From ab2f21e470f349f783f895f26da3041afcc3d73e Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 6 Sep 2019 21:50:00 +0300 Subject: [PATCH 1/7] tests for mastodon_api_controller.ex --- lib/pleroma/object.ex | 7 + lib/pleroma/user.ex | 22 +- .../controllers/mastodon_api_controller.ex | 143 +++---- lib/pleroma/web/oauth/app.ex | 26 ++ lib/pleroma/web/twitter_api/twitter_api.ex | 2 +- .../mastodon_api_controller_test.exs | 370 +++++++++++++++--- test/web/oauth/app_test.exs | 33 ++ 7 files changed, 438 insertions(+), 165 deletions(-) create mode 100644 test/web/oauth/app_test.exs diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index d58eb7f7d..4398b9739 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -228,4 +228,11 @@ def increase_vote_count(ap_id, name) do _ -> :noop end end + + @doc "Updates data field of an object" + def update_data(%Object{data: data} = object, attrs \\ %{}) do + object + |> Object.change(%{data: Map.merge(data || %{}, attrs)}) + |> Repo.update() + end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 3aa245f2a..d9db985a6 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -499,6 +499,11 @@ def get_all_by_ap_id(ap_ids) do |> Repo.all() end + def get_all_by_ids(ids) do + from(u in __MODULE__, where: u.id in ^ids) + |> Repo.all() + end + # This is mostly an SPC migration fix. This guesses the user nickname by taking the last part # of the ap_id and the domain and tries to get that user def get_by_guessed_nickname(ap_id) do @@ -770,6 +775,19 @@ def update_note_count(%User{} = user) do |> update_and_set_cache() end + def update_mascot(user, url) do + info_changeset = + User.Info.mascot_update( + user.info, + url + ) + + user + |> change() + |> put_embed(:info, info_changeset) + |> update_and_set_cache() + end + @spec maybe_fetch_follow_information(User.t()) :: User.t() def maybe_fetch_follow_information(user) do with {:ok, user} <- fetch_follow_information(user) do @@ -917,9 +935,7 @@ def subscribe(subscriber, %{ap_id: ap_id}) do def unsubscribe(unsubscriber, %{ap_id: ap_id}) do with %User{} = user <- get_cached_by_ap_id(ap_id) do - info_cng = - user.info - |> User.Info.remove_from_subscribers(unsubscriber.ap_id) + info_cng = User.Info.remove_from_subscribers(user.info, unsubscriber.ap_id) change(user) |> put_embed(:info, info_cng) diff --git a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex index 8dfad7a54..e4e0a7ac9 100644 --- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex @@ -447,8 +447,7 @@ def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do grouped_activities <- Enum.group_by(activities, fn %{id: id} -> id < activity.id end) do result = %{ ancestors: - StatusView.render( - "index.json", + StatusView.render("index.json", for: user, activities: grouped_activities[true] || [], as: :activity @@ -456,8 +455,7 @@ def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do |> Enum.reverse(), # credo:disable-for-previous-line Credo.Check.Refactor.PipeChainStart descendants: - StatusView.render( - "index.json", + StatusView.render("index.json", for: user, activities: grouped_activities[false] || [], as: :activity @@ -746,9 +744,7 @@ def destroy_multiple(%{assigns: %{user: user}} = conn, %{"ids" => ids} = _params end def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do - id = List.wrap(id) - q = from(u in User, where: u.id in ^id) - targets = Repo.all(q) + targets = User.get_all_by_ids(List.wrap(id)) conn |> put_view(AccountView) @@ -758,19 +754,15 @@ def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array. def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, []) - def update_media(%{assigns: %{user: user}} = conn, data) do - with %Object{} = object <- Repo.get(Object, data["id"]), + def update_media( + %{assigns: %{user: user}} = conn, + %{"id" => id, "description" => description} = _ + ) + when is_binary(description) do + with %Object{} = object <- Repo.get(Object, id), true <- Object.authorize_mutation(object, user), - true <- is_binary(data["description"]), - description <- data["description"] do - new_data = %{object.data | "name" => description} - - {:ok, _} = - object - |> Object.change(%{data: new_data}) - |> Repo.update() - - attachment_data = Map.put(new_data, "id", object.id) + {:ok, %Object{data: data}} <- Object.update_data(object, %{"name" => description}) do + attachment_data = Map.put(data, "id", object.id) conn |> put_view(StatusView) @@ -778,6 +770,8 @@ def update_media(%{assigns: %{user: user}} = conn, data) do end end + def update_media(_conn, _data), do: {:error, :bad_request} + def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do with {:ok, object} <- ActivityPub.upload( @@ -796,34 +790,23 @@ def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do def set_mascot(%{assigns: %{user: user}} = conn, %{"file" => file}) do with {:ok, object} <- ActivityPub.upload(file, actor: User.ap_id(user)), %{} = attachment_data <- Map.put(object.data, "id", object.id), - %{type: type} = rendered <- - StatusView.render("attachment.json", %{attachment: attachment_data}) do - # Reject if not an image - if type == "image" do - # Sure! - # Save to the user's info - info_changeset = User.Info.mascot_update(user.info, rendered) - - user_changeset = - user - |> Changeset.change() - |> Changeset.put_embed(:info, info_changeset) - - {:ok, _user} = User.update_and_set_cache(user_changeset) - - conn - |> json(rendered) - else + %{type: "image"} = rendered <- + StatusView.render("attachment.json", %{attachment: attachment_data}), + {:ok, _user} = User.update_mascot(user, rendered) do + json(conn, rendered) + else + %{type: _type} = _ -> render_error(conn, :unsupported_media_type, "mascots can only be images") - end + + e -> + e end end def get_mascot(%{assigns: %{user: user}} = conn, _params) do mascot = User.get_mascot(user) - conn - |> json(mascot) + json(conn, mascot) end def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do @@ -1119,10 +1102,8 @@ def subscribe(%{assigns: %{user: user}} = conn, %{"id" => id}) do |> put_view(AccountView) |> render("relationship.json", %{user: user, target: subscription_target}) else - {:error, message} -> - conn - |> put_status(:forbidden) - |> json(%{error: message}) + nil -> {:error, :not_found} + e -> e end end @@ -1133,10 +1114,8 @@ def unsubscribe(%{assigns: %{user: user}} = conn, %{"id" => id}) do |> put_view(AccountView) |> render("relationship.json", %{user: user, target: subscription_target}) else - {:error, message} -> - conn - |> put_status(:forbidden) - |> json(%{error: message}) + nil -> {:error, :not_found} + e -> e end end @@ -1207,8 +1186,10 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do lists = Pleroma.List.get_lists_account_belongs(user, account_id) - res = ListView.render("lists.json", lists: lists) - json(conn, res) + + conn + |> put_view(ListView) + |> render("index.json", %{lists: lists}) end def list_timeline(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do @@ -1363,7 +1344,7 @@ def login(%{assigns: %{user: %User{}}} = conn, _params) do @doc "Local Mastodon FE login init action" def login(conn, %{"code" => auth_token}) do with {:ok, app} <- get_or_make_app(), - %Authorization{} = auth <- Repo.get_by(Authorization, token: auth_token, app_id: app.id), + {:ok, auth} <- Authorization.get_by_token(app, auth_token), {:ok, token} <- Token.exchange_token(app, auth) do conn |> put_session(:oauth_token, token.token) @@ -1375,9 +1356,7 @@ def login(conn, %{"code" => auth_token}) do def login(conn, _) do with {:ok, app} <- get_or_make_app() do path = - o_auth_path( - conn, - :authorize, + o_auth_path(conn, :authorize, response_type: "code", client_id: app.client_id, redirect_uri: ".", @@ -1399,31 +1378,12 @@ defp local_mastodon_root_path(conn) do end end + @spec get_or_make_app() :: {:ok, App.t()} | {:error, Ecto.Changeset.t()} defp get_or_make_app do - find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."} - scopes = ["read", "write", "follow", "push"] - - with %App{} = app <- Repo.get_by(App, find_attrs) do - {:ok, app} = - if app.scopes == scopes do - {:ok, app} - else - app - |> Changeset.change(%{scopes: scopes}) - |> Repo.update() - end - - {:ok, app} - else - _e -> - cs = - App.register_changeset( - %App{}, - Map.put(find_attrs, :scopes, scopes) - ) - - Repo.insert(cs) - end + App.get_or_make( + %{client_name: @local_mastodon_name, redirect_uris: "."}, + ["read", "write", "follow", "push"] + ) end def logout(conn, _) do @@ -1432,26 +1392,13 @@ def logout(conn, _) do |> redirect(to: "/") end - def relationship_noop(%{assigns: %{user: user}} = conn, %{"id" => id}) do - Logger.debug("Unimplemented, returning unmodified relationship") - - with %User{} = target <- User.get_cached_by_id(id) do - conn - |> put_view(AccountView) - |> render("relationship.json", %{user: user, target: target}) - end - end - + # Stubs for unimplemented mastodon api + # def empty_array(conn, _) do Logger.debug("Unimplemented, returning an empty array") json(conn, []) end - def empty_object(conn, _) do - Logger.debug("Unimplemented, returning an empty object") - json(conn, %{}) - end - def get_filters(%{assigns: %{user: user}} = conn, _) do filters = Filter.get_filters(user) res = FilterView.render("filters.json", filters: filters) @@ -1570,7 +1517,7 @@ def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do json(conn, data) else _e -> - %{} + json(conn, %{}) end end @@ -1623,7 +1570,7 @@ def account_register( end end - def account_register(%{assigns: %{app: _app}} = conn, _params) do + def account_register(%{assigns: %{app: _app}} = conn, _) do render_error(conn, :bad_request, "Missing parameters") end @@ -1682,15 +1629,15 @@ def account_confirmation_resend(conn, params) do end end - def try_render(conn, target, params) - when is_binary(target) do + defp try_render(conn, target, params) + when is_binary(target) do case render(conn, target, params) do nil -> render_error(conn, :not_implemented, "Can't display this activity") res -> res end end - def try_render(conn, _, _) do + defp try_render(conn, _, _) do render_error(conn, :not_implemented, "Can't display this activity") end diff --git a/lib/pleroma/web/oauth/app.ex b/lib/pleroma/web/oauth/app.ex index ddcdb1871..cc3fb1ce5 100644 --- a/lib/pleroma/web/oauth/app.ex +++ b/lib/pleroma/web/oauth/app.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.OAuth.App do use Ecto.Schema import Ecto.Changeset + alias Pleroma.Repo @type t :: %__MODULE__{} @@ -39,4 +40,29 @@ def register_changeset(struct, params \\ %{}) do changeset end end + + @doc """ + Gets app by attrs or create new with attrs. + And updates the scopes if need. + """ + @spec get_or_make(map(), list(String.t())) :: {:ok, App.t()} | {:error, Ecto.Changeset.t()} + def get_or_make(attrs, scopes) do + with %__MODULE__{} = app <- Repo.get_by(__MODULE__, attrs) do + update_scopes(app, scopes) + else + _e -> + %__MODULE__{} + |> register_changeset(Map.put(attrs, :scopes, scopes)) + |> Repo.insert() + end + end + + defp update_scopes(%__MODULE__{} = app, []), do: {:ok, app} + defp update_scopes(%__MODULE__{scopes: scopes} = app, scopes), do: {:ok, app} + + defp update_scopes(%__MODULE__{} = app, scopes) do + app + |> change(%{scopes: scopes}) + |> Repo.update() + end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 8eda762c7..bfd838902 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -29,7 +29,7 @@ def register_user(params, opts \\ []) do captcha_enabled = Pleroma.Config.get([Pleroma.Captcha, :enabled]) # true if captcha is disabled or enabled and valid, false otherwise captcha_ok = - if !captcha_enabled do + if not captcha_enabled do :ok else Pleroma.Captcha.validate( diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index e18f8f0d1..a331d6455 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1551,6 +1551,17 @@ test "returns the relationships for the current user", %{conn: conn} do assert to_string(other_user.id) == relationship["id"] end + + test "returns an empty list when bad request", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/relationships", %{}) + + assert [] = json_response(conn, 200) + end end describe "media upload" do @@ -1752,70 +1763,72 @@ test "respects limit_to_local_content == :unauthenticated for remote user nickna end end - test "mascot upload", %{conn: conn} do - user = insert(:user) + describe "/api/v1/pleroma/mascot" do + test "mascot upload", %{conn: conn} do + user = insert(:user) - non_image_file = %Plug.Upload{ - content_type: "audio/mpeg", - path: Path.absname("test/fixtures/sound.mp3"), - filename: "sound.mp3" - } + non_image_file = %Plug.Upload{ + content_type: "audio/mpeg", + path: Path.absname("test/fixtures/sound.mp3"), + filename: "sound.mp3" + } - conn = - conn - |> assign(:user, user) - |> put("/api/v1/pleroma/mascot", %{"file" => non_image_file}) + conn = + conn + |> assign(:user, user) + |> put("/api/v1/pleroma/mascot", %{"file" => non_image_file}) - assert json_response(conn, 415) + assert json_response(conn, 415) - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } - conn = - build_conn() - |> assign(:user, user) - |> put("/api/v1/pleroma/mascot", %{"file" => file}) + conn = + build_conn() + |> assign(:user, user) + |> put("/api/v1/pleroma/mascot", %{"file" => file}) - assert %{"id" => _, "type" => image} = json_response(conn, 200) - end + assert %{"id" => _, "type" => image} = json_response(conn, 200) + end - test "mascot retrieving", %{conn: conn} do - user = insert(:user) - # When user hasn't set a mascot, we should just get pleroma tan back - conn = - conn - |> assign(:user, user) - |> get("/api/v1/pleroma/mascot") + test "mascot retrieving", %{conn: conn} do + user = insert(:user) + # When user hasn't set a mascot, we should just get pleroma tan back + conn = + conn + |> assign(:user, user) + |> get("/api/v1/pleroma/mascot") - assert %{"url" => url} = json_response(conn, 200) - assert url =~ "pleroma-fox-tan-smol" + assert %{"url" => url} = json_response(conn, 200) + assert url =~ "pleroma-fox-tan-smol" - # When a user sets their mascot, we should get that back - file = %Plug.Upload{ - content_type: "image/jpg", - path: Path.absname("test/fixtures/image.jpg"), - filename: "an_image.jpg" - } + # When a user sets their mascot, we should get that back + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } - conn = - build_conn() - |> assign(:user, user) - |> put("/api/v1/pleroma/mascot", %{"file" => file}) + conn = + build_conn() + |> assign(:user, user) + |> put("/api/v1/pleroma/mascot", %{"file" => file}) - assert json_response(conn, 200) + assert json_response(conn, 200) - user = User.get_cached_by_id(user.id) + user = User.get_cached_by_id(user.id) - conn = - build_conn() - |> assign(:user, user) - |> get("/api/v1/pleroma/mascot") + conn = + build_conn() + |> assign(:user, user) + |> get("/api/v1/pleroma/mascot") - assert %{"url" => url, "type" => "image"} = json_response(conn, 200) - assert url =~ "an_image" + assert %{"url" => url, "type" => "image"} = json_response(conn, 200) + assert url =~ "an_image" + end end test "hashtag timeline", %{conn: conn} do @@ -2183,23 +2196,51 @@ test "without notifications", %{conn: conn} do end end - test "subscribing / unsubscribing to a user", %{conn: conn} do - user = insert(:user) - subscription_target = insert(:user) + describe "subscribing / unsubscribing" do + test "subscribing / unsubscribing to a user", %{conn: conn} do + user = insert(:user) + subscription_target = insert(:user) - conn = - conn - |> assign(:user, user) - |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/subscribe") + conn = + conn + |> assign(:user, user) + |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/subscribe") - assert %{"id" => _id, "subscribing" => true} = json_response(conn, 200) + assert %{"id" => _id, "subscribing" => true} = json_response(conn, 200) - conn = - build_conn() - |> assign(:user, user) - |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe") + conn = + build_conn() + |> assign(:user, user) + |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe") - assert %{"id" => _id, "subscribing" => false} = json_response(conn, 200) + assert %{"id" => _id, "subscribing" => false} = json_response(conn, 200) + end + end + + describe "subscribing" do + test "returns 404 when subscription_target not found", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/pleroma/accounts/target_id/subscribe") + + assert %{"error" => "Record not found"} = json_response(conn, 404) + end + end + + describe "unsubscribing" do + test "returns 404 when subscription_target not found", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/pleroma/accounts/target_id/unsubscribe") + + assert %{"error" => "Record not found"} = json_response(conn, 404) + end end test "getting a list of mutes", %{conn: conn} do @@ -2814,6 +2855,15 @@ test "replaces missing description with an empty string", %{conn: conn, user: us } } end + + test "returns empty object when id invalid", %{conn: conn} do + response = + conn + |> get("/api/v1/statuses/9eoozpwTul5mjSEDRI/card") + |> json_response(200) + + assert response == %{} + end end test "bookmarks" do @@ -3133,6 +3183,18 @@ test "redirects to the saved path after log in", %{conn: conn, path: path} do assert conn.status == 302 assert redirected_to(conn) == path end + end + + describe "GET /web/login" do + test "redirects to /oauth/authorize", %{conn: conn} do + app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") + conn = get(conn, "/web/login", %{}) + + assert conn.status == 302 + + assert redirected_to(conn) == + "/oauth/authorize?response_type=code&client_id=#{app.client_id}&redirect_uri=.&scope=read+write+follow+push" + end test "redirects to the getting-started page when referer is not present", %{conn: conn} do app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") @@ -3143,6 +3205,18 @@ test "redirects to the getting-started page when referer is not present", %{conn assert conn.status == 302 assert redirected_to(conn) == "/web/getting-started" end + + test "redirects to the getting-started page when user assigned", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> get("/web/login", %{}) + + assert conn.status == 302 + assert redirected_to(conn) == "/web/getting-started" + end end describe "scheduled activities" do @@ -3401,6 +3475,17 @@ test "Repeated posts that are replies incorrectly have in_reply_to_id null", %{c end describe "create account by app" do + setup do + valid_params = %{ + username: "lain", + email: "lain@example.org", + password: "PlzDontHackLain", + agreement: true + } + + [valid_params: valid_params] + end + test "Account registration via Application", %{conn: conn} do conn = conn @@ -3444,6 +3529,7 @@ test "Account registration via Application", %{conn: conn} do username: "lain", email: "lain@example.org", password: "PlzDontHackLain", + bio: "Test Bio", agreement: true }) @@ -3462,6 +3548,18 @@ test "Account registration via Application", %{conn: conn} do assert token_from_db.user.info.confirmation_pending end + test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do + _user = insert(:user, email: "lain@example.org") + app_token = insert(:oauth_token, user: nil) + + conn = + conn + |> put_req_header("authorization", "Bearer " <> app_token.token) + + res = post(conn, "/api/v1/accounts", valid_params) + assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"} + end + test "rate limit", %{conn: conn} do app_token = insert(:oauth_token, user: nil) @@ -3505,6 +3603,41 @@ test "rate limit", %{conn: conn} do assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"} end + + test "returns bad_request if missing required params", %{ + conn: conn, + valid_params: valid_params + } do + app_token = insert(:oauth_token, user: nil) + + conn = + conn + |> put_req_header("authorization", "Bearer " <> app_token.token) + + res = post(conn, "/api/v1/accounts", valid_params) + assert json_response(res, 200) + + Enum.each(valid_params, fn {attr, _} -> + res = + conn + |> Map.put( + :remote_ip, + {:rand.uniform(15), :rand.uniform(15), :rand.uniform(15), :rand.uniform(15)} + ) + |> post("/api/v1/accounts", Map.delete(valid_params, attr)) + + assert json_response(res, 400) == %{"error" => "Missing parameters"} + end) + end + + test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do + conn = + conn + |> put_req_header("authorization", "Bearer " <> "invalid-token") + + res = post(conn, "/api/v1/accounts", valid_params) + assert json_response(res, 403) == %{"error" => "Invalid credentials"} + end end describe "GET /api/v1/polls/:id" do @@ -3988,4 +4121,115 @@ test "returns suggestions", %{conn: conn, user: user, other_user: other_user} do ] end end + + describe "PUT /api/v1/media/:id" do + setup do + actor = insert(:user) + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, %Object{} = object} = + ActivityPub.upload( + file, + actor: User.ap_id(actor), + description: "test-m" + ) + + [actor: actor, object: object] + end + + test "updates name of media", %{conn: conn, actor: actor, object: object} do + media = + conn + |> assign(:user, actor) + |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"}) + |> json_response(:ok) + + assert media["description"] == "test-media" + assert refresh_record(object).data["name"] == "test-media" + end + + test "returns error wheb request is bad", %{conn: conn, actor: actor, object: object} do + media = + conn + |> assign(:user, actor) + |> put("/api/v1/media/#{object.id}", %{}) + |> json_response(400) + + assert media == %{"error" => "bad_request"} + end + end + + describe "DELETE /auth/sign_out" do + test "redirect to root page", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> delete("/auth/sign_out") + + assert conn.status == 302 + assert redirected_to(conn) == "/" + end + end + + describe "GET /api/v1/accounts/:id/lists - account_lists" do + test "returns lists to which the account belongs", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user) + {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user) + + res = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/#{other_user.id}/lists") + |> json_response(200) + + assert res == [%{"id" => to_string(list.id), "title" => "Test List"}] + end + end + + describe "empty_array, stubs for mastodon api" do + test "GET /api/v1/accounts/:id/identity_proofs", %{conn: conn} do + user = insert(:user) + + res = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/#{user.id}/identity_proofs") + |> json_response(200) + + assert res == [] + end + + test "GET /api/v1/endorsements", %{conn: conn} do + user = insert(:user) + + res = + conn + |> assign(:user, user) + |> get("/api/v1/endorsements") + |> json_response(200) + + assert res == [] + end + + test "GET /api/v1/trends", %{conn: conn} do + user = insert(:user) + + res = + conn + |> assign(:user, user) + |> get("/api/v1/trends") + |> json_response(200) + + assert res == [] + end + end end diff --git a/test/web/oauth/app_test.exs b/test/web/oauth/app_test.exs new file mode 100644 index 000000000..195b8c17f --- /dev/null +++ b/test/web/oauth/app_test.exs @@ -0,0 +1,33 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2018 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.OAuth.AppTest do + use Pleroma.DataCase + + alias Pleroma.Web.OAuth.App + import Pleroma.Factory + + describe "get_or_make/2" do + test "gets exist app" do + attrs = %{client_name: "Mastodon-Local", redirect_uris: "."} + app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]})) + {:ok, %App{} = exist_app} = App.get_or_make(attrs, []) + assert exist_app == app + end + + test "make app" do + attrs = %{client_name: "Mastodon-Local", redirect_uris: "."} + {:ok, %App{} = app} = App.get_or_make(attrs, ["write"]) + assert app.scopes == ["write"] + end + + test "gets exist app and updates scopes" do + attrs = %{client_name: "Mastodon-Local", redirect_uris: "."} + app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]})) + {:ok, %App{} = exist_app} = App.get_or_make(attrs, ["read", "write", "follow", "push"]) + assert exist_app.id == app.id + assert exist_app.scopes == ["read", "write", "follow", "push"] + end + end +end From 58b17196fa3f2583db5ee0534766350ed25727e0 Mon Sep 17 00:00:00 2001 From: Maksim Date: Fri, 13 Sep 2019 03:58:58 +0000 Subject: [PATCH 2/7] Apply suggestion to test/web/mastodon_api/mastodon_api_controller_test.exs --- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index a331d6455..7b337044c 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1552,7 +1552,7 @@ test "returns the relationships for the current user", %{conn: conn} do assert to_string(other_user.id) == relationship["id"] end - test "returns an empty list when bad request", %{conn: conn} do + test "returns an empty list on a bad request", %{conn: conn} do user = insert(:user) conn = From d8a178274bd1eb642270e52f207849014cba12bc Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 13 Sep 2019 07:12:34 +0300 Subject: [PATCH 3/7] fix Activity.get_by_id --- lib/pleroma/activity.ex | 15 +++++++++++---- .../mastodon_api/mastodon_api_controller_test.exs | 9 +++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 2d4e9da0c..56c51aef8 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -150,11 +150,18 @@ def get_by_ap_id_with_object(ap_id) do ) end + @spec get_by_id(String.t()) :: Activity.t() | nil def get_by_id(id) do - Activity - |> where([a], a.id == ^id) - |> restrict_deactivated_users() - |> Repo.one() + case Pleroma.FlakeId.is_flake_id?(id) do + true -> + Activity + |> where([a], a.id == ^id) + |> restrict_deactivated_users() + |> Repo.one() + + _ -> + nil + end end def get_by_id_with_object(id) do diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 7b337044c..35c2236c8 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -2864,6 +2864,15 @@ test "returns empty object when id invalid", %{conn: conn} do assert response == %{} end + + test "returns empty object when id isn't FlakeID", %{conn: conn} do + response = + conn + |> get("/api/v1/statuses/3ebbadd1-eb14-4e20-8118/card") + |> json_response(200) + + assert response == %{} + end end test "bookmarks" do From ec5aaf5bd72c91db93a9dbfbe73b58cf7ae5e566 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 13 Sep 2019 14:59:58 +0300 Subject: [PATCH 4/7] fix tests --- .../mastodon_api/mastodon_api_controller_test.exs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 35c2236c8..f899d77d9 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3626,16 +3626,16 @@ test "returns bad_request if missing required params", %{ res = post(conn, "/api/v1/accounts", valid_params) assert json_response(res, 200) - Enum.each(valid_params, fn {attr, _} -> + [{127,0,0,1}, {127,0,0,2}, {127,0,0,3}, {127,0,0,4}] + |> Stream.zip(valid_params) + |> Enum.each(fn {ip, {attr, _}} -> res = conn - |> Map.put( - :remote_ip, - {:rand.uniform(15), :rand.uniform(15), :rand.uniform(15), :rand.uniform(15)} - ) + |> Map.put(:remote_ip, ip) |> post("/api/v1/accounts", Map.delete(valid_params, attr)) + |> json_response(400) - assert json_response(res, 400) == %{"error" => "Missing parameters"} + assert res == %{"error" => "Missing parameters"} end) end From bc3e8c033bbef303890ff6afa92d1fe365e530fb Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 13 Sep 2019 15:06:34 +0300 Subject: [PATCH 5/7] fix formatting --- test/web/mastodon_api/mastodon_api_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index f899d77d9..58efbba38 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -3626,7 +3626,7 @@ test "returns bad_request if missing required params", %{ res = post(conn, "/api/v1/accounts", valid_params) assert json_response(res, 200) - [{127,0,0,1}, {127,0,0,2}, {127,0,0,3}, {127,0,0,4}] + [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}] |> Stream.zip(valid_params) |> Enum.each(fn {ip, {attr, _}} -> res = From 494bb6bac64361860db194aed57618450a76177d Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Mon, 23 Sep 2019 22:37:30 +0300 Subject: [PATCH 6/7] updated tests --- .../controllers/mastodon_api_controller.ex | 18 ++++----- .../web/mastodon_api/views/status_view.ex | 4 +- .../mastodon_api_controller_test.exs | 39 ++++++++++++------- 3 files changed, 35 insertions(+), 26 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex index 0c2b8dbb7..da74e4aa2 100644 --- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex @@ -44,6 +44,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Scopes alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.RichMedia alias Pleroma.Web.TwitterAPI.TwitterAPI alias Pleroma.Web.ControllerHelper @@ -1530,19 +1531,16 @@ defp fetch_suggestion_id(attrs) do end end - def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do - with %Activity{} = activity <- Activity.get_by_id(status_id), + def status_card(%{assigns: %{user: user}} = conn, %{"id" => id}) do + with %Activity{} = activity <- Activity.get_by_id(id), true <- Visibility.visible_for_user?(activity, user) do - data = - StatusView.render( - "card.json", - Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) - ) + data = RichMedia.Helpers.fetch_data_for_activity(activity) - json(conn, data) + conn + |> put_view(StatusView) + |> render("card.json", data) else - _e -> - json(conn, %{}) + _e -> {:error, :not_found} end end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index ef796cddd..0450ed4d9 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -343,9 +343,7 @@ def render("card.json", %{rich_media: rich_media, page_url: page_url}) do } end - def render("card.json", _) do - nil - end + def render("card.json", _), do: nil def render("attachment.json", %{attachment: attachment}) do [attachment_url | _] = attachment["url"] diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 46e74fc75..14cd71aa8 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -2798,6 +2798,18 @@ test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do %{user: user} end + test "returns empty result when rich_media disabled", %{conn: conn, user: user} do + Config.put([:rich_media, :enabled], false) + {:ok, activity} = CommonAPI.post(user, %{"status" => "https://example.com/ogp"}) + + response = + conn + |> get("/api/v1/statuses/#{activity.id}/card") + |> json_response(200) + + assert response == nil + end + test "returns rich-media card", %{conn: conn, user: user} do {:ok, activity} = CommonAPI.post(user, %{"status" => "https://example.com/ogp"}) @@ -2869,22 +2881,23 @@ test "replaces missing description with an empty string", %{conn: conn, user: us } end - test "returns empty object when id invalid", %{conn: conn} do - response = - conn - |> get("/api/v1/statuses/9eoozpwTul5mjSEDRI/card") - |> json_response(200) - - assert response == %{} + test "returns 404 response when id invalid", %{conn: conn} do + assert %{"error" => "Record not found"} = + conn + |> get("/api/v1/statuses/9eoozpwTul5mjSEDRI/card") + |> json_response(404) end - test "returns empty object when id isn't FlakeID", %{conn: conn} do - response = - conn - |> get("/api/v1/statuses/3ebbadd1-eb14-4e20-8118/card") - |> json_response(200) + test "returns 404 response when id isn't FlakeID", %{conn: conn} do + assert %{"error" => "Record not found"} = + conn + |> get("/api/v1/statuses/3ebbadd1-eb14-4e20-8118/card") + |> json_response(404) - assert response == %{} + assert %{"error" => "Record not found"} = + conn + |> get("/api/v1/statuses/8118/card") + |> json_response(404) end end From 73ae38ca04df02656bfb239ceba4ffe64879e927 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Thu, 26 Sep 2019 21:08:04 +0300 Subject: [PATCH 7/7] add deprecated tag --- .../web/mastodon_api/controllers/mastodon_api_controller.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex index 5e1977b8e..8f6b3456a 100644 --- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex @@ -1474,6 +1474,8 @@ defp fetch_suggestion_id(attrs) do end end + @doc false + @deprecated "https://github.com/tootsuite/mastodon/pull/11213" def status_card(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Activity.get_by_id(id), true <- Visibility.visible_for_user?(activity, user) do