logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

report_controller_test.exs (17186B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
  6.   use Pleroma.Web.ConnCase, async: false
  8.   import Pleroma.Factory
  10.   alias Pleroma.Activity
  11.   alias Pleroma.ModerationLog
  12.   alias Pleroma.Repo
  13.   alias Pleroma.ReportNote
  14.   alias Pleroma.Rule
  15.   alias Pleroma.Web.CommonAPI
  17.   setup do
  18.     admin = insert(:user, is_admin: true)
  19.     token = insert(:oauth_admin_token, user: admin)
  21.     conn =
  22.       build_conn()
  23.       |> assign(:user, admin)
  24.       |> assign(:token, token)
  26.     {:ok, %{admin: admin, token: token, conn: conn}}
  27.   end
  29.   describe "GET /api/pleroma/admin/reports/:id" do
  30.     setup do
  31.       clear_config([:instance, :admin_privileges], [:reports_manage_reports])
  32.     end
  34.     test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
  35.       clear_config([:instance, :admin_privileges], [])
  37.       conn =
  38.         conn
  39.         |> get("/api/pleroma/admin/reports/report_id")
  41.       assert json_response(conn, :forbidden)
  42.     end
  44.     test "returns report by its id", %{conn: conn} do
  45.       [reporter, target_user] = insert_pair(:user)
  46.       activity = insert(:note_activity, user: target_user)
  48.       {:ok, %{id: report_id}} =
  49.         CommonAPI.report(reporter, %{
  50.           account_id: target_user.id,
  51.           comment: "I feel offended",
  52.           status_ids: [activity.id]
  53.         })
  55.       conn
  56.       |> put_req_header("content-type", "application/json")
  57.       |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
  58.         content: "this is an admin note"
  59.       })
  61.       response =
  62.         conn
  63.         |> get("/api/pleroma/admin/reports/#{report_id}")
  64.         |> json_response_and_validate_schema(:ok)
  66.       assert response["id"] == report_id
  68.       [notes] = response["notes"]
  69.       assert notes["content"] == "this is an admin note"
  70.     end
  72.     test "renders reported content even if the status is deleted", %{conn: conn} do
  73.       [reporter, target_user] = insert_pair(:user)
  74.       activity = insert(:note_activity, user: target_user)
  75.       activity = Activity.normalize(activity)
  77.       {:ok, %{id: report_id}} =
  78.         CommonAPI.report(reporter, %{
  79.           account_id: target_user.id,
  80.           comment: "I feel offended",
  81.           status_ids: [activity.id]
  82.         })
  84.       CommonAPI.delete(activity.id, target_user)
  86.       response =
  87.         conn
  88.         |> get("/api/pleroma/admin/reports/#{report_id}")
  89.         |> json_response_and_validate_schema(:ok)
  91.       assert response["id"] == report_id
  93.       assert [status] = response["statuses"]
  94.       assert activity.object.data["id"] == status["uri"]
  95.       assert activity.object.data["content"] == status["content"]
  96.     end
  98.     test "returns 404 when report id is invalid", %{conn: conn} do
  99.       conn = get(conn, "/api/pleroma/admin/reports/test")
  101.       assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
  102.     end
  103.   end
  105.   describe "PATCH /api/pleroma/admin/reports" do
  106.     setup do
  107.       clear_config([:instance, :admin_privileges], [:reports_manage_reports])
  109.       [reporter, target_user] = insert_pair(:user)
  110.       activity = insert(:note_activity, user: target_user)
  112.       {:ok, %{id: report_id}} =
  113.         CommonAPI.report(reporter, %{
  114.           account_id: target_user.id,
  115.           comment: "I feel offended",
  116.           status_ids: [activity.id]
  117.         })
  119.       {:ok, %{id: second_report_id}} =
  120.         CommonAPI.report(reporter, %{
  121.           account_id: target_user.id,
  122.           comment: "I feel very offended",
  123.           status_ids: [activity.id]
  124.         })
  126.       %{
  127.         reporter: reporter,
  128.         id: report_id,
  129.         second_report_id: second_report_id
  130.       }
  131.     end
  133.     test "returns 403 if not privileged with :reports_manage_reports", %{
  134.       conn: conn,
  135.       id: id,
  136.       admin: admin
  137.     } do
  138.       clear_config([:instance, :admin_privileges], [])
  140.       conn =
  141.         conn
  142.         |> assign(:token, insert(:oauth_token, user: admin, scopes: ["admin:write:reports"]))
  143.         |> put_req_header("content-type", "application/json")
  144.         |> patch("/api/pleroma/admin/reports", %{
  145.           "reports" => [%{"state" => "resolved", "id" => id}]
  146.         })
  148.       assert json_response(conn, :forbidden)
  149.     end
  151.     test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
  152.       read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
  153.       write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
  155.       response =
  156.         conn
  157.         |> assign(:token, read_token)
  158.         |> put_req_header("content-type", "application/json")
  159.         |> patch("/api/pleroma/admin/reports", %{
  160.           "reports" => [%{"state" => "resolved", "id" => id}]
  161.         })
  162.         |> json_response_and_validate_schema(403)
  164.       assert response == %{
  165.                "error" => "Insufficient permissions: admin:write:reports."
  166.              }
  168.       conn
  169.       |> assign(:token, write_token)
  170.       |> put_req_header("content-type", "application/json")
  171.       |> patch("/api/pleroma/admin/reports", %{
  172.         "reports" => [%{"state" => "resolved", "id" => id}]
  173.       })
  174.       |> json_response_and_validate_schema(:no_content)
  175.     end
  177.     test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
  178.       conn
  179.       |> put_req_header("content-type", "application/json")
  180.       |> patch("/api/pleroma/admin/reports", %{
  181.         "reports" => [
  182.           %{"state" => "resolved", "id" => id}
  183.         ]
  184.       })
  185.       |> json_response_and_validate_schema(:no_content)
  187.       activity = Activity.get_by_id_with_user_actor(id)
  188.       assert activity.data["state"] == "resolved"
  190.       log_entry = Repo.one(ModerationLog)
  192.       assert ModerationLog.get_log_entry_message(log_entry) ==
  193.                "@#{admin.nickname} updated report ##{id} (on user @#{activity.user_actor.nickname}) with 'resolved' state"
  194.     end
  196.     test "closes report", %{conn: conn, id: id, admin: admin} do
  197.       conn
  198.       |> put_req_header("content-type", "application/json")
  199.       |> patch("/api/pleroma/admin/reports", %{
  200.         "reports" => [
  201.           %{"state" => "closed", "id" => id}
  202.         ]
  203.       })
  204.       |> json_response_and_validate_schema(:no_content)
  206.       activity = Activity.get_by_id_with_user_actor(id)
  207.       assert activity.data["state"] == "closed"
  209.       log_entry = Repo.one(ModerationLog)
  211.       assert ModerationLog.get_log_entry_message(log_entry) ==
  212.                "@#{admin.nickname} updated report ##{id} (on user @#{activity.user_actor.nickname}) with 'closed' state"
  213.     end
  215.     test "returns 400 when state is unknown", %{conn: conn, id: id} do
  216.       conn =
  217.         conn
  218.         |> put_req_header("content-type", "application/json")
  219.         |> patch("/api/pleroma/admin/reports", %{
  220.           "reports" => [
  221.             %{"state" => "test", "id" => id}
  222.           ]
  223.         })
  225.       assert "Unsupported state" =
  226.                hd(json_response_and_validate_schema(conn, :bad_request))["error"]
  227.     end
  229.     test "returns 404 when report is not exist", %{conn: conn} do
  230.       conn =
  231.         conn
  232.         |> put_req_header("content-type", "application/json")
  233.         |> patch("/api/pleroma/admin/reports", %{
  234.           "reports" => [
  235.             %{"state" => "closed", "id" => "test"}
  236.           ]
  237.         })
  239.       assert hd(json_response_and_validate_schema(conn, :bad_request))["error"] == "not_found"
  240.     end
  242.     test "updates state of multiple reports", %{
  243.       conn: conn,
  244.       id: id,
  245.       admin: admin,
  246.       second_report_id: second_report_id
  247.     } do
  248.       conn
  249.       |> put_req_header("content-type", "application/json")
  250.       |> patch("/api/pleroma/admin/reports", %{
  251.         "reports" => [
  252.           %{"state" => "resolved", "id" => id},
  253.           %{"state" => "closed", "id" => second_report_id}
  254.         ]
  255.       })
  256.       |> json_response_and_validate_schema(:no_content)
  258.       activity = Activity.get_by_id_with_user_actor(id)
  259.       second_activity = Activity.get_by_id_with_user_actor(second_report_id)
  260.       assert activity.data["state"] == "resolved"
  261.       assert second_activity.data["state"] == "closed"
  263.       [first_log_entry, second_log_entry] = Repo.all(ModerationLog)
  265.       assert ModerationLog.get_log_entry_message(first_log_entry) ==
  266.                "@#{admin.nickname} updated report ##{id} (on user @#{activity.user_actor.nickname}) with 'resolved' state"
  268.       assert ModerationLog.get_log_entry_message(second_log_entry) ==
  269.                "@#{admin.nickname} updated report ##{second_report_id} (on user @#{second_activity.user_actor.nickname}) with 'closed' state"
  270.     end
  272.     test "works if reporter is deactivated", %{
  273.       conn: conn,
  274.       id: id,
  275.       reporter: reporter
  276.     } do
  277.       Pleroma.User.set_activation(reporter, false)
  279.       conn
  280.       |> put_req_header("content-type", "application/json")
  281.       |> patch("/api/pleroma/admin/reports", %{
  282.         "reports" => [
  283.           %{"state" => "resolved", "id" => id}
  284.         ]
  285.       })
  286.       |> json_response_and_validate_schema(:no_content)
  288.       activity = Activity.get_by_id_with_user_actor(id)
  289.       assert activity.data["state"] == "resolved"
  290.     end
  291.   end
  293.   describe "GET /api/pleroma/admin/reports" do
  294.     setup do
  295.       clear_config([:instance, :admin_privileges], [:reports_manage_reports])
  296.     end
  298.     test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
  299.       clear_config([:instance, :admin_privileges], [])
  301.       conn =
  302.         conn
  303.         |> get(report_path(conn, :index))
  305.       assert json_response(conn, :forbidden)
  306.     end
  308.     test "returns empty response when no reports created", %{conn: conn} do
  309.       response =
  310.         conn
  311.         |> get(report_path(conn, :index))
  312.         |> json_response_and_validate_schema(:ok)
  314.       assert Enum.empty?(response["reports"])
  315.       assert response["total"] == 0
  316.     end
  318.     test "returns reports", %{conn: conn} do
  319.       [reporter, target_user] = insert_pair(:user)
  320.       activity = insert(:note_activity, user: target_user)
  322.       {:ok, %{id: report_id}} =
  323.         CommonAPI.report(reporter, %{
  324.           account_id: target_user.id,
  325.           comment: "I feel offended",
  326.           status_ids: [activity.id]
  327.         })
  329.       response =
  330.         conn
  331.         |> get(report_path(conn, :index))
  332.         |> json_response_and_validate_schema(:ok)
  334.       [report] = response["reports"]
  336.       assert length(response["reports"]) == 1
  337.       assert report["id"] == report_id
  339.       assert response["total"] == 1
  340.     end
  342.     test "returns reports with specified state", %{conn: conn} do
  343.       [reporter, target_user] = insert_pair(:user)
  344.       activity = insert(:note_activity, user: target_user)
  346.       {:ok, %{id: first_report_id}} =
  347.         CommonAPI.report(reporter, %{
  348.           account_id: target_user.id,
  349.           comment: "I feel offended",
  350.           status_ids: [activity.id]
  351.         })
  353.       {:ok, %{id: second_report_id}} =
  354.         CommonAPI.report(reporter, %{
  355.           account_id: target_user.id,
  356.           comment: "I don't like this user"
  357.         })
  359.       CommonAPI.update_report_state(second_report_id, "closed")
  361.       response =
  362.         conn
  363.         |> get(report_path(conn, :index, %{state: "open"}))
  364.         |> json_response_and_validate_schema(:ok)
  366.       assert [open_report] = response["reports"]
  368.       assert length(response["reports"]) == 1
  369.       assert open_report["id"] == first_report_id
  371.       assert response["total"] == 1
  373.       response =
  374.         conn
  375.         |> get(report_path(conn, :index, %{state: "closed"}))
  376.         |> json_response_and_validate_schema(:ok)
  378.       assert [closed_report] = response["reports"]
  380.       assert length(response["reports"]) == 1
  381.       assert closed_report["id"] == second_report_id
  383.       assert response["total"] == 1
  385.       assert %{"total" => 0, "reports" => []} ==
  386.                conn
  387.                |> get(report_path(conn, :index, %{state: "resolved"}))
  388.                |> json_response_and_validate_schema(:ok)
  389.     end
  391.     test "renders content correctly", %{conn: conn} do
  392.       [reporter, target_user] = insert_pair(:user)
  393.       note = insert(:note, user: target_user, data: %{"content" => "mew 1"})
  394.       note2 = insert(:note, user: target_user, data: %{"content" => "mew 2"})
  395.       activity = insert(:note_activity, user: target_user, note: note)
  396.       activity2 = insert(:note_activity, user: target_user, note: note2)
  398.       {:ok, _report} =
  399.         CommonAPI.report(reporter, %{
  400.           account_id: target_user.id,
  401.           comment: "I feel offended",
  402.           status_ids: [activity.id, activity2.id]
  403.         })
  405.       CommonAPI.delete(activity.id, target_user)
  406.       CommonAPI.delete(activity2.id, target_user)
  408.       response =
  409.         conn
  410.         |> get(report_path(conn, :index))
  411.         |> json_response_and_validate_schema(:ok)
  413.       assert [open_report] = response["reports"]
  414.       assert %{"statuses" => [s1, s2]} = open_report
  415.       assert "mew 1" in [s1["content"], s2["content"]]
  416.       assert "mew 2" in [s1["content"], s2["content"]]
  417.     end
  419.     test "returns 403 when requested by a non-admin" do
  420.       user = insert(:user)
  421.       token = insert(:oauth_token, user: user)
  423.       conn =
  424.         build_conn()
  425.         |> assign(:user, user)
  426.         |> assign(:token, token)
  427.         |> get("/api/pleroma/admin/reports")
  429.       assert json_response(conn, :forbidden) ==
  430.                %{"error" => "User is not a staff member."}
  431.     end
  433.     test "returns 403 when requested by anonymous" do
  434.       conn = get(build_conn(), "/api/pleroma/admin/reports")
  436.       assert json_response(conn, :forbidden) == %{
  437.                "error" => "Invalid credentials."
  438.              }
  439.     end
  441.     test "returns reports with specified role_id", %{conn: conn} do
  442.       [reporter, target_user] = insert_pair(:user)
  444.       %{id: rule_id} = Rule.create(%{text: "Example rule"})
  446.       rule_id = to_string(rule_id)
  448.       {:ok, %{id: report_id}} =
  449.         CommonAPI.report(reporter, %{
  450.           account_id: target_user.id,
  451.           comment: "",
  452.           rule_ids: [rule_id]
  453.         })
  455.       {:ok, _report} =
  456.         CommonAPI.report(reporter, %{
  457.           account_id: target_user.id,
  458.           comment: ""
  459.         })
  461.       response =
  462.         conn
  463.         |> get("/api/pleroma/admin/reports?rule_id=#{rule_id}")
  464.         |> json_response_and_validate_schema(:ok)
  466.       assert %{"reports" => [%{"id" => ^report_id}]} = response
  467.     end
  468.   end
  470.   describe "POST /api/pleroma/admin/reports/:id/notes" do
  471.     setup %{conn: conn, admin: admin} do
  472.       clear_config([:instance, :admin_privileges], [:reports_manage_reports])
  474.       [reporter, target_user] = insert_pair(:user)
  475.       activity = insert(:note_activity, user: target_user)
  477.       {:ok, %{id: report_id}} =
  478.         CommonAPI.report(reporter, %{
  479.           account_id: target_user.id,
  480.           comment: "I feel offended",
  481.           status_ids: [activity.id]
  482.         })
  484.       conn
  485.       |> put_req_header("content-type", "application/json")
  486.       |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
  487.         content: "this is disgusting!"
  488.       })
  490.       conn
  491.       |> put_req_header("content-type", "application/json")
  492.       |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
  493.         content: "this is disgusting2!"
  494.       })
  496.       %{
  497.         admin_id: admin.id,
  498.         report_id: report_id
  499.       }
  500.     end
  502.     test "returns 403 if not privileged with :reports_manage_reports", %{
  503.       conn: conn,
  504.       report_id: report_id
  505.     } do
  506.       clear_config([:instance, :admin_privileges], [])
  508.       post_conn =
  509.         conn
  510.         |> put_req_header("content-type", "application/json")
  511.         |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
  512.           content: "this is disgusting2!"
  513.         })
  515.       delete_conn = delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/note.id")
  517.       assert json_response(post_conn, :forbidden)
  518.       assert json_response(delete_conn, :forbidden)
  519.     end
  521.     test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
  522.       assert [note, _] = Repo.all(ReportNote)
  524.       assert %{
  525.                activity_id: ^report_id,
  526.                content: "this is disgusting!",
  527.                user_id: ^admin_id
  528.              } = note
  529.     end
  531.     test "it returns reports with notes", %{conn: conn, admin: admin} do
  532.       conn = get(conn, "/api/pleroma/admin/reports")
  534.       response = json_response_and_validate_schema(conn, 200)
  535.       notes = hd(response["reports"])["notes"]
  536.       [note, _] = notes
  538.       assert note["user"]["nickname"] == admin.nickname
  539.       # We use '=~' because the order of the notes isn't guaranteed
  540.       assert note["content"] =~ "this is disgusting"
  541.       assert note["created_at"]
  542.       assert response["total"] == 1
  543.     end
  545.     test "it deletes the note", %{conn: conn, report_id: report_id} do
  546.       assert ReportNote |> Repo.all() |> length() == 2
  547.       assert [note, _] = Repo.all(ReportNote)
  549.       delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
  551.       assert ReportNote |> Repo.all() |> length() == 1
  552.     end
  553.   end
  554. end