1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
6 use Pleroma.DataCase, async: false
9 alias Pleroma.UserRelationship
10 alias Pleroma.Web.CommonAPI
11 alias Pleroma.Web.MastodonAPI.AccountView
13 import Pleroma.Factory
17 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
21 test "Represent a user account" do
23 "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
30 background: background_image,
31 nickname: "shp@shitposter.club",
32 name: ":karjalanpiirakka: shp",
34 "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
35 inserted_at: ~N[2017-08-15 15:47:06.597036],
36 emoji: %{"karjalanpiirakka" => "/file.png"},
37 raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
38 also_known_as: ["https://shitposter.zone/users/shp"]
42 id: to_string(user.id),
45 display_name: user.name,
47 created_at: "2017-08-15T15:47:06.000Z",
51 note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f '&<>"",
53 avatar: "http://localhost:4001/images/avi.png",
54 avatar_static: "http://localhost:4001/images/avi.png",
55 header: "http://localhost:4001/images/banner.png",
56 header_static: "http://localhost:4001/images/banner.png",
59 static_url: "/file.png",
61 shortcode: "karjalanpiirakka",
62 visible_in_picker: false
68 note: "valid html. a\nb\nc\nd\nf '&<>\"",
76 fqn: "shp@shitposter.club",
80 also_known_as: ["https://shitposter.zone/users/shp"],
81 background_image: "https://example.com/images/asuka_hospital.png",
90 hide_followers: false,
92 hide_followers_count: false,
93 hide_follows_count: false,
95 skip_thread_containment: false,
96 accepts_chat_messages: nil
100 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
103 describe "roles and privileges" do
105 clear_config([:instance, :moderator_privileges], [:cofe, :only_moderator])
106 clear_config([:instance, :admin_privileges], [:cofe, :only_admin])
110 moderator: insert(:user, is_moderator: true),
111 admin: insert(:user, is_admin: true),
112 moderator_admin: insert(:user, is_moderator: true, is_admin: true),
113 user_no_show_roles: insert(:user, show_role: false),
114 moderator_admin_no_show_roles:
115 insert(:user, is_moderator: true, is_admin: true, show_role: false)
119 test "shows roles and privileges when show_role: true", %{
121 moderator: moderator,
123 moderator_admin: moderator_admin,
124 user_no_show_roles: user_no_show_roles,
125 moderator_admin_no_show_roles: moderator_admin_no_show_roles
127 assert %{pleroma: %{is_moderator: false, is_admin: false}} =
128 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
131 AccountView.render("show.json", %{user: user, skip_visibility_check: true})[
136 assert %{pleroma: %{is_moderator: true, is_admin: false}} =
137 AccountView.render("show.json", %{user: moderator, skip_visibility_check: true})
139 assert [:cofe, :only_moderator] ==
140 AccountView.render("show.json", %{user: moderator, skip_visibility_check: true})[
145 assert %{pleroma: %{is_moderator: false, is_admin: true}} =
146 AccountView.render("show.json", %{user: admin, skip_visibility_check: true})
148 assert [:cofe, :only_admin] ==
149 AccountView.render("show.json", %{user: admin, skip_visibility_check: true})[
154 assert %{pleroma: %{is_moderator: true, is_admin: true}} =
155 AccountView.render("show.json", %{
156 user: moderator_admin,
157 skip_visibility_check: true
160 assert [:cofe, :only_admin, :only_moderator] ==
161 AccountView.render("show.json", %{
162 user: moderator_admin,
163 skip_visibility_check: true
164 })[:pleroma][:privileges]
168 %{pleroma: %{is_moderator: _}},
169 AccountView.render("show.json", %{
170 user: user_no_show_roles,
171 skip_visibility_check: true
176 %{pleroma: %{is_admin: _}},
177 AccountView.render("show.json", %{
178 user: user_no_show_roles,
179 skip_visibility_check: true
184 %{pleroma: %{privileges: _}},
185 AccountView.render("show.json", %{
186 user: user_no_show_roles,
187 skip_visibility_check: true
192 %{pleroma: %{is_moderator: _}},
193 AccountView.render("show.json", %{
194 user: moderator_admin_no_show_roles,
195 skip_visibility_check: true
200 %{pleroma: %{is_admin: _}},
201 AccountView.render("show.json", %{
202 user: moderator_admin_no_show_roles,
203 skip_visibility_check: true
208 %{pleroma: %{privileges: _}},
209 AccountView.render("show.json", %{
210 user: moderator_admin_no_show_roles,
211 skip_visibility_check: true
216 test "shows roles and privileges when viewing own account, even when show_role: false", %{
217 user_no_show_roles: user_no_show_roles,
218 moderator_admin_no_show_roles: moderator_admin_no_show_roles
220 assert %{pleroma: %{is_moderator: false, is_admin: false, privileges: []}} =
221 AccountView.render("show.json", %{
222 user: user_no_show_roles,
223 skip_visibility_check: true,
224 for: user_no_show_roles
231 privileges: privileges
234 AccountView.render("show.json", %{
235 user: moderator_admin_no_show_roles,
236 skip_visibility_check: true,
237 for: moderator_admin_no_show_roles
240 assert [:cofe, :only_admin, :only_moderator] == privileges |> Enum.sort()
244 describe "favicon" do
246 [user: insert(:user)]
249 test "is parsed when :instance_favicons is enabled", %{user: user} do
250 clear_config([:instances_favicons, :enabled], true)
255 "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
257 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
260 test "is nil when :instances_favicons is disabled", %{user: user} do
261 assert %{pleroma: %{favicon: nil}} =
262 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
266 test "Represent the user account for the account owner" do
269 notification_settings = %{
270 block_from_strangers: false,
271 hide_notification_contents: false
274 privacy = user.default_scope
277 pleroma: %{notification_settings: ^notification_settings, allow_following_move: true},
278 source: %{privacy: ^privacy}
279 } = AccountView.render("show.json", %{user: user, for: user})
282 test "Represent a Service(bot) account" do
287 actor_type: "Service",
288 nickname: "shp@shitposter.club",
289 inserted_at: ~N[2017-08-15 15:47:06.597036]
293 id: to_string(user.id),
296 display_name: user.name,
298 created_at: "2017-08-15T15:47:06.000Z",
304 avatar: "http://localhost:4001/images/avi.png",
305 avatar_static: "http://localhost:4001/images/avi.png",
306 header: "http://localhost:4001/images/banner.png",
307 header_static: "http://localhost:4001/images/banner.png",
315 actor_type: "Service",
320 fqn: "shp@shitposter.club",
325 background_image: nil,
333 hide_favorites: true,
334 hide_followers: false,
336 hide_followers_count: false,
337 hide_follows_count: false,
339 skip_thread_containment: false,
340 accepts_chat_messages: nil
344 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
347 test "Represent a Funkwhale channel" do
349 User.get_or_fetch_by_ap_id(
350 "https://channels.tests.funkwhale.audio/federation/actors/compositions"
354 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
356 assert represented.acct == "compositions@channels.tests.funkwhale.audio"
357 assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
360 test "Represent a deactivated user for a privileged user" do
361 clear_config([:instance, :moderator_privileges], [:users_manage_activation_state])
363 admin = insert(:user, is_moderator: true)
364 deactivated_user = insert(:user, is_active: false)
365 represented = AccountView.render("show.json", %{user: deactivated_user, for: admin})
366 assert represented[:pleroma][:deactivated] == true
369 test "Represent a smaller mention" do
373 id: to_string(user.id),
375 username: user.nickname,
379 assert expected == AccountView.render("mention.json", %{user: user})
382 test "demands :for or :skip_visibility_check option for account rendering" do
383 clear_config([:restrict_unauthenticated, :profiles, :local], false)
388 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
389 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
391 assert %{id: ^user_id} =
392 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
394 assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
395 AccountView.render("show.json", %{user: user})
399 describe "relationship" do
400 defp test_relationship_rendering(user, other_user, expected_result) do
401 opts = %{user: user, target: other_user, relationships: nil}
402 assert expected_result == AccountView.render("relationship.json", opts)
404 relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
405 opts = Map.put(opts, :relationships, relationships_opt)
406 assert expected_result == AccountView.render("relationship.json", opts)
408 assert [expected_result] ==
409 AccountView.render("relationships.json", %{user: user, targets: [other_user]})
418 muting_notifications: false,
422 domain_blocking: false,
423 showing_reblogs: true,
428 test "represent a relationship for the following and followed user" do
430 other_user = insert(:user)
432 {:ok, user, other_user} = User.follow(user, other_user)
433 {:ok, other_user, user} = User.follow(other_user, user)
434 {:ok, _subscription} = User.subscribe(user, other_user)
435 {:ok, _user_relationships} = User.mute(user, other_user, %{notifications: true})
436 {:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, other_user)
445 muting_notifications: true,
448 showing_reblogs: false,
449 id: to_string(other_user.id)
453 test_relationship_rendering(user, other_user, expected)
456 test "represent a relationship for the blocking and blocked user" do
458 other_user = insert(:user)
460 {:ok, user, other_user} = User.follow(user, other_user)
461 {:ok, _subscription} = User.subscribe(user, other_user)
462 {:ok, _user_relationship} = User.block(user, other_user)
463 {:ok, _user_relationship} = User.block(other_user, user)
468 %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
471 test_relationship_rendering(user, other_user, expected)
474 test "represent a relationship for the user blocking a domain" do
476 other_user = insert(:user, ap_id: "https://bad.site/users/other_user")
478 {:ok, user} = User.block_domain(user, "bad.site")
483 %{domain_blocking: true, blocking: false, id: to_string(other_user.id)}
486 test_relationship_rendering(user, other_user, expected)
489 test "represent a relationship for the user with a pending follow request" do
491 other_user = insert(:user, is_locked: true)
493 {:ok, user, other_user, _} = CommonAPI.follow(user, other_user)
494 user = User.get_cached_by_id(user.id)
495 other_user = User.get_cached_by_id(other_user.id)
500 %{requested: true, following: false, id: to_string(other_user.id)}
503 test_relationship_rendering(user, other_user, expected)
507 test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
508 user = insert(:user, pleroma_settings_store: %{fe: "test"})
511 AccountView.render("show.json", %{user: user, for: user, with_pleroma_settings: true})
513 assert result.pleroma.settings_store == %{:fe => "test"}
515 result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
516 assert result.pleroma[:settings_store] == nil
518 result = AccountView.render("show.json", %{user: user, for: user})
519 assert result.pleroma[:settings_store] == nil
522 test "doesn't sanitize display names" do
523 user = insert(:user, name: "<marquee> username </marquee>")
524 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
525 assert result.display_name == "<marquee> username </marquee>"
528 test "never display nil user follow counts" do
529 user = insert(:user, following_count: 0, follower_count: 0)
530 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
532 assert result.following_count == 0
533 assert result.followers_count == 0
536 describe "hiding follows/following" do
537 test "shows when follows/followers stats are hidden and sets follow/follower count to 0" do
540 hide_followers: true,
541 hide_followers_count: true,
543 hide_follows_count: true
546 other_user = insert(:user)
547 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
548 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
553 pleroma: %{hide_follows_count: true, hide_followers_count: true}
554 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
557 test "shows when follows/followers are hidden" do
558 user = insert(:user, hide_followers: true, hide_follows: true)
559 other_user = insert(:user)
560 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
561 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
566 pleroma: %{hide_follows: true, hide_followers: true}
567 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
570 test "shows actual follower/following count to the account owner" do
571 user = insert(:user, hide_followers: true, hide_follows: true)
572 other_user = insert(:user)
573 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
575 assert User.following?(user, other_user)
576 assert Pleroma.FollowingRelationship.follower_count(other_user) == 1
577 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
582 } = AccountView.render("show.json", %{user: user, for: user})
585 test "shows unread_conversation_count only to the account owner" do
587 other_user = insert(:user)
590 CommonAPI.post(other_user, %{
591 status: "Hey @#{user.nickname}.",
595 user = User.get_cached_by_ap_id(user.ap_id)
597 assert AccountView.render("show.json", %{user: user, for: other_user})[:pleroma][
598 :unread_conversation_count
601 assert AccountView.render("show.json", %{user: user, for: user})[:pleroma][
602 :unread_conversation_count
606 test "shows unread_count only to the account owner" do
608 insert_list(7, :notification, user: user, activity: insert(:note_activity))
609 other_user = insert(:user)
611 user = User.get_cached_by_ap_id(user.ap_id)
613 assert AccountView.render(
615 %{user: user, for: other_user}
616 )[:pleroma][:unread_notifications_count] == nil
618 assert AccountView.render(
620 %{user: user, for: user}
621 )[:pleroma][:unread_notifications_count] == 7
624 test "shows email only to the account owner" do
626 other_user = insert(:user)
628 user = User.get_cached_by_ap_id(user.ap_id)
630 assert AccountView.render(
632 %{user: user, for: other_user}
633 )[:pleroma][:email] == nil
635 assert AccountView.render(
637 %{user: user, for: user}
638 )[:pleroma][:email] == user.email
642 describe "hiding birthday" do
643 test "doesn't show birthday if hidden" do
646 birthday: "2001-02-12",
650 other_user = insert(:user)
652 user = User.get_cached_by_ap_id(user.ap_id)
654 assert AccountView.render(
656 %{user: user, for: other_user}
660 test "shows hidden birthday to the account owner" do
663 birthday: "2001-02-12",
667 user = User.get_cached_by_ap_id(user.ap_id)
669 assert AccountView.render(
671 %{user: user, for: user}
676 describe "follow requests counter" do
677 test "shows zero when no follow requests are pending" do
680 assert %{follow_requests_count: 0} =
681 AccountView.render("show.json", %{user: user, for: user})
683 other_user = insert(:user)
684 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
686 assert %{follow_requests_count: 0} =
687 AccountView.render("show.json", %{user: user, for: user})
690 test "shows non-zero when follow requests are pending" do
691 user = insert(:user, is_locked: true)
693 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
695 other_user = insert(:user)
696 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
698 assert %{locked: true, follow_requests_count: 1} =
699 AccountView.render("show.json", %{user: user, for: user})
702 test "decreases when accepting a follow request" do
703 user = insert(:user, is_locked: true)
705 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
707 other_user = insert(:user)
708 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
710 assert %{locked: true, follow_requests_count: 1} =
711 AccountView.render("show.json", %{user: user, for: user})
713 {:ok, _other_user} = CommonAPI.accept_follow_request(other_user, user)
715 assert %{locked: true, follow_requests_count: 0} =
716 AccountView.render("show.json", %{user: user, for: user})
719 test "decreases when rejecting a follow request" do
720 user = insert(:user, is_locked: true)
722 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
724 other_user = insert(:user)
725 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
727 assert %{locked: true, follow_requests_count: 1} =
728 AccountView.render("show.json", %{user: user, for: user})
730 {:ok, _other_user} = CommonAPI.reject_follow_request(other_user, user)
732 assert %{locked: true, follow_requests_count: 0} =
733 AccountView.render("show.json", %{user: user, for: user})
736 test "shows non-zero when historical unapproved requests are present" do
737 user = insert(:user, is_locked: true)
739 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
741 other_user = insert(:user)
742 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
744 {:ok, user} = User.update_and_set_cache(user, %{is_locked: false})
746 assert %{locked: false, follow_requests_count: 1} =
747 AccountView.render("show.json", %{user: user, for: user})
751 test "uses mediaproxy urls when it's enabled (regardless of media preview proxy state)" do
752 clear_config([:media_proxy, :enabled], true)
753 clear_config([:media_preview_proxy, :enabled])
757 avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
758 banner: %{"url" => [%{"href" => "https://evil.website/banner.png"}]},
759 emoji: %{"joker_smile" => "https://evil.website/society.png"}
762 with media_preview_enabled <- [false, true] do
763 clear_config([:media_preview_proxy, :enabled], media_preview_enabled)
765 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
767 {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
768 String.starts_with?(url, Pleroma.Web.Endpoint.url())
771 Enum.all?(emojis, fn %{url: url, static_url: static_url} ->
772 String.starts_with?(url, Pleroma.Web.Endpoint.url()) &&
773 String.starts_with?(static_url, Pleroma.Web.Endpoint.url())
783 test "renders mute expiration date" do
785 other_user = insert(:user)
787 {:ok, _user_relationships} =
788 User.mute(user, other_user, %{notifications: true, duration: 24 * 60 * 60})
791 mute_expires_at: mute_expires_at
792 } = AccountView.render("show.json", %{user: other_user, for: user, mutes: true})
794 assert DateTime.diff(
796 DateTime.utc_now() |> DateTime.add(24 * 60 * 60)