Merge remote-tracking branch 'upstream/develop' into restrict-domain

test/web/mastodon_api/controllers/account_controller_test.exs

@@ -5,7 +5,6 @@
 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   use Pleroma.Web.ConnCase
 
-  alias Pleroma.Config
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -16,8 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   import Pleroma.Factory
 
   describe "account fetching" do
-    setup do: clear_config([:instance, :limit_to_local_content])
-
     test "works by id" do
       %User{id: user_id} = insert(:user)
 
@@ -42,7 +39,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
 
     test "works by nickname for remote users" do
-      Config.put([:instance, :limit_to_local_content], false)
+      clear_config([:instance, :limit_to_local_content], false)
 
       user = insert(:user, nickname: "user@example.com", local: false)
 
@@ -53,7 +50,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
 
     test "respects limit_to_local_content == :all for remote user nicknames" do
-      Config.put([:instance, :limit_to_local_content], :all)
+      clear_config([:instance, :limit_to_local_content], :all)
 
       user = insert(:user, nickname: "user@example.com", local: false)
 
@@ -63,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     end
 
     test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
-      Config.put([:instance, :limit_to_local_content], :unauthenticated)
+      clear_config([:instance, :limit_to_local_content], :unauthenticated)
 
       user = insert(:user, nickname: "user@example.com", local: false)
       reading_user = insert(:user)
@@ -903,9 +900,93 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       [valid_params: valid_params]
     end
 
-    setup do: clear_config([:instance, :account_activation_required])
+    test "registers and logs in without :account_activation_required / :account_approval_required",
+         %{conn: conn} do
+      clear_config([:instance, :account_activation_required], false)
+      clear_config([:instance, :account_approval_required], false)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/apps", %{
+          client_name: "client_name",
+          redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
+          scopes: "read, write, follow"
+        })
+
+      assert %{
+               "client_id" => client_id,
+               "client_secret" => client_secret,
+               "id" => _,
+               "name" => "client_name",
+               "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+               "vapid_key" => _,
+               "website" => nil
+             } = json_response_and_validate_schema(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token", %{
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        })
+
+      assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
+               json_response(conn, 200)
+
+      assert token
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      assert refresh
+      assert scope == "read write follow"
+
+      clear_config([User, :email_blacklist], ["example.org"])
+
+      params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        bio: "Test Bio",
+        agreement: true
+      }
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", params)
+
+      assert %{"error" => "{\"email\":[\"Invalid email\"]}"} =
+               json_response_and_validate_schema(conn, 400)
+
+      Pleroma.Config.put([User, :email_blacklist], [])
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", params)
+
+      %{
+        "access_token" => token,
+        "created_at" => _created_at,
+        "scope" => ^scope,
+        "token_type" => "Bearer"
+      } = json_response_and_validate_schema(conn, 200)
+
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      user = Repo.preload(token_from_db, :user).user
+
+      assert user
+      refute user.confirmation_pending
+      refute user.approval_pending
+    end
+
+    test "registers but does not log in with :account_activation_required", %{conn: conn} do
+      clear_config([:instance, :account_activation_required], true)
+      clear_config([:instance, :account_approval_required], false)
 
-    test "Account registration via Application", %{conn: conn} do
       conn =
         conn
         |> put_req_header("content-type", "application/json")
@@ -953,19 +1034,76 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
           agreement: true
         })
 
-      %{
-        "access_token" => token,
-        "created_at" => _created_at,
-        "scope" => ^scope,
-        "token_type" => "Bearer"
-      } = json_response_and_validate_schema(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
+      assert %{"identifier" => "missing_confirmed_email"} = response
+      refute response["access_token"]
+      refute response["token_type"]
 
+      user = Repo.get_by(User, email: "lain@example.org")
+      assert user.confirmation_pending
+    end
+
+    test "registers but does not log in with :account_approval_required", %{conn: conn} do
+      clear_config([:instance, :account_approval_required], true)
+      clear_config([:instance, :account_activation_required], false)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/apps", %{
+          client_name: "client_name",
+          redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
+          scopes: "read, write, follow"
+        })
+
+      assert %{
+               "client_id" => client_id,
+               "client_secret" => client_secret,
+               "id" => _,
+               "name" => "client_name",
+               "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+               "vapid_key" => _,
+               "website" => nil
+             } = json_response_and_validate_schema(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token", %{
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        })
+
+      assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
+               json_response(conn, 200)
+
+      assert token
       token_from_db = Repo.get_by(Token, token: token)
       assert token_from_db
-      token_from_db = Repo.preload(token_from_db, :user)
-      assert token_from_db.user
+      assert refresh
+      assert scope == "read write follow"
 
-      assert token_from_db.user.confirmation_pending
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", %{
+          username: "lain",
+          email: "lain@example.org",
+          password: "PlzDontHackLain",
+          bio: "Test Bio",
+          agreement: true,
+          reason: "I'm a cool dude, bro"
+        })
+
+      response = json_response_and_validate_schema(conn, 200)
+      assert %{"identifier" => "awaiting_approval"} = response
+      refute response["access_token"]
+      refute response["token_type"]
+
+      user = Repo.get_by(User, email: "lain@example.org")
+
+      assert user.approval_pending
+      assert user.registration_reason == "I'm a cool dude, bro"
     end
 
     test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
@@ -1019,11 +1157,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       end)
     end
 
-    setup do: clear_config([:instance, :account_activation_required])
-
     test "returns bad_request if missing email params when :account_activation_required is enabled",
          %{conn: conn, valid_params: valid_params} do
-      Pleroma.Config.put([:instance, :account_activation_required], true)
+      clear_config([:instance, :account_activation_required], true)
 
       app_token = insert(:oauth_token, user: nil)
 
@@ -1188,8 +1324,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
         assert token_from_db
         token_from_db = Repo.preload(token_from_db, :user)
         assert token_from_db.user
-
-        assert token_from_db.user.confirmation_pending
       end
 
       conn =

test/web/mastodon_api/controllers/domain_block_controller_test.exs

@@ -32,6 +32,38 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
     refute User.blocks?(user, other_user)
   end
 
+  test "blocking a domain via query params" do
+    %{user: user, conn: conn} = oauth_access(["write:blocks"])
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/domain_blocks?domain=dogwhistle.zone")
+
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    assert User.blocks?(user, other_user)
+  end
+
+  test "unblocking a domain via query params" do
+    %{user: user, conn: conn} = oauth_access(["write:blocks"])
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    User.block_domain(user, "dogwhistle.zone")
+    user = refresh_record(user)
+    assert User.blocks?(user, other_user)
+
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> delete("/api/v1/domain_blocks?domain=dogwhistle.zone")
+
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    refute User.blocks?(user, other_user)
+  end
+
   test "getting a list of domain blocks" do
     %{user: user, conn: conn} = oauth_access(["read:blocks"])
 

test/web/mastodon_api/controllers/instance_controller_test.exs

@@ -27,6 +27,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
              "thumbnail" => _,
              "languages" => _,
              "registrations" => _,
+             "approval_required" => _,
              "poll_limits" => _,
              "upload_limit" => _,
              "avatar_upload_limit" => _,

test/web/mastodon_api/controllers/status_controller_test.exs

@@ -1432,6 +1432,20 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       [%{"id" => id}] = response
       assert id == other_user.id
     end
+
+    test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do
+      clear_config([:instance, :show_reactions], false)
+
+      other_user = insert(:user)
+      {:ok, _} = CommonAPI.favorite(other_user, activity.id)
+
+      response =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+        |> json_response_and_validate_schema(:ok)
+
+      assert Enum.empty?(response)
+    end
   end
 
   describe "GET /api/v1/statuses/:id/reblogged_by" do

test/web/mastodon_api/mastodon_api_test.exs

@@ -17,8 +17,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPITest do
     test "returns error when followed user is deactivated" do
       follower = insert(:user)
       user = insert(:user, local: true, deactivated: true)
-      {:error, error} = MastodonAPI.follow(follower, user)
-      assert error == :rejected
+      assert {:error, _error} = MastodonAPI.follow(follower, user)
     end
 
     test "following for user" do

test/web/mastodon_api/views/account_view_test.exs

@@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       }
     }
 
-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
   end
 
   test "Favicon is nil when :instances_favicons is disabled" do
@@ -108,11 +108,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                favicon:
                  "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
              }
-           } = AccountView.render("show.json", %{user: user})
+           } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
 
     Config.put([:instances_favicons, :enabled], false)
 
-    assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user})
+    assert %{pleroma: %{favicon: nil}} =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
   end
 
   test "Represent the user account for the account owner" do
@@ -189,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       }
     }
 
-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
   end
 
   test "Represent a Funkwhale channel" do
@@ -198,7 +199,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         "https://channels.tests.funkwhale.audio/federation/actors/compositions"
       )
 
-    assert represented = AccountView.render("show.json", %{user: user})
+    assert represented =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
+
     assert represented.acct == "compositions@channels.tests.funkwhale.audio"
     assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
   end
@@ -223,6 +226,23 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
     assert expected == AccountView.render("mention.json", %{user: user})
   end
 
+  test "demands :for or :skip_visibility_check option for account rendering" do
+    clear_config([:restrict_unauthenticated, :profiles, :local], false)
+
+    user = insert(:user)
+    user_id = user.id
+
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
+
+    assert %{id: ^user_id} =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
+
+    assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
+      AccountView.render("show.json", %{user: user})
+    end
+  end
+
   describe "relationship" do
     defp test_relationship_rendering(user, other_user, expected_result) do
       opts = %{user: user, target: other_user, relationships: nil}
@@ -336,7 +356,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
 
     assert result.pleroma.settings_store == %{:fe => "test"}
 
-    result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true})
+    result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
     assert result.pleroma[:settings_store] == nil
 
     result = AccountView.render("show.json", %{user: user, for: user})
@@ -345,13 +365,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
 
   test "doesn't sanitize display names" do
     user = insert(:user, name: "<marquee> username </marquee>")
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
     assert result.display_name == "<marquee> username </marquee>"
   end
 
   test "never display nil user follow counts" do
     user = insert(:user, following_count: 0, follower_count: 0)
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
 
     assert result.following_count == 0
     assert result.followers_count == 0
@@ -375,7 +395,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                followers_count: 0,
                following_count: 0,
                pleroma: %{hide_follows_count: true, hide_followers_count: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
     end
 
     test "shows when follows/followers are hidden" do
@@ -388,7 +408,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                followers_count: 1,
                following_count: 1,
                pleroma: %{hide_follows: true, hide_followers: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
     end
 
     test "shows actual follower/following count to the account owner" do
@@ -531,7 +551,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         emoji: %{"joker_smile" => "https://evil.website/society.png"}
       )
 
-    AccountView.render("show.json", %{user: user})
+    AccountView.render("show.json", %{user: user, skip_visibility_check: true})
     |> Enum.all?(fn
       {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
         String.starts_with?(url, Pleroma.Web.base_url())

test/web/mastodon_api/views/status_view_test.exs

@@ -56,6 +56,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
            ]
   end
 
+  test "works correctly with badly formatted emojis" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "yo"})
+
+    activity
+    |> Object.normalize(false)
+    |> Object.update_data(%{"reactions" => %{"☕" => [user.ap_id], "x" => 1}})
+
+    activity = Activity.get_by_id(activity.id)
+
+    status = StatusView.render("show.json", activity: activity, for: user)
+
+    assert status[:pleroma][:emoji_reactions] == [
+             %{name: "☕", count: 1, me: true}
+           ]
+  end
+
   test "loads and returns the direct conversation id when given the `with_direct_conversation_id` option" do
     user = insert(:user)
 
@@ -177,7 +194,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       id: to_string(note.id),
       uri: object_data["id"],
       url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
-      account: AccountView.render("show.json", %{user: user}),
+      account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
       in_reply_to_id: nil,
       in_reply_to_account_id: nil,
       card: nil,