logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

update_credentials_test.exs (18520B)

    

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do

  6.   alias Pleroma.Repo

  7.   alias Pleroma.User

  8. 

  9.   use Pleroma.Web.ConnCase

  10. 

  11.   import Mock

  12.   import Pleroma.Factory

  13. 

  14.   setup do: clear_config([:instance, :max_account_fields])

  15. 

  16.   describe "updating credentials" do

  17.     setup do: oauth_access(["write:accounts"])

  18.     setup :request_content_type

  19. 

  20.     test "sets user settings in a generic way", %{conn: conn} do

  21.       res_conn =

  22.         patch(conn, "/api/v1/accounts/update_credentials", %{

  23.           "pleroma_settings_store" => %{

  24.             pleroma_fe: %{

  25.               theme: "bla"

  26.             }

  27.           }

  28.         })

  29. 

  30.       assert user_data = json_response_and_validate_schema(res_conn, 200)

  31.       assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}

  32. 

  33.       user = Repo.get(User, user_data["id"])

  34. 

  35.       res_conn =

  36.         conn

  37.         |> assign(:user, user)

  38.         |> patch("/api/v1/accounts/update_credentials", %{

  39.           "pleroma_settings_store" => %{

  40.             masto_fe: %{

  41.               theme: "bla"

  42.             }

  43.           }

  44.         })

  45. 

  46.       assert user_data = json_response_and_validate_schema(res_conn, 200)

  47. 

  48.       assert user_data["pleroma"]["settings_store"] ==

  49.                %{

  50.                  "pleroma_fe" => %{"theme" => "bla"},

  51.                  "masto_fe" => %{"theme" => "bla"}

  52.                }

  53. 

  54.       user = Repo.get(User, user_data["id"])

  55. 

  56.       clear_config([:instance, :federating], true)

  57. 

  58.       with_mock Pleroma.Web.Federator,

  59.         publish: fn _activity -> :ok end do

  60.         res_conn =

  61.           conn

  62.           |> assign(:user, user)

  63.           |> patch("/api/v1/accounts/update_credentials", %{

  64.             "pleroma_settings_store" => %{

  65.               masto_fe: %{

  66.                 theme: "blub"

  67.               }

  68.             }

  69.           })

  70. 

  71.         assert user_data = json_response_and_validate_schema(res_conn, 200)

  72. 

  73.         assert user_data["pleroma"]["settings_store"] ==

  74.                  %{

  75.                    "pleroma_fe" => %{"theme" => "bla"},

  76.                    "masto_fe" => %{"theme" => "blub"}

  77.                  }

  78. 

  79.         assert_called(Pleroma.Web.Federator.publish(:_))

  80.       end

  81.     end

  82. 

  83.     test "updates the user's bio", %{conn: conn} do

  84.       user2 = insert(:user)

  85. 

  86.       raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."

  87. 

  88.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})

  89. 

  90.       assert user_data = json_response_and_validate_schema(conn, 200)

  91. 

  92.       assert user_data["note"] ==

  93.                ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{

  94.                  user2.id

  95.                }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)

  96. 

  97.       assert user_data["source"]["note"] == raw_bio

  98. 

  99.       user = Repo.get(User, user_data["id"])

  100. 

  101.       assert user.raw_bio == raw_bio

  102.     end

  103. 

  104.     test "updates the user's locking status", %{conn: conn} do

  105.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})

  106. 

  107.       assert user_data = json_response_and_validate_schema(conn, 200)

  108.       assert user_data["locked"] == true

  109.     end

  110. 

  111.     test "updates the user's chat acceptance status", %{conn: conn} do

  112.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})

  113. 

  114.       assert user_data = json_response_and_validate_schema(conn, 200)

  115.       assert user_data["pleroma"]["accepts_chat_messages"] == false

  116.     end

  117. 

  118.     test "updates the user's allow_following_move", %{user: user, conn: conn} do

  119.       assert user.allow_following_move == true

  120. 

  121.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})

  122. 

  123.       assert refresh_record(user).allow_following_move == false

  124.       assert user_data = json_response_and_validate_schema(conn, 200)

  125.       assert user_data["pleroma"]["allow_following_move"] == false

  126.     end

  127. 

  128.     test "updates the user's default scope", %{conn: conn} do

  129.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})

  130. 

  131.       assert user_data = json_response_and_validate_schema(conn, 200)

  132.       assert user_data["source"]["privacy"] == "unlisted"

  133.     end

  134. 

  135.     test "updates the user's privacy", %{conn: conn} do

  136.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})

  137. 

  138.       assert user_data = json_response_and_validate_schema(conn, 200)

  139.       assert user_data["source"]["privacy"] == "unlisted"

  140.     end

  141. 

  142.     test "updates the user's hide_followers status", %{conn: conn} do

  143.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})

  144. 

  145.       assert user_data = json_response_and_validate_schema(conn, 200)

  146.       assert user_data["pleroma"]["hide_followers"] == true

  147.     end

  148. 

  149.     test "updates the user's discoverable status", %{conn: conn} do

  150.       assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =

  151.                conn

  152.                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})

  153.                |> json_response_and_validate_schema(:ok)

  154. 

  155.       assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =

  156.                conn

  157.                |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})

  158.                |> json_response_and_validate_schema(:ok)

  159.     end

  160. 

  161.     test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do

  162.       conn =

  163.         patch(conn, "/api/v1/accounts/update_credentials", %{

  164.           hide_followers_count: "true",

  165.           hide_follows_count: "true"

  166.         })

  167. 

  168.       assert user_data = json_response_and_validate_schema(conn, 200)

  169.       assert user_data["pleroma"]["hide_followers_count"] == true

  170.       assert user_data["pleroma"]["hide_follows_count"] == true

  171.     end

  172. 

  173.     test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do

  174.       response =

  175.         conn

  176.         |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})

  177.         |> json_response_and_validate_schema(200)

  178. 

  179.       assert response["pleroma"]["skip_thread_containment"] == true

  180.       assert refresh_record(user).skip_thread_containment

  181.     end

  182. 

  183.     test "updates the user's hide_follows status", %{conn: conn} do

  184.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})

  185. 

  186.       assert user_data = json_response_and_validate_schema(conn, 200)

  187.       assert user_data["pleroma"]["hide_follows"] == true

  188.     end

  189. 

  190.     test "updates the user's hide_favorites status", %{conn: conn} do

  191.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})

  192. 

  193.       assert user_data = json_response_and_validate_schema(conn, 200)

  194.       assert user_data["pleroma"]["hide_favorites"] == true

  195.     end

  196. 

  197.     test "updates the user's show_role status", %{conn: conn} do

  198.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})

  199. 

  200.       assert user_data = json_response_and_validate_schema(conn, 200)

  201.       assert user_data["source"]["pleroma"]["show_role"] == false

  202.     end

  203. 

  204.     test "updates the user's no_rich_text status", %{conn: conn} do

  205.       conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})

  206. 

  207.       assert user_data = json_response_and_validate_schema(conn, 200)

  208.       assert user_data["source"]["pleroma"]["no_rich_text"] == true

  209.     end

  210. 

  211.     test "updates the user's name", %{conn: conn} do

  212.       conn =

  213.         patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})

  214. 

  215.       assert user_data = json_response_and_validate_schema(conn, 200)

  216.       assert user_data["display_name"] == "markorepairs"

  217. 

  218.       update_activity = Repo.one(Pleroma.Activity)

  219.       assert update_activity.data["type"] == "Update"

  220.       assert update_activity.data["object"]["name"] == "markorepairs"

  221.     end

  222. 

  223.     test "updates the user's avatar", %{user: user, conn: conn} do

  224.       new_avatar = %Plug.Upload{

  225.         content_type: "image/jpg",

  226.         path: Path.absname("test/fixtures/image.jpg"),

  227.         filename: "an_image.jpg"

  228.       }

  229. 

  230.       assert user.avatar == %{}

  231. 

  232.       res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})

  233. 

  234.       assert user_response = json_response_and_validate_schema(res, 200)

  235.       assert user_response["avatar"] != User.avatar_url(user)

  236. 

  237.       user = User.get_by_id(user.id)

  238.       refute user.avatar == %{}

  239. 

  240.       # Also resets it

  241.       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})

  242. 

  243.       user = User.get_by_id(user.id)

  244.       assert user.avatar == nil

  245.     end

  246. 

  247.     test "updates the user's banner", %{user: user, conn: conn} do

  248.       new_header = %Plug.Upload{

  249.         content_type: "image/jpg",

  250.         path: Path.absname("test/fixtures/image.jpg"),

  251.         filename: "an_image.jpg"

  252.       }

  253. 

  254.       res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})

  255. 

  256.       assert user_response = json_response_and_validate_schema(res, 200)

  257.       assert user_response["header"] != User.banner_url(user)

  258. 

  259.       # Also resets it

  260.       _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})

  261. 

  262.       user = User.get_by_id(user.id)

  263.       assert user.banner == nil

  264.     end

  265. 

  266.     test "updates the user's background", %{conn: conn, user: user} do

  267.       new_header = %Plug.Upload{

  268.         content_type: "image/jpg",

  269.         path: Path.absname("test/fixtures/image.jpg"),

  270.         filename: "an_image.jpg"

  271.       }

  272. 

  273.       res =

  274.         patch(conn, "/api/v1/accounts/update_credentials", %{

  275.           "pleroma_background_image" => new_header

  276.         })

  277. 

  278.       assert user_response = json_response_and_validate_schema(res, 200)

  279.       assert user_response["pleroma"]["background_image"]

  280.       #

  281.       # Also resets it

  282.       _res =

  283.         patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})

  284. 

  285.       user = User.get_by_id(user.id)

  286.       assert user.background == nil

  287.     end

  288. 

  289.     test "requires 'write:accounts' permission" do

  290.       token1 = insert(:oauth_token, scopes: ["read"])

  291.       token2 = insert(:oauth_token, scopes: ["write", "follow"])

  292. 

  293.       for token <- [token1, token2] do

  294.         conn =

  295.           build_conn()

  296.           |> put_req_header("content-type", "multipart/form-data")

  297.           |> put_req_header("authorization", "Bearer #{token.token}")

  298.           |> patch("/api/v1/accounts/update_credentials", %{})

  299. 

  300.         if token == token1 do

  301.           assert %{"error" => "Insufficient permissions: write:accounts."} ==

  302.                    json_response_and_validate_schema(conn, 403)

  303.         else

  304.           assert json_response_and_validate_schema(conn, 200)

  305.         end

  306.       end

  307.     end

  308. 

  309.     test "updates profile emojos", %{user: user, conn: conn} do

  310.       note = "*sips :blank:*"

  311.       name = "I am :firefox:"

  312. 

  313.       ret_conn =

  314.         patch(conn, "/api/v1/accounts/update_credentials", %{

  315.           "note" => note,

  316.           "display_name" => name

  317.         })

  318. 

  319.       assert json_response_and_validate_schema(ret_conn, 200)

  320. 

  321.       conn = get(conn, "/api/v1/accounts/#{user.id}")

  322. 

  323.       assert user_data = json_response_and_validate_schema(conn, 200)

  324. 

  325.       assert user_data["note"] == note

  326.       assert user_data["display_name"] == name

  327.       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]

  328.     end

  329. 

  330.     test "update fields", %{conn: conn} do

  331.       fields = [

  332.         %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},

  333.         %{"name" => "link.io", "value" => "http://cofe.io"}

  334.       ]

  335. 

  336.       account_data =

  337.         conn

  338.         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})

  339.         |> json_response_and_validate_schema(200)

  340. 

  341.       assert account_data["fields"] == [

  342.                %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},

  343.                %{

  344.                  "name" => "link.io",

  345.                  "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)

  346.                }

  347.              ]

  348. 

  349.       assert account_data["source"]["fields"] == [

  350.                %{

  351.                  "name" => "<a href=\"http://google.com\">foo</a>",

  352.                  "value" => "<script>bar</script>"

  353.                },

  354.                %{"name" => "link.io", "value" => "http://cofe.io"}

  355.              ]

  356.     end

  357. 

  358.     test "emojis in fields labels", %{conn: conn} do

  359.       fields = [

  360.         %{"name" => ":firefox:", "value" => "is best 2hu"},

  361.         %{"name" => "they wins", "value" => ":blank:"}

  362.       ]

  363. 

  364.       account_data =

  365.         conn

  366.         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})

  367.         |> json_response_and_validate_schema(200)

  368. 

  369.       assert account_data["fields"] == [

  370.                %{"name" => ":firefox:", "value" => "is best 2hu"},

  371.                %{"name" => "they wins", "value" => ":blank:"}

  372.              ]

  373. 

  374.       assert account_data["source"]["fields"] == [

  375.                %{"name" => ":firefox:", "value" => "is best 2hu"},

  376.                %{"name" => "they wins", "value" => ":blank:"}

  377.              ]

  378. 

  379.       assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]

  380.     end

  381. 

  382.     test "update fields via x-www-form-urlencoded", %{conn: conn} do

  383.       fields =

  384.         [

  385.           "fields_attributes[1][name]=link",

  386.           "fields_attributes[1][value]=http://cofe.io",

  387.           "fields_attributes[0][name]=foo",

  388.           "fields_attributes[0][value]=bar"

  389.         ]

  390.         |> Enum.join("&")

  391. 

  392.       account =

  393.         conn

  394.         |> put_req_header("content-type", "application/x-www-form-urlencoded")

  395.         |> patch("/api/v1/accounts/update_credentials", fields)

  396.         |> json_response_and_validate_schema(200)

  397. 

  398.       assert account["fields"] == [

  399.                %{"name" => "foo", "value" => "bar"},

  400.                %{

  401.                  "name" => "link",

  402.                  "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)

  403.                }

  404.              ]

  405. 

  406.       assert account["source"]["fields"] == [

  407.                %{"name" => "foo", "value" => "bar"},

  408.                %{"name" => "link", "value" => "http://cofe.io"}

  409.              ]

  410.     end

  411. 

  412.     test "update fields with empty name", %{conn: conn} do

  413.       fields = [

  414.         %{"name" => "foo", "value" => ""},

  415.         %{"name" => "", "value" => "bar"}

  416.       ]

  417. 

  418.       account =

  419.         conn

  420.         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})

  421.         |> json_response_and_validate_schema(200)

  422. 

  423.       assert account["fields"] == [

  424.                %{"name" => "foo", "value" => ""}

  425.              ]

  426.     end

  427. 

  428.     test "update fields when invalid request", %{conn: conn} do

  429.       name_limit = Pleroma.Config.get([:instance, :account_field_name_length])

  430.       value_limit = Pleroma.Config.get([:instance, :account_field_value_length])

  431. 

  432.       long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()

  433.       long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()

  434. 

  435.       fields = [%{"name" => "foo", "value" => long_value}]

  436. 

  437.       assert %{"error" => "Invalid request"} ==

  438.                conn

  439.                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})

  440.                |> json_response_and_validate_schema(403)

  441. 

  442.       fields = [%{"name" => long_name, "value" => "bar"}]

  443. 

  444.       assert %{"error" => "Invalid request"} ==

  445.                conn

  446.                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})

  447.                |> json_response_and_validate_schema(403)

  448. 

  449.       Pleroma.Config.put([:instance, :max_account_fields], 1)

  450. 

  451.       fields = [

  452.         %{"name" => "foo", "value" => "bar"},

  453.         %{"name" => "link", "value" => "http://cofe.io"}

  454.       ]

  455. 

  456.       assert %{"error" => "Invalid request"} ==

  457.                conn

  458.                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})

  459.                |> json_response_and_validate_schema(403)

  460.     end

  461.   end

  462. 

  463.   describe "Mark account as bot" do

  464.     setup do: oauth_access(["write:accounts"])

  465.     setup :request_content_type

  466. 

  467.     test "changing actor_type to Service makes account a bot", %{conn: conn} do

  468.       account =

  469.         conn

  470.         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})

  471.         |> json_response_and_validate_schema(200)

  472. 

  473.       assert account["bot"]

  474.       assert account["source"]["pleroma"]["actor_type"] == "Service"

  475.     end

  476. 

  477.     test "changing actor_type to Person makes account a human", %{conn: conn} do

  478.       account =

  479.         conn

  480.         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})

  481.         |> json_response_and_validate_schema(200)

  482. 

  483.       refute account["bot"]

  484.       assert account["source"]["pleroma"]["actor_type"] == "Person"

  485.     end

  486. 

  487.     test "changing actor_type to Application causes error", %{conn: conn} do

  488.       response =

  489.         conn

  490.         |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})

  491.         |> json_response_and_validate_schema(403)

  492. 

  493.       assert %{"error" => "Invalid request"} == response

  494.     end

  495. 

  496.     test "changing bot field to true changes actor_type to Service", %{conn: conn} do

  497.       account =

  498.         conn

  499.         |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})

  500.         |> json_response_and_validate_schema(200)

  501. 

  502.       assert account["bot"]

  503.       assert account["source"]["pleroma"]["actor_type"] == "Service"

  504.     end

  505. 

  506.     test "changing bot field to false changes actor_type to Person", %{conn: conn} do

  507.       account =

  508.         conn

  509.         |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})

  510.         |> json_response_and_validate_schema(200)

  511. 

  512.       refute account["bot"]

  513.       assert account["source"]["pleroma"]["actor_type"] == "Person"

  514.     end

  515. 

  516.     test "actor_type field has a higher priority than bot", %{conn: conn} do

  517.       account =

  518.         conn

  519.         |> patch("/api/v1/accounts/update_credentials", %{

  520.           actor_type: "Person",

  521.           bot: "true"

  522.         })

  523.         |> json_response_and_validate_schema(200)

  524. 

  525.       refute account["bot"]

  526.       assert account["source"]["pleroma"]["actor_type"] == "Person"

  527.     end

  528.   end

  529. end