move to 2.5.5

[anni] / test / pleroma / web / admin_api / controllers / chat_controller_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
  use Pleroma.Web.ConnCase, async: false

  import Pleroma.Factory

  alias Pleroma.Chat
  alias Pleroma.Chat.MessageReference
  alias Pleroma.ModerationLog
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.Web.CommonAPI

  defp admin_setup do
    admin = insert(:user, is_admin: true)
    token = insert(:oauth_admin_token, user: admin)

    conn =
      build_conn()
      |> assign(:user, admin)
      |> assign(:token, token)

    {:ok, %{admin: admin, token: token, conn: conn}}
  end

  describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
    setup do
      clear_config([:instance, :admin_privileges], [:messages_delete])
      admin_setup()
    end

    test "it deletes a message from the chat", %{conn: conn, admin: admin} do
      user = insert(:user)
      recipient = insert(:user)

      {:ok, message} =
        CommonAPI.post_chat_message(user, recipient, "Hello darkness my old friend")

      object = Object.normalize(message, fetch: false)

      chat = Chat.get(user.id, recipient.ap_id)
      recipient_chat = Chat.get(recipient.id, user.ap_id)

      cm_ref = MessageReference.for_chat_and_object(chat, object)
      recipient_cm_ref = MessageReference.for_chat_and_object(recipient_chat, object)

      result =
        conn
        |> put_req_header("content-type", "application/json")
        |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
        |> json_response_and_validate_schema(200)

      log_entry = Repo.one(ModerationLog)

      assert ModerationLog.get_log_entry_message(log_entry) ==
               "@#{admin.nickname} deleted chat message ##{message.id}"

      assert result["id"] == cm_ref.id
      refute MessageReference.get_by_id(cm_ref.id)
      refute MessageReference.get_by_id(recipient_cm_ref.id)
      assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id)
    end

    test "it requires privileged role :messages_delete", %{conn: conn} do
      clear_config([:instance, :admin_privileges], [])

      assert conn
             |> put_req_header("content-type", "application/json")
             |> delete("/api/pleroma/admin/chats/some_id/messages/some_ref_id")
             |> json_response(:forbidden)
    end
  end

  describe "GET /api/pleroma/admin/chats/:id/messages" do
    setup do
      clear_config([:instance, :admin_privileges], [:messages_read])
      admin_setup()
    end

    test "it paginates", %{conn: conn} do
      user = insert(:user)
      recipient = insert(:user)

      Enum.each(1..30, fn _ ->
        {:ok, _} = CommonAPI.post_chat_message(user, recipient, "hey")
      end)

      chat = Chat.get(user.id, recipient.ap_id)

      result =
        conn
        |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
        |> json_response_and_validate_schema(200)

      assert length(result) == 20

      result =
        conn
        |> get("/api/pleroma/admin/chats/#{chat.id}/messages?max_id=#{List.last(result)["id"]}")
        |> json_response_and_validate_schema(200)

      assert length(result) == 10
    end

    test "it returns the messages for a given chat", %{conn: conn} do
      user = insert(:user)
      other_user = insert(:user)
      third_user = insert(:user)

      {:ok, _} = CommonAPI.post_chat_message(user, other_user, "hey")
      {:ok, _} = CommonAPI.post_chat_message(user, third_user, "hey")
      {:ok, _} = CommonAPI.post_chat_message(user, other_user, "how are you?")
      {:ok, _} = CommonAPI.post_chat_message(other_user, user, "fine, how about you?")

      chat = Chat.get(user.id, other_user.ap_id)

      result =
        conn
        |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
        |> json_response_and_validate_schema(200)

      result
      |> Enum.each(fn message ->
        assert message["chat_id"] == chat.id |> to_string()
      end)

      assert length(result) == 3
    end

    test "it requires privileged role :messages_read", %{conn: conn} do
      clear_config([:instance, :admin_privileges], [])

      conn = get(conn, "/api/pleroma/admin/chats/some_id/messages")

      assert json_response(conn, :forbidden)
    end
  end

  describe "GET /api/pleroma/admin/chats/:id" do
    setup do
      clear_config([:instance, :admin_privileges], [:messages_read])
      admin_setup()
    end

    test "it returns a chat", %{conn: conn} do
      user = insert(:user)
      other_user = insert(:user)

      {:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id)

      result =
        conn
        |> get("/api/pleroma/admin/chats/#{chat.id}")
        |> json_response_and_validate_schema(200)

      assert result["id"] == to_string(chat.id)
      assert %{} = result["sender"]
      assert %{} = result["receiver"]
      refute result["account"]
    end

    test "it requires privileged role :messages_read", %{conn: conn} do
      clear_config([:instance, :admin_privileges], [])

      conn = get(conn, "/api/pleroma/admin/chats/some_id")

      assert json_response(conn, :forbidden)
    end
  end

  describe "unauthorized chat moderation" do
    setup do
      user = insert(:user)
      recipient = insert(:user)

      {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
      object = Object.normalize(message, fetch: false)
      chat = Chat.get(user.id, recipient.ap_id)
      cm_ref = MessageReference.for_chat_and_object(chat, object)

      %{conn: conn} = oauth_access(["read:chats", "write:chats"])
      %{conn: conn, chat: chat, cm_ref: cm_ref}
    end

    test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{
      conn: conn,
      chat: chat,
      cm_ref: cm_ref
    } do
      conn
      |> put_req_header("content-type", "application/json")
      |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
      |> json_response(403)

      assert MessageReference.get_by_id(cm_ref.id) == cm_ref
    end

    test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
      conn
      |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
      |> json_response(403)
    end

    test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
      conn
      |> get("/api/pleroma/admin/chats/#{chat.id}")
      |> json_response(403)
    end
  end

  describe "unauthenticated chat moderation" do
    setup do
      user = insert(:user)
      recipient = insert(:user)

      {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
      object = Object.normalize(message, fetch: false)
      chat = Chat.get(user.id, recipient.ap_id)
      cm_ref = MessageReference.for_chat_and_object(chat, object)

      %{conn: build_conn(), chat: chat, cm_ref: cm_ref}
    end

    test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{
      conn: conn,
      chat: chat,
      cm_ref: cm_ref
    } do
      conn
      |> put_req_header("content-type", "application/json")
      |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
      |> json_response(403)

      assert MessageReference.get_by_id(cm_ref.id) == cm_ref
    end

    test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
      conn
      |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
      |> json_response(403)
    end

    test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
      conn
      |> get("/api/pleroma/admin/chats/#{chat.id}")
      |> json_response(403)
    end
  end
end