Merge remote-tracking branch 'upstream/develop' into fix-prameter-name-of-accounts-update-credentials

test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs

@@ -0,0 +1,428 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
+  alias Pleroma.Repo
+  alias Pleroma.User
+
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+  clear_config([:instance, :max_account_fields])
+
+  describe "updating credentials" do
+    test "sets user settings in a generic way", %{conn: conn} do
+      user = insert(:user)
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_settings_store" => %{
+            pleroma_fe: %{
+              theme: "bla"
+            }
+          }
+        })
+
+      assert user = json_response(res_conn, 200)
+      assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
+
+      user = Repo.get(User, user["id"])
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_settings_store" => %{
+            masto_fe: %{
+              theme: "bla"
+            }
+          }
+        })
+
+      assert user = json_response(res_conn, 200)
+
+      assert user["pleroma"]["settings_store"] ==
+               %{
+                 "pleroma_fe" => %{"theme" => "bla"},
+                 "masto_fe" => %{"theme" => "bla"}
+               }
+
+      user = Repo.get(User, user["id"])
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_settings_store" => %{
+            masto_fe: %{
+              theme: "blub"
+            }
+          }
+        })
+
+      assert user = json_response(res_conn, 200)
+
+      assert user["pleroma"]["settings_store"] ==
+               %{
+                 "pleroma_fe" => %{"theme" => "bla"},
+                 "masto_fe" => %{"theme" => "blub"}
+               }
+    end
+
+    test "updates the user's bio", %{conn: conn} do
+      user = insert(:user)
+      user2 = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "note" => "I drink #cofe with @#{user2.nickname}"
+        })
+
+      assert user = json_response(conn, 200)
+
+      assert user["note"] ==
+               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{
+                 user2.id
+               }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span>)
+    end
+
+    test "updates the user's locking status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{locked: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["locked"] == true
+    end
+
+    test "updates the user's default scope", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["privacy"] == "cofe"
+    end
+
+    test "updates the user's hide_followers status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_followers"] == true
+    end
+
+    test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          hide_followers_count: "true",
+          hide_follows_count: "true"
+        })
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_followers_count"] == true
+      assert user["pleroma"]["hide_follows_count"] == true
+    end
+
+    test "updates the user's skip_thread_containment option", %{conn: conn} do
+      user = insert(:user)
+
+      response =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
+        |> json_response(200)
+
+      assert response["pleroma"]["skip_thread_containment"] == true
+      assert refresh_record(user).info.skip_thread_containment
+    end
+
+    test "updates the user's hide_follows status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_follows"] == true
+    end
+
+    test "updates the user's hide_favorites status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_favorites"] == true
+    end
+
+    test "updates the user's show_role status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["pleroma"]["show_role"] == false
+    end
+
+    test "updates the user's no_rich_text status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["pleroma"]["no_rich_text"] == true
+    end
+
+    test "updates the user's name", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
+
+      assert user = json_response(conn, 200)
+      assert user["display_name"] == "markorepairs"
+    end
+
+    test "updates the user's avatar", %{conn: conn} do
+      user = insert(:user)
+
+      new_avatar = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
+
+      assert user_response = json_response(conn, 200)
+      assert user_response["avatar"] != User.avatar_url(user)
+    end
+
+    test "updates the user's banner", %{conn: conn} do
+      user = insert(:user)
+
+      new_header = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
+
+      assert user_response = json_response(conn, 200)
+      assert user_response["header"] != User.banner_url(user)
+    end
+
+    test "updates the user's background", %{conn: conn} do
+      user = insert(:user)
+
+      new_header = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_background_image" => new_header
+        })
+
+      assert user_response = json_response(conn, 200)
+      assert user_response["pleroma"]["background_image"]
+    end
+
+    test "requires 'write' permission", %{conn: conn} do
+      token1 = insert(:oauth_token, scopes: ["read"])
+      token2 = insert(:oauth_token, scopes: ["write", "follow"])
+
+      for token <- [token1, token2] do
+        conn =
+          conn
+          |> put_req_header("authorization", "Bearer #{token.token}")
+          |> patch("/api/v1/accounts/update_credentials", %{})
+
+        if token == token1 do
+          assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
+        else
+          assert json_response(conn, 200)
+        end
+      end
+    end
+
+    test "updates profile emojos", %{conn: conn} do
+      user = insert(:user)
+
+      note = "*sips :blank:*"
+      name = "I am :firefox:"
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "note" => note,
+          "display_name" => name
+        })
+
+      assert json_response(conn, 200)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}")
+
+      assert user = json_response(conn, 200)
+
+      assert user["note"] == note
+      assert user["display_name"] == name
+      assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user["emojis"]
+    end
+
+    test "update fields", %{conn: conn} do
+      user = insert(:user)
+
+      fields = [
+        %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
+        %{"name" => "link", "value" => "cofe.io"}
+      ]
+
+      account =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+        |> json_response(200)
+
+      assert account["fields"] == [
+               %{"name" => "foo", "value" => "bar"},
+               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
+             ]
+
+      assert account["source"]["fields"] == [
+               %{
+                 "name" => "<a href=\"http://google.com\">foo</a>",
+                 "value" => "<script>bar</script>"
+               },
+               %{"name" => "link", "value" => "cofe.io"}
+             ]
+
+      fields =
+        [
+          "fields_attributes[1][name]=link",
+          "fields_attributes[1][value]=cofe.io",
+          "fields_attributes[0][name]=<a href=\"http://google.com\">foo</a>",
+          "fields_attributes[0][value]=bar"
+        ]
+        |> Enum.join("&")
+
+      account =
+        conn
+        |> put_req_header("content-type", "application/x-www-form-urlencoded")
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", fields)
+        |> json_response(200)
+
+      assert account["fields"] == [
+               %{"name" => "foo", "value" => "bar"},
+               %{"name" => "link", "value" => "<a href=\"http://cofe.io\">cofe.io</a>"}
+             ]
+
+      assert account["source"]["fields"] == [
+               %{
+                 "name" => "<a href=\"http://google.com\">foo</a>",
+                 "value" => "bar"
+               },
+               %{"name" => "link", "value" => "cofe.io"}
+             ]
+
+      name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
+      value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
+
+      long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
+
+      fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> assign(:user, user)
+               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+               |> json_response(403)
+
+      long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
+
+      fields = [%{"name" => long_name, "value" => "bar"}]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> assign(:user, user)
+               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+               |> json_response(403)
+
+      Pleroma.Config.put([:instance, :max_account_fields], 1)
+
+      fields = [
+        %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
+        %{"name" => "link", "value" => "cofe.io"}
+      ]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> assign(:user, user)
+               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+               |> json_response(403)
+
+      fields = [
+        %{"name" => "foo", "value" => ""},
+        %{"name" => "", "value" => "bar"}
+      ]
+
+      account =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+        |> json_response(200)
+
+      assert account["fields"] == [
+               %{"name" => "foo", "value" => ""}
+             ]
+    end
+  end
+end

test/web/mastodon_api/controllers/account_controller_test.exs

@@ -0,0 +1,852 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.OAuth.Token
+
+  import Pleroma.Factory
+
+  describe "account fetching" do
+    test "works by id" do
+      user = insert(:user)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/#{user.id}")
+
+      assert %{"id" => id} = json_response(conn, 200)
+      assert id == to_string(user.id)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/-1")
+
+      assert %{"error" => "Can't find user"} = json_response(conn, 404)
+    end
+
+    test "works by nickname" do
+      user = insert(:user)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/#{user.nickname}")
+
+      assert %{"id" => id} = json_response(conn, 200)
+      assert id == user.id
+    end
+
+    test "works by nickname for remote users" do
+      limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+      Pleroma.Config.put([:instance, :limit_to_local_content], false)
+      user = insert(:user, nickname: "user@example.com", local: false)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/#{user.nickname}")
+
+      Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
+      assert %{"id" => id} = json_response(conn, 200)
+      assert id == user.id
+    end
+
+    test "respects limit_to_local_content == :all for remote user nicknames" do
+      limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+      Pleroma.Config.put([:instance, :limit_to_local_content], :all)
+
+      user = insert(:user, nickname: "user@example.com", local: false)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/#{user.nickname}")
+
+      Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
+      assert json_response(conn, 404)
+    end
+
+    test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
+      limit_to_local = Pleroma.Config.get([:instance, :limit_to_local_content])
+      Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
+
+      user = insert(:user, nickname: "user@example.com", local: false)
+      reading_user = insert(:user)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/#{user.nickname}")
+
+      assert json_response(conn, 404)
+
+      conn =
+        build_conn()
+        |> assign(:user, reading_user)
+        |> get("/api/v1/accounts/#{user.nickname}")
+
+      Pleroma.Config.put([:instance, :limit_to_local_content], limit_to_local)
+      assert %{"id" => id} = json_response(conn, 200)
+      assert id == user.id
+    end
+
+    test "accounts fetches correct account for nicknames beginning with numbers", %{conn: conn} do
+      # Need to set an old-style integer ID to reproduce the problem
+      # (these are no longer assigned to new accounts but were preserved
+      # for existing accounts during the migration to flakeIDs)
+      user_one = insert(:user, %{id: 1212})
+      user_two = insert(:user, %{nickname: "#{user_one.id}garbage"})
+
+      resp_one =
+        conn
+        |> get("/api/v1/accounts/#{user_one.id}")
+
+      resp_two =
+        conn
+        |> get("/api/v1/accounts/#{user_two.nickname}")
+
+      resp_three =
+        conn
+        |> get("/api/v1/accounts/#{user_two.id}")
+
+      acc_one = json_response(resp_one, 200)
+      acc_two = json_response(resp_two, 200)
+      acc_three = json_response(resp_three, 200)
+      refute acc_one == acc_two
+      assert acc_two == acc_three
+    end
+  end
+
+  describe "user timelines" do
+    test "gets a users statuses", %{conn: conn} do
+      user_one = insert(:user)
+      user_two = insert(:user)
+      user_three = insert(:user)
+
+      {:ok, user_three} = User.follow(user_three, user_one)
+
+      {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
+
+      {:ok, direct_activity} =
+        CommonAPI.post(user_one, %{
+          "status" => "Hi, @#{user_two.nickname}.",
+          "visibility" => "direct"
+        })
+
+      {:ok, private_activity} =
+        CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
+
+      resp =
+        conn
+        |> get("/api/v1/accounts/#{user_one.id}/statuses")
+
+      assert [%{"id" => id}] = json_response(resp, 200)
+      assert id == to_string(activity.id)
+
+      resp =
+        conn
+        |> assign(:user, user_two)
+        |> get("/api/v1/accounts/#{user_one.id}/statuses")
+
+      assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
+      assert id_one == to_string(direct_activity.id)
+      assert id_two == to_string(activity.id)
+
+      resp =
+        conn
+        |> assign(:user, user_three)
+        |> get("/api/v1/accounts/#{user_one.id}/statuses")
+
+      assert [%{"id" => id_one}, %{"id" => id_two}] = json_response(resp, 200)
+      assert id_one == to_string(private_activity.id)
+      assert id_two == to_string(activity.id)
+    end
+
+    test "unimplemented pinned statuses feature", %{conn: conn} do
+      note = insert(:note_activity)
+      user = User.get_cached_by_ap_id(note.data["actor"])
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
+
+      assert json_response(conn, 200) == []
+    end
+
+    test "gets an users media", %{conn: conn} do
+      note = insert(:note_activity)
+      user = User.get_cached_by_ap_id(note.data["actor"])
+
+      file = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
+
+      {:ok, image_post} = CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "true"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(image_post.id)
+
+      conn =
+        build_conn()
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"only_media" => "1"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(image_post.id)
+    end
+
+    test "gets a user's statuses without reblogs", %{conn: conn} do
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, _, _} = CommonAPI.repeat(post.id, user)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(post.id)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(post.id)
+    end
+
+    test "filters user's statuses by a hashtag", %{conn: conn} do
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(user, %{"status" => "#hashtag"})
+      {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"tagged" => "hashtag"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(post.id)
+    end
+  end
+
+  describe "followers" do
+    test "getting followers", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{other_user.id}/followers")
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(user.id)
+    end
+
+    test "getting followers, hide_followers", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user, %{info: %{hide_followers: true}})
+      {:ok, _user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{other_user.id}/followers")
+
+      assert [] == json_response(conn, 200)
+    end
+
+    test "getting followers, hide_followers, same user requesting", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user, %{info: %{hide_followers: true}})
+      {:ok, _user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> assign(:user, other_user)
+        |> get("/api/v1/accounts/#{other_user.id}/followers")
+
+      refute [] == json_response(conn, 200)
+    end
+
+    test "getting followers, pagination", %{conn: conn} do
+      user = insert(:user)
+      follower1 = insert(:user)
+      follower2 = insert(:user)
+      follower3 = insert(:user)
+      {:ok, _} = User.follow(follower1, user)
+      {:ok, _} = User.follow(follower2, user)
+      {:ok, _} = User.follow(follower3, user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+
+      res_conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/followers?since_id=#{follower1.id}")
+
+      assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
+      assert id3 == follower3.id
+      assert id2 == follower2.id
+
+      res_conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3.id}")
+
+      assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
+      assert id2 == follower2.id
+      assert id1 == follower1.id
+
+      res_conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3.id}")
+
+      assert [%{"id" => id2}] = json_response(res_conn, 200)
+      assert id2 == follower2.id
+
+      assert [link_header] = get_resp_header(res_conn, "link")
+      assert link_header =~ ~r/min_id=#{follower2.id}/
+      assert link_header =~ ~r/max_id=#{follower2.id}/
+    end
+  end
+
+  describe "following" do
+    test "getting following", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/following")
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(other_user.id)
+    end
+
+    test "getting following, hide_follows", %{conn: conn} do
+      user = insert(:user, %{info: %{hide_follows: true}})
+      other_user = insert(:user)
+      {:ok, user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/following")
+
+      assert [] == json_response(conn, 200)
+    end
+
+    test "getting following, hide_follows, same user requesting", %{conn: conn} do
+      user = insert(:user, %{info: %{hide_follows: true}})
+      other_user = insert(:user)
+      {:ok, user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/#{user.id}/following")
+
+      refute [] == json_response(conn, 200)
+    end
+
+    test "getting following, pagination", %{conn: conn} do
+      user = insert(:user)
+      following1 = insert(:user)
+      following2 = insert(:user)
+      following3 = insert(:user)
+      {:ok, _} = User.follow(user, following1)
+      {:ok, _} = User.follow(user, following2)
+      {:ok, _} = User.follow(user, following3)
+
+      conn =
+        conn
+        |> assign(:user, user)
+
+      res_conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/following?since_id=#{following1.id}")
+
+      assert [%{"id" => id3}, %{"id" => id2}] = json_response(res_conn, 200)
+      assert id3 == following3.id
+      assert id2 == following2.id
+
+      res_conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/following?max_id=#{following3.id}")
+
+      assert [%{"id" => id2}, %{"id" => id1}] = json_response(res_conn, 200)
+      assert id2 == following2.id
+      assert id1 == following1.id
+
+      res_conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")
+
+      assert [%{"id" => id2}] = json_response(res_conn, 200)
+      assert id2 == following2.id
+
+      assert [link_header] = get_resp_header(res_conn, "link")
+      assert link_header =~ ~r/min_id=#{following2.id}/
+      assert link_header =~ ~r/max_id=#{following2.id}/
+    end
+  end
+
+  describe "follow/unfollow" do
+    test "following / unfollowing a user", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/v1/accounts/#{other_user.id}/follow")
+
+      assert %{"id" => _id, "following" => true} = json_response(conn, 200)
+
+      user = User.get_cached_by_id(user.id)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/accounts/#{other_user.id}/unfollow")
+
+      assert %{"id" => _id, "following" => false} = json_response(conn, 200)
+
+      user = User.get_cached_by_id(user.id)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/follows", %{"uri" => other_user.nickname})
+
+      assert %{"id" => id} = json_response(conn, 200)
+      assert id == to_string(other_user.id)
+    end
+
+    test "following without reblogs" do
+      follower = insert(:user)
+      followed = insert(:user)
+      other_user = insert(:user)
+
+      conn =
+        build_conn()
+        |> assign(:user, follower)
+        |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=false")
+
+      assert %{"showing_reblogs" => false} = json_response(conn, 200)
+
+      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
+      {:ok, reblog, _} = CommonAPI.repeat(activity.id, followed)
+
+      conn =
+        build_conn()
+        |> assign(:user, User.get_cached_by_id(follower.id))
+        |> get("/api/v1/timelines/home")
+
+      assert [] == json_response(conn, 200)
+
+      conn =
+        build_conn()
+        |> assign(:user, follower)
+        |> post("/api/v1/accounts/#{followed.id}/follow?reblogs=true")
+
+      assert %{"showing_reblogs" => true} = json_response(conn, 200)
+
+      conn =
+        build_conn()
+        |> assign(:user, User.get_cached_by_id(follower.id))
+        |> get("/api/v1/timelines/home")
+
+      expected_activity_id = reblog.id
+      assert [%{"id" => ^expected_activity_id}] = json_response(conn, 200)
+    end
+
+    test "following / unfollowing errors" do
+      user = insert(:user)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+
+      # self follow
+      conn_res = post(conn, "/api/v1/accounts/#{user.id}/follow")
+      assert %{"error" => "Record not found"} = json_response(conn_res, 404)
+
+      # self unfollow
+      user = User.get_cached_by_id(user.id)
+      conn_res = post(conn, "/api/v1/accounts/#{user.id}/unfollow")
+      assert %{"error" => "Record not found"} = json_response(conn_res, 404)
+
+      # self follow via uri
+      user = User.get_cached_by_id(user.id)
+      conn_res = post(conn, "/api/v1/follows", %{"uri" => user.nickname})
+      assert %{"error" => "Record not found"} = json_response(conn_res, 404)
+
+      # follow non existing user
+      conn_res = post(conn, "/api/v1/accounts/doesntexist/follow")
+      assert %{"error" => "Record not found"} = json_response(conn_res, 404)
+
+      # follow non existing user via uri
+      conn_res = post(conn, "/api/v1/follows", %{"uri" => "doesntexist"})
+      assert %{"error" => "Record not found"} = json_response(conn_res, 404)
+
+      # unfollow non existing user
+      conn_res = post(conn, "/api/v1/accounts/doesntexist/unfollow")
+      assert %{"error" => "Record not found"} = json_response(conn_res, 404)
+    end
+  end
+
+  describe "mute/unmute" do
+    test "with notifications", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/v1/accounts/#{other_user.id}/mute")
+
+      response = json_response(conn, 200)
+
+      assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response
+      user = User.get_cached_by_id(user.id)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/accounts/#{other_user.id}/unmute")
+
+      response = json_response(conn, 200)
+      assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
+    end
+
+    test "without notifications", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"})
+
+      response = json_response(conn, 200)
+
+      assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response
+      user = User.get_cached_by_id(user.id)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/accounts/#{other_user.id}/unmute")
+
+      response = json_response(conn, 200)
+      assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response
+    end
+  end
+
+  describe "pinned statuses" do
+    setup do
+      user = insert(:user)
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+
+      [user: user, activity: activity]
+    end
+
+    test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
+      {:ok, _} = CommonAPI.pin(activity.id, user)
+
+      result =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
+        |> json_response(200)
+
+      id_str = to_string(activity.id)
+
+      assert [%{"id" => ^id_str, "pinned" => true}] = result
+    end
+  end
+
+  test "blocking / unblocking a user", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/accounts/#{other_user.id}/block")
+
+    assert %{"id" => _id, "blocking" => true} = json_response(conn, 200)
+
+    user = User.get_cached_by_id(user.id)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> post("/api/v1/accounts/#{other_user.id}/unblock")
+
+    assert %{"id" => _id, "blocking" => false} = json_response(conn, 200)
+  end
+
+  describe "create account by app" do
+    setup do
+      valid_params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        agreement: true
+      }
+
+      [valid_params: valid_params]
+    end
+
+    test "Account registration via Application", %{conn: conn} do
+      conn =
+        conn
+        |> post("/api/v1/apps", %{
+          client_name: "client_name",
+          redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
+          scopes: "read, write, follow"
+        })
+
+      %{
+        "client_id" => client_id,
+        "client_secret" => client_secret,
+        "id" => _,
+        "name" => "client_name",
+        "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+        "vapid_key" => _,
+        "website" => nil
+      } = json_response(conn, 200)
+
+      conn =
+        conn
+        |> post("/oauth/token", %{
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        })
+
+      assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
+               json_response(conn, 200)
+
+      assert token
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      assert refresh
+      assert scope == "read write follow"
+
+      conn =
+        build_conn()
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", %{
+          username: "lain",
+          email: "lain@example.org",
+          password: "PlzDontHackLain",
+          bio: "Test Bio",
+          agreement: true
+        })
+
+      %{
+        "access_token" => token,
+        "created_at" => _created_at,
+        "scope" => _scope,
+        "token_type" => "Bearer"
+      } = json_response(conn, 200)
+
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      token_from_db = Repo.preload(token_from_db, :user)
+      assert token_from_db.user
+
+      assert token_from_db.user.info.confirmation_pending
+    end
+
+    test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
+      _user = insert(:user, email: "lain@example.org")
+      app_token = insert(:oauth_token, user: nil)
+
+      conn =
+        conn
+        |> put_req_header("authorization", "Bearer " <> app_token.token)
+
+      res = post(conn, "/api/v1/accounts", valid_params)
+      assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
+    end
+
+    test "rate limit", %{conn: conn} do
+      app_token = insert(:oauth_token, user: nil)
+
+      conn =
+        put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+        |> Map.put(:remote_ip, {15, 15, 15, 15})
+
+      for i <- 1..5 do
+        conn =
+          conn
+          |> post("/api/v1/accounts", %{
+            username: "#{i}lain",
+            email: "#{i}lain@example.org",
+            password: "PlzDontHackLain",
+            agreement: true
+          })
+
+        %{
+          "access_token" => token,
+          "created_at" => _created_at,
+          "scope" => _scope,
+          "token_type" => "Bearer"
+        } = json_response(conn, 200)
+
+        token_from_db = Repo.get_by(Token, token: token)
+        assert token_from_db
+        token_from_db = Repo.preload(token_from_db, :user)
+        assert token_from_db.user
+
+        assert token_from_db.user.info.confirmation_pending
+      end
+
+      conn =
+        conn
+        |> post("/api/v1/accounts", %{
+          username: "6lain",
+          email: "6lain@example.org",
+          password: "PlzDontHackLain",
+          agreement: true
+        })
+
+      assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
+    end
+
+    test "returns bad_request if missing required params", %{
+      conn: conn,
+      valid_params: valid_params
+    } do
+      app_token = insert(:oauth_token, user: nil)
+
+      conn =
+        conn
+        |> put_req_header("authorization", "Bearer " <> app_token.token)
+
+      res = post(conn, "/api/v1/accounts", valid_params)
+      assert json_response(res, 200)
+
+      [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
+      |> Stream.zip(valid_params)
+      |> Enum.each(fn {ip, {attr, _}} ->
+        res =
+          conn
+          |> Map.put(:remote_ip, ip)
+          |> post("/api/v1/accounts", Map.delete(valid_params, attr))
+          |> json_response(400)
+
+        assert res == %{"error" => "Missing parameters"}
+      end)
+    end
+
+    test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
+      conn =
+        conn
+        |> put_req_header("authorization", "Bearer " <> "invalid-token")
+
+      res = post(conn, "/api/v1/accounts", valid_params)
+      assert json_response(res, 403) == %{"error" => "Invalid credentials"}
+    end
+  end
+
+  describe "GET /api/v1/accounts/:id/lists - account_lists" do
+    test "returns lists to which the account belongs", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+      assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user)
+      {:ok, %{following: _following}} = Pleroma.List.follow(list, other_user)
+
+      res =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/#{other_user.id}/lists")
+        |> json_response(200)
+
+      assert res == [%{"id" => to_string(list.id), "title" => "Test List"}]
+    end
+  end
+
+  describe "verify_credentials" do
+    test "verify_credentials", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/verify_credentials")
+
+      response = json_response(conn, 200)
+
+      assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
+      assert response["pleroma"]["chat_token"]
+      assert id == to_string(user.id)
+    end
+
+    test "verify_credentials default scope unlisted", %{conn: conn} do
+      user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}})
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/verify_credentials")
+
+      assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)
+      assert id == to_string(user.id)
+    end
+
+    test "locked accounts", %{conn: conn} do
+      user = insert(:user, %{info: %User.Info{default_scope: "private"}})
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/verify_credentials")
+
+      assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200)
+      assert id == to_string(user.id)
+    end
+  end
+
+  describe "user relationships" do
+    test "returns the relationships for the current user", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, user} = User.follow(user, other_user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]})
+
+      assert [relationship] = json_response(conn, 200)
+
+      assert to_string(other_user.id) == relationship["id"]
+    end
+
+    test "returns an empty list on a bad request", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/relationships", %{})
+
+      assert [] = json_response(conn, 200)
+    end
+  end
+end

test/web/mastodon_api/controllers/conversation_controller_test.exs

@@ -0,0 +1,75 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "Conversations", %{conn: conn} do
+    user_one = insert(:user)
+    user_two = insert(:user)
+    user_three = insert(:user)
+
+    {:ok, user_two} = User.follow(user_two, user_one)
+
+    {:ok, direct} =
+      CommonAPI.post(user_one, %{
+        "status" => "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
+        "visibility" => "direct"
+      })
+
+    {:ok, _follower_only} =
+      CommonAPI.post(user_one, %{
+        "status" => "Hi @#{user_two.nickname}!",
+        "visibility" => "private"
+      })
+
+    res_conn =
+      conn
+      |> assign(:user, user_one)
+      |> get("/api/v1/conversations")
+
+    assert response = json_response(res_conn, 200)
+
+    assert [
+             %{
+               "id" => res_id,
+               "accounts" => res_accounts,
+               "last_status" => res_last_status,
+               "unread" => unread
+             }
+           ] = response
+
+    account_ids = Enum.map(res_accounts, & &1["id"])
+    assert length(res_accounts) == 2
+    assert user_two.id in account_ids
+    assert user_three.id in account_ids
+    assert is_binary(res_id)
+    assert unread == true
+    assert res_last_status["id"] == direct.id
+
+    # Apparently undocumented API endpoint
+    res_conn =
+      conn
+      |> assign(:user, user_one)
+      |> post("/api/v1/conversations/#{res_id}/read")
+
+    assert response = json_response(res_conn, 200)
+    assert length(response["accounts"]) == 2
+    assert response["last_status"]["id"] == direct.id
+    assert response["unread"] == false
+
+    # (vanilla) Mastodon frontend behaviour
+    res_conn =
+      conn
+      |> assign(:user, user_one)
+      |> get("/api/v1/statuses/#{res_last_status["id"]}/context")
+
+    assert %{"ancestors" => [], "descendants" => []} == json_response(res_conn, 200)
+  end
+end

test/web/mastodon_api/controllers/domain_block_controller_test.exs

@@ -0,0 +1,51 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.User
+
+  import Pleroma.Factory
+
+  test "blocking / unblocking a domain", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+
+    assert %{} = json_response(conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    assert User.blocks?(user, other_user)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> delete("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+
+    assert %{} = json_response(conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    refute User.blocks?(user, other_user)
+  end
+
+  test "getting a list of domain blocks", %{conn: conn} do
+    user = insert(:user)
+
+    {:ok, user} = User.block_domain(user, "bad.site")
+    {:ok, user} = User.block_domain(user, "even.worse.site")
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/domain_blocks")
+
+    domain_blocks = json_response(conn, 200)
+
+    assert "bad.site" in domain_blocks
+    assert "even.worse.site" in domain_blocks
+  end
+end

test/web/mastodon_api/controllers/filter_controller_test.exs

@@ -0,0 +1,137 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Web.MastodonAPI.FilterView
+
+  import Pleroma.Factory
+
+  test "creating a filter", %{conn: conn} do
+    user = insert(:user)
+
+    filter = %Pleroma.Filter{
+      phrase: "knights",
+      context: ["home"]
+    }
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
+
+    assert response = json_response(conn, 200)
+    assert response["phrase"] == filter.phrase
+    assert response["context"] == filter.context
+    assert response["irreversible"] == false
+    assert response["id"] != nil
+    assert response["id"] != ""
+  end
+
+  test "fetching a list of filters", %{conn: conn} do
+    user = insert(:user)
+
+    query_one = %Pleroma.Filter{
+      user_id: user.id,
+      filter_id: 1,
+      phrase: "knights",
+      context: ["home"]
+    }
+
+    query_two = %Pleroma.Filter{
+      user_id: user.id,
+      filter_id: 2,
+      phrase: "who",
+      context: ["home"]
+    }
+
+    {:ok, filter_one} = Pleroma.Filter.create(query_one)
+    {:ok, filter_two} = Pleroma.Filter.create(query_two)
+
+    response =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/filters")
+      |> json_response(200)
+
+    assert response ==
+             render_json(
+               FilterView,
+               "filters.json",
+               filters: [filter_two, filter_one]
+             )
+  end
+
+  test "get a filter", %{conn: conn} do
+    user = insert(:user)
+
+    query = %Pleroma.Filter{
+      user_id: user.id,
+      filter_id: 2,
+      phrase: "knight",
+      context: ["home"]
+    }
+
+    {:ok, filter} = Pleroma.Filter.create(query)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/filters/#{filter.filter_id}")
+
+    assert _response = json_response(conn, 200)
+  end
+
+  test "update a filter", %{conn: conn} do
+    user = insert(:user)
+
+    query = %Pleroma.Filter{
+      user_id: user.id,
+      filter_id: 2,
+      phrase: "knight",
+      context: ["home"]
+    }
+
+    {:ok, _filter} = Pleroma.Filter.create(query)
+
+    new = %Pleroma.Filter{
+      phrase: "nii",
+      context: ["home"]
+    }
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> put("/api/v1/filters/#{query.filter_id}", %{
+        phrase: new.phrase,
+        context: new.context
+      })
+
+    assert response = json_response(conn, 200)
+    assert response["phrase"] == new.phrase
+    assert response["context"] == new.context
+  end
+
+  test "delete a filter", %{conn: conn} do
+    user = insert(:user)
+
+    query = %Pleroma.Filter{
+      user_id: user.id,
+      filter_id: 2,
+      phrase: "knight",
+      context: ["home"]
+    }
+
+    {:ok, filter} = Pleroma.Filter.create(query)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> delete("/api/v1/filters/#{filter.filter_id}")
+
+    assert response = json_response(conn, 200)
+    assert response == %{}
+  end
+end

test/web/mastodon_api/controllers/follow_request_controller_test.exs

@@ -0,0 +1,81 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.ActivityPub
+
+  import Pleroma.Factory
+
+  describe "locked accounts" do
+    test "/api/v1/follow_requests works" do
+      user = insert(:user, %{info: %User.Info{locked: true}})
+      other_user = insert(:user)
+
+      {:ok, _activity} = ActivityPub.follow(other_user, user)
+
+      user = User.get_cached_by_id(user.id)
+      other_user = User.get_cached_by_id(other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> get("/api/v1/follow_requests")
+
+      assert [relationship] = json_response(conn, 200)
+      assert to_string(other_user.id) == relationship["id"]
+    end
+
+    test "/api/v1/follow_requests/:id/authorize works" do
+      user = insert(:user, %{info: %User.Info{locked: true}})
+      other_user = insert(:user)
+
+      {:ok, _activity} = ActivityPub.follow(other_user, user)
+
+      user = User.get_cached_by_id(user.id)
+      other_user = User.get_cached_by_id(other_user.id)
+
+      assert User.following?(other_user, user) == false
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/follow_requests/#{other_user.id}/authorize")
+
+      assert relationship = json_response(conn, 200)
+      assert to_string(other_user.id) == relationship["id"]
+
+      user = User.get_cached_by_id(user.id)
+      other_user = User.get_cached_by_id(other_user.id)
+
+      assert User.following?(other_user, user) == true
+    end
+
+    test "/api/v1/follow_requests/:id/reject works" do
+      user = insert(:user, %{info: %User.Info{locked: true}})
+      other_user = insert(:user)
+
+      {:ok, _activity} = ActivityPub.follow(other_user, user)
+
+      user = User.get_cached_by_id(user.id)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+        |> post("/api/v1/follow_requests/#{other_user.id}/reject")
+
+      assert relationship = json_response(conn, 200)
+      assert to_string(other_user.id) == relationship["id"]
+
+      user = User.get_cached_by_id(user.id)
+      other_user = User.get_cached_by_id(other_user.id)
+
+      assert User.following?(other_user, user) == false
+    end
+  end
+end

test/web/mastodon_api/controllers/list_controller_test.exs

@@ -0,0 +1,166 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Repo
+
+  import Pleroma.Factory
+
+  test "creating a list", %{conn: conn} do
+    user = insert(:user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/lists", %{"title" => "cuties"})
+
+    assert %{"title" => title} = json_response(conn, 200)
+    assert title == "cuties"
+  end
+
+  test "renders error for invalid params", %{conn: conn} do
+    user = insert(:user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/lists", %{"title" => nil})
+
+    assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
+  end
+
+  test "listing a user's lists", %{conn: conn} do
+    user = insert(:user)
+
+    conn
+    |> assign(:user, user)
+    |> post("/api/v1/lists", %{"title" => "cuties"})
+
+    conn
+    |> assign(:user, user)
+    |> post("/api/v1/lists", %{"title" => "cofe"})
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/lists")
+
+    assert [
+             %{"id" => _, "title" => "cofe"},
+             %{"id" => _, "title" => "cuties"}
+           ] = json_response(conn, :ok)
+  end
+
+  test "adding users to a list", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+
+    assert %{} == json_response(conn, 200)
+    %Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
+    assert following == [other_user.follower_address]
+  end
+
+  test "removing users from a list", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+    third_user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+    {:ok, list} = Pleroma.List.follow(list, other_user)
+    {:ok, list} = Pleroma.List.follow(list, third_user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+
+    assert %{} == json_response(conn, 200)
+    %Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
+    assert following == [third_user.follower_address]
+  end
+
+  test "listing users in a list", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+    {:ok, list} = Pleroma.List.follow(list, other_user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+
+    assert [%{"id" => id}] = json_response(conn, 200)
+    assert id == to_string(other_user.id)
+  end
+
+  test "retrieving a list", %{conn: conn} do
+    user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/lists/#{list.id}")
+
+    assert %{"id" => id} = json_response(conn, 200)
+    assert id == to_string(list.id)
+  end
+
+  test "renders 404 if list is not found", %{conn: conn} do
+    user = insert(:user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/lists/666")
+
+    assert %{"error" => "List not found"} = json_response(conn, :not_found)
+  end
+
+  test "renaming a list", %{conn: conn} do
+    user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"})
+
+    assert %{"title" => name} = json_response(conn, 200)
+    assert name == "newname"
+  end
+
+  test "validates title when renaming a list", %{conn: conn} do
+    user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> put("/api/v1/lists/#{list.id}", %{"title" => "  "})
+
+    assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
+  end
+
+  test "deleting a list", %{conn: conn} do
+    user = insert(:user)
+    {:ok, list} = Pleroma.List.create("name", user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> delete("/api/v1/lists/#{list.id}")
+
+    assert %{} = json_response(conn, 200)
+    assert is_nil(Repo.get(Pleroma.List, list.id))
+  end
+end

test/web/mastodon_api/controllers/notification_controller_test.exs

@@ -0,0 +1,299 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Notification
+  alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "list of notifications", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+
+    {:ok, [_notification]} = Notification.create_notifications(activity)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/notifications")
+
+    expected_response =
+      "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{
+        user.ap_id
+      }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>"
+
+    assert [%{"status" => %{"content" => response}} | _rest] = json_response(conn, 200)
+    assert response == expected_response
+  end
+
+  test "getting a single notification", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+
+    {:ok, [notification]} = Notification.create_notifications(activity)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/notifications/#{notification.id}")
+
+    expected_response =
+      "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{
+        user.ap_id
+      }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>"
+
+    assert %{"status" => %{"content" => response}} = json_response(conn, 200)
+    assert response == expected_response
+  end
+
+  test "dismissing a single notification", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+
+    {:ok, [notification]} = Notification.create_notifications(activity)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/notifications/dismiss", %{"id" => notification.id})
+
+    assert %{} = json_response(conn, 200)
+  end
+
+  test "clearing all notifications", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+
+    {:ok, [_notification]} = Notification.create_notifications(activity)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/notifications/clear")
+
+    assert %{} = json_response(conn, 200)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> get("/api/v1/notifications")
+
+    assert all = json_response(conn, 200)
+    assert all == []
+  end
+
+  test "paginates notifications using min_id, since_id, max_id, and limit", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity2} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity3} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity4} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+
+    notification1_id = get_notification_id_by_activity(activity1)
+    notification2_id = get_notification_id_by_activity(activity2)
+    notification3_id = get_notification_id_by_activity(activity3)
+    notification4_id = get_notification_id_by_activity(activity4)
+
+    conn = assign(conn, :user, user)
+
+    # min_id
+    result =
+      conn
+      |> get("/api/v1/notifications?limit=2&min_id=#{notification1_id}")
+      |> json_response(:ok)
+
+    assert [%{"id" => ^notification3_id}, %{"id" => ^notification2_id}] = result
+
+    # since_id
+    result =
+      conn
+      |> get("/api/v1/notifications?limit=2&since_id=#{notification1_id}")
+      |> json_response(:ok)
+
+    assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
+
+    # max_id
+    result =
+      conn
+      |> get("/api/v1/notifications?limit=2&max_id=#{notification4_id}")
+      |> json_response(:ok)
+
+    assert [%{"id" => ^notification3_id}, %{"id" => ^notification2_id}] = result
+  end
+
+  test "filters notifications using exclude_types", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, mention_activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
+    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
+    {:ok, favorite_activity, _} = CommonAPI.favorite(create_activity.id, other_user)
+    {:ok, reblog_activity, _} = CommonAPI.repeat(create_activity.id, other_user)
+    {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user)
+
+    mention_notification_id = get_notification_id_by_activity(mention_activity)
+    favorite_notification_id = get_notification_id_by_activity(favorite_activity)
+    reblog_notification_id = get_notification_id_by_activity(reblog_activity)
+    follow_notification_id = get_notification_id_by_activity(follow_activity)
+
+    conn = assign(conn, :user, user)
+
+    conn_res =
+      get(conn, "/api/v1/notifications", %{exclude_types: ["mention", "favourite", "reblog"]})
+
+    assert [%{"id" => ^follow_notification_id}] = json_response(conn_res, 200)
+
+    conn_res =
+      get(conn, "/api/v1/notifications", %{exclude_types: ["favourite", "reblog", "follow"]})
+
+    assert [%{"id" => ^mention_notification_id}] = json_response(conn_res, 200)
+
+    conn_res =
+      get(conn, "/api/v1/notifications", %{exclude_types: ["reblog", "follow", "mention"]})
+
+    assert [%{"id" => ^favorite_notification_id}] = json_response(conn_res, 200)
+
+    conn_res =
+      get(conn, "/api/v1/notifications", %{exclude_types: ["follow", "mention", "favourite"]})
+
+    assert [%{"id" => ^reblog_notification_id}] = json_response(conn_res, 200)
+  end
+
+  test "destroy multiple", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity2} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity3} = CommonAPI.post(user, %{"status" => "hi @#{other_user.nickname}"})
+    {:ok, activity4} = CommonAPI.post(user, %{"status" => "hi @#{other_user.nickname}"})
+
+    notification1_id = get_notification_id_by_activity(activity1)
+    notification2_id = get_notification_id_by_activity(activity2)
+    notification3_id = get_notification_id_by_activity(activity3)
+    notification4_id = get_notification_id_by_activity(activity4)
+
+    conn = assign(conn, :user, user)
+
+    result =
+      conn
+      |> get("/api/v1/notifications")
+      |> json_response(:ok)
+
+    assert [%{"id" => ^notification2_id}, %{"id" => ^notification1_id}] = result
+
+    conn2 =
+      conn
+      |> assign(:user, other_user)
+
+    result =
+      conn2
+      |> get("/api/v1/notifications")
+      |> json_response(:ok)
+
+    assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
+
+    conn_destroy =
+      conn
+      |> delete("/api/v1/notifications/destroy_multiple", %{
+        "ids" => [notification1_id, notification2_id]
+      })
+
+    assert json_response(conn_destroy, 200) == %{}
+
+    result =
+      conn2
+      |> get("/api/v1/notifications")
+      |> json_response(:ok)
+
+    assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
+  end
+
+  test "doesn't see notifications after muting user with notifications", %{conn: conn} do
+    user = insert(:user)
+    user2 = insert(:user)
+
+    {:ok, _, _, _} = CommonAPI.follow(user, user2)
+    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+
+    conn = assign(conn, :user, user)
+
+    conn = get(conn, "/api/v1/notifications")
+
+    assert length(json_response(conn, 200)) == 1
+
+    {:ok, user} = User.mute(user, user2)
+
+    conn = assign(build_conn(), :user, user)
+    conn = get(conn, "/api/v1/notifications")
+
+    assert json_response(conn, 200) == []
+  end
+
+  test "see notifications after muting user without notifications", %{conn: conn} do
+    user = insert(:user)
+    user2 = insert(:user)
+
+    {:ok, _, _, _} = CommonAPI.follow(user, user2)
+    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+
+    conn = assign(conn, :user, user)
+
+    conn = get(conn, "/api/v1/notifications")
+
+    assert length(json_response(conn, 200)) == 1
+
+    {:ok, user} = User.mute(user, user2, false)
+
+    conn = assign(build_conn(), :user, user)
+    conn = get(conn, "/api/v1/notifications")
+
+    assert length(json_response(conn, 200)) == 1
+  end
+
+  test "see notifications after muting user with notifications and with_muted parameter", %{
+    conn: conn
+  } do
+    user = insert(:user)
+    user2 = insert(:user)
+
+    {:ok, _, _, _} = CommonAPI.follow(user, user2)
+    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+
+    conn = assign(conn, :user, user)
+
+    conn = get(conn, "/api/v1/notifications")
+
+    assert length(json_response(conn, 200)) == 1
+
+    {:ok, user} = User.mute(user, user2)
+
+    conn = assign(build_conn(), :user, user)
+    conn = get(conn, "/api/v1/notifications", %{"with_muted" => "true"})
+
+    assert length(json_response(conn, 200)) == 1
+  end
+
+  defp get_notification_id_by_activity(%{id: id}) do
+    Notification
+    |> Repo.get_by(activity_id: id)
+    |> Map.get(:id)
+    |> to_string()
+  end
+end

test/web/mastodon_api/controllers/report_controller_test.exs

@@ -0,0 +1,88 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  setup do
+    reporter = insert(:user)
+    target_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
+
+    [reporter: reporter, target_user: target_user, activity: activity]
+  end
+
+  test "submit a basic report", %{conn: conn, reporter: reporter, target_user: target_user} do
+    assert %{"action_taken" => false, "id" => _} =
+             conn
+             |> assign(:user, reporter)
+             |> post("/api/v1/reports", %{"account_id" => target_user.id})
+             |> json_response(200)
+  end
+
+  test "submit a report with statuses and comment", %{
+    conn: conn,
+    reporter: reporter,
+    target_user: target_user,
+    activity: activity
+  } do
+    assert %{"action_taken" => false, "id" => _} =
+             conn
+             |> assign(:user, reporter)
+             |> post("/api/v1/reports", %{
+               "account_id" => target_user.id,
+               "status_ids" => [activity.id],
+               "comment" => "bad status!",
+               "forward" => "false"
+             })
+             |> json_response(200)
+  end
+
+  test "account_id is required", %{
+    conn: conn,
+    reporter: reporter,
+    activity: activity
+  } do
+    assert %{"error" => "Valid `account_id` required"} =
+             conn
+             |> assign(:user, reporter)
+             |> post("/api/v1/reports", %{"status_ids" => [activity.id]})
+             |> json_response(400)
+  end
+
+  test "comment must be up to the size specified in the config", %{
+    conn: conn,
+    reporter: reporter,
+    target_user: target_user
+  } do
+    max_size = Pleroma.Config.get([:instance, :max_report_comment_size], 1000)
+    comment = String.pad_trailing("a", max_size + 1, "a")
+
+    error = %{"error" => "Comment must be up to #{max_size} characters"}
+
+    assert ^error =
+             conn
+             |> assign(:user, reporter)
+             |> post("/api/v1/reports", %{"account_id" => target_user.id, "comment" => comment})
+             |> json_response(400)
+  end
+
+  test "returns error when account is not exist", %{
+    conn: conn,
+    reporter: reporter,
+    activity: activity
+  } do
+    conn =
+      conn
+      |> assign(:user, reporter)
+      |> post("/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"})
+
+    assert json_response(conn, 400) == %{"error" => "Account not found"}
+  end
+end

test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs

@@ -0,0 +1,113 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Repo
+  alias Pleroma.ScheduledActivity
+
+  import Pleroma.Factory
+
+  test "shows scheduled activities", %{conn: conn} do
+    user = insert(:user)
+    scheduled_activity_id1 = insert(:scheduled_activity, user: user).id |> to_string()
+    scheduled_activity_id2 = insert(:scheduled_activity, user: user).id |> to_string()
+    scheduled_activity_id3 = insert(:scheduled_activity, user: user).id |> to_string()
+    scheduled_activity_id4 = insert(:scheduled_activity, user: user).id |> to_string()
+
+    conn =
+      conn
+      |> assign(:user, user)
+
+    # min_id
+    conn_res =
+      conn
+      |> get("/api/v1/scheduled_statuses?limit=2&min_id=#{scheduled_activity_id1}")
+
+    result = json_response(conn_res, 200)
+    assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
+
+    # since_id
+    conn_res =
+      conn
+      |> get("/api/v1/scheduled_statuses?limit=2&since_id=#{scheduled_activity_id1}")
+
+    result = json_response(conn_res, 200)
+    assert [%{"id" => ^scheduled_activity_id4}, %{"id" => ^scheduled_activity_id3}] = result
+
+    # max_id
+    conn_res =
+      conn
+      |> get("/api/v1/scheduled_statuses?limit=2&max_id=#{scheduled_activity_id4}")
+
+    result = json_response(conn_res, 200)
+    assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
+  end
+
+  test "shows a scheduled activity", %{conn: conn} do
+    user = insert(:user)
+    scheduled_activity = insert(:scheduled_activity, user: user)
+
+    res_conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/scheduled_statuses/#{scheduled_activity.id}")
+
+    assert %{"id" => scheduled_activity_id} = json_response(res_conn, 200)
+    assert scheduled_activity_id == scheduled_activity.id |> to_string()
+
+    res_conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/scheduled_statuses/404")
+
+    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+  end
+
+  test "updates a scheduled activity", %{conn: conn} do
+    user = insert(:user)
+    scheduled_activity = insert(:scheduled_activity, user: user)
+
+    new_scheduled_at =
+      NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(120), :millisecond)
+
+    res_conn =
+      conn
+      |> assign(:user, user)
+      |> put("/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
+        scheduled_at: new_scheduled_at
+      })
+
+    assert %{"scheduled_at" => expected_scheduled_at} = json_response(res_conn, 200)
+    assert expected_scheduled_at == Pleroma.Web.CommonAPI.Utils.to_masto_date(new_scheduled_at)
+
+    res_conn =
+      conn
+      |> assign(:user, user)
+      |> put("/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})
+
+    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+  end
+
+  test "deletes a scheduled activity", %{conn: conn} do
+    user = insert(:user)
+    scheduled_activity = insert(:scheduled_activity, user: user)
+
+    res_conn =
+      conn
+      |> assign(:user, user)
+      |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}")
+
+    assert %{} = json_response(res_conn, 200)
+    assert nil == Repo.get(ScheduledActivity, scheduled_activity.id)
+
+    res_conn =
+      conn
+      |> assign(:user, user)
+      |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}")
+
+    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+  end
+end

test/web/mastodon_api/controllers/search_controller_test.exs

@@ -0,0 +1,285 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Object
+  alias Pleroma.Web
+  alias Pleroma.Web.CommonAPI
+  import Pleroma.Factory
+  import ExUnit.CaptureLog
+  import Tesla.Mock
+  import Mock
+
+  setup do
+    mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  describe ".search2" do
+    test "it returns empty result if user or status search return undefined error", %{conn: conn} do
+      with_mocks [
+        {Pleroma.User, [], [search: fn _q, _o -> raise "Oops" end]},
+        {Pleroma.Activity, [], [search: fn _u, _q, _o -> raise "Oops" end]}
+      ] do
+        capture_log(fn ->
+          results =
+            conn
+            |> get("/api/v2/search", %{"q" => "2hu"})
+            |> json_response(200)
+
+          assert results["accounts"] == []
+          assert results["statuses"] == []
+        end) =~
+          "[error] Elixir.Pleroma.Web.MastodonAPI.SearchController search error: %RuntimeError{message: \"Oops\"}"
+      end
+    end
+
+    test "search", %{conn: conn} do
+      user = insert(:user)
+      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu private"})
+
+      {:ok, _activity} =
+        CommonAPI.post(user, %{
+          "status" => "This is about 2hu, but private",
+          "visibility" => "private"
+        })
+
+      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+
+      conn = get(conn, "/api/v2/search", %{"q" => "2hu #private"})
+
+      assert results = json_response(conn, 200)
+
+      [account | _] = results["accounts"]
+      assert account["id"] == to_string(user_three.id)
+
+      assert results["hashtags"] == [
+               %{"name" => "private", "url" => "#{Web.base_url()}/tag/private"}
+             ]
+
+      [status] = results["statuses"]
+      assert status["id"] == to_string(activity.id)
+    end
+  end
+
+  describe ".account_search" do
+    test "account search", %{conn: conn} do
+      user = insert(:user)
+      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      results =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/search", %{"q" => "shp"})
+        |> json_response(200)
+
+      result_ids = for result <- results, do: result["acct"]
+
+      assert user_two.nickname in result_ids
+      assert user_three.nickname in result_ids
+
+      results =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/search", %{"q" => "2hu"})
+        |> json_response(200)
+
+      result_ids = for result <- results, do: result["acct"]
+
+      assert user_three.nickname in result_ids
+    end
+
+    test "returns account if query contains a space", %{conn: conn} do
+      user = insert(:user, %{nickname: "shp@shitposter.club"})
+
+      results =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/search", %{"q" => "shp@shitposter.club xxx "})
+        |> json_response(200)
+
+      assert length(results) == 1
+    end
+  end
+
+  describe ".search" do
+    test "it returns empty result if user or status search return undefined error", %{conn: conn} do
+      with_mocks [
+        {Pleroma.User, [], [search: fn _q, _o -> raise "Oops" end]},
+        {Pleroma.Activity, [], [search: fn _u, _q, _o -> raise "Oops" end]}
+      ] do
+        capture_log(fn ->
+          results =
+            conn
+            |> get("/api/v1/search", %{"q" => "2hu"})
+            |> json_response(200)
+
+          assert results["accounts"] == []
+          assert results["statuses"] == []
+        end) =~
+          "[error] Elixir.Pleroma.Web.MastodonAPI.SearchController search error: %RuntimeError{message: \"Oops\"}"
+      end
+    end
+
+    test "search", %{conn: conn} do
+      user = insert(:user)
+      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+
+      {:ok, _activity} =
+        CommonAPI.post(user, %{
+          "status" => "This is about 2hu, but private",
+          "visibility" => "private"
+        })
+
+      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+
+      conn =
+        conn
+        |> get("/api/v1/search", %{"q" => "2hu"})
+
+      assert results = json_response(conn, 200)
+
+      [account | _] = results["accounts"]
+      assert account["id"] == to_string(user_three.id)
+
+      assert results["hashtags"] == []
+
+      [status] = results["statuses"]
+      assert status["id"] == to_string(activity.id)
+    end
+
+    test "search fetches remote statuses", %{conn: conn} do
+      capture_log(fn ->
+        conn =
+          conn
+          |> get("/api/v1/search", %{"q" => "https://shitposter.club/notice/2827873"})
+
+        assert results = json_response(conn, 200)
+
+        [status] = results["statuses"]
+
+        assert status["uri"] ==
+                 "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment"
+      end)
+    end
+
+    test "search doesn't show statuses that it shouldn't", %{conn: conn} do
+      {:ok, activity} =
+        CommonAPI.post(insert(:user), %{
+          "status" => "This is about 2hu, but private",
+          "visibility" => "private"
+        })
+
+      capture_log(fn ->
+        conn =
+          conn
+          |> get("/api/v1/search", %{"q" => Object.normalize(activity).data["id"]})
+
+        assert results = json_response(conn, 200)
+
+        [] = results["statuses"]
+      end)
+    end
+
+    test "search fetches remote accounts", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/search", %{"q" => "shp@social.heldscal.la", "resolve" => "true"})
+
+      assert results = json_response(conn, 200)
+      [account] = results["accounts"]
+      assert account["acct"] == "shp@social.heldscal.la"
+    end
+
+    test "search doesn't fetch remote accounts if resolve is false", %{conn: conn} do
+      conn =
+        conn
+        |> get("/api/v1/search", %{"q" => "shp@social.heldscal.la", "resolve" => "false"})
+
+      assert results = json_response(conn, 200)
+      assert [] == results["accounts"]
+    end
+
+    test "search with limit and offset", %{conn: conn} do
+      user = insert(:user)
+      _user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      _user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, _activity1} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+      {:ok, _activity2} = CommonAPI.post(user, %{"status" => "This is also about 2hu"})
+
+      result =
+        conn
+        |> get("/api/v1/search", %{"q" => "2hu", "limit" => 1})
+
+      assert results = json_response(result, 200)
+      assert [%{"id" => activity_id1}] = results["statuses"]
+      assert [_] = results["accounts"]
+
+      results =
+        conn
+        |> get("/api/v1/search", %{"q" => "2hu", "limit" => 1, "offset" => 1})
+        |> json_response(200)
+
+      assert [%{"id" => activity_id2}] = results["statuses"]
+      assert [] = results["accounts"]
+
+      assert activity_id1 != activity_id2
+    end
+
+    test "search returns results only for the given type", %{conn: conn} do
+      user = insert(:user)
+      _user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, _activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+
+      assert %{"statuses" => [_activity], "accounts" => [], "hashtags" => []} =
+               conn
+               |> get("/api/v1/search", %{"q" => "2hu", "type" => "statuses"})
+               |> json_response(200)
+
+      assert %{"statuses" => [], "accounts" => [_user_two], "hashtags" => []} =
+               conn
+               |> get("/api/v1/search", %{"q" => "2hu", "type" => "accounts"})
+               |> json_response(200)
+    end
+
+    test "search uses account_id to filter statuses by the author", %{conn: conn} do
+      user = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, activity1} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+      {:ok, activity2} = CommonAPI.post(user_two, %{"status" => "This is also about 2hu"})
+
+      results =
+        conn
+        |> get("/api/v1/search", %{"q" => "2hu", "account_id" => user.id})
+        |> json_response(200)
+
+      assert [%{"id" => activity_id1}] = results["statuses"]
+      assert activity_id1 == activity1.id
+      assert [_] = results["accounts"]
+
+      results =
+        conn
+        |> get("/api/v1/search", %{"q" => "2hu", "account_id" => user_two.id})
+        |> json_response(200)
+
+      assert [%{"id" => activity_id2}] = results["statuses"]
+      assert activity_id2 == activity2.id
+    end
+  end
+end

test/web/mastodon_api/controllers/subscription_controller_test.exs

@@ -0,0 +1,192 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+  alias Pleroma.Web.Push
+  alias Pleroma.Web.Push.Subscription
+
+  @sub %{
+    "endpoint" => "https://example.com/example/1234",
+    "keys" => %{
+      "auth" => "8eDyX_uCN0XRhSbY5hs7Hg==",
+      "p256dh" =>
+        "BCIWgsnyXDv1VkhqL2P7YRBvdeuDnlwAPT2guNhdIoW3IP7GmHh1SMKPLxRf7x8vJy6ZFK3ol2ohgn_-0yP7QQA="
+    }
+  }
+  @server_key Keyword.get(Push.vapid_config(), :public_key)
+
+  setup do
+    user = insert(:user)
+    token = insert(:oauth_token, user: user, scopes: ["push"])
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> assign(:token, token)
+
+    %{conn: conn, user: user, token: token}
+  end
+
+  defmacro assert_error_when_disable_push(do: yield) do
+    quote do
+      vapid_details = Application.get_env(:web_push_encryption, :vapid_details, [])
+      Application.put_env(:web_push_encryption, :vapid_details, [])
+      assert "Something went wrong" == unquote(yield)
+      Application.put_env(:web_push_encryption, :vapid_details, vapid_details)
+    end
+  end
+
+  describe "creates push subscription" do
+    test "returns error when push disabled ", %{conn: conn} do
+      assert_error_when_disable_push do
+        conn
+        |> post("/api/v1/push/subscription", %{})
+        |> json_response(500)
+      end
+    end
+
+    test "successful creation", %{conn: conn} do
+      result =
+        conn
+        |> post("/api/v1/push/subscription", %{
+          "data" => %{"alerts" => %{"mention" => true, "test" => true}},
+          "subscription" => @sub
+        })
+        |> json_response(200)
+
+      [subscription] = Pleroma.Repo.all(Subscription)
+
+      assert %{
+               "alerts" => %{"mention" => true},
+               "endpoint" => subscription.endpoint,
+               "id" => to_string(subscription.id),
+               "server_key" => @server_key
+             } == result
+    end
+  end
+
+  describe "gets a user subscription" do
+    test "returns error when push disabled ", %{conn: conn} do
+      assert_error_when_disable_push do
+        conn
+        |> get("/api/v1/push/subscription", %{})
+        |> json_response(500)
+      end
+    end
+
+    test "returns error when user hasn't subscription", %{conn: conn} do
+      res =
+        conn
+        |> get("/api/v1/push/subscription", %{})
+        |> json_response(404)
+
+      assert "Not found" == res
+    end
+
+    test "returns a user subsciption", %{conn: conn, user: user, token: token} do
+      subscription =
+        insert(:push_subscription,
+          user: user,
+          token: token,
+          data: %{"alerts" => %{"mention" => true}}
+        )
+
+      res =
+        conn
+        |> get("/api/v1/push/subscription", %{})
+        |> json_response(200)
+
+      expect = %{
+        "alerts" => %{"mention" => true},
+        "endpoint" => "https://example.com/example/1234",
+        "id" => to_string(subscription.id),
+        "server_key" => @server_key
+      }
+
+      assert expect == res
+    end
+  end
+
+  describe "updates a user subsciption" do
+    setup %{conn: conn, user: user, token: token} do
+      subscription =
+        insert(:push_subscription,
+          user: user,
+          token: token,
+          data: %{"alerts" => %{"mention" => true}}
+        )
+
+      %{conn: conn, user: user, token: token, subscription: subscription}
+    end
+
+    test "returns error when push disabled ", %{conn: conn} do
+      assert_error_when_disable_push do
+        conn
+        |> put("/api/v1/push/subscription", %{data: %{"alerts" => %{"mention" => false}}})
+        |> json_response(500)
+      end
+    end
+
+    test "returns updated subsciption", %{conn: conn, subscription: subscription} do
+      res =
+        conn
+        |> put("/api/v1/push/subscription", %{
+          data: %{"alerts" => %{"mention" => false, "follow" => true}}
+        })
+        |> json_response(200)
+
+      expect = %{
+        "alerts" => %{"follow" => true, "mention" => false},
+        "endpoint" => "https://example.com/example/1234",
+        "id" => to_string(subscription.id),
+        "server_key" => @server_key
+      }
+
+      assert expect == res
+    end
+  end
+
+  describe "deletes the user subscription" do
+    test "returns error when push disabled ", %{conn: conn} do
+      assert_error_when_disable_push do
+        conn
+        |> delete("/api/v1/push/subscription", %{})
+        |> json_response(500)
+      end
+    end
+
+    test "returns error when user hasn't subscription", %{conn: conn} do
+      res =
+        conn
+        |> delete("/api/v1/push/subscription", %{})
+        |> json_response(404)
+
+      assert "Not found" == res
+    end
+
+    test "returns empty result and delete user subsciption", %{
+      conn: conn,
+      user: user,
+      token: token
+    } do
+      subscription =
+        insert(:push_subscription,
+          user: user,
+          token: token,
+          data: %{"alerts" => %{"mention" => true}}
+        )
+
+      res =
+        conn
+        |> delete("/api/v1/push/subscription", %{})
+        |> json_response(200)
+
+      assert %{} == res
+      refute Pleroma.Repo.get(Subscription, subscription.id)
+    end
+  end
+end

test/web/mastodon_api/controllers/timeline_controller_test.exs

@@ -0,0 +1,291 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+  import Tesla.Mock
+
+  alias Pleroma.Config
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.OStatus
+
+  clear_config([:instance, :public])
+
+  setup do
+    mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  test "the home timeline", %{conn: conn} do
+    user = insert(:user)
+    following = insert(:user)
+
+    {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/timelines/home")
+
+    assert Enum.empty?(json_response(conn, :ok))
+
+    {:ok, user} = User.follow(user, following)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> get("/api/v1/timelines/home")
+
+    assert [%{"content" => "test"}] = json_response(conn, :ok)
+  end
+
+  describe "public" do
+    @tag capture_log: true
+    test "the public timeline", %{conn: conn} do
+      following = insert(:user)
+
+      {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+
+      {:ok, [_activity]} =
+        OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873")
+
+      conn = get(conn, "/api/v1/timelines/public", %{"local" => "False"})
+
+      assert length(json_response(conn, :ok)) == 2
+
+      conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "True"})
+
+      assert [%{"content" => "test"}] = json_response(conn, :ok)
+
+      conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "1"})
+
+      assert [%{"content" => "test"}] = json_response(conn, :ok)
+    end
+
+    test "the public timeline when public is set to false", %{conn: conn} do
+      Config.put([:instance, :public], false)
+
+      assert %{"error" => "This resource requires authentication."} ==
+               conn
+               |> get("/api/v1/timelines/public", %{"local" => "False"})
+               |> json_response(:forbidden)
+    end
+
+    test "the public timeline includes only public statuses for an authenticated user" do
+      user = insert(:user)
+
+      conn =
+        build_conn()
+        |> assign(:user, user)
+
+      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
+      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
+      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
+      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
+
+      res_conn = get(conn, "/api/v1/timelines/public")
+      assert length(json_response(res_conn, 200)) == 1
+    end
+  end
+
+  describe "direct" do
+    test "direct timeline", %{conn: conn} do
+      user_one = insert(:user)
+      user_two = insert(:user)
+
+      {:ok, user_two} = User.follow(user_two, user_one)
+
+      {:ok, direct} =
+        CommonAPI.post(user_one, %{
+          "status" => "Hi @#{user_two.nickname}!",
+          "visibility" => "direct"
+        })
+
+      {:ok, _follower_only} =
+        CommonAPI.post(user_one, %{
+          "status" => "Hi @#{user_two.nickname}!",
+          "visibility" => "private"
+        })
+
+      # Only direct should be visible here
+      res_conn =
+        conn
+        |> assign(:user, user_two)
+        |> get("api/v1/timelines/direct")
+
+      [status] = json_response(res_conn, :ok)
+
+      assert %{"visibility" => "direct"} = status
+      assert status["url"] != direct.data["id"]
+
+      # User should be able to see their own direct message
+      res_conn =
+        build_conn()
+        |> assign(:user, user_one)
+        |> get("api/v1/timelines/direct")
+
+      [status] = json_response(res_conn, :ok)
+
+      assert %{"visibility" => "direct"} = status
+
+      # Both should be visible here
+      res_conn =
+        conn
+        |> assign(:user, user_two)
+        |> get("api/v1/timelines/home")
+
+      [_s1, _s2] = json_response(res_conn, :ok)
+
+      # Test pagination
+      Enum.each(1..20, fn _ ->
+        {:ok, _} =
+          CommonAPI.post(user_one, %{
+            "status" => "Hi @#{user_two.nickname}!",
+            "visibility" => "direct"
+          })
+      end)
+
+      res_conn =
+        conn
+        |> assign(:user, user_two)
+        |> get("api/v1/timelines/direct")
+
+      statuses = json_response(res_conn, :ok)
+      assert length(statuses) == 20
+
+      res_conn =
+        conn
+        |> assign(:user, user_two)
+        |> get("api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
+
+      [status] = json_response(res_conn, :ok)
+
+      assert status["url"] != direct.data["id"]
+    end
+
+    test "doesn't include DMs from blocked users", %{conn: conn} do
+      blocker = insert(:user)
+      blocked = insert(:user)
+      user = insert(:user)
+      {:ok, blocker} = User.block(blocker, blocked)
+
+      {:ok, _blocked_direct} =
+        CommonAPI.post(blocked, %{
+          "status" => "Hi @#{blocker.nickname}!",
+          "visibility" => "direct"
+        })
+
+      {:ok, direct} =
+        CommonAPI.post(user, %{
+          "status" => "Hi @#{blocker.nickname}!",
+          "visibility" => "direct"
+        })
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> get("api/v1/timelines/direct")
+
+      [status] = json_response(res_conn, :ok)
+      assert status["id"] == direct.id
+    end
+  end
+
+  describe "list" do
+    test "list timeline", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
+      {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
+      {:ok, list} = Pleroma.List.create("name", user)
+      {:ok, list} = Pleroma.List.follow(list, other_user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/timelines/list/#{list.id}")
+
+      assert [%{"id" => id}] = json_response(conn, :ok)
+
+      assert id == to_string(activity_two.id)
+    end
+
+    test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
+
+      {:ok, _activity_two} =
+        CommonAPI.post(other_user, %{
+          "status" => "Marisa is cute.",
+          "visibility" => "private"
+        })
+
+      {:ok, list} = Pleroma.List.create("name", user)
+      {:ok, list} = Pleroma.List.follow(list, other_user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/timelines/list/#{list.id}")
+
+      assert [%{"id" => id}] = json_response(conn, :ok)
+
+      assert id == to_string(activity_one.id)
+    end
+  end
+
+  describe "hashtag" do
+    @tag capture_log: true
+    test "hashtag timeline", %{conn: conn} do
+      following = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"})
+
+      {:ok, [_activity]} =
+        OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873")
+
+      nconn = get(conn, "/api/v1/timelines/tag/2hu")
+
+      assert [%{"id" => id}] = json_response(nconn, :ok)
+
+      assert id == to_string(activity.id)
+
+      # works for different capitalization too
+      nconn = get(conn, "/api/v1/timelines/tag/2HU")
+
+      assert [%{"id" => id}] = json_response(nconn, :ok)
+
+      assert id == to_string(activity.id)
+    end
+
+    test "multi-hashtag timeline", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, activity_test} = CommonAPI.post(user, %{"status" => "#test"})
+      {:ok, activity_test1} = CommonAPI.post(user, %{"status" => "#test #test1"})
+      {:ok, activity_none} = CommonAPI.post(user, %{"status" => "#test #none"})
+
+      any_test = get(conn, "/api/v1/timelines/tag/test", %{"any" => ["test1"]})
+
+      [status_none, status_test1, status_test] = json_response(any_test, :ok)
+
+      assert to_string(activity_test.id) == status_test["id"]
+      assert to_string(activity_test1.id) == status_test1["id"]
+      assert to_string(activity_none.id) == status_none["id"]
+
+      restricted_test =
+        get(conn, "/api/v1/timelines/tag/test", %{"all" => ["test1"], "none" => ["none"]})
+
+      assert [status_test1] == json_response(restricted_test, :ok)
+
+      all_test = get(conn, "/api/v1/timelines/tag/test", %{"all" => ["none"]})
+
+      assert [status_none] == json_response(all_test, :ok)
+    end
+  end
+end