1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
6 use Pleroma.DataCase, async: false
8 alias Pleroma.UnstubbedConfigMock, as: ConfigMock
10 alias Pleroma.UserRelationship
11 alias Pleroma.Web.CommonAPI
12 alias Pleroma.Web.MastodonAPI.AccountView
15 import Pleroma.Factory
19 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
23 test "Represent a user account" do
25 "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
32 background: background_image,
33 nickname: "shp@shitposter.club",
34 name: ":karjalanpiirakka: shp",
36 "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
37 inserted_at: ~N[2017-08-15 15:47:06.597036],
38 emoji: %{"karjalanpiirakka" => "/file.png"},
39 raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
40 also_known_as: ["https://shitposter.zone/users/shp"],
41 last_status_at: NaiveDateTime.utc_now()
45 id: to_string(user.id),
48 display_name: user.name,
50 created_at: "2017-08-15T15:47:06.000Z",
54 note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f '&<>"",
56 avatar: "http://localhost:4001/images/avi.png",
57 avatar_static: "http://localhost:4001/images/avi.png",
58 header: "http://localhost:4001/images/banner.png",
59 header_static: "http://localhost:4001/images/banner.png",
62 static_url: "/file.png",
64 shortcode: "karjalanpiirakka",
65 visible_in_picker: false
71 note: "valid html. a\nb\nc\nd\nf '&<>\"",
79 fqn: "shp@shitposter.club",
80 last_status_at: user.last_status_at |> NaiveDateTime.to_date() |> Date.to_iso8601(),
83 also_known_as: ["https://shitposter.zone/users/shp"],
84 background_image: "https://example.com/images/asuka_hospital.png",
93 hide_followers: false,
95 hide_followers_count: false,
96 hide_follows_count: false,
98 skip_thread_containment: false,
99 accepts_chat_messages: nil
103 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
106 describe "roles and privileges" do
108 clear_config([:instance, :moderator_privileges], [:cofe, :only_moderator])
109 clear_config([:instance, :admin_privileges], [:cofe, :only_admin])
113 moderator: insert(:user, is_moderator: true),
114 admin: insert(:user, is_admin: true),
115 moderator_admin: insert(:user, is_moderator: true, is_admin: true),
116 user_no_show_roles: insert(:user, show_role: false),
117 moderator_admin_no_show_roles:
118 insert(:user, is_moderator: true, is_admin: true, show_role: false)
122 test "shows roles and privileges when show_role: true", %{
124 moderator: moderator,
126 moderator_admin: moderator_admin,
127 user_no_show_roles: user_no_show_roles,
128 moderator_admin_no_show_roles: moderator_admin_no_show_roles
130 assert %{pleroma: %{is_moderator: false, is_admin: false}} =
131 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
134 AccountView.render("show.json", %{user: user, skip_visibility_check: true})[
139 assert %{pleroma: %{is_moderator: true, is_admin: false}} =
140 AccountView.render("show.json", %{user: moderator, skip_visibility_check: true})
142 assert [:cofe, :only_moderator] ==
143 AccountView.render("show.json", %{user: moderator, skip_visibility_check: true})[
148 assert %{pleroma: %{is_moderator: false, is_admin: true}} =
149 AccountView.render("show.json", %{user: admin, skip_visibility_check: true})
151 assert [:cofe, :only_admin] ==
152 AccountView.render("show.json", %{user: admin, skip_visibility_check: true})[
157 assert %{pleroma: %{is_moderator: true, is_admin: true}} =
158 AccountView.render("show.json", %{
159 user: moderator_admin,
160 skip_visibility_check: true
163 assert [:cofe, :only_admin, :only_moderator] ==
164 AccountView.render("show.json", %{
165 user: moderator_admin,
166 skip_visibility_check: true
167 })[:pleroma][:privileges]
171 %{pleroma: %{is_moderator: _}},
172 AccountView.render("show.json", %{
173 user: user_no_show_roles,
174 skip_visibility_check: true
179 %{pleroma: %{is_admin: _}},
180 AccountView.render("show.json", %{
181 user: user_no_show_roles,
182 skip_visibility_check: true
187 %{pleroma: %{privileges: _}},
188 AccountView.render("show.json", %{
189 user: user_no_show_roles,
190 skip_visibility_check: true
195 %{pleroma: %{is_moderator: _}},
196 AccountView.render("show.json", %{
197 user: moderator_admin_no_show_roles,
198 skip_visibility_check: true
203 %{pleroma: %{is_admin: _}},
204 AccountView.render("show.json", %{
205 user: moderator_admin_no_show_roles,
206 skip_visibility_check: true
211 %{pleroma: %{privileges: _}},
212 AccountView.render("show.json", %{
213 user: moderator_admin_no_show_roles,
214 skip_visibility_check: true
219 test "shows roles and privileges when viewing own account, even when show_role: false", %{
220 user_no_show_roles: user_no_show_roles,
221 moderator_admin_no_show_roles: moderator_admin_no_show_roles
223 assert %{pleroma: %{is_moderator: false, is_admin: false, privileges: []}} =
224 AccountView.render("show.json", %{
225 user: user_no_show_roles,
226 skip_visibility_check: true,
227 for: user_no_show_roles
234 privileges: privileges
237 AccountView.render("show.json", %{
238 user: moderator_admin_no_show_roles,
239 skip_visibility_check: true,
240 for: moderator_admin_no_show_roles
243 assert [:cofe, :only_admin, :only_moderator] == privileges |> Enum.sort()
247 describe "favicon" do
249 [user: insert(:user)]
252 test "is parsed when :instance_favicons is enabled", %{user: user} do
253 clear_config([:instances_favicons, :enabled], true)
258 "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
260 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
263 test "is nil when :instances_favicons is disabled", %{user: user} do
264 assert %{pleroma: %{favicon: nil}} =
265 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
269 test "Represent the user account for the account owner" do
272 notification_settings = %{
273 block_from_strangers: false,
274 hide_notification_contents: false
277 privacy = user.default_scope
280 pleroma: %{notification_settings: ^notification_settings, allow_following_move: true},
281 source: %{privacy: ^privacy}
282 } = AccountView.render("show.json", %{user: user, for: user})
285 test "Represent a Service(bot) account" do
290 actor_type: "Service",
291 nickname: "shp@shitposter.club",
292 inserted_at: ~N[2017-08-15 15:47:06.597036]
296 id: to_string(user.id),
299 display_name: user.name,
301 created_at: "2017-08-15T15:47:06.000Z",
307 avatar: "http://localhost:4001/images/avi.png",
308 avatar_static: "http://localhost:4001/images/avi.png",
309 header: "http://localhost:4001/images/banner.png",
310 header_static: "http://localhost:4001/images/banner.png",
318 actor_type: "Service",
323 fqn: "shp@shitposter.club",
328 background_image: nil,
336 hide_favorites: true,
337 hide_followers: false,
339 hide_followers_count: false,
340 hide_follows_count: false,
342 skip_thread_containment: false,
343 accepts_chat_messages: nil
347 assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
350 test "Represent a Funkwhale channel" do
352 User.get_or_fetch_by_ap_id(
353 "https://channels.tests.funkwhale.audio/federation/actors/compositions"
357 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
359 assert represented.acct == "compositions@channels.tests.funkwhale.audio"
360 assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
363 test "Represent a deactivated user for a privileged user" do
364 clear_config([:instance, :moderator_privileges], [:users_manage_activation_state])
366 admin = insert(:user, is_moderator: true)
367 deactivated_user = insert(:user, is_active: false)
368 represented = AccountView.render("show.json", %{user: deactivated_user, for: admin})
369 assert represented[:pleroma][:deactivated] == true
372 test "Represent a smaller mention" do
376 id: to_string(user.id),
378 username: user.nickname,
382 assert expected == AccountView.render("mention.json", %{user: user})
385 test "demands :for or :skip_visibility_check option for account rendering" do
386 clear_config([:restrict_unauthenticated, :profiles, :local], false)
391 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
392 assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
394 assert %{id: ^user_id} =
395 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
397 assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
398 AccountView.render("show.json", %{user: user})
402 describe "relationship" do
403 defp test_relationship_rendering(user, other_user, expected_result) do
404 opts = %{user: user, target: other_user, relationships: nil}
405 assert expected_result == AccountView.render("relationship.json", opts)
407 relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
408 opts = Map.put(opts, :relationships, relationships_opt)
409 assert expected_result == AccountView.render("relationship.json", opts)
411 assert [expected_result] ==
412 AccountView.render("relationships.json", %{user: user, targets: [other_user]})
421 muting_notifications: false,
425 domain_blocking: false,
426 showing_reblogs: true,
431 test "represent a relationship for the following and followed user" do
433 other_user = insert(:user)
435 {:ok, user, other_user} = User.follow(user, other_user)
436 {:ok, other_user, user} = User.follow(other_user, user)
437 {:ok, _subscription} = User.subscribe(user, other_user)
438 {:ok, _user_relationships} = User.mute(user, other_user, %{notifications: true})
439 {:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, other_user)
448 muting_notifications: true,
451 showing_reblogs: false,
452 id: to_string(other_user.id)
456 test_relationship_rendering(user, other_user, expected)
459 test "represent a relationship for the blocking and blocked user" do
461 other_user = insert(:user)
463 {:ok, user, other_user} = User.follow(user, other_user)
464 {:ok, _subscription} = User.subscribe(user, other_user)
465 {:ok, _user_relationship} = User.block(user, other_user)
466 {:ok, _user_relationship} = User.block(other_user, user)
471 %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
474 test_relationship_rendering(user, other_user, expected)
477 test "represent a relationship for the user blocking a domain" do
479 other_user = insert(:user, ap_id: "https://bad.site/users/other_user")
481 {:ok, user} = User.block_domain(user, "bad.site")
486 %{domain_blocking: true, blocking: false, id: to_string(other_user.id)}
489 test_relationship_rendering(user, other_user, expected)
492 test "represent a relationship for the user with a pending follow request" do
494 other_user = insert(:user, is_locked: true)
496 {:ok, user, other_user, _} = CommonAPI.follow(user, other_user)
497 user = User.get_cached_by_id(user.id)
498 other_user = User.get_cached_by_id(other_user.id)
503 %{requested: true, following: false, id: to_string(other_user.id)}
506 test_relationship_rendering(user, other_user, expected)
510 test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
511 user = insert(:user, pleroma_settings_store: %{fe: "test"})
514 AccountView.render("show.json", %{user: user, for: user, with_pleroma_settings: true})
516 assert result.pleroma.settings_store == %{:fe => "test"}
518 result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
519 assert result.pleroma[:settings_store] == nil
521 result = AccountView.render("show.json", %{user: user, for: user})
522 assert result.pleroma[:settings_store] == nil
525 test "doesn't sanitize display names" do
526 user = insert(:user, name: "<marquee> username </marquee>")
527 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
528 assert result.display_name == "<marquee> username </marquee>"
531 test "never display nil user follow counts" do
532 user = insert(:user, following_count: 0, follower_count: 0)
533 result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
535 assert result.following_count == 0
536 assert result.followers_count == 0
539 describe "hiding follows/following" do
540 test "shows when follows/followers stats are hidden and sets follow/follower count to 0" do
543 hide_followers: true,
544 hide_followers_count: true,
546 hide_follows_count: true
549 other_user = insert(:user)
550 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
551 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
556 pleroma: %{hide_follows_count: true, hide_followers_count: true}
557 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
560 test "shows when follows/followers are hidden" do
561 user = insert(:user, hide_followers: true, hide_follows: true)
562 other_user = insert(:user)
563 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
564 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
569 pleroma: %{hide_follows: true, hide_followers: true}
570 } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
573 test "shows actual follower/following count to the account owner" do
574 user = insert(:user, hide_followers: true, hide_follows: true)
575 other_user = insert(:user)
576 {:ok, user, other_user, _activity} = CommonAPI.follow(user, other_user)
578 assert User.following?(user, other_user)
579 assert Pleroma.FollowingRelationship.follower_count(other_user) == 1
580 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
585 } = AccountView.render("show.json", %{user: user, for: user})
588 test "shows unread_conversation_count only to the account owner" do
590 other_user = insert(:user)
593 CommonAPI.post(other_user, %{
594 status: "Hey @#{user.nickname}.",
598 user = User.get_cached_by_ap_id(user.ap_id)
600 assert AccountView.render("show.json", %{user: user, for: other_user})[:pleroma][
601 :unread_conversation_count
604 assert AccountView.render("show.json", %{user: user, for: user})[:pleroma][
605 :unread_conversation_count
609 test "shows unread_count only to the account owner" do
611 insert_list(7, :notification, user: user, activity: insert(:note_activity))
612 other_user = insert(:user)
614 user = User.get_cached_by_ap_id(user.ap_id)
616 assert AccountView.render(
618 %{user: user, for: other_user}
619 )[:pleroma][:unread_notifications_count] == nil
621 assert AccountView.render(
623 %{user: user, for: user}
624 )[:pleroma][:unread_notifications_count] == 7
627 test "shows email only to the account owner" do
629 other_user = insert(:user)
631 user = User.get_cached_by_ap_id(user.ap_id)
633 assert AccountView.render(
635 %{user: user, for: other_user}
636 )[:pleroma][:email] == nil
638 assert AccountView.render(
640 %{user: user, for: user}
641 )[:pleroma][:email] == user.email
645 describe "hiding birthday" do
646 test "doesn't show birthday if hidden" do
649 birthday: "2001-02-12",
653 other_user = insert(:user)
655 user = User.get_cached_by_ap_id(user.ap_id)
657 assert AccountView.render(
659 %{user: user, for: other_user}
663 test "shows hidden birthday to the account owner" do
666 birthday: "2001-02-12",
670 user = User.get_cached_by_ap_id(user.ap_id)
672 assert AccountView.render(
674 %{user: user, for: user}
679 describe "follow requests counter" do
680 test "shows zero when no follow requests are pending" do
683 assert %{follow_requests_count: 0} =
684 AccountView.render("show.json", %{user: user, for: user})
686 other_user = insert(:user)
687 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
689 assert %{follow_requests_count: 0} =
690 AccountView.render("show.json", %{user: user, for: user})
693 test "shows non-zero when follow requests are pending" do
694 user = insert(:user, is_locked: true)
696 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
698 other_user = insert(:user)
699 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
701 assert %{locked: true, follow_requests_count: 1} =
702 AccountView.render("show.json", %{user: user, for: user})
705 test "decreases when accepting a follow request" do
706 user = insert(:user, is_locked: true)
708 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
710 other_user = insert(:user)
711 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
713 assert %{locked: true, follow_requests_count: 1} =
714 AccountView.render("show.json", %{user: user, for: user})
716 {:ok, _other_user} = CommonAPI.accept_follow_request(other_user, user)
718 assert %{locked: true, follow_requests_count: 0} =
719 AccountView.render("show.json", %{user: user, for: user})
722 test "decreases when rejecting a follow request" do
723 user = insert(:user, is_locked: true)
725 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
727 other_user = insert(:user)
728 {:ok, other_user, user, _activity} = CommonAPI.follow(other_user, user)
730 assert %{locked: true, follow_requests_count: 1} =
731 AccountView.render("show.json", %{user: user, for: user})
733 {:ok, _other_user} = CommonAPI.reject_follow_request(other_user, user)
735 assert %{locked: true, follow_requests_count: 0} =
736 AccountView.render("show.json", %{user: user, for: user})
739 test "shows non-zero when historical unapproved requests are present" do
740 user = insert(:user, is_locked: true)
742 assert %{locked: true} = AccountView.render("show.json", %{user: user, for: user})
744 other_user = insert(:user)
745 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
747 {:ok, user} = User.update_and_set_cache(user, %{is_locked: false})
749 assert %{locked: false, follow_requests_count: 1} =
750 AccountView.render("show.json", %{user: user, for: user})
754 test "uses mediaproxy urls when it's enabled (regardless of media preview proxy state)" do
755 clear_config([:media_proxy, :enabled], true)
756 clear_config([:media_preview_proxy, :enabled])
759 |> stub_with(Pleroma.Test.StaticConfig)
763 avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
764 banner: %{"url" => [%{"href" => "https://evil.website/banner.png"}]},
765 emoji: %{"joker_smile" => "https://evil.website/society.png"}
768 Enum.each([true, false], fn media_preview_enabled ->
769 clear_config([:media_preview_proxy, :enabled], media_preview_enabled)
771 AccountView.render("show.json", %{user: user, skip_visibility_check: true})
773 {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
774 String.starts_with?(url, Pleroma.Web.Endpoint.url())
777 Enum.all?(emojis, fn %{url: url, static_url: static_url} ->
778 String.starts_with?(url, Pleroma.Web.Endpoint.url()) &&
779 String.starts_with?(static_url, Pleroma.Web.Endpoint.url())
789 test "renders mute expiration date" do
791 other_user = insert(:user)
793 {:ok, _user_relationships} =
794 User.mute(user, other_user, %{notifications: true, duration: 24 * 60 * 60})
797 mute_expires_at: mute_expires_at
798 } = AccountView.render("show.json", %{user: other_user, for: user, mutes: true})
800 assert DateTime.diff(
802 DateTime.utc_now() |> DateTime.add(24 * 60 * 60)