update_credentials_test.exs (11404B)
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
6 alias Pleroma.Repo
7 alias Pleroma.User
8
9 use Pleroma.Web.ConnCase
10
11 import Pleroma.Factory
12 clear_config([:instance, :max_account_fields])
13
14 describe "updating credentials" do
15 test "sets user settings in a generic way", %{conn: conn} do
16 user = insert(:user)
17
18 res_conn =
19 conn
20 |> assign(:user, user)
21 |> patch("/api/v1/accounts/update_credentials", %{
22 "pleroma_settings_store" => %{
23 pleroma_fe: %{
24 theme: "bla"
25 }
26 }
27 })
28
29 assert user = json_response(res_conn, 200)
30 assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
31
32 user = Repo.get(User, user["id"])
33
34 res_conn =
35 conn
36 |> assign(:user, user)
37 |> patch("/api/v1/accounts/update_credentials", %{
38 "pleroma_settings_store" => %{
39 masto_fe: %{
40 theme: "bla"
41 }
42 }
43 })
44
45 assert user = json_response(res_conn, 200)
46
47 assert user["pleroma"]["settings_store"] ==
48 %{
49 "pleroma_fe" => %{"theme" => "bla"},
50 "masto_fe" => %{"theme" => "bla"}
51 }
52
53 user = Repo.get(User, user["id"])
54
55 res_conn =
56 conn
57 |> assign(:user, user)
58 |> patch("/api/v1/accounts/update_credentials", %{
59 "pleroma_settings_store" => %{
60 masto_fe: %{
61 theme: "blub"
62 }
63 }
64 })
65
66 assert user = json_response(res_conn, 200)
67
68 assert user["pleroma"]["settings_store"] ==
69 %{
70 "pleroma_fe" => %{"theme" => "bla"},
71 "masto_fe" => %{"theme" => "blub"}
72 }
73 end
74
75 test "updates the user's bio", %{conn: conn} do
76 user = insert(:user)
77 user2 = insert(:user)
78
79 conn =
80 conn
81 |> assign(:user, user)
82 |> patch("/api/v1/accounts/update_credentials", %{
83 "note" => "I drink #cofe with @#{user2.nickname}"
84 })
85
86 assert user = json_response(conn, 200)
87
88 assert user["note"] ==
89 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe" rel="tag">#cofe</a> with <span class="h-card"><a data-user=") <>
90 user2.id <>
91 ~s(" class="u-url mention" href=") <>
92 user2.ap_id <> ~s(">@<span>) <> user2.nickname <> ~s(</span></a></span>)
93 end
94
95 test "updates the user's locking status", %{conn: conn} do
96 user = insert(:user)
97
98 conn =
99 conn
100 |> assign(:user, user)
101 |> patch("/api/v1/accounts/update_credentials", %{locked: "true"})
102
103 assert user = json_response(conn, 200)
104 assert user["locked"] == true
105 end
106
107 test "updates the user's default scope", %{conn: conn} do
108 user = insert(:user)
109
110 conn =
111 conn
112 |> assign(:user, user)
113 |> patch("/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
114
115 assert user = json_response(conn, 200)
116 assert user["source"]["privacy"] == "cofe"
117 end
118
119 test "updates the user's hide_followers status", %{conn: conn} do
120 user = insert(:user)
121
122 conn =
123 conn
124 |> assign(:user, user)
125 |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
126
127 assert user = json_response(conn, 200)
128 assert user["pleroma"]["hide_followers"] == true
129 end
130
131 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
132 user = insert(:user)
133
134 conn =
135 conn
136 |> assign(:user, user)
137 |> patch("/api/v1/accounts/update_credentials", %{
138 hide_followers_count: "true",
139 hide_follows_count: "true"
140 })
141
142 assert user = json_response(conn, 200)
143 assert user["pleroma"]["hide_followers_count"] == true
144 assert user["pleroma"]["hide_follows_count"] == true
145 end
146
147 test "updates the user's skip_thread_containment option", %{conn: conn} do
148 user = insert(:user)
149
150 response =
151 conn
152 |> assign(:user, user)
153 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
154 |> json_response(200)
155
156 assert response["pleroma"]["skip_thread_containment"] == true
157 assert refresh_record(user).info.skip_thread_containment
158 end
159
160 test "updates the user's hide_follows status", %{conn: conn} do
161 user = insert(:user)
162
163 conn =
164 conn
165 |> assign(:user, user)
166 |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
167
168 assert user = json_response(conn, 200)
169 assert user["pleroma"]["hide_follows"] == true
170 end
171
172 test "updates the user's hide_favorites status", %{conn: conn} do
173 user = insert(:user)
174
175 conn =
176 conn
177 |> assign(:user, user)
178 |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
179
180 assert user = json_response(conn, 200)
181 assert user["pleroma"]["hide_favorites"] == true
182 end
183
184 test "updates the user's show_role status", %{conn: conn} do
185 user = insert(:user)
186
187 conn =
188 conn
189 |> assign(:user, user)
190 |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
191
192 assert user = json_response(conn, 200)
193 assert user["source"]["pleroma"]["show_role"] == false
194 end
195
196 test "updates the user's no_rich_text status", %{conn: conn} do
197 user = insert(:user)
198
199 conn =
200 conn
201 |> assign(:user, user)
202 |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
203
204 assert user = json_response(conn, 200)
205 assert user["source"]["pleroma"]["no_rich_text"] == true
206 end
207
208 test "updates the user's name", %{conn: conn} do
209 user = insert(:user)
210
211 conn =
212 conn
213 |> assign(:user, user)
214 |> patch("/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
215
216 assert user = json_response(conn, 200)
217 assert user["display_name"] == "markorepairs"
218 end
219
220 test "updates the user's avatar", %{conn: conn} do
221 user = insert(:user)
222
223 new_avatar = %Plug.Upload{
224 content_type: "image/jpg",
225 path: Path.absname("test/fixtures/image.jpg"),
226 filename: "an_image.jpg"
227 }
228
229 conn =
230 conn
231 |> assign(:user, user)
232 |> patch("/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
233
234 assert user_response = json_response(conn, 200)
235 assert user_response["avatar"] != User.avatar_url(user)
236 end
237
238 test "updates the user's banner", %{conn: conn} do
239 user = insert(:user)
240
241 new_header = %Plug.Upload{
242 content_type: "image/jpg",
243 path: Path.absname("test/fixtures/image.jpg"),
244 filename: "an_image.jpg"
245 }
246
247 conn =
248 conn
249 |> assign(:user, user)
250 |> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
251
252 assert user_response = json_response(conn, 200)
253 assert user_response["header"] != User.banner_url(user)
254 end
255
256 test "updates the user's background", %{conn: conn} do
257 user = insert(:user)
258
259 new_header = %Plug.Upload{
260 content_type: "image/jpg",
261 path: Path.absname("test/fixtures/image.jpg"),
262 filename: "an_image.jpg"
263 }
264
265 conn =
266 conn
267 |> assign(:user, user)
268 |> patch("/api/v1/accounts/update_credentials", %{
269 "pleroma_background_image" => new_header
270 })
271
272 assert user_response = json_response(conn, 200)
273 assert user_response["pleroma"]["background_image"]
274 end
275
276 test "requires 'write' permission", %{conn: conn} do
277 token1 = insert(:oauth_token, scopes: ["read"])
278 token2 = insert(:oauth_token, scopes: ["write", "follow"])
279
280 for token <- [token1, token2] do
281 conn =
282 conn
283 |> put_req_header("authorization", "Bearer #{token.token}")
284 |> patch("/api/v1/accounts/update_credentials", %{})
285
286 if token == token1 do
287 assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
288 else
289 assert json_response(conn, 200)
290 end
291 end
292 end
293
294 test "updates profile emojos", %{conn: conn} do
295 user = insert(:user)
296
297 note = "*sips :blank:*"
298 name = "I am :firefox:"
299
300 conn =
301 conn
302 |> assign(:user, user)
303 |> patch("/api/v1/accounts/update_credentials", %{
304 "note" => note,
305 "display_name" => name
306 })
307
308 assert json_response(conn, 200)
309
310 conn =
311 conn
312 |> get("/api/v1/accounts/#{user.id}")
313
314 assert user = json_response(conn, 200)
315
316 assert user["note"] == note
317 assert user["display_name"] == name
318 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user["emojis"]
319 end
320
321 test "update fields", %{conn: conn} do
322 user = insert(:user)
323
324 fields = [
325 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
326 %{"name" => "link", "value" => "cofe.io"}
327 ]
328
329 account =
330 conn
331 |> assign(:user, user)
332 |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
333 |> json_response(200)
334
335 assert account["fields"] == [
336 %{"name" => "foo", "value" => "bar"},
337 %{"name" => "link", "value" => "<a href=\"http://cofe.io\">cofe.io</a>"}
338 ]
339
340 assert account["source"]["fields"] == [
341 %{
342 "name" => "<a href=\"http://google.com\">foo</a>",
343 "value" => "<script>bar</script>"
344 },
345 %{"name" => "link", "value" => "cofe.io"}
346 ]
347
348 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
349 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
350
351 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
352
353 fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
354
355 assert %{"error" => "Invalid request"} ==
356 conn
357 |> assign(:user, user)
358 |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
359 |> json_response(403)
360
361 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
362
363 fields = [%{"name" => long_name, "value" => "bar"}]
364
365 assert %{"error" => "Invalid request"} ==
366 conn
367 |> assign(:user, user)
368 |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
369 |> json_response(403)
370
371 Pleroma.Config.put([:instance, :max_account_fields], 1)
372
373 fields = [
374 %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
375 %{"name" => "link", "value" => "cofe.io"}
376 ]
377
378 assert %{"error" => "Invalid request"} ==
379 conn
380 |> assign(:user, user)
381 |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
382 |> json_response(403)
383 end
384 end
385 end