Tests to validate client disclosure obeys user setting

lib/pleroma/web/mastodon_api/controllers/status_controller.ex

@@ -420,9 +420,13 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do
     )
   end
 
-  defp put_application(params, %{assigns: %{token: %Token{} = token}} = _conn) do
+  defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do
-    %{client_name: client_name, website: website} = Repo.preload(token, :app).app
+    if user.disclose_client do
-    Map.put(params, :application, %{name: client_name, website: website})
+      %{client_name: client_name, website: website} = Repo.preload(token, :app).app
+      Map.put(params, :application, %{name: client_name, website: website})
+    else
+      Map.put(params, :application, nil)
+    end
   end
 
   defp put_application(params, _), do: Map.put(params, :application, nil)

test/pleroma/web/mastodon_api/controllers/status_controller_test.exs

@@ -358,8 +358,9 @@ test "posting a direct status", %{conn: conn} do
       assert activity.data["cc"] == []
     end
 
-    test "preserves client application metadata" do
+    test "discloses application metadata when enabled" do
-      %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"])
+      user = insert(:user, disclose_client: true)
+      %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user)
 
       %Pleroma.Web.OAuth.Token{
         app: %Pleroma.Web.OAuth.App{
@@ -383,6 +384,23 @@ test "preserves client application metadata" do
                }
              } = json_response_and_validate_schema(result, 200)
     end
+
+    test "hides application metadata when disabled" do
+      user = insert(:user, disclose_client: false)
+      %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user)
+
+      result =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "club mate is my wingman"
+        })
+
+      assert %{
+               "content" => "club mate is my wingman",
+               "application" => nil
+             } = json_response_and_validate_schema(result, 200)
+    end
   end
 
   describe "posting scheduled statuses" do