:follows"]}],
       requestBody: request_body("Parameters", AccountFollowsRequest, required: true),
       responses: %{
-        200 => Operation.response("Account", "application/json", AccountRelationship)
+        200 => Operation.response("Account", "application/json", AccountRelationship),
+        400 => Operation.response("Error", "application/json", ApiError),
+        404 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end
diff --git a/lib/pleroma/web/api_spec/schemas/account.ex b/lib/pleroma/web/api_spec/schemas/account.ex
index f57015254..d128feb30 100644
--- a/lib/pleroma/web/api_spec/schemas/account.ex
+++ b/lib/pleroma/web/api_spec/schemas/account.ex
@@ -41,7 +41,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
         type: :object,
         properties: %{
           allow_following_move: %Schema{type: :boolean},
-          background_image: %Schema{type: :boolean, nullable: true},
+          background_image: %Schema{type: :string, nullable: true},
           chat_token: %Schema{type: :string},
           confirmation_pending: %Schema{type: :boolean},
           hide_favorites: %Schema{type: :boolean},
diff --git a/lib/pleroma/web/controller_helper.ex b/lib/pleroma/web/controller_helper.ex
index 4780081b2..eb97ae975 100644
--- a/lib/pleroma/web/controller_helper.ex
+++ b/lib/pleroma/web/controller_helper.ex
@@ -82,8 +82,9 @@ defmodule Pleroma.Web.ControllerHelper do
     end
   end
 
-  def assign_account_by_id(%{params: %{"id" => id}} = conn, _) do
-    case Pleroma.User.get_cached_by_id(id) do
+  def assign_account_by_id(conn, _) do
+    # TODO: use `conn.params[:id]` only after moving to OpenAPI
+    case Pleroma.User.get_cached_by_id(conn.params[:id] || conn.params["id"]) do
       %Pleroma.User{} = account -> assign(conn, :account, account)
       nil -> Pleroma.Web.MastodonAPI.FallbackController.call(conn, {:error, :not_found}) |> halt()
     end
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index 93df79645..b1513001b 100644
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -26,6 +26,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
   alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.TwitterAPI.TwitterAPI
 
+  plug(OpenApiSpex.Plug.CastAndValidate, render_error: Pleroma.Web.ApiSpec.RenderError)
+
   plug(:skip_plug, OAuthScopesPlug when action == :identity_proofs)
 
   plug(
@@ -83,8 +85,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
   plug(RateLimiter, [name: :app_account_creation] when action == :create)
   plug(:assign_account_by_id when action in @needs_account)
 
-  plug(OpenApiSpex.Plug.CastAndValidate, render_error: Pleroma.Web.ApiSpec.RenderError)
-
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AccountOperation