diff options
Diffstat (limited to 'test/web/twitter_api')
| -rw-r--r-- | test/web/twitter_api/password_controller_test.exs | 81 | ||||
| -rw-r--r-- | test/web/twitter_api/remote_follow_controller_test.exs | 350 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 138 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_test.exs | 432 | ||||
| -rw-r--r-- | test/web/twitter_api/util_controller_test.exs | 601 |
5 files changed, 0 insertions, 1602 deletions
diff --git a/test/web/twitter_api/password_controller_test.exs b/test/web/twitter_api/password_controller_test.exs deleted file mode 100644 index 231a46c67..000000000 --- a/test/web/twitter_api/password_controller_test.exs +++ /dev/null @@ -1,81 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.PasswordResetToken - alias Pleroma.User - alias Pleroma.Web.OAuth.Token - import Pleroma.Factory - - describe "GET /api/pleroma/password_reset/token" do - test "it returns error when token invalid", %{conn: conn} do - response = - conn - |> get("/api/pleroma/password_reset/token") - |> html_response(:ok) - - assert response =~ "<h2>Invalid Token</h2>" - end - - test "it shows password reset form", %{conn: conn} do - user = insert(:user) - {:ok, token} = PasswordResetToken.create_token(user) - - response = - conn - |> get("/api/pleroma/password_reset/#{token.token}") - |> html_response(:ok) - - assert response =~ "<h2>Password Reset for #{user.nickname}</h2>" - end - end - - describe "POST /api/pleroma/password_reset" do - test "it returns HTTP 200", %{conn: conn} do - user = insert(:user) - {:ok, token} = PasswordResetToken.create_token(user) - {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{}) - - params = %{ - "password" => "test", - password_confirmation: "test", - token: token.token - } - - response = - conn - |> assign(:user, user) - |> post("/api/pleroma/password_reset", %{data: params}) - |> html_response(:ok) - - assert response =~ "<h2>Password changed!</h2>" - - user = refresh_record(user) - assert Pbkdf2.verify_pass("test", user.password_hash) - assert Enum.empty?(Token.get_user_tokens(user)) - end - - test "it sets password_reset_pending to false", %{conn: conn} do - user = insert(:user, password_reset_pending: true) - - {:ok, token} = PasswordResetToken.create_token(user) - {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{}) - - params = %{ - "password" => "test", - password_confirmation: "test", - token: token.token - } - - conn - |> assign(:user, user) - |> post("/api/pleroma/password_reset", %{data: params}) - |> html_response(:ok) - - assert User.get_by_id(user.id).password_reset_pending == false - end - end -end diff --git a/test/web/twitter_api/remote_follow_controller_test.exs b/test/web/twitter_api/remote_follow_controller_test.exs deleted file mode 100644 index f7e54c26a..000000000 --- a/test/web/twitter_api/remote_follow_controller_test.exs +++ /dev/null @@ -1,350 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Config - alias Pleroma.MFA - alias Pleroma.MFA.TOTP - alias Pleroma.User - alias Pleroma.Web.CommonAPI - - import ExUnit.CaptureLog - import Pleroma.Factory - import Ecto.Query - - setup do - Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - :ok - end - - setup_all do: clear_config([:instance, :federating], true) - setup do: clear_config([:instance]) - setup do: clear_config([:frontend_configurations, :pleroma_fe]) - setup do: clear_config([:user, :deny_follow_blocked]) - - describe "GET /ostatus_subscribe - remote_follow/2" do - test "adds status to pleroma instance if the `acct` is a status", %{conn: conn} do - assert conn - |> get( - remote_follow_path(conn, :follow, %{ - acct: "https://mastodon.social/users/emelie/statuses/101849165031453009" - }) - ) - |> redirected_to() =~ "/notice/" - end - - test "show follow account page if the `acct` is a account link", %{conn: conn} do - response = - conn - |> get(remote_follow_path(conn, :follow, %{acct: "https://mastodon.social/users/emelie"})) - |> html_response(200) - - assert response =~ "Log in to follow" - end - - test "show follow page if the `acct` is a account link", %{conn: conn} do - user = insert(:user) - - response = - conn - |> assign(:user, user) - |> get(remote_follow_path(conn, :follow, %{acct: "https://mastodon.social/users/emelie"})) - |> html_response(200) - - assert response =~ "Remote follow" - end - - test "show follow page with error when user cannot fecth by `acct` link", %{conn: conn} do - user = insert(:user) - - assert capture_log(fn -> - response = - conn - |> assign(:user, user) - |> get( - remote_follow_path(conn, :follow, %{ - acct: "https://mastodon.social/users/not_found" - }) - ) - |> html_response(200) - - assert response =~ "Error fetching user" - end) =~ "Object has been deleted" - end - end - - describe "POST /ostatus_subscribe - do_follow/2 with assigned user " do - test "required `follow | write:follows` scope", %{conn: conn} do - user = insert(:user) - user2 = insert(:user) - read_token = insert(:oauth_token, user: user, scopes: ["read"]) - - assert capture_log(fn -> - response = - conn - |> assign(:user, user) - |> assign(:token, read_token) - |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}}) - |> response(200) - - assert response =~ "Error following account" - end) =~ "Insufficient permissions: follow | write:follows." - end - - test "follows user", %{conn: conn} do - user = insert(:user) - user2 = insert(:user) - - conn = - conn - |> assign(:user, user) - |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"])) - |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}}) - - assert redirected_to(conn) == "/users/#{user2.id}" - end - - test "returns error when user is deactivated", %{conn: conn} do - user = insert(:user, deactivated: true) - user2 = insert(:user) - - response = - conn - |> assign(:user, user) - |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}}) - |> response(200) - - assert response =~ "Error following account" - end - - test "returns error when user is blocked", %{conn: conn} do - Pleroma.Config.put([:user, :deny_follow_blocked], true) - user = insert(:user) - user2 = insert(:user) - - {:ok, _user_block} = Pleroma.User.block(user2, user) - - response = - conn - |> assign(:user, user) - |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}}) - |> response(200) - - assert response =~ "Error following account" - end - - test "returns error when followee not found", %{conn: conn} do - user = insert(:user) - - response = - conn - |> assign(:user, user) - |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => "jimm"}}) - |> response(200) - - assert response =~ "Error following account" - end - - test "returns success result when user already in followers", %{conn: conn} do - user = insert(:user) - user2 = insert(:user) - {:ok, _, _, _} = CommonAPI.follow(user, user2) - - conn = - conn - |> assign(:user, refresh_record(user)) - |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"])) - |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}}) - - assert redirected_to(conn) == "/users/#{user2.id}" - end - end - - describe "POST /ostatus_subscribe - follow/2 with enabled Two-Factor Auth " do - test "render the MFA login form", %{conn: conn} do - otp_secret = TOTP.generate_secret() - - user = - insert(:user, - multi_factor_authentication_settings: %MFA.Settings{ - enabled: true, - totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true} - } - ) - - user2 = insert(:user) - - response = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id} - }) - |> response(200) - - mfa_token = Pleroma.Repo.one(from(q in Pleroma.MFA.Token, where: q.user_id == ^user.id)) - - assert response =~ "Two-factor authentication" - assert response =~ "Authentication code" - assert response =~ mfa_token.token - refute user2.follower_address in User.following(user) - end - - test "returns error when password is incorrect", %{conn: conn} do - otp_secret = TOTP.generate_secret() - - user = - insert(:user, - multi_factor_authentication_settings: %MFA.Settings{ - enabled: true, - totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true} - } - ) - - user2 = insert(:user) - - response = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => user.nickname, "password" => "test1", "id" => user2.id} - }) - |> response(200) - - assert response =~ "Wrong username or password" - refute user2.follower_address in User.following(user) - end - - test "follows", %{conn: conn} do - otp_secret = TOTP.generate_secret() - - user = - insert(:user, - multi_factor_authentication_settings: %MFA.Settings{ - enabled: true, - totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true} - } - ) - - {:ok, %{token: token}} = MFA.Token.create_token(user) - - user2 = insert(:user) - otp_token = TOTP.generate_token(otp_secret) - - conn = - conn - |> post( - remote_follow_path(conn, :do_follow), - %{ - "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id} - } - ) - - assert redirected_to(conn) == "/users/#{user2.id}" - assert user2.follower_address in User.following(user) - end - - test "returns error when auth code is incorrect", %{conn: conn} do - otp_secret = TOTP.generate_secret() - - user = - insert(:user, - multi_factor_authentication_settings: %MFA.Settings{ - enabled: true, - totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true} - } - ) - - {:ok, %{token: token}} = MFA.Token.create_token(user) - - user2 = insert(:user) - otp_token = TOTP.generate_token(TOTP.generate_secret()) - - response = - conn - |> post( - remote_follow_path(conn, :do_follow), - %{ - "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id} - } - ) - |> response(200) - - assert response =~ "Wrong authentication code" - refute user2.follower_address in User.following(user) - end - end - - describe "POST /ostatus_subscribe - follow/2 without assigned user " do - test "follows", %{conn: conn} do - user = insert(:user) - user2 = insert(:user) - - conn = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id} - }) - - assert redirected_to(conn) == "/users/#{user2.id}" - assert user2.follower_address in User.following(user) - end - - test "returns error when followee not found", %{conn: conn} do - user = insert(:user) - - response = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => user.nickname, "password" => "test", "id" => "jimm"} - }) - |> response(200) - - assert response =~ "Error following account" - end - - test "returns error when login invalid", %{conn: conn} do - user = insert(:user) - - response = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => "jimm", "password" => "test", "id" => user.id} - }) - |> response(200) - - assert response =~ "Wrong username or password" - end - - test "returns error when password invalid", %{conn: conn} do - user = insert(:user) - user2 = insert(:user) - - response = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => user.nickname, "password" => "42", "id" => user2.id} - }) - |> response(200) - - assert response =~ "Wrong username or password" - end - - test "returns error when user is blocked", %{conn: conn} do - Pleroma.Config.put([:user, :deny_follow_blocked], true) - user = insert(:user) - user2 = insert(:user) - {:ok, _user_block} = Pleroma.User.block(user2, user) - - response = - conn - |> post(remote_follow_path(conn, :do_follow), %{ - "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id} - }) - |> response(200) - - assert response =~ "Error following account" - end - end -end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs deleted file mode 100644 index 464d0ea2e..000000000 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ /dev/null @@ -1,138 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.TwitterAPI.ControllerTest do - use Pleroma.Web.ConnCase - - alias Pleroma.Builders.ActivityBuilder - alias Pleroma.Repo - alias Pleroma.User - alias Pleroma.Web.OAuth.Token - - import Pleroma.Factory - - describe "POST /api/qvitter/statuses/notifications/read" do - test "without valid credentials", %{conn: conn} do - conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567}) - assert json_response(conn, 403) == %{"error" => "Invalid credentials."} - end - - test "with credentials, without any params" do - %{conn: conn} = oauth_access(["write:notifications"]) - - conn = post(conn, "/api/qvitter/statuses/notifications/read") - - assert json_response(conn, 400) == %{ - "error" => "You need to specify latest_id", - "request" => "/api/qvitter/statuses/notifications/read" - } - end - - test "with credentials, with params" do - %{user: current_user, conn: conn} = - oauth_access(["read:notifications", "write:notifications"]) - - other_user = insert(:user) - - {:ok, _activity} = - ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) - - response_conn = - conn - |> assign(:user, current_user) - |> get("/api/v1/notifications") - - [notification] = response = json_response(response_conn, 200) - - assert length(response) == 1 - - assert notification["pleroma"]["is_seen"] == false - - response_conn = - conn - |> assign(:user, current_user) - |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]}) - - [notification] = response = json_response(response_conn, 200) - - assert length(response) == 1 - - assert notification["pleroma"]["is_seen"] == true - end - end - - describe "GET /api/account/confirm_email/:id/:token" do - setup do - {:ok, user} = - insert(:user) - |> User.confirmation_changeset(need_confirmation: true) - |> Repo.update() - - assert user.confirmation_pending - - [user: user] - end - - test "it redirects to root url", %{conn: conn, user: user} do - conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.confirmation_token}") - - assert 302 == conn.status - end - - test "it confirms the user account", %{conn: conn, user: user} do - get(conn, "/api/account/confirm_email/#{user.id}/#{user.confirmation_token}") - - user = User.get_cached_by_id(user.id) - - refute user.confirmation_pending - refute user.confirmation_token - end - - test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do - conn = get(conn, "/api/account/confirm_email/0/#{user.confirmation_token}") - - assert 500 == conn.status - end - - test "it returns 500 if token is invalid", %{conn: conn, user: user} do - conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token") - - assert 500 == conn.status - end - end - - describe "GET /api/oauth_tokens" do - setup do - token = insert(:oauth_token) |> Repo.preload(:user) - - %{token: token} - end - - test "renders list", %{token: token} do - response = - build_conn() - |> assign(:user, token.user) - |> get("/api/oauth_tokens") - - keys = - json_response(response, 200) - |> hd() - |> Map.keys() - - assert keys -- ["id", "app_name", "valid_until"] == [] - end - - test "revoke token", %{token: token} do - response = - build_conn() - |> assign(:user, token.user) - |> delete("/api/oauth_tokens/#{token.id}") - - tokens = Token.get_user_tokens(token.user) - - assert tokens == [] - assert response.status == 201 - end - end -end diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs deleted file mode 100644 index 20a45cb6f..000000000 --- a/test/web/twitter_api/twitter_api_test.exs +++ /dev/null @@ -1,432 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do - use Pleroma.DataCase - import Pleroma.Factory - alias Pleroma.Repo - alias Pleroma.Tests.ObanHelpers - alias Pleroma.User - alias Pleroma.UserInviteToken - alias Pleroma.Web.TwitterAPI.TwitterAPI - - setup_all do - Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) - :ok - end - - test "it registers a new user and returns the user." do - data = %{ - :username => "lain", - :email => "lain@wired.jp", - :fullname => "lain iwakura", - :password => "bear", - :confirm => "bear" - } - - {:ok, user} = TwitterAPI.register_user(data) - - assert user == User.get_cached_by_nickname("lain") - end - - test "it registers a new user with empty string in bio and returns the user" do - data = %{ - :username => "lain", - :email => "lain@wired.jp", - :fullname => "lain iwakura", - :bio => "", - :password => "bear", - :confirm => "bear" - } - - {:ok, user} = TwitterAPI.register_user(data) - - assert user == User.get_cached_by_nickname("lain") - end - - test "it sends confirmation email if :account_activation_required is specified in instance config" do - setting = Pleroma.Config.get([:instance, :account_activation_required]) - - unless setting do - Pleroma.Config.put([:instance, :account_activation_required], true) - on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end) - end - - data = %{ - :username => "lain", - :email => "lain@wired.jp", - :fullname => "lain iwakura", - :bio => "", - :password => "bear", - :confirm => "bear" - } - - {:ok, user} = TwitterAPI.register_user(data) - ObanHelpers.perform_all() - - assert user.confirmation_pending - - email = Pleroma.Emails.UserEmail.account_confirmation_email(user) - - notify_email = Pleroma.Config.get([:instance, :notify_email]) - instance_name = Pleroma.Config.get([:instance, :name]) - - Swoosh.TestAssertions.assert_email_sent( - from: {instance_name, notify_email}, - to: {user.name, user.email}, - html_body: email.html_body - ) - end - - test "it sends an admin email if :account_approval_required is specified in instance config" do - admin = insert(:user, is_admin: true) - setting = Pleroma.Config.get([:instance, :account_approval_required]) - - unless setting do - Pleroma.Config.put([:instance, :account_approval_required], true) - on_exit(fn -> Pleroma.Config.put([:instance, :account_approval_required], setting) end) - end - - data = %{ - :username => "lain", - :email => "lain@wired.jp", - :fullname => "lain iwakura", - :bio => "", - :password => "bear", - :confirm => "bear", - :reason => "I love anime" - } - - {:ok, user} = TwitterAPI.register_user(data) - ObanHelpers.perform_all() - - assert user.approval_pending - - email = Pleroma.Emails.AdminEmail.new_unapproved_registration(admin, user) - - notify_email = Pleroma.Config.get([:instance, :notify_email]) - instance_name = Pleroma.Config.get([:instance, :name]) - - Swoosh.TestAssertions.assert_email_sent( - from: {instance_name, notify_email}, - to: {admin.name, admin.email}, - html_body: email.html_body - ) - end - - test "it registers a new user and parses mentions in the bio" do - data1 = %{ - :username => "john", - :email => "john@gmail.com", - :fullname => "John Doe", - :bio => "test", - :password => "bear", - :confirm => "bear" - } - - {:ok, user1} = TwitterAPI.register_user(data1) - - data2 = %{ - :username => "lain", - :email => "lain@wired.jp", - :fullname => "lain iwakura", - :bio => "@john test", - :password => "bear", - :confirm => "bear" - } - - {:ok, user2} = TwitterAPI.register_user(data2) - - expected_text = - ~s(<span class="h-card"><a class="u-url mention" data-user="#{user1.id}" href="#{ - user1.ap_id - }" rel="ugc">@<span>john</span></a></span> test) - - assert user2.bio == expected_text - end - - describe "register with one time token" do - setup do: clear_config([:instance, :registrations_open], false) - - test "returns user on success" do - {:ok, invite} = UserInviteToken.create_invite() - - data = %{ - :username => "vinny", - :email => "pasta@pizza.vs", - :fullname => "Vinny Vinesauce", - :bio => "streamer", - :password => "hiptofbees", - :confirm => "hiptofbees", - :token => invite.token - } - - {:ok, user} = TwitterAPI.register_user(data) - - assert user == User.get_cached_by_nickname("vinny") - - invite = Repo.get_by(UserInviteToken, token: invite.token) - assert invite.used == true - end - - test "returns error on invalid token" do - data = %{ - :username => "GrimReaper", - :email => "death@reapers.afterlife", - :fullname => "Reaper Grim", - :bio => "Your time has come", - :password => "scythe", - :confirm => "scythe", - :token => "DudeLetMeInImAFairy" - } - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Invalid token" - refute User.get_cached_by_nickname("GrimReaper") - end - - test "returns error on expired token" do - {:ok, invite} = UserInviteToken.create_invite() - UserInviteToken.update_invite!(invite, used: true) - - data = %{ - :username => "GrimReaper", - :email => "death@reapers.afterlife", - :fullname => "Reaper Grim", - :bio => "Your time has come", - :password => "scythe", - :confirm => "scythe", - :token => invite.token - } - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Expired token" - refute User.get_cached_by_nickname("GrimReaper") - end - end - - describe "registers with date limited token" do - setup do: clear_config([:instance, :registrations_open], false) - - setup do - data = %{ - :username => "vinny", - :email => "pasta@pizza.vs", - :fullname => "Vinny Vinesauce", - :bio => "streamer", - :password => "hiptofbees", - :confirm => "hiptofbees" - } - - check_fn = fn invite -> - data = Map.put(data, :token, invite.token) - {:ok, user} = TwitterAPI.register_user(data) - - assert user == User.get_cached_by_nickname("vinny") - end - - {:ok, data: data, check_fn: check_fn} - end - - test "returns user on success", %{check_fn: check_fn} do - {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today()}) - - check_fn.(invite) - - invite = Repo.get_by(UserInviteToken, token: invite.token) - - refute invite.used - end - - test "returns user on token which expired tomorrow", %{check_fn: check_fn} do - {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), 1)}) - - check_fn.(invite) - - invite = Repo.get_by(UserInviteToken, token: invite.token) - - refute invite.used - end - - test "returns an error on overdue date", %{data: data} do - {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1)}) - - data = Map.put(data, "token", invite.token) - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Expired token" - refute User.get_cached_by_nickname("vinny") - invite = Repo.get_by(UserInviteToken, token: invite.token) - - refute invite.used - end - end - - describe "registers with reusable token" do - setup do: clear_config([:instance, :registrations_open], false) - - test "returns user on success, after him registration fails" do - {:ok, invite} = UserInviteToken.create_invite(%{max_use: 100}) - - UserInviteToken.update_invite!(invite, uses: 99) - - data = %{ - :username => "vinny", - :email => "pasta@pizza.vs", - :fullname => "Vinny Vinesauce", - :bio => "streamer", - :password => "hiptofbees", - :confirm => "hiptofbees", - :token => invite.token - } - - {:ok, user} = TwitterAPI.register_user(data) - assert user == User.get_cached_by_nickname("vinny") - - invite = Repo.get_by(UserInviteToken, token: invite.token) - assert invite.used == true - - data = %{ - :username => "GrimReaper", - :email => "death@reapers.afterlife", - :fullname => "Reaper Grim", - :bio => "Your time has come", - :password => "scythe", - :confirm => "scythe", - :token => invite.token - } - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Expired token" - refute User.get_cached_by_nickname("GrimReaper") - end - end - - describe "registers with reusable date limited token" do - setup do: clear_config([:instance, :registrations_open], false) - - test "returns user on success" do - {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100}) - - data = %{ - :username => "vinny", - :email => "pasta@pizza.vs", - :fullname => "Vinny Vinesauce", - :bio => "streamer", - :password => "hiptofbees", - :confirm => "hiptofbees", - :token => invite.token - } - - {:ok, user} = TwitterAPI.register_user(data) - assert user == User.get_cached_by_nickname("vinny") - - invite = Repo.get_by(UserInviteToken, token: invite.token) - refute invite.used - end - - test "error after max uses" do - {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100}) - - UserInviteToken.update_invite!(invite, uses: 99) - - data = %{ - :username => "vinny", - :email => "pasta@pizza.vs", - :fullname => "Vinny Vinesauce", - :bio => "streamer", - :password => "hiptofbees", - :confirm => "hiptofbees", - :token => invite.token - } - - {:ok, user} = TwitterAPI.register_user(data) - assert user == User.get_cached_by_nickname("vinny") - - invite = Repo.get_by(UserInviteToken, token: invite.token) - assert invite.used == true - - data = %{ - :username => "GrimReaper", - :email => "death@reapers.afterlife", - :fullname => "Reaper Grim", - :bio => "Your time has come", - :password => "scythe", - :confirm => "scythe", - :token => invite.token - } - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Expired token" - refute User.get_cached_by_nickname("GrimReaper") - end - - test "returns error on overdue date" do - {:ok, invite} = - UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100}) - - data = %{ - :username => "GrimReaper", - :email => "death@reapers.afterlife", - :fullname => "Reaper Grim", - :bio => "Your time has come", - :password => "scythe", - :confirm => "scythe", - :token => invite.token - } - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Expired token" - refute User.get_cached_by_nickname("GrimReaper") - end - - test "returns error on with overdue date and after max" do - {:ok, invite} = - UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100}) - - UserInviteToken.update_invite!(invite, uses: 100) - - data = %{ - :username => "GrimReaper", - :email => "death@reapers.afterlife", - :fullname => "Reaper Grim", - :bio => "Your time has come", - :password => "scythe", - :confirm => "scythe", - :token => invite.token - } - - {:error, msg} = TwitterAPI.register_user(data) - - assert msg == "Expired token" - refute User.get_cached_by_nickname("GrimReaper") - end - end - - test "it returns the error on registration problems" do - data = %{ - :username => "lain", - :email => "lain@wired.jp", - :fullname => "lain iwakura", - :bio => "close the world." - } - - {:error, error} = TwitterAPI.register_user(data) - - assert is_binary(error) - refute User.get_cached_by_nickname("lain") - end - - setup do - Supervisor.terminate_child(Pleroma.Supervisor, Cachex) - Supervisor.restart_child(Pleroma.Supervisor, Cachex) - :ok - end -end diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs deleted file mode 100644 index 354d77b56..000000000 --- a/test/web/twitter_api/util_controller_test.exs +++ /dev/null @@ -1,601 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do - use Pleroma.Web.ConnCase - use Oban.Testing, repo: Pleroma.Repo - - alias Pleroma.Config - alias Pleroma.Tests.ObanHelpers - alias Pleroma.User - - import Pleroma.Factory - import Mock - - setup do - Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - :ok - end - - setup do: clear_config([:instance]) - setup do: clear_config([:frontend_configurations, :pleroma_fe]) - - describe "POST /api/pleroma/follow_import" do - setup do: oauth_access(["follow"]) - - test "it returns HTTP 200", %{conn: conn} do - user2 = insert(:user) - - response = - conn - |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) - - assert response == "job started" - end - - test "it imports follow lists from file", %{user: user1, conn: conn} do - user2 = insert(:user) - - with_mocks([ - {File, [], - read!: fn "follow_list.txt" -> - "Account address,Show boosts\n#{user2.ap_id},true" - end} - ]) do - response = - conn - |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}}) - |> json_response(:ok) - - assert response == "job started" - - assert ObanHelpers.member?( - %{ - "op" => "follow_import", - "follower_id" => user1.id, - "followed_identifiers" => [user2.ap_id] - }, - all_enqueued(worker: Pleroma.Workers.BackgroundWorker) - ) - end - end - - test "it imports new-style mastodon follow lists", %{conn: conn} do - user2 = insert(:user) - - response = - conn - |> post("/api/pleroma/follow_import", %{ - "list" => "Account address,Show boosts\n#{user2.ap_id},true" - }) - |> json_response(:ok) - - assert response == "job started" - end - - test "requires 'follow' or 'write:follows' permissions" do - token1 = insert(:oauth_token, scopes: ["read", "write"]) - token2 = insert(:oauth_token, scopes: ["follow"]) - token3 = insert(:oauth_token, scopes: ["something"]) - another_user = insert(:user) - - for token <- [token1, token2, token3] do - conn = - build_conn() - |> put_req_header("authorization", "Bearer #{token.token}") - |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"}) - - if token == token3 do - assert %{"error" => "Insufficient permissions: follow | write:follows."} == - json_response(conn, 403) - else - assert json_response(conn, 200) - end - end - end - - test "it imports follows with different nickname variations", %{conn: conn} do - [user2, user3, user4, user5, user6] = insert_list(5, :user) - - identifiers = - [ - user2.ap_id, - user3.nickname, - " ", - "@" <> user4.nickname, - user5.nickname <> "@localhost", - "@" <> user6.nickname <> "@localhost" - ] - |> Enum.join("\n") - - response = - conn - |> post("/api/pleroma/follow_import", %{"list" => identifiers}) - |> json_response(:ok) - - assert response == "job started" - assert [{:ok, job_result}] = ObanHelpers.perform_all() - assert job_result == [user2, user3, user4, user5, user6] - end - end - - describe "POST /api/pleroma/blocks_import" do - # Note: "follow" or "write:blocks" permission is required - setup do: oauth_access(["write:blocks"]) - - test "it returns HTTP 200", %{conn: conn} do - user2 = insert(:user) - - response = - conn - |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) - - assert response == "job started" - end - - test "it imports blocks users from file", %{user: user1, conn: conn} do - user2 = insert(:user) - user3 = insert(:user) - - with_mocks([ - {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end} - ]) do - response = - conn - |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}}) - |> json_response(:ok) - - assert response == "job started" - - assert ObanHelpers.member?( - %{ - "op" => "blocks_import", - "blocker_id" => user1.id, - "blocked_identifiers" => [user2.ap_id, user3.ap_id] - }, - all_enqueued(worker: Pleroma.Workers.BackgroundWorker) - ) - end - end - - test "it imports blocks with different nickname variations", %{conn: conn} do - [user2, user3, user4, user5, user6] = insert_list(5, :user) - - identifiers = - [ - user2.ap_id, - user3.nickname, - "@" <> user4.nickname, - user5.nickname <> "@localhost", - "@" <> user6.nickname <> "@localhost" - ] - |> Enum.join(" ") - - response = - conn - |> post("/api/pleroma/blocks_import", %{"list" => identifiers}) - |> json_response(:ok) - - assert response == "job started" - assert [{:ok, job_result}] = ObanHelpers.perform_all() - assert job_result == [user2, user3, user4, user5, user6] - end - end - - describe "PUT /api/pleroma/notification_settings" do - setup do: oauth_access(["write:accounts"]) - - test "it updates notification settings", %{user: user, conn: conn} do - conn - |> put("/api/pleroma/notification_settings", %{ - "block_from_strangers" => true, - "bar" => 1 - }) - |> json_response(:ok) - - user = refresh_record(user) - - assert %Pleroma.User.NotificationSetting{ - block_from_strangers: true, - hide_notification_contents: false - } == user.notification_settings - end - - test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do - conn - |> put("/api/pleroma/notification_settings", %{"hide_notification_contents" => "1"}) - |> json_response(:ok) - - user = refresh_record(user) - - assert %Pleroma.User.NotificationSetting{ - block_from_strangers: false, - hide_notification_contents: true - } == user.notification_settings - end - end - - describe "GET /api/pleroma/frontend_configurations" do - test "returns everything in :pleroma, :frontend_configurations", %{conn: conn} do - config = [ - frontend_a: %{ - x: 1, - y: 2 - }, - frontend_b: %{ - z: 3 - } - ] - - Config.put(:frontend_configurations, config) - - response = - conn - |> get("/api/pleroma/frontend_configurations") - |> json_response(:ok) - - assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!() - end - end - - describe "/api/pleroma/emoji" do - test "returns json with custom emoji with tags", %{conn: conn} do - emoji = - conn - |> get("/api/pleroma/emoji") - |> json_response(200) - - assert Enum.all?(emoji, fn - {_key, - %{ - "image_url" => url, - "tags" => tags - }} -> - is_binary(url) and is_list(tags) - end) - end - end - - describe "GET /api/pleroma/healthcheck" do - setup do: clear_config([:instance, :healthcheck]) - - test "returns 503 when healthcheck disabled", %{conn: conn} do - Config.put([:instance, :healthcheck], false) - - response = - conn - |> get("/api/pleroma/healthcheck") - |> json_response(503) - - assert response == %{} - end - - test "returns 200 when healthcheck enabled and all ok", %{conn: conn} do - Config.put([:instance, :healthcheck], true) - - with_mock Pleroma.Healthcheck, - system_info: fn -> %Pleroma.Healthcheck{healthy: true} end do - response = - conn - |> get("/api/pleroma/healthcheck") - |> json_response(200) - - assert %{ - "active" => _, - "healthy" => true, - "idle" => _, - "memory_used" => _, - "pool_size" => _ - } = response - end - end - - test "returns 503 when healthcheck enabled and health is false", %{conn: conn} do - Config.put([:instance, :healthcheck], true) - - with_mock Pleroma.Healthcheck, - system_info: fn -> %Pleroma.Healthcheck{healthy: false} end do - response = - conn - |> get("/api/pleroma/healthcheck") - |> json_response(503) - - assert %{ - "active" => _, - "healthy" => false, - "idle" => _, - "memory_used" => _, - "pool_size" => _ - } = response - end - end - end - - describe "POST /api/pleroma/disable_account" do - setup do: oauth_access(["write:accounts"]) - - test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do - response = - conn - |> post("/api/pleroma/disable_account", %{"password" => "test"}) - |> json_response(:ok) - - assert response == %{"status" => "success"} - ObanHelpers.perform_all() - - user = User.get_cached_by_id(user.id) - - assert user.deactivated == true - end - - test "with valid permissions and invalid password, it returns an error", %{conn: conn} do - user = insert(:user) - - response = - conn - |> post("/api/pleroma/disable_account", %{"password" => "test1"}) - |> json_response(:ok) - - assert response == %{"error" => "Invalid password."} - user = User.get_cached_by_id(user.id) - - refute user.deactivated - end - end - - describe "POST /main/ostatus - remote_subscribe/2" do - setup do: clear_config([:instance, :federating], true) - - test "renders subscribe form", %{conn: conn} do - user = insert(:user) - - response = - conn - |> post("/main/ostatus", %{"nickname" => user.nickname, "profile" => ""}) - |> response(:ok) - - refute response =~ "Could not find user" - assert response =~ "Remotely follow #{user.nickname}" - end - - test "renders subscribe form with error when user not found", %{conn: conn} do - response = - conn - |> post("/main/ostatus", %{"nickname" => "nickname", "profile" => ""}) - |> response(:ok) - - assert response =~ "Could not find user" - refute response =~ "Remotely follow" - end - - test "it redirect to webfinger url", %{conn: conn} do - user = insert(:user) - user2 = insert(:user, ap_id: "shp@social.heldscal.la") - - conn = - conn - |> post("/main/ostatus", %{ - "user" => %{"nickname" => user.nickname, "profile" => user2.ap_id} - }) - - assert redirected_to(conn) == - "https://social.heldscal.la/main/ostatussub?profile=#{user.ap_id}" - end - - test "it renders form with error when user not found", %{conn: conn} do - user2 = insert(:user, ap_id: "shp@social.heldscal.la") - - response = - conn - |> post("/main/ostatus", %{"user" => %{"nickname" => "jimm", "profile" => user2.ap_id}}) - |> response(:ok) - - assert response =~ "Something went wrong." - end - end - - test "it returns new captcha", %{conn: conn} do - with_mock Pleroma.Captcha, - new: fn -> "test_captcha" end do - resp = - conn - |> get("/api/pleroma/captcha") - |> response(200) - - assert resp == "\"test_captcha\"" - assert called(Pleroma.Captcha.new()) - end - end - - describe "POST /api/pleroma/change_email" do - setup do: oauth_access(["write:accounts"]) - - test "without permissions", %{conn: conn} do - conn = - conn - |> assign(:token, nil) - |> post("/api/pleroma/change_email") - - assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."} - end - - test "with proper permissions and invalid password", %{conn: conn} do - conn = - post(conn, "/api/pleroma/change_email", %{ - "password" => "hi", - "email" => "test@test.com" - }) - - assert json_response(conn, 200) == %{"error" => "Invalid password."} - end - - test "with proper permissions, valid password and invalid email", %{ - conn: conn - } do - conn = - post(conn, "/api/pleroma/change_email", %{ - "password" => "test", - "email" => "foobar" - }) - - assert json_response(conn, 200) == %{"error" => "Email has invalid format."} - end - - test "with proper permissions, valid password and no email", %{ - conn: conn - } do - conn = - post(conn, "/api/pleroma/change_email", %{ - "password" => "test" - }) - - assert json_response(conn, 200) == %{"error" => "Email can't be blank."} - end - - test "with proper permissions, valid password and blank email", %{ - conn: conn - } do - conn = - post(conn, "/api/pleroma/change_email", %{ - "password" => "test", - "email" => "" - }) - - assert json_response(conn, 200) == %{"error" => "Email can't be blank."} - end - - test "with proper permissions, valid password and non unique email", %{ - conn: conn - } do - user = insert(:user) - - conn = - post(conn, "/api/pleroma/change_email", %{ - "password" => "test", - "email" => user.email - }) - - assert json_response(conn, 200) == %{"error" => "Email has already been taken."} - end - - test "with proper permissions, valid password and valid email", %{ - conn: conn - } do - conn = - post(conn, "/api/pleroma/change_email", %{ - "password" => "test", - "email" => "cofe@foobar.com" - }) - - assert json_response(conn, 200) == %{"status" => "success"} - end - end - - describe "POST /api/pleroma/change_password" do - setup do: oauth_access(["write:accounts"]) - - test "without permissions", %{conn: conn} do - conn = - conn - |> assign(:token, nil) - |> post("/api/pleroma/change_password") - - assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."} - end - - test "with proper permissions and invalid password", %{conn: conn} do - conn = - post(conn, "/api/pleroma/change_password", %{ - "password" => "hi", - "new_password" => "newpass", - "new_password_confirmation" => "newpass" - }) - - assert json_response(conn, 200) == %{"error" => "Invalid password."} - end - - test "with proper permissions, valid password and new password and confirmation not matching", - %{ - conn: conn - } do - conn = - post(conn, "/api/pleroma/change_password", %{ - "password" => "test", - "new_password" => "newpass", - "new_password_confirmation" => "notnewpass" - }) - - assert json_response(conn, 200) == %{ - "error" => "New password does not match confirmation." - } - end - - test "with proper permissions, valid password and invalid new password", %{ - conn: conn - } do - conn = - post(conn, "/api/pleroma/change_password", %{ - "password" => "test", - "new_password" => "", - "new_password_confirmation" => "" - }) - - assert json_response(conn, 200) == %{ - "error" => "New password can't be blank." - } - end - - test "with proper permissions, valid password and matching new password and confirmation", %{ - conn: conn, - user: user - } do - conn = - post(conn, "/api/pleroma/change_password", %{ - "password" => "test", - "new_password" => "newpass", - "new_password_confirmation" => "newpass" - }) - - assert json_response(conn, 200) == %{"status" => "success"} - fetched_user = User.get_cached_by_id(user.id) - assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true - end - end - - describe "POST /api/pleroma/delete_account" do - setup do: oauth_access(["write:accounts"]) - - test "without permissions", %{conn: conn} do - conn = - conn - |> assign(:token, nil) - |> post("/api/pleroma/delete_account") - - assert json_response(conn, 403) == - %{"error" => "Insufficient permissions: write:accounts."} - end - - test "with proper permissions and wrong or missing password", %{conn: conn} do - for params <- [%{"password" => "hi"}, %{}] do - ret_conn = post(conn, "/api/pleroma/delete_account", params) - - assert json_response(ret_conn, 200) == %{"error" => "Invalid password."} - end - end - - test "with proper permissions and valid password", %{conn: conn, user: user} do - conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"}) - ObanHelpers.perform_all() - assert json_response(conn, 200) == %{"status" => "success"} - - user = User.get_by_id(user.id) - assert user.deactivated == true - assert user.name == nil - assert user.bio == nil - assert user.password_hash == nil - end - end -end |