diff --git a/config/config.exs b/config/config.exs
index eeb88174a..e2901cf12 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -67,7 +67,7 @@
config :pleroma, Pleroma.Captcha,
enabled: true,
- seconds_valid: 3000,
+ seconds_valid: 300,
method: Pleroma.Captcha.Native
config :pleroma, Pleroma.Captcha.Kocaptcha, endpoint: "https://captcha.kotobank.ch"
diff --git a/lib/pleroma/plugs/oauth_scopes_plug.ex b/lib/pleroma/plugs/oauth_scopes_plug.ex
index 174a8389c..07c0f7fdb 100644
--- a/lib/pleroma/plugs/oauth_scopes_plug.ex
+++ b/lib/pleroma/plugs/oauth_scopes_plug.ex
@@ -18,16 +18,13 @@ def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
token = assigns[:token]
scopes = transform_scopes(scopes, options)
- matched_scopes = token && filter_descendants(scopes, token.scopes)
+ matched_scopes = (token && filter_descendants(scopes, token.scopes)) || []
cond do
- is_nil(token) ->
- maybe_perform_instance_privacy_check(conn, options)
-
- op == :| && Enum.any?(matched_scopes) ->
+ token && op == :| && Enum.any?(matched_scopes) ->
conn
- op == :& && matched_scopes == scopes ->
+ token && op == :& && matched_scopes == scopes ->
conn
options[:fallback] == :proceed_unauthenticated ->
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 40cc93e03..430f04ae9 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -1430,20 +1430,47 @@ def get_or_fetch_by_ap_id(ap_id) do
Creates an internal service actor by URI if missing.
Optionally takes nickname for addressing.
"""
- def get_or_create_service_actor_by_ap_id(uri, nickname \\ nil) do
- with user when is_nil(user) <- get_cached_by_ap_id(uri) do
- {:ok, user} =
- %User{
- invisible: true,
- local: true,
- ap_id: uri,
- nickname: nickname,
- follower_address: uri <> "/followers"
- }
- |> Repo.insert()
+ @spec get_or_create_service_actor_by_ap_id(String.t(), String.t()) :: User.t() | nil
+ def get_or_create_service_actor_by_ap_id(uri, nickname) do
+ {_, user} =
+ case get_cached_by_ap_id(uri) do
+ nil ->
+ with {:error, %{errors: errors}} <- create_service_actor(uri, nickname) do
+ Logger.error("Cannot create service actor: #{uri}/.\n#{inspect(errors)}")
+ {:error, nil}
+ end
- user
- end
+ %User{invisible: false} = user ->
+ set_invisible(user)
+
+ user ->
+ {:ok, user}
+ end
+
+ user
+ end
+
+ @spec set_invisible(User.t()) :: {:ok, User.t()}
+ defp set_invisible(user) do
+ user
+ |> change(%{invisible: true})
+ |> update_and_set_cache()
+ end
+
+ @spec create_service_actor(String.t(), String.t()) ::
+ {:ok, User.t()} | {:error, Ecto.Changeset.t()}
+ defp create_service_actor(uri, nickname) do
+ %User{
+ invisible: true,
+ local: true,
+ ap_id: uri,
+ nickname: nickname,
+ follower_address: uri <> "/followers"
+ }
+ |> change
+ |> unique_constraint(:nickname)
+ |> Repo.insert()
+ |> set_cache()
end
# AP style
diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex
index 99a804568..48a1b71e0 100644
--- a/lib/pleroma/web/activity_pub/relay.ex
+++ b/lib/pleroma/web/activity_pub/relay.ex
@@ -9,10 +9,12 @@ defmodule Pleroma.Web.ActivityPub.Relay do
alias Pleroma.Web.ActivityPub.ActivityPub
require Logger
+ @relay_nickname "relay"
+
def get_actor do
actor =
relay_ap_id()
- |> User.get_or_create_service_actor_by_ap_id()
+ |> User.get_or_create_service_actor_by_ap_id(@relay_nickname)
actor
end
diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex
index ca261ad6e..9f7e4943c 100644
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -20,18 +20,21 @@ defmodule Pleroma.Web.MastoFEController do
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
@doc "GET /web/*path"
- def index(%{assigns: %{user: user}} = conn, _params) do
- token = get_session(conn, :oauth_token)
+ def index(%{assigns: %{user: user, token: token}} = conn, _params)
+ when not is_nil(user) and not is_nil(token) do
+ conn
+ |> put_layout(false)
+ |> render("index.html",
+ token: token.token,
+ user: user,
+ custom_emojis: Pleroma.Emoji.get_all()
+ )
+ end
- if user && token do
- conn
- |> put_layout(false)
- |> render("index.html", token: token, user: user, custom_emojis: Pleroma.Emoji.get_all())
- else
- conn
- |> put_session(:return_to, conn.request_path)
- |> redirect(to: "/web/login")
- end
+ def index(conn, _params) do
+ conn
+ |> put_session(:return_to, conn.request_path)
+ |> redirect(to: "/web/login")
end
@doc "GET /web/manifest.json"
diff --git a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
index 69dfa92e3..0bbf84fd3 100644
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
@@ -52,7 +52,7 @@ def list_from(conn, %{"instance_address" => address}) do
@doc """
Lists the packs available on the instance as JSON.
- The information is public and does not require authentification. The format is
+ The information is public and does not require authentication. The format is
a map of "pack directory name" to pack.json contents.
"""
def list_packs(conn, _params) do
diff --git a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
index 8fed3f5bb..772c535a4 100644
--- a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
@@ -22,7 +22,14 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
plug(
OAuthScopesPlug,
- %{scopes: ["read:statuses"]} when action in [:conversation, :conversation_statuses]
+ %{scopes: ["read:statuses"]}
+ when action in [:conversation, :conversation_statuses, :emoji_reactions_by]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:statuses"]}
+ when action in [:react_with_emoji, :unreact_with_emoji]
)
plug(
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 799dd17ae..c35e393c0 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -22,7 +22,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]}
- when action in [:do_remote_follow, :follow_import]
+ when action == :follow_import
+ )
+
+ # Note: follower can submit the form (with password auth) not being signed in (having no token)
+ plug(
+ OAuthScopesPlug,
+ %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
+ when action == :do_remote_follow
)
plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)
@@ -113,6 +120,28 @@ defp is_status?(acct) do
end
end
+ def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}})
+ when not is_nil(user) do
+ with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
+ {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
+ conn
+ |> render("followed.html", %{error: false})
+ else
+ # Was already following user
+ {:error, "Could not follow user:" <> _rest} ->
+ render(conn, "followed.html", %{error: "Error following account"})
+
+ {:fetch_user, error} ->
+ Logger.debug("Remote follow failed with error #{inspect(error)}")
+ render(conn, "followed.html", %{error: "Could not find user"})
+
+ e ->
+ Logger.debug("Remote follow failed with error #{inspect(e)}")
+ render(conn, "followed.html", %{error: "Something went wrong."})
+ end
+ end
+
+ # Note: "id" is the id of followee user, disregard incorrect placing under "authorization"
def do_remote_follow(conn, %{
"authorization" => %{"name" => username, "password" => password, "id" => id}
}) do
@@ -146,24 +175,12 @@ def do_remote_follow(conn, %{
end
end
- def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do
- with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
- {:ok, _follower, _followee, _activity} <- CommonAPI.follow(user, followee) do
- conn
- |> render("followed.html", %{error: false})
- else
- # Was already following user
- {:error, "Could not follow user:" <> _rest} ->
- render(conn, "followed.html", %{error: "Error following account"})
+ def do_remote_follow(%{assigns: %{user: nil}} = conn, _) do
+ render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."})
+ end
- {:fetch_user, error} ->
- Logger.debug("Remote follow failed with error #{inspect(error)}")
- render(conn, "followed.html", %{error: "Could not find user"})
-
- e ->
- Logger.debug("Remote follow failed with error #{inspect(e)}")
- render(conn, "followed.html", %{error: "Something went wrong."})
- end
+ def do_remote_follow(conn, _) do
+ render(conn, "followed.html", %{error: "Something went wrong."})
end
def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
@@ -346,7 +363,9 @@ def change_email(%{assigns: %{user: user}} = conn, params) do
end
def delete_account(%{assigns: %{user: user}} = conn, params) do
- case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+ password = params["password"] || ""
+
+ case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} ->
User.delete(user)
json(conn, %{status: "success"})
diff --git a/test/notification_test.exs b/test/notification_test.exs
index ffa3d4b8c..f5f23bb5a 100644
--- a/test/notification_test.exs
+++ b/test/notification_test.exs
@@ -98,7 +98,7 @@ test "it creates a notification for user if the user blocks the activity author"
assert Notification.create_notification(activity, user)
end
- test "it creates a notificatin for the user if the user mutes the activity author" do
+ test "it creates a notification for the user if the user mutes the activity author" do
muter = insert(:user)
muted = insert(:user)
{:ok, _} = User.mute(muter, muted)
diff --git a/test/plugs/oauth_scopes_plug_test.exs b/test/plugs/oauth_scopes_plug_test.exs
index 89f32f43a..ce426677b 100644
--- a/test/plugs/oauth_scopes_plug_test.exs
+++ b/test/plugs/oauth_scopes_plug_test.exs
@@ -16,34 +16,6 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
:ok
end
- describe "when `assigns[:token]` is nil, " do
- test "with :skip_instance_privacy_check option, proceeds with no op", %{conn: conn} do
- conn =
- conn
- |> assign(:user, insert(:user))
- |> OAuthScopesPlug.call(%{scopes: ["read"], skip_instance_privacy_check: true})
-
- refute conn.halted
- assert conn.assigns[:user]
-
- refute called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
- end
-
- test "without :skip_instance_privacy_check option, calls EnsurePublicOrAuthenticatedPlug", %{
- conn: conn
- } do
- conn =
- conn
- |> assign(:user, insert(:user))
- |> OAuthScopesPlug.call(%{scopes: ["read"]})
-
- refute conn.halted
- assert conn.assigns[:user]
-
- assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
- end
- end
-
test "if `token.scopes` fulfills specified 'any of' conditions, " <>
"proceeds with no op",
%{conn: conn} do
@@ -75,64 +47,56 @@ test "if `token.scopes` fulfills specified 'all of' conditions, " <>
end
describe "with `fallback: :proceed_unauthenticated` option, " do
- test "if `token.scopes` doesn't fulfill specified 'any of' conditions, " <>
- "clears `assigns[:user]` and calls EnsurePublicOrAuthenticatedPlug",
+ test "if `token.scopes` doesn't fulfill specified conditions, " <>
+ "clears :user and :token assigns and calls EnsurePublicOrAuthenticatedPlug",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
+ user = insert(:user)
+ token1 = insert(:oauth_token, scopes: ["read", "write"], user: user)
- conn =
- conn
- |> assign(:user, token.user)
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{scopes: ["follow"], fallback: :proceed_unauthenticated})
+ for token <- [token1, nil], op <- [:|, :&] do
+ ret_conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{
+ scopes: ["follow"],
+ op: op,
+ fallback: :proceed_unauthenticated
+ })
- refute conn.halted
- refute conn.assigns[:user]
+ refute ret_conn.halted
+ refute ret_conn.assigns[:user]
+ refute ret_conn.assigns[:token]
- assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
- end
-
- test "if `token.scopes` doesn't fulfill specified 'all of' conditions, " <>
- "clears `assigns[:user] and calls EnsurePublicOrAuthenticatedPlug",
- %{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
-
- conn =
- conn
- |> assign(:user, token.user)
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{
- scopes: ["read", "follow"],
- op: :&,
- fallback: :proceed_unauthenticated
- })
-
- refute conn.halted
- refute conn.assigns[:user]
-
- assert called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ assert called(EnsurePublicOrAuthenticatedPlug.call(ret_conn, :_))
+ end
end
test "with :skip_instance_privacy_check option, " <>
"if `token.scopes` doesn't fulfill specified conditions, " <>
- "clears `assigns[:user]` and does not call EnsurePublicOrAuthenticatedPlug",
+ "clears :user and :token assigns and does NOT call EnsurePublicOrAuthenticatedPlug",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read:statuses", "write"]) |> Repo.preload(:user)
+ user = insert(:user)
+ token1 = insert(:oauth_token, scopes: ["read:statuses", "write"], user: user)
- conn =
- conn
- |> assign(:user, token.user)
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{
- scopes: ["read"],
- fallback: :proceed_unauthenticated,
- skip_instance_privacy_check: true
- })
+ for token <- [token1, nil], op <- [:|, :&] do
+ ret_conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{
+ scopes: ["read"],
+ op: op,
+ fallback: :proceed_unauthenticated,
+ skip_instance_privacy_check: true
+ })
- refute conn.halted
- refute conn.assigns[:user]
+ refute ret_conn.halted
+ refute ret_conn.assigns[:user]
+ refute ret_conn.assigns[:token]
- refute called(EnsurePublicOrAuthenticatedPlug.call(conn, :_))
+ refute called(EnsurePublicOrAuthenticatedPlug.call(ret_conn, :_))
+ end
end
end
@@ -140,39 +104,42 @@ test "with :skip_instance_privacy_check option, " <>
test "if `token.scopes` does not fulfill specified 'any of' conditions, " <>
"returns 403 and halts",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"])
- any_of_scopes = ["follow"]
+ for token <- [insert(:oauth_token, scopes: ["read", "write"]), nil] do
+ any_of_scopes = ["follow", "push"]
- conn =
- conn
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{scopes: any_of_scopes})
+ ret_conn =
+ conn
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{scopes: any_of_scopes})
- assert conn.halted
- assert 403 == conn.status
+ assert ret_conn.halted
+ assert 403 == ret_conn.status
- expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, ", ")}."
- assert Jason.encode!(%{error: expected_error}) == conn.resp_body
+ expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, " | ")}."
+ assert Jason.encode!(%{error: expected_error}) == ret_conn.resp_body
+ end
end
test "if `token.scopes` does not fulfill specified 'all of' conditions, " <>
"returns 403 and halts",
%{conn: conn} do
- token = insert(:oauth_token, scopes: ["read", "write"])
- all_of_scopes = ["write", "follow"]
+ for token <- [insert(:oauth_token, scopes: ["read", "write"]), nil] do
+ token_scopes = (token && token.scopes) || []
+ all_of_scopes = ["write", "follow"]
- conn =
- conn
- |> assign(:token, token)
- |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})
+ conn =
+ conn
+ |> assign(:token, token)
+ |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})
- assert conn.halted
- assert 403 == conn.status
+ assert conn.halted
+ assert 403 == conn.status
- expected_error =
- "Insufficient permissions: #{Enum.join(all_of_scopes -- token.scopes, ", ")}."
+ expected_error =
+ "Insufficient permissions: #{Enum.join(all_of_scopes -- token_scopes, " & ")}."
- assert Jason.encode!(%{error: expected_error}) == conn.resp_body
+ assert Jason.encode!(%{error: expected_error}) == conn.resp_body
+ end
end
end
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index 9897f72ce..22e72fc09 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -28,6 +28,26 @@ defmodule Pleroma.Web.ConnCase do
# The default endpoint for testing
@endpoint Pleroma.Web.Endpoint
+
+ # Sets up OAuth access with specified scopes
+ defp oauth_access(scopes, opts \\ []) do
+ user =
+ Keyword.get_lazy(opts, :user, fn ->
+ Pleroma.Factory.insert(:user)
+ end)
+
+ token =
+ Keyword.get_lazy(opts, :oauth_token, fn ->
+ Pleroma.Factory.insert(:oauth_token, user: user, scopes: scopes)
+ end)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> assign(:token, token)
+
+ %{user: user, token: token, conn: conn}
+ end
end
end
diff --git a/test/support/factory.ex b/test/support/factory.ex
index 314f26ec9..100864055 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -296,7 +296,7 @@ def oauth_app_factory do
%Pleroma.Web.OAuth.App{
client_name: "Some client",
redirect_uris: "https://example.com/callback",
- scopes: ["read", "write", "follow", "push"],
+ scopes: ["read", "write", "follow", "push", "admin"],
website: "https://example.com",
client_id: Ecto.UUID.generate(),
client_secret: "aaa;/&bbb"
@@ -310,19 +310,37 @@ def instance_factory do
}
end
- def oauth_token_factory do
- oauth_app = insert(:oauth_app)
+ def oauth_token_factory(attrs \\ %{}) do
+ scopes = Map.get(attrs, :scopes, ["read"])
+ oauth_app = Map.get_lazy(attrs, :app, fn -> insert(:oauth_app, scopes: scopes) end)
+ user = Map.get_lazy(attrs, :user, fn -> build(:user) end)
+
+ valid_until =
+ Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
%Pleroma.Web.OAuth.Token{
token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
- scopes: ["read"],
refresh_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
- user: build(:user),
- app_id: oauth_app.id,
- valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)
+ scopes: scopes,
+ user: user,
+ app: oauth_app,
+ valid_until: valid_until
}
end
+ def oauth_admin_token_factory(attrs \\ %{}) do
+ user = Map.get_lazy(attrs, :user, fn -> build(:user, is_admin: true) end)
+
+ scopes =
+ attrs
+ |> Map.get(:scopes, ["admin"])
+ |> Kernel.++(["admin"])
+ |> Enum.uniq()
+
+ attrs = Map.merge(attrs, %{user: user, scopes: scopes})
+ oauth_token_factory(attrs)
+ end
+
def oauth_authorization_factory do
%Pleroma.Web.OAuth.Authorization{
token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false),
diff --git a/test/user_test.exs b/test/user_test.exs
index d7ab63463..9da1e02a9 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -17,6 +17,7 @@ defmodule Pleroma.UserTest do
import Mock
import Pleroma.Factory
+ import ExUnit.CaptureLog
setup_all do
Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -26,6 +27,42 @@ defmodule Pleroma.UserTest do
clear_config([:instance, :account_activation_required])
describe "service actors" do
+ test "returns updated invisible actor" do
+ uri = "#{Pleroma.Web.Endpoint.url()}/relay"
+ followers_uri = "#{uri}/followers"
+
+ insert(
+ :user,
+ %{
+ nickname: "relay",
+ invisible: false,
+ local: true,
+ ap_id: uri,
+ follower_address: followers_uri
+ }
+ )
+
+ actor = User.get_or_create_service_actor_by_ap_id(uri, "relay")
+ assert actor.invisible
+ end
+
+ test "returns relay user" do
+ uri = "#{Pleroma.Web.Endpoint.url()}/relay"
+ followers_uri = "#{uri}/followers"
+
+ assert %User{
+ nickname: "relay",
+ invisible: true,
+ local: true,
+ ap_id: ^uri,
+ follower_address: ^followers_uri
+ } = User.get_or_create_service_actor_by_ap_id(uri, "relay")
+
+ assert capture_log(fn ->
+ refute User.get_or_create_service_actor_by_ap_id("/relay", "relay")
+ end) =~ "Cannot create service actor:"
+ end
+
test "returns invisible actor" do
uri = "#{Pleroma.Web.Endpoint.url()}/internal/fetch-test"
followers_uri = "#{uri}/followers"
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 49ff005b6..a3fbb6041 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -26,8 +26,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
:ok
end
- clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
- Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+ setup do
+ admin = insert(:user, is_admin: true)
+ token = insert(:oauth_admin_token, user: admin)
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, token)
+
+ {:ok, %{admin: admin, token: token, conn: conn}}
end
describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
@@ -35,9 +43,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
end
- test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope" do
+ test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
+ %{admin: admin} do
user = insert(:user)
- admin = insert(:user, is_admin: true)
url = "/api/pleroma/admin/users/#{user.nickname}"
good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
@@ -80,14 +88,67 @@ test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or bro
end
end
+ describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
+ clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+ end
+
+ test "GET /api/pleroma/admin/users/:nickname requires " <>
+ "read:accounts or admin:read:accounts or broader scope",
+ %{admin: admin} do
+ user = insert(:user)
+ url = "/api/pleroma/admin/users/#{user.nickname}"
+
+ good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+ good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+ good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+ good_token4 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+ good_token5 = insert(:oauth_token, user: admin, scopes: ["read"])
+
+ good_tokens = [good_token1, good_token2, good_token3, good_token4, good_token5]
+
+ bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts:partial"])
+ bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+ bad_token3 = nil
+
+ for good_token <- good_tokens do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, 200)
+ end
+
+ for good_token <- good_tokens do
+ conn =
+ build_conn()
+ |> assign(:user, nil)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+
+ for bad_token <- [bad_token1, bad_token2, bad_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, bad_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+ end
+ end
+
describe "DELETE /api/pleroma/admin/users" do
- test "single user" do
- admin = insert(:user, is_admin: true)
+ test "single user", %{admin: admin, conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")
@@ -99,14 +160,12 @@ test "single user" do
assert json_response(conn, 200) == user.nickname
end
- test "multiple users" do
- admin = insert(:user, is_admin: true)
+ test "multiple users", %{admin: admin, conn: conn} do
user_one = insert(:user)
user_two = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users", %{
nicknames: [user_one.nickname, user_two.nickname]
@@ -123,12 +182,9 @@ test "multiple users" do
end
describe "/api/pleroma/admin/users" do
- test "Create" do
- admin = insert(:user, is_admin: true)
-
+ test "Create", %{conn: conn} do
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
@@ -153,13 +209,11 @@ test "Create" do
assert ["lain", "lain2"] -- Enum.map(log_entry.data["subjects"], & &1["nickname"]) == []
end
- test "Cannot create user with existing email" do
- admin = insert(:user, is_admin: true)
+ test "Cannot create user with existing email", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
@@ -184,13 +238,11 @@ test "Cannot create user with existing email" do
]
end
- test "Cannot create user with existing nickname" do
- admin = insert(:user, is_admin: true)
+ test "Cannot create user with existing nickname", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
@@ -215,13 +267,11 @@ test "Cannot create user with existing nickname" do
]
end
- test "Multiple user creation works in transaction" do
- admin = insert(:user, is_admin: true)
+ test "Multiple user creation works in transaction", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users", %{
"users" => [
@@ -265,13 +315,9 @@ test "Multiple user creation works in transaction" do
describe "/api/pleroma/admin/users/:nickname" do
test "Show", %{conn: conn} do
- admin = insert(:user, is_admin: true)
user = insert(:user)
- conn =
- conn
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users/#{user.nickname}")
+ conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")
expected = %{
"deactivated" => false,
@@ -289,26 +335,20 @@ test "Show", %{conn: conn} do
end
test "when the user doesn't exist", %{conn: conn} do
- admin = insert(:user, is_admin: true)
user = build(:user)
- conn =
- conn
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users/#{user.nickname}")
+ conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")
assert "Not found" == json_response(conn, 404)
end
end
describe "/api/pleroma/admin/users/follow" do
- test "allows to force-follow another user" do
- admin = insert(:user, is_admin: true)
+ test "allows to force-follow another user", %{admin: admin, conn: conn} do
user = insert(:user)
follower = insert(:user)
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/follow", %{
"follower" => follower.nickname,
@@ -328,15 +368,13 @@ test "allows to force-follow another user" do
end
describe "/api/pleroma/admin/users/unfollow" do
- test "allows to force-unfollow another user" do
- admin = insert(:user, is_admin: true)
+ test "allows to force-unfollow another user", %{admin: admin, conn: conn} do
user = insert(:user)
follower = insert(:user)
User.follow(follower, user)
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/unfollow", %{
"follower" => follower.nickname,
@@ -356,23 +394,20 @@ test "allows to force-unfollow another user" do
end
describe "PUT /api/pleroma/admin/users/tag" do
- setup do
- admin = insert(:user, is_admin: true)
+ setup %{conn: conn} do
user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y"]})
user3 = insert(:user, %{tags: ["unchanged"]})
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> put(
- "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
- user2.nickname
- }&tags[]=foo&tags[]=bar"
+ "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+ "#{user2.nickname}&tags[]=foo&tags[]=bar"
)
- %{conn: conn, admin: admin, user1: user1, user2: user2, user3: user3}
+ %{conn: conn, user1: user1, user2: user2, user3: user3}
end
test "it appends specified tags to users with specified nicknames", %{
@@ -405,23 +440,20 @@ test "it does not modify tags of not specified users", %{conn: conn, user3: user
end
describe "DELETE /api/pleroma/admin/users/tag" do
- setup do
- admin = insert(:user, is_admin: true)
+ setup %{conn: conn} do
user1 = insert(:user, %{tags: ["x"]})
user2 = insert(:user, %{tags: ["y", "z"]})
user3 = insert(:user, %{tags: ["unchanged"]})
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete(
- "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
- user2.nickname
- }&tags[]=x&tags[]=z"
+ "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+ "#{user2.nickname}&tags[]=x&tags[]=z"
)
- %{conn: conn, admin: admin, user1: user1, user2: user2, user3: user3}
+ %{conn: conn, user1: user1, user2: user2, user3: user3}
end
test "it removes specified tags from users with specified nicknames", %{
@@ -454,12 +486,9 @@ test "it does not modify tags of not specified users", %{conn: conn, user3: user
end
describe "/api/pleroma/admin/users/:nickname/permission_group" do
- test "GET is giving user_info" do
- admin = insert(:user, is_admin: true)
-
+ test "GET is giving user_info", %{admin: admin, conn: conn} do
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> get("/api/pleroma/admin/users/#{admin.nickname}/permission_group/")
@@ -469,13 +498,11 @@ test "GET is giving user_info" do
}
end
- test "/:right POST, can add to a permission group" do
- admin = insert(:user, is_admin: true)
+ test "/:right POST, can add to a permission group", %{admin: admin, conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
@@ -489,22 +516,18 @@ test "/:right POST, can add to a permission group" do
"@#{admin.nickname} made @#{user.nickname} admin"
end
- test "/:right POST, can add to a permission group (multiple)" do
- admin = insert(:user, is_admin: true)
+ test "/:right POST, can add to a permission group (multiple)", %{admin: admin, conn: conn} do
user_one = insert(:user)
user_two = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> post("/api/pleroma/admin/users/permission_group/admin", %{
nicknames: [user_one.nickname, user_two.nickname]
})
- assert json_response(conn, 200) == %{
- "is_admin" => true
- }
+ assert json_response(conn, 200) == %{"is_admin" => true}
log_entry = Repo.one(ModerationLog)
@@ -512,19 +535,15 @@ test "/:right POST, can add to a permission group (multiple)" do
"@#{admin.nickname} made @#{user_one.nickname}, @#{user_two.nickname} admin"
end
- test "/:right DELETE, can remove from a permission group" do
- admin = insert(:user, is_admin: true)
+ test "/:right DELETE, can remove from a permission group", %{admin: admin, conn: conn} do
user = insert(:user, is_admin: true)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
- assert json_response(conn, 200) == %{
- "is_admin" => false
- }
+ assert json_response(conn, 200) == %{"is_admin" => false}
log_entry = Repo.one(ModerationLog)
@@ -532,22 +551,21 @@ test "/:right DELETE, can remove from a permission group" do
"@#{admin.nickname} revoked admin role from @#{user.nickname}"
end
- test "/:right DELETE, can remove from a permission group (multiple)" do
- admin = insert(:user, is_admin: true)
+ test "/:right DELETE, can remove from a permission group (multiple)", %{
+ admin: admin,
+ conn: conn
+ } do
user_one = insert(:user, is_admin: true)
user_two = insert(:user, is_admin: true)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> delete("/api/pleroma/admin/users/permission_group/admin", %{
nicknames: [user_one.nickname, user_two.nickname]
})
- assert json_response(conn, 200) == %{
- "is_admin" => false
- }
+ assert json_response(conn, 200) == %{"is_admin" => false}
log_entry = Repo.one(ModerationLog)
@@ -559,10 +577,6 @@ test "/:right DELETE, can remove from a permission group (multiple)" do
end
describe "POST /api/pleroma/admin/email_invite, with valid config" do
- setup do
- [user: insert(:user, is_admin: true)]
- end
-
clear_config([:instance, :registrations_open]) do
Pleroma.Config.put([:instance, :registrations_open], false)
end
@@ -571,14 +585,13 @@ test "/:right DELETE, can remove from a permission group (multiple)" do
Pleroma.Config.put([:instance, :invites_enabled], true)
end
- test "sends invitation and returns 204", %{conn: conn, user: user} do
+ test "sends invitation and returns 204", %{admin: admin, conn: conn} do
recipient_email = "foo@bar.com"
recipient_name = "J. D."
conn =
- conn
- |> assign(:user, user)
- |> post(
+ post(
+ conn,
"/api/pleroma/admin/users/email_invite?email=#{recipient_email}&name=#{recipient_name}"
)
@@ -593,7 +606,7 @@ test "sends invitation and returns 204", %{conn: conn, user: user} do
email =
Pleroma.Emails.UserEmail.user_invitation_email(
- user,
+ admin,
token_record,
recipient_email,
recipient_name
@@ -606,12 +619,14 @@ test "sends invitation and returns 204", %{conn: conn, user: user} do
)
end
- test "it returns 403 if requested by a non-admin", %{conn: conn} do
+ test "it returns 403 if requested by a non-admin" do
non_admin_user = insert(:user)
+ token = insert(:oauth_token, user: non_admin_user)
conn =
- conn
+ build_conn()
|> assign(:user, non_admin_user)
+ |> assign(:token, token)
|> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
assert json_response(conn, :forbidden)
@@ -619,45 +634,33 @@ test "it returns 403 if requested by a non-admin", %{conn: conn} do
end
describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
- setup do
- [user: insert(:user, is_admin: true)]
- end
-
clear_config([:instance, :registrations_open])
clear_config([:instance, :invites_enabled])
- test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
+ test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
Pleroma.Config.put([:instance, :registrations_open], false)
Pleroma.Config.put([:instance, :invites_enabled], false)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
+ conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
assert json_response(conn, :internal_server_error)
end
- test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
+ test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
Pleroma.Config.put([:instance, :registrations_open], true)
Pleroma.Config.put([:instance, :invites_enabled], true)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
+ conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
assert json_response(conn, :internal_server_error)
end
end
- test "/api/pleroma/admin/users/:nickname/password_reset" do
- admin = insert(:user, is_admin: true)
+ test "/api/pleroma/admin/users/:nickname/password_reset", %{conn: conn} do
user = insert(:user)
conn =
- build_conn()
- |> assign(:user, admin)
+ conn
|> put_req_header("accept", "application/json")
|> get("/api/pleroma/admin/users/#{user.nickname}/password_reset")
@@ -667,16 +670,6 @@ test "/api/pleroma/admin/users/:nickname/password_reset" do
end
describe "GET /api/pleroma/admin/users" do
- setup do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn, admin: admin}
- end
-
test "renders users array for the first page", %{conn: conn, admin: admin} do
user = insert(:user, local: false, tags: ["foo", "bar"])
conn = get(conn, "/api/pleroma/admin/users?page=1")
@@ -898,6 +891,7 @@ test "regular search with page size", %{conn: conn} do
test "only local users" do
admin = insert(:user, is_admin: true, nickname: "john")
+ token = insert(:oauth_admin_token, user: admin)
user = insert(:user, nickname: "bob")
insert(:user, nickname: "bobb", local: false)
@@ -905,6 +899,7 @@ test "only local users" do
conn =
build_conn()
|> assign(:user, admin)
+ |> assign(:token, token)
|> get("/api/pleroma/admin/users?query=bo&filters=local")
assert json_response(conn, 200) == %{
@@ -926,16 +921,13 @@ test "only local users" do
}
end
- test "only local users with no query", %{admin: old_admin} do
+ test "only local users with no query", %{conn: conn, admin: old_admin} do
admin = insert(:user, is_admin: true, nickname: "john")
user = insert(:user, nickname: "bob")
insert(:user, nickname: "bobb", local: false)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users?filters=local")
+ conn = get(conn, "/api/pleroma/admin/users?filters=local")
users =
[
@@ -1093,6 +1085,7 @@ test "load users with tags list", %{conn: conn} do
test "it works with multiple filters" do
admin = insert(:user, nickname: "john", is_admin: true)
+ token = insert(:oauth_admin_token, user: admin)
user = insert(:user, nickname: "bob", local: false, deactivated: true)
insert(:user, nickname: "ken", local: true, deactivated: true)
@@ -1101,6 +1094,7 @@ test "it works with multiple filters" do
conn =
build_conn()
|> assign(:user, admin)
+ |> assign(:token, token)
|> get("/api/pleroma/admin/users?filters=deactivated,external")
assert json_response(conn, 200) == %{
@@ -1122,13 +1116,10 @@ test "it works with multiple filters" do
}
end
- test "it omits relay user", %{admin: admin} do
+ test "it omits relay user", %{admin: admin, conn: conn} do
assert %User{} = Relay.get_actor()
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/users")
+ conn = get(conn, "/api/pleroma/admin/users")
assert json_response(conn, 200) == %{
"count" => 1,
@@ -1150,15 +1141,13 @@ test "it omits relay user", %{admin: admin} do
end
end
- test "PATCH /api/pleroma/admin/users/activate" do
- admin = insert(:user, is_admin: true)
+ test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
user_one = insert(:user, deactivated: true)
user_two = insert(:user, deactivated: true)
conn =
- build_conn()
- |> assign(:user, admin)
- |> patch(
+ patch(
+ conn,
"/api/pleroma/admin/users/activate",
%{nicknames: [user_one.nickname, user_two.nickname]}
)
@@ -1172,15 +1161,13 @@ test "PATCH /api/pleroma/admin/users/activate" do
"@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
end
- test "PATCH /api/pleroma/admin/users/deactivate" do
- admin = insert(:user, is_admin: true)
+ test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
user_one = insert(:user, deactivated: false)
user_two = insert(:user, deactivated: false)
conn =
- build_conn()
- |> assign(:user, admin)
- |> patch(
+ patch(
+ conn,
"/api/pleroma/admin/users/deactivate",
%{nicknames: [user_one.nickname, user_two.nickname]}
)
@@ -1194,14 +1181,10 @@ test "PATCH /api/pleroma/admin/users/deactivate" do
"@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
end
- test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
- admin = insert(:user, is_admin: true)
+ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
user = insert(:user)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
+ conn = patch(conn, "/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
assert json_response(conn, 200) ==
%{
@@ -1223,16 +1206,6 @@ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
end
describe "POST /api/pleroma/admin/users/invite_token" do
- setup do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn}
- end
-
test "without options", %{conn: conn} do
conn = post(conn, "/api/pleroma/admin/users/invite_token")
@@ -1287,16 +1260,6 @@ test "with max use and expires_at", %{conn: conn} do
end
describe "GET /api/pleroma/admin/users/invites" do
- setup do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn}
- end
-
test "no invites", %{conn: conn} do
conn = get(conn, "/api/pleroma/admin/users/invites")
@@ -1325,14 +1288,10 @@ test "with invite", %{conn: conn} do
end
describe "POST /api/pleroma/admin/users/revoke_invite" do
- test "with token" do
- admin = insert(:user, is_admin: true)
+ test "with token", %{conn: conn} do
{:ok, invite} = UserInviteToken.create_invite()
- conn =
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
+ conn = post(conn, "/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
assert json_response(conn, 200) == %{
"expires_at" => nil,
@@ -1345,25 +1304,14 @@ test "with token" do
}
end
- test "with invalid token" do
- admin = insert(:user, is_admin: true)
-
- conn =
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
+ test "with invalid token", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
assert json_response(conn, :not_found) == "Not found"
end
end
describe "GET /api/pleroma/admin/reports/:id" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin)}
- end
-
test "returns report by its id", %{conn: conn} do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
@@ -1391,8 +1339,7 @@ test "returns 404 when report id is invalid", %{conn: conn} do
end
describe "PATCH /api/pleroma/admin/reports" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
@@ -1411,9 +1358,7 @@ test "returns 404 when report id is invalid", %{conn: conn} do
})
%{
- conn: assign(conn, :user, admin),
id: report_id,
- admin: admin,
second_report_id: second_report_id
}
end
@@ -1509,12 +1454,6 @@ test "updates state of multiple reports", %{
end
describe "GET /api/pleroma/admin/reports" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin)}
- end
-
test "returns empty response when no reports created", %{conn: conn} do
response =
conn
@@ -1609,10 +1548,12 @@ test "returns reports with specified state", %{conn: conn} do
test "returns 403 when requested by a non-admin" do
user = insert(:user)
+ token = insert(:oauth_token, user: user)
conn =
build_conn()
|> assign(:user, user)
+ |> assign(:token, token)
|> get("/api/pleroma/admin/reports")
assert json_response(conn, :forbidden) ==
@@ -1620,17 +1561,14 @@ test "returns 403 when requested by a non-admin" do
end
test "returns 403 when requested by anonymous" do
- conn =
- build_conn()
- |> get("/api/pleroma/admin/reports")
+ conn = get(build_conn(), "/api/pleroma/admin/reports")
assert json_response(conn, :forbidden) == %{"error" => "Invalid credentials."}
end
end
describe "GET /api/pleroma/admin/grouped_reports" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
[reporter, target_user] = insert_pair(:user)
date1 = (DateTime.to_unix(DateTime.utc_now()) + 1000) |> DateTime.from_unix!()
@@ -1665,7 +1603,6 @@ test "returns 403 when requested by anonymous" do
})
%{
- conn: assign(conn, :user, admin),
first_status: Activity.get_by_ap_id_with_object(first_status.data["id"]),
second_status: Activity.get_by_ap_id_with_object(second_status.data["id"]),
third_status: Activity.get_by_ap_id_with_object(third_status.data["id"]),
@@ -1833,11 +1770,10 @@ test "account not empty if status was deleted", %{
end
describe "PUT /api/pleroma/admin/statuses/:id" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
activity = insert(:note_activity)
- %{conn: assign(conn, :user, admin), id: activity.id, admin: admin}
+ %{id: activity.id}
end
test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do
@@ -1890,20 +1826,17 @@ test "change visibility flag", %{conn: conn, id: id, admin: admin} do
end
test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
- conn =
- conn
- |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "test"})
+ conn = put(conn, "/api/pleroma/admin/statuses/#{id}", %{"visibility" => "test"})
assert json_response(conn, :bad_request) == "Unsupported visibility"
end
end
describe "DELETE /api/pleroma/admin/statuses/:id" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
activity = insert(:note_activity)
- %{conn: assign(conn, :user, admin), id: activity.id, admin: admin}
+ %{id: activity.id}
end
test "deletes status", %{conn: conn, id: id, admin: admin} do
@@ -1920,21 +1853,13 @@ test "deletes status", %{conn: conn, id: id, admin: admin} do
end
test "returns error when status is not exist", %{conn: conn} do
- conn =
- conn
- |> delete("/api/pleroma/admin/statuses/test")
+ conn = delete(conn, "/api/pleroma/admin/statuses/test")
assert json_response(conn, :bad_request) == "Could not delete"
end
end
describe "GET /api/pleroma/admin/config" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin)}
- end
-
test "without any settings in db", %{conn: conn} do
conn = get(conn, "/api/pleroma/admin/config")
@@ -1966,9 +1891,7 @@ test "with settings in db", %{conn: conn} do
end
describe "POST /api/pleroma/admin/config" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
+ setup do
temp_file = "config/test.exported_from_db.secret.exs"
on_exit(fn ->
@@ -1982,8 +1905,6 @@ test "with settings in db", %{conn: conn} do
Application.delete_env(:pleroma, Pleroma.Captcha.NotReal)
:ok = File.rm(temp_file)
end)
-
- %{conn: assign(conn, :user, admin)}
end
clear_config([:instance, :dynamic_configuration]) do
@@ -2535,9 +2456,7 @@ test "delete part of settings by atom subkeys", %{conn: conn} do
end
describe "config mix tasks run" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
+ setup do
temp_file = "config/test.exported_from_db.secret.exs"
Mix.shell(Mix.Shell.Quiet)
@@ -2547,7 +2466,7 @@ test "delete part of settings by atom subkeys", %{conn: conn} do
:ok = File.rm(temp_file)
end)
- %{conn: assign(conn, :user, admin), admin: admin}
+ :ok
end
clear_config([:instance, :dynamic_configuration]) do
@@ -2558,25 +2477,21 @@ test "delete part of settings by atom subkeys", %{conn: conn} do
Pleroma.Config.put([:feed, :post_title], %{max_length: 100, omission: "…"})
end
- test "transfer settings to DB and to file", %{conn: conn, admin: admin} do
+ test "transfer settings to DB and to file", %{conn: conn} do
assert Pleroma.Repo.all(Pleroma.Web.AdminAPI.Config) == []
- conn = get(conn, "/api/pleroma/admin/config/migrate_to_db")
- assert json_response(conn, 200) == %{}
+ ret_conn = get(conn, "/api/pleroma/admin/config/migrate_to_db")
+ assert json_response(ret_conn, 200) == %{}
assert Pleroma.Repo.all(Pleroma.Web.AdminAPI.Config) > 0
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/config/migrate_from_db")
+ ret_conn = get(conn, "/api/pleroma/admin/config/migrate_from_db")
- assert json_response(conn, 200) == %{}
+ assert json_response(ret_conn, 200) == %{}
assert Pleroma.Repo.all(Pleroma.Web.AdminAPI.Config) == []
end
end
describe "GET /api/pleroma/admin/users/:nickname/statuses" do
setup do
- admin = insert(:user, is_admin: true)
user = insert(:user)
date1 = (DateTime.to_unix(DateTime.utc_now()) + 2000) |> DateTime.from_unix!()
@@ -2587,11 +2502,7 @@ test "transfer settings to DB and to file", %{conn: conn, admin: admin} do
insert(:note_activity, user: user, published: date2)
insert(:note_activity, user: user, published: date3)
- conn =
- build_conn()
- |> assign(:user, admin)
-
- {:ok, conn: conn, user: user}
+ %{user: user}
end
test "renders user's statuses", %{conn: conn, user: user} do
@@ -2632,11 +2543,10 @@ test "returns private statuses with godmode on", %{conn: conn, user: user} do
end
describe "GET /api/pleroma/admin/moderation_log" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ setup do
moderator = insert(:user, is_moderator: true)
- %{conn: assign(conn, :user, admin), admin: admin, moderator: moderator}
+ %{moderator: moderator}
end
test "returns the log", %{conn: conn, admin: admin} do
@@ -2841,20 +2751,12 @@ test "returns log filtered by search", %{conn: conn, moderator: moderator} do
end
describe "PATCH /users/:nickname/force_password_reset" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
+ test "sets password_reset_pending to true", %{conn: conn} do
user = insert(:user)
-
- %{conn: assign(conn, :user, admin), admin: admin, user: user}
- end
-
- test "sets password_reset_pending to true", %{admin: admin, user: user} do
assert user.password_reset_pending == false
conn =
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/force_password_reset", %{nicknames: [user.nickname]})
+ patch(conn, "/api/pleroma/admin/users/force_password_reset", %{nicknames: [user.nickname]})
assert json_response(conn, 204) == ""
@@ -2865,17 +2767,9 @@ test "sets password_reset_pending to true", %{admin: admin, user: user} do
end
describe "relays" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "POST /relay", %{admin: admin} do
+ test "POST /relay", %{conn: conn, admin: admin} do
conn =
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/relay", %{
+ post(conn, "/api/pleroma/admin/relay", %{
relay_url: "http://mastodon.example.org/users/admin"
})
@@ -2887,7 +2781,7 @@ test "POST /relay", %{admin: admin} do
"@#{admin.nickname} followed relay: http://mastodon.example.org/users/admin"
end
- test "GET /relay", %{admin: admin} do
+ test "GET /relay", %{conn: conn} do
relay_user = Pleroma.Web.ActivityPub.Relay.get_actor()
["http://mastodon.example.org/users/admin", "https://mstdn.io/users/mayuutann"]
@@ -2896,25 +2790,18 @@ test "GET /relay", %{admin: admin} do
User.follow(relay_user, user)
end)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/relay")
+ conn = get(conn, "/api/pleroma/admin/relay")
assert json_response(conn, 200)["relays"] -- ["mastodon.example.org", "mstdn.io"] == []
end
- test "DELETE /relay", %{admin: admin} do
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/relay", %{
+ test "DELETE /relay", %{conn: conn, admin: admin} do
+ post(conn, "/api/pleroma/admin/relay", %{
relay_url: "http://mastodon.example.org/users/admin"
})
conn =
- build_conn()
- |> assign(:user, admin)
- |> delete("/api/pleroma/admin/relay", %{
+ delete(conn, "/api/pleroma/admin/relay", %{
relay_url: "http://mastodon.example.org/users/admin"
})
@@ -2931,63 +2818,48 @@ test "DELETE /relay", %{admin: admin} do
end
describe "instances" do
- test "GET /instances/:instance/statuses" do
- admin = insert(:user, is_admin: true)
+ test "GET /instances/:instance/statuses", %{conn: conn} do
user = insert(:user, local: false, nickname: "archaeme@archae.me")
user2 = insert(:user, local: false, nickname: "test@test.com")
insert_pair(:note_activity, user: user)
insert(:note_activity, user: user2)
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/instances/archae.me/statuses")
+ ret_conn = get(conn, "/api/pleroma/admin/instances/archae.me/statuses")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert length(response) == 2
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/instances/test.com/statuses")
+ ret_conn = get(conn, "/api/pleroma/admin/instances/test.com/statuses")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert length(response) == 1
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/instances/nonexistent.com/statuses")
+ ret_conn = get(conn, "/api/pleroma/admin/instances/nonexistent.com/statuses")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert length(response) == 0
end
end
describe "PATCH /confirm_email" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "it confirms emails of two users", %{admin: admin} do
+ test "it confirms emails of two users", %{conn: conn, admin: admin} do
[first_user, second_user] = insert_pair(:user, confirmation_pending: true)
assert first_user.confirmation_pending == true
assert second_user.confirmation_pending == true
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/confirm_email", %{
- nicknames: [
- first_user.nickname,
- second_user.nickname
- ]
- })
+ ret_conn =
+ patch(conn, "/api/pleroma/admin/users/confirm_email", %{
+ nicknames: [
+ first_user.nickname,
+ second_user.nickname
+ ]
+ })
+
+ assert ret_conn.status == 200
assert first_user.confirmation_pending == true
assert second_user.confirmation_pending == true
@@ -3002,23 +2874,18 @@ test "it confirms emails of two users", %{admin: admin} do
end
describe "PATCH /resend_confirmation_email" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "it resend emails for two users", %{admin: admin} do
+ test "it resend emails for two users", %{conn: conn, admin: admin} do
[first_user, second_user] = insert_pair(:user, confirmation_pending: true)
- build_conn()
- |> assign(:user, admin)
- |> patch("/api/pleroma/admin/users/resend_confirmation_email", %{
- nicknames: [
- first_user.nickname,
- second_user.nickname
- ]
- })
+ ret_conn =
+ patch(conn, "/api/pleroma/admin/users/resend_confirmation_email", %{
+ nicknames: [
+ first_user.nickname,
+ second_user.nickname
+ ]
+ })
+
+ assert ret_conn.status == 200
log_entry = Repo.one(ModerationLog)
@@ -3030,8 +2897,7 @@ test "it resend emails for two users", %{admin: admin} do
end
describe "POST /reports/:id/notes" do
- setup do
- admin = insert(:user, is_admin: true)
+ setup %{conn: conn, admin: admin} do
[reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user)
@@ -3042,22 +2908,17 @@ test "it resend emails for two users", %{admin: admin} do
"status_ids" => [activity.id]
})
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+ post(conn, "/api/pleroma/admin/reports/#{report_id}/notes", %{
content: "this is disgusting!"
})
- build_conn()
- |> assign(:user, admin)
- |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+ post(conn, "/api/pleroma/admin/reports/#{report_id}/notes", %{
content: "this is disgusting2!"
})
%{
admin_id: admin.id,
- report_id: report_id,
- admin: admin
+ report_id: report_id
}
end
@@ -3071,11 +2932,8 @@ test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
} = note
end
- test "it returns reports with notes", %{admin: admin} do
- conn =
- build_conn()
- |> assign(:user, admin)
- |> get("/api/pleroma/admin/reports")
+ test "it returns reports with notes", %{conn: conn, admin: admin} do
+ conn = get(conn, "/api/pleroma/admin/reports")
response = json_response(conn, 200)
notes = hd(response["reports"])["notes"]
@@ -3087,14 +2945,12 @@ test "it returns reports with notes", %{admin: admin} do
assert response["total"] == 1
end
- test "it deletes the note", %{admin: admin, report_id: report_id} do
+ test "it deletes the note", %{conn: conn, report_id: report_id} do
assert ReportNote |> Repo.all() |> length() == 2
[note, _] = Repo.all(ReportNote)
- build_conn()
- |> assign(:user, admin)
- |> delete("/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
+ delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
assert ReportNote |> Repo.all() |> length() == 1
end
diff --git a/test/web/masto_fe_controller_test.exs b/test/web/masto_fe_controller_test.exs
index b5dbd4a25..f9870a852 100644
--- a/test/web/masto_fe_controller_test.exs
+++ b/test/web/masto_fe_controller_test.exs
@@ -18,6 +18,7 @@ test "put settings", %{conn: conn} do
conn =
conn
|> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:accounts"]))
|> put("/api/web/settings", %{"data" => %{"programming" => "socks"}})
assert _result = json_response(conn, 200)
@@ -63,12 +64,12 @@ test "redirects not logged-in users to the login page on private instances", %{
end
test "does not redirect logged in users to the login page", %{conn: conn, path: path} do
- token = insert(:oauth_token)
+ token = insert(:oauth_token, scopes: ["read"])
conn =
conn
|> assign(:user, token.user)
- |> put_session(:oauth_token, token.token)
+ |> assign(:token, token)
|> get(path)
assert conn.status == 200
diff --git a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
index 77cfce4fa..09bdc46e0 100644
--- a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
@@ -12,13 +12,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
clear_config([:instance, :max_account_fields])
describe "updating credentials" do
- test "sets user settings in a generic way", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+ test "sets user settings in a generic way", %{conn: conn} do
res_conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{
+ patch(conn, "/api/v1/accounts/update_credentials", %{
"pleroma_settings_store" => %{
pleroma_fe: %{
theme: "bla"
@@ -26,10 +24,10 @@ test "sets user settings in a generic way", %{conn: conn} do
}
})
- assert user = json_response(res_conn, 200)
- assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
+ assert user_data = json_response(res_conn, 200)
+ assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
- user = Repo.get(User, user["id"])
+ user = Repo.get(User, user_data["id"])
res_conn =
conn
@@ -42,15 +40,15 @@ test "sets user settings in a generic way", %{conn: conn} do
}
})
- assert user = json_response(res_conn, 200)
+ assert user_data = json_response(res_conn, 200)
- assert user["pleroma"]["settings_store"] ==
+ assert user_data["pleroma"]["settings_store"] ==
%{
"pleroma_fe" => %{"theme" => "bla"},
"masto_fe" => %{"theme" => "bla"}
}
- user = Repo.get(User, user["id"])
+ user = Repo.get(User, user_data["id"])
res_conn =
conn
@@ -63,9 +61,9 @@ test "sets user settings in a generic way", %{conn: conn} do
}
})
- assert user = json_response(res_conn, 200)
+ assert user_data = json_response(res_conn, 200)
- assert user["pleroma"]["settings_store"] ==
+ assert user_data["pleroma"]["settings_store"] ==
%{
"pleroma_fe" => %{"theme" => "bla"},
"masto_fe" => %{"theme" => "blub"}
@@ -73,97 +71,67 @@ test "sets user settings in a generic way", %{conn: conn} do
end
test "updates the user's bio", %{conn: conn} do
- user = insert(:user)
user2 = insert(:user)
conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{
+ patch(conn, "/api/v1/accounts/update_credentials", %{
"note" => "I drink #cofe with @#{user2.nickname}"
})
- assert user = json_response(conn, 200)
+ assert user_data = json_response(conn, 200)
- assert user["note"] ==
+ assert user_data["note"] ==
~s(I drink #cofe with @#{user2.nickname})
end
test "updates the user's locking status", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{locked: "true"})
-
- assert user = json_response(conn, 200)
- assert user["locked"] == true
+ assert user_data = json_response(conn, 200)
+ assert user_data["locked"] == true
end
- test "updates the user's allow_following_move", %{conn: conn} do
- user = insert(:user)
-
+ test "updates the user's allow_following_move", %{user: user, conn: conn} do
assert user.allow_following_move == true
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
assert refresh_record(user).allow_following_move == false
- assert user = json_response(conn, 200)
- assert user["pleroma"]["allow_following_move"] == false
+ assert user_data = json_response(conn, 200)
+ assert user_data["pleroma"]["allow_following_move"] == false
end
test "updates the user's default scope", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
-
- assert user = json_response(conn, 200)
- assert user["source"]["privacy"] == "cofe"
+ assert user_data = json_response(conn, 200)
+ assert user_data["source"]["privacy"] == "cofe"
end
test "updates the user's hide_followers status", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
-
- assert user = json_response(conn, 200)
- assert user["pleroma"]["hide_followers"] == true
+ assert user_data = json_response(conn, 200)
+ assert user_data["pleroma"]["hide_followers"] == true
end
test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
- user = insert(:user)
-
conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{
+ patch(conn, "/api/v1/accounts/update_credentials", %{
hide_followers_count: "true",
hide_follows_count: "true"
})
- assert user = json_response(conn, 200)
- assert user["pleroma"]["hide_followers_count"] == true
- assert user["pleroma"]["hide_follows_count"] == true
+ assert user_data = json_response(conn, 200)
+ assert user_data["pleroma"]["hide_followers_count"] == true
+ assert user_data["pleroma"]["hide_follows_count"] == true
end
- test "updates the user's skip_thread_containment option", %{conn: conn} do
- user = insert(:user)
-
+ test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
response =
conn
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
|> json_response(200)
@@ -172,104 +140,68 @@ test "updates the user's skip_thread_containment option", %{conn: conn} do
end
test "updates the user's hide_follows status", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
-
- assert user = json_response(conn, 200)
- assert user["pleroma"]["hide_follows"] == true
+ assert user_data = json_response(conn, 200)
+ assert user_data["pleroma"]["hide_follows"] == true
end
test "updates the user's hide_favorites status", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
-
- assert user = json_response(conn, 200)
- assert user["pleroma"]["hide_favorites"] == true
+ assert user_data = json_response(conn, 200)
+ assert user_data["pleroma"]["hide_favorites"] == true
end
test "updates the user's show_role status", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
-
- assert user = json_response(conn, 200)
- assert user["source"]["pleroma"]["show_role"] == false
+ assert user_data = json_response(conn, 200)
+ assert user_data["source"]["pleroma"]["show_role"] == false
end
test "updates the user's no_rich_text status", %{conn: conn} do
- user = insert(:user)
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
-
- assert user = json_response(conn, 200)
- assert user["source"]["pleroma"]["no_rich_text"] == true
+ assert user_data = json_response(conn, 200)
+ assert user_data["source"]["pleroma"]["no_rich_text"] == true
end
test "updates the user's name", %{conn: conn} do
- user = insert(:user)
-
conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
+ patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
- assert user = json_response(conn, 200)
- assert user["display_name"] == "markorepairs"
+ assert user_data = json_response(conn, 200)
+ assert user_data["display_name"] == "markorepairs"
end
- test "updates the user's avatar", %{conn: conn} do
- user = insert(:user)
-
+ test "updates the user's avatar", %{user: user, conn: conn} do
new_avatar = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
assert user_response = json_response(conn, 200)
assert user_response["avatar"] != User.avatar_url(user)
end
- test "updates the user's banner", %{conn: conn} do
- user = insert(:user)
-
+ test "updates the user's banner", %{user: user, conn: conn} do
new_header = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
+ conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
assert user_response = json_response(conn, 200)
assert user_response["header"] != User.banner_url(user)
end
test "updates the user's background", %{conn: conn} do
- user = insert(:user)
-
new_header = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
@@ -277,9 +209,7 @@ test "updates the user's background", %{conn: conn} do
}
conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{
+ patch(conn, "/api/v1/accounts/update_credentials", %{
"pleroma_background_image" => new_header
})
@@ -287,13 +217,13 @@ test "updates the user's background", %{conn: conn} do
assert user_response["pleroma"]["background_image"]
end
- test "requires 'write:accounts' permission", %{conn: conn} do
+ test "requires 'write:accounts' permission" do
token1 = insert(:oauth_token, scopes: ["read"])
token2 = insert(:oauth_token, scopes: ["write", "follow"])
for token <- [token1, token2] do
conn =
- conn
+ build_conn()
|> put_req_header("authorization", "Bearer #{token.token}")
|> patch("/api/v1/accounts/update_credentials", %{})
@@ -306,53 +236,44 @@ test "requires 'write:accounts' permission", %{conn: conn} do
end
end
- test "updates profile emojos", %{conn: conn} do
- user = insert(:user)
-
+ test "updates profile emojos", %{user: user, conn: conn} do
note = "*sips :blank:*"
name = "I am :firefox:"
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/accounts/update_credentials", %{
+ ret_conn =
+ patch(conn, "/api/v1/accounts/update_credentials", %{
"note" => note,
"display_name" => name
})
- assert json_response(conn, 200)
+ assert json_response(ret_conn, 200)
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}")
+ conn = get(conn, "/api/v1/accounts/#{user.id}")
- assert user = json_response(conn, 200)
+ assert user_data = json_response(conn, 200)
- assert user["note"] == note
- assert user["display_name"] == name
- assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user["emojis"]
+ assert user_data["note"] == note
+ assert user_data["display_name"] == name
+ assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
end
test "update fields", %{conn: conn} do
- user = insert(:user)
-
fields = [
%{"name" => "foo", "value" => ""},
%{"name" => "link", "value" => "cofe.io"}
]
- account =
+ account_data =
conn
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
|> json_response(200)
- assert account["fields"] == [
+ assert account_data["fields"] == [
%{"name" => "foo", "value" => "bar"},
%{"name" => "link", "value" => ~S(cofe.io)}
]
- assert account["source"]["fields"] == [
+ assert account_data["source"]["fields"] == [
%{
"name" => "foo",
"value" => ""
@@ -372,7 +293,6 @@ test "update fields", %{conn: conn} do
account =
conn
|> put_req_header("content-type", "application/x-www-form-urlencoded")
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", fields)
|> json_response(200)
@@ -398,7 +318,6 @@ test "update fields", %{conn: conn} do
assert %{"error" => "Invalid request"} ==
conn
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
|> json_response(403)
@@ -408,7 +327,6 @@ test "update fields", %{conn: conn} do
assert %{"error" => "Invalid request"} ==
conn
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
|> json_response(403)
@@ -421,7 +339,6 @@ test "update fields", %{conn: conn} do
assert %{"error" => "Invalid request"} ==
conn
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
|> json_response(403)
@@ -432,7 +349,6 @@ test "update fields", %{conn: conn} do
account =
conn
- |> assign(:user, user)
|> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
|> json_response(200)
diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index fa08ae4df..0d4860a42 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -87,6 +87,7 @@ test "respects limit_to_local_content == :unauthenticated for remote user nickna
conn =
build_conn()
|> assign(:user, reading_user)
+ |> assign(:token, insert(:oauth_token, user: reading_user, scopes: ["read:accounts"]))
|> get("/api/v1/accounts/#{user.nickname}")
Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
@@ -144,8 +145,9 @@ test "returns 404 for internal.fetch actor", %{conn: conn} do
end
describe "user timelines" do
- test "respects blocks", %{conn: conn} do
- user_one = insert(:user)
+ setup do: oauth_access(["read:statuses"])
+
+ test "respects blocks", %{user: user_one, conn: conn} do
user_two = insert(:user)
user_three = insert(:user)
@@ -154,46 +156,35 @@ test "respects blocks", %{conn: conn} do
{:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
{:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
- resp =
- conn
- |> get("/api/v1/accounts/#{user_two.id}/statuses")
+ resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
assert [%{"id" => id}] = json_response(resp, 200)
assert id == activity.id
# Even a blocked user will deliver the full user timeline, there would be
- # no point in looking at a blocked users timeline otherwise
- resp =
- conn
- |> assign(:user, user_one)
- |> get("/api/v1/accounts/#{user_two.id}/statuses")
+ # no point in looking at a blocked users timeline otherwise
+ resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
assert [%{"id" => id}] = json_response(resp, 200)
assert id == activity.id
- resp =
- conn
- |> get("/api/v1/accounts/#{user_three.id}/statuses")
-
+ # Third user's timeline includes the repeat when viewed by unauthenticated user
+ resp = get(build_conn(), "/api/v1/accounts/#{user_three.id}/statuses")
assert [%{"id" => id}] = json_response(resp, 200)
assert id == repeat.id
- # When viewing a third user's timeline, the blocked users will NOT be
- # shown.
- resp =
- conn
- |> assign(:user, user_one)
- |> get("/api/v1/accounts/#{user_three.id}/statuses")
+ # When viewing a third user's timeline, the blocked users' statuses will NOT be shown
+ resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses")
assert [] = json_response(resp, 200)
end
- test "gets a users statuses", %{conn: conn} do
+ test "gets users statuses", %{conn: conn} do
user_one = insert(:user)
user_two = insert(:user)
user_three = insert(:user)
- {:ok, user_three} = User.follow(user_three, user_one)
+ {:ok, _user_three} = User.follow(user_three, user_one)
{:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
@@ -206,9 +197,7 @@ test "gets a users statuses", %{conn: conn} do
{:ok, private_activity} =
CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
- resp =
- conn
- |> get("/api/v1/accounts/#{user_one.id}/statuses")
+ resp = get(conn, "/api/v1/accounts/#{user_one.id}/statuses")
assert [%{"id" => id}] = json_response(resp, 200)
assert id == to_string(activity.id)
@@ -216,6 +205,7 @@ test "gets a users statuses", %{conn: conn} do
resp =
conn
|> assign(:user, user_two)
+ |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
|> get("/api/v1/accounts/#{user_one.id}/statuses")
assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
@@ -225,6 +215,7 @@ test "gets a users statuses", %{conn: conn} do
resp =
conn
|> assign(:user, user_three)
+ |> assign(:token, insert(:oauth_token, user: user_three, scopes: ["read:statuses"]))
|> get("/api/v1/accounts/#{user_one.id}/statuses")
assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
@@ -236,9 +227,7 @@ test "unimplemented pinned statuses feature", %{conn: conn} do
note = insert(:note_activity)
user = User.get_cached_by_ap_id(note.data["actor"])
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
+ conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?pinned=true")
assert json_response(conn, 200) == []
end
@@ -257,63 +246,51 @@ test "gets an users media", %{conn: conn} do
{:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
+ conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(image_post.id)
- conn =
- build_conn()
- |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
+ conn = get(build_conn(), "/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(image_post.id)
end
- test "gets a user's statuses without reblogs", %{conn: conn} do
- user = insert(:user)
+ test "gets a user's statuses without reblogs", %{user: user, conn: conn} do
{:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
{:ok, _, _} = CommonAPI.repeat(post.id, user)
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
+ conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(post.id)
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
+ conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(post.id)
end
- test "filters user's statuses by a hashtag", %{conn: conn} do
- user = insert(:user)
+ test "filters user's statuses by a hashtag", %{user: user, conn: conn} do
{:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
{:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
+ conn = get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(post.id)
end
- test "the user views their own timelines and excludes direct messages", %{conn: conn} do
- user = insert(:user)
+ test "the user views their own timelines and excludes direct messages", %{
+ user: user,
+ conn: conn
+ } do
{:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
{:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
+ get(conn, "/api/v1/accounts/#{user.id}/statuses", %{"exclude_visibilities" => ["direct"]})
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(public_activity.id)
@@ -321,46 +298,42 @@ test "the user views their own timelines and excludes direct messages", %{conn:
end
describe "followers" do
- test "getting followers", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["read:accounts"])
+
+ test "getting followers", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, user} = User.follow(user, other_user)
- conn =
- conn
- |> get("/api/v1/accounts/#{other_user.id}/followers")
+ conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(user.id)
end
- test "getting followers, hide_followers", %{conn: conn} do
- user = insert(:user)
+ test "getting followers, hide_followers", %{user: user, conn: conn} do
other_user = insert(:user, hide_followers: true)
{:ok, _user} = User.follow(user, other_user)
- conn =
- conn
- |> get("/api/v1/accounts/#{other_user.id}/followers")
+ conn = get(conn, "/api/v1/accounts/#{other_user.id}/followers")
assert [] == json_response(conn, 200)
end
- test "getting followers, hide_followers, same user requesting", %{conn: conn} do
+ test "getting followers, hide_followers, same user requesting" do
user = insert(:user)
other_user = insert(:user, hide_followers: true)
{:ok, _user} = User.follow(user, other_user)
conn =
- conn
+ build_conn()
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
|> get("/api/v1/accounts/#{other_user.id}/followers")
refute [] == json_response(conn, 200)
end
- test "getting followers, pagination", %{conn: conn} do
- user = insert(:user)
+ test "getting followers, pagination", %{user: user, conn: conn} do
follower1 = insert(:user)
follower2 = insert(:user)
follower3 = insert(:user)
@@ -368,29 +341,19 @@ test "getting followers, pagination", %{conn: conn} do
{:ok, _} = User.follow(follower2, user)
{:ok, _} = User.follow(follower3, user)
- conn =
- conn
- |> assign(:user, user)
-
- res_conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
+ res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
assert id3 == follower3.id
assert id2 == follower2.id
- res_conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
+ res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
assert id2 == follower2.id
assert id1 == follower1.id
- res_conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
+ res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
assert [%{"id" => id2}] = json_response(res_conn, 200)
assert id2 == follower2.id
@@ -402,46 +365,47 @@ test "getting followers, pagination", %{conn: conn} do
end
describe "following" do
- test "getting following", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["read:accounts"])
+
+ test "getting following", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, user} = User.follow(user, other_user)
- conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/following")
+ conn = get(conn, "/api/v1/accounts/#{user.id}/following")
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(other_user.id)
end
- test "getting following, hide_follows", %{conn: conn} do
+ test "getting following, hide_follows, other user requesting" do
user = insert(:user, hide_follows: true)
other_user = insert(:user)
{:ok, user} = User.follow(user, other_user)
conn =
- conn
+ build_conn()
+ |> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
|> get("/api/v1/accounts/#{user.id}/following")
assert [] == json_response(conn, 200)
end
- test "getting following, hide_follows, same user requesting", %{conn: conn} do
+ test "getting following, hide_follows, same user requesting" do
user = insert(:user, hide_follows: true)
other_user = insert(:user)
{:ok, user} = User.follow(user, other_user)
conn =
- conn
+ build_conn()
|> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:accounts"]))
|> get("/api/v1/accounts/#{user.id}/following")
refute [] == json_response(conn, 200)
end
- test "getting following, pagination", %{conn: conn} do
- user = insert(:user)
+ test "getting following, pagination", %{user: user, conn: conn} do
following1 = insert(:user)
following2 = insert(:user)
following3 = insert(:user)
@@ -449,29 +413,20 @@ test "getting following, pagination", %{conn: conn} do
{:ok, _} = User.follow(user, following2)
{:ok, _} = User.follow(user, following3)
- conn =
- conn
- |> assign(:user, user)
-
- res_conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
+ res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
assert id3 == following3.id
assert id2 == following2.id
- res_conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
+ res_conn = get(conn, "/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
assert id2 == following2.id
assert id1 == following1.id
res_conn =
- conn
- |> get("/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
+ get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
assert [%{"id" => id2}] = json_response(res_conn, 200)
assert id2 == following2.id
@@ -483,82 +438,52 @@ test "getting following, pagination", %{conn: conn} do
end
describe "follow/unfollow" do
+ setup do: oauth_access(["follow"])
+
test "following / unfollowing a user", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/follow")
+ ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/follow")
- assert %{"id" => _id, "following" => true} = json_response(conn, 200)
+ assert %{"id" => _id, "following" => true} = json_response(ret_conn, 200)
- user = User.get_cached_by_id(user.id)
+ ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/unfollow")
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/unfollow")
+ assert %{"id" => _id, "following" => false} = json_response(ret_conn, 200)
- assert %{"id" => _id, "following" => false} = json_response(conn, 200)
-
- user = User.get_cached_by_id(user.id)
-
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/follows", %{"uri" => other_user.nickname})
+ conn = post(conn, "/api/v1/follows", %{"uri" => other_user.nickname})
assert %{"id" => id} = json_response(conn, 200)
assert id == to_string(other_user.id)
end
test "following without reblogs" do
- follower = insert(:user)
+ %{conn: conn} = oauth_access(["follow", "read:statuses"])
followed = insert(:user)
other_user = insert(:user)
- conn =
- build_conn()
- |> assign(:user, follower)
- |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=false")
+ ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=false")
- assert %{"showing_reblogs" => false} = json_response(conn, 200)
+ assert %{"showing_reblogs" => false} = json_response(ret_conn, 200)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
{:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
- conn =
- build_conn()
- |> assign(:user, User.get_cached_by_id(follower.id))
- |> get("/api/v1/timelines/home")
+ ret_conn = get(conn, "/api/v1/timelines/home")
- assert [] == json_response(conn, 200)
+ assert [] == json_response(ret_conn, 200)
- conn =
- build_conn()
- |> assign(:user, User.get_cached_by_id(follower.id))
- |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=true")
+ ret_conn = post(conn, "/api/v1/accounts/#{followed.id}/follow?reblogs=true")
- assert %{"showing_reblogs" => true} = json_response(conn, 200)
+ assert %{"showing_reblogs" => true} = json_response(ret_conn, 200)
- conn =
- build_conn()
- |> assign(:user, User.get_cached_by_id(follower.id))
- |> get("/api/v1/timelines/home")
+ conn = get(conn, "/api/v1/timelines/home")
expected_activity_id = reblog.id
assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
end
- test "following / unfollowing errors" do
- user = insert(:user)
-
- conn =
- build_conn()
- |> assign(:user, user)
-
+ test "following / unfollowing errors", %{user: user, conn: conn} do
# self follow
conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
assert %{"error" => "Record not found"} = json_response(conn_res, 404)
@@ -588,47 +513,34 @@ test "following / unfollowing errors" do
end
describe "mute/unmute" do
+ setup do: oauth_access(["write:mutes"])
+
test "with notifications", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/mute")
+ ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/mute")
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
- user = User.get_cached_by_id(user.id)
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/unmute")
+ conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
response = json_response(conn, 200)
assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
end
test "without notifications", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
+ ret_conn =
+ post(conn, "/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
- response = json_response(conn, 200)
+ response = json_response(ret_conn, 200)
assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
- user = User.get_cached_by_id(user.id)
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/unmute")
+ conn = post(conn, "/api/v1/accounts/#{other_user.id}/unmute")
response = json_response(conn, 200)
assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
@@ -639,8 +551,9 @@ test "without notifications", %{conn: conn} do
setup do
user = insert(:user)
{:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+ %{conn: conn} = oauth_access(["read:statuses"], user: user)
- [user: user, activity: activity]
+ [conn: conn, user: user, activity: activity]
end
test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
@@ -648,7 +561,6 @@ test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
result =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
|> json_response(200)
@@ -658,23 +570,15 @@ test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
end
end
- test "blocking / unblocking a user", %{conn: conn} do
- user = insert(:user)
+ test "blocking / unblocking a user" do
+ %{conn: conn} = oauth_access(["follow"])
other_user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/block")
+ ret_conn = post(conn, "/api/v1/accounts/#{other_user.id}/block")
- assert %{"id" => _id, "blocking" => true} = json_response(conn, 200)
+ assert %{"id" => _id, "blocking" => true} = json_response(ret_conn, 200)
- user = User.get_cached_by_id(user.id)
-
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/accounts/#{other_user.id}/unblock")
+ conn = post(conn, "/api/v1/accounts/#{other_user.id}/unblock")
assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
end
@@ -693,8 +597,7 @@ test "blocking / unblocking a user", %{conn: conn} do
test "Account registration via Application", %{conn: conn} do
conn =
- conn
- |> post("/api/v1/apps", %{
+ post(conn, "/api/v1/apps", %{
client_name: "client_name",
redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
scopes: "read, write, follow"
@@ -711,8 +614,7 @@ test "Account registration via Application", %{conn: conn} do
} = json_response(conn, 200)
conn =
- conn
- |> post("/oauth/token", %{
+ post(conn, "/oauth/token", %{
grant_type: "client_credentials",
client_id: client_id,
client_secret: client_secret
@@ -769,13 +671,13 @@ test "rate limit", %{conn: conn} do
app_token = insert(:oauth_token, user: nil)
conn =
- put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+ conn
+ |> put_req_header("authorization", "Bearer " <> app_token.token)
|> Map.put(:remote_ip, {15, 15, 15, 15})
for i <- 1..5 do
conn =
- conn
- |> post("/api/v1/accounts", %{
+ post(conn, "/api/v1/accounts", %{
username: "#{i}lain",
email: "#{i}lain@example.org",
password: "PlzDontHackLain",
@@ -798,8 +700,7 @@ test "rate limit", %{conn: conn} do
end
conn =
- conn
- |> post("/api/v1/accounts", %{
+ post(conn, "/api/v1/accounts", %{
username: "6lain",
email: "6lain@example.org",
password: "PlzDontHackLain",
@@ -815,9 +716,7 @@ test "returns bad_request if missing required params", %{
} do
app_token = insert(:oauth_token, user: nil)
- conn =
- conn
- |> put_req_header("authorization", "Bearer " <> app_token.token)
+ conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
res = post(conn, "/api/v1/accounts", valid_params)
assert json_response(res, 200)
@@ -836,9 +735,7 @@ test "returns bad_request if missing required params", %{
end
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
- conn =
- conn
- |> put_req_header("authorization", "Bearer " <> "invalid-token")
+ conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
res = post(conn, "/api/v1/accounts", valid_params)
assert json_response(res, 403) == %{"error" => "Invalid credentials"}
@@ -846,15 +743,14 @@ test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_
end
describe "GET /api/v1/accounts/:id/lists - account_lists" do
- test "returns lists to which the account belongs", %{conn: conn} do
- user = insert(:user)
+ test "returns lists to which the account belongs" do
+ %{user: user, conn: conn} = oauth_access(["read:lists"])
other_user = insert(:user)
assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
{:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
res =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/#{other_user.id}/lists")
|> json_response(200)
@@ -863,13 +759,9 @@ test "returns lists to which the account belongs", %{conn: conn} do
end
describe "verify_credentials" do
- test "verify_credentials", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/accounts/verify_credentials")
+ test "verify_credentials" do
+ %{user: user, conn: conn} = oauth_access(["read:accounts"])
+ conn = get(conn, "/api/v1/accounts/verify_credentials")
response = json_response(conn, 200)
@@ -878,25 +770,21 @@ test "verify_credentials", %{conn: conn} do
assert id == to_string(user.id)
end
- test "verify_credentials default scope unlisted", %{conn: conn} do
+ test "verify_credentials default scope unlisted" do
user = insert(:user, default_scope: "unlisted")
+ %{conn: conn} = oauth_access(["read:accounts"], user: user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/accounts/verify_credentials")
+ conn = get(conn, "/api/v1/accounts/verify_credentials")
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
assert id == to_string(user.id)
end
- test "locked accounts", %{conn: conn} do
+ test "locked accounts" do
user = insert(:user, default_scope: "private")
+ %{conn: conn} = oauth_access(["read:accounts"], user: user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/accounts/verify_credentials")
+ conn = get(conn, "/api/v1/accounts/verify_credentials")
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
assert id == to_string(user.id)
@@ -904,15 +792,13 @@ test "locked accounts", %{conn: conn} do
end
describe "user relationships" do
- test "returns the relationships for the current user", %{conn: conn} do
- user = insert(:user)
- other_user = insert(:user)
- {:ok, user} = User.follow(user, other_user)
+ setup do: oauth_access(["read:follows"])
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
+ test "returns the relationships for the current user", %{user: user, conn: conn} do
+ other_user = insert(:user)
+ {:ok, _user} = User.follow(user, other_user)
+
+ conn = get(conn, "/api/v1/accounts/relationships", %{"id" => [other_user.id]})
assert [relationship] = json_response(conn, 200)
@@ -920,34 +806,26 @@ test "returns the relationships for the current user", %{conn: conn} do
end
test "returns an empty list on a bad request", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/accounts/relationships", %{})
+ conn = get(conn, "/api/v1/accounts/relationships", %{})
assert [] = json_response(conn, 200)
end
end
- test "getting a list of mutes", %{conn: conn} do
- user = insert(:user)
+ test "getting a list of mutes" do
+ %{user: user, conn: conn} = oauth_access(["read:mutes"])
other_user = insert(:user)
{:ok, _user_relationships} = User.mute(user, other_user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/mutes")
+ conn = get(conn, "/api/v1/mutes")
other_user_id = to_string(other_user.id)
assert [%{"id" => ^other_user_id}] = json_response(conn, 200)
end
- test "getting a list of blocks", %{conn: conn} do
- user = insert(:user)
+ test "getting a list of blocks" do
+ %{user: user, conn: conn} = oauth_access(["read:blocks"])
other_user = insert(:user)
{:ok, _user_relationship} = User.block(user, other_user)
diff --git a/test/web/mastodon_api/controllers/conversation_controller_test.exs b/test/web/mastodon_api/controllers/conversation_controller_test.exs
index 2a1223b18..4bb9781a6 100644
--- a/test/web/mastodon_api/controllers/conversation_controller_test.exs
+++ b/test/web/mastodon_api/controllers/conversation_controller_test.exs
@@ -10,8 +10,9 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
import Pleroma.Factory
- test "returns a list of conversations", %{conn: conn} do
- user_one = insert(:user)
+ setup do: oauth_access(["read:statuses"])
+
+ test "returns a list of conversations", %{user: user_one, conn: conn} do
user_two = insert(:user)
user_three = insert(:user)
@@ -33,10 +34,7 @@ test "returns a list of conversations", %{conn: conn} do
"visibility" => "private"
})
- res_conn =
- conn
- |> assign(:user, user_one)
- |> get("/api/v1/conversations")
+ res_conn = get(conn, "/api/v1/conversations")
assert response = json_response(res_conn, 200)
@@ -59,8 +57,7 @@ test "returns a list of conversations", %{conn: conn} do
assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
end
- test "filters conversations by recipients", %{conn: conn} do
- user_one = insert(:user)
+ test "filters conversations by recipients", %{user: user_one, conn: conn} do
user_two = insert(:user)
user_three = insert(:user)
@@ -96,7 +93,6 @@ test "filters conversations by recipients", %{conn: conn} do
[conversation1, conversation2] =
conn
- |> assign(:user, user_one)
|> get("/api/v1/conversations", %{"recipients" => [user_two.id]})
|> json_response(200)
@@ -105,15 +101,13 @@ test "filters conversations by recipients", %{conn: conn} do
[conversation1] =
conn
- |> assign(:user, user_one)
|> get("/api/v1/conversations", %{"recipients" => [user_two.id, user_three.id]})
|> json_response(200)
assert conversation1["last_status"]["id"] == direct3.id
end
- test "updates the last_status on reply", %{conn: conn} do
- user_one = insert(:user)
+ test "updates the last_status on reply", %{user: user_one, conn: conn} do
user_two = insert(:user)
{:ok, direct} =
@@ -131,15 +125,13 @@ test "updates the last_status on reply", %{conn: conn} do
[%{"last_status" => res_last_status}] =
conn
- |> assign(:user, user_one)
|> get("/api/v1/conversations")
|> json_response(200)
assert res_last_status["id"] == direct_reply.id
end
- test "the user marks a conversation as read", %{conn: conn} do
- user_one = insert(:user)
+ test "the user marks a conversation as read", %{user: user_one, conn: conn} do
user_two = insert(:user)
{:ok, direct} =
@@ -151,15 +143,21 @@ test "the user marks a conversation as read", %{conn: conn} do
assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1
- [%{"id" => direct_conversation_id, "unread" => true}] =
- conn
+ user_two_conn =
+ build_conn()
|> assign(:user, user_two)
+ |> assign(
+ :token,
+ insert(:oauth_token, user: user_two, scopes: ["read:statuses", "write:conversations"])
+ )
+
+ [%{"id" => direct_conversation_id, "unread" => true}] =
+ user_two_conn
|> get("/api/v1/conversations")
|> json_response(200)
%{"unread" => false} =
- conn
- |> assign(:user, user_two)
+ user_two_conn
|> post("/api/v1/conversations/#{direct_conversation_id}/read")
|> json_response(200)
@@ -176,7 +174,6 @@ test "the user marks a conversation as read", %{conn: conn} do
[%{"unread" => true}] =
conn
- |> assign(:user, user_one)
|> get("/api/v1/conversations")
|> json_response(200)
@@ -195,8 +192,7 @@ test "the user marks a conversation as read", %{conn: conn} do
assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
end
- test "(vanilla) Mastodon frontend behaviour", %{conn: conn} do
- user_one = insert(:user)
+ test "(vanilla) Mastodon frontend behaviour", %{user: user_one, conn: conn} do
user_two = insert(:user)
{:ok, direct} =
@@ -205,10 +201,7 @@ test "(vanilla) Mastodon frontend behaviour", %{conn: conn} do
"visibility" => "direct"
})
- res_conn =
- conn
- |> assign(:user, user_one)
- |> get("/api/v1/statuses/#{direct.id}/context")
+ res_conn = get(conn, "/api/v1/statuses/#{direct.id}/context")
assert %{"ancestors" => [], "descendants" => []} == json_response(res_conn, 200)
end
diff --git a/test/web/mastodon_api/controllers/domain_block_controller_test.exs b/test/web/mastodon_api/controllers/domain_block_controller_test.exs
index 25a279cdc..55de625ba 100644
--- a/test/web/mastodon_api/controllers/domain_block_controller_test.exs
+++ b/test/web/mastodon_api/controllers/domain_block_controller_test.exs
@@ -9,31 +9,25 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
import Pleroma.Factory
- test "blocking / unblocking a domain", %{conn: conn} do
- user = insert(:user)
+ test "blocking / unblocking a domain" do
+ %{user: user, conn: conn} = oauth_access(["write:blocks"])
other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+ ret_conn = post(conn, "/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
- assert %{} = json_response(conn, 200)
+ assert %{} = json_response(ret_conn, 200)
user = User.get_cached_by_ap_id(user.ap_id)
assert User.blocks?(user, other_user)
- conn =
- build_conn()
- |> assign(:user, user)
- |> delete("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+ ret_conn = delete(conn, "/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
- assert %{} = json_response(conn, 200)
+ assert %{} = json_response(ret_conn, 200)
user = User.get_cached_by_ap_id(user.ap_id)
refute User.blocks?(user, other_user)
end
- test "getting a list of domain blocks", %{conn: conn} do
- user = insert(:user)
+ test "getting a list of domain blocks" do
+ %{user: user, conn: conn} = oauth_access(["read:blocks"])
{:ok, user} = User.block_domain(user, "bad.site")
{:ok, user} = User.block_domain(user, "even.worse.site")
diff --git a/test/web/mastodon_api/controllers/filter_controller_test.exs b/test/web/mastodon_api/controllers/filter_controller_test.exs
index 550689788..3aea17ec7 100644
--- a/test/web/mastodon_api/controllers/filter_controller_test.exs
+++ b/test/web/mastodon_api/controllers/filter_controller_test.exs
@@ -7,20 +7,15 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
alias Pleroma.Web.MastodonAPI.FilterView
- import Pleroma.Factory
-
- test "creating a filter", %{conn: conn} do
- user = insert(:user)
+ test "creating a filter" do
+ %{conn: conn} = oauth_access(["write:filters"])
filter = %Pleroma.Filter{
phrase: "knights",
context: ["home"]
}
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
+ conn = post(conn, "/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
assert response = json_response(conn, 200)
assert response["phrase"] == filter.phrase
@@ -30,8 +25,8 @@ test "creating a filter", %{conn: conn} do
assert response["id"] != ""
end
- test "fetching a list of filters", %{conn: conn} do
- user = insert(:user)
+ test "fetching a list of filters" do
+ %{user: user, conn: conn} = oauth_access(["read:filters"])
query_one = %Pleroma.Filter{
user_id: user.id,
@@ -52,7 +47,6 @@ test "fetching a list of filters", %{conn: conn} do
response =
conn
- |> assign(:user, user)
|> get("/api/v1/filters")
|> json_response(200)
@@ -64,8 +58,8 @@ test "fetching a list of filters", %{conn: conn} do
)
end
- test "get a filter", %{conn: conn} do
- user = insert(:user)
+ test "get a filter" do
+ %{user: user, conn: conn} = oauth_access(["read:filters"])
query = %Pleroma.Filter{
user_id: user.id,
@@ -76,16 +70,13 @@ test "get a filter", %{conn: conn} do
{:ok, filter} = Pleroma.Filter.create(query)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/filters/#{filter.filter_id}")
+ conn = get(conn, "/api/v1/filters/#{filter.filter_id}")
assert _response = json_response(conn, 200)
end
- test "update a filter", %{conn: conn} do
- user = insert(:user)
+ test "update a filter" do
+ %{user: user, conn: conn} = oauth_access(["write:filters"])
query = %Pleroma.Filter{
user_id: user.id,
@@ -102,9 +93,7 @@ test "update a filter", %{conn: conn} do
}
conn =
- conn
- |> assign(:user, user)
- |> put("/api/v1/filters/#{query.filter_id}", %{
+ put(conn, "/api/v1/filters/#{query.filter_id}", %{
phrase: new.phrase,
context: new.context
})
@@ -114,8 +103,8 @@ test "update a filter", %{conn: conn} do
assert response["context"] == new.context
end
- test "delete a filter", %{conn: conn} do
- user = insert(:user)
+ test "delete a filter" do
+ %{user: user, conn: conn} = oauth_access(["write:filters"])
query = %Pleroma.Filter{
user_id: user.id,
@@ -126,10 +115,7 @@ test "delete a filter", %{conn: conn} do
{:ok, filter} = Pleroma.Filter.create(query)
- conn =
- conn
- |> assign(:user, user)
- |> delete("/api/v1/filters/#{filter.filter_id}")
+ conn = delete(conn, "/api/v1/filters/#{filter.filter_id}")
assert response = json_response(conn, 200)
assert response == %{}
diff --git a/test/web/mastodon_api/controllers/follow_request_controller_test.exs b/test/web/mastodon_api/controllers/follow_request_controller_test.exs
index 288cd9029..6e4a76501 100644
--- a/test/web/mastodon_api/controllers/follow_request_controller_test.exs
+++ b/test/web/mastodon_api/controllers/follow_request_controller_test.exs
@@ -11,8 +11,13 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do
import Pleroma.Factory
describe "locked accounts" do
- test "/api/v1/follow_requests works" do
+ setup do
user = insert(:user, locked: true)
+ %{conn: conn} = oauth_access(["follow"], user: user)
+ %{user: user, conn: conn}
+ end
+
+ test "/api/v1/follow_requests works", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, _activity} = ActivityPub.follow(other_user, user)
@@ -20,17 +25,13 @@ test "/api/v1/follow_requests works" do
assert User.following?(other_user, user) == false
- conn =
- build_conn()
- |> assign(:user, user)
- |> get("/api/v1/follow_requests")
+ conn = get(conn, "/api/v1/follow_requests")
assert [relationship] = json_response(conn, 200)
assert to_string(other_user.id) == relationship["id"]
end
- test "/api/v1/follow_requests/:id/authorize works" do
- user = insert(:user, locked: true)
+ test "/api/v1/follow_requests/:id/authorize works", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, _activity} = ActivityPub.follow(other_user, user)
@@ -41,10 +42,7 @@ test "/api/v1/follow_requests/:id/authorize works" do
assert User.following?(other_user, user) == false
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/follow_requests/#{other_user.id}/authorize")
+ conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/authorize")
assert relationship = json_response(conn, 200)
assert to_string(other_user.id) == relationship["id"]
@@ -55,18 +53,14 @@ test "/api/v1/follow_requests/:id/authorize works" do
assert User.following?(other_user, user) == true
end
- test "/api/v1/follow_requests/:id/reject works" do
- user = insert(:user, locked: true)
+ test "/api/v1/follow_requests/:id/reject works", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, _activity} = ActivityPub.follow(other_user, user)
user = User.get_cached_by_id(user.id)
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/follow_requests/#{other_user.id}/reject")
+ conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/reject")
assert relationship = json_response(conn, 200)
assert to_string(other_user.id) == relationship["id"]
diff --git a/test/web/mastodon_api/controllers/list_controller_test.exs b/test/web/mastodon_api/controllers/list_controller_test.exs
index 093506309..a6effbb69 100644
--- a/test/web/mastodon_api/controllers/list_controller_test.exs
+++ b/test/web/mastodon_api/controllers/list_controller_test.exs
@@ -9,44 +9,35 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
import Pleroma.Factory
- test "creating a list", %{conn: conn} do
- user = insert(:user)
+ test "creating a list" do
+ %{conn: conn} = oauth_access(["write:lists"])
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/lists", %{"title" => "cuties"})
+ conn = post(conn, "/api/v1/lists", %{"title" => "cuties"})
assert %{"title" => title} = json_response(conn, 200)
assert title == "cuties"
end
- test "renders error for invalid params", %{conn: conn} do
- user = insert(:user)
+ test "renders error for invalid params" do
+ %{conn: conn} = oauth_access(["write:lists"])
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/lists", %{"title" => nil})
+ conn = post(conn, "/api/v1/lists", %{"title" => nil})
assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
end
- test "listing a user's lists", %{conn: conn} do
- user = insert(:user)
+ test "listing a user's lists" do
+ %{conn: conn} = oauth_access(["read:lists", "write:lists"])
conn
- |> assign(:user, user)
|> post("/api/v1/lists", %{"title" => "cuties"})
+ |> json_response(:ok)
conn
- |> assign(:user, user)
|> post("/api/v1/lists", %{"title" => "cofe"})
+ |> json_response(:ok)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/lists")
+ conn = get(conn, "/api/v1/lists")
assert [
%{"id" => _, "title" => "cofe"},
@@ -54,41 +45,35 @@ test "listing a user's lists", %{conn: conn} do
] = json_response(conn, :ok)
end
- test "adding users to a list", %{conn: conn} do
- user = insert(:user)
+ test "adding users to a list" do
+ %{user: user, conn: conn} = oauth_access(["write:lists"])
other_user = insert(:user)
{:ok, list} = Pleroma.List.create("name", user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+ conn = post(conn, "/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
assert %{} == json_response(conn, 200)
%Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
assert following == [other_user.follower_address]
end
- test "removing users from a list", %{conn: conn} do
- user = insert(:user)
+ test "removing users from a list" do
+ %{user: user, conn: conn} = oauth_access(["write:lists"])
other_user = insert(:user)
third_user = insert(:user)
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
{:ok, list} = Pleroma.List.follow(list, third_user)
- conn =
- conn
- |> assign(:user, user)
- |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+ conn = delete(conn, "/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
assert %{} == json_response(conn, 200)
%Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
assert following == [third_user.follower_address]
end
- test "listing users in a list", %{conn: conn} do
- user = insert(:user)
+ test "listing users in a list" do
+ %{user: user, conn: conn} = oauth_access(["read:lists"])
other_user = insert(:user)
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
@@ -102,8 +87,8 @@ test "listing users in a list", %{conn: conn} do
assert id == to_string(other_user.id)
end
- test "retrieving a list", %{conn: conn} do
- user = insert(:user)
+ test "retrieving a list" do
+ %{user: user, conn: conn} = oauth_access(["read:lists"])
{:ok, list} = Pleroma.List.create("name", user)
conn =
@@ -115,32 +100,26 @@ test "retrieving a list", %{conn: conn} do
assert id == to_string(list.id)
end
- test "renders 404 if list is not found", %{conn: conn} do
- user = insert(:user)
+ test "renders 404 if list is not found" do
+ %{conn: conn} = oauth_access(["read:lists"])
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/lists/666")
+ conn = get(conn, "/api/v1/lists/666")
assert %{"error" => "List not found"} = json_response(conn, :not_found)
end
- test "renaming a list", %{conn: conn} do
- user = insert(:user)
+ test "renaming a list" do
+ %{user: user, conn: conn} = oauth_access(["write:lists"])
{:ok, list} = Pleroma.List.create("name", user)
- conn =
- conn
- |> assign(:user, user)
- |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"})
+ conn = put(conn, "/api/v1/lists/#{list.id}", %{"title" => "newname"})
assert %{"title" => name} = json_response(conn, 200)
assert name == "newname"
end
- test "validates title when renaming a list", %{conn: conn} do
- user = insert(:user)
+ test "validates title when renaming a list" do
+ %{user: user, conn: conn} = oauth_access(["write:lists"])
{:ok, list} = Pleroma.List.create("name", user)
conn =
@@ -151,14 +130,11 @@ test "validates title when renaming a list", %{conn: conn} do
assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
end
- test "deleting a list", %{conn: conn} do
- user = insert(:user)
+ test "deleting a list" do
+ %{user: user, conn: conn} = oauth_access(["write:lists"])
{:ok, list} = Pleroma.List.create("name", user)
- conn =
- conn
- |> assign(:user, user)
- |> delete("/api/v1/lists/#{list.id}")
+ conn = delete(conn, "/api/v1/lists/#{list.id}")
assert %{} = json_response(conn, 200)
assert is_nil(Repo.get(Pleroma.List, list.id))
diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs
index 06c6a1cb3..042511ca4 100644
--- a/test/web/mastodon_api/controllers/media_controller_test.exs
+++ b/test/web/mastodon_api/controllers/media_controller_test.exs
@@ -9,23 +9,17 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
- import Pleroma.Factory
+ setup do: oauth_access(["write:media"])
describe "media upload" do
setup do
- user = insert(:user)
-
- conn =
- build_conn()
- |> assign(:user, user)
-
image = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
- [conn: conn, image: image]
+ [image: image]
end
clear_config([:media_proxy])
@@ -49,9 +43,7 @@ test "returns uploaded image", %{conn: conn, image: image} do
end
describe "PUT /api/v1/media/:id" do
- setup do
- actor = insert(:user)
-
+ setup %{user: actor} do
file = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
@@ -65,13 +57,12 @@ test "returns uploaded image", %{conn: conn, image: image} do
description: "test-m"
)
- [actor: actor, object: object]
+ [object: object]
end
- test "updates name of media", %{conn: conn, actor: actor, object: object} do
+ test "updates name of media", %{conn: conn, object: object} do
media =
conn
- |> assign(:user, actor)
|> put("/api/v1/media/#{object.id}", %{"description" => "test-media"})
|> json_response(:ok)
@@ -79,10 +70,9 @@ test "updates name of media", %{conn: conn, actor: actor, object: object} do
assert refresh_record(object).data["name"] == "test-media"
end
- test "returns error wheb request is bad", %{conn: conn, actor: actor, object: object} do
+ test "returns error when request is bad", %{conn: conn, object: object} do
media =
conn
- |> assign(:user, actor)
|> put("/api/v1/media/#{object.id}", %{})
|> json_response(400)
diff --git a/test/web/mastodon_api/controllers/notification_controller_test.exs b/test/web/mastodon_api/controllers/notification_controller_test.exs
index 6635ea7a2..86303f92f 100644
--- a/test/web/mastodon_api/controllers/notification_controller_test.exs
+++ b/test/web/mastodon_api/controllers/notification_controller_test.exs
@@ -12,8 +12,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
import Pleroma.Factory
- test "list of notifications", %{conn: conn} do
- user = insert(:user)
+ test "list of notifications" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
@@ -34,18 +34,15 @@ test "list of notifications", %{conn: conn} do
assert response == expected_response
end
- test "getting a single notification", %{conn: conn} do
- user = insert(:user)
+ test "getting a single notification" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
{:ok, [notification]} = Notification.create_notifications(activity)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/notifications/#{notification.id}")
+ conn = get(conn, "/api/v1/notifications/#{notification.id}")
expected_response =
"hi "hi @#{user.nickname}"})
@@ -72,32 +69,26 @@ test "dismissing a single notification", %{conn: conn} do
assert %{} = json_response(conn, 200)
end
- test "clearing all notifications", %{conn: conn} do
- user = insert(:user)
+ test "clearing all notifications" do
+ %{user: user, conn: conn} = oauth_access(["write:notifications", "read:notifications"])
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
{:ok, [_notification]} = Notification.create_notifications(activity)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/notifications/clear")
+ ret_conn = post(conn, "/api/v1/notifications/clear")
- assert %{} = json_response(conn, 200)
+ assert %{} = json_response(ret_conn, 200)
- conn =
- build_conn()
- |> assign(:user, user)
- |> get("/api/v1/notifications")
+ ret_conn = get(conn, "/api/v1/notifications")
- assert all = json_response(conn, 200)
+ assert all = json_response(ret_conn, 200)
assert all == []
end
- test "paginates notifications using min_id, since_id, max_id, and limit", %{conn: conn} do
- user = insert(:user)
+ test "paginates notifications using min_id, since_id, max_id, and limit" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
other_user = insert(:user)
{:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
@@ -138,8 +129,8 @@ test "paginates notifications using min_id, since_id, max_id, and limit", %{conn
end
describe "exclude_visibilities" do
- test "filters notifications for mentions", %{conn: conn} do
- user = insert(:user)
+ test "filters notifications for mentions" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
other_user = insert(:user)
{:ok, public_activity} =
@@ -154,8 +145,6 @@ test "filters notifications for mentions", %{conn: conn} do
{:ok, private_activity} =
CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "private"})
- conn = assign(conn, :user, user)
-
conn_res =
get(conn, "/api/v1/notifications", %{
exclude_visibilities: ["public", "unlisted", "private"]
@@ -189,9 +178,9 @@ test "filters notifications for mentions", %{conn: conn} do
assert id == public_activity.id
end
- test "filters notifications for Like activities", %{conn: conn} do
+ test "filters notifications for Like activities" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["read:notifications"])
{:ok, public_activity} =
CommonAPI.post(other_user, %{"status" => ".", "visibility" => "public"})
@@ -212,7 +201,6 @@ test "filters notifications for Like activities", %{conn: conn} do
activity_ids =
conn
- |> assign(:user, other_user)
|> get("/api/v1/notifications", %{exclude_visibilities: ["direct"]})
|> json_response(200)
|> Enum.map(& &1["status"]["id"])
@@ -224,7 +212,6 @@ test "filters notifications for Like activities", %{conn: conn} do
activity_ids =
conn
- |> assign(:user, other_user)
|> get("/api/v1/notifications", %{exclude_visibilities: ["unlisted"]})
|> json_response(200)
|> Enum.map(& &1["status"]["id"])
@@ -236,7 +223,6 @@ test "filters notifications for Like activities", %{conn: conn} do
activity_ids =
conn
- |> assign(:user, other_user)
|> get("/api/v1/notifications", %{exclude_visibilities: ["private"]})
|> json_response(200)
|> Enum.map(& &1["status"]["id"])
@@ -248,7 +234,6 @@ test "filters notifications for Like activities", %{conn: conn} do
activity_ids =
conn
- |> assign(:user, other_user)
|> get("/api/v1/notifications", %{exclude_visibilities: ["public"]})
|> json_response(200)
|> Enum.map(& &1["status"]["id"])
@@ -259,9 +244,9 @@ test "filters notifications for Like activities", %{conn: conn} do
assert direct_activity.id in activity_ids
end
- test "filters notifications for Announce activities", %{conn: conn} do
+ test "filters notifications for Announce activities" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["read:notifications"])
{:ok, public_activity} =
CommonAPI.post(other_user, %{"status" => ".", "visibility" => "public"})
@@ -274,7 +259,6 @@ test "filters notifications for Announce activities", %{conn: conn} do
activity_ids =
conn
- |> assign(:user, other_user)
|> get("/api/v1/notifications", %{exclude_visibilities: ["unlisted"]})
|> json_response(200)
|> Enum.map(& &1["status"]["id"])
@@ -284,8 +268,8 @@ test "filters notifications for Announce activities", %{conn: conn} do
end
end
- test "filters notifications using exclude_types", %{conn: conn} do
- user = insert(:user)
+ test "filters notifications using exclude_types" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
other_user = insert(:user)
{:ok, mention_activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
@@ -299,8 +283,6 @@ test "filters notifications using exclude_types", %{conn: conn} do
reblog_notification_id = get_notification_id_by_activity(reblog_activity)
follow_notification_id = get_notification_id_by_activity(follow_activity)
- conn = assign(conn, :user, user)
-
conn_res =
get(conn, "/api/v1/notifications", %{exclude_types: ["mention", "favourite", "reblog"]})
@@ -322,8 +304,8 @@ test "filters notifications using exclude_types", %{conn: conn} do
assert [%{"id" => ^reblog_notification_id}] = json_response(conn_res, 200)
end
- test "destroy multiple", %{conn: conn} do
- user = insert(:user)
+ test "destroy multiple" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications", "write:notifications"])
other_user = insert(:user)
{:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
@@ -336,8 +318,6 @@ test "destroy multiple", %{conn: conn} do
notification3_id = get_notification_id_by_activity(activity3)
notification4_id = get_notification_id_by_activity(activity4)
- conn = assign(conn, :user, user)
-
result =
conn
|> get("/api/v1/notifications")
@@ -348,6 +328,7 @@ test "destroy multiple", %{conn: conn} do
conn2 =
conn
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:notifications"]))
result =
conn2
@@ -372,97 +353,110 @@ test "destroy multiple", %{conn: conn} do
assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
end
- test "doesn't see notifications after muting user with notifications", %{conn: conn} do
- user = insert(:user)
+ test "doesn't see notifications after muting user with notifications" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
user2 = insert(:user)
{:ok, _, _, _} = CommonAPI.follow(user, user2)
{:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
- conn = assign(conn, :user, user)
+ ret_conn = get(conn, "/api/v1/notifications")
- conn = get(conn, "/api/v1/notifications")
-
- assert length(json_response(conn, 200)) == 1
+ assert length(json_response(ret_conn, 200)) == 1
{:ok, _user_relationships} = User.mute(user, user2)
- conn = assign(build_conn(), :user, user)
conn = get(conn, "/api/v1/notifications")
assert json_response(conn, 200) == []
end
- test "see notifications after muting user without notifications", %{conn: conn} do
- user = insert(:user)
+ test "see notifications after muting user without notifications" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
user2 = insert(:user)
{:ok, _, _, _} = CommonAPI.follow(user, user2)
{:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
- conn = assign(conn, :user, user)
+ ret_conn = get(conn, "/api/v1/notifications")
- conn = get(conn, "/api/v1/notifications")
-
- assert length(json_response(conn, 200)) == 1
+ assert length(json_response(ret_conn, 200)) == 1
{:ok, _user_relationships} = User.mute(user, user2, false)
- conn = assign(build_conn(), :user, user)
conn = get(conn, "/api/v1/notifications")
assert length(json_response(conn, 200)) == 1
end
- test "see notifications after muting user with notifications and with_muted parameter", %{
- conn: conn
- } do
- user = insert(:user)
+ test "see notifications after muting user with notifications and with_muted parameter" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
user2 = insert(:user)
{:ok, _, _, _} = CommonAPI.follow(user, user2)
{:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
- conn = assign(conn, :user, user)
+ ret_conn = get(conn, "/api/v1/notifications")
- conn = get(conn, "/api/v1/notifications")
-
- assert length(json_response(conn, 200)) == 1
+ assert length(json_response(ret_conn, 200)) == 1
{:ok, _user_relationships} = User.mute(user, user2)
- conn = assign(build_conn(), :user, user)
conn = get(conn, "/api/v1/notifications", %{"with_muted" => "true"})
assert length(json_response(conn, 200)) == 1
end
- test "see move notifications with `with_move` parameter", %{
- conn: conn
- } do
+ test "see move notifications with `with_move` parameter" do
old_user = insert(:user)
new_user = insert(:user, also_known_as: [old_user.ap_id])
- follower = insert(:user)
+ %{user: follower, conn: conn} = oauth_access(["read:notifications"])
User.follow(follower, old_user)
Pleroma.Web.ActivityPub.ActivityPub.move(old_user, new_user)
Pleroma.Tests.ObanHelpers.perform_all()
- conn =
- conn
- |> assign(:user, follower)
- |> get("/api/v1/notifications")
+ ret_conn = get(conn, "/api/v1/notifications")
- assert json_response(conn, 200) == []
+ assert json_response(ret_conn, 200) == []
- conn =
- build_conn()
- |> assign(:user, follower)
- |> get("/api/v1/notifications", %{"with_move" => "true"})
+ conn = get(conn, "/api/v1/notifications", %{"with_move" => "true"})
assert length(json_response(conn, 200)) == 1
end
+ describe "link headers" do
+ test "preserves parameters in link headers" do
+ %{user: user, conn: conn} = oauth_access(["read:notifications"])
+ other_user = insert(:user)
+
+ {:ok, activity1} =
+ CommonAPI.post(other_user, %{
+ "status" => "hi @#{user.nickname}",
+ "visibility" => "public"
+ })
+
+ {:ok, activity2} =
+ CommonAPI.post(other_user, %{
+ "status" => "hi @#{user.nickname}",
+ "visibility" => "public"
+ })
+
+ notification1 = Repo.get_by(Notification, activity_id: activity1.id)
+ notification2 = Repo.get_by(Notification, activity_id: activity2.id)
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/v1/notifications", %{media_only: true})
+
+ assert [link_header] = get_resp_header(conn, "link")
+ assert link_header =~ ~r/media_only=true/
+ assert link_header =~ ~r/min_id=#{notification2.id}/
+ assert link_header =~ ~r/max_id=#{notification1.id}/
+ end
+ end
+
defp get_notification_id_by_activity(%{id: id}) do
Notification
|> Repo.get_by(activity_id: id)
diff --git a/test/web/mastodon_api/controllers/poll_controller_test.exs b/test/web/mastodon_api/controllers/poll_controller_test.exs
index 40cf3e879..5a1cea11b 100644
--- a/test/web/mastodon_api/controllers/poll_controller_test.exs
+++ b/test/web/mastodon_api/controllers/poll_controller_test.exs
@@ -11,9 +11,9 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
import Pleroma.Factory
describe "GET /api/v1/polls/:id" do
- test "returns poll entity for object id", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["read:statuses"])
+ test "returns poll entity for object id", %{user: user, conn: conn} do
{:ok, activity} =
CommonAPI.post(user, %{
"status" => "Pleroma does",
@@ -22,10 +22,7 @@ test "returns poll entity for object id", %{conn: conn} do
object = Object.normalize(activity)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/polls/#{object.id}")
+ conn = get(conn, "/api/v1/polls/#{object.id}")
response = json_response(conn, 200)
id = to_string(object.id)
@@ -33,11 +30,10 @@ test "returns poll entity for object id", %{conn: conn} do
end
test "does not expose polls for private statuses", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
{:ok, activity} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "Pleroma does",
"poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20},
"visibility" => "private"
@@ -45,22 +41,20 @@ test "does not expose polls for private statuses", %{conn: conn} do
object = Object.normalize(activity)
- conn =
- conn
- |> assign(:user, other_user)
- |> get("/api/v1/polls/#{object.id}")
+ conn = get(conn, "/api/v1/polls/#{object.id}")
assert json_response(conn, 404)
end
end
describe "POST /api/v1/polls/:id/votes" do
+ setup do: oauth_access(["write:statuses"])
+
test "votes are added to the poll", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
{:ok, activity} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "A very delicious sandwich",
"poll" => %{
"options" => ["Lettuce", "Grilled Bacon", "Tomato"],
@@ -71,10 +65,7 @@ test "votes are added to the poll", %{conn: conn} do
object = Object.normalize(activity)
- conn =
- conn
- |> assign(:user, other_user)
- |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})
+ conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})
assert json_response(conn, 200)
object = Object.get_by_id(object.id)
@@ -84,9 +75,7 @@ test "votes are added to the poll", %{conn: conn} do
end)
end
- test "author can't vote", %{conn: conn} do
- user = insert(:user)
-
+ test "author can't vote", %{user: user, conn: conn} do
{:ok, activity} =
CommonAPI.post(user, %{
"status" => "Am I cute?",
@@ -96,7 +85,6 @@ test "author can't vote", %{conn: conn} do
object = Object.normalize(activity)
assert conn
- |> assign(:user, user)
|> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [1]})
|> json_response(422) == %{"error" => "Poll's author can't vote"}
@@ -106,11 +94,10 @@ test "author can't vote", %{conn: conn} do
end
test "does not allow multiple choices on a single-choice question", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
{:ok, activity} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "The glass is",
"poll" => %{"options" => ["half empty", "half full"], "expires_in" => 20}
})
@@ -118,7 +105,6 @@ test "does not allow multiple choices on a single-choice question", %{conn: conn
object = Object.normalize(activity)
assert conn
- |> assign(:user, other_user)
|> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1]})
|> json_response(422) == %{"error" => "Too many choices"}
@@ -130,42 +116,32 @@ test "does not allow multiple choices on a single-choice question", %{conn: conn
end
test "does not allow choice index to be greater than options count", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
{:ok, activity} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "Am I cute?",
"poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
})
object = Object.normalize(activity)
- conn =
- conn
- |> assign(:user, other_user)
- |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]})
+ conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [2]})
assert json_response(conn, 422) == %{"error" => "Invalid indices"}
end
test "returns 404 error when object is not exist", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/polls/1/votes", %{"choices" => [0]})
+ conn = post(conn, "/api/v1/polls/1/votes", %{"choices" => [0]})
assert json_response(conn, 404) == %{"error" => "Record not found"}
end
test "returns 404 when poll is private and not available for user", %{conn: conn} do
- user = insert(:user)
other_user = insert(:user)
{:ok, activity} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "Am I cute?",
"poll" => %{"options" => ["Yes", "No"], "expires_in" => 20},
"visibility" => "private"
@@ -173,10 +149,7 @@ test "returns 404 when poll is private and not available for user", %{conn: conn
object = Object.normalize(activity)
- conn =
- conn
- |> assign(:user, other_user)
- |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]})
+ conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [0]})
assert json_response(conn, 404) == %{"error" => "Record not found"}
end
diff --git a/test/web/mastodon_api/controllers/report_controller_test.exs b/test/web/mastodon_api/controllers/report_controller_test.exs
index 979ca48f3..53c132ff4 100644
--- a/test/web/mastodon_api/controllers/report_controller_test.exs
+++ b/test/web/mastodon_api/controllers/report_controller_test.exs
@@ -9,32 +9,30 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
import Pleroma.Factory
+ setup do: oauth_access(["write:reports"])
+
setup do
- reporter = insert(:user)
target_user = insert(:user)
{:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
- [reporter: reporter, target_user: target_user, activity: activity]
+ [target_user: target_user, activity: activity]
end
- test "submit a basic report", %{conn: conn, reporter: reporter, target_user: target_user} do
+ test "submit a basic report", %{conn: conn, target_user: target_user} do
assert %{"action_taken" => false, "id" => _} =
conn
- |> assign(:user, reporter)
|> post("/api/v1/reports", %{"account_id" => target_user.id})
|> json_response(200)
end
test "submit a report with statuses and comment", %{
conn: conn,
- reporter: reporter,
target_user: target_user,
activity: activity
} do
assert %{"action_taken" => false, "id" => _} =
conn
- |> assign(:user, reporter)
|> post("/api/v1/reports", %{
"account_id" => target_user.id,
"status_ids" => [activity.id],
@@ -46,19 +44,16 @@ test "submit a report with statuses and comment", %{
test "account_id is required", %{
conn: conn,
- reporter: reporter,
activity: activity
} do
assert %{"error" => "Valid `account_id` required"} =
conn
- |> assign(:user, reporter)
|> post("/api/v1/reports", %{"status_ids" => [activity.id]})
|> json_response(400)
end
test "comment must be up to the size specified in the config", %{
conn: conn,
- reporter: reporter,
target_user: target_user
} do
max_size = Pleroma.Config.get([:instance, :max_report_comment_size], 1000)
@@ -68,20 +63,15 @@ test "comment must be up to the size specified in the config", %{
assert ^error =
conn
- |> assign(:user, reporter)
|> post("/api/v1/reports", %{"account_id" => target_user.id, "comment" => comment})
|> json_response(400)
end
test "returns error when account is not exist", %{
conn: conn,
- reporter: reporter,
activity: activity
} do
- conn =
- conn
- |> assign(:user, reporter)
- |> post("/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"})
+ conn = post(conn, "/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"})
assert json_response(conn, 400) == %{"error" => "Account not found"}
end
diff --git a/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs b/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs
index ae5fee2bc..9666a7f2e 100644
--- a/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs
+++ b/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs
@@ -10,89 +10,69 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
import Pleroma.Factory
- test "shows scheduled activities", %{conn: conn} do
- user = insert(:user)
+ test "shows scheduled activities" do
+ %{user: user, conn: conn} = oauth_access(["read:statuses"])
+
scheduled_activity_id1 = insert(:scheduled_activity, user: user).id |> to_string()
scheduled_activity_id2 = insert(:scheduled_activity, user: user).id |> to_string()
scheduled_activity_id3 = insert(:scheduled_activity, user: user).id |> to_string()
scheduled_activity_id4 = insert(:scheduled_activity, user: user).id |> to_string()
- conn =
- conn
- |> assign(:user, user)
-
# min_id
- conn_res =
- conn
- |> get("/api/v1/scheduled_statuses?limit=2&min_id=#{scheduled_activity_id1}")
+ conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&min_id=#{scheduled_activity_id1}")
result = json_response(conn_res, 200)
assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
# since_id
- conn_res =
- conn
- |> get("/api/v1/scheduled_statuses?limit=2&since_id=#{scheduled_activity_id1}")
+ conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&since_id=#{scheduled_activity_id1}")
result = json_response(conn_res, 200)
assert [%{"id" => ^scheduled_activity_id4}, %{"id" => ^scheduled_activity_id3}] = result
# max_id
- conn_res =
- conn
- |> get("/api/v1/scheduled_statuses?limit=2&max_id=#{scheduled_activity_id4}")
+ conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&max_id=#{scheduled_activity_id4}")
result = json_response(conn_res, 200)
assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
end
- test "shows a scheduled activity", %{conn: conn} do
- user = insert(:user)
+ test "shows a scheduled activity" do
+ %{user: user, conn: conn} = oauth_access(["read:statuses"])
scheduled_activity = insert(:scheduled_activity, user: user)
- res_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/scheduled_statuses/#{scheduled_activity.id}")
+ res_conn = get(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}")
assert %{"id" => scheduled_activity_id} = json_response(res_conn, 200)
assert scheduled_activity_id == scheduled_activity.id |> to_string()
- res_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/scheduled_statuses/404")
+ res_conn = get(conn, "/api/v1/scheduled_statuses/404")
assert %{"error" => "Record not found"} = json_response(res_conn, 404)
end
- test "updates a scheduled activity", %{conn: conn} do
- user = insert(:user)
+ test "updates a scheduled activity" do
+ %{user: user, conn: conn} = oauth_access(["write:statuses"])
scheduled_activity = insert(:scheduled_activity, user: user)
new_scheduled_at =
NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
res_conn =
- conn
- |> assign(:user, user)
- |> put("/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
+ put(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
scheduled_at: new_scheduled_at
})
assert %{"scheduled_at" => expected_scheduled_at} = json_response(res_conn, 200)
assert expected_scheduled_at == Pleroma.Web.CommonAPI.Utils.to_masto_date(new_scheduled_at)
- res_conn =
- conn
- |> assign(:user, user)
- |> put("/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})
+ res_conn = put(conn, "/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})
assert %{"error" => "Record not found"} = json_response(res_conn, 404)
end
- test "deletes a scheduled activity", %{conn: conn} do
- user = insert(:user)
+ test "deletes a scheduled activity" do
+ %{user: user, conn: conn} = oauth_access(["write:statuses"])
scheduled_activity = insert(:scheduled_activity, user: user)
res_conn =
diff --git a/test/web/mastodon_api/controllers/search_controller_test.exs b/test/web/mastodon_api/controllers/search_controller_test.exs
index 34deeba47..7fedf42e5 100644
--- a/test/web/mastodon_api/controllers/search_controller_test.exs
+++ b/test/web/mastodon_api/controllers/search_controller_test.exs
@@ -77,13 +77,11 @@ test "search", %{conn: conn} do
describe ".account_search" do
test "account search", %{conn: conn} do
- user = insert(:user)
user_two = insert(:user, %{nickname: "shp@shitposter.club"})
user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
results =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/search", %{"q" => "shp"})
|> json_response(200)
@@ -94,7 +92,6 @@ test "account search", %{conn: conn} do
results =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/search", %{"q" => "2hu"})
|> json_response(200)
@@ -104,11 +101,10 @@ test "account search", %{conn: conn} do
end
test "returns account if query contains a space", %{conn: conn} do
- user = insert(:user, %{nickname: "shp@shitposter.club"})
+ insert(:user, %{nickname: "shp@shitposter.club"})
results =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/search", %{"q" => "shp@shitposter.club xxx "})
|> json_response(200)
@@ -209,6 +205,7 @@ test "search fetches remote accounts", %{conn: conn} do
conn =
conn
|> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"]))
|> get("/api/v1/search", %{"q" => "mike@osada.macgirvin.com", "resolve" => "true"})
assert results = json_response(conn, 200)
diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs
index 5fbe947ba..307221c5d 100644
--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
@@ -23,24 +23,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
clear_config([:instance, :allow_relay])
describe "posting statuses" do
- setup do
- user = insert(:user)
-
- conn =
- build_conn()
- |> assign(:user, user)
-
- [conn: conn]
- end
+ setup do: oauth_access(["write:statuses"])
test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
Pleroma.Config.put([:instance, :federating], true)
Pleroma.Config.get([:instance, :allow_relay], true)
- user = insert(:user)
response =
conn
- |> assign(:user, user)
|> post("api/v1/statuses", %{
"content_type" => "text/plain",
"source" => "Pleroma FE",
@@ -54,7 +44,6 @@ test "posting a status does not increment reblog_count when relaying", %{conn: c
response =
conn
- |> assign(:user, user)
|> get("api/v1/statuses/#{response["id"]}", %{})
|> json_response(200)
@@ -132,9 +121,7 @@ test "posting a status", %{conn: conn} do
NaiveDateTime.to_iso8601(expiration.scheduled_at)
end
- test "posting an undefined status with an attachment", %{conn: conn} do
- user = insert(:user)
-
+ test "posting an undefined status with an attachment", %{user: user, conn: conn} do
file = %Plug.Upload{
content_type: "image/jpg",
path: Path.absname("test/fixtures/image.jpg"),
@@ -144,17 +131,14 @@ test "posting an undefined status with an attachment", %{conn: conn} do
{:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"media_ids" => [to_string(upload.id)]
})
assert json_response(conn, 200)
end
- test "replying to a status", %{conn: conn} do
- user = insert(:user)
+ test "replying to a status", %{user: user, conn: conn} do
{:ok, replied_to} = CommonAPI.post(user, %{"status" => "cofe"})
conn =
@@ -169,8 +153,10 @@ test "replying to a status", %{conn: conn} do
assert Activity.get_in_reply_to_activity(activity).id == replied_to.id
end
- test "replying to a direct message with visibility other than direct", %{conn: conn} do
- user = insert(:user)
+ test "replying to a direct message with visibility other than direct", %{
+ user: user,
+ conn: conn
+ } do
{:ok, replied_to} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
Enum.each(["public", "private", "unlisted"], fn visibility ->
@@ -187,18 +173,14 @@ test "replying to a direct message with visibility other than direct", %{conn: c
end
test "posting a status with an invalid in_reply_to_id", %{conn: conn} do
- conn =
- conn
- |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
+ conn = post(conn, "/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""})
assert %{"content" => "xD", "id" => id} = json_response(conn, 200)
assert Activity.get_by_id(id)
end
test "posting a sensitive status", %{conn: conn} do
- conn =
- conn
- |> post("/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
+ conn = post(conn, "/api/v1/statuses", %{"status" => "cofe", "sensitive" => true})
assert %{"content" => "cofe", "id" => id, "sensitive" => true} = json_response(conn, 200)
assert Activity.get_by_id(id)
@@ -206,8 +188,7 @@ test "posting a sensitive status", %{conn: conn} do
test "posting a fake status", %{conn: conn} do
real_conn =
- conn
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" =>
"\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it"
})
@@ -226,8 +207,7 @@ test "posting a fake status", %{conn: conn} do
|> Kernel.put_in(["pleroma", "conversation_id"], nil)
fake_conn =
- conn
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" =>
"\"Tenshi Eating a Corndog\" is a much discussed concept on /jp/. The significance of it is disputed, so I will focus on one core concept: the symbolism behind it",
"preview" => true
@@ -254,8 +234,7 @@ test "posting a status with OGP link preview", %{conn: conn} do
Config.put([:rich_media, :enabled], true)
conn =
- conn
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "https://example.com/ogp"
})
@@ -267,9 +246,7 @@ test "posting a direct status", %{conn: conn} do
user2 = insert(:user)
content = "direct cofe @#{user2.nickname}"
- conn =
- conn
- |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
+ conn = post(conn, "api/v1/statuses", %{"status" => content, "visibility" => "direct"})
assert %{"id" => id} = response = json_response(conn, 200)
assert response["visibility"] == "direct"
@@ -282,14 +259,13 @@ test "posting a direct status", %{conn: conn} do
end
describe "posting scheduled statuses" do
+ setup do: oauth_access(["write:statuses"])
+
test "creates a scheduled activity", %{conn: conn} do
- user = insert(:user)
scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "scheduled",
"scheduled_at" => scheduled_at
})
@@ -299,8 +275,7 @@ test "creates a scheduled activity", %{conn: conn} do
assert [] == Repo.all(Activity)
end
- test "creates a scheduled activity with a media attachment", %{conn: conn} do
- user = insert(:user)
+ test "creates a scheduled activity with a media attachment", %{user: user, conn: conn} do
scheduled_at = NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
file = %Plug.Upload{
@@ -312,9 +287,7 @@ test "creates a scheduled activity with a media attachment", %{conn: conn} do
{:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"media_ids" => [to_string(upload.id)],
"status" => "scheduled",
"scheduled_at" => scheduled_at
@@ -326,15 +299,11 @@ test "creates a scheduled activity with a media attachment", %{conn: conn} do
test "skips the scheduling and creates the activity if scheduled_at is earlier than 5 minutes from now",
%{conn: conn} do
- user = insert(:user)
-
scheduled_at =
NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(5) - 1, :millisecond)
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "not scheduled",
"scheduled_at" => scheduled_at
})
@@ -343,9 +312,7 @@ test "skips the scheduling and creates the activity if scheduled_at is earlier t
assert [] == Repo.all(ScheduledActivity)
end
- test "returns error when daily user limit is exceeded", %{conn: conn} do
- user = insert(:user)
-
+ test "returns error when daily user limit is exceeded", %{user: user, conn: conn} do
today =
NaiveDateTime.utc_now()
|> NaiveDateTime.add(:timer.minutes(6), :millisecond)
@@ -355,17 +322,12 @@ test "returns error when daily user limit is exceeded", %{conn: conn} do
{:ok, _} = ScheduledActivity.create(user, attrs)
{:ok, _} = ScheduledActivity.create(user, attrs)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
+ conn = post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => today})
assert %{"error" => "daily limit exceeded"} == json_response(conn, 422)
end
- test "returns error when total user limit is exceeded", %{conn: conn} do
- user = insert(:user)
-
+ test "returns error when total user limit is exceeded", %{user: user, conn: conn} do
today =
NaiveDateTime.utc_now()
|> NaiveDateTime.add(:timer.minutes(6), :millisecond)
@@ -382,23 +344,20 @@ test "returns error when total user limit is exceeded", %{conn: conn} do
{:ok, _} = ScheduledActivity.create(user, %{params: %{}, scheduled_at: tomorrow})
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
+ post(conn, "/api/v1/statuses", %{"status" => "scheduled", "scheduled_at" => tomorrow})
assert %{"error" => "total limit exceeded"} == json_response(conn, 422)
end
end
describe "posting polls" do
+ setup do: oauth_access(["write:statuses"])
+
test "posting a poll", %{conn: conn} do
- user = insert(:user)
time = NaiveDateTime.utc_now()
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "Who is the #bestgrill?",
"poll" => %{"options" => ["Rei", "Asuka", "Misato"], "expires_in" => 420}
})
@@ -414,13 +373,10 @@ test "posting a poll", %{conn: conn} do
end
test "option limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :max_options])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "desu~",
"poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
})
@@ -430,13 +386,10 @@ test "option limit is enforced", %{conn: conn} do
end
test "option character limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :max_option_chars])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "...",
"poll" => %{
"options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
@@ -449,13 +402,10 @@ test "option character limit is enforced", %{conn: conn} do
end
test "minimal date limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :min_expiration])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "imagine arbitrary limits",
"poll" => %{
"options" => ["this post was made by pleroma gang"],
@@ -468,13 +418,10 @@ test "minimal date limit is enforced", %{conn: conn} do
end
test "maximum date limit is enforced", %{conn: conn} do
- user = insert(:user)
limit = Config.get([:instance, :poll_limits, :max_expiration])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses", %{
+ post(conn, "/api/v1/statuses", %{
"status" => "imagine arbitrary limits",
"poll" => %{
"options" => ["this post was made by pleroma gang"],
@@ -487,19 +434,18 @@ test "maximum date limit is enforced", %{conn: conn} do
end
end
- test "get a status", %{conn: conn} do
+ test "get a status" do
+ %{conn: conn} = oauth_access(["read:statuses"])
activity = insert(:note_activity)
- conn =
- conn
- |> get("/api/v1/statuses/#{activity.id}")
+ conn = get(conn, "/api/v1/statuses/#{activity.id}")
assert %{"id" => id} = json_response(conn, 200)
assert id == to_string(activity.id)
end
- test "get a direct status", %{conn: conn} do
- user = insert(:user)
+ test "get a direct status" do
+ %{user: user, conn: conn} = oauth_access(["read:statuses"])
other_user = insert(:user)
{:ok, activity} =
@@ -516,7 +462,8 @@ test "get a direct status", %{conn: conn} do
assert res["pleroma"]["direct_conversation_id"] == participation.id
end
- test "get statuses by IDs", %{conn: conn} do
+ test "get statuses by IDs" do
+ %{conn: conn} = oauth_access(["read:statuses"])
%{id: id1} = insert(:note_activity)
%{id: id2} = insert(:note_activity)
@@ -527,9 +474,9 @@ test "get statuses by IDs", %{conn: conn} do
end
describe "deleting a status" do
- test "when you created it", %{conn: conn} do
- activity = insert(:note_activity)
- author = User.get_cached_by_ap_id(activity.data["actor"])
+ test "when you created it" do
+ %{user: author, conn: conn} = oauth_access(["write:statuses"])
+ activity = insert(:note_activity, user: author)
conn =
conn
@@ -541,14 +488,11 @@ test "when you created it", %{conn: conn} do
refute Activity.get_by_id(activity.id)
end
- test "when you didn't create it", %{conn: conn} do
+ test "when you didn't create it" do
+ %{conn: conn} = oauth_access(["write:statuses"])
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> delete("/api/v1/statuses/#{activity.id}")
+ conn = delete(conn, "/api/v1/statuses/#{activity.id}")
assert %{"error" => _} = json_response(conn, 403)
@@ -564,6 +508,7 @@ test "when you're an admin or moderator", %{conn: conn} do
res_conn =
conn
|> assign(:user, admin)
+ |> assign(:token, insert(:oauth_token, user: admin, scopes: ["write:statuses"]))
|> delete("/api/v1/statuses/#{activity1.id}")
assert %{} = json_response(res_conn, 200)
@@ -571,6 +516,7 @@ test "when you're an admin or moderator", %{conn: conn} do
res_conn =
conn
|> assign(:user, moderator)
+ |> assign(:token, insert(:oauth_token, user: moderator, scopes: ["write:statuses"]))
|> delete("/api/v1/statuses/#{activity2.id}")
assert %{} = json_response(res_conn, 200)
@@ -581,14 +527,12 @@ test "when you're an admin or moderator", %{conn: conn} do
end
describe "reblogging" do
+ setup do: oauth_access(["write:statuses"])
+
test "reblogs and returns the reblogged status", %{conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/reblog")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog")
assert %{
"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
@@ -600,12 +544,8 @@ test "reblogs and returns the reblogged status", %{conn: conn} do
test "reblogs privately and returns the reblogged status", %{conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/reblog", %{"visibility" => "private"})
assert %{
"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1},
@@ -616,7 +556,7 @@ test "reblogs privately and returns the reblogged status", %{conn: conn} do
assert to_string(activity.id) == id
end
- test "reblogged status for another user", %{conn: conn} do
+ test "reblogged status for another user" do
activity = insert(:note_activity)
user1 = insert(:user)
user2 = insert(:user)
@@ -627,8 +567,9 @@ test "reblogged status for another user", %{conn: conn} do
{:ok, _, _object} = CommonAPI.repeat(activity.id, user2)
conn_res =
- conn
+ build_conn()
|> assign(:user, user3)
+ |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
|> get("/api/v1/statuses/#{reblog_activity1.id}")
assert %{
@@ -639,8 +580,9 @@ test "reblogged status for another user", %{conn: conn} do
} = json_response(conn_res, 200)
conn_res =
- conn
+ build_conn()
|> assign(:user, user2)
+ |> assign(:token, insert(:oauth_token, user: user2, scopes: ["read:statuses"]))
|> get("/api/v1/statuses/#{reblog_activity1.id}")
assert %{
@@ -654,28 +596,21 @@ test "reblogged status for another user", %{conn: conn} do
end
test "returns 400 error when activity is not exist", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/foo/reblog")
+ conn = post(conn, "/api/v1/statuses/foo/reblog")
assert json_response(conn, 400) == %{"error" => "Could not repeat"}
end
end
describe "unreblogging" do
- test "unreblogs and returns the unreblogged status", %{conn: conn} do
+ setup do: oauth_access(["write:statuses"])
+
+ test "unreblogs and returns the unreblogged status", %{user: user, conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/unreblog")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/unreblog")
assert %{"id" => id, "reblogged" => false, "reblogs_count" => 0} = json_response(conn, 200)
@@ -683,26 +618,19 @@ test "unreblogs and returns the unreblogged status", %{conn: conn} do
end
test "returns 400 error when activity is not exist", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/foo/unreblog")
+ conn = post(conn, "/api/v1/statuses/foo/unreblog")
assert json_response(conn, 400) == %{"error" => "Could not unrepeat"}
end
end
describe "favoriting" do
+ setup do: oauth_access(["write:favourites"])
+
test "favs a status and returns it", %{conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/favourite")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/favourite")
assert %{"id" => id, "favourites_count" => 1, "favourited" => true} =
json_response(conn, 200)
@@ -711,28 +639,21 @@ test "favs a status and returns it", %{conn: conn} do
end
test "returns 400 error for a wrong id", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/1/favourite")
+ conn = post(conn, "/api/v1/statuses/1/favourite")
assert json_response(conn, 400) == %{"error" => "Could not favorite"}
end
end
describe "unfavoriting" do
- test "unfavorites a status and returns it", %{conn: conn} do
+ setup do: oauth_access(["write:favourites"])
+
+ test "unfavorites a status and returns it", %{user: user, conn: conn} do
activity = insert(:note_activity)
- user = insert(:user)
{:ok, _, _} = CommonAPI.favorite(activity.id, user)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/unfavourite")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/unfavourite")
assert %{"id" => id, "favourites_count" => 0, "favourited" => false} =
json_response(conn, 200)
@@ -741,23 +662,19 @@ test "unfavorites a status and returns it", %{conn: conn} do
end
test "returns 400 error for a wrong id", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/1/unfavourite")
+ conn = post(conn, "/api/v1/statuses/1/unfavourite")
assert json_response(conn, 400) == %{"error" => "Could not unfavorite"}
end
end
describe "pinned statuses" do
- setup do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+
+ setup %{user: user} do
{:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
- [user: user, activity: activity]
+ %{activity: activity}
end
clear_config([:instance, :max_pinned_statuses]) do
@@ -769,13 +686,11 @@ test "pin status", %{conn: conn, user: user, activity: activity} do
assert %{"id" => ^id_str, "pinned" => true} =
conn
- |> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/pin")
|> json_response(200)
assert [%{"id" => ^id_str, "pinned" => true}] =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
|> json_response(200)
end
@@ -783,19 +698,16 @@ test "pin status", %{conn: conn, user: user, activity: activity} do
test "/pin: returns 400 error when activity is not public", %{conn: conn, user: user} do
{:ok, dm} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{dm.id}/pin")
+ conn = post(conn, "/api/v1/statuses/#{dm.id}/pin")
assert json_response(conn, 400) == %{"error" => "Could not pin"}
end
test "unpin status", %{conn: conn, user: user, activity: activity} do
{:ok, _} = CommonAPI.pin(activity.id, user)
+ user = refresh_record(user)
id_str = to_string(activity.id)
- user = refresh_record(user)
assert %{"id" => ^id_str, "pinned" => false} =
conn
@@ -805,16 +717,12 @@ test "unpin status", %{conn: conn, user: user, activity: activity} do
assert [] =
conn
- |> assign(:user, user)
|> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
|> json_response(200)
end
- test "/unpin: returns 400 error when activity is not exist", %{conn: conn, user: user} do
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/1/unpin")
+ test "/unpin: returns 400 error when activity is not exist", %{conn: conn} do
+ conn = post(conn, "/api/v1/statuses/1/unpin")
assert json_response(conn, 400) == %{"error" => "Could not unpin"}
end
@@ -826,7 +734,6 @@ test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
assert %{"id" => ^id_str_one, "pinned" => true} =
conn
- |> assign(:user, user)
|> post("/api/v1/statuses/#{id_str_one}/pin")
|> json_response(200)
@@ -844,8 +751,7 @@ test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
setup do
Config.put([:rich_media, :enabled], true)
- user = insert(:user)
- %{user: user}
+ oauth_access(["read:statuses"])
end
test "returns rich-media card", %{conn: conn, user: user} do
@@ -887,7 +793,6 @@ test "returns rich-media card", %{conn: conn, user: user} do
response_two =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/card")
|> json_response(200)
@@ -925,72 +830,55 @@ test "replaces missing description with an empty string", %{conn: conn, user: us
end
test "bookmarks" do
- user = insert(:user)
- for_user = insert(:user)
+ %{conn: conn} = oauth_access(["write:bookmarks", "read:bookmarks"])
+ author = insert(:user)
{:ok, activity1} =
- CommonAPI.post(user, %{
+ CommonAPI.post(author, %{
"status" => "heweoo?"
})
{:ok, activity2} =
- CommonAPI.post(user, %{
+ CommonAPI.post(author, %{
"status" => "heweoo!"
})
- response1 =
- build_conn()
- |> assign(:user, for_user)
- |> post("/api/v1/statuses/#{activity1.id}/bookmark")
+ response1 = post(conn, "/api/v1/statuses/#{activity1.id}/bookmark")
assert json_response(response1, 200)["bookmarked"] == true
- response2 =
- build_conn()
- |> assign(:user, for_user)
- |> post("/api/v1/statuses/#{activity2.id}/bookmark")
+ response2 = post(conn, "/api/v1/statuses/#{activity2.id}/bookmark")
assert json_response(response2, 200)["bookmarked"] == true
- bookmarks =
- build_conn()
- |> assign(:user, for_user)
- |> get("/api/v1/bookmarks")
+ bookmarks = get(conn, "/api/v1/bookmarks")
assert [json_response(response2, 200), json_response(response1, 200)] ==
json_response(bookmarks, 200)
- response1 =
- build_conn()
- |> assign(:user, for_user)
- |> post("/api/v1/statuses/#{activity1.id}/unbookmark")
+ response1 = post(conn, "/api/v1/statuses/#{activity1.id}/unbookmark")
assert json_response(response1, 200)["bookmarked"] == false
- bookmarks =
- build_conn()
- |> assign(:user, for_user)
- |> get("/api/v1/bookmarks")
+ bookmarks = get(conn, "/api/v1/bookmarks")
assert [json_response(response2, 200)] == json_response(bookmarks, 200)
end
describe "conversation muting" do
+ setup do: oauth_access(["write:mutes"])
+
setup do
post_user = insert(:user)
- user = insert(:user)
-
{:ok, activity} = CommonAPI.post(post_user, %{"status" => "HIE"})
-
- [user: user, activity: activity]
+ %{activity: activity}
end
- test "mute conversation", %{conn: conn, user: user, activity: activity} do
+ test "mute conversation", %{conn: conn, activity: activity} do
id_str = to_string(activity.id)
assert %{"id" => ^id_str, "muted" => true} =
conn
- |> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/mute")
|> json_response(200)
end
@@ -998,10 +886,7 @@ test "mute conversation", %{conn: conn, user: user, activity: activity} do
test "cannot mute already muted conversation", %{conn: conn, user: user, activity: activity} do
{:ok, _} = CommonAPI.add_mute(user, activity)
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/statuses/#{activity.id}/mute")
+ conn = post(conn, "/api/v1/statuses/#{activity.id}/mute")
assert json_response(conn, 400) == %{"error" => "conversation is already muted"}
end
@@ -1010,11 +895,10 @@ test "unmute conversation", %{conn: conn, user: user, activity: activity} do
{:ok, _} = CommonAPI.add_mute(user, activity)
id_str = to_string(activity.id)
- user = refresh_record(user)
assert %{"id" => ^id_str, "muted" => false} =
conn
- |> assign(:user, user)
+ # |> assign(:user, user)
|> post("/api/v1/statuses/#{activity.id}/unmute")
|> json_response(200)
end
@@ -1031,6 +915,7 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c
conn1 =
conn
|> assign(:user, user2)
+ |> assign(:token, insert(:oauth_token, user: user2, scopes: ["write:statuses"]))
|> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => replied_to.id})
assert %{"content" => "xD", "id" => id} = json_response(conn1, 200)
@@ -1044,6 +929,7 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c
conn2 =
conn
|> assign(:user, user3)
+ |> assign(:token, insert(:oauth_token, user: user3, scopes: ["write:statuses"]))
|> post("/api/v1/statuses/#{activity.id}/reblog")
assert %{"reblog" => %{"id" => id, "reblogged" => true, "reblogs_count" => 1}} =
@@ -1055,6 +941,7 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c
conn3 =
conn
|> assign(:user, user3)
+ |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
|> get("api/v1/timelines/home")
[reblogged_activity] = json_response(conn3, 200)
@@ -1066,15 +953,12 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c
end
describe "GET /api/v1/statuses/:id/favourited_by" do
- setup do
- user = insert(:user)
+ setup do: oauth_access(["read:accounts"])
+
+ setup %{user: user} do
{:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
- conn =
- build_conn()
- |> assign(:user, user)
-
- [conn: conn, activity: activity, user: user]
+ %{activity: activity}
end
test "returns users who have favorited the status", %{conn: conn, activity: activity} do
@@ -1114,20 +998,18 @@ test "does not return users who have favorited the status but are blocked", %{
response =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/favourited_by")
|> json_response(:ok)
assert Enum.empty?(response)
end
- test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
+ test "does not fail on an unauthenticated request", %{activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
response =
- conn
- |> assign(:user, nil)
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}/favourited_by")
|> json_response(:ok)
@@ -1135,7 +1017,7 @@ test "does not fail on an unauthenticated request", %{conn: conn, activity: acti
assert id == other_user.id
end
- test "requires authentification for private posts", %{conn: conn, user: user} do
+ test "requires authentication for private posts", %{user: user} do
other_user = insert(:user)
{:ok, activity} =
@@ -1146,15 +1028,25 @@ test "requires authentification for private posts", %{conn: conn, user: user} do
{:ok, _, _} = CommonAPI.favorite(activity.id, other_user)
+ favourited_by_url = "/api/v1/statuses/#{activity.id}/favourited_by"
+
+ build_conn()
+ |> get(favourited_by_url)
+ |> json_response(404)
+
+ conn =
+ build_conn()
+ |> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
+
conn
- |> assign(:user, nil)
- |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+ |> assign(:token, nil)
+ |> get(favourited_by_url)
|> json_response(404)
response =
- build_conn()
- |> assign(:user, other_user)
- |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+ conn
+ |> get(favourited_by_url)
|> json_response(200)
[%{"id" => id}] = response
@@ -1163,15 +1055,12 @@ test "requires authentification for private posts", %{conn: conn, user: user} do
end
describe "GET /api/v1/statuses/:id/reblogged_by" do
- setup do
- user = insert(:user)
+ setup do: oauth_access(["read:accounts"])
+
+ setup %{user: user} do
{:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
- conn =
- build_conn()
- |> assign(:user, user)
-
- [conn: conn, activity: activity, user: user]
+ %{activity: activity}
end
test "returns users who have reblogged the status", %{conn: conn, activity: activity} do
@@ -1211,7 +1100,6 @@ test "does not return users who have reblogged the status but are blocked", %{
response =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
@@ -1219,7 +1107,7 @@ test "does not return users who have reblogged the status but are blocked", %{
end
test "does not return users who have reblogged the status privately", %{
- conn: %{assigns: %{user: user}} = conn,
+ conn: conn,
activity: activity
} do
other_user = insert(:user)
@@ -1228,20 +1116,18 @@ test "does not return users who have reblogged the status privately", %{
response =
conn
- |> assign(:user, user)
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
assert Enum.empty?(response)
end
- test "does not fail on an unauthenticated request", %{conn: conn, activity: activity} do
+ test "does not fail on an unauthenticated request", %{activity: activity} do
other_user = insert(:user)
{:ok, _, _} = CommonAPI.repeat(activity.id, other_user)
response =
- conn
- |> assign(:user, nil)
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(:ok)
@@ -1249,7 +1135,7 @@ test "does not fail on an unauthenticated request", %{conn: conn, activity: acti
assert id == other_user.id
end
- test "requires authentification for private posts", %{conn: conn, user: user} do
+ test "requires authentication for private posts", %{user: user} do
other_user = insert(:user)
{:ok, activity} =
@@ -1258,14 +1144,14 @@ test "requires authentification for private posts", %{conn: conn, user: user} do
"visibility" => "direct"
})
- conn
- |> assign(:user, nil)
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(404)
response =
build_conn()
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:accounts"]))
|> get("/api/v1/statuses/#{activity.id}/reblogged_by")
|> json_response(200)
@@ -1284,7 +1170,6 @@ test "context" do
response =
build_conn()
- |> assign(:user, nil)
|> get("/api/v1/statuses/#{id3}/context")
|> json_response(:ok)
@@ -1294,8 +1179,8 @@ test "context" do
} = response
end
- test "returns the favorites of a user", %{conn: conn} do
- user = insert(:user)
+ test "returns the favorites of a user" do
+ %{user: user, conn: conn} = oauth_access(["read:favourites"])
other_user = insert(:user)
{:ok, _} = CommonAPI.post(other_user, %{"status" => "bla"})
@@ -1303,10 +1188,7 @@ test "returns the favorites of a user", %{conn: conn} do
{:ok, _, _} = CommonAPI.favorite(activity.id, user)
- first_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/favourites")
+ first_conn = get(conn, "/api/v1/favourites")
assert [status] = json_response(first_conn, 200)
assert status["id"] == to_string(activity.id)
@@ -1325,18 +1207,12 @@ test "returns the favorites of a user", %{conn: conn} do
last_like = status["id"]
- second_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/favourites?since_id=#{last_like}")
+ second_conn = get(conn, "/api/v1/favourites?since_id=#{last_like}")
assert [second_status] = json_response(second_conn, 200)
assert second_status["id"] == to_string(second_activity.id)
- third_conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/favourites?limit=0")
+ third_conn = get(conn, "/api/v1/favourites?limit=0")
assert [] = json_response(third_conn, 200)
end
diff --git a/test/web/mastodon_api/controllers/suggestion_controller_test.exs b/test/web/mastodon_api/controllers/suggestion_controller_test.exs
index 78620a873..c4118a576 100644
--- a/test/web/mastodon_api/controllers/suggestion_controller_test.exs
+++ b/test/web/mastodon_api/controllers/suggestion_controller_test.exs
@@ -11,8 +11,9 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionControllerTest do
import Pleroma.Factory
import Tesla.Mock
- setup do
- user = insert(:user)
+ setup do: oauth_access(["read"])
+
+ setup %{user: user} do
other_user = insert(:user)
host = Config.get([Pleroma.Web.Endpoint, :url, :host])
url500 = "http://test500?#{host}{user.nickname}"
@@ -32,31 +33,29 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionControllerTest do
}
end)
- [user: user, other_user: other_user]
+ [other_user: other_user]
end
clear_config(:suggestions)
- test "returns empty result when suggestions disabled", %{conn: conn, user: user} do
+ test "returns empty result when suggestions disabled", %{conn: conn} do
Config.put([:suggestions, :enabled], false)
res =
conn
- |> assign(:user, user)
|> get("/api/v1/suggestions")
|> json_response(200)
assert res == []
end
- test "returns error", %{conn: conn, user: user} do
+ test "returns error", %{conn: conn} do
Config.put([:suggestions, :enabled], true)
Config.put([:suggestions, :third_party_engine], "http://test500?{{host}}&{{user}}")
assert capture_log(fn ->
res =
conn
- |> assign(:user, user)
|> get("/api/v1/suggestions")
|> json_response(500)
@@ -64,13 +63,12 @@ test "returns error", %{conn: conn, user: user} do
end) =~ "Could not retrieve suggestions"
end
- test "returns suggestions", %{conn: conn, user: user, other_user: other_user} do
+ test "returns suggestions", %{conn: conn, other_user: other_user} do
Config.put([:suggestions, :enabled], true)
Config.put([:suggestions, :third_party_engine], "http://test200?{{host}}&{{user}}")
res =
conn
- |> assign(:user, user)
|> get("/api/v1/suggestions")
|> json_response(200)
diff --git a/test/web/mastodon_api/controllers/timeline_controller_test.exs b/test/web/mastodon_api/controllers/timeline_controller_test.exs
index dc17cc963..bb94d8e5a 100644
--- a/test/web/mastodon_api/controllers/timeline_controller_test.exs
+++ b/test/web/mastodon_api/controllers/timeline_controller_test.exs
@@ -20,31 +20,25 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
end
describe "home" do
- test "the home timeline", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["read:statuses"])
+
+ test "the home timeline", %{user: user, conn: conn} do
following = insert(:user)
{:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/home")
+ ret_conn = get(conn, "/api/v1/timelines/home")
- assert Enum.empty?(json_response(conn, :ok))
+ assert Enum.empty?(json_response(ret_conn, :ok))
- {:ok, user} = User.follow(user, following)
+ {:ok, _user} = User.follow(user, following)
- conn =
- build_conn()
- |> assign(:user, user)
- |> get("/api/v1/timelines/home")
+ conn = get(conn, "/api/v1/timelines/home")
assert [%{"content" => "test"}] = json_response(conn, :ok)
end
- test "the home timeline when the direct messages are excluded", %{conn: conn} do
- user = insert(:user)
+ test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do
{:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
{:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
@@ -54,10 +48,7 @@ test "the home timeline when the direct messages are excluded", %{conn: conn} do
{:ok, private_activity} =
CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
+ conn = get(conn, "/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
assert status_ids = json_response(conn, :ok) |> Enum.map(& &1["id"])
assert public_activity.id in status_ids
@@ -99,11 +90,7 @@ test "the public timeline when public is set to false", %{conn: conn} do
end
test "the public timeline includes only public statuses for an authenticated user" do
- user = insert(:user)
-
- conn =
- build_conn()
- |> assign(:user, user)
+ %{user: user, conn: conn} = oauth_access(["read:statuses"])
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
@@ -134,11 +121,13 @@ test "direct timeline", %{conn: conn} do
"visibility" => "private"
})
- # Only direct should be visible here
- res_conn =
+ conn_user_two =
conn
|> assign(:user, user_two)
- |> get("api/v1/timelines/direct")
+ |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
+
+ # Only direct should be visible here
+ res_conn = get(conn_user_two, "api/v1/timelines/direct")
[status] = json_response(res_conn, :ok)
@@ -149,6 +138,7 @@ test "direct timeline", %{conn: conn} do
res_conn =
build_conn()
|> assign(:user, user_one)
+ |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
|> get("api/v1/timelines/direct")
[status] = json_response(res_conn, :ok)
@@ -156,10 +146,7 @@ test "direct timeline", %{conn: conn} do
assert %{"visibility" => "direct"} = status
# Both should be visible here
- res_conn =
- conn
- |> assign(:user, user_two)
- |> get("api/v1/timelines/home")
+ res_conn = get(conn_user_two, "api/v1/timelines/home")
[_s1, _s2] = json_response(res_conn, :ok)
@@ -172,28 +159,23 @@ test "direct timeline", %{conn: conn} do
})
end)
- res_conn =
- conn
- |> assign(:user, user_two)
- |> get("api/v1/timelines/direct")
+ res_conn = get(conn_user_two, "api/v1/timelines/direct")
statuses = json_response(res_conn, :ok)
assert length(statuses) == 20
res_conn =
- conn
- |> assign(:user, user_two)
- |> get("api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
+ get(conn_user_two, "api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
[status] = json_response(res_conn, :ok)
assert status["url"] != direct.data["id"]
end
- test "doesn't include DMs from blocked users", %{conn: conn} do
- blocker = insert(:user)
+ test "doesn't include DMs from blocked users" do
+ %{user: blocker, conn: conn} = oauth_access(["read:statuses"])
blocked = insert(:user)
- user = insert(:user)
+ other_user = insert(:user)
{:ok, _user_relationship} = User.block(blocker, blocked)
{:ok, _blocked_direct} =
@@ -203,15 +185,12 @@ test "doesn't include DMs from blocked users", %{conn: conn} do
})
{:ok, direct} =
- CommonAPI.post(user, %{
+ CommonAPI.post(other_user, %{
"status" => "Hi @#{blocker.nickname}!",
"visibility" => "direct"
})
- res_conn =
- conn
- |> assign(:user, user)
- |> get("api/v1/timelines/direct")
+ res_conn = get(conn, "api/v1/timelines/direct")
[status] = json_response(res_conn, :ok)
assert status["id"] == direct.id
@@ -219,26 +198,26 @@ test "doesn't include DMs from blocked users", %{conn: conn} do
end
describe "list" do
- test "list timeline", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["read:lists"])
+
+ test "list timeline", %{user: user, conn: conn} do
other_user = insert(:user)
{:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
{:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/list/#{list.id}")
+ conn = get(conn, "/api/v1/timelines/list/#{list.id}")
assert [%{"id" => id}] = json_response(conn, :ok)
assert id == to_string(activity_two.id)
end
- test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do
- user = insert(:user)
+ test "list timeline does not leak non-public statuses for unfollowed users", %{
+ user: user,
+ conn: conn
+ } do
other_user = insert(:user)
{:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
@@ -251,10 +230,7 @@ test "list timeline does not leak non-public statuses for unfollowed users", %{c
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/timelines/list/#{list.id}")
+ conn = get(conn, "/api/v1/timelines/list/#{list.id}")
assert [%{"id" => id}] = json_response(conn, :ok)
@@ -263,6 +239,8 @@ test "list timeline does not leak non-public statuses for unfollowed users", %{c
end
describe "hashtag" do
+ setup do: oauth_access(["n/a"])
+
@tag capture_log: true
test "hashtag timeline", %{conn: conn} do
following = insert(:user)
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 42a8779c0..c1f70f9fe 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -5,69 +5,9 @@
defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
use Pleroma.Web.ConnCase
- alias Pleroma.Notification
- alias Pleroma.Repo
- alias Pleroma.Web.CommonAPI
-
- import Pleroma.Factory
- import Tesla.Mock
-
- setup do
- mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
- :ok
- end
-
- clear_config([:rich_media, :enabled])
-
- test "unimplemented follow_requests, blocks, domain blocks" do
- user = insert(:user)
-
- ["blocks", "domain_blocks", "follow_requests"]
- |> Enum.each(fn endpoint ->
- conn =
- build_conn()
- |> assign(:user, user)
- |> get("/api/v1/#{endpoint}")
-
- assert [] = json_response(conn, 200)
- end)
- end
-
- describe "link headers" do
- test "preserves parameters in link headers", %{conn: conn} do
- user = insert(:user)
- other_user = insert(:user)
-
- {:ok, activity1} =
- CommonAPI.post(other_user, %{
- "status" => "hi @#{user.nickname}",
- "visibility" => "public"
- })
-
- {:ok, activity2} =
- CommonAPI.post(other_user, %{
- "status" => "hi @#{user.nickname}",
- "visibility" => "public"
- })
-
- notification1 = Repo.get_by(Notification, activity_id: activity1.id)
- notification2 = Repo.get_by(Notification, activity_id: activity2.id)
-
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/notifications", %{media_only: true})
-
- assert [link_header] = get_resp_header(conn, "link")
- assert link_header =~ ~r/media_only=true/
- assert link_header =~ ~r/min_id=#{notification2.id}/
- assert link_header =~ ~r/max_id=#{notification1.id}/
- end
- end
-
- describe "empty_array, stubs for mastodon api" do
- test "GET /api/v1/accounts/:id/identity_proofs", %{conn: conn} do
- user = insert(:user)
+ describe "empty_array/2 (stubs)" do
+ test "GET /api/v1/accounts/:id/identity_proofs" do
+ %{user: user, conn: conn} = oauth_access(["n/a"])
res =
conn
@@ -78,12 +18,11 @@ test "GET /api/v1/accounts/:id/identity_proofs", %{conn: conn} do
assert res == []
end
- test "GET /api/v1/endorsements", %{conn: conn} do
- user = insert(:user)
+ test "GET /api/v1/endorsements" do
+ %{conn: conn} = oauth_access(["read:accounts"])
res =
conn
- |> assign(:user, user)
|> get("/api/v1/endorsements")
|> json_response(200)
@@ -91,11 +30,8 @@ test "GET /api/v1/endorsements", %{conn: conn} do
end
test "GET /api/v1/trends", %{conn: conn} do
- user = insert(:user)
-
res =
conn
- |> assign(:user, user)
|> get("/api/v1/trends")
|> json_response(200)
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index 7a629da4f..59f4674eb 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -450,7 +450,7 @@ test "properly handles internal calls with `authorization`-wrapped params", %{
test "renders authentication page if user is already authenticated but `force_login` is tru-ish",
%{app: app, conn: conn} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
@@ -474,7 +474,7 @@ test "renders authentication page if user is already authenticated but user requ
app: app,
conn: conn
} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
@@ -497,7 +497,7 @@ test "with existing authentication and non-OOB `redirect_uri`, redirects to app
app: app,
conn: conn
} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
@@ -523,7 +523,7 @@ test "with existing authentication and unlisted non-OOB `redirect_uri`, redirect
conn: conn
} do
unlisted_redirect_uri = "http://cross-site-request.com"
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
@@ -547,7 +547,7 @@ test "with existing authentication and OOB `redirect_uri`, redirects to app with
app: app,
conn: conn
} do
- token = insert(:oauth_token, app_id: app.id)
+ token = insert(:oauth_token, app: app)
conn =
conn
diff --git a/test/web/pleroma_api/controllers/account_controller_test.exs b/test/web/pleroma_api/controllers/account_controller_test.exs
index c809f510f..d17026a6b 100644
--- a/test/web/pleroma_api/controllers/account_controller_test.exs
+++ b/test/web/pleroma_api/controllers/account_controller_test.exs
@@ -33,7 +33,6 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
test "resend account confirmation email", %{conn: conn, user: user} do
conn
- |> assign(:user, user)
|> post("/api/v1/pleroma/accounts/confirmation_resend?email=#{user.email}")
|> json_response(:no_content)
@@ -52,14 +51,12 @@ test "resend account confirmation email", %{conn: conn, user: user} do
end
describe "PATCH /api/v1/pleroma/accounts/update_avatar" do
- test "user avatar can be set", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+
+ test "user avatar can be set", %{user: user, conn: conn} do
avatar_image = File.read!("test/fixtures/avatar_data_uri")
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})
+ conn = patch(conn, "/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})
user = refresh_record(user)
@@ -78,13 +75,8 @@ test "user avatar can be set", %{conn: conn} do
assert %{"url" => _} = json_response(conn, 200)
end
- test "user avatar can be reset", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: ""})
+ test "user avatar can be reset", %{user: user, conn: conn} do
+ conn = patch(conn, "/api/v1/pleroma/accounts/update_avatar", %{img: ""})
user = User.get_cached_by_id(user.id)
@@ -95,13 +87,10 @@ test "user avatar can be reset", %{conn: conn} do
end
describe "PATCH /api/v1/pleroma/accounts/update_banner" do
- test "can set profile banner", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})
+ test "can set profile banner", %{user: user, conn: conn} do
+ conn = patch(conn, "/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})
user = refresh_record(user)
assert user.banner["type"] == "Image"
@@ -109,13 +98,8 @@ test "can set profile banner", %{conn: conn} do
assert %{"url" => _} = json_response(conn, 200)
end
- test "can reset profile banner", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})
+ test "can reset profile banner", %{user: user, conn: conn} do
+ conn = patch(conn, "/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})
user = refresh_record(user)
assert user.banner == %{}
@@ -125,26 +109,18 @@ test "can reset profile banner", %{conn: conn} do
end
describe "PATCH /api/v1/pleroma/accounts/update_background" do
- test "background image can be set", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => @image})
+ test "background image can be set", %{user: user, conn: conn} do
+ conn = patch(conn, "/api/v1/pleroma/accounts/update_background", %{"img" => @image})
user = refresh_record(user)
assert user.background["type"] == "Image"
assert %{"url" => _} = json_response(conn, 200)
end
- test "background image can be reset", %{conn: conn} do
- user = insert(:user)
-
- conn =
- conn
- |> assign(:user, user)
- |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => ""})
+ test "background image can be reset", %{user: user, conn: conn} do
+ conn = patch(conn, "/api/v1/pleroma/accounts/update_background", %{"img" => ""})
user = refresh_record(user)
assert user.background == %{}
@@ -155,12 +131,12 @@ test "background image can be reset", %{conn: conn} do
describe "getting favorites timeline of specified user" do
setup do
[current_user, user] = insert_pair(:user, hide_favorites: false)
- [current_user: current_user, user: user]
+ %{user: current_user, conn: conn} = oauth_access(["read:favourites"], user: current_user)
+ [current_user: current_user, user: user, conn: conn]
end
test "returns list of statuses favorited by specified user", %{
conn: conn,
- current_user: current_user,
user: user
} do
[activity | _] = insert_pair(:note_activity)
@@ -168,7 +144,6 @@ test "returns list of statuses favorited by specified user", %{
response =
conn
- |> assign(:user, current_user)
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|> json_response(:ok)
@@ -178,23 +153,18 @@ test "returns list of statuses favorited by specified user", %{
assert like["id"] == activity.id
end
- test "returns favorites for specified user_id when user is not logged in", %{
- conn: conn,
+ test "does not return favorites for specified user_id when user is not logged in", %{
user: user
} do
activity = insert(:note_activity)
CommonAPI.favorite(activity.id, user)
- response =
- conn
- |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
- |> json_response(:ok)
-
- assert length(response) == 1
+ build_conn()
+ |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+ |> json_response(403)
end
test "returns favorited DM only when user is logged in and he is one of recipients", %{
- conn: conn,
current_user: current_user,
user: user
} do
@@ -206,25 +176,24 @@ test "returns favorited DM only when user is logged in and he is one of recipien
CommonAPI.favorite(direct.id, user)
- response =
- conn
- |> assign(:user, current_user)
- |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
- |> json_response(:ok)
+ for u <- [user, current_user] do
+ response =
+ build_conn()
+ |> assign(:user, u)
+ |> assign(:token, insert(:oauth_token, user: u, scopes: ["read:favourites"]))
+ |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+ |> json_response(:ok)
- assert length(response) == 1
+ assert length(response) == 1
+ end
- anonymous_response =
- conn
- |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
- |> json_response(:ok)
-
- assert Enum.empty?(anonymous_response)
+ build_conn()
+ |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+ |> json_response(403)
end
test "does not return others' favorited DM when user is not one of recipients", %{
conn: conn,
- current_user: current_user,
user: user
} do
user_two = insert(:user)
@@ -239,7 +208,6 @@ test "does not return others' favorited DM when user is not one of recipients",
response =
conn
- |> assign(:user, current_user)
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|> json_response(:ok)
@@ -248,7 +216,6 @@ test "does not return others' favorited DM when user is not one of recipients",
test "paginates favorites using since_id and max_id", %{
conn: conn,
- current_user: current_user,
user: user
} do
activities = insert_list(10, :note_activity)
@@ -262,7 +229,6 @@ test "paginates favorites using since_id and max_id", %{
response =
conn
- |> assign(:user, current_user)
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites", %{
since_id: third_activity.id,
max_id: seventh_activity.id
@@ -276,7 +242,6 @@ test "paginates favorites using since_id and max_id", %{
test "limits favorites using limit parameter", %{
conn: conn,
- current_user: current_user,
user: user
} do
7
@@ -287,7 +252,6 @@ test "limits favorites using limit parameter", %{
response =
conn
- |> assign(:user, current_user)
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites", %{limit: "3"})
|> json_response(:ok)
@@ -296,12 +260,10 @@ test "limits favorites using limit parameter", %{
test "returns empty response when user does not have any favorited statuses", %{
conn: conn,
- current_user: current_user,
user: user
} do
response =
conn
- |> assign(:user, current_user)
|> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
|> json_response(:ok)
@@ -314,79 +276,61 @@ test "returns 404 error when specified user is not exist", %{conn: conn} do
assert json_response(conn, 404) == %{"error" => "Record not found"}
end
- test "returns 403 error when user has hidden own favorites", %{
- conn: conn,
- current_user: current_user
- } do
+ test "returns 403 error when user has hidden own favorites", %{conn: conn} do
user = insert(:user, hide_favorites: true)
activity = insert(:note_activity)
CommonAPI.favorite(activity.id, user)
- conn =
- conn
- |> assign(:user, current_user)
- |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+ conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/favourites")
assert json_response(conn, 403) == %{"error" => "Can't get favorites"}
end
- test "hides favorites for new users by default", %{conn: conn, current_user: current_user} do
+ test "hides favorites for new users by default", %{conn: conn} do
user = insert(:user)
activity = insert(:note_activity)
CommonAPI.favorite(activity.id, user)
- conn =
- conn
- |> assign(:user, current_user)
- |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-
assert user.hide_favorites
+ conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/favourites")
+
assert json_response(conn, 403) == %{"error" => "Can't get favorites"}
end
end
describe "subscribing / unsubscribing" do
- test "subscribing / unsubscribing to a user", %{conn: conn} do
- user = insert(:user)
+ test "subscribing / unsubscribing to a user" do
+ %{user: user, conn: conn} = oauth_access(["follow"])
subscription_target = insert(:user)
- conn =
+ ret_conn =
conn
|> assign(:user, user)
|> post("/api/v1/pleroma/accounts/#{subscription_target.id}/subscribe")
- assert %{"id" => _id, "subscribing" => true} = json_response(conn, 200)
+ assert %{"id" => _id, "subscribing" => true} = json_response(ret_conn, 200)
- conn =
- build_conn()
- |> assign(:user, user)
- |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe")
+ conn = post(conn, "/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe")
assert %{"id" => _id, "subscribing" => false} = json_response(conn, 200)
end
end
describe "subscribing" do
- test "returns 404 when subscription_target not found", %{conn: conn} do
- user = insert(:user)
+ test "returns 404 when subscription_target not found" do
+ %{conn: conn} = oauth_access(["write:follows"])
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/pleroma/accounts/target_id/subscribe")
+ conn = post(conn, "/api/v1/pleroma/accounts/target_id/subscribe")
assert %{"error" => "Record not found"} = json_response(conn, 404)
end
end
describe "unsubscribing" do
- test "returns 404 when subscription_target not found", %{conn: conn} do
- user = insert(:user)
+ test "returns 404 when subscription_target not found" do
+ %{conn: conn} = oauth_access(["follow"])
- conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/pleroma/accounts/target_id/unsubscribe")
+ conn = post(conn, "/api/v1/pleroma/accounts/target_id/unsubscribe")
assert %{"error" => "Record not found"} = json_response(conn, 404)
end
diff --git a/test/web/pleroma_api/controllers/emoji_api_controller_test.exs b/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
index 101c4d7d7..8e76f2f3d 100644
--- a/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_api_controller_test.exs
@@ -43,9 +43,12 @@ test "shared & non-shared pack information in list_packs is ok" do
test "listing remote packs" do
admin = insert(:user, is_admin: true)
- conn = build_conn() |> assign(:user, admin)
+ %{conn: conn} = oauth_access(["admin:write"], user: admin)
- resp = conn |> get(emoji_api_path(conn, :list_packs)) |> json_response(200)
+ resp =
+ build_conn()
+ |> get(emoji_api_path(conn, :list_packs))
+ |> json_response(200)
mock(fn
%{method: :get, url: "https://example.com/.well-known/nodeinfo"} ->
@@ -127,7 +130,10 @@ test "downloading shared & unshared packs from another instance via download_fro
admin = insert(:user, is_admin: true)
- conn = build_conn() |> assign(:user, admin)
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, insert(:oauth_admin_token, user: admin, scopes: ["admin:write"]))
assert (conn
|> put_req_header("content-type", "application/json")
@@ -172,8 +178,6 @@ test "downloading shared & unshared packs from another instance via download_fro
# non-shared, downloaded from the fallback URL
- conn = build_conn() |> assign(:user, admin)
-
assert conn
|> put_req_header("content-type", "application/json")
|> post(
@@ -209,8 +213,12 @@ test "downloading shared & unshared packs from another instance via download_fro
File.write!(pack_file, original_content)
end)
+ admin = insert(:user, is_admin: true)
+ %{conn: conn} = oauth_access(["admin:write"], user: admin)
+
{:ok,
- admin: insert(:user, is_admin: true),
+ admin: admin,
+ conn: conn,
pack_file: pack_file,
new_data: %{
"license" => "Test license changed",
@@ -221,10 +229,9 @@ test "downloading shared & unshared packs from another instance via download_fro
end
test "for a pack without a fallback source", ctx do
- conn = build_conn()
+ conn = ctx[:conn]
assert conn
- |> assign(:user, ctx[:admin])
|> post(
emoji_api_path(conn, :update_metadata, "test_pack"),
%{
@@ -254,10 +261,9 @@ test "for a pack with a fallback source", ctx do
"74409E2674DAA06C072729C6C8426C4CB3B7E0B85ED77792DB7A436E11D76DAF"
)
- conn = build_conn()
+ conn = ctx[:conn]
assert conn
- |> assign(:user, ctx[:admin])
|> post(
emoji_api_path(conn, :update_metadata, "test_pack"),
%{
@@ -281,10 +287,9 @@ test "when the fallback source doesn't have all the files", ctx do
new_data = Map.put(ctx[:new_data], "fallback-src", "https://nonshared-pack")
- conn = build_conn()
+ conn = ctx[:conn]
assert (conn
- |> assign(:user, ctx[:admin])
|> post(
emoji_api_path(conn, :update_metadata, "test_pack"),
%{
@@ -308,8 +313,7 @@ test "updating pack files" do
end)
admin = insert(:user, is_admin: true)
-
- conn = build_conn()
+ %{conn: conn} = oauth_access(["admin:write"], user: admin)
same_name = %{
"action" => "add",
@@ -323,8 +327,6 @@ test "updating pack files" do
different_name = %{same_name | "shortcode" => "blank_2"}
- conn = conn |> assign(:user, admin)
-
assert (conn
|> post(emoji_api_path(conn, :update_file, "test_pack"), same_name)
|> json_response(:conflict))["error"] =~ "already exists"
@@ -396,8 +398,7 @@ test "creating and deleting a pack" do
end)
admin = insert(:user, is_admin: true)
-
- conn = build_conn() |> assign(:user, admin)
+ %{conn: conn} = oauth_access(["admin:write"], user: admin)
assert conn
|> put_req_header("content-type", "application/json")
@@ -436,9 +437,9 @@ test "filesystem import" do
refute Map.has_key?(resp, "test_pack_for_import")
admin = insert(:user, is_admin: true)
+ %{conn: conn} = oauth_access(["admin:write"], user: admin)
assert conn
- |> assign(:user, admin)
|> post(emoji_api_path(conn, :import_from_fs))
|> json_response(200) == ["test_pack_for_import"]
@@ -453,11 +454,10 @@ test "filesystem import" do
File.write!("#{@emoji_dir_path}/test_pack_for_import/emoji.txt", emoji_txt_content)
assert conn
- |> assign(:user, admin)
|> post(emoji_api_path(conn, :import_from_fs))
|> json_response(200) == ["test_pack_for_import"]
- resp = conn |> get(emoji_api_path(conn, :list_packs)) |> json_response(200)
+ resp = build_conn() |> get(emoji_api_path(conn, :list_packs)) |> json_response(200)
assert resp["test_pack_for_import"]["files"] == %{
"blank" => "blank.png",
diff --git a/test/web/pleroma_api/controllers/mascot_controller_test.exs b/test/web/pleroma_api/controllers/mascot_controller_test.exs
index ae9539b04..40c33e609 100644
--- a/test/web/pleroma_api/controllers/mascot_controller_test.exs
+++ b/test/web/pleroma_api/controllers/mascot_controller_test.exs
@@ -7,10 +7,8 @@ defmodule Pleroma.Web.PleromaAPI.MascotControllerTest do
alias Pleroma.User
- import Pleroma.Factory
-
- test "mascot upload", %{conn: conn} do
- user = insert(:user)
+ test "mascot upload" do
+ %{conn: conn} = oauth_access(["write:accounts"])
non_image_file = %Plug.Upload{
content_type: "audio/mpeg",
@@ -18,12 +16,9 @@ test "mascot upload", %{conn: conn} do
filename: "sound.mp3"
}
- conn =
- conn
- |> assign(:user, user)
- |> put("/api/v1/pleroma/mascot", %{"file" => non_image_file})
+ ret_conn = put(conn, "/api/v1/pleroma/mascot", %{"file" => non_image_file})
- assert json_response(conn, 415)
+ assert json_response(ret_conn, 415)
file = %Plug.Upload{
content_type: "image/jpg",
@@ -31,23 +26,18 @@ test "mascot upload", %{conn: conn} do
filename: "an_image.jpg"
}
- conn =
- build_conn()
- |> assign(:user, user)
- |> put("/api/v1/pleroma/mascot", %{"file" => file})
+ conn = put(conn, "/api/v1/pleroma/mascot", %{"file" => file})
assert %{"id" => _, "type" => image} = json_response(conn, 200)
end
- test "mascot retrieving", %{conn: conn} do
- user = insert(:user)
- # When user hasn't set a mascot, we should just get pleroma tan back
- conn =
- conn
- |> assign(:user, user)
- |> get("/api/v1/pleroma/mascot")
+ test "mascot retrieving" do
+ %{user: user, conn: conn} = oauth_access(["read:accounts", "write:accounts"])
- assert %{"url" => url} = json_response(conn, 200)
+ # When user hasn't set a mascot, we should just get pleroma tan back
+ ret_conn = get(conn, "/api/v1/pleroma/mascot")
+
+ assert %{"url" => url} = json_response(ret_conn, 200)
assert url =~ "pleroma-fox-tan-smol"
# When a user sets their mascot, we should get that back
@@ -57,17 +47,14 @@ test "mascot retrieving", %{conn: conn} do
filename: "an_image.jpg"
}
- conn =
- build_conn()
- |> assign(:user, user)
- |> put("/api/v1/pleroma/mascot", %{"file" => file})
+ ret_conn = put(conn, "/api/v1/pleroma/mascot", %{"file" => file})
- assert json_response(conn, 200)
+ assert json_response(ret_conn, 200)
user = User.get_cached_by_id(user.id)
conn =
- build_conn()
+ conn
|> assign(:user, user)
|> get("/api/v1/pleroma/mascot")
diff --git a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
index b1b59beed..3f7ef13bc 100644
--- a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
@@ -23,6 +23,7 @@ test "POST /api/v1/pleroma/statuses/:id/react_with_emoji", %{conn: conn} do
result =
conn
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
|> post("/api/v1/pleroma/statuses/#{activity.id}/react_with_emoji", %{"emoji" => "☕"})
assert %{"id" => id} = json_response(result, 200)
@@ -39,6 +40,7 @@ test "POST /api/v1/pleroma/statuses/:id/unreact_with_emoji", %{conn: conn} do
result =
conn
|> assign(:user, other_user)
+ |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
|> post("/api/v1/pleroma/statuses/#{activity.id}/unreact_with_emoji", %{"emoji" => "☕"})
assert %{"id" => id} = json_response(result, 200)
@@ -55,6 +57,11 @@ test "GET /api/v1/pleroma/statuses/:id/emoji_reactions_by", %{conn: conn} do
{:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
+ conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:statuses"]))
+
result =
conn
|> get("/api/v1/pleroma/statuses/#{activity.id}/emoji_reactions_by")
@@ -73,9 +80,9 @@ test "GET /api/v1/pleroma/statuses/:id/emoji_reactions_by", %{conn: conn} do
assert represented_user["id"] == other_user.id
end
- test "/api/v1/pleroma/conversations/:id", %{conn: conn} do
+ test "/api/v1/pleroma/conversations/:id" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
{:ok, _activity} =
CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}!", "visibility" => "direct"})
@@ -84,16 +91,15 @@ test "/api/v1/pleroma/conversations/:id", %{conn: conn} do
result =
conn
- |> assign(:user, other_user)
|> get("/api/v1/pleroma/conversations/#{participation.id}")
|> json_response(200)
assert result["id"] == participation.id |> to_string()
end
- test "/api/v1/pleroma/conversations/:id/statuses", %{conn: conn} do
+ test "/api/v1/pleroma/conversations/:id/statuses" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
third_user = insert(:user)
{:ok, _activity} =
@@ -113,7 +119,6 @@ test "/api/v1/pleroma/conversations/:id/statuses", %{conn: conn} do
result =
conn
- |> assign(:user, other_user)
|> get("/api/v1/pleroma/conversations/#{participation.id}/statuses")
|> json_response(200)
@@ -124,8 +129,8 @@ test "/api/v1/pleroma/conversations/:id/statuses", %{conn: conn} do
assert [%{"id" => ^id_one}, %{"id" => ^id_two}] = result
end
- test "PATCH /api/v1/pleroma/conversations/:id", %{conn: conn} do
- user = insert(:user)
+ test "PATCH /api/v1/pleroma/conversations/:id" do
+ %{user: user, conn: conn} = oauth_access(["write:conversations"])
other_user = insert(:user)
{:ok, _activity} = CommonAPI.post(user, %{"status" => "Hi", "visibility" => "direct"})
@@ -140,7 +145,6 @@ test "PATCH /api/v1/pleroma/conversations/:id", %{conn: conn} do
result =
conn
- |> assign(:user, user)
|> patch("/api/v1/pleroma/conversations/#{participation.id}", %{
"recipients" => [user.id, other_user.id]
})
@@ -155,9 +159,9 @@ test "PATCH /api/v1/pleroma/conversations/:id", %{conn: conn} do
assert other_user in participation.recipients
end
- test "POST /api/v1/pleroma/conversations/read", %{conn: conn} do
+ test "POST /api/v1/pleroma/conversations/read" do
user = insert(:user)
- other_user = insert(:user)
+ %{user: other_user, conn: conn} = oauth_access(["write:notifications"])
{:ok, _activity} =
CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}", "visibility" => "direct"})
@@ -172,7 +176,6 @@ test "POST /api/v1/pleroma/conversations/read", %{conn: conn} do
[%{"unread" => false}, %{"unread" => false}] =
conn
- |> assign(:user, other_user)
|> post("/api/v1/pleroma/conversations/read", %{})
|> json_response(200)
@@ -183,8 +186,9 @@ test "POST /api/v1/pleroma/conversations/read", %{conn: conn} do
end
describe "POST /api/v1/pleroma/notifications/read" do
- test "it marks a single notification as read", %{conn: conn} do
- user1 = insert(:user)
+ setup do: oauth_access(["write:notifications"])
+
+ test "it marks a single notification as read", %{user: user1, conn: conn} do
user2 = insert(:user)
{:ok, activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
{:ok, activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
@@ -193,7 +197,6 @@ test "it marks a single notification as read", %{conn: conn} do
response =
conn
- |> assign(:user, user1)
|> post("/api/v1/pleroma/notifications/read", %{"id" => "#{notification1.id}"})
|> json_response(:ok)
@@ -202,8 +205,7 @@ test "it marks a single notification as read", %{conn: conn} do
refute Repo.get(Notification, notification2.id).seen
end
- test "it marks multiple notifications as read", %{conn: conn} do
- user1 = insert(:user)
+ test "it marks multiple notifications as read", %{user: user1, conn: conn} do
user2 = insert(:user)
{:ok, _activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
{:ok, _activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
@@ -213,7 +215,6 @@ test "it marks multiple notifications as read", %{conn: conn} do
[response1, response2] =
conn
- |> assign(:user, user1)
|> post("/api/v1/pleroma/notifications/read", %{"max_id" => "#{notification2.id}"})
|> json_response(:ok)
@@ -225,11 +226,8 @@ test "it marks multiple notifications as read", %{conn: conn} do
end
test "it returns error when notification not found", %{conn: conn} do
- user1 = insert(:user)
-
response =
conn
- |> assign(:user, user1)
|> post("/api/v1/pleroma/notifications/read", %{"id" => "22222222222222"})
|> json_response(:bad_request)
diff --git a/test/web/pleroma_api/controllers/scrobble_controller_test.exs b/test/web/pleroma_api/controllers/scrobble_controller_test.exs
index 881f8012c..2242610f1 100644
--- a/test/web/pleroma_api/controllers/scrobble_controller_test.exs
+++ b/test/web/pleroma_api/controllers/scrobble_controller_test.exs
@@ -6,16 +6,13 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleControllerTest do
use Pleroma.Web.ConnCase
alias Pleroma.Web.CommonAPI
- import Pleroma.Factory
describe "POST /api/v1/pleroma/scrobble" do
- test "works correctly", %{conn: conn} do
- user = insert(:user)
+ test "works correctly" do
+ %{conn: conn} = oauth_access(["write"])
conn =
- conn
- |> assign(:user, user)
- |> post("/api/v1/pleroma/scrobble", %{
+ post(conn, "/api/v1/pleroma/scrobble", %{
"title" => "lain radio episode 1",
"artist" => "lain",
"album" => "lain radio",
@@ -27,8 +24,8 @@ test "works correctly", %{conn: conn} do
end
describe "GET /api/v1/pleroma/accounts/:id/scrobbles" do
- test "works correctly", %{conn: conn} do
- user = insert(:user)
+ test "works correctly" do
+ %{user: user, conn: conn} = oauth_access(["read"])
{:ok, _activity} =
CommonAPI.listen(user, %{
@@ -51,9 +48,7 @@ test "works correctly", %{conn: conn} do
"album" => "lain radio"
})
- conn =
- conn
- |> get("/api/v1/pleroma/accounts/#{user.id}/scrobbles")
+ conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/scrobbles")
result = json_response(conn, 200)
diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs
index 43299e147..9bfaba9d3 100644
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@@ -6,10 +6,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
use Pleroma.Web.ConnCase
use Oban.Testing, repo: Pleroma.Repo
- alias Pleroma.Repo
alias Pleroma.Tests.ObanHelpers
alias Pleroma.User
alias Pleroma.Web.CommonAPI
+
import ExUnit.CaptureLog
import Pleroma.Factory
import Mock
@@ -24,21 +24,20 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
clear_config([:user, :deny_follow_blocked])
describe "POST /api/pleroma/follow_import" do
+ setup do: oauth_access(["follow"])
+
test "it returns HTTP 200", %{conn: conn} do
- user1 = insert(:user)
user2 = insert(:user)
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"})
|> json_response(:ok)
assert response == "job started"
end
- test "it imports follow lists from file", %{conn: conn} do
- user1 = insert(:user)
+ test "it imports follow lists from file", %{user: user1, conn: conn} do
user2 = insert(:user)
with_mocks([
@@ -49,7 +48,6 @@ test "it imports follow lists from file", %{conn: conn} do
]) do
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}})
|> json_response(:ok)
@@ -67,12 +65,10 @@ test "it imports follow lists from file", %{conn: conn} do
end
test "it imports new-style mastodon follow lists", %{conn: conn} do
- user1 = insert(:user)
user2 = insert(:user)
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/follow_import", %{
"list" => "Account address,Show boosts\n#{user2.ap_id},true"
})
@@ -81,7 +77,7 @@ test "it imports new-style mastodon follow lists", %{conn: conn} do
assert response == "job started"
end
- test "requires 'follow' or 'write:follows' permissions", %{conn: conn} do
+ test "requires 'follow' or 'write:follows' permissions" do
token1 = insert(:oauth_token, scopes: ["read", "write"])
token2 = insert(:oauth_token, scopes: ["follow"])
token3 = insert(:oauth_token, scopes: ["something"])
@@ -89,7 +85,7 @@ test "requires 'follow' or 'write:follows' permissions", %{conn: conn} do
for token <- [token1, token2, token3] do
conn =
- conn
+ build_conn()
|> put_req_header("authorization", "Bearer #{token.token}")
|> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"})
@@ -104,21 +100,21 @@ test "requires 'follow' or 'write:follows' permissions", %{conn: conn} do
end
describe "POST /api/pleroma/blocks_import" do
+ # Note: "follow" or "write:blocks" permission is required
+ setup do: oauth_access(["write:blocks"])
+
test "it returns HTTP 200", %{conn: conn} do
- user1 = insert(:user)
user2 = insert(:user)
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"})
|> json_response(:ok)
assert response == "job started"
end
- test "it imports blocks users from file", %{conn: conn} do
- user1 = insert(:user)
+ test "it imports blocks users from file", %{user: user1, conn: conn} do
user2 = insert(:user)
user3 = insert(:user)
@@ -127,7 +123,6 @@ test "it imports blocks users from file", %{conn: conn} do
]) do
response =
conn
- |> assign(:user, user1)
|> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}})
|> json_response(:ok)
@@ -146,18 +141,17 @@ test "it imports blocks users from file", %{conn: conn} do
end
describe "PUT /api/pleroma/notification_settings" do
- test "it updates notification settings", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+ test "it updates notification settings", %{user: user, conn: conn} do
conn
- |> assign(:user, user)
|> put("/api/pleroma/notification_settings", %{
"followers" => false,
"bar" => 1
})
|> json_response(:ok)
- user = Repo.get(User, user.id)
+ user = refresh_record(user)
assert %Pleroma.User.NotificationSetting{
followers: false,
@@ -168,11 +162,8 @@ test "it updates notification settings", %{conn: conn} do
} == user.notification_settings
end
- test "it update notificatin privacy option", %{conn: conn} do
- user = insert(:user)
-
+ test "it updates notification privacy option", %{user: user, conn: conn} do
conn
- |> assign(:user, user)
|> put("/api/pleroma/notification_settings", %{"privacy_option" => "1"})
|> json_response(:ok)
@@ -374,14 +365,14 @@ test "show follow page with error when user cannot fecth by `acct` link", %{conn
end
end
- describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user " do
- test "follows user", %{conn: conn} do
- user = insert(:user)
+ describe "POST /ostatus_subscribe - do_remote_follow/2 with assigned user" do
+ setup do: oauth_access(["follow"])
+
+ test "follows user", %{user: user, conn: conn} do
user2 = insert(:user)
response =
conn
- |> assign(:user, user)
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
@@ -389,55 +380,63 @@ test "follows user", %{conn: conn} do
assert user2.follower_address in User.following(user)
end
- test "returns error when user is deactivated", %{conn: conn} do
+ test "returns error when user is deactivated" do
user = insert(:user, deactivated: true)
user2 = insert(:user)
response =
- conn
+ build_conn()
|> assign(:user, user)
+ |> assign(:token, insert(:oauth_token, user: user, scopes: ["follow"]))
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
assert response =~ "Error following account"
end
- test "returns error when user is blocked", %{conn: conn} do
+ test "returns error when user is blocked", %{user: user, conn: conn} do
Pleroma.Config.put([:user, :deny_follow_blocked], true)
- user = insert(:user)
user2 = insert(:user)
{:ok, _user_block} = Pleroma.User.block(user2, user)
response =
conn
- |> assign(:user, user)
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
assert response =~ "Error following account"
end
- test "returns error when followee not found", %{conn: conn} do
- user = insert(:user)
+ test "returns error on insufficient permissions", %{user: user, conn: conn} do
+ user2 = insert(:user)
+ for token <- [nil, insert(:oauth_token, user: user, scopes: ["read"])] do
+ response =
+ conn
+ |> assign(:token, token)
+ |> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
+ |> response(200)
+
+ assert response =~ "Error following account"
+ end
+ end
+
+ test "returns error when followee not found", %{conn: conn} do
response =
conn
- |> assign(:user, user)
|> post("/ostatus_subscribe", %{"user" => %{"id" => "jimm"}})
|> response(200)
assert response =~ "Error following account"
end
- test "returns success result when user already in followers", %{conn: conn} do
- user = insert(:user)
+ test "returns success result when user already in followers", %{user: user, conn: conn} do
user2 = insert(:user)
{:ok, _, _, _} = CommonAPI.follow(user, user2)
response =
conn
- |> assign(:user, refresh_record(user))
|> post("/ostatus_subscribe", %{"user" => %{"id" => user2.id}})
|> response(200)
@@ -445,7 +444,7 @@ test "returns success result when user already in followers", %{conn: conn} do
end
end
- describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user " do
+ describe "POST /ostatus_subscribe - do_remote_follow/2 without assigned user" do
test "follows", %{conn: conn} do
user = insert(:user)
user2 = insert(:user)
@@ -552,7 +551,7 @@ test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do
end
end
- test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
+ test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do
Pleroma.Config.put([:instance, :healthcheck], true)
with_mock Pleroma.Healthcheck,
@@ -574,12 +573,11 @@ test "returns 503 when healthcheck enabled and health is false", %{conn: conn}
end
describe "POST /api/pleroma/disable_account" do
- test "it returns HTTP 200", %{conn: conn} do
- user = insert(:user)
+ setup do: oauth_access(["write:accounts"])
+ test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
response =
conn
- |> assign(:user, user)
|> post("/api/pleroma/disable_account", %{"password" => "test"})
|> json_response(:ok)
@@ -591,12 +589,11 @@ test "it returns HTTP 200", %{conn: conn} do
assert user.deactivated == true
end
- test "it returns returns when password invalid", %{conn: conn} do
+ test "with valid permissions and invalid password, it returns an error", %{conn: conn} do
user = insert(:user)
response =
conn
- |> assign(:user, user)
|> post("/api/pleroma/disable_account", %{"password" => "test1"})
|> json_response(:ok)
@@ -666,7 +663,7 @@ test "it redirect to webfinger url", %{conn: conn} do
"https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}"
end
- test "it renders form with error when use not found", %{conn: conn} do
+ test "it renders form with error when user not found", %{conn: conn} do
user2 = insert(:user, ap_id: "shp@social.heldscal.la")
response =
@@ -691,29 +688,21 @@ test "it returns new captcha", %{conn: conn} do
end
end
- defp with_credentials(conn, username, password) do
- header_content = "Basic " <> Base.encode64("#{username}:#{password}")
- put_req_header(conn, "authorization", header_content)
- end
-
- defp valid_user(_context) do
- user = insert(:user)
- [user: user]
- end
-
describe "POST /api/pleroma/change_email" do
- setup [:valid_user]
+ setup do: oauth_access(["write:accounts"])
- test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/pleroma/change_email")
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
- end
-
- test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ test "without permissions", %{conn: conn} do
conn =
conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ |> assign(:token, nil)
+ |> post("/api/pleroma/change_email")
+
+ assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
+ end
+
+ test "with proper permissions and invalid password", %{conn: conn} do
+ conn =
+ post(conn, "/api/pleroma/change_email", %{
"password" => "hi",
"email" => "test@test.com"
})
@@ -721,14 +710,11 @@ test "with credentials and invalid password", %{conn: conn, user: current_user}
assert json_response(conn, 200) == %{"error" => "Invalid password."}
end
- test "with credentials, valid password and invalid email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and invalid email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => "foobar"
})
@@ -736,28 +722,22 @@ test "with credentials, valid password and invalid email", %{
assert json_response(conn, 200) == %{"error" => "Email has invalid format."}
end
- test "with credentials, valid password and no email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and no email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test"
})
assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
end
- test "with credentials, valid password and blank email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and blank email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => ""
})
@@ -765,16 +745,13 @@ test "with credentials, valid password and blank email", %{
assert json_response(conn, 200) == %{"error" => "Email can't be blank."}
end
- test "with credentials, valid password and non unique email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and non unique email", %{
+ conn: conn
} do
user = insert(:user)
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => user.email
})
@@ -782,14 +759,11 @@ test "with credentials, valid password and non unique email", %{
assert json_response(conn, 200) == %{"error" => "Email has already been taken."}
end
- test "with credentials, valid password and valid email", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and valid email", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_email", %{
+ post(conn, "/api/pleroma/change_email", %{
"password" => "test",
"email" => "cofe@foobar.com"
})
@@ -799,18 +773,20 @@ test "with credentials, valid password and valid email", %{
end
describe "POST /api/pleroma/change_password" do
- setup [:valid_user]
+ setup do: oauth_access(["write:accounts"])
- test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/pleroma/change_password")
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
- end
-
- test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ test "without permissions", %{conn: conn} do
conn =
conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ |> assign(:token, nil)
+ |> post("/api/pleroma/change_password")
+
+ assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."}
+ end
+
+ test "with proper permissions and invalid password", %{conn: conn} do
+ conn =
+ post(conn, "/api/pleroma/change_password", %{
"password" => "hi",
"new_password" => "newpass",
"new_password_confirmation" => "newpass"
@@ -819,14 +795,12 @@ test "with credentials and invalid password", %{conn: conn, user: current_user}
assert json_response(conn, 200) == %{"error" => "Invalid password."}
end
- test "with credentials, valid password and new password and confirmation not matching", %{
- conn: conn,
- user: current_user
- } do
+ test "with proper permissions, valid password and new password and confirmation not matching",
+ %{
+ conn: conn
+ } do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "newpass",
"new_password_confirmation" => "notnewpass"
@@ -837,14 +811,11 @@ test "with credentials, valid password and new password and confirmation not mat
}
end
- test "with credentials, valid password and invalid new password", %{
- conn: conn,
- user: current_user
+ test "with proper permissions, valid password and invalid new password", %{
+ conn: conn
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "",
"new_password_confirmation" => ""
@@ -855,47 +826,46 @@ test "with credentials, valid password and invalid new password", %{
}
end
- test "with credentials, valid password and matching new password and confirmation", %{
+ test "with proper permissions, valid password and matching new password and confirmation", %{
conn: conn,
- user: current_user
+ user: user
} do
conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/change_password", %{
+ post(conn, "/api/pleroma/change_password", %{
"password" => "test",
"new_password" => "newpass",
"new_password_confirmation" => "newpass"
})
assert json_response(conn, 200) == %{"status" => "success"}
- fetched_user = User.get_cached_by_id(current_user.id)
+ fetched_user = User.get_cached_by_id(user.id)
assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
end
end
describe "POST /api/pleroma/delete_account" do
- setup [:valid_user]
+ setup do: oauth_access(["write:accounts"])
- test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/pleroma/delete_account")
- assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
- end
-
- test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ test "without permissions", %{conn: conn} do
conn =
conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/delete_account", %{"password" => "hi"})
+ |> assign(:token, nil)
+ |> post("/api/pleroma/delete_account")
- assert json_response(conn, 200) == %{"error" => "Invalid password."}
+ assert json_response(conn, 403) ==
+ %{"error" => "Insufficient permissions: write:accounts."}
end
- test "with credentials and valid password", %{conn: conn, user: current_user} do
- conn =
- conn
- |> with_credentials(current_user.nickname, "test")
- |> post("/api/pleroma/delete_account", %{"password" => "test"})
+ test "with proper permissions and wrong or missing password", %{conn: conn} do
+ for params <- [%{"password" => "hi"}, %{}] do
+ ret_conn = post(conn, "/api/pleroma/delete_account", params)
+
+ assert json_response(ret_conn, 200) == %{"error" => "Invalid password."}
+ end
+ end
+
+ test "with proper permissions and valid password", %{conn: conn} do
+ conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
assert json_response(conn, 200) == %{"status" => "success"}
end