twitter_api_controller_test.exs 48 KB
Newer Older
1
2
defmodule Pleroma.Web.TwitterAPI.ControllerTest do
  use Pleroma.Web.ConnCase
dtluna's avatar
dtluna committed
3
  alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
lain's avatar
lain committed
4
  alias Pleroma.Builders.{ActivityBuilder, UserBuilder}
5
  alias Pleroma.{Repo, Activity, User, Object, Notification}
lain's avatar
lain committed
6
  alias Pleroma.Web.ActivityPub.ActivityPub
dtluna's avatar
dtluna committed
7
  alias Pleroma.Web.TwitterAPI.UserView
8
  alias Pleroma.Web.TwitterAPI.NotificationView
lain's avatar
lain committed
9
  alias Pleroma.Web.CommonAPI
eal's avatar
eal committed
10
  alias Pleroma.Web.TwitterAPI.TwitterAPI
11
  alias Comeonin.Pbkdf2
12
  alias Ecto.Changeset
13

lain's avatar
lain committed
14
  import Pleroma.Factory
15

Maksim's avatar
Maksim committed
16
17
  @banner "data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"

18
19
20
21
  describe "POST /api/account/update_profile_banner" do
    test "it updates the banner", %{conn: conn} do
      user = insert(:user)

Maksim's avatar
Maksim committed
22
23
24
25
      conn
      |> assign(:user, user)
      |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => @banner})
      |> json_response(200)
lain's avatar
lain committed
26

Maksim's avatar
Maksim committed
27
      user = refresh_record(user)
lain's avatar
lain committed
28
      assert user.info.banner["type"] == "Image"
29
30
31
32
33
34
35
    end
  end

  describe "POST /api/qvitter/update_background_image" do
    test "it updates the background", %{conn: conn} do
      user = insert(:user)

Maksim's avatar
Maksim committed
36
37
38
39
      conn
      |> assign(:user, user)
      |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => @banner})
      |> json_response(200)
lain's avatar
lain committed
40

Maksim's avatar
Maksim committed
41
      user = refresh_record(user)
lain's avatar
lain committed
42
      assert user.info.background["type"] == "Image"
43
44
45
    end
  end

46
47
  describe "POST /api/account/verify_credentials" do
    setup [:valid_user]
lain's avatar
lain committed
48

49
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
50
      conn = post(conn, "/api/account/verify_credentials.json")
51
52
53
54
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: user} do
Maksim's avatar
Maksim committed
55
      response =
lain's avatar
lain committed
56
        conn
57
58
        |> with_credentials(user.nickname, "test")
        |> post("/api/account/verify_credentials.json")
Maksim's avatar
Maksim committed
59
        |> json_response(200)
60

lain's avatar
lain committed
61
      assert response == UserView.render("show.json", %{user: user, token: response["token"]})
62
63
64
    end
  end

lain's avatar
lain committed
65
66
  describe "POST /statuses/update.json" do
    setup [:valid_user]
lain's avatar
lain committed
67

lain's avatar
lain committed
68
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
69
      conn = post(conn, "/api/statuses/update.json")
lain's avatar
lain committed
70
71
72
73
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: user} do
dtluna's avatar
dtluna committed
74
75
76
      conn_with_creds = conn |> with_credentials(user.nickname, "test")
      request_path = "/api/statuses/update.json"

lain's avatar
lain committed
77
78
79
80
81
      error_response = %{
        "request" => request_path,
        "error" => "Client must provide a 'status' parameter with a value."
      }

Maksim's avatar
Maksim committed
82
83
84
85
      conn =
        conn_with_creds
        |> post(request_path)

dtluna's avatar
dtluna committed
86
87
      assert json_response(conn, 400) == error_response

Maksim's avatar
Maksim committed
88
89
90
91
      conn =
        conn_with_creds
        |> post(request_path, %{status: ""})

dtluna's avatar
dtluna committed
92
      assert json_response(conn, 400) == error_response
lain's avatar
lain committed
93

Maksim's avatar
Maksim committed
94
95
96
97
      conn =
        conn_with_creds
        |> post(request_path, %{status: " "})

dtluna's avatar
dtluna committed
98
99
      assert json_response(conn, 400) == error_response

100
      # we post with visibility private in order to avoid triggering relay
Maksim's avatar
Maksim committed
101
102
103
      conn =
        conn_with_creds
        |> post(request_path, %{status: "Nice meme.", visibility: "private"})
lain's avatar
lain committed
104
105
106

      assert json_response(conn, 200) ==
               ActivityRepresenter.to_map(Repo.one(Activity), %{user: user})
lain's avatar
lain committed
107
108
109
    end
  end

lain's avatar
lain committed
110
111
  describe "GET /statuses/public_timeline.json" do
    test "returns statuses", %{conn: conn} do
lain's avatar
lain committed
112
      user = insert(:user)
lain's avatar
lain committed
113
114
115
116
      activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
      ActivityBuilder.insert_list(10, %{}, %{user: user})
      since_id = List.last(activities).id

lain's avatar
lain committed
117
118
      conn =
        conn
lain's avatar
lain committed
119
120
121
122
123
124
        |> get("/api/statuses/public_timeline.json", %{since_id: since_id})

      response = json_response(conn, 200)

      assert length(response) == 10
    end
href's avatar
href committed
125

Maksim's avatar
Maksim committed
126
    test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
href's avatar
href committed
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
      instance =
        Application.get_env(:pleroma, :instance)
        |> Keyword.put(:public, false)

      Application.put_env(:pleroma, :instance, instance)

      conn
      |> get("/api/statuses/public_timeline.json")
      |> json_response(403)

      instance =
        Application.get_env(:pleroma, :instance)
        |> Keyword.put(:public, true)

      Application.put_env(:pleroma, :instance, instance)
    end

Maksim's avatar
Maksim committed
144
    test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
href's avatar
href committed
145
146
147
148
149
150
151
      conn
      |> get("/api/statuses/public_timeline.json")
      |> json_response(200)
    end
  end

  describe "GET /statuses/public_and_external_timeline.json" do
Maksim's avatar
Maksim committed
152
    test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
href's avatar
href committed
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
      instance =
        Application.get_env(:pleroma, :instance)
        |> Keyword.put(:public, false)

      Application.put_env(:pleroma, :instance, instance)

      conn
      |> get("/api/statuses/public_and_external_timeline.json")
      |> json_response(403)

      instance =
        Application.get_env(:pleroma, :instance)
        |> Keyword.put(:public, true)

      Application.put_env(:pleroma, :instance, instance)
    end

Maksim's avatar
Maksim committed
170
    test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
href's avatar
href committed
171
172
173
174
      conn
      |> get("/api/statuses/public_and_external_timeline.json")
      |> json_response(200)
    end
lain's avatar
lain committed
175
176
  end

lain's avatar
lain committed
177
178
  describe "GET /statuses/show/:id.json" do
    test "returns one status", %{conn: conn} do
lain's avatar
lain committed
179
180
      user = insert(:user)
      {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey!"})
lain's avatar
lain committed
181
182
      actor = Repo.get_by!(User, ap_id: activity.data["actor"])

lain's avatar
lain committed
183
184
185
      conn =
        conn
        |> get("/api/statuses/show/#{activity.id}.json")
lain's avatar
lain committed
186
187
188

      response = json_response(conn, 200)

lain's avatar
lain committed
189
      assert response == ActivityRepresenter.to_map(activity, %{user: actor})
lain's avatar
lain committed
190
191
192
    end
  end

eal's avatar
eal committed
193
194
195
196
  describe "GET /users/show.json" do
    test "gets user with screen_name", %{conn: conn} do
      user = insert(:user)

lain's avatar
lain committed
197
198
199
      conn =
        conn
        |> get("/api/users/show.json", %{"screen_name" => user.nickname})
eal's avatar
eal committed
200
201
202
203
204
205
206
207
208

      response = json_response(conn, 200)

      assert response["id"] == user.id
    end

    test "gets user with user_id", %{conn: conn} do
      user = insert(:user)

lain's avatar
lain committed
209
210
211
      conn =
        conn
        |> get("/api/users/show.json", %{"user_id" => user.id})
eal's avatar
eal committed
212
213
214
215
216
217
218
219
220
221
222
223

      response = json_response(conn, 200)

      assert response["id"] == user.id
    end

    test "gets a user for a logged in user", %{conn: conn} do
      user = insert(:user)
      logged_in = insert(:user)

      {:ok, logged_in, user, _activity} = TwitterAPI.follow(logged_in, %{"user_id" => user.id})

lain's avatar
lain committed
224
225
226
227
      conn =
        conn
        |> with_credentials(logged_in.nickname, "test")
        |> get("/api/users/show.json", %{"user_id" => user.id})
eal's avatar
eal committed
228
229
230
231
232
233
234

      response = json_response(conn, 200)

      assert response["following"] == true
    end
  end

235
236
  describe "GET /statusnet/conversation/:id.json" do
    test "returns the statuses in the conversation", %{conn: conn} do
lain's avatar
lain committed
237
      {:ok, _user} = UserBuilder.insert()
238
      {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
239
240
      {:ok, _activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
      {:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
241

lain's avatar
lain committed
242
243
      conn =
        conn
244
        |> get("/api/statusnet/conversation/#{activity.data["context_id"]}.json")
245
246
247
248
249
250
251

      response = json_response(conn, 200)

      assert length(response) == 2
    end
  end

lain's avatar
lain committed
252
253
  describe "GET /statuses/friends_timeline.json" do
    setup [:valid_user]
lain's avatar
lain committed
254

lain's avatar
lain committed
255
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
256
      conn = get(conn, "/api/statuses/friends_timeline.json")
lain's avatar
lain committed
257
258
259
260
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
lain's avatar
lain committed
261
      user = insert(:user)
lain's avatar
lain committed
262
263
264
265
266
267
268

      activities =
        ActivityBuilder.insert_list(30, %{"to" => [User.ap_followers(user)]}, %{user: user})

      returned_activities =
        ActivityBuilder.insert_list(10, %{"to" => [User.ap_followers(user)]}, %{user: user})

lain's avatar
lain committed
269
      other_user = insert(:user)
lain's avatar
lain committed
270
271
272
      ActivityBuilder.insert_list(10, %{}, %{user: other_user})
      since_id = List.last(activities).id

lain's avatar
lain committed
273
      current_user =
274
        Changeset.change(current_user, following: [User.ap_followers(user)])
lain's avatar
lain committed
275
        |> Repo.update!()
lain's avatar
lain committed
276

lain's avatar
lain committed
277
278
      conn =
        conn
lain's avatar
lain committed
279
280
281
282
283
284
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/statuses/friends_timeline.json", %{since_id: since_id})

      response = json_response(conn, 200)

      assert length(response) == 10
lain's avatar
lain committed
285
286
287
288
289
290
291
292

      assert response ==
               Enum.map(returned_activities, fn activity ->
                 ActivityRepresenter.to_map(activity, %{
                   user: User.get_cached_by_ap_id(activity.data["actor"]),
                   for: current_user
                 })
               end)
lain's avatar
lain committed
293
294
295
    end
  end

lain's avatar
lain committed
296
297
298
299
300
301
302
303
304
305
306
307
308
  describe "GET /statuses/dm_timeline.json" do
    test "it show direct messages", %{conn: conn} do
      user_one = insert(:user)
      user_two = insert(:user)

      {:ok, user_two} = User.follow(user_two, user_one)

      {:ok, direct} =
        CommonAPI.post(user_one, %{
          "status" => "Hi @#{user_two.nickname}!",
          "visibility" => "direct"
        })

309
310
311
312
313
314
      {:ok, direct_two} =
        CommonAPI.post(user_two, %{
          "status" => "Hi @#{user_one.nickname}!",
          "visibility" => "direct"
        })

lain's avatar
lain committed
315
316
317
318
319
320
321
322
323
324
325
326
      {:ok, _follower_only} =
        CommonAPI.post(user_one, %{
          "status" => "Hi @#{user_two.nickname}!",
          "visibility" => "private"
        })

      # Only direct should be visible here
      res_conn =
        conn
        |> assign(:user, user_two)
        |> get("/api/statuses/dm_timeline.json")

327
328
329
      [status, status_two] = json_response(res_conn, 200)
      assert status["id"] == direct_two.id
      assert status_two["id"] == direct.id
lain's avatar
lain committed
330
331
332
    end
  end

dtluna's avatar
dtluna committed
333
334
  describe "GET /statuses/mentions.json" do
    setup [:valid_user]
lain's avatar
lain committed
335

dtluna's avatar
dtluna committed
336
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
337
      conn = get(conn, "/api/statuses/mentions.json")
dtluna's avatar
dtluna committed
338
339
340
341
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
lain's avatar
lain committed
342
343
      {:ok, activity} =
        ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: current_user})
dtluna's avatar
dtluna committed
344

lain's avatar
lain committed
345
346
      conn =
        conn
dtluna's avatar
dtluna committed
347
348
349
350
351
352
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/statuses/mentions.json")

      response = json_response(conn, 200)

      assert length(response) == 1
lain's avatar
lain committed
353
354
355
356
357
358

      assert Enum.at(response, 0) ==
               ActivityRepresenter.to_map(activity, %{
                 user: current_user,
                 mentioned: [current_user]
               })
dtluna's avatar
dtluna committed
359
360
361
    end
  end

362
363
364
365
366
367
368
369
370
  describe "GET /api/qvitter/statuses/notifications.json" do
    setup [:valid_user]

    test "without valid credentials", %{conn: conn} do
      conn = get(conn, "/api/qvitter/statuses/notifications.json")
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
371
372
      other_user = insert(:user)

373
      {:ok, _activity} =
374
        ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
375
376
377
378
379
380
381
382
383
384
385

      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/qvitter/statuses/notifications.json")

      response = json_response(conn, 200)

      assert length(response) == 1

      assert response ==
lain's avatar
lain committed
386
387
388
389
               NotificationView.render("notification.json", %{
                 notifications: Notification.for_user(current_user),
                 for: current_user
               })
390
391
392
    end
  end

393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
  describe "POST /api/qvitter/statuses/notifications/read" do
    setup [:valid_user]

    test "without valid credentials", %{conn: conn} do
      conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials, without any params", %{conn: conn, user: current_user} do
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/qvitter/statuses/notifications/read")

      assert json_response(conn, 400) == %{
               "error" => "You need to specify latest_id",
               "request" => "/api/qvitter/statuses/notifications/read"
             }
    end

    test "with credentials, with params", %{conn: conn, user: current_user} do
      other_user = insert(:user)

      {:ok, _activity} =
        ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})

      response_conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/qvitter/statuses/notifications.json")

      [notification] = response = json_response(response_conn, 200)

      assert length(response) == 1

      assert notification["is_seen"] == 0

      response_conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})

      [notification] = response = json_response(response_conn, 200)

      assert length(response) == 1

      assert notification["is_seen"] == 1
    end
  end

dtluna's avatar
dtluna committed
443
444
  describe "GET /statuses/user_timeline.json" do
    setup [:valid_user]
lain's avatar
lain committed
445

dtluna's avatar
dtluna committed
446
447
    test "without any params", %{conn: conn} do
      conn = get(conn, "/api/statuses/user_timeline.json")
lain's avatar
lain committed
448
449
450
451
452

      assert json_response(conn, 400) == %{
               "error" => "You need to specify screen_name or user_id",
               "request" => "/api/statuses/user_timeline.json"
             }
dtluna's avatar
dtluna committed
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
    end

    test "with user_id", %{conn: conn} do
      user = insert(:user)
      {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})

      conn = get(conn, "/api/statuses/user_timeline.json", %{"user_id" => user.id})
      response = json_response(conn, 200)
      assert length(response) == 1
      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
    end

    test "with screen_name", %{conn: conn} do
      user = insert(:user)
      {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})

      conn = get(conn, "/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
      response = json_response(conn, 200)
      assert length(response) == 1
      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
    end

    test "with credentials", %{conn: conn, user: current_user} do
      {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: current_user})
lain's avatar
lain committed
477
478
479
480
481

      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/statuses/user_timeline.json")
dtluna's avatar
dtluna committed
482
483
484
485
486
487
488
489
490
491

      response = json_response(conn, 200)

      assert length(response) == 1
      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: current_user})
    end

    test "with credentials with user_id", %{conn: conn, user: current_user} do
      user = insert(:user)
      {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
lain's avatar
lain committed
492
493
494
495
496

      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id})
dtluna's avatar
dtluna committed
497
498
499
500
501
502
503
504
505
506

      response = json_response(conn, 200)

      assert length(response) == 1
      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
    end

    test "with credentials screen_name", %{conn: conn, user: current_user} do
      user = insert(:user)
      {:ok, activity} = ActivityBuilder.insert(%{"id" => 1}, %{user: user})
lain's avatar
lain committed
507
508
509
510
511

      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/statuses/user_timeline.json", %{"screen_name" => user.nickname})
dtluna's avatar
dtluna committed
512
513
514
515
516
517
518
519

      response = json_response(conn, 200)

      assert length(response) == 1
      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
    end
  end

lain's avatar
lain committed
520
521
  describe "POST /friendships/create.json" do
    setup [:valid_user]
lain's avatar
lain committed
522

lain's avatar
lain committed
523
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
524
      conn = post(conn, "/api/friendships/create.json")
lain's avatar
lain committed
525
526
527
528
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
lain's avatar
lain committed
529
      followed = insert(:user)
lain's avatar
lain committed
530

lain's avatar
lain committed
531
532
533
534
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/friendships/create.json", %{user_id: followed.id})
lain's avatar
lain committed
535
536

      current_user = Repo.get(User, current_user.id)
537
      assert User.ap_followers(followed) in current_user.following
lain's avatar
lain committed
538
539
540

      assert json_response(conn, 200) ==
               UserView.render("show.json", %{user: followed, for: current_user})
lain's avatar
lain committed
541
542
543
    end
  end

lain's avatar
lain committed
544
545
  describe "POST /friendships/destroy.json" do
    setup [:valid_user]
lain's avatar
lain committed
546

lain's avatar
lain committed
547
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
548
      conn = post(conn, "/api/friendships/destroy.json")
lain's avatar
lain committed
549
550
551
552
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
lain's avatar
lain committed
553
      followed = insert(:user)
lain's avatar
lain committed
554
555

      {:ok, current_user} = User.follow(current_user, followed)
556
      assert User.ap_followers(followed) in current_user.following
557
      ActivityPub.follow(current_user, followed)
lain's avatar
lain committed
558

lain's avatar
lain committed
559
560
561
562
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/friendships/destroy.json", %{user_id: followed.id})
lain's avatar
lain committed
563
564

      current_user = Repo.get(User, current_user.id)
565
      assert current_user.following == [current_user.ap_id]
lain's avatar
lain committed
566
567
568

      assert json_response(conn, 200) ==
               UserView.render("show.json", %{user: followed, for: current_user})
lain's avatar
lain committed
569
570
571
    end
  end

eal's avatar
eal committed
572
573
  describe "POST /blocks/create.json" do
    setup [:valid_user]
lain's avatar
lain committed
574

eal's avatar
eal committed
575
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
576
      conn = post(conn, "/api/blocks/create.json")
eal's avatar
eal committed
577
578
579
580
581
582
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
      blocked = insert(:user)

lain's avatar
lain committed
583
584
585
586
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/blocks/create.json", %{user_id: blocked.id})
eal's avatar
eal committed
587
588
589

      current_user = Repo.get(User, current_user.id)
      assert User.blocks?(current_user, blocked)
lain's avatar
lain committed
590
591
592

      assert json_response(conn, 200) ==
               UserView.render("show.json", %{user: blocked, for: current_user})
eal's avatar
eal committed
593
594
595
596
597
    end
  end

  describe "POST /blocks/destroy.json" do
    setup [:valid_user]
lain's avatar
lain committed
598

eal's avatar
eal committed
599
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
600
      conn = post(conn, "/api/blocks/destroy.json")
eal's avatar
eal committed
601
602
603
604
605
606
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
      blocked = insert(:user)

normandy's avatar
normandy committed
607
      {:ok, current_user, blocked} = TwitterAPI.block(current_user, %{"user_id" => blocked.id})
eal's avatar
eal committed
608
609
      assert User.blocks?(current_user, blocked)

lain's avatar
lain committed
610
611
612
613
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/blocks/destroy.json", %{user_id: blocked.id})
eal's avatar
eal committed
614
615

      current_user = Repo.get(User, current_user.id)
lain's avatar
lain committed
616
      assert current_user.info.blocks == []
lain's avatar
lain committed
617
618
619

      assert json_response(conn, 200) ==
               UserView.render("show.json", %{user: blocked, for: current_user})
eal's avatar
eal committed
620
621
622
    end
  end

dtluna's avatar
dtluna committed
623
624
  describe "GET /help/test.json" do
    test "returns \"ok\"", %{conn: conn} do
lain's avatar
lain committed
625
      conn = get(conn, "/api/help/test.json")
dtluna's avatar
dtluna committed
626
      assert json_response(conn, 200) == "ok"
lain's avatar
lain committed
627
    end
628
629
  end

lain's avatar
lain committed
630
631
  describe "POST /api/qvitter/update_avatar.json" do
    setup [:valid_user]
lain's avatar
lain committed
632

lain's avatar
lain committed
633
    test "without valid credentials", %{conn: conn} do
lain's avatar
lain committed
634
      conn = post(conn, "/api/qvitter/update_avatar.json")
lain's avatar
lain committed
635
636
637
638
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
lain's avatar
lain committed
639
      avatar_image = File.read!("test/fixtures/avatar_data_uri")
lain's avatar
lain committed
640
641
642
643
644

      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/qvitter/update_avatar.json", %{img: avatar_image})
lain's avatar
lain committed
645
646
647

      current_user = Repo.get(User, current_user.id)
      assert is_map(current_user.avatar)
lain's avatar
lain committed
648
649
650

      assert json_response(conn, 200) ==
               UserView.render("show.json", %{user: current_user, for: current_user})
lain's avatar
lain committed
651
652
653
    end
  end

654
655
656
657
658
659
660
661
662
  describe "GET /api/qvitter/mutes.json" do
    setup [:valid_user]

    test "unimplemented mutes without valid credentials", %{conn: conn} do
      conn = get(conn, "/api/qvitter/mutes.json")
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "unimplemented mutes with credentials", %{conn: conn, user: current_user} do
Maksim's avatar
Maksim committed
663
      response =
664
665
666
        conn
        |> with_credentials(current_user.nickname, "test")
        |> get("/api/qvitter/mutes.json")
Maksim's avatar
Maksim committed
667
        |> json_response(200)
Vivian Lim's avatar
Vivian Lim committed
668

Maksim's avatar
Maksim committed
669
      assert [] = response
670
671
672
    end
  end

lain's avatar
lain committed
673
674
  describe "POST /api/favorites/create/:id" do
    setup [:valid_user]
lain's avatar
lain committed
675

lain's avatar
lain committed
676
677
    test "without valid credentials", %{conn: conn} do
      note_activity = insert(:note_activity)
lain's avatar
lain committed
678
      conn = post(conn, "/api/favorites/create/#{note_activity.id}.json")
lain's avatar
lain committed
679
680
681
682
683
684
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
      note_activity = insert(:note_activity)

lain's avatar
lain committed
685
686
687
688
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/favorites/create/#{note_activity.id}.json")
lain's avatar
lain committed
689
690
691

      assert json_response(conn, 200)
    end
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709

    test "with credentials, invalid param", %{conn: conn, user: current_user} do
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/favorites/create/wrong.json")

      assert json_response(conn, 400)
    end

    test "with credentials, invalid activity", %{conn: conn, user: current_user} do
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/favorites/create/1.json")

      assert json_response(conn, 500)
    end
lain's avatar
lain committed
710
711
  end

lain's avatar
lain committed
712
713
  describe "POST /api/favorites/destroy/:id" do
    setup [:valid_user]
lain's avatar
lain committed
714

lain's avatar
lain committed
715
716
    test "without valid credentials", %{conn: conn} do
      note_activity = insert(:note_activity)
lain's avatar
lain committed
717
      conn = post(conn, "/api/favorites/destroy/#{note_activity.id}.json")
lain's avatar
lain committed
718
719
720
721
722
723
724
725
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
      note_activity = insert(:note_activity)
      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
      ActivityPub.like(current_user, object)

lain's avatar
lain committed
726
727
728
729
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post("/api/favorites/destroy/#{note_activity.id}.json")
lain's avatar
lain committed
730
731
732
733
734

      assert json_response(conn, 200)
    end
  end

lain's avatar
lain committed
735
736
  describe "POST /api/statuses/retweet/:id" do
    setup [:valid_user]
lain's avatar
lain committed
737

lain's avatar
lain committed
738
739
    test "without valid credentials", %{conn: conn} do
      note_activity = insert(:note_activity)
lain's avatar
lain committed
740
      conn = post(conn, "/api/statuses/retweet/#{note_activity.id}.json")
lain's avatar
lain committed
741
742
743
744
745
746
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
      note_activity = insert(:note_activity)

dtluna's avatar
dtluna committed
747
      request_path = "/api/statuses/retweet/#{note_activity.id}.json"
lain's avatar
lain committed
748

lain's avatar
lain committed
749
750
751
752
753
      response =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post(request_path)

dtluna's avatar
dtluna committed
754
      activity = Repo.get(Activity, note_activity.id)
lain's avatar
lain committed
755
      activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])
lain's avatar
lain committed
756
757
758

      assert json_response(response, 200) ==
               ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
lain's avatar
lain committed
759
760
761
    end
  end

762
763
764
765
766
  describe "POST /api/statuses/unretweet/:id" do
    setup [:valid_user]

    test "without valid credentials", %{conn: conn} do
      note_activity = insert(:note_activity)
normandy's avatar
normandy committed
767
      conn = post(conn, "/api/statuses/unretweet/#{note_activity.id}.json")
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

    test "with credentials", %{conn: conn, user: current_user} do
      note_activity = insert(:note_activity)

      request_path = "/api/statuses/retweet/#{note_activity.id}.json"

      _response =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post(request_path)

      request_path = String.replace(request_path, "retweet", "unretweet")

      response =
        conn
        |> with_credentials(current_user.nickname, "test")
        |> post(request_path)

      activity = Repo.get(Activity, note_activity.id)
      activity_user = Repo.get_by(User, ap_id: note_activity.data["actor"])

      assert json_response(response, 200) ==
               ActivityRepresenter.to_map(activity, %{user: activity_user, for: current_user})
    end
  end

796
797
798
799
800
801
802
803
804
805
806
  describe "POST /api/account/register" do
    test "it creates a new user", %{conn: conn} do
      data = %{
        "nickname" => "lain",
        "email" => "lain@wired.jp",
        "fullname" => "lain iwakura",
        "bio" => "close the world.",
        "password" => "bear",
        "confirm" => "bear"
      }

lain's avatar
lain committed
807
808
809
      conn =
        conn
        |> post("/api/account/register", data)
810
811
812
813

      user = json_response(conn, 200)

      fetched_user = Repo.get_by(User, nickname: "lain")
dtluna's avatar
dtluna committed
814
      assert user == UserView.render("show.json", %{user: fetched_user})
815
816
817
818
819
820
821
822
823
824
825
    end

    test "it returns errors on a problem", %{conn: conn} do
      data = %{
        "email" => "lain@wired.jp",
        "fullname" => "lain iwakura",
        "bio" => "close the world.",
        "password" => "bear",
        "confirm" => "bear"
      }

lain's avatar
lain committed
826
827
828
      conn =
        conn
        |> post("/api/account/register", data)
829
830
831
832

      errors = json_response(conn, 400)

      assert is_binary(errors["error"])
dtluna's avatar
dtluna committed
833
834
835
    end
  end

836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
  describe "POST /api/account/password_reset, with valid parameters" do
    setup %{conn: conn} do
      user = insert(:user)
      conn = post(conn, "/api/account/password_reset?email=#{user.email}")
      %{conn: conn, user: user}
    end

    test "it returns 204", %{conn: conn} do
      assert json_response(conn, :no_content)
    end

    test "it creates a PasswordResetToken record for user", %{user: user} do
      token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
      assert token_record
    end

    test "it sends an email to user", %{user: user} do
      token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)

      Swoosh.TestAssertions.assert_email_sent(
        Pleroma.UserEmail.password_reset_email(user, token_record.token)
      )
    end
  end

  describe "POST /api/account/password_reset, with invalid parameters" do
    setup [:valid_user]

    test "it returns 500 when user is not found", %{conn: conn, user: user} do
      conn = post(conn, "/api/account/password_reset?email=nonexisting_#{user.email}")
      assert json_response(conn, :internal_server_error)
    end

    test "it returns 500 when user is not local", %{conn: conn, user: user} do
      {:ok, user} = Repo.update(Changeset.change(user, local: false))
      conn = post(conn, "/api/account/password_reset?email=#{user.email}")
      assert json_response(conn, :internal_server_error)
    end
  end

876
  describe "GET /api/account/confirm_email/:id/:token" do
877
878
    setup do
      user = insert(:user)
879
      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
880
881
882
883
884
885
886
887
888
889
890
891
892

      {:ok, user} =
        user
        |> Changeset.change()
        |> Changeset.put_embed(:info, info_change)
        |> Repo.update()

      assert user.info.confirmation_pending

      [user: user]
    end

    test "it redirects to root url", %{conn: conn, user: user} do
893
      conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
894
895
896
897
898

      assert 302 == conn.status
    end

    test "it confirms the user account", %{conn: conn, user: user} do
899
      get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
900
901
902
903
904
905

      user = Repo.get(User, user.id)

      refute user.info.confirmation_pending
      refute user.info.confirmation_token
    end
906
907
908
909
910
911
912
913
914
915
916
917

    test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
      conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")

      assert 500 == conn.status
    end

    test "it returns 500 if token is invalid", %{conn: conn, user: user} do
      conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")

      assert 500 == conn.status
    end
918
919
920
921
  end

  describe "POST /api/account/resend_confirmation_email" do
    setup do
922
923
924
925
926
927
928
      setting = Pleroma.Config.get([:instance, :account_activation_required])

      unless setting do
        Pleroma.Config.put([:instance, :account_activation_required], true)
        on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
      end

929
      user = insert(:user)
930
      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958

      {:ok, user} =
        user
        |> Changeset.change()
        |> Changeset.put_embed(:info, info_change)
        |> Repo.update()

      assert user.info.confirmation_pending

      [user: user]
    end

    test "it returns 204 No Content", %{conn: conn, user: user} do
      conn
      |> assign(:user, user)
      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
      |> json_response(:no_content)
    end

    test "it sends confirmation email", %{conn: conn, user: user} do
      conn
      |> assign(:user, user)
      |> post("/api/account/resend_confirmation_email?email=#{user.email}")

      Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
    end
  end

lain's avatar
lain committed
959
960
961
  describe "GET /api/externalprofile/show" do
    test "it returns the user", %{conn: conn} do
      user = insert(:user)
962
      other_user = insert(:user)
lain's avatar
lain committed
963

lain's avatar
lain committed
964
965
966
967
      conn =
        conn
        |> assign(:user, user)
        |> get("/api/externalprofile/show", %{profileurl: other_user.ap_id})
lain's avatar
lain committed
968

969
      assert json_response(conn, 200) == UserView.render("show.json", %{user: other_user})
lain's avatar
lain committed
970
971
972
    end
  end

lain's avatar
lain committed
973
974
975
976
977
  describe "GET /api/statuses/followers" do
    test "it returns a user's followers", %{conn: conn} do
      user = insert(:user)
      follower_one = insert(:user)
      follower_two = insert(:user)
lain's avatar
lain committed
978
      _not_follower = insert(:user)
lain's avatar
lain committed
979
980
981
982

      {:ok, follower_one} = User.follow(follower_one, user)
      {:ok, follower_two} = User.follow(follower_two, user)

lain's avatar
lain committed
983
984
985
986
      conn =
        conn
        |> assign(:user, user)
        |> get("/api/statuses/followers")
lain's avatar
lain committed
987

lain's avatar
lain committed
988
989
990
      expected = UserView.render("index.json", %{users: [follower_one, follower_two], for: user})
      result = json_response(conn, 200)
      assert Enum.sort(expected) == Enum.sort(result)
lain's avatar
lain committed
991
    end
lain's avatar
lain committed
992
993
994
995
996
997
998
999
1000

    test "it returns a given user's followers with user_id", %{conn: conn} do
      user = insert(:user)
      follower_one = insert(:user)
      follower_two = insert(:user)
      not_follower = insert(:user)

      {:ok, follower_one} = User.follow(follower_one, user)
      {:ok, follower_two} = User.follow(follower_two, user)
For faster browsing, not all history is shown. View entire blame