1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
9 use Pleroma.Web.ConnCase
12 import Pleroma.Factory
14 describe "updating credentials" do
15 setup do: oauth_access(["write:accounts"])
16 setup :request_content_type
18 test "sets user settings in a generic way", %{conn: conn} do
20 patch(conn, "/api/v1/accounts/update_credentials", %{
21 "pleroma_settings_store" => %{
28 assert user_data = json_response_and_validate_schema(res_conn, 200)
29 assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
31 user = Repo.get(User, user_data["id"])
35 |> assign(:user, user)
36 |> patch("/api/v1/accounts/update_credentials", %{
37 "pleroma_settings_store" => %{
44 assert user_data = json_response_and_validate_schema(res_conn, 200)
46 assert user_data["pleroma"]["settings_store"] ==
48 "pleroma_fe" => %{"theme" => "bla"},
49 "soapbox_fe" => %{"themeMode" => "bla"}
52 user = Repo.get(User, user_data["id"])
54 clear_config([:instance, :federating], true)
56 with_mock Pleroma.Web.Federator,
57 publish: fn _activity -> :ok end do
60 |> assign(:user, user)
61 |> patch("/api/v1/accounts/update_credentials", %{
62 "pleroma_settings_store" => %{
69 assert user_data = json_response_and_validate_schema(res_conn, 200)
71 assert user_data["pleroma"]["settings_store"] ==
73 "pleroma_fe" => %{"theme" => "bla"},
74 "soapbox_fe" => %{"themeMode" => "blub"}
77 assert_called(Pleroma.Web.Federator.publish(:_))
81 test "updates the user's bio", %{conn: conn} do
84 raw_bio = "I drink #cofe with @#{user2.nickname}\n\nsuya.."
86 conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
88 assert user_data = json_response_and_validate_schema(conn, 200)
90 assert user_data["note"] ==
91 ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{user2.id}" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
93 assert user_data["source"]["note"] == raw_bio
95 user = Repo.get(User, user_data["id"])
97 assert user.raw_bio == raw_bio
100 test "updates the user's locking status", %{conn: conn} do
101 conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
103 assert user_data = json_response_and_validate_schema(conn, 200)
104 assert user_data["locked"] == true
107 test "updates the user's chat acceptance status", %{conn: conn} do
108 conn = patch(conn, "/api/v1/accounts/update_credentials", %{accepts_chat_messages: "false"})
110 assert user_data = json_response_and_validate_schema(conn, 200)
111 assert user_data["pleroma"]["accepts_chat_messages"] == false
114 test "updates the user's allow_following_move", %{user: user, conn: conn} do
115 assert user.allow_following_move == true
117 conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
119 assert refresh_record(user).allow_following_move == false
120 assert user_data = json_response_and_validate_schema(conn, 200)
121 assert user_data["pleroma"]["allow_following_move"] == false
124 test "updates the user's default scope", %{conn: conn} do
125 conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
127 assert user_data = json_response_and_validate_schema(conn, 200)
128 assert user_data["source"]["privacy"] == "unlisted"
131 test "updates the user's privacy", %{conn: conn} do
132 conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
134 assert user_data = json_response_and_validate_schema(conn, 200)
135 assert user_data["source"]["privacy"] == "unlisted"
138 test "updates the user's hide_followers status", %{conn: conn} do
139 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
141 assert user_data = json_response_and_validate_schema(conn, 200)
142 assert user_data["pleroma"]["hide_followers"] == true
145 test "updates the user's discoverable status", %{conn: conn} do
146 assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
148 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
149 |> json_response_and_validate_schema(:ok)
151 assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
153 |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
154 |> json_response_and_validate_schema(:ok)
157 test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
159 patch(conn, "/api/v1/accounts/update_credentials", %{
160 hide_followers_count: "true",
161 hide_follows_count: "true"
164 assert user_data = json_response_and_validate_schema(conn, 200)
165 assert user_data["pleroma"]["hide_followers_count"] == true
166 assert user_data["pleroma"]["hide_follows_count"] == true
169 test "updates the user's skip_thread_containment option", %{user: user, conn: conn} do
172 |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
173 |> json_response_and_validate_schema(200)
175 assert response["pleroma"]["skip_thread_containment"] == true
176 assert refresh_record(user).skip_thread_containment
179 test "updates the user's hide_follows status", %{conn: conn} do
180 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
182 assert user_data = json_response_and_validate_schema(conn, 200)
183 assert user_data["pleroma"]["hide_follows"] == true
186 test "updates the user's hide_favorites status", %{conn: conn} do
187 conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
189 assert user_data = json_response_and_validate_schema(conn, 200)
190 assert user_data["pleroma"]["hide_favorites"] == true
193 test "updates the user's show_role status", %{conn: conn} do
194 conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
196 assert user_data = json_response_and_validate_schema(conn, 200)
197 assert user_data["source"]["pleroma"]["show_role"] == false
200 test "updates the user's no_rich_text status", %{conn: conn} do
201 conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
203 assert user_data = json_response_and_validate_schema(conn, 200)
204 assert user_data["source"]["pleroma"]["no_rich_text"] == true
207 test "updates the user's name", %{conn: conn} do
209 patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
211 assert user_data = json_response_and_validate_schema(conn, 200)
212 assert user_data["display_name"] == "markorepairs"
214 update_activity = Repo.one(Pleroma.Activity)
215 assert update_activity.data["type"] == "Update"
216 assert update_activity.data["object"]["name"] == "markorepairs"
219 test "updates the user's AKAs", %{conn: conn} do
221 patch(conn, "/api/v1/accounts/update_credentials", %{
222 "also_known_as" => ["https://mushroom.kingdom/users/mario"]
225 assert user_data = json_response_and_validate_schema(conn, 200)
226 assert user_data["pleroma"]["also_known_as"] == ["https://mushroom.kingdom/users/mario"]
229 test "doesn't update non-url akas", %{conn: conn} do
231 patch(conn, "/api/v1/accounts/update_credentials", %{
232 "also_known_as" => ["aReallyCoolGuy"]
235 assert json_response_and_validate_schema(conn, 403)
238 test "updates the user's avatar", %{user: user, conn: conn} do
239 new_avatar = %Plug.Upload{
240 content_type: "image/jpeg",
241 path: Path.absname("test/fixtures/image.jpg"),
242 filename: "an_image.jpg"
245 assert user.avatar == %{}
247 res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
249 assert user_response = json_response_and_validate_schema(res, 200)
250 assert user_response["avatar"] != User.avatar_url(user)
252 user = User.get_by_id(user.id)
253 refute user.avatar == %{}
256 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => ""})
258 user = User.get_by_id(user.id)
259 assert user.avatar == nil
262 test "updates the user's avatar, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
263 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
266 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
268 new_avatar_oversized = %Plug.Upload{
270 path: Path.absname("test/tmp/large_binary.data"),
271 filename: "large_binary.data"
274 assert user.avatar == %{}
277 patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar_oversized})
279 assert user_response = json_response_and_validate_schema(res, 413)
280 assert user_response["avatar"] != User.avatar_url(user)
282 user = User.get_by_id(user.id)
283 assert user.avatar == %{}
285 clear_config([:instance, :upload_limit], upload_limit)
287 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
290 test "updates the user's banner", %{user: user, conn: conn} do
291 new_header = %Plug.Upload{
292 content_type: "image/jpeg",
293 path: Path.absname("test/fixtures/image.jpg"),
294 filename: "an_image.jpg"
297 res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
299 assert user_response = json_response_and_validate_schema(res, 200)
300 assert user_response["header"] != User.banner_url(user)
303 _res = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => ""})
305 user = User.get_by_id(user.id)
306 assert user.banner == nil
309 test "updates the user's banner, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
310 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
313 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
315 new_header_oversized = %Plug.Upload{
317 path: Path.absname("test/tmp/large_binary.data"),
318 filename: "large_binary.data"
322 patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header_oversized})
324 assert user_response = json_response_and_validate_schema(res, 413)
325 assert user_response["header"] != User.banner_url(user)
327 user = User.get_by_id(user.id)
328 assert user.banner == %{}
330 clear_config([:instance, :upload_limit], upload_limit)
332 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
335 test "updates the user's background", %{conn: conn, user: user} do
336 new_header = %Plug.Upload{
337 content_type: "image/jpeg",
338 path: Path.absname("test/fixtures/image.jpg"),
339 filename: "an_image.jpg"
343 patch(conn, "/api/v1/accounts/update_credentials", %{
344 "pleroma_background_image" => new_header
347 assert user_response = json_response_and_validate_schema(res, 200)
348 assert user_response["pleroma"]["background_image"]
352 patch(conn, "/api/v1/accounts/update_credentials", %{"pleroma_background_image" => ""})
354 user = User.get_by_id(user.id)
355 assert user.background == nil
358 test "updates the user's background, upload_limit, returns a HTTP 413", %{
362 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
365 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
367 new_background_oversized = %Plug.Upload{
369 path: Path.absname("test/tmp/large_binary.data"),
370 filename: "large_binary.data"
374 patch(conn, "/api/v1/accounts/update_credentials", %{
375 "pleroma_background_image" => new_background_oversized
378 assert _user_response = json_response_and_validate_schema(res, 413)
379 assert user.background == %{}
381 clear_config([:instance, :upload_limit], upload_limit)
383 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
386 test "Strip / from upload files", %{user: user, conn: conn} do
387 new_image = %Plug.Upload{
388 content_type: "image/jpeg",
389 path: Path.absname("test/fixtures/image.jpg"),
390 filename: "../../../../nested/an_image.jpg"
393 assert user.avatar == %{}
396 patch(conn, "/api/v1/accounts/update_credentials", %{
397 "avatar" => new_image,
398 "header" => new_image,
399 "pleroma_background_image" => new_image
402 assert user_response = json_response_and_validate_schema(res, 200)
403 assert user_response["avatar"]
404 assert user_response["header"]
405 assert user_response["pleroma"]["background_image"]
406 refute Regex.match?(~r"/nested/", user_response["avatar"])
407 refute Regex.match?(~r"/nested/", user_response["header"])
408 refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
410 user = User.get_by_id(user.id)
411 refute user.avatar == %{}
414 test "requires 'write:accounts' permission" do
415 token1 = insert(:oauth_token, scopes: ["read"])
416 token2 = insert(:oauth_token, scopes: ["write", "follow"])
418 for token <- [token1, token2] do
421 |> put_req_header("content-type", "multipart/form-data")
422 |> put_req_header("authorization", "Bearer #{token.token}")
423 |> patch("/api/v1/accounts/update_credentials", %{})
425 if token == token1 do
426 assert %{"error" => "Insufficient permissions: write:accounts."} ==
427 json_response_and_validate_schema(conn, 403)
429 assert json_response_and_validate_schema(conn, 200)
434 test "updates profile emojos", %{user: user, conn: conn} do
435 note = "*sips :blank:*"
436 name = "I am :firefox:"
439 patch(conn, "/api/v1/accounts/update_credentials", %{
441 "display_name" => name
444 assert json_response_and_validate_schema(ret_conn, 200)
446 conn = get(conn, "/api/v1/accounts/#{user.id}")
448 assert user_data = json_response_and_validate_schema(conn, 200)
450 assert user_data["note"] == note
451 assert user_data["display_name"] == name
452 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user_data["emojis"]
455 test "update fields", %{conn: conn} do
457 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
458 %{"name" => "link.io", "value" => "cofe.io"}
463 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
464 |> json_response_and_validate_schema(200)
466 assert account_data["fields"] == [
467 %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
470 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
474 assert account_data["source"]["fields"] == [
476 "name" => "<a href=\"http://google.com\">foo</a>",
477 "value" => "<script>bar</script>"
479 %{"name" => "link.io", "value" => "cofe.io"}
483 test "updates birth date", %{conn: conn} do
485 patch(conn, "/api/v1/accounts/update_credentials", %{
486 "birthday" => "2001-02-12"
489 assert user_data = json_response_and_validate_schema(res, 200)
490 assert user_data["pleroma"]["birthday"] == "2001-02-12"
493 test "updates the user's show_birthday status", %{conn: conn} do
495 patch(conn, "/api/v1/accounts/update_credentials", %{
496 "show_birthday" => true
499 assert user_data = json_response_and_validate_schema(res, 200)
500 assert user_data["source"]["pleroma"]["show_birthday"] == true
503 test "unsets birth date", %{conn: conn} do
504 patch(conn, "/api/v1/accounts/update_credentials", %{
505 "birthday" => "2001-02-12"
509 patch(conn, "/api/v1/accounts/update_credentials", %{
513 assert user_data = json_response_and_validate_schema(res, 200)
514 assert user_data["pleroma"]["birthday"] == nil
517 test "emojis in fields labels", %{conn: conn} do
519 %{"name" => ":firefox:", "value" => "is best 2hu"},
520 %{"name" => "they wins", "value" => ":blank:"}
525 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
526 |> json_response_and_validate_schema(200)
528 assert account_data["fields"] == [
529 %{"name" => ":firefox:", "value" => "is best 2hu"},
530 %{"name" => "they wins", "value" => ":blank:"}
533 assert account_data["source"]["fields"] == [
534 %{"name" => ":firefox:", "value" => "is best 2hu"},
535 %{"name" => "they wins", "value" => ":blank:"}
538 assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = account_data["emojis"]
541 test "update fields via x-www-form-urlencoded", %{conn: conn} do
544 "fields_attributes[1][name]=link",
545 "fields_attributes[1][value]=http://cofe.io",
546 "fields_attributes[0][name]=foo",
547 "fields_attributes[0][value]=bar"
553 |> put_req_header("content-type", "application/x-www-form-urlencoded")
554 |> patch("/api/v1/accounts/update_credentials", fields)
555 |> json_response_and_validate_schema(200)
557 assert account["fields"] == [
558 %{"name" => "foo", "value" => "bar"},
561 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
565 assert account["source"]["fields"] == [
566 %{"name" => "foo", "value" => "bar"},
567 %{"name" => "link", "value" => "http://cofe.io"}
571 test "update fields with empty name", %{conn: conn} do
573 %{"name" => "foo", "value" => ""},
574 %{"name" => "", "value" => "bar"}
579 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
580 |> json_response_and_validate_schema(200)
582 assert account["fields"] == [
583 %{"name" => "foo", "value" => ""}
587 test "update fields when invalid request", %{conn: conn} do
588 name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
589 value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
591 long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
592 long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
594 fields = [%{"name" => "foo", "value" => long_value}]
596 assert %{"error" => "Invalid request"} ==
598 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
599 |> json_response_and_validate_schema(403)
601 fields = [%{"name" => long_name, "value" => "bar"}]
603 assert %{"error" => "Invalid request"} ==
605 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
606 |> json_response_and_validate_schema(403)
608 clear_config([:instance, :max_account_fields], 1)
611 %{"name" => "foo", "value" => "bar"},
612 %{"name" => "link", "value" => "cofe.io"}
615 assert %{"error" => "Invalid request"} ==
617 |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
618 |> json_response_and_validate_schema(403)
622 describe "Mark account as bot" do
623 setup do: oauth_access(["write:accounts"])
624 setup :request_content_type
626 test "changing actor_type to Service makes account a bot", %{conn: conn} do
629 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Service"})
630 |> json_response_and_validate_schema(200)
632 assert account["bot"]
633 assert account["source"]["pleroma"]["actor_type"] == "Service"
636 test "changing actor_type to Person makes account a human", %{conn: conn} do
639 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Person"})
640 |> json_response_and_validate_schema(200)
642 refute account["bot"]
643 assert account["source"]["pleroma"]["actor_type"] == "Person"
646 test "changing actor_type to Application causes error", %{conn: conn} do
649 |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Application"})
650 |> json_response_and_validate_schema(403)
652 assert %{"error" => "Invalid request"} == response
655 test "changing bot field to true changes actor_type to Service", %{conn: conn} do
658 |> patch("/api/v1/accounts/update_credentials", %{bot: "true"})
659 |> json_response_and_validate_schema(200)
661 assert account["bot"]
662 assert account["source"]["pleroma"]["actor_type"] == "Service"
665 test "changing bot field to false changes actor_type to Person", %{conn: conn} do
668 |> patch("/api/v1/accounts/update_credentials", %{bot: "false"})
669 |> json_response_and_validate_schema(200)
671 refute account["bot"]
672 assert account["source"]["pleroma"]["actor_type"] == "Person"
675 test "actor_type field has a higher priority than bot", %{conn: conn} do
678 |> patch("/api/v1/accounts/update_credentials", %{
679 actor_type: "Person",
682 |> json_response_and_validate_schema(200)
684 refute account["bot"]
685 assert account["source"]["pleroma"]["actor_type"] == "Person"