summaryrefslogtreecommitdiff
path: root/test/pleroma/web/admin_api/controllers/user_controller_test.exs
diff options
context:
space:
mode:
Diffstat (limited to 'test/pleroma/web/admin_api/controllers/user_controller_test.exs')
-rw-r--r--test/pleroma/web/admin_api/controllers/user_controller_test.exs297
1 files changed, 200 insertions, 97 deletions
diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs
index 79971be06..bb9dcb4aa 100644
--- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.AdminAPI.UserControllerTest do
- use Pleroma.Web.ConnCase
+ use Pleroma.Web.ConnCase, async: false
use Oban.Testing, repo: Pleroma.Repo
import Mock
@@ -38,6 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end
test "with valid `admin_token` query parameter, skips OAuth scopes check" do
+ clear_config([:instance, :admin_privileges], [:users_read])
clear_config([:admin_token], "password123")
user = insert(:user)
@@ -47,53 +48,10 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
assert json_response_and_validate_schema(conn, 200)
end
- test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
- %{admin: admin} do
- user = insert(:user)
- url = "/api/pleroma/admin/users/#{user.nickname}"
-
- good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
- good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
- good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-
- bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
- bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
- bad_token3 = nil
-
- for good_token <- [good_token1, good_token2, good_token3] do
- conn =
- build_conn()
- |> assign(:user, admin)
- |> assign(:token, good_token)
- |> get(url)
-
- assert json_response_and_validate_schema(conn, 200)
- end
-
- for good_token <- [good_token1, good_token2, good_token3] do
- conn =
- build_conn()
- |> assign(:user, nil)
- |> assign(:token, good_token)
- |> get(url)
-
- assert json_response(conn, :forbidden)
- end
-
- for bad_token <- [bad_token1, bad_token2, bad_token3] do
- conn =
- build_conn()
- |> assign(:user, admin)
- |> assign(:token, bad_token)
- |> get(url)
-
- assert json_response_and_validate_schema(conn, :forbidden)
- end
- end
-
describe "DELETE /api/pleroma/admin/users" do
test "single user", %{admin: admin, conn: conn} do
clear_config([:instance, :federating], true)
+ clear_config([:instance, :admin_privileges], [:users_delete])
user =
insert(:user,
@@ -149,6 +107,8 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end
test "multiple users", %{admin: admin, conn: conn} do
+ clear_config([:instance, :admin_privileges], [:users_delete])
+
user_one = insert(:user)
user_two = insert(:user)
@@ -168,6 +128,17 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
assert response -- [user_one.nickname, user_two.nickname] == []
end
+
+ test "Needs privileged role", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ response =
+ conn
+ |> put_req_header("accept", "application/json")
+ |> delete("/api/pleroma/admin/users?nickname=nickname")
+
+ assert json_response(response, :forbidden)
+ end
end
describe "/api/pleroma/admin/users" do
@@ -307,7 +278,19 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end
end
- describe "/api/pleroma/admin/users/:nickname" do
+ describe "GET /api/pleroma/admin/users/:nickname" do
+ setup do
+ clear_config([:instance, :admin_privileges], [:users_read])
+ end
+
+ test "returns 403 if not privileged with :users_read", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ conn = get(conn, "/api/pleroma/admin/users/user.nickname")
+
+ assert json_response(conn, :forbidden)
+ end
+
test "Show", %{conn: conn} do
user = insert(:user)
@@ -323,6 +306,50 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404)
end
+
+ test "requires admin:read:accounts or broader scope",
+ %{admin: admin} do
+ user = insert(:user)
+ url = "/api/pleroma/admin/users/#{user.nickname}"
+
+ good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+ good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+ good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+
+ bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+ bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+ bad_token3 = nil
+
+ for good_token <- [good_token1, good_token2, good_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response_and_validate_schema(conn, 200)
+ end
+
+ for good_token <- [good_token1, good_token2, good_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, nil)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+
+ for bad_token <- [bad_token1, bad_token2, bad_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, bad_token)
+ |> get(url)
+
+ assert json_response_and_validate_schema(conn, :forbidden)
+ end
+ end
end
describe "/api/pleroma/admin/users/follow" do
@@ -378,6 +405,18 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end
describe "GET /api/pleroma/admin/users" do
+ setup do
+ clear_config([:instance, :admin_privileges], [:users_read])
+ end
+
+ test "returns 403 if not privileged with :users_read", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ conn = get(conn, "/api/pleroma/admin/users?page=1")
+
+ assert json_response(conn, :forbidden)
+ end
+
test "renders users array for the first page", %{conn: conn, admin: admin} do
user = insert(:user, local: false, tags: ["foo", "bar"])
user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude")
@@ -810,67 +849,42 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
end
end
- test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
- user_one = insert(:user, is_active: false)
- user_two = insert(:user, is_active: false)
-
- conn =
- conn
- |> put_req_header("content-type", "application/json")
- |> patch(
- "/api/pleroma/admin/users/activate",
- %{nicknames: [user_one.nickname, user_two.nickname]}
- )
-
- response = json_response_and_validate_schema(conn, 200)
- assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
-
- log_entry = Repo.one(ModerationLog)
-
- assert ModerationLog.get_log_entry_message(log_entry) ==
- "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
- end
+ test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
+ clear_config([:instance, :admin_privileges], [:users_manage_invites])
- test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
- user_one = insert(:user, is_active: true)
- user_two = insert(:user, is_active: true)
+ user_one = insert(:user, is_approved: false)
+ user_two = insert(:user, is_approved: false)
conn =
conn
|> put_req_header("content-type", "application/json")
|> patch(
- "/api/pleroma/admin/users/deactivate",
+ "/api/pleroma/admin/users/approve",
%{nicknames: [user_one.nickname, user_two.nickname]}
)
response = json_response_and_validate_schema(conn, 200)
- assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
+ assert Enum.map(response["users"], & &1["is_approved"]) == [true, true]
log_entry = Repo.one(ModerationLog)
assert ModerationLog.get_log_entry_message(log_entry) ==
- "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
+ "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
end
- test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
- user_one = insert(:user, is_approved: false)
- user_two = insert(:user, is_approved: false)
+ test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :users_manage_invites",
+ %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
conn =
conn
|> put_req_header("content-type", "application/json")
|> patch(
"/api/pleroma/admin/users/approve",
- %{nicknames: [user_one.nickname, user_two.nickname]}
+ %{nicknames: ["user_one.nickname", "user_two.nickname"]}
)
- response = json_response_and_validate_schema(conn, 200)
- assert Enum.map(response["users"], & &1["is_approved"]) == [true, true]
-
- log_entry = Repo.one(ModerationLog)
-
- assert ModerationLog.get_log_entry_message(log_entry) ==
- "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
+ assert json_response(conn, :forbidden)
end
test "PATCH /api/pleroma/admin/users/suggest", %{admin: admin, conn: conn} do
@@ -923,24 +937,113 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
"@#{admin.nickname} removed suggested users: @#{user1.nickname}, @#{user2.nickname}"
end
- test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
- user = insert(:user)
+ describe "user activation" do
+ test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
+ clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
- conn =
- conn
- |> put_req_header("content-type", "application/json")
- |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
+ user_one = insert(:user, is_active: false)
+ user_two = insert(:user, is_active: false)
+
+ conn =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> patch(
+ "/api/pleroma/admin/users/activate",
+ %{nicknames: [user_one.nickname, user_two.nickname]}
+ )
- assert json_response_and_validate_schema(conn, 200) ==
- user_response(
- user,
- %{"is_active" => !user.is_active}
- )
+ response = json_response_and_validate_schema(conn, 200)
+ assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
- log_entry = Repo.one(ModerationLog)
+ log_entry = Repo.one(ModerationLog)
- assert ModerationLog.get_log_entry_message(log_entry) ==
- "@#{admin.nickname} deactivated users: @#{user.nickname}"
+ assert ModerationLog.get_log_entry_message(log_entry) ==
+ "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
+ end
+
+ test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
+ clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
+
+ user_one = insert(:user, is_active: true)
+ user_two = insert(:user, is_active: true)
+
+ conn =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> patch(
+ "/api/pleroma/admin/users/deactivate",
+ %{nicknames: [user_one.nickname, user_two.nickname]}
+ )
+
+ response = json_response_and_validate_schema(conn, 200)
+ assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
+
+ log_entry = Repo.one(ModerationLog)
+
+ assert ModerationLog.get_log_entry_message(log_entry) ==
+ "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
+ end
+
+ test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
+ clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
+
+ user = insert(:user)
+
+ conn =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
+
+ assert json_response_and_validate_schema(conn, 200) ==
+ user_response(
+ user,
+ %{"is_active" => !user.is_active}
+ )
+
+ log_entry = Repo.one(ModerationLog)
+
+ assert ModerationLog.get_log_entry_message(log_entry) ==
+ "@#{admin.nickname} deactivated users: @#{user.nickname}"
+ end
+
+ test "it requires privileged role :statuses_activation to activate", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ conn =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> patch(
+ "/api/pleroma/admin/users/activate",
+ %{nicknames: ["user_one.nickname", "user_two.nickname"]}
+ )
+
+ assert json_response(conn, :forbidden)
+ end
+
+ test "it requires privileged role :statuses_activation to deactivate", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ conn =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> patch(
+ "/api/pleroma/admin/users/deactivate",
+ %{nicknames: ["user_one.nickname", "user_two.nickname"]}
+ )
+
+ assert json_response(conn, :forbidden)
+ end
+
+ test "it requires privileged role :statuses_activation to toggle activation", %{conn: conn} do
+ clear_config([:instance, :admin_privileges], [])
+
+ conn =
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> patch("/api/pleroma/admin/users/user.nickname/toggle_activation")
+
+ assert json_response(conn, :forbidden)
+ end
end
defp user_response(user, attrs \\ %{}) do
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-05 03:07:08 +0000