util_controller_test.exs 13.6 KB
Newer Older
1
# Pleroma: A lightweight social networking server
Haelwenn's avatar
Haelwenn committed
2
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 4
# SPDX-License-Identifier: AGPL-3.0-only

5 6
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
  use Pleroma.Web.ConnCase
7
  use Oban.Testing, repo: Pleroma.Repo
8

9
  alias Pleroma.Tests.ObanHelpers
10
  alias Pleroma.User
11

12
  import Pleroma.Factory
Maksim's avatar
Maksim committed
13
  import Mock
14

15 16 17 18 19
  setup do
    Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
    :ok
  end

20 21
  setup do: clear_config([:instance])
  setup do: clear_config([:frontend_configurations, :pleroma_fe])
22

23
  describe "PUT /api/pleroma/notification_settings" do
24
    setup do: oauth_access(["write:accounts"])
25

26
    test "it updates notification settings", %{user: user, conn: conn} do
27
      conn
Haelwenn's avatar
Haelwenn committed
28 29 30 31 32 33 34 35
      |> put(
        "/api/pleroma/notification_settings?#{
          URI.encode_query(%{
            block_from_strangers: true
          })
        }"
      )
      |> json_response_and_validate_schema(:ok)
36

37
      user = refresh_record(user)
38

Maksim's avatar
Maksim committed
39
      assert %Pleroma.User.NotificationSetting{
40
               block_from_strangers: true,
41
               hide_notification_contents: false
Maksim's avatar
Maksim committed
42 43 44
             } == user.notification_settings
    end

45
    test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
Maksim's avatar
Maksim committed
46
      conn
Haelwenn's avatar
Haelwenn committed
47 48 49 50 51 52 53 54
      |> put(
        "/api/pleroma/notification_settings?#{
          URI.encode_query(%{
            hide_notification_contents: 1
          })
        }"
      )
      |> json_response_and_validate_schema(:ok)
Maksim's avatar
Maksim committed
55 56 57 58

      user = refresh_record(user)

      assert %Pleroma.User.NotificationSetting{
59
               block_from_strangers: false,
60
               hide_notification_contents: true
61
             } == user.notification_settings
62 63 64
    end
  end

65
  describe "GET /api/pleroma/frontend_configurations" do
lain's avatar
lain committed
66 67 68 69 70 71 72 73 74 75 76
    test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do
      config = [
        frontend_a: %{
          x: 1,
          y: 2
        },
        frontend_b: %{
          z: 3
        }
      ]

77
      clear_config(:frontend_configurations, config)
lain's avatar
lain committed
78 79 80 81

      response =
        conn
        |> get("/api/pleroma/frontend_configurations")
Haelwenn's avatar
Haelwenn committed
82
        |> json_response_and_validate_schema(:ok)
lain's avatar
lain committed
83 84 85 86

      assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
    end
  end
87 88 89

  describe "/api/pleroma/emoji" do
    test "returns json with custom emoji with tags", %{conn: conn} do
90
      emoji =
91 92
        conn
        |> get("/api/pleroma/emoji")
Haelwenn's avatar
Haelwenn committed
93
        |> json_response_and_validate_schema(200)
94

95 96 97 98 99 100 101 102
      assert Enum.all?(emoji, fn
               {_key,
                %{
                  "image_url" => url,
                  "tags" => tags
                }} ->
                 is_binary(url) and is_list(tags)
             end)
103 104
    end
  end
105

Maksim's avatar
Maksim committed
106
  describe "GET /api/pleroma/healthcheck" do
107
    setup do: clear_config([:instance, :healthcheck])
Maksim's avatar
Maksim committed
108 109

    test "returns 503 when healthcheck disabled", %{conn: conn} do
110
      clear_config([:instance, :healthcheck], false)
Maksim's avatar
Maksim committed
111 112 113 114

      response =
        conn
        |> get("/api/pleroma/healthcheck")
Haelwenn's avatar
Haelwenn committed
115
        |> json_response_and_validate_schema(503)
Maksim's avatar
Maksim committed
116 117 118 119 120

      assert response == %{}
    end

    test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
121
      clear_config([:instance, :healthcheck], true)
Maksim's avatar
Maksim committed
122 123 124 125 126 127

      with_mock Pleroma.Healthcheck,
        system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do
        response =
          conn
          |> get("/api/pleroma/healthcheck")
Haelwenn's avatar
Haelwenn committed
128
          |> json_response_and_validate_schema(200)
Maksim's avatar
Maksim committed
129 130 131 132 133 134 135 136 137 138 139

        assert %{
                 "active" => _,
                 "healthy" => true,
                 "idle" => _,
                 "memory_used" => _,
                 "pool_size" => _
               } = response
      end
    end

140
    test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
141
      clear_config([:instance, :healthcheck], true)
Maksim's avatar
Maksim committed
142 143 144 145 146 147

      with_mock Pleroma.Healthcheck,
        system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do
        response =
          conn
          |> get("/api/pleroma/healthcheck")
Haelwenn's avatar
Haelwenn committed
148
          |> json_response_and_validate_schema(503)
Maksim's avatar
Maksim committed
149 150 151 152 153 154 155 156 157 158

        assert %{
                 "active" => _,
                 "healthy" => false,
                 "idle" => _,
                 "memory_used" => _,
                 "pool_size" => _
               } = response
      end
    end
159
  end
160

minibikini's avatar
minibikini committed
161
  describe "POST /api/pleroma/disable_account" do
162
    setup do: oauth_access(["write:accounts"])
minibikini's avatar
minibikini committed
163

164
    test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
minibikini's avatar
minibikini committed
165 166
      response =
        conn
Haelwenn's avatar
Haelwenn committed
167 168
        |> post("/api/pleroma/disable_account?password=test")
        |> json_response_and_validate_schema(:ok)
minibikini's avatar
minibikini committed
169 170

      assert response == %{"status" => "success"}
171
      ObanHelpers.perform_all()
minibikini's avatar
minibikini committed
172 173 174

      user = User.get_cached_by_id(user.id)

175
      refute user.is_active
minibikini's avatar
minibikini committed
176
    end
Maksim's avatar
Maksim committed
177

178
    test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
Maksim's avatar
Maksim committed
179 180 181 182
      user = insert(:user)

      response =
        conn
Haelwenn's avatar
Haelwenn committed
183 184
        |> post("/api/pleroma/disable_account?password=test1")
        |> json_response_and_validate_schema(:ok)
Maksim's avatar
Maksim committed
185 186 187 188

      assert response == %{"error" => "Invalid password."}
      user = User.get_cached_by_id(user.id)

189
      assert user.is_active
Maksim's avatar
Maksim committed
190 191 192 193
    end
  end

  describe "POST /main/ostatus - remote_subscribe/2" do
194
    setup do: clear_config([:instance, :federating], true)
195

Maksim's avatar
Maksim committed
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
    test "renders subscribe form", %{conn: conn} do
      user = insert(:user)

      response =
        conn
        |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""})
        |> response(:ok)

      refute response =~ "Could not find user"
      assert response =~ "Remotely follow #{user.nickname}"
    end

    test "renders subscribe form with error when user not found", %{conn: conn} do
      response =
        conn
        |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""})
        |> response(:ok)

      assert response =~ "Could not find user"
      refute response =~ "Remotely follow"
    end

    test "it redirect to webfinger url", %{conn: conn} do
      user = insert(:user)
      user2 = insert(:user, ap_id: "shp@social.heldscal.la")

      conn =
        conn
        |> post("/main/ostatus", %{
          "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id}
        })

      assert redirected_to(conn) ==
               "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
    end

232
    test "it renders form with error when user not found", %{conn: conn} do
Maksim's avatar
Maksim committed
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254
      user2 = insert(:user, ap_id: "shp@social.heldscal.la")

      response =
        conn
        |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}})
        |> response(:ok)

      assert response =~ "Something went wrong."
    end
  end

  test "it returns new captcha", %{conn: conn} do
    with_mock Pleroma.Captcha,
      new: fn -> "test_captcha" end do
      resp =
        conn
        |> get("/api/pleroma/captcha")
        |> response(200)

      assert resp == "\"test_captcha\""
      assert called(Pleroma.Captcha.new())
    end
minibikini's avatar
minibikini committed
255
  end
minibikini's avatar
minibikini committed
256 257

  describe "POST /api/pleroma/change_email" do
258
    setup do: oauth_access(["write:accounts"])
minibikini's avatar
minibikini committed
259

260 261 262 263
    test "without permissions", %{conn: conn} do
      conn =
        conn
        |> assign(:token, nil)
Haelwenn's avatar
Haelwenn committed
264 265 266 267 268 269 270 271 272
        |> post(
          "/api/pleroma/change_email?#{
            URI.encode_query(%{password: "hi", email: "test@test.com"})
          }"
        )

      assert json_response_and_validate_schema(conn, 403) == %{
               "error" => "Insufficient permissions: write:accounts."
             }
minibikini's avatar
minibikini committed
273 274
    end

275
    test "with proper permissions and invalid password", %{conn: conn} do
minibikini's avatar
minibikini committed
276
      conn =
Haelwenn's avatar
Haelwenn committed
277 278 279 280 281 282 283 284
        post(
          conn,
          "/api/pleroma/change_email?#{
            URI.encode_query(%{password: "hi", email: "test@test.com"})
          }"
        )

      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
minibikini's avatar
minibikini committed
285 286
    end

287 288
    test "with proper permissions, valid password and invalid email", %{
      conn: conn
minibikini's avatar
minibikini committed
289 290
    } do
      conn =
Haelwenn's avatar
Haelwenn committed
291 292 293 294
        post(
          conn,
          "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: "foobar"})}"
        )
minibikini's avatar
minibikini committed
295

Haelwenn's avatar
Haelwenn committed
296 297 298
      assert json_response_and_validate_schema(conn, 200) == %{
               "error" => "Email has invalid format."
             }
minibikini's avatar
minibikini committed
299 300
    end

301 302
    test "with proper permissions, valid password and no email", %{
      conn: conn
minibikini's avatar
minibikini committed
303
    } do
Haelwenn's avatar
Haelwenn committed
304
      conn = post(conn, "/api/pleroma/change_email?#{URI.encode_query(%{password: "test"})}")
minibikini's avatar
minibikini committed
305

Haelwenn's avatar
Haelwenn committed
306
      assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
minibikini's avatar
minibikini committed
307 308
    end

309 310
    test "with proper permissions, valid password and blank email", %{
      conn: conn
minibikini's avatar
minibikini committed
311 312
    } do
      conn =
Haelwenn's avatar
Haelwenn committed
313 314 315 316
        post(
          conn,
          "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: ""})}"
        )
minibikini's avatar
minibikini committed
317

Haelwenn's avatar
Haelwenn committed
318
      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
minibikini's avatar
minibikini committed
319 320
    end

321 322
    test "with proper permissions, valid password and non unique email", %{
      conn: conn
minibikini's avatar
minibikini committed
323 324 325 326
    } do
      user = insert(:user)

      conn =
Haelwenn's avatar
Haelwenn committed
327 328 329 330
        post(
          conn,
          "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: user.email})}"
        )
minibikini's avatar
minibikini committed
331

Haelwenn's avatar
Haelwenn committed
332 333 334
      assert json_response_and_validate_schema(conn, 200) == %{
               "error" => "Email has already been taken."
             }
minibikini's avatar
minibikini committed
335 336
    end

337 338
    test "with proper permissions, valid password and valid email", %{
      conn: conn
minibikini's avatar
minibikini committed
339 340
    } do
      conn =
Haelwenn's avatar
Haelwenn committed
341 342 343 344 345 346 347 348
        post(
          conn,
          "/api/pleroma/change_email?#{
            URI.encode_query(%{password: "test", email: "cofe@foobar.com"})
          }"
        )

      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
minibikini's avatar
minibikini committed
349 350
    end
  end
351 352

  describe "POST /api/pleroma/change_password" do
353 354 355 356 357 358
    setup do: oauth_access(["write:accounts"])

    test "without permissions", %{conn: conn} do
      conn =
        conn
        |> assign(:token, nil)
359 360 361 362 363 364
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          "password" => "hi",
          "new_password" => "newpass",
          "new_password_confirmation" => "newpass"
        })
Haelwenn's avatar
Haelwenn committed
365 366 367 368

      assert json_response_and_validate_schema(conn, 403) == %{
               "error" => "Insufficient permissions: write:accounts."
             }
369 370
    end

371
    test "with proper permissions and invalid password", %{conn: conn} do
372
      conn =
373 374 375 376 377 378 379
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          "password" => "hi",
          "new_password" => "newpass",
          "new_password_confirmation" => "newpass"
        })
Haelwenn's avatar
Haelwenn committed
380 381

      assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
382 383
    end

384 385 386 387
    test "with proper permissions, valid password and new password and confirmation not matching",
         %{
           conn: conn
         } do
388
      conn =
389 390 391 392 393 394 395
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          "password" => "test",
          "new_password" => "newpass",
          "new_password_confirmation" => "notnewpass"
        })
Haelwenn's avatar
Haelwenn committed
396 397

      assert json_response_and_validate_schema(conn, 200) == %{
398 399 400 401
               "error" => "New password does not match confirmation."
             }
    end

402 403
    test "with proper permissions, valid password and invalid new password", %{
      conn: conn
404 405
    } do
      conn =
406 407 408 409 410 411 412
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/pleroma/change_password", %{
          password: "test",
          new_password: "",
          new_password_confirmation: ""
        })
Haelwenn's avatar
Haelwenn committed
413 414

      assert json_response_and_validate_schema(conn, 200) == %{
415 416 417 418
               "error" => "New password can't be blank."
             }
    end

419
    test "with proper permissions, valid password and matching new password and confirmation", %{
420
      conn: conn,
421
      user: user
422 423
    } do
      conn =
424 425 426 427 428 429 430 431 432
        conn
        |> put_req_header("content-type", "multipart/form-data")
        |> post(
          "/api/pleroma/change_password",
          %{
            password: "test",
            new_password: "newpass",
            new_password_confirmation: "newpass"
          }
Haelwenn's avatar
Haelwenn committed
433 434 435
        )

      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
436
      fetched_user = User.get_cached_by_id(user.id)
lain's avatar
lain committed
437
      assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
438 439 440 441
    end
  end

  describe "POST /api/pleroma/delete_account" do
442
    setup do: oauth_access(["write:accounts"])
443

444
    test "without permissions", %{conn: conn} do
445 446
      conn =
        conn
447 448
        |> assign(:token, nil)
        |> post("/api/pleroma/delete_account")
449

Haelwenn's avatar
Haelwenn committed
450
      assert json_response_and_validate_schema(conn, 403) ==
451
               %{"error" => "Insufficient permissions: write:accounts."}
452 453
    end

454 455 456 457
    test "with proper permissions and wrong or missing password", %{conn: conn} do
      for params <- [%{"password" => "hi"}, %{}] do
        ret_conn = post(conn, "/api/pleroma/delete_account", params)

Haelwenn's avatar
Haelwenn committed
458 459 460
        assert json_response_and_validate_schema(ret_conn, 200) == %{
                 "error" => "Invalid password."
               }
461 462 463
      end
    end

464
    test "with proper permissions and valid password", %{conn: conn, user: user} do
Haelwenn's avatar
Haelwenn committed
465
      conn = post(conn, "/api/pleroma/delete_account?password=test")
466
      ObanHelpers.perform_all()
Haelwenn's avatar
Haelwenn committed
467
      assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
468 469

      user = User.get_by_id(user.id)
470
      refute user.is_active
471
      assert user.name == nil
472
      assert user.bio == ""
473
      assert user.password_hash == nil
474 475
    end
  end
476
end