forked from AkkomaGang/akkoma
Move account_register, relationships and verify_credentials to MastodonAPI.AccountController
This commit is contained in:
parent
122cc050ab
commit
c0ce2d5faf
5 changed files with 332 additions and 317 deletions
|
@ -8,22 +8,89 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|
||||||
import Pleroma.Web.ControllerHelper,
|
import Pleroma.Web.ControllerHelper,
|
||||||
only: [add_link_headers: 2, truthy_param?: 1, assign_account_by_id: 2, json_response: 3]
|
only: [add_link_headers: 2, truthy_param?: 1, assign_account_by_id: 2, json_response: 3]
|
||||||
|
|
||||||
alias Pleroma.User
|
|
||||||
alias Pleroma.Web.CommonAPI
|
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
|
||||||
alias Pleroma.Web.MastodonAPI.StatusView
|
|
||||||
alias Pleroma.Web.MastodonAPI.MastodonAPI
|
|
||||||
alias Pleroma.Web.MastodonAPI.ListView
|
|
||||||
alias Pleroma.Plugs.RateLimiter
|
alias Pleroma.Plugs.RateLimiter
|
||||||
|
alias Pleroma.User
|
||||||
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
|
alias Pleroma.Web.CommonAPI
|
||||||
|
alias Pleroma.Web.MastodonAPI.ListView
|
||||||
|
alias Pleroma.Web.MastodonAPI.MastodonAPI
|
||||||
|
alias Pleroma.Web.MastodonAPI.StatusView
|
||||||
|
alias Pleroma.Web.OAuth.Token
|
||||||
|
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||||
|
|
||||||
@relations ~w(follow unfollow)a
|
@relations [:follow, :unfollow]
|
||||||
|
@needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
|
||||||
|
|
||||||
plug(RateLimiter, {:relations_id_action, params: ["id", "uri"]} when action in @relations)
|
plug(RateLimiter, {:relations_id_action, params: ["id", "uri"]} when action in @relations)
|
||||||
plug(RateLimiter, :relations_actions when action in @relations)
|
plug(RateLimiter, :relations_actions when action in @relations)
|
||||||
plug(:assign_account_by_id when action not in [:show, :statuses])
|
plug(RateLimiter, :app_account_creation when action == :create)
|
||||||
|
plug(:assign_account_by_id when action in @needs_account)
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
|
|
||||||
|
@doc "POST /api/v1/accounts"
|
||||||
|
def create(
|
||||||
|
%{assigns: %{app: app}} = conn,
|
||||||
|
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
|
||||||
|
) do
|
||||||
|
params =
|
||||||
|
params
|
||||||
|
|> Map.take([
|
||||||
|
"email",
|
||||||
|
"captcha_solution",
|
||||||
|
"captcha_token",
|
||||||
|
"captcha_answer_data",
|
||||||
|
"token",
|
||||||
|
"password"
|
||||||
|
])
|
||||||
|
|> Map.put("nickname", nickname)
|
||||||
|
|> Map.put("fullname", params["fullname"] || nickname)
|
||||||
|
|> Map.put("bio", params["bio"] || "")
|
||||||
|
|> Map.put("confirm", params["password"])
|
||||||
|
|
||||||
|
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
|
||||||
|
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
|
||||||
|
json(conn, %{
|
||||||
|
token_type: "Bearer",
|
||||||
|
access_token: token.token,
|
||||||
|
scope: app.scopes,
|
||||||
|
created_at: Token.Utils.format_created_at(token)
|
||||||
|
})
|
||||||
|
else
|
||||||
|
{:error, errors} -> json_response(conn, :bad_request, errors)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(%{assigns: %{app: _app}} = conn, _) do
|
||||||
|
render_error(conn, :bad_request, "Missing parameters")
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(conn, _) do
|
||||||
|
render_error(conn, :forbidden, "Invalid credentials")
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc "GET /api/v1/accounts/verify_credentials"
|
||||||
|
def verify_credentials(%{assigns: %{user: user}} = conn, _) do
|
||||||
|
chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
|
||||||
|
|
||||||
|
render(conn, "show.json",
|
||||||
|
user: user,
|
||||||
|
for: user,
|
||||||
|
with_pleroma_settings: true,
|
||||||
|
with_chat_token: chat_token
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc "GET /api/v1/accounts/relationships"
|
||||||
|
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||||
|
targets = User.get_all_by_ids(List.wrap(id))
|
||||||
|
|
||||||
|
render(conn, "relationships.json", user: user, targets: targets)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
|
||||||
|
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
|
||||||
|
|
||||||
@doc "GET /api/v1/accounts/:id"
|
@doc "GET /api/v1/accounts/:id"
|
||||||
def show(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
|
def show(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
|
||||||
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
|
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
|
||||||
|
|
|
@ -35,8 +35,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
plug(RateLimiter, :app_account_creation when action == :account_register)
|
|
||||||
plug(RateLimiter, :search when action in [:search, :search2, :account_search])
|
|
||||||
plug(RateLimiter, :password_reset when action == :password_reset)
|
plug(RateLimiter, :password_reset when action == :password_reset)
|
||||||
|
|
||||||
@local_mastodon_name "Mastodon-Local"
|
@local_mastodon_name "Mastodon-Local"
|
||||||
|
@ -164,20 +162,6 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def verify_credentials(%{assigns: %{user: user}} = conn, _) do
|
|
||||||
chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
|
|
||||||
|
|
||||||
account =
|
|
||||||
AccountView.render("show.json", %{
|
|
||||||
user: user,
|
|
||||||
for: user,
|
|
||||||
with_pleroma_settings: true,
|
|
||||||
with_chat_token: chat_token
|
|
||||||
})
|
|
||||||
|
|
||||||
json(conn, account)
|
|
||||||
end
|
|
||||||
def verify_app_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do
|
def verify_app_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do
|
||||||
with %Token{app: %App{} = app} <- Repo.preload(token, :app) do
|
with %Token{app: %App{} = app} <- Repo.preload(token, :app) do
|
||||||
conn
|
conn
|
||||||
|
@ -288,17 +272,6 @@ def poll_vote(%{assigns: %{user: user}} = conn, %{"id" => id, "choices" => choic
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
||||||
targets = User.get_all_by_ids(List.wrap(id))
|
|
||||||
|
|
||||||
conn
|
|
||||||
|> put_view(AccountView)
|
|
||||||
|> render("relationships.json", %{user: user, targets: targets})
|
|
||||||
end
|
|
||||||
|
|
||||||
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
|
|
||||||
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
|
|
||||||
|
|
||||||
def update_media(
|
def update_media(
|
||||||
%{assigns: %{user: user}} = conn,
|
%{assigns: %{user: user}} = conn,
|
||||||
%{"id" => id, "description" => description} = _
|
%{"id" => id, "description" => description} = _
|
||||||
|
@ -649,49 +622,6 @@ defp fetch_suggestion_id(attrs) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def account_register(
|
|
||||||
%{assigns: %{app: app}} = conn,
|
|
||||||
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
|
|
||||||
) do
|
|
||||||
params =
|
|
||||||
params
|
|
||||||
|> Map.take([
|
|
||||||
"email",
|
|
||||||
"captcha_solution",
|
|
||||||
"captcha_token",
|
|
||||||
"captcha_answer_data",
|
|
||||||
"token",
|
|
||||||
"password"
|
|
||||||
])
|
|
||||||
|> Map.put("nickname", nickname)
|
|
||||||
|> Map.put("fullname", params["fullname"] || nickname)
|
|
||||||
|> Map.put("bio", params["bio"] || "")
|
|
||||||
|> Map.put("confirm", params["password"])
|
|
||||||
|
|
||||||
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
|
|
||||||
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
|
|
||||||
json(conn, %{
|
|
||||||
token_type: "Bearer",
|
|
||||||
access_token: token.token,
|
|
||||||
scope: app.scopes,
|
|
||||||
created_at: Token.Utils.format_created_at(token)
|
|
||||||
})
|
|
||||||
else
|
|
||||||
{:error, errors} ->
|
|
||||||
conn
|
|
||||||
|> put_status(:bad_request)
|
|
||||||
|> json(errors)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def account_register(%{assigns: %{app: _app}} = conn, _) do
|
|
||||||
render_error(conn, :bad_request, "Missing parameters")
|
|
||||||
end
|
|
||||||
|
|
||||||
def account_register(conn, _) do
|
|
||||||
render_error(conn, :forbidden, "Invalid credentials")
|
|
||||||
end
|
|
||||||
|
|
||||||
def password_reset(conn, params) do
|
def password_reset(conn, params) do
|
||||||
nickname_or_email = params["email"] || params["nickname"]
|
nickname_or_email = params["email"] || params["nickname"]
|
||||||
|
|
||||||
|
|
|
@ -335,9 +335,9 @@ defmodule Pleroma.Web.Router do
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through(:oauth_read)
|
pipe_through(:oauth_read)
|
||||||
|
|
||||||
get("/accounts/verify_credentials", MastodonAPIController, :verify_credentials)
|
get("/accounts/verify_credentials", AccountController, :verify_credentials)
|
||||||
|
|
||||||
get("/accounts/relationships", MastodonAPIController, :relationships)
|
get("/accounts/relationships", AccountController, :relationships)
|
||||||
|
|
||||||
get("/accounts/:id/lists", AccountController, :lists)
|
get("/accounts/:id/lists", AccountController, :lists)
|
||||||
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
|
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
|
||||||
|
@ -459,7 +459,7 @@ defmodule Pleroma.Web.Router do
|
||||||
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
||||||
pipe_through(:api)
|
pipe_through(:api)
|
||||||
|
|
||||||
post("/accounts", MastodonAPIController, :account_register)
|
post("/accounts", AccountController, :create)
|
||||||
|
|
||||||
get("/instance", MastodonAPIController, :masto_instance)
|
get("/instance", MastodonAPIController, :masto_instance)
|
||||||
get("/instance/peers", MastodonAPIController, :peers)
|
get("/instance/peers", MastodonAPIController, :peers)
|
||||||
|
|
|
@ -5,9 +5,11 @@
|
||||||
defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase
|
||||||
|
|
||||||
|
alias Pleroma.Repo
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
|
alias Pleroma.Web.OAuth.Token
|
||||||
|
|
||||||
import Pleroma.Factory
|
import Pleroma.Factory
|
||||||
|
|
||||||
|
@ -595,4 +597,256 @@ test "blocking / unblocking a user", %{conn: conn} do
|
||||||
|
|
||||||
assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
|
assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "create account by app" do
|
||||||
|
setup do
|
||||||
|
valid_params = %{
|
||||||
|
username: "lain",
|
||||||
|
email: "lain@example.org",
|
||||||
|
password: "PlzDontHackLain",
|
||||||
|
agreement: true
|
||||||
|
}
|
||||||
|
|
||||||
|
[valid_params: valid_params]
|
||||||
|
end
|
||||||
|
|
||||||
|
test "Account registration via Application", %{conn: conn} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> post("/api/v1/apps", %{
|
||||||
|
client_name: "client_name",
|
||||||
|
redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
scopes: "read, write, follow"
|
||||||
|
})
|
||||||
|
|
||||||
|
%{
|
||||||
|
"client_id" => client_id,
|
||||||
|
"client_secret" => client_secret,
|
||||||
|
"id" => _,
|
||||||
|
"name" => "client_name",
|
||||||
|
"redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
"vapid_key" => _,
|
||||||
|
"website" => nil
|
||||||
|
} = json_response(conn, 200)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> post("/oauth/token", %{
|
||||||
|
grant_type: "client_credentials",
|
||||||
|
client_id: client_id,
|
||||||
|
client_secret: client_secret
|
||||||
|
})
|
||||||
|
|
||||||
|
assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
|
||||||
|
json_response(conn, 200)
|
||||||
|
|
||||||
|
assert token
|
||||||
|
token_from_db = Repo.get_by(Token, token: token)
|
||||||
|
assert token_from_db
|
||||||
|
assert refresh
|
||||||
|
assert scope == "read write follow"
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> put_req_header("authorization", "Bearer " <> token)
|
||||||
|
|> post("/api/v1/accounts", %{
|
||||||
|
username: "lain",
|
||||||
|
email: "lain@example.org",
|
||||||
|
password: "PlzDontHackLain",
|
||||||
|
bio: "Test Bio",
|
||||||
|
agreement: true
|
||||||
|
})
|
||||||
|
|
||||||
|
%{
|
||||||
|
"access_token" => token,
|
||||||
|
"created_at" => _created_at,
|
||||||
|
"scope" => _scope,
|
||||||
|
"token_type" => "Bearer"
|
||||||
|
} = json_response(conn, 200)
|
||||||
|
|
||||||
|
token_from_db = Repo.get_by(Token, token: token)
|
||||||
|
assert token_from_db
|
||||||
|
token_from_db = Repo.preload(token_from_db, :user)
|
||||||
|
assert token_from_db.user
|
||||||
|
|
||||||
|
assert token_from_db.user.info.confirmation_pending
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
||||||
|
_user = insert(:user, email: "lain@example.org")
|
||||||
|
app_token = insert(:oauth_token, user: nil)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
||||||
|
|
||||||
|
res = post(conn, "/api/v1/accounts", valid_params)
|
||||||
|
assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "rate limit", %{conn: conn} do
|
||||||
|
app_token = insert(:oauth_token, user: nil)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
put_req_header(conn, "authorization", "Bearer " <> app_token.token)
|
||||||
|
|> Map.put(:remote_ip, {15, 15, 15, 15})
|
||||||
|
|
||||||
|
for i <- 1..5 do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> post("/api/v1/accounts", %{
|
||||||
|
username: "#{i}lain",
|
||||||
|
email: "#{i}lain@example.org",
|
||||||
|
password: "PlzDontHackLain",
|
||||||
|
agreement: true
|
||||||
|
})
|
||||||
|
|
||||||
|
%{
|
||||||
|
"access_token" => token,
|
||||||
|
"created_at" => _created_at,
|
||||||
|
"scope" => _scope,
|
||||||
|
"token_type" => "Bearer"
|
||||||
|
} = json_response(conn, 200)
|
||||||
|
|
||||||
|
token_from_db = Repo.get_by(Token, token: token)
|
||||||
|
assert token_from_db
|
||||||
|
token_from_db = Repo.preload(token_from_db, :user)
|
||||||
|
assert token_from_db.user
|
||||||
|
|
||||||
|
assert token_from_db.user.info.confirmation_pending
|
||||||
|
end
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> post("/api/v1/accounts", %{
|
||||||
|
username: "6lain",
|
||||||
|
email: "6lain@example.org",
|
||||||
|
password: "PlzDontHackLain",
|
||||||
|
agreement: true
|
||||||
|
})
|
||||||
|
|
||||||
|
assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns bad_request if missing required params", %{
|
||||||
|
conn: conn,
|
||||||
|
valid_params: valid_params
|
||||||
|
} do
|
||||||
|
app_token = insert(:oauth_token, user: nil)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
||||||
|
|
||||||
|
res = post(conn, "/api/v1/accounts", valid_params)
|
||||||
|
assert json_response(res, 200)
|
||||||
|
|
||||||
|
[{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
|
||||||
|
|> Stream.zip(valid_params)
|
||||||
|
|> Enum.each(fn {ip, {attr, _}} ->
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> Map.put(:remote_ip, ip)
|
||||||
|
|> post("/api/v1/accounts", Map.delete(valid_params, attr))
|
||||||
|
|> json_response(400)
|
||||||
|
|
||||||
|
assert res == %{"error" => "Missing parameters"}
|
||||||
|
end)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("authorization", "Bearer " <> "invalid-token")
|
||||||
|
|
||||||
|
res = post(conn, "/api/v1/accounts", valid_params)
|
||||||
|
assert json_response(res, 403) == %{"error" => "Invalid credentials"}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /api/v1/accounts/:id/lists - account_lists" do
|
||||||
|
test "returns lists to which the account belongs", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
other_user = insert(:user)
|
||||||
|
assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
|
||||||
|
{:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/v1/accounts/#{other_user.id}/lists")
|
||||||
|
|> json_response(200)
|
||||||
|
|
||||||
|
assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "verify_credentials" do
|
||||||
|
test "verify_credentials", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/v1/accounts/verify_credentials")
|
||||||
|
|
||||||
|
response = json_response(conn, 200)
|
||||||
|
|
||||||
|
assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
|
||||||
|
assert response["pleroma"]["chat_token"]
|
||||||
|
assert id == to_string(user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "verify_credentials default scope unlisted", %{conn: conn} do
|
||||||
|
user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}})
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/v1/accounts/verify_credentials")
|
||||||
|
|
||||||
|
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
|
||||||
|
assert id == to_string(user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "locked accounts", %{conn: conn} do
|
||||||
|
user = insert(:user, %{info: %User.Info{default_scope: "private"}})
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/v1/accounts/verify_credentials")
|
||||||
|
|
||||||
|
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
|
||||||
|
assert id == to_string(user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "user relationships" do
|
||||||
|
test "returns the relationships for the current user", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
other_user = insert(:user)
|
||||||
|
{:ok, user} = User.follow(user, other_user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
|
||||||
|
|
||||||
|
assert [relationship] = json_response(conn, 200)
|
||||||
|
|
||||||
|
assert to_string(other_user.id) == relationship["id"]
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns an empty list on a bad request", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/v1/accounts/relationships", %{})
|
||||||
|
|
||||||
|
assert [] = json_response(conn, 200)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,7 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
alias Pleroma.Web.OAuth.App
|
alias Pleroma.Web.OAuth.App
|
||||||
alias Pleroma.Web.OAuth.Token
|
|
||||||
alias Pleroma.Web.Push
|
alias Pleroma.Web.Push
|
||||||
|
|
||||||
import ExUnit.CaptureLog
|
import ExUnit.CaptureLog
|
||||||
|
@ -31,33 +30,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
||||||
clear_config([:instance, :public])
|
clear_config([:instance, :public])
|
||||||
clear_config([:rich_media, :enabled])
|
clear_config([:rich_media, :enabled])
|
||||||
|
|
||||||
test "verify_credentials", %{conn: conn} do
|
|
||||||
user = insert(:user)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> assign(:user, user)
|
|
||||||
|> get("/api/v1/accounts/verify_credentials")
|
|
||||||
|
|
||||||
response = json_response(conn, 200)
|
|
||||||
|
|
||||||
assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
|
|
||||||
assert response["pleroma"]["chat_token"]
|
|
||||||
assert id == to_string(user.id)
|
|
||||||
end
|
|
||||||
|
|
||||||
test "verify_credentials default scope unlisted", %{conn: conn} do
|
|
||||||
user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}})
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> assign(:user, user)
|
|
||||||
|> get("/api/v1/accounts/verify_credentials")
|
|
||||||
|
|
||||||
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
|
|
||||||
assert id == to_string(user.id)
|
|
||||||
end
|
|
||||||
|
|
||||||
test "apps/verify_credentials", %{conn: conn} do
|
test "apps/verify_credentials", %{conn: conn} do
|
||||||
token = insert(:oauth_token)
|
token = insert(:oauth_token)
|
||||||
|
|
||||||
|
@ -105,34 +77,6 @@ test "creates an oauth app", %{conn: conn} do
|
||||||
assert expected == json_response(conn, 200)
|
assert expected == json_response(conn, 200)
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "user relationships" do
|
|
||||||
test "returns the relationships for the current user", %{conn: conn} do
|
|
||||||
user = insert(:user)
|
|
||||||
other_user = insert(:user)
|
|
||||||
{:ok, user} = User.follow(user, other_user)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> assign(:user, user)
|
|
||||||
|> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
|
|
||||||
|
|
||||||
assert [relationship] = json_response(conn, 200)
|
|
||||||
|
|
||||||
assert to_string(other_user.id) == relationship["id"]
|
|
||||||
end
|
|
||||||
|
|
||||||
test "returns an empty list on a bad request", %{conn: conn} do
|
|
||||||
user = insert(:user)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> assign(:user, user)
|
|
||||||
|> get("/api/v1/accounts/relationships", %{})
|
|
||||||
|
|
||||||
assert [] = json_response(conn, 200)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "media upload" do
|
describe "media upload" do
|
||||||
setup do
|
setup do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -170,20 +114,6 @@ test "returns uploaded image", %{conn: conn, image: image} do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "locked accounts" do
|
|
||||||
test "verify_credentials", %{conn: conn} do
|
|
||||||
user = insert(:user, %{info: %User.Info{default_scope: "private"}})
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> assign(:user, user)
|
|
||||||
|> get("/api/v1/accounts/verify_credentials")
|
|
||||||
|
|
||||||
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
|
|
||||||
assert id == to_string(user.id)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "/api/v1/pleroma/mascot" do
|
describe "/api/v1/pleroma/mascot" do
|
||||||
test "mascot upload", %{conn: conn} do
|
test "mascot upload", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
@ -555,172 +485,6 @@ test "redirects to the getting-started page when referer is not present", %{conn
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "create account by app" do
|
|
||||||
setup do
|
|
||||||
valid_params = %{
|
|
||||||
username: "lain",
|
|
||||||
email: "lain@example.org",
|
|
||||||
password: "PlzDontHackLain",
|
|
||||||
agreement: true
|
|
||||||
}
|
|
||||||
|
|
||||||
[valid_params: valid_params]
|
|
||||||
end
|
|
||||||
|
|
||||||
test "Account registration via Application", %{conn: conn} do
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> post("/api/v1/apps", %{
|
|
||||||
client_name: "client_name",
|
|
||||||
redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
|
|
||||||
scopes: "read, write, follow"
|
|
||||||
})
|
|
||||||
|
|
||||||
%{
|
|
||||||
"client_id" => client_id,
|
|
||||||
"client_secret" => client_secret,
|
|
||||||
"id" => _,
|
|
||||||
"name" => "client_name",
|
|
||||||
"redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
|
|
||||||
"vapid_key" => _,
|
|
||||||
"website" => nil
|
|
||||||
} = json_response(conn, 200)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> post("/oauth/token", %{
|
|
||||||
grant_type: "client_credentials",
|
|
||||||
client_id: client_id,
|
|
||||||
client_secret: client_secret
|
|
||||||
})
|
|
||||||
|
|
||||||
assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
|
|
||||||
json_response(conn, 200)
|
|
||||||
|
|
||||||
assert token
|
|
||||||
token_from_db = Repo.get_by(Token, token: token)
|
|
||||||
assert token_from_db
|
|
||||||
assert refresh
|
|
||||||
assert scope == "read write follow"
|
|
||||||
|
|
||||||
conn =
|
|
||||||
build_conn()
|
|
||||||
|> put_req_header("authorization", "Bearer " <> token)
|
|
||||||
|> post("/api/v1/accounts", %{
|
|
||||||
username: "lain",
|
|
||||||
email: "lain@example.org",
|
|
||||||
password: "PlzDontHackLain",
|
|
||||||
bio: "Test Bio",
|
|
||||||
agreement: true
|
|
||||||
})
|
|
||||||
|
|
||||||
%{
|
|
||||||
"access_token" => token,
|
|
||||||
"created_at" => _created_at,
|
|
||||||
"scope" => _scope,
|
|
||||||
"token_type" => "Bearer"
|
|
||||||
} = json_response(conn, 200)
|
|
||||||
|
|
||||||
token_from_db = Repo.get_by(Token, token: token)
|
|
||||||
assert token_from_db
|
|
||||||
token_from_db = Repo.preload(token_from_db, :user)
|
|
||||||
assert token_from_db.user
|
|
||||||
|
|
||||||
assert token_from_db.user.info.confirmation_pending
|
|
||||||
end
|
|
||||||
|
|
||||||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
|
|
||||||
_user = insert(:user, email: "lain@example.org")
|
|
||||||
app_token = insert(:oauth_token, user: nil)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
|
||||||
|
|
||||||
res = post(conn, "/api/v1/accounts", valid_params)
|
|
||||||
assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
|
|
||||||
end
|
|
||||||
|
|
||||||
test "rate limit", %{conn: conn} do
|
|
||||||
app_token = insert(:oauth_token, user: nil)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
put_req_header(conn, "authorization", "Bearer " <> app_token.token)
|
|
||||||
|> Map.put(:remote_ip, {15, 15, 15, 15})
|
|
||||||
|
|
||||||
for i <- 1..5 do
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> post("/api/v1/accounts", %{
|
|
||||||
username: "#{i}lain",
|
|
||||||
email: "#{i}lain@example.org",
|
|
||||||
password: "PlzDontHackLain",
|
|
||||||
agreement: true
|
|
||||||
})
|
|
||||||
|
|
||||||
%{
|
|
||||||
"access_token" => token,
|
|
||||||
"created_at" => _created_at,
|
|
||||||
"scope" => _scope,
|
|
||||||
"token_type" => "Bearer"
|
|
||||||
} = json_response(conn, 200)
|
|
||||||
|
|
||||||
token_from_db = Repo.get_by(Token, token: token)
|
|
||||||
assert token_from_db
|
|
||||||
token_from_db = Repo.preload(token_from_db, :user)
|
|
||||||
assert token_from_db.user
|
|
||||||
|
|
||||||
assert token_from_db.user.info.confirmation_pending
|
|
||||||
end
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> post("/api/v1/accounts", %{
|
|
||||||
username: "6lain",
|
|
||||||
email: "6lain@example.org",
|
|
||||||
password: "PlzDontHackLain",
|
|
||||||
agreement: true
|
|
||||||
})
|
|
||||||
|
|
||||||
assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
|
|
||||||
end
|
|
||||||
|
|
||||||
test "returns bad_request if missing required params", %{
|
|
||||||
conn: conn,
|
|
||||||
valid_params: valid_params
|
|
||||||
} do
|
|
||||||
app_token = insert(:oauth_token, user: nil)
|
|
||||||
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("authorization", "Bearer " <> app_token.token)
|
|
||||||
|
|
||||||
res = post(conn, "/api/v1/accounts", valid_params)
|
|
||||||
assert json_response(res, 200)
|
|
||||||
|
|
||||||
[{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
|
|
||||||
|> Stream.zip(valid_params)
|
|
||||||
|> Enum.each(fn {ip, {attr, _}} ->
|
|
||||||
res =
|
|
||||||
conn
|
|
||||||
|> Map.put(:remote_ip, ip)
|
|
||||||
|> post("/api/v1/accounts", Map.delete(valid_params, attr))
|
|
||||||
|> json_response(400)
|
|
||||||
|
|
||||||
assert res == %{"error" => "Missing parameters"}
|
|
||||||
end)
|
|
||||||
end
|
|
||||||
|
|
||||||
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
|
|
||||||
conn =
|
|
||||||
conn
|
|
||||||
|> put_req_header("authorization", "Bearer " <> "invalid-token")
|
|
||||||
|
|
||||||
res = post(conn, "/api/v1/accounts", valid_params)
|
|
||||||
assert json_response(res, 403) == %{"error" => "Invalid credentials"}
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "GET /api/v1/polls/:id" do
|
describe "GET /api/v1/polls/:id" do
|
||||||
test "returns poll entity for object id", %{conn: conn} do
|
test "returns poll entity for object id", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
Loading…
Reference in a new issue