Merge branch 'develop' into fix/signup-without-email

test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do

test/web/mastodon_api/controllers/account_controller_test.exs

@@ -675,52 +675,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
     end
 
-    clear_config([Pleroma.Plugs.RemoteIp, :enabled])
-
-    test "rate limit", %{conn: conn} do
-      Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
-      app_token = insert(:oauth_token, user: nil)
-
-      conn =
-        conn
-        |> put_req_header("authorization", "Bearer " <> app_token.token)
-        |> Map.put(:remote_ip, {15, 15, 15, 15})
-
-      for i <- 1..5 do
-        conn =
-          post(conn, "/api/v1/accounts", %{
-            username: "#{i}lain",
-            email: "#{i}lain@example.org",
-            password: "PlzDontHackLain",
-            agreement: true
-          })
-
-        %{
-          "access_token" => token,
-          "created_at" => _created_at,
-          "scope" => _scope,
-          "token_type" => "Bearer"
-        } = json_response(conn, 200)
-
-        token_from_db = Repo.get_by(Token, token: token)
-        assert token_from_db
-        token_from_db = Repo.preload(token_from_db, :user)
-        assert token_from_db.user
-
-        assert token_from_db.user.confirmation_pending
-      end
-
-      conn =
-        post(conn, "/api/v1/accounts", %{
-          username: "6lain",
-          email: "6lain@example.org",
-          password: "PlzDontHackLain",
-          agreement: true
-        })
-
-      assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
-    end
-
     test "returns bad_request if missing required params", %{
       conn: conn,
       valid_params: valid_params
@@ -745,6 +699,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       end)
     end
 
+    clear_config([:instance, :account_activation_required])
+
     test "returns bad_request if missing email params when :account_activation_required is enabled",
          %{conn: conn, valid_params: valid_params} do
       Pleroma.Config.put([:instance, :account_activation_required], true)
@@ -799,6 +755,59 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
   end
 
+  describe "create account by app / rate limit" do
+    clear_config([Pleroma.Plugs.RemoteIp, :enabled]) do
+      Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
+    end
+
+    clear_config([:rate_limit, :app_account_creation]) do
+      Pleroma.Config.put([:rate_limit, :app_account_creation], {10_000, 2})
+    end
+
+    test "respects rate limit setting", %{conn: conn} do
+      app_token = insert(:oauth_token, user: nil)
+
+      conn =
+        conn
+        |> put_req_header("authorization", "Bearer " <> app_token.token)
+        |> Map.put(:remote_ip, {15, 15, 15, 15})
+
+      for i <- 1..2 do
+        conn =
+          post(conn, "/api/v1/accounts", %{
+            username: "#{i}lain",
+            email: "#{i}lain@example.org",
+            password: "PlzDontHackLain",
+            agreement: true
+          })
+
+        %{
+          "access_token" => token,
+          "created_at" => _created_at,
+          "scope" => _scope,
+          "token_type" => "Bearer"
+        } = json_response(conn, 200)
+
+        token_from_db = Repo.get_by(Token, token: token)
+        assert token_from_db
+        token_from_db = Repo.preload(token_from_db, :user)
+        assert token_from_db.user
+
+        assert token_from_db.user.confirmation_pending
+      end
+
+      conn =
+        post(conn, "/api/v1/accounts", %{
+          username: "6lain",
+          email: "6lain@example.org",
+          password: "PlzDontHackLain",
+          agreement: true
+        })
+
+      assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
+    end
+  end
+
   describe "GET /api/v1/accounts/:id/lists - account_lists" do
     test "returns lists to which the account belongs" do
       %{user: user, conn: conn} = oauth_access(["read:lists"])

test/web/mastodon_api/controllers/conversation_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do

test/web/mastodon_api/controllers/domain_block_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do

test/web/mastodon_api/controllers/filter_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do

test/web/mastodon_api/controllers/follow_request_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do

test/web/mastodon_api/controllers/list_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ListControllerTest do

test/web/mastodon_api/controllers/media_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do

test/web/mastodon_api/controllers/notification_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do

test/web/mastodon_api/controllers/poll_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.PollControllerTest do

test/web/mastodon_api/controllers/report_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do

test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do

test/web/mastodon_api/controllers/search_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do

test/web/mastodon_api/controllers/status_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do

test/web/mastodon_api/controllers/suggestion_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.SuggestionControllerTest do

test/web/mastodon_api/controllers/timeline_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do