Mutex/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'tests/openapi-everywhere' into 'develop'

Browse source 
Put OpenAPI ~everywhere in tests

See merge request pleroma/pleroma!3324
This commit is contained in:
Haelwenn 2021-06-04 18:53:09 +00:00
commit 0c56f9de0d
17 changed files with 389 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -25,6 +25,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Don't crash so hard when email settings are invalid. - Don't crash so hard when email settings are invalid.
- Checking activated Upload Filters for required commands. - Checking activated Upload Filters for required commands.
### Removed
- **Breaking**: Remove deprecated `/api/qvitter/statuses/notifications/read` (replaced by `/api/v1/pleroma/notifications/read`)
## Unreleased (Patch) ## Unreleased (Patch)
### Fixed ### Fixed

1
lib/pleroma/web/api_spec/operations/media_operation.ex
View file

@ -105,6 +105,7 @@ defmodule Pleroma.Web.ApiSpec.MediaOperation do
responses: %{ responses: %{
200 => Operation.response("Media", "application/json", Attachment), 200 => Operation.response("Media", "application/json", Attachment),
401 => Operation.response("Media", "application/json", ApiError), 401 => Operation.response("Media", "application/json", ApiError),
403 => Operation.response("Media", "application/json", ApiError),
422 => Operation.response("Media", "application/json", ApiError) 422 => Operation.response("Media", "application/json", ApiError)
} }
} }

3
lib/pleroma/web/api_spec/operations/timeline_operation.ex
View file

@ -115,7 +115,8 @@ defmodule Pleroma.Web.ApiSpec.TimelineOperation do
], ],
operationId: "TimelineController.hashtag", operationId: "TimelineController.hashtag",
responses: %{ responses: %{
200 => Operation.response("Array of Status", "application/json", array_of_statuses()) 200 => Operation.response("Array of Status", "application/json", array_of_statuses()),
401 => Operation.response("Error", "application/json", ApiError)
} }
} }
end end

219
lib/pleroma/web/api_spec/operations/twitter_util_operation.ex Normal file
View file

@ -0,0 +1,219 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
alias OpenApiSpex.Operation
alias OpenApiSpex.Schema
alias Pleroma.Web.ApiSpec.Schemas.ApiError
alias Pleroma.Web.ApiSpec.Schemas.BooleanLike
def open_api_operation(action) do
operation = String.to_existing_atom("#{action}_operation")
apply(__MODULE__, operation, [])
end
def emoji_operation do
%Operation{
tags: ["Emojis"],
summary: "List all custom emojis",
operationId: "UtilController.emoji",
parameters: [],
responses: %{
200 =>
Operation.response("List", "application/json", %Schema{
type: :object,
additionalProperties: %Schema{
type: :object,
properties: %{
image_url: %Schema{type: :string},
tags: %Schema{type: :array, items: %Schema{type: :string}}
}
},
example: %{
"firefox" => %{
"image_url" => "/emoji/firefox.png",
"tag" => ["Fun"]
}
}
})
}
}
end
def frontend_configurations_operation do
%Operation{
tags: ["Configuration"],
summary: "Dump frontend configurations",
operationId: "UtilController.frontend_configurations",
parameters: [],
responses: %{
200 =>
Operation.response("List", "application/json", %Schema{
type: :object,
additionalProperties: %Schema{type: :object}
})
}
}
end
def change_password_operation do
%Operation{
tags: ["Account credentials"],
summary: "Change account password",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.change_password",
parameters: [
Operation.parameter(:password, :query, :string, "Current password", required: true),
Operation.parameter(:new_password, :query, :string, "New password", required: true),
Operation.parameter(
:new_password_confirmation,
:query,
:string,
"New password, confirmation",
required: true
)
],
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{status: %Schema{type: :string, example: "success"}}
}),
400 => Operation.response("Error", "application/json", ApiError),
403 => Operation.response("Error", "application/json", ApiError)
}
}
end
def change_email_operation do
%Operation{
tags: ["Account credentials"],
summary: "Change account email",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.change_email",
parameters: [
Operation.parameter(:password, :query, :string, "Current password", required: true),
Operation.parameter(:email, :query, :string, "New email", required: true)
],
requestBody: nil,
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{status: %Schema{type: :string, example: "success"}}
}),
400 => Operation.response("Error", "application/json", ApiError),
403 => Operation.response("Error", "application/json", ApiError)
}
}
end
def update_notificaton_settings_operation do
%Operation{
tags: ["Accounts"],
summary: "Update Notification Settings",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.update_notificaton_settings",
parameters: [
Operation.parameter(
:block_from_strangers,
:query,
BooleanLike,
"blocks notifications from accounts you do not follow"
),
Operation.parameter(
:hide_notification_contents,
:query,
BooleanLike,
"removes the contents of a message from the push notification"
)
],
requestBody: nil,
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{status: %Schema{type: :string, example: "success"}}
}),
400 => Operation.response("Error", "application/json", ApiError)
}
}
end
def disable_account_operation do
%Operation{
tags: ["Account credentials"],
summary: "Disable Account",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.disable_account",
parameters: [
Operation.parameter(:password, :query, :string, "Password")
],
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{status: %Schema{type: :string, example: "success"}}
}),
403 => Operation.response("Error", "application/json", ApiError)
}
}
end
def delete_account_operation do
%Operation{
tags: ["Account credentials"],
summary: "Delete Account",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.delete_account",
parameters: [
Operation.parameter(:password, :query, :string, "Password")
],
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{status: %Schema{type: :string, example: "success"}}
}),
403 => Operation.response("Error", "application/json", ApiError)
}
}
end
def captcha_operation do
%Operation{
summary: "Get a captcha",
operationId: "UtilController.captcha",
parameters: [],
responses: %{
200 => Operation.response("Success", "application/json", %Schema{type: :object})
}
}
end
def healthcheck_operation do
%Operation{
tags: ["Accounts"],
summary: "Quick status check on the instance",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.healthcheck",
parameters: [],
responses: %{
200 => Operation.response("Healthy", "application/json", %Schema{type: :object}),
503 =>
Operation.response("Disabled or Unhealthy", "application/json", %Schema{type: :object})
}
}
end
def remote_subscribe_operation do
%Operation{
tags: ["Accounts"],
summary: "Remote Subscribe",
operationId: "UtilController.remote_subscribe",
parameters: [],
responses: %{200 => Operation.response("Web Page", "test/html", %Schema{type: :string})}
}
end
end

1
lib/pleroma/web/api_spec/operations/user_import_operation.ex
View file

@ -23,6 +23,7 @@ defmodule Pleroma.Web.ApiSpec.UserImportOperation do
requestBody: request_body("Parameters", import_request(), required: true), requestBody: request_body("Parameters", import_request(), required: true),
responses: %{ responses: %{
200 => ok_response(), 200 => ok_response(),
403 => Operation.response("Error", "application/json", ApiError),
500 => Operation.response("Error", "application/json", ApiError) 500 => Operation.response("Error", "application/json", ApiError)
}, },
security: [%{"oAuth" => ["write:follow"]}] security: [%{"oAuth" => ["write:follow"]}]

6
lib/pleroma/web/router.ex
View file

@ -624,12 +624,6 @@ defmodule Pleroma.Web.Router do
get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens) get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token) delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
post(
"/qvitter/statuses/notifications/read",
TwitterAPI.Controller,
:mark_notifications_as_read
)
end end
scope "/", Pleroma.Web do scope "/", Pleroma.Web do

33
lib/pleroma/web/twitter_api/controller.ex
View file

@ -5,7 +5,6 @@
defmodule Pleroma.Web.TwitterAPI.Controller do defmodule Pleroma.Web.TwitterAPI.Controller do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Notification
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.Token
alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
@ -14,11 +13,6 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
require Logger require Logger
plug(
OAuthScopesPlug,
%{scopes: ["write:notifications"]} when action == :mark_notifications_as_read
)
plug( plug(
:skip_plug, :skip_plug,
[OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :confirm_email [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :confirm_email
@ -67,31 +61,4 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
|> put_resp_content_type("application/json") |> put_resp_content_type("application/json")
|> send_resp(status, json) |> send_resp(status, json)
end end
def mark_notifications_as_read(
%{assigns: %{user: user}} = conn,
%{"latest_id" => latest_id} = params
) do
Notification.set_read_up_to(user, latest_id)
notifications = Notification.for_user(user, params)
conn
# XXX: This is a hack because pleroma-fe still uses that API.
|> put_view(Pleroma.Web.MastodonAPI.NotificationView)
|> render("index.json", %{notifications: notifications, for: user})
end
def mark_notifications_as_read(%{assigns: %{user: _user}} = conn, _) do
bad_request_reply(conn, "You need to specify latest_id")
end
defp bad_request_reply(conn, error_message) do
json = error_json(conn, error_message)
json_reply(conn, 400, json)
end
defp error_json(conn, error_message) do
%{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
end
end end

37
lib/pleroma/web/twitter_api/controllers/util_controller.ex
View file

@ -10,12 +10,12 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Config alias Pleroma.Config
alias Pleroma.Emoji alias Pleroma.Emoji
alias Pleroma.Healthcheck alias Pleroma.Healthcheck
alias Pleroma.Notification
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.OAuthScopesPlug
alias Pleroma.Web.WebFinger alias Pleroma.Web.WebFinger
plug(Pleroma.Web.ApiSpec.CastAndValidate when action != :remote_subscribe)
plug(Pleroma.Web.Plugs.FederatingPlug when action == :remote_subscribe) plug(Pleroma.Web.Plugs.FederatingPlug when action == :remote_subscribe)
plug( plug(
@ -30,7 +30,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
] ]
) )
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read) defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TwitterUtilOperation
def remote_subscribe(conn, %{"nickname" => nick, "profile" => _}) do def remote_subscribe(conn, %{"nickname" => nick, "profile" => _}) do
with %User{} = user <- User.get_cached_by_nickname(nick), with %User{} = user <- User.get_cached_by_nickname(nick),
@ -62,17 +62,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end end
end end
def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_id}) do
with {:ok, _} <- Notification.read_one(user, notification_id) do
json(conn, %{status: "success"})
else
{:error, message} ->
conn
|> put_resp_content_type("application/json")
|> send_resp(403, Jason.encode!(%{"error" => message}))
end
end
def frontend_configurations(conn, _params) do def frontend_configurations(conn, _params) do
render(conn, "frontend_configurations.json") render(conn, "frontend_configurations.json")
end end
@ -92,13 +81,17 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end end
end end
def change_password(%{assigns: %{user: user}} = conn, params) do def change_password(%{assigns: %{user: user}} = conn, %{
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do password: password,
new_password: new_password,
new_password_confirmation: new_password_confirmation
}) do
case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} -> {:ok, user} ->
with {:ok, _user} <- with {:ok, _user} <-
User.reset_password(user, %{ User.reset_password(user, %{
password: params["new_password"], password: new_password,
password_confirmation: params["new_password_confirmation"] password_confirmation: new_password_confirmation
}) do }) do
json(conn, %{status: "success"}) json(conn, %{status: "success"})
else else
@ -115,10 +108,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end end
end end
def change_email(%{assigns: %{user: user}} = conn, params) do def change_email(%{assigns: %{user: user}} = conn, %{password: password, email: email}) do
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} -> {:ok, user} ->
with {:ok, _user} <- User.change_email(user, params["email"]) do with {:ok, _user} <- User.change_email(user, email) do
json(conn, %{status: "success"}) json(conn, %{status: "success"})
else else
{:error, changeset} -> {:error, changeset} ->
@ -135,7 +128,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end end
def delete_account(%{assigns: %{user: user}} = conn, params) do def delete_account(%{assigns: %{user: user}} = conn, params) do
password = params["password"] || "" password = params[:password] || ""
case CommonAPI.Utils.confirm_current_password(user, password) do case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} -> {:ok, user} ->
@ -148,7 +141,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end end
def disable_account(%{assigns: %{user: user}} = conn, params) do def disable_account(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do case CommonAPI.Utils.confirm_current_password(user, params[:password]) do
{:ok, user} -> {:ok, user} ->
User.set_activation_async(user, false) User.set_activation_async(user, false)
json(conn, %{status: "success"}) json(conn, %{status: "success"})

12
test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
View file

@ -514,11 +514,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
{:ok, post_2} = CommonAPI.post(user, %{status: "second post"}) {:ok, post_2} = CommonAPI.post(user, %{status: "second post"})
response_1 = get(conn, "/api/v1/accounts/#{user.id}/statuses?limit=1") response_1 = get(conn, "/api/v1/accounts/#{user.id}/statuses?limit=1")
assert [res] = json_response(response_1, 200) assert [res] = json_response_and_validate_schema(response_1, 200)
assert res["id"] == post_2.id assert res["id"] == post_2.id
response_2 = get(conn, "/api/v1/accounts/#{user.id}/statuses?limit=1&max_id=#{res["id"]}") response_2 = get(conn, "/api/v1/accounts/#{user.id}/statuses?limit=1&max_id=#{res["id"]}")
assert [res] = json_response(response_2, 200) assert [res] = json_response_and_validate_schema(response_2, 200)
assert res["id"] == post_1.id assert res["id"] == post_1.id
refute response_1 == response_2 refute response_1 == response_2
@ -881,7 +881,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
assert [] == assert [] ==
conn conn
|> get("/api/v1/timelines/home") |> get("/api/v1/timelines/home")
|> json_response(200) |> json_response_and_validate_schema(200)
assert %{"showing_reblogs" => true} = assert %{"showing_reblogs" => true} =
conn conn
@ -892,7 +892,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
assert [%{"id" => ^reblog_id}] = assert [%{"id" => ^reblog_id}] =
conn conn
|> get("/api/v1/timelines/home") |> get("/api/v1/timelines/home")
|> json_response(200) |> json_response_and_validate_schema(200)
end end
test "following with reblogs" do test "following with reblogs" do
@ -910,7 +910,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
assert [%{"id" => ^reblog_id}] = assert [%{"id" => ^reblog_id}] =
conn conn
|> get("/api/v1/timelines/home") |> get("/api/v1/timelines/home")
|> json_response(200) |> json_response_and_validate_schema(200)
assert %{"showing_reblogs" => false} = assert %{"showing_reblogs" => false} =
conn conn
@ -921,7 +921,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
assert [] == assert [] ==
conn conn
|> get("/api/v1/timelines/home") |> get("/api/v1/timelines/home")
|> json_response(200) |> json_response_and_validate_schema(200)
end end
test "following / unfollowing errors", %{user: user, conn: conn} do test "following / unfollowing errors", %{user: user, conn: conn} do

3
test/pleroma/web/mastodon_api/controllers/conversation_controller_test.exs
View file

@ -214,7 +214,8 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
res_conn = get(conn, "/api/v1/statuses/#{direct.id}/context") res_conn = get(conn, "/api/v1/statuses/#{direct.id}/context")
assert %{"ancestors" => [], "descendants" => []} == json_response(res_conn, 200) assert %{"ancestors" => [], "descendants" => []} ==
json_response_and_validate_schema(res_conn, 200)
end end
test "Removes a conversation", %{user: user_one, conn: conn} do test "Removes a conversation", %{user: user_one, conn: conn} do

2
test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
View file

@ -140,7 +140,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
conn conn
|> get("/api/v1/media/#{object.id}") |> get("/api/v1/media/#{object.id}")
|> json_response(403) |> json_response_and_validate_schema(403)
end end
end end
end end

5
test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
View file

@ -82,6 +82,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
"sensitive" => 0 "sensitive" => 0
}) })
# Idempotency plug response means detection fail
assert %{"id" => second_id} = json_response(conn_two, 200) assert %{"id" => second_id} = json_response(conn_two, 200)
assert id == second_id assert id == second_id
@ -1559,7 +1560,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
|> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"])) |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
|> get("api/v1/timelines/home") |> get("api/v1/timelines/home")
[reblogged_activity] = json_response(conn3, 200) [reblogged_activity] = json_response_and_validate_schema(conn3, 200)
assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id assert reblogged_activity["reblog"]["in_reply_to_id"] == replied_to.id
@ -1913,7 +1914,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
local = Utils.as_local_public() local = Utils.as_local_public()
assert %{"content" => "cofe", "id" => id, "visibility" => "local"} = assert %{"content" => "cofe", "id" => id, "visibility" => "local"} =
json_response(conn_one, 200) json_response_and_validate_schema(conn_one, 200)
assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id) assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id)
end end

16
test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs
View file

@ -905,10 +905,10 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
%{conn: auth_conn} = oauth_access(["read:statuses"]) %{conn: auth_conn} = oauth_access(["read:statuses"])
res_conn = get(auth_conn, "#{base_uri}?local=true") res_conn = get(auth_conn, "#{base_uri}?local=true")
assert length(json_response(res_conn, 200)) == 1 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
res_conn = get(auth_conn, "#{base_uri}?local=false") res_conn = get(auth_conn, "#{base_uri}?local=false")
assert length(json_response(res_conn, 200)) == 2 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
end end
test "with default settings on private instances, returns 403 for unauthenticated users", %{ test "with default settings on private instances, returns 403 for unauthenticated users", %{
@ -922,7 +922,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
for local <- [true, false] do for local <- [true, false] do
res_conn = get(conn, "#{base_uri}?local=#{local}") res_conn = get(conn, "#{base_uri}?local=#{local}")
assert json_response(res_conn, :unauthorized) == error_response assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
end end
ensure_authenticated_access(base_uri) ensure_authenticated_access(base_uri)
@ -939,7 +939,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
for local <- [true, false] do for local <- [true, false] do
res_conn = get(conn, "#{base_uri}?local=#{local}") res_conn = get(conn, "#{base_uri}?local=#{local}")
assert json_response(res_conn, :unauthorized) == error_response assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
end end
ensure_authenticated_access(base_uri) ensure_authenticated_access(base_uri)
@ -951,10 +951,10 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
clear_config([:restrict_unauthenticated, :timelines, :federated], true) clear_config([:restrict_unauthenticated, :timelines, :federated], true)
res_conn = get(conn, "#{base_uri}?local=true") res_conn = get(conn, "#{base_uri}?local=true")
assert length(json_response(res_conn, 200)) == 1 assert length(json_response_and_validate_schema(res_conn, 200)) == 1
res_conn = get(conn, "#{base_uri}?local=false") res_conn = get(conn, "#{base_uri}?local=false")
assert json_response(res_conn, :unauthorized) == error_response assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
ensure_authenticated_access(base_uri) ensure_authenticated_access(base_uri)
end end
@ -966,11 +966,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
clear_config([:restrict_unauthenticated, :timelines, :federated], false) clear_config([:restrict_unauthenticated, :timelines, :federated], false)
res_conn = get(conn, "#{base_uri}?local=true") res_conn = get(conn, "#{base_uri}?local=true")
assert json_response(res_conn, :unauthorized) == error_response assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
# Note: local activities get delivered as part of federated timeline # Note: local activities get delivered as part of federated timeline
res_conn = get(conn, "#{base_uri}?local=false") res_conn = get(conn, "#{base_uri}?local=false")
assert length(json_response(res_conn, 200)) == 2 assert length(json_response_and_validate_schema(res_conn, 200)) == 2
ensure_authenticated_access(base_uri) ensure_authenticated_access(base_uri)
end end

2
test/pleroma/web/mastodon_api/masto_fe_controller_test.exs
View file

@ -20,7 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.MastoFEControllerTest do
|> assign(:token, insert(:oauth_token, user: user, scopes: ["write:accounts"])) |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:accounts"]))
|> put("/api/web/settings", %{"data" => %{"programming" => "socks"}}) |> put("/api/web/settings", %{"data" => %{"programming" => "socks"}})
assert _result = json_response(conn, 200) assert %{} = json_response(conn, 200)
user = User.get_cached_by_ap_id(user.ap_id) user = User.get_cached_by_ap_id(user.ap_id)
assert user.mastofe_settings == %{"programming" => "socks"} assert user.mastofe_settings == %{"programming" => "socks"}

2
test/pleroma/web/pleroma_api/controllers/user_import_controller_test.exs
View file

@ -83,7 +83,7 @@ defmodule Pleroma.Web.PleromaAPI.UserImportControllerTest do
assert %{"error" => "Insufficient permissions: follow | write:follows."} == assert %{"error" => "Insufficient permissions: follow | write:follows."} ==
json_response(conn, 403) json_response(conn, 403)
else else
assert json_response(conn, 200) assert json_response_and_validate_schema(conn, 200)
end end
end end
end end

49
test/pleroma/web/twitter_api/controller_test.exs
View file

@ -7,59 +7,10 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.CommonAPI
alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.Token
import Pleroma.Factory import Pleroma.Factory
describe "POST /api/qvitter/statuses/notifications/read" do
test "without valid credentials", %{conn: conn} do
conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567})
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
end
test "with credentials, without any params" do
%{conn: conn} = oauth_access(["write:notifications"])
conn = post(conn, "/api/qvitter/statuses/notifications/read")
assert json_response(conn, 400) == %{
"error" => "You need to specify latest_id",
"request" => "/api/qvitter/statuses/notifications/read"
}
end
test "with credentials, with params" do
%{user: current_user, conn: conn} =
oauth_access(["read:notifications", "write:notifications"])
other_user = insert(:user)
{:ok, _activity} =
CommonAPI.post(other_user, %{
status: "Hey @#{current_user.nickname}"
})
response_conn =
conn
|> get("/api/v1/notifications")
[notification] = json_response(response_conn, 200)
assert notification["pleroma"]["is_seen"] == false
response_conn =
conn
|> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]})
[notification] = response = json_response(response_conn, 200)
assert length(response) == 1
assert notification["pleroma"]["is_seen"] == true
end
end
describe "GET /api/account/confirm_email/:id/:token" do describe "GET /api/account/confirm_email/:id/:token" do
setup do setup do
{:ok, user} = {:ok, user} =

196
test/pleroma/web/twitter_api/util_controller_test.exs
View file

@ -25,11 +25,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
test "it updates notification settings", %{user: user, conn: conn} do test "it updates notification settings", %{user: user, conn: conn} do
conn conn
|> put("/api/pleroma/notification_settings", %{ |> put(
"block_from_strangers" => true, "/api/pleroma/notification_settings?#{
"bar" => 1 URI.encode_query(%{
block_from_strangers: true
}) })
|> json_response(:ok) }"
)
|> json_response_and_validate_schema(:ok)
user = refresh_record(user) user = refresh_record(user)
@ -41,8 +44,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
conn conn
|> put("/api/pleroma/notification_settings", %{"hide_notification_contents" => "1"}) |> put(
|> json_response(:ok) "/api/pleroma/notification_settings?#{
URI.encode_query(%{
hide_notification_contents: 1
})
}"
)
|> json_response_and_validate_schema(:ok)
user = refresh_record(user) user = refresh_record(user)
@ -70,7 +79,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
response = response =
conn conn
|> get("/api/pleroma/frontend_configurations") |> get("/api/pleroma/frontend_configurations")
|> json_response(:ok) |> json_response_and_validate_schema(:ok)
assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!() assert response == Jason.encode!(config |> Enum.into(%{})) |> Jason.decode!()
end end
@ -81,7 +90,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
emoji = emoji =
conn conn
|> get("/api/pleroma/emoji") |> get("/api/pleroma/emoji")
|> json_response(200) |> json_response_and_validate_schema(200)
assert Enum.all?(emoji, fn assert Enum.all?(emoji, fn
{_key, {_key,
@ -103,7 +112,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
response = response =
conn conn
|> get("/api/pleroma/healthcheck") |> get("/api/pleroma/healthcheck")
|> json_response(503) |> json_response_and_validate_schema(503)
assert response == %{} assert response == %{}
end end
@ -116,7 +125,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
response = response =
conn conn
|> get("/api/pleroma/healthcheck") |> get("/api/pleroma/healthcheck")
|> json_response(200) |> json_response_and_validate_schema(200)
assert %{ assert %{
"active" => _, "active" => _,
@ -136,7 +145,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
response = response =
conn conn
|> get("/api/pleroma/healthcheck") |> get("/api/pleroma/healthcheck")
|> json_response(503) |> json_response_and_validate_schema(503)
assert %{ assert %{
"active" => _, "active" => _,
@ -155,8 +164,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do test "with valid permissions and password, it disables the account", %{conn: conn, user: user} do
response = response =
conn conn
|> post("/api/pleroma/disable_account", %{"password" => "test"}) |> post("/api/pleroma/disable_account?password=test")
|> json_response(:ok) |> json_response_and_validate_schema(:ok)
assert response == %{"status" => "success"} assert response == %{"status" => "success"}
ObanHelpers.perform_all() ObanHelpers.perform_all()
@ -171,8 +180,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
response = response =
conn conn
|> post("/api/pleroma/disable_account", %{"password" => "test1"}) |> post("/api/pleroma/disable_account?password=test1")
|> json_response(:ok) |> json_response_and_validate_schema(:ok)
assert response == %{"error" => "Invalid password."} assert response == %{"error" => "Invalid password."}
user = User.get_cached_by_id(user.id) user = User.get_cached_by_id(user.id)
@ -252,54 +261,61 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn = conn =
conn conn
|> assign(:token, nil) |> assign(:token, nil)
|> post("/api/pleroma/change_email") |> post(
"/api/pleroma/change_email?#{
URI.encode_query(%{password: "hi", email: "test@test.com"})
}"
)
assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."} assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
}
end end
test "with proper permissions and invalid password", %{conn: conn} do test "with proper permissions and invalid password", %{conn: conn} do
conn = conn =
post(conn, "/api/pleroma/change_email", %{ post(
"password" => "hi", conn,
"email" => "test@test.com" "/api/pleroma/change_email?#{
}) URI.encode_query(%{password: "hi", email: "test@test.com"})
}"
)
assert json_response(conn, 200) == %{"error" => "Invalid password."} assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
end end
test "with proper permissions, valid password and invalid email", %{ test "with proper permissions, valid password and invalid email", %{
conn: conn conn: conn
} do } do
conn = conn =
post(conn, "/api/pleroma/change_email", %{ post(
"password" => "test", conn,
"email" => "foobar" "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: "foobar"})}"
}) )
assert json_response(conn, 200) == %{"error" => "Email has invalid format."} assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Email has invalid format."
}
end end
test "with proper permissions, valid password and no email", %{ test "with proper permissions, valid password and no email", %{
conn: conn conn: conn
} do } do
conn = conn = post(conn, "/api/pleroma/change_email?#{URI.encode_query(%{password: "test"})}")
post(conn, "/api/pleroma/change_email", %{
"password" => "test"
})
assert json_response(conn, 200) == %{"error" => "Email can't be blank."} assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400)
end end
test "with proper permissions, valid password and blank email", %{ test "with proper permissions, valid password and blank email", %{
conn: conn conn: conn
} do } do
conn = conn =
post(conn, "/api/pleroma/change_email", %{ post(
"password" => "test", conn,
"email" => "" "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: ""})}"
}) )
assert json_response(conn, 200) == %{"error" => "Email can't be blank."} assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."}
end end
test "with proper permissions, valid password and non unique email", %{ test "with proper permissions, valid password and non unique email", %{
@ -308,24 +324,28 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
user = insert(:user) user = insert(:user)
conn = conn =
post(conn, "/api/pleroma/change_email", %{ post(
"password" => "test", conn,
"email" => user.email "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: user.email})}"
}) )
assert json_response(conn, 200) == %{"error" => "Email has already been taken."} assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Email has already been taken."
}
end end
test "with proper permissions, valid password and valid email", %{ test "with proper permissions, valid password and valid email", %{
conn: conn conn: conn
} do } do
conn = conn =
post(conn, "/api/pleroma/change_email", %{ post(
"password" => "test", conn,
"email" => "cofe@foobar.com" "/api/pleroma/change_email?#{
}) URI.encode_query(%{password: "test", email: "cofe@foobar.com"})
}"
)
assert json_response(conn, 200) == %{"status" => "success"} assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
end end
end end
@ -336,20 +356,35 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn = conn =
conn conn
|> assign(:token, nil) |> assign(:token, nil)
|> post("/api/pleroma/change_password") |> post(
"/api/pleroma/change_password?#{
URI.encode_query(%{
password: "hi",
new_password: "newpass",
new_password_confirmation: "newpass"
})
}"
)
assert json_response(conn, 403) == %{"error" => "Insufficient permissions: write:accounts."} assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
}
end end
test "with proper permissions and invalid password", %{conn: conn} do test "with proper permissions and invalid password", %{conn: conn} do
conn = conn =
post(conn, "/api/pleroma/change_password", %{ post(
"password" => "hi", conn,
"new_password" => "newpass", "/api/pleroma/change_password?#{
"new_password_confirmation" => "newpass" URI.encode_query(%{
password: "hi",
new_password: "newpass",
new_password_confirmation: "newpass"
}) })
}"
)
assert json_response(conn, 200) == %{"error" => "Invalid password."} assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
end end
test "with proper permissions, valid password and new password and confirmation not matching", test "with proper permissions, valid password and new password and confirmation not matching",
@ -357,13 +392,18 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn: conn conn: conn
} do } do
conn = conn =
post(conn, "/api/pleroma/change_password", %{ post(
"password" => "test", conn,
"new_password" => "newpass", "/api/pleroma/change_password?#{
"new_password_confirmation" => "notnewpass" URI.encode_query(%{
password: "test",
new_password: "newpass",
new_password_confirmation: "notnewpass"
}) })
}"
)
assert json_response(conn, 200) == %{ assert json_response_and_validate_schema(conn, 200) == %{
"error" => "New password does not match confirmation." "error" => "New password does not match confirmation."
} }
end end
@ -372,13 +412,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
conn: conn conn: conn
} do } do
conn = conn =
post(conn, "/api/pleroma/change_password", %{ post(
"password" => "test", conn,
"new_password" => "", "/api/pleroma/change_password?#{
"new_password_confirmation" => "" URI.encode_query(%{password: "test", new_password: "", new_password_confirmation: ""})
}) }"
)
assert json_response(conn, 200) == %{ assert json_response_and_validate_schema(conn, 200) == %{
"error" => "New password can't be blank." "error" => "New password can't be blank."
} }
end end
@ -388,13 +429,18 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
user: user user: user
} do } do
conn = conn =
post(conn, "/api/pleroma/change_password", %{ post(
"password" => "test", conn,
"new_password" => "newpass", "/api/pleroma/change_password?#{
"new_password_confirmation" => "newpass" URI.encode_query(%{
password: "test",
new_password: "newpass",
new_password_confirmation: "newpass"
}) })
}"
)
assert json_response(conn, 200) == %{"status" => "success"} assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
fetched_user = User.get_cached_by_id(user.id) fetched_user = User.get_cached_by_id(user.id)
assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
end end
@ -409,7 +455,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
|> assign(:token, nil) |> assign(:token, nil)
|> post("/api/pleroma/delete_account") |> post("/api/pleroma/delete_account")
assert json_response(conn, 403) == assert json_response_and_validate_schema(conn, 403) ==
%{"error" => "Insufficient permissions: write:accounts."} %{"error" => "Insufficient permissions: write:accounts."}
end end
@ -417,14 +463,16 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
for params <- [%{"password" => "hi"}, %{}] do for params <- [%{"password" => "hi"}, %{}] do
ret_conn = post(conn, "/api/pleroma/delete_account", params) ret_conn = post(conn, "/api/pleroma/delete_account", params)
assert json_response(ret_conn, 200) == %{"error" => "Invalid password."} assert json_response_and_validate_schema(ret_conn, 200) == %{
"error" => "Invalid password."
}
end end
end end
test "with proper permissions and valid password", %{conn: conn, user: user} do test "with proper permissions and valid password", %{conn: conn, user: user} do
conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"}) conn = post(conn, "/api/pleroma/delete_account?password=test")
ObanHelpers.perform_all() ObanHelpers.perform_all()
assert json_response(conn, 200) == %{"status" => "success"} assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
user = User.get_by_id(user.id) user = User.get_by_id(user.id)
refute user.is_active refute user.is_active