Merge remote-tracking branch 'pleroma/develop' into features/poll-validation

2020-07-31 13:57:21 +02:00 · 2020-07-31 13:57:21 +02:00 · ac2598307d
commit ac2598307d
parent e4beff90f5 a6d3bb5f30
288 changed files with 3671 additions and 3020 deletions
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@ -583,6 +583,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
               |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3_id}")
               |> json_response_and_validate_schema(200)

+      assert [%{"id" => ^follower2_id}, %{"id" => ^follower1_id}] =
+               conn
+               |> get(
+                 "/api/v1/accounts/#{user.id}/followers?id=#{user.id}&limit=20&max_id=#{
+                   follower3_id
+                 }"
+               )
+               |> json_response_and_validate_schema(200)
+
      res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3_id}")

      assert [%{"id" => ^follower2_id}] = json_response_and_validate_schema(res_conn, 200)
@ -654,6 +663,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      assert id2 == following2.id
      assert id1 == following1.id

+      res_conn =
+        get(
+          conn,
+          "/api/v1/accounts/#{user.id}/following?id=#{user.id}&limit=20&max_id=#{following3.id}"
+        )
+
+      assert [%{"id" => id2}, %{"id" => id1}] = json_response_and_validate_schema(res_conn, 200)
+      assert id2 == following2.id
+      assert id1 == following1.id
+
      res_conn =
        get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")

@ -885,6 +904,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end

    setup do: clear_config([:instance, :account_activation_required])
+    setup do: clear_config([:instance, :account_approval_required])

    test "Account registration via Application", %{conn: conn} do
      conn =
@ -949,6 +969,75 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      assert token_from_db.user.confirmation_pending
    end

+    test "Account registration via app with account_approval_required", %{conn: conn} do
+      Pleroma.Config.put([:instance, :account_approval_required], true)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/apps", %{
+          client_name: "client_name",
+          redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
+          scopes: "read, write, follow"
+        })
+
+      assert %{
+               "client_id" => client_id,
+               "client_secret" => client_secret,
+               "id" => _,
+               "name" => "client_name",
+               "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+               "vapid_key" => _,
+               "website" => nil
+             } = json_response_and_validate_schema(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token", %{
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        })
+
+      assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
+               json_response(conn, 200)
+
+      assert token
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      assert refresh
+      assert scope == "read write follow"
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", %{
+          username: "lain",
+          email: "lain@example.org",
+          password: "PlzDontHackLain",
+          bio: "Test Bio",
+          agreement: true,
+          reason: "I'm a cool dude, bro"
+        })
+
+      %{
+        "access_token" => token,
+        "created_at" => _created_at,
+        "scope" => ^scope,
+        "token_type" => "Bearer"
+      } = json_response_and_validate_schema(conn, 200)
+
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      token_from_db = Repo.preload(token_from_db, :user)
+      assert token_from_db.user
+
+      assert token_from_db.user.confirmation_pending
+      assert token_from_db.user.approval_pending
+
+      assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
+    end
+
    test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
      _user = insert(:user, email: "lain@example.org")
      app_token = insert(:oauth_token, user: nil)
--- a/test/web/mastodon_api/controllers/domain_block_controller_test.exs
+++ b/test/web/mastodon_api/controllers/domain_block_controller_test.exs
@ -32,6 +32,38 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
    refute User.blocks?(user, other_user)
  end

+  test "blocking a domain via query params" do
+    %{user: user, conn: conn} = oauth_access(["write:blocks"])
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/domain_blocks?domain=dogwhistle.zone")
+
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    assert User.blocks?(user, other_user)
+  end
+
+  test "unblocking a domain via query params" do
+    %{user: user, conn: conn} = oauth_access(["write:blocks"])
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    User.block_domain(user, "dogwhistle.zone")
+    user = refresh_record(user)
+    assert User.blocks?(user, other_user)
+
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> delete("/api/v1/domain_blocks?domain=dogwhistle.zone")
+
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    refute User.blocks?(user, other_user)
+  end
+
  test "getting a list of domain blocks" do
    %{user: user, conn: conn} = oauth_access(["read:blocks"])

--- a/test/web/mastodon_api/controllers/instance_controller_test.exs
+++ b/test/web/mastodon_api/controllers/instance_controller_test.exs
@ -27,6 +27,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
             "thumbnail" => _,
             "languages" => _,
             "registrations" => _,
+             "approval_required" => _,
             "poll_limits" => _,
             "upload_limit" => _,
             "avatar_upload_limit" => _,
--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
@ -22,6 +22,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
  setup do: clear_config([:instance, :federating])
  setup do: clear_config([:instance, :allow_relay])
  setup do: clear_config([:rich_media, :enabled])
+  setup do: clear_config([:mrf, :policies])
+  setup do: clear_config([:mrf_keyword, :reject])

  describe "posting statuses" do
    setup do: oauth_access(["write:statuses"])
@ -157,6 +159,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
               |> json_response_and_validate_schema(422)
    end

+    test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do
+      Pleroma.Config.put([:mrf_keyword, :reject], ["GNO"])
+      Pleroma.Config.put([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy])
+
+      assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} =
+               conn
+               |> put_req_header("content-type", "application/json")
+               |> post("api/v1/statuses", %{"status" => "GNO/Linux"})
+               |> json_response_and_validate_schema(422)
+    end
+
    test "posting an undefined status with an attachment", %{user: user, conn: conn} do
      file = %Plug.Upload{
        content_type: "image/jpg",
--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
      }
    }

-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
  end

  test "Favicon is nil when :instances_favicons is disabled" do
@ -108,22 +108,20 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               favicon:
                 "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
             }
-           } = AccountView.render("show.json", %{user: user})
+           } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})

    Config.put([:instances_favicons, :enabled], false)

-    assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user})
+    assert %{pleroma: %{favicon: nil}} =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
  end

  test "Represent the user account for the account owner" do
    user = insert(:user)

    notification_settings = %{
-      followers: true,
-      follows: true,
-      non_followers: true,
-      non_follows: true,
-      privacy_option: false
+      block_from_strangers: false,
+      hide_notification_contents: false
    }

    privacy = user.default_scope
@ -192,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
      }
    }

-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
  end

  test "Represent a Funkwhale channel" do
@ -201,7 +199,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
        "https://channels.tests.funkwhale.audio/federation/actors/compositions"
      )

-    assert represented = AccountView.render("show.json", %{user: user})
+    assert represented =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
+
    assert represented.acct == "compositions@channels.tests.funkwhale.audio"
    assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
  end
@ -226,6 +226,23 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
    assert expected == AccountView.render("mention.json", %{user: user})
  end

+  test "demands :for or :skip_visibility_check option for account rendering" do
+    clear_config([:restrict_unauthenticated, :profiles, :local], false)
+
+    user = insert(:user)
+    user_id = user.id
+
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
+
+    assert %{id: ^user_id} =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
+
+    assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
+      AccountView.render("show.json", %{user: user})
+    end
+  end
+
  describe "relationship" do
    defp test_relationship_rendering(user, other_user, expected_result) do
      opts = %{user: user, target: other_user, relationships: nil}
@ -339,7 +356,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do

    assert result.pleroma.settings_store == %{:fe => "test"}

-    result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true})
+    result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
    assert result.pleroma[:settings_store] == nil

    result = AccountView.render("show.json", %{user: user, for: user})
@ -348,13 +365,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do

  test "doesn't sanitize display names" do
    user = insert(:user, name: "<marquee> username </marquee>")
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    assert result.display_name == "<marquee> username </marquee>"
  end

  test "never display nil user follow counts" do
    user = insert(:user, following_count: 0, follower_count: 0)
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})

    assert result.following_count == 0
    assert result.followers_count == 0
@ -378,7 +395,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               followers_count: 0,
               following_count: 0,
               pleroma: %{hide_follows_count: true, hide_followers_count: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    end

    test "shows when follows/followers are hidden" do
@ -391,7 +408,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               followers_count: 1,
               following_count: 1,
               pleroma: %{hide_follows: true, hide_followers: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    end

    test "shows actual follower/following count to the account owner" do
@ -534,7 +551,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
        emoji: %{"joker_smile" => "https://evil.website/society.png"}
      )

-    AccountView.render("show.json", %{user: user})
+    AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    |> Enum.all?(fn
      {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
        String.starts_with?(url, Pleroma.Web.base_url())
--- a/test/web/mastodon_api/views/status_view_test.exs
+++ b/test/web/mastodon_api/views/status_view_test.exs
@ -56,6 +56,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
           ]
  end

+  test "works correctly with badly formatted emojis" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "yo"})
+
+    activity
+    |> Object.normalize(false)
+    |> Object.update_data(%{"reactions" => %{"☕" => [user.ap_id], "x" => 1}})
+
+    activity = Activity.get_by_id(activity.id)
+
+    status = StatusView.render("show.json", activity: activity, for: user)
+
+    assert status[:pleroma][:emoji_reactions] == [
+             %{name: "☕", count: 1, me: true}
+           ]
+  end
+
  test "loads and returns the direct conversation id when given the `with_direct_conversation_id` option" do
    user = insert(:user)

@ -177,7 +194,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
      id: to_string(note.id),
      uri: object_data["id"],
      url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
-      account: AccountView.render("show.json", %{user: user}),
+      account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
      in_reply_to_id: nil,
      in_reply_to_account_id: nil,
      card: nil,