Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into frontend-bundles-downloads

test/captcha_test.exs

@@ -41,7 +41,8 @@ defmodule Pleroma.CaptchaTest do
                answer_data: answer,
                token: ^token,
                url: ^url,
-               type: :kocaptcha
+               type: :kocaptcha,
+               seconds_valid: 300
              } = new
 
       assert Kocaptcha.validate(token, "7oEy8c", answer) == :ok
@@ -56,7 +57,8 @@ defmodule Pleroma.CaptchaTest do
                answer_data: answer,
                token: token,
                type: :native,
-               url: "data:image/png;base64," <> _
+               url: "data:image/png;base64," <> _,
+               seconds_valid: 300
              } = new
 
       assert is_binary(answer)

test/report_note_test.exs

@@ -0,0 +1,16 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.ReportNoteTest do
+  alias Pleroma.ReportNote
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  test "create/3" do
+    user = insert(:user)
+    report = insert(:report_activity)
+    assert {:ok, note} = ReportNote.create(user.id, report.id, "naughty boy")
+    assert note.content == "naughty boy"
+  end
+end

test/support/captcha_mock.ex

@@ -16,7 +16,8 @@ defmodule Pleroma.Captcha.Mock do
       type: :mock,
       token: "afa1815e14e29355e6c8f6b143a39fa2",
       answer_data: @solution,
-      url: "https://example.org/captcha.png"
+      url: "https://example.org/captcha.png",
+      seconds_valid: 300
     }
 
   @impl Service

test/support/factory.ex

@@ -297,6 +297,30 @@ defmodule Pleroma.Factory do
     }
   end
 
+  def report_activity_factory(attrs \\ %{}) do
+    user = attrs[:user] || insert(:user)
+    activity = attrs[:activity] || insert(:note_activity)
+    state = attrs[:state] || "open"
+
+    data = %{
+      "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(),
+      "actor" => user.ap_id,
+      "type" => "Flag",
+      "object" => [activity.actor, activity.data["id"]],
+      "published" => DateTime.utc_now() |> DateTime.to_iso8601(),
+      "to" => [],
+      "cc" => [activity.actor],
+      "context" => activity.data["context"],
+      "state" => state
+    }
+
+    %Pleroma.Activity{
+      data: data,
+      actor: data["actor"],
+      recipients: data["to"] ++ data["cc"]
+    }
+  end
+
   def oauth_app_factory do
     %Pleroma.Web.OAuth.App{
       client_name: sequence(:client_name, &"Some client #{&1}"),

test/user/welcome_chat_massage_test.exs

@@ -0,0 +1,35 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.User.WelcomeChatMessageTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Config
+  alias Pleroma.User.WelcomeChatMessage
+
+  import Pleroma.Factory
+
+  setup do: clear_config([:welcome])
+
+  describe "post_message/1" do
+    test "send a chat welcome message" do
+      welcome_user = insert(:user, name: "mewmew")
+      user = insert(:user)
+
+      Config.put([:welcome, :chat_message, :enabled], true)
+      Config.put([:welcome, :chat_message, :sender_nickname], welcome_user.nickname)
+
+      Config.put(
+        [:welcome, :chat_message, :message],
+        "Hello, welcome to Blob/Cat!"
+      )
+
+      {:ok, %Pleroma.Activity{} = activity} = WelcomeChatMessage.post_message(user)
+
+      assert user.ap_id in activity.recipients
+      assert Pleroma.Object.normalize(activity).data["type"] == "ChatMessage"
+      assert Pleroma.Object.normalize(activity).data["content"] == "Hello, welcome to Blob/Cat!"
+    end
+  end
+end

test/user_test.exs

@@ -412,8 +412,36 @@ defmodule Pleroma.UserTest do
       welcome_user = insert(:user)
       Pleroma.Config.put([:welcome, :direct_message, :enabled], true)
       Pleroma.Config.put([:welcome, :direct_message, :sender_nickname], welcome_user.nickname)
-      Pleroma.Config.put([:welcome, :direct_message, :message], "Hello, this is a cool site")
+      Pleroma.Config.put([:welcome, :direct_message, :message], "Hello, this is a direct message")
 
+      cng = User.register_changeset(%User{}, @full_user_data)
+      {:ok, registered_user} = User.register(cng)
+      ObanHelpers.perform_all()
+
+      activity = Repo.one(Pleroma.Activity)
+      assert registered_user.ap_id in activity.recipients
+      assert Object.normalize(activity).data["content"] =~ "direct message"
+      assert activity.actor == welcome_user.ap_id
+    end
+
+    test "it sends a welcome chat message if it is set" do
+      welcome_user = insert(:user)
+      Pleroma.Config.put([:welcome, :chat_message, :enabled], true)
+      Pleroma.Config.put([:welcome, :chat_message, :sender_nickname], welcome_user.nickname)
+      Pleroma.Config.put([:welcome, :chat_message, :message], "Hello, this is a chat message")
+
+      cng = User.register_changeset(%User{}, @full_user_data)
+      {:ok, registered_user} = User.register(cng)
+      ObanHelpers.perform_all()
+
+      activity = Repo.one(Pleroma.Activity)
+      assert registered_user.ap_id in activity.recipients
+      assert Object.normalize(activity).data["content"] =~ "chat message"
+      assert activity.actor == welcome_user.ap_id
+    end
+
+    test "it sends a welcome email message if it is set" do
+      welcome_user = insert(:user)
       Pleroma.Config.put([:welcome, :email, :enabled], true)
       Pleroma.Config.put([:welcome, :email, :sender], welcome_user.email)
 
@@ -428,11 +456,6 @@ defmodule Pleroma.UserTest do
       {:ok, registered_user} = User.register(cng)
       ObanHelpers.perform_all()
 
-      activity = Repo.one(Pleroma.Activity)
-      assert registered_user.ap_id in activity.recipients
-      assert Object.normalize(activity).data["content"] =~ "cool site"
-      assert activity.actor == welcome_user.ap_id
-
       assert_email_sent(
         from: {instance_name, welcome_user.email},
         to: {registered_user.name, registered_user.email},
@@ -490,6 +513,29 @@ defmodule Pleroma.UserTest do
       refute changeset.valid?
     end
 
+    test "it blocks blacklisted email domains" do
+      clear_config([User, :email_blacklist], ["trolling.world"])
+
+      # Block with match
+      params = Map.put(@full_user_data, :email, "troll@trolling.world")
+      changeset = User.register_changeset(%User{}, params)
+      refute changeset.valid?
+
+      # Block with subdomain match
+      params = Map.put(@full_user_data, :email, "troll@gnomes.trolling.world")
+      changeset = User.register_changeset(%User{}, params)
+      refute changeset.valid?
+
+      # Pass with different domains that are similar
+      params = Map.put(@full_user_data, :email, "troll@gnomestrolling.world")
+      changeset = User.register_changeset(%User{}, params)
+      assert changeset.valid?
+
+      params = Map.put(@full_user_data, :email, "troll@trolling.world.us")
+      changeset = User.register_changeset(%User{}, params)
+      assert changeset.valid?
+    end
+
     test "it sets the password_hash and ap_id" do
       changeset = User.register_changeset(%User{}, @full_user_data)
 
@@ -500,6 +546,24 @@ defmodule Pleroma.UserTest do
 
       assert changeset.changes.follower_address == "#{changeset.changes.ap_id}/followers"
     end
+
+    test "it sets the 'accepts_chat_messages' set to true" do
+      changeset = User.register_changeset(%User{}, @full_user_data)
+      assert changeset.valid?
+
+      {:ok, user} = Repo.insert(changeset)
+
+      assert user.accepts_chat_messages
+    end
+
+    test "it creates a confirmed user" do
+      changeset = User.register_changeset(%User{}, @full_user_data)
+      assert changeset.valid?
+
+      {:ok, user} = Repo.insert(changeset)
+
+      refute user.confirmation_pending
+    end
   end
 
   describe "user registration, with :account_activation_required" do
@@ -513,15 +577,6 @@ defmodule Pleroma.UserTest do
     }
     setup do: clear_config([:instance, :account_activation_required], true)
 
-    test "it sets the 'accepts_chat_messages' set to true" do
-      changeset = User.register_changeset(%User{}, @full_user_data)
-      assert changeset.valid?
-
-      {:ok, user} = Repo.insert(changeset)
-
-      assert user.accepts_chat_messages
-    end
-
     test "it creates unconfirmed user" do
       changeset = User.register_changeset(%User{}, @full_user_data)
       assert changeset.valid?

test/web/activity_pub/mrf/object_age_policy_test.exs

@@ -38,6 +38,17 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
   end
 
   describe "with reject action" do
+    test "works with objects with empty to or cc fields" do
+      Config.put([:mrf_object_age, :actions], [:reject])
+
+      data =
+        get_old_message()
+        |> Map.put("cc", nil)
+        |> Map.put("to", nil)
+
+      assert match?({:reject, _}, ObjectAgePolicy.filter(data))
+    end
+
     test "it rejects an old post" do
       Config.put([:mrf_object_age, :actions], [:reject])
 
@@ -56,6 +67,21 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
   end
 
   describe "with delist action" do
+    test "works with objects with empty to or cc fields" do
+      Config.put([:mrf_object_age, :actions], [:delist])
+
+      data =
+        get_old_message()
+        |> Map.put("cc", nil)
+        |> Map.put("to", nil)
+
+      {:ok, _u} = User.get_or_fetch_by_ap_id(data["actor"])
+
+      {:ok, data} = ObjectAgePolicy.filter(data)
+
+      assert Visibility.get_visibility(%{data: data}) == "unlisted"
+    end
+
     test "it delists an old post" do
       Config.put([:mrf_object_age, :actions], [:delist])
 
@@ -80,6 +106,22 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
   end
 
   describe "with strip_followers action" do
+    test "works with objects with empty to or cc fields" do
+      Config.put([:mrf_object_age, :actions], [:strip_followers])
+
+      data =
+        get_old_message()
+        |> Map.put("cc", nil)
+        |> Map.put("to", nil)
+
+      {:ok, user} = User.get_or_fetch_by_ap_id(data["actor"])
+
+      {:ok, data} = ObjectAgePolicy.filter(data)
+
+      refute user.follower_address in data["to"]
+      refute user.follower_address in data["cc"]
+    end
+
     test "it strips followers collections from an old post" do
       Config.put([:mrf_object_age, :actions], [:strip_followers])
 

test/web/activity_pub/mrf/simple_policy_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
   import Pleroma.Factory
   alias Pleroma.Config
   alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
+  alias Pleroma.Web.CommonAPI
 
   setup do:
           clear_config(:mrf_simple,
@@ -15,6 +16,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
             federated_timeline_removal: [],
             report_removal: [],
             reject: [],
+            followers_only: [],
             accept: [],
             avatar_removal: [],
             banner_removal: [],
@@ -261,6 +263,64 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
     end
   end
 
+  describe "when :followers_only" do
+    test "is empty" do
+      Config.put([:mrf_simple, :followers_only], [])
+      {_, ftl_message} = build_ftl_actor_and_message()
+      local_message = build_local_message()
+
+      assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
+      assert SimplePolicy.filter(local_message) == {:ok, local_message}
+    end
+
+    test "has a matching host" do
+      actor = insert(:user)
+      following_user = insert(:user)
+      non_following_user = insert(:user)
+
+      {:ok, _, _, _} = CommonAPI.follow(following_user, actor)
+
+      activity = %{
+        "actor" => actor.ap_id,
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public",
+          following_user.ap_id,
+          non_following_user.ap_id
+        ],
+        "cc" => [actor.follower_address, "http://foo.bar/qux"]
+      }
+
+      dm_activity = %{
+        "actor" => actor.ap_id,
+        "to" => [
+          following_user.ap_id,
+          non_following_user.ap_id
+        ],
+        "cc" => []
+      }
+
+      actor_domain =
+        activity
+        |> Map.fetch!("actor")
+        |> URI.parse()
+        |> Map.fetch!(:host)
+
+      Config.put([:mrf_simple, :followers_only], [actor_domain])
+
+      assert {:ok, new_activity} = SimplePolicy.filter(activity)
+      assert actor.follower_address in new_activity["cc"]
+      assert following_user.ap_id in new_activity["to"]
+      refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]
+      refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]
+      refute non_following_user.ap_id in new_activity["to"]
+      refute non_following_user.ap_id in new_activity["cc"]
+
+      assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)
+      assert new_dm_activity["to"] == [following_user.ap_id]
+      assert new_dm_activity["cc"] == []
+    end
+  end
+
   describe "when :accept" do
     test "is empty" do
       Config.put([:mrf_simple, :accept], [])

test/web/admin_api/controllers/report_controller_test.exs

@@ -204,7 +204,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
     test "returns empty response when no reports created", %{conn: conn} do
       response =
         conn
-        |> get("/api/pleroma/admin/reports")
+        |> get(report_path(conn, :index))
         |> json_response_and_validate_schema(:ok)
 
       assert Enum.empty?(response["reports"])
@@ -224,7 +224,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
 
       response =
         conn
-        |> get("/api/pleroma/admin/reports")
+        |> get(report_path(conn, :index))
         |> json_response_and_validate_schema(:ok)
 
       [report] = response["reports"]
@@ -256,7 +256,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
 
       response =
         conn
-        |> get("/api/pleroma/admin/reports?state=open")
+        |> get(report_path(conn, :index, %{state: "open"}))
         |> json_response_and_validate_schema(:ok)
 
       assert [open_report] = response["reports"]
@@ -268,7 +268,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
 
       response =
         conn
-        |> get("/api/pleroma/admin/reports?state=closed")
+        |> get(report_path(conn, :index, %{state: "closed"}))
         |> json_response_and_validate_schema(:ok)
 
       assert [closed_report] = response["reports"]
@@ -280,9 +280,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
 
       assert %{"total" => 0, "reports" => []} ==
                conn
-               |> get("/api/pleroma/admin/reports?state=resolved", %{
-                 "" => ""
-               })
+               |> get(report_path(conn, :index, %{state: "resolved"}))
                |> json_response_and_validate_schema(:ok)
     end
 

test/web/mastodon_api/controllers/account_controller_test.exs

@@ -5,7 +5,6 @@
 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   use Pleroma.Web.ConnCase
 
-  alias Pleroma.Config
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -16,8 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   import Pleroma.Factory
 
   describe "account fetching" do
-    setup do: clear_config([:instance, :limit_to_local_content])
-
     test "works by id" do
       %User{id: user_id} = insert(:user)
 
@@ -42,7 +39,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
 
     test "works by nickname for remote users" do
-      Config.put([:instance, :limit_to_local_content], false)
+      clear_config([:instance, :limit_to_local_content], false)
 
       user = insert(:user, nickname: "user@example.com", local: false)
 
@@ -53,7 +50,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
 
     test "respects limit_to_local_content == :all for remote user nicknames" do
-      Config.put([:instance, :limit_to_local_content], :all)
+      clear_config([:instance, :limit_to_local_content], :all)
 
       user = insert(:user, nickname: "user@example.com", local: false)
 
@@ -63,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
 
     test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
-      Config.put([:instance, :limit_to_local_content], :unauthenticated)
+      clear_config([:instance, :limit_to_local_content], :unauthenticated)
 
       user = insert(:user, nickname: "user@example.com", local: false)
       reading_user = insert(:user)
@@ -903,10 +900,93 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       [valid_params: valid_params]
     end
 
-    setup do: clear_config([:instance, :account_activation_required])
-    setup do: clear_config([:instance, :account_approval_required])
+    test "registers and logs in without :account_activation_required / :account_approval_required",
+         %{conn: conn} do
+      clear_config([:instance, :account_activation_required], false)
+      clear_config([:instance, :account_approval_required], false)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/apps", %{
+          client_name: "client_name",
+          redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
+          scopes: "read, write, follow"
+        })
+
+      assert %{
+               "client_id" => client_id,
+               "client_secret" => client_secret,
+               "id" => _,
+               "name" => "client_name",
+               "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+               "vapid_key" => _,
+               "website" => nil
+             } = json_response_and_validate_schema(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token", %{
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        })
+
+      assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
+               json_response(conn, 200)
+
+      assert token
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      assert refresh
+      assert scope == "read write follow"
+
+      clear_config([User, :email_blacklist], ["example.org"])
+
+      params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        bio: "Test Bio",
+        agreement: true
+      }
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", params)
+
+      assert %{"error" => "{\"email\":[\"Invalid email\"]}"} =
+               json_response_and_validate_schema(conn, 400)
+
+      Pleroma.Config.put([User, :email_blacklist], [])
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", params)
+
+      %{
+        "access_token" => token,
+        "created_at" => _created_at,
+        "scope" => ^scope,
+        "token_type" => "Bearer"
+      } = json_response_and_validate_schema(conn, 200)
+
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      user = Repo.preload(token_from_db, :user).user
+
+      assert user
+      refute user.confirmation_pending
+      refute user.approval_pending
+    end
+
+    test "registers but does not log in with :account_activation_required", %{conn: conn} do
+      clear_config([:instance, :account_activation_required], true)
+      clear_config([:instance, :account_approval_required], false)
 
-    test "Account registration via Application", %{conn: conn} do
       conn =
         conn
         |> put_req_header("content-type", "application/json")
@@ -954,23 +1034,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
           agreement: true
         })
 
-      %{
-        "access_token" => token,
-        "created_at" => _created_at,
-        "scope" => ^scope,
-        "token_type" => "Bearer"
-      } = json_response_and_validate_schema(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
+      assert %{"identifier" => "missing_confirmed_email"} = response
+      refute response["access_token"]
+      refute response["token_type"]
 
-      token_from_db = Repo.get_by(Token, token: token)
-      assert token_from_db
-      token_from_db = Repo.preload(token_from_db, :user)
-      assert token_from_db.user
-
-      assert token_from_db.user.confirmation_pending
+      user = Repo.get_by(User, email: "lain@example.org")
+      assert user.confirmation_pending
     end
 
-    test "Account registration via app with account_approval_required", %{conn: conn} do
-      Pleroma.Config.put([:instance, :account_approval_required], true)
+    test "registers but does not log in with :account_approval_required", %{conn: conn} do
+      clear_config([:instance, :account_approval_required], true)
+      clear_config([:instance, :account_activation_required], false)
 
       conn =
         conn
@@ -1020,22 +1095,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
           reason: "I'm a cool dude, bro"
         })
 
-      %{
-        "access_token" => token,
-        "created_at" => _created_at,
-        "scope" => ^scope,
-        "token_type" => "Bearer"
-      } = json_response_and_validate_schema(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
+      assert %{"identifier" => "awaiting_approval"} = response
+      refute response["access_token"]
+      refute response["token_type"]
 
-      token_from_db = Repo.get_by(Token, token: token)
-      assert token_from_db
-      token_from_db = Repo.preload(token_from_db, :user)
-      assert token_from_db.user
+      user = Repo.get_by(User, email: "lain@example.org")
 
-      assert token_from_db.user.confirmation_pending
-      assert token_from_db.user.approval_pending
-
-      assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
+      assert user.approval_pending
+      assert user.registration_reason == "I'm a cool dude, bro"
     end
 
     test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
@@ -1089,11 +1157,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       end)
     end
 
-    setup do: clear_config([:instance, :account_activation_required])
-
     test "returns bad_request if missing email params when :account_activation_required is enabled",
          %{conn: conn, valid_params: valid_params} do
-      Pleroma.Config.put([:instance, :account_activation_required], true)
+      clear_config([:instance, :account_activation_required], true)
 
       app_token = insert(:oauth_token, user: nil)
 
@@ -1258,8 +1324,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
         assert token_from_db
         token_from_db = Repo.preload(token_from_db, :user)
         assert token_from_db.user
-
-        assert token_from_db.user.confirmation_pending
       end
 
       conn =

test/web/mastodon_api/controllers/status_controller_test.exs

@@ -1432,6 +1432,20 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       [%{"id" => id}] = response
       assert id == other_user.id
     end
+
+    test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do
+      clear_config([:instance, :show_reactions], false)
+
+      other_user = insert(:user)
+      {:ok, _} = CommonAPI.favorite(other_user, activity.id)
+
+      response =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+        |> json_response_and_validate_schema(:ok)
+
+      assert Enum.empty?(response)
+    end
   end
 
   describe "GET /api/v1/statuses/:id/reblogged_by" do

test/web/pleroma_api/controllers/emoji_reaction_controller_test.exs

@@ -106,6 +106,23 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionControllerTest do
              result
   end
 
+  test "GET /api/v1/pleroma/statuses/:id/reactions with :show_reactions disabled", %{conn: conn} do
+    clear_config([:instance, :show_reactions], false)
+
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
+      |> json_response_and_validate_schema(200)
+
+    assert result == []
+  end
+
   test "GET /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
     user = insert(:user)
     other_user = insert(:user)

test/web/pleroma_api/views/chat/message_reference_view_test.exs

@@ -43,7 +43,17 @@ defmodule Pleroma.Web.PleromaAPI.Chat.MessageReferenceViewTest do
     assert chat_message[:unread] == false
     assert match?([%{shortcode: "firefox"}], chat_message[:emojis])
 
-    {:ok, activity} = CommonAPI.post_chat_message(recipient, user, "gkgkgk", media_id: upload.id)
+    clear_config([:rich_media, :enabled], true)
+
+    Tesla.Mock.mock(fn
+      %{url: "https://example.com/ogp"} ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
+    end)
+
+    {:ok, activity} =
+      CommonAPI.post_chat_message(recipient, user, "gkgkgk https://example.com/ogp",
+        media_id: upload.id
+      )
 
     object = Object.normalize(activity)
 
@@ -52,10 +62,11 @@ defmodule Pleroma.Web.PleromaAPI.Chat.MessageReferenceViewTest do
     chat_message_two = MessageReferenceView.render("show.json", chat_message_reference: cm_ref)
 
     assert chat_message_two[:id] == cm_ref.id
-    assert chat_message_two[:content] == "gkgkgk"
+    assert chat_message_two[:content] == object.data["content"]
     assert chat_message_two[:account_id] == recipient.id
     assert chat_message_two[:chat_id] == chat_message[:chat_id]
     assert chat_message_two[:attachment]
     assert chat_message_two[:unread] == true
+    assert chat_message_two[:card]
   end
 end