util_controller_test.exs 13.8 KB
Newer Older
1
# Pleroma: A lightweight social networking server
Haelwenn's avatar
Haelwenn committed
2
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 4
# SPDX-License-Identifier: AGPL-3.0-only

5 6
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
  use Pleroma.Web.ConnCase
7
  use Oban.Testing, repo: Pleroma.Repo
8

9
  alias Pleroma.Tests.ObanHelpers
10
  alias Pleroma.User
11

12
  import Pleroma.Factory
Maksim's avatar
Maksim committed
13
  import Mock
14

15 16 17 18 19
  setup do
    Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
    :ok
  end

20 21
  setup do: clear_config([:instance])
  setup do: clear_config([:frontend_configurations, :pleroma_fe])
22

23
  describe "PUT /api/pleroma/notification_settings" do
24
    setup do: oauth_access(["write:accounts"])
25

26
    test "it updates notification settings", %{user: user, conn: conn} do
27
      conn
Haelwenn's avatar
Haelwenn committed
28 29 30 31 32 33 34 35
      |> put(
        "/api/pleroma/notification_settings?#{
          URI.encode_query(%{
            block_from_strangers: true
          })
        }"
      )
      |> json_response_and_validate_schema(:ok)
36

37
      user = refresh_record(user)
38

Maksim's avatar
Maksim committed
39
      assert %Pleroma.User.NotificationSetting{
40
               block_from_strangers: true,
41
               hide_notification_contents: false
Maksim's avatar
Maksim committed
42 43 44
             } == user.notification_settings
    end

45
    test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
Maksim's avatar
Maksim committed
46
      conn
Haelwenn's avatar
Haelwenn committed
47 48 49 50 51 52 53 54
      |> put(
        "/api/pleroma/notification_settings?#{
          URI.encode_query(%{
            hide_notification_contents: 1
          })
        }"
      )
      |> json_response_and_validate_schema(:ok)
Maksim's avatar
Maksim committed
55 56 57 58

      user = refresh_record(user)

      assert %Pleroma.User.NotificationSetting{
59
               block_from_strangers: false,
60
               hide_notification_contents: true
61
             } == user.notification_settings
62 63 64
    end
  end

65
  describe "GET /api/pleroma/frontend_configurations" do
lain's avatar
lain committed
66 67 68 69 70 71 72 73 74 75 76
    test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
      config = [
        frontend_a: %{
          x: 1,
          y: 2
        },
        frontend_b: %{
          z: 3
        }
      ]

77
      clear_config(:frontend_configurations, config)
lain's avatar
lain committed
78 79 80 81

      response =
        conn
        |> get("/api/pleroma/frontend_configurations")
Haelwenn's avatar
Haelwenn committed
82
        |> json_response_and_validate_schema(:ok)
lain's avatar
lain committed
83 84 85 86

      assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
    end
  end
87 88 89

  describe "/api/pleroma/emoji" do
    test "returns json with custom emoji with tags", %{conn: conn} do
90
      emoji =
91 92
        conn
        |> get("/api/pleroma/emoji")
Haelwenn's avatar
Haelwenn committed
93
        |> json_response_and_validate_schema(200)
94

95 96 97 98 99 100 101 102
      assert Enum.all?(emoji, fn
               {_key,
                %{
                  "image_url" => url,
                  "tags" => tags
                }} ->
                 is_binary(url) and is_list(tags)
             end)
103 104
    end
  end
105

Maksim's avatar
Maksim committed
106
  describe "GET /api/pleroma/healthcheck" do
107
    setup do: clear_config([:instance, :healthcheck])
Maksim's avatar
Maksim committed
108 109

    test "returns 503 when healthcheck disabled", %{conn: conn} do
110
      clear_config([:instance, :healthcheck], false)
Maksim's avatar
Maksim committed
111 112 113 114

      response =
        conn
        |> get("/api/pleroma/healthcheck")
Haelwenn's avatar
Haelwenn committed
115
        |> json_response_and_validate_schema(503)
Maksim's avatar
Maksim committed
116 117 118 119 120

      assert response == %{}
    end

    test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
121
      clear_config([:instance, :healthcheck], true)
Maksim's avatar
Maksim committed
122 123 124 125 126 127

      with_mock Pleroma.Healthcheck,
        system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
        response =
          conn
          |> get("/api/pleroma/healthcheck")
Haelwenn's avatar
Haelwenn committed
128
          |> json_response_and_validate_schema(200)
Maksim's avatar
Maksim committed
129 130 131 132 133 134 135 136 137 138 139

        assert %{
                 "active" => _,
                 "healthy" => true,
                 "idle" => _,
                 "memory_used" => _,
                 "pool_size" => _
               } = response
      end
    end

140
    test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
141
      clear_config([:instance, :healthcheck], true)
Maksim's avatar
Maksim committed
142 143 144 145 146 147

      with_mock Pleroma.Healthcheck,
        system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
        response =
          conn
          |> get("/api/pleroma/healthcheck")
Haelwenn's avatar
Haelwenn committed
148
          |> json_response_and_validate_schema(503)
Maksim's avatar
Maksim committed
149 150 151 152 153 154 155 156 157 158

        assert %{
                 "active" => _,
                 "healthy" => false,
                 "idle" => _,
                 "memory_used" => _,
                 "pool_size" => _
               } = response
      end
    end
159
  end
160

minibikini's avatar
minibikini committed
161
  describe "POST /api/pleroma/disable_account" do
162
    setup do: oauth_access(["write:accounts"])
minibikini's avatar
minibikini committed
163

164
    test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
minibikini's avatar
minibikini committed
165 166
      response =
        conn
Haelwenn's avatar
Haelwenn committed
167 168
        |> post("/api/pleroma/disable_account?password=test")
        |> json_response_and_validate_schema(:ok)
minibikini's avatar
minibikini committed
169 170

      assert response == %{"status" => "success"}
171
      ObanHelpers.perform_all()
minibikini's avatar
minibikini committed
172 173 174

      user = User.get_cached_by_id(user.id)

175
      refute user.is_active
minibikini's avatar
minibikini committed
176
    end
Maksim's avatar
Maksim committed
177

178
    test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
Maksim's avatar
Maksim committed
179 180 181 182
      user = insert(:user)

      response =
        conn
Haelwenn's avatar
Haelwenn committed
183 184
        |> post("/api/pleroma/disable_account?password=test1")
        |> json_response_and_validate_schema(:ok)
Maksim's avatar
Maksim committed
185 186 187 188

      assert response == %{"error" => "Invalid password."}
      user = User.get_cached_by_id(user.id)

189
      assert user.is_active
Maksim's avatar
Maksim committed
190 191 192 193
    end
  end

  describe "POST /main/ostatus - remote_subscribe/2" do
194
    setup do: clear_config([:instance, :federating], true)
195

Maksim's avatar
Maksim committed
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
    test "renders subscribe form", %{conn: conn} do
      user = insert(:user)

      response =
        conn
        |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
        |> response(:ok)

      refute response =~ "Could not find user"
      assert response =~ "Remotely follow #{user.nickname}"
    end

    test "renders subscribe form with error when user not found", %{conn: conn} do
      response =
        conn
        |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
        |> response(:ok)

      assert response =~ "Could not find user"
      refute response =~ "Remotely follow"
    end

    test "it redirect to webfinger url", %{conn: conn} do
      user = insert(:user)
      user2 = insert(:user, ap_id: "shp@social.heldscal.la")

      conn =
        conn
        |> post("/main/ostatus", %{
          "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
        })

      assert redirected_to(conn) ==
               "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
    end

232
    test "it renders form with error when user not found", %{conn: conn} do
Maksim's avatar
Maksim committed
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254
      user2 = insert(:user, ap_id: "shp@social.heldscal.la")

      response =
        conn
        |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
        |> response(:ok)

      assert response =~ "Something went wrong."
    end
  end

  test "it returns new captcha", %{conn: conn} do
    with_mock Pleroma.Captcha,
      new: fn -> "test_captcha" end do
      resp =
        conn
        |> get("/api/pleroma/captcha")
        |> response(200)

      assert resp == "\"test_captcha\""
      assert called(Pleroma.Captcha.new())
    end
minibikini's avatar
minibikini committed
255
  end
minibikini's avatar
minibikini committed
256 257

  describe "POST /api/pleroma/change_email" do
258
    setup do: oauth_access(["write:accounts"])
minibikini's avatar
minibikini committed
259

260 261 262 263
    test "without permissions", %{conn: conn} do
      conn =
        conn
        |> assign(:token, nil)
264 265
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
Haelwenn's avatar
Haelwenn committed
266 267 268 269

      assert json_response_and_validate_schema(conn, 403) == %{
               "error" => "Insufficient permissions: write:accounts."
             }
minibikini's avatar
minibikini committed
270 271
    end

272
    test "with proper permissions and invalid password", %{conn: conn} do
minibikini's avatar
minibikini committed
273
      conn =
274 275 276
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"})
Haelwenn's avatar
Haelwenn committed
277 278

      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
minibikini's avatar
minibikini committed
279 280
    end

281 282
    test "with proper permissions, valid password and invalid email", %{
      conn: conn
minibikini's avatar
minibikini committed
283 284
    } do
      conn =
285 286 287
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"})
minibikini's avatar
minibikini committed
288

Haelwenn's avatar
Haelwenn committed
289 290 291
      assert json_response_and_validate_schema(conn, 200) == %{
               "error" => "Email has invalid format."
             }
minibikini's avatar
minibikini committed
292 293
    end

294 295
    test "with proper permissions, valid password and no email", %{
      conn: conn
minibikini's avatar
minibikini committed
296
    } do
297 298 299 300
      conn =
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "test"})
minibikini's avatar
minibikini committed
301

Haelwenn's avatar
Haelwenn committed
302
      assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
minibikini's avatar
minibikini committed
303 304
    end

305 306
    test "with proper permissions, valid password and blank email", %{
      conn: conn
minibikini's avatar
minibikini committed
307 308
    } do
      conn =
309 310 311
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "test", email: ""})
minibikini's avatar
minibikini committed
312

Haelwenn's avatar
Haelwenn committed
313
      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
minibikini's avatar
minibikini committed
314 315
    end

316 317
    test "with proper permissions, valid password and non unique email", %{
      conn: conn
minibikini's avatar
minibikini committed
318 319 320 321
    } do
      user = insert(:user)

      conn =
322 323 324
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "test", email: user.email})
minibikini's avatar
minibikini committed
325

Haelwenn's avatar
Haelwenn committed
326 327 328
      assert json_response_and_validate_schema(conn, 200) == %{
               "error" => "Email has already been taken."
             }
minibikini's avatar
minibikini committed
329 330
    end

331 332
    test "with proper permissions, valid password and valid email", %{
      conn: conn
minibikini's avatar
minibikini committed
333 334
    } do
      conn =
335 336 337
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"})
Haelwenn's avatar
Haelwenn committed
338 339

      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
minibikini's avatar
minibikini committed
340 341
    end
  end
342 343

  describe "POST /api/pleroma/change_password" do
344 345 346 347 348 349
    setup do: oauth_access(["write:accounts"])

    test "without permissions", %{conn: conn} do
      conn =
        conn
        |> assign(:token, nil)
350 351 352 353 354 355
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          "password" => "hi",
          "new_password" => "newpass",
          "new_password_confirmation" => "newpass"
        })
Haelwenn's avatar
Haelwenn committed
356 357 358 359

      assert json_response_and_validate_schema(conn, 403) == %{
               "error" => "Insufficient permissions: write:accounts."
             }
360 361
    end

362
    test "with proper permissions and invalid password", %{conn: conn} do
363
      conn =
364 365 366 367 368 369 370
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          "password" => "hi",
          "new_password" => "newpass",
          "new_password_confirmation" => "newpass"
        })
Haelwenn's avatar
Haelwenn committed
371 372

      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
373 374
    end

375 376 377 378
    test "with proper permissions, valid password and new password and confirmation not matching",
         %{
           conn: conn
         } do
379
      conn =
380 381 382 383 384 385 386
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          "password" => "test",
          "new_password" => "newpass",
          "new_password_confirmation" => "notnewpass"
        })
Haelwenn's avatar
Haelwenn committed
387 388

      assert json_response_and_validate_schema(conn, 200) == %{
389 390 391 392
               "error" => "New password does not match confirmation."
             }
    end

393 394
    test "with proper permissions, valid password and invalid new password", %{
      conn: conn
395 396
    } do
      conn =
397 398 399 400 401 402 403
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          password: "test",
          new_password: "",
          new_password_confirmation: ""
        })
Haelwenn's avatar
Haelwenn committed
404 405

      assert json_response_and_validate_schema(conn, 200) == %{
406 407 408 409
               "error" => "New password can't be blank."
             }
    end

410
    test "with proper permissions, valid password and matching new password and confirmation", %{
411
      conn: conn,
412
      user: user
413 414
    } do
      conn =
415 416 417 418 419 420 421 422 423
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post(
          "/api/pleroma/change_password",
          %{
            password: "test",
            new_password: "newpass",
            new_password_confirmation: "newpass"
          }
Haelwenn's avatar
Haelwenn committed
424 425 426
        )

      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
427
      fetched_user = User.get_cached_by_id(user.id)
lain's avatar
lain committed
428
      assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
429 430 431 432
    end
  end

  describe "POST /api/pleroma/delete_account" do
433
    setup do: oauth_access(["write:accounts"])
434

435
    test "without permissions", %{conn: conn} do
436 437
      conn =
        conn
438 439
        |> assign(:token, nil)
        |> post("/api/pleroma/delete_account")
440

Haelwenn's avatar
Haelwenn committed
441
      assert json_response_and_validate_schema(conn, 403) ==
442
               %{"error" => "Insufficient permissions: write:accounts."}
443 444
    end

445 446 447 448
    test "with proper permissions and wrong or missing password", %{conn: conn} do
      for params <- [%{"password" => "hi"}, %{}] do
        ret_conn = post(conn, "/api/pleroma/delete_account", params)

Haelwenn's avatar
Haelwenn committed
449 450 451
        assert json_response_and_validate_schema(ret_conn, 200) == %{
                 "error" => "Invalid password."
               }
452 453 454
      end
    end

455
    test "with proper permissions and valid password", %{conn: conn, user: user} do
Haelwenn's avatar
Haelwenn committed
456
      conn = post(conn, "/api/pleroma/delete_account?password=test")
457
      ObanHelpers.perform_all()
Haelwenn's avatar
Haelwenn committed
458
      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
459 460

      user = User.get_by_id(user.id)
461
      refute user.is_active
462
      assert user.name == nil
463
      assert user.bio == ""
464
      assert user.password_hash == nil
465 466
    end
  end
467
end