2 files changed, 56 insertions, 0 deletions

diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs
index 689bdd61e..d59864c43 100644
--- a/test/web/common_api/common_api_utils_test.exs
+++ b/test/web/common_api/common_api_utils_test.exs
@@ -1,5 +1,6 @@
 defmodule Pleroma.Web.CommonAPI.UtilsTest do
   alias Pleroma.Web.CommonAPI.Utils
+  alias Pleroma.Builders.{UserBuilder}
   use Pleroma.DataCase
 
   test "it adds attachment links to a given text and attachment set" do
@@ -15,4 +16,23 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
     assert res ==
              "<br><a href=\"#{name}\" class='attachment'>Sakura Mana – Turned on by a Se…</a>"
   end
+
+  describe "it confirms the password given is the current users password" do
+    test "with no credentials" do
+      assert Utils.confirm_current_password(nil, %{"password" => "test"}) ==
+               {:error, "Invalid credentials."}
+    end
+
+    test "with incorrect password given" do
+      {:ok, user} = UserBuilder.insert()
+
+      assert Utils.confirm_current_password(user, %{"password" => ""}) ==
+               {:error, "Invalid password."}
+    end
+
+    test "with correct password given" do
+      {:ok, user} = UserBuilder.insert()
+      assert Utils.confirm_current_password(user, %{"password" => "test"}) == {:ok, user}
+    end
+  end
 end
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 896fe246d..a9350d189 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -800,4 +800,40 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     user = Repo.get!(User, user.id)
     assert user.bio == "Hello,<br>World! I<br> am a test."
   end
+
+  describe "POST /api/account/delete_account" do
+    setup [:valid_user]
+
+    test "without credentials", %{conn: conn} do
+      conn = post(conn, "/api/account/delete_account")
+      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+    end
+
+    test "with credentials and invalid password", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/account/delete_account", %{
+          "password" => ""
+        })
+
+      assert json_response(conn, 403) == %{
+               "error" => "Invalid password.",
+               "request" => "/api/account/delete_account"
+             }
+    end
+
+    test "with credentials and valid password", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/account/delete_account", %{
+          "password" => "test"
+        })
+
+      assert json_response(conn, 200) == %{"status" => "success"}
+      fetched_user = Repo.get(User, current_user.id)
+      assert fetched_user.info == %{"deactivated" => true}
+    end
+  end
 end