Merge branch 'develop' into 'remove-twitter-api'

# Conflicts:
#   lib/pleroma/web/nodeinfo/nodeinfo_controller.ex

test/web/activity_pub/activity_pub_controller_test.exs

@@ -341,7 +341,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
     test "cached purged after activity deletion", %{conn: conn} do
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "cofe"})
 
       uuid = String.split(activity.data["id"], "/") |> List.last()
 
@@ -765,51 +765,110 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
     end
   end
 
-  describe "POST /users/:nickname/outbox" do
-    test "it rejects posts from other users / unauuthenticated users", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+  describe "POST /users/:nickname/outbox (C2S)" do
+    setup do
+      [
+        activity: %{
+          "@context" => "https://www.w3.org/ns/activitystreams",
+          "type" => "Create",
+          "object" => %{"type" => "Note", "content" => "AP C2S test"},
+          "to" => "https://www.w3.org/ns/activitystreams#Public",
+          "cc" => []
+        }
+      ]
+    end
+
+    test "it rejects posts from other users / unauthenticated users", %{
+      conn: conn,
+      activity: activity
+    } do
       user = insert(:user)
       other_user = insert(:user)
       conn = put_req_header(conn, "content-type", "application/activity+json")
 
       conn
-      |> post("/users/#{user.nickname}/outbox", data)
+      |> post("/users/#{user.nickname}/outbox", activity)
       |> json_response(403)
 
       conn
       |> assign(:user, other_user)
-      |> post("/users/#{user.nickname}/outbox", data)
+      |> post("/users/#{user.nickname}/outbox", activity)
       |> json_response(403)
     end
 
-    test "it inserts an incoming create activity into the database", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it inserts an incoming create activity into the database", %{
+      conn: conn,
+      activity: activity
+    } do
       user = insert(:user)
 
-      conn =
+      result =
         conn
         |> assign(:user, user)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
-
-      result = json_response(conn, 201)
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(201)
 
       assert Activity.get_by_ap_id(result["id"])
+      assert result["object"]
+      assert %Object{data: object} = Object.normalize(result["object"])
+      assert object["content"] == activity["object"]["content"]
     end
 
-    test "it rejects an incoming activity with bogus type", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
       user = insert(:user)
 
-      data =
-        data
-        |> Map.put("type", "BadType")
+      activity =
+        activity
+        |> put_in(["object", "type"], "Benis")
+
+      _result =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(400)
+    end
+
+    test "it inserts an incoming sensitive activity into the database", %{
+      conn: conn,
+      activity: activity
+    } do
+      user = insert(:user)
+      conn = assign(conn, :user, user)
+      object = Map.put(activity["object"], "sensitive", true)
+      activity = Map.put(activity, "object", object)
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(201)
+
+      assert Activity.get_by_ap_id(response["id"])
+      assert response["object"]
+      assert %Object{data: response_object} = Object.normalize(response["object"])
+      assert response_object["sensitive"] == true
+      assert response_object["content"] == activity["object"]["content"]
+
+      representation =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get(response["id"])
+        |> json_response(200)
+
+      assert representation["object"]["sensitive"] == true
+    end
+
+    test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do
+      user = insert(:user)
+      activity = Map.put(activity, "type", "BadType")
 
       conn =
         conn
         |> assign(:user, user)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
+        |> post("/users/#{user.nickname}/outbox", activity)
 
       assert json_response(conn, 400)
     end
@@ -1019,12 +1078,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert result["totalItems"] == 15
     end
 
-    test "returns 403 if requester is not logged in", %{conn: conn} do
+    test "does not require authentication", %{conn: conn} do
       user = insert(:user)
 
       conn
       |> get("/users/#{user.nickname}/followers")
-      |> json_response(403)
+      |> json_response(200)
     end
   end
 
@@ -1116,12 +1175,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert result["totalItems"] == 15
     end
 
-    test "returns 403 if requester is not logged in", %{conn: conn} do
+    test "does not require authentication", %{conn: conn} do
       user = insert(:user)
 
       conn
       |> get("/users/#{user.nickname}/following")
-      |> json_response(403)
+      |> json_response(200)
     end
   end
 
@@ -1239,16 +1298,56 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
         filename: "an_image.jpg"
       }
 
-      conn =
+      object =
         conn
         |> assign(:user, user)
         |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
+        |> json_response(:created)
 
-      assert object = json_response(conn, :created)
       assert object["name"] == desc
       assert object["type"] == "Document"
       assert object["actor"] == user.ap_id
+      assert [%{"href" => object_href, "mediaType" => object_mediatype}] = object["url"]
+      assert is_binary(object_href)
+      assert object_mediatype == "image/jpeg"
 
+      activity_request = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "type" => "Create",
+        "object" => %{
+          "type" => "Note",
+          "content" => "AP C2S test, attachment",
+          "attachment" => [object]
+        },
+        "to" => "https://www.w3.org/ns/activitystreams#Public",
+        "cc" => []
+      }
+
+      activity_response =
+        conn
+        |> assign(:user, user)
+        |> post("/users/#{user.nickname}/outbox", activity_request)
+        |> json_response(:created)
+
+      assert activity_response["id"]
+      assert activity_response["object"]
+      assert activity_response["actor"] == user.ap_id
+
+      assert %Object{data: %{"attachment" => [attachment]}} =
+               Object.normalize(activity_response["object"])
+
+      assert attachment["type"] == "Document"
+      assert attachment["name"] == desc
+
+      assert [
+               %{
+                 "href" => ^object_href,
+                 "type" => "Link",
+                 "mediaType" => ^object_mediatype
+               }
+             ] = attachment["url"]
+
+      # Fails if unauthenticated
       conn
       |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
       |> json_response(403)

test/web/activity_pub/mrf/anti_followbot_policy_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicyTest do

test/web/activity_pub/mrf/anti_link_spam_policy_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicyTest do
@@ -110,6 +110,15 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicyTest do
   end
 
   describe "with unknown actors" do
+    setup do
+      Tesla.Mock.mock(fn
+        %{method: :get, url: "http://invalid.actor"} ->
+          %Tesla.Env{status: 500, body: ""}
+      end)
+
+      :ok
+    end
+
     test "it rejects posts without links" do
       message =
         @linkless_message

test/web/activity_pub/mrf/ensure_re_prepended_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrependedTest do

test/web/activity_pub/mrf/no_placeholder_text_policy_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicyTest do

test/web/activity_pub/mrf/normalize_markup_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do

test/web/activity_pub/mrf/object_age_policy_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
@@ -20,26 +20,38 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     :ok
   end
 
+  defp get_old_message do
+    File.read!("test/fixtures/mastodon-post-activity.json")
+    |> Poison.decode!()
+  end
+
+  defp get_new_message do
+    old_message = get_old_message()
+
+    new_object =
+      old_message
+      |> Map.get("object")
+      |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+
+    old_message
+    |> Map.put("object", new_object)
+  end
+
   describe "with reject action" do
     test "it rejects an old post" do
       Config.put([:mrf_object_age, :actions], [:reject])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+      data = get_old_message()
 
-      {:reject, _} = ObjectAgePolicy.filter(data)
+      assert match?({:reject, _}, ObjectAgePolicy.filter(data))
     end
 
     test "it allows a new post" do
       Config.put([:mrf_object_age, :actions], [:reject])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+      data = get_new_message()
 
-      {:ok, _} = ObjectAgePolicy.filter(data)
+      assert match?({:ok, _}, ObjectAgePolicy.filter(data))
     end
   end
 
@@ -47,9 +59,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it delists an old post" do
       Config.put([:mrf_object_age, :actions], [:delist])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+      data = get_old_message()
 
       {:ok, _u} = User.get_or_fetch_by_ap_id(data["actor"])
 
@@ -61,14 +71,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it allows a new post" do
       Config.put([:mrf_object_age, :actions], [:delist])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+      data = get_new_message()
 
       {:ok, _user} = User.get_or_fetch_by_ap_id(data["actor"])
 
-      {:ok, ^data} = ObjectAgePolicy.filter(data)
+      assert match?({:ok, ^data}, ObjectAgePolicy.filter(data))
     end
   end
 
@@ -76,9 +83,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it strips followers collections from an old post" do
       Config.put([:mrf_object_age, :actions], [:strip_followers])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+      data = get_old_message()
 
       {:ok, user} = User.get_or_fetch_by_ap_id(data["actor"])
 
@@ -91,14 +96,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it allows a new post" do
       Config.put([:mrf_object_age, :actions], [:strip_followers])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+      data = get_new_message()
 
       {:ok, _u} = User.get_or_fetch_by_ap_id(data["actor"])
 
-      {:ok, ^data} = ObjectAgePolicy.filter(data)
+      assert match?({:ok, ^data}, ObjectAgePolicy.filter(data))
     end
   end
 end

test/web/activity_pub/mrf/reject_non_public_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublicTest do

test/web/activity_pub/mrf/simple_policy_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
@@ -17,7 +17,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
             reject: [],
             accept: [],
             avatar_removal: [],
-            banner_removal: []
+            banner_removal: [],
+            reject_deletes: []
           )
 
   describe "when :media_removal" do
@@ -382,6 +383,66 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
     end
   end
 
+  describe "when :reject_deletes is empty" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], [])
+
+    test "it accepts deletions even from rejected servers" do
+      Config.put([:mrf_simple, :reject], ["remote.instance"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+
+    test "it accepts deletions even from non-whitelisted servers" do
+      Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+  end
+
+  describe "when :reject_deletes is not empty but it doesn't have a matching host" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], ["non.matching.remote"])
+
+    test "it accepts deletions even from rejected servers" do
+      Config.put([:mrf_simple, :reject], ["remote.instance"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+
+    test "it accepts deletions even from non-whitelisted servers" do
+      Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+  end
+
+  describe "when :reject_deletes has a matching host" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], ["remote.instance"])
+
+    test "it rejects the deletion" do
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:reject, nil}
+    end
+  end
+
+  describe "when :reject_deletes match with wildcard domain" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], ["*.remote.instance"])
+
+    test "it rejects the deletion" do
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:reject, nil}
+    end
+  end
+
   defp build_local_message do
     %{
       "actor" => "#{Pleroma.Web.base_url()}/users/alice",
@@ -408,4 +469,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
       "type" => "Person"
     }
   end
+
+  defp build_remote_deletion_message do
+    %{
+      "type" => "Delete",
+      "actor" => "https://remote.instance/users/bob"
+    }
+  end
 end

test/web/activity_pub/object_validator_test.exs

@@ -0,0 +1,283 @@
+defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.Builder
+  alias Pleroma.Web.ActivityPub.ObjectValidator
+  alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
+  alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  describe "EmojiReacts" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
+
+      object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
+
+      {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
+
+      %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
+    end
+
+    test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
+      assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
+    end
+
+    test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
+      without_content =
+        valid_emoji_react
+        |> Map.delete("content")
+
+      {:error, cng} = ObjectValidator.validate(without_content, [])
+
+      refute cng.valid?
+      assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
+    end
+
+    test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
+      without_emoji_content =
+        valid_emoji_react
+        |> Map.put("content", "x")
+
+      {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
+
+      refute cng.valid?
+
+      assert {:content, {"must be a single character emoji", []}} in cng.errors
+    end
+  end
+
+  describe "Undos" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
+      {:ok, like} = CommonAPI.favorite(user, post_activity.id)
+      {:ok, valid_like_undo, []} = Builder.undo(user, like)
+
+      %{user: user, like: like, valid_like_undo: valid_like_undo}
+    end
+
+    test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
+      assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
+    end
+
+    test "it does not validate if the actor of the undo is not the actor of the object", %{
+      valid_like_undo: valid_like_undo
+    } do
+      other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
+
+      bad_actor =
+        valid_like_undo
+        |> Map.put("actor", other_user.ap_id)
+
+      {:error, cng} = ObjectValidator.validate(bad_actor, [])
+
+      assert {:actor, {"not the same as object actor", []}} in cng.errors
+    end
+
+    test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
+      missing_object =
+        valid_like_undo
+        |> Map.put("object", "https://gensokyo.2hu/objects/1")
+
+      {:error, cng} = ObjectValidator.validate(missing_object, [])
+
+      assert {:object, {"can't find object", []}} in cng.errors
+      assert length(cng.errors) == 1
+    end
+  end
+
+  describe "deletes" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "cancel me daddy"})
+
+      {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
+      {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
+
+      %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
+    end
+
+    test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
+      {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
+
+      assert valid_post_delete["deleted_activity_id"]
+    end
+
+    test "it is invalid if the object isn't in a list of certain types", %{
+      valid_post_delete: valid_post_delete
+    } do
+      object = Object.get_by_ap_id(valid_post_delete["object"])
+
+      data =
+        object.data
+        |> Map.put("type", "Like")
+
+      {:ok, _object} =
+        object
+        |> Ecto.Changeset.change(%{data: data})
+        |> Object.update_and_set_cache()
+
+      {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
+      assert {:object, {"object not in allowed types", []}} in cng.errors
+    end
+
+    test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
+      assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
+    end
+
+    test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
+      no_id =
+        valid_post_delete
+        |> Map.delete("id")
+
+      {:error, cng} = ObjectValidator.validate(no_id, [])
+
+      assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
+    end
+
+    test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
+      missing_object =
+        valid_post_delete
+        |> Map.put("object", "http://does.not/exist")
+
+      {:error, cng} = ObjectValidator.validate(missing_object, [])
+
+      assert {:object, {"can't find object", []}} in cng.errors
+    end
+
+    test "it's invalid if the actor of the object and the actor of delete are from different domains",
+         %{valid_post_delete: valid_post_delete} do
+      valid_user = insert(:user)
+
+      valid_other_actor =
+        valid_post_delete
+        |> Map.put("actor", valid_user.ap_id)
+
+      assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
+
+      invalid_other_actor =
+        valid_post_delete
+        |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
+
+      {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
+
+      assert {:actor, {"is not allowed to delete object", []}} in cng.errors
+    end
+
+    test "it's valid if the actor of the object is a local superuser",
+         %{valid_post_delete: valid_post_delete} do
+      user =
+        insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
+
+      valid_other_actor =
+        valid_post_delete
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
+      assert meta[:do_not_federate]
+    end
+  end
+
+  describe "likes" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
+
+      valid_like = %{
+        "to" => [user.ap_id],
+        "cc" => [],
+        "type" => "Like",
+        "id" => Utils.generate_activity_id(),
+        "object" => post_activity.data["object"],
+        "actor" => user.ap_id,
+        "context" => "a context"
+      }
+
+      %{valid_like: valid_like, user: user, post_activity: post_activity}
+    end
+
+    test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
+      {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
+
+      assert "id" in Map.keys(object)
+    end
+
+    test "is valid for a valid object", %{valid_like: valid_like} do
+      assert LikeValidator.cast_and_validate(valid_like).valid?
+    end
+
+    test "sets the 'to' field to the object actor if no recipients are given", %{
+      valid_like: valid_like,
+      user: user
+    } do
+      without_recipients =
+        valid_like
+        |> Map.delete("to")
+
+      {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
+
+      assert object["to"] == [user.ap_id]
+    end
+
+    test "sets the context field to the context of the object if no context is given", %{
+      valid_like: valid_like,
+      post_activity: post_activity
+    } do
+      without_context =
+        valid_like
+        |> Map.delete("context")
+
+      {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
+
+      assert object["context"] == post_activity.data["context"]
+    end
+
+    test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
+      without_actor = Map.delete(valid_like, "actor")
+
+      refute LikeValidator.cast_and_validate(without_actor).valid?
+
+      with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
+
+      refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
+    end
+
+    test "it errors when the object is missing or not known", %{valid_like: valid_like} do
+      without_object = Map.delete(valid_like, "object")
+
+      refute LikeValidator.cast_and_validate(without_object).valid?
+
+      with_invalid_object = Map.put(valid_like, "object", "invalidobject")
+
+      refute LikeValidator.cast_and_validate(with_invalid_object).valid?
+    end
+
+    test "it errors when the actor has already like the object", %{
+      valid_like: valid_like,
+      user: user,
+      post_activity: post_activity
+    } do
+      _like = CommonAPI.favorite(user, post_activity.id)
+
+      refute LikeValidator.cast_and_validate(valid_like).valid?
+    end
+
+    test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
+      wrapped_like =
+        valid_like
+        |> Map.put("actor", %{"id" => valid_like["actor"]})
+        |> Map.put("object", %{"id" => valid_like["object"]})
+
+      validated = LikeValidator.cast_and_validate(wrapped_like)
+
+      assert validated.valid?
+
+      assert {:actor, valid_like["actor"]} in validated.changes
+      assert {:object, valid_like["object"]} in validated.changes
+    end
+  end
+end

test/web/activity_pub/object_validators/note_validator_test.exs

@@ -0,0 +1,35 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidatorTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator
+  alias Pleroma.Web.ActivityPub.Utils
+
+  import Pleroma.Factory
+
+  describe "Notes" do
+    setup do
+      user = insert(:user)
+
+      note = %{
+        "id" => Utils.generate_activity_id(),
+        "type" => "Note",
+        "actor" => user.ap_id,
+        "to" => [user.follower_address],
+        "cc" => [],
+        "content" => "Hellow this is content.",
+        "context" => "xxx",
+        "summary" => "a post"
+      }
+
+      %{user: user, note: note}
+    end
+
+    test "a basic note validates", %{note: note} do
+      %{valid?: true} = NoteValidator.cast_and_validate(note)
+    end
+  end
+end

test/web/activity_pub/object_validators/types/date_time_test.exs

@@ -0,0 +1,32 @@
+defmodule Pleroma.Web.ActivityPub.ObjectValidators.Types.DateTimeTest do
+  alias Pleroma.Web.ActivityPub.ObjectValidators.Types.DateTime
+  use Pleroma.DataCase
+
+  test "it validates an xsd:Datetime" do
+    valid_strings = [
+      "2004-04-12T13:20:00",
+      "2004-04-12T13:20:15.5",
+      "2004-04-12T13:20:00-05:00",
+      "2004-04-12T13:20:00Z"
+    ]
+
+    invalid_strings = [
+      "2004-04-12T13:00",
+      "2004-04-1213:20:00",
+      "99-04-12T13:00",
+      "2004-04-12"
+    ]
+
+    assert {:ok, "2004-04-01T12:00:00Z"} == DateTime.cast("2004-04-01T12:00:00Z")
+
+    Enum.each(valid_strings, fn date_time ->
+      result = DateTime.cast(date_time)
+      assert {:ok, _} = result
+    end)
+
+    Enum.each(invalid_strings, fn date_time ->
+      result = DateTime.cast(date_time)
+      assert :error == result
+    end)
+  end
+end

test/web/activity_pub/object_validators/types/object_id_test.exs

@@ -0,0 +1,37 @@
+defmodule Pleroma.Web.ObjectValidators.Types.ObjectIDTest do
+  alias Pleroma.Web.ActivityPub.ObjectValidators.Types.ObjectID
+  use Pleroma.DataCase
+
+  @uris [
+    "http://lain.com/users/lain",
+    "http://lain.com",
+    "https://lain.com/object/1"
+  ]
+
+  @non_uris [
+    "https://",
+    "rin",
+    1,
+    :x,
+    %{"1" => 2}
+  ]
+
+  test "it accepts http uris" do
+    Enum.each(@uris, fn uri ->
+      assert {:ok, uri} == ObjectID.cast(uri)
+    end)
+  end
+
+  test "it accepts an object with a nested uri id" do
+    Enum.each(@uris, fn uri ->
+      assert {:ok, uri} == ObjectID.cast(%{"id" => uri})
+    end)
+  end
+
+  test "it rejects non-uri strings" do
+    Enum.each(@non_uris, fn non_uri ->
+      assert :error == ObjectID.cast(non_uri)
+      assert :error == ObjectID.cast(%{"id" => non_uri})
+    end)
+  end
+end

test/web/activity_pub/object_validators/types/recipients_test.exs

@@ -0,0 +1,27 @@
+defmodule Pleroma.Web.ObjectValidators.Types.RecipientsTest do
+  alias Pleroma.Web.ActivityPub.ObjectValidators.Types.Recipients
+  use Pleroma.DataCase
+
+  test "it asserts that all elements of the list are object ids" do
+    list = ["https://lain.com/users/lain", "invalid"]
+
+    assert :error == Recipients.cast(list)
+  end
+
+  test "it works with a list" do
+    list = ["https://lain.com/users/lain"]
+    assert {:ok, list} == Recipients.cast(list)
+  end
+
+  test "it works with a list with whole objects" do
+    list = ["https://lain.com/users/lain", %{"id" => "https://gensokyo.2hu/users/raymoo"}]
+    resulting_list = ["https://gensokyo.2hu/users/raymoo", "https://lain.com/users/lain"]
+    assert {:ok, resulting_list} == Recipients.cast(list)
+  end
+
+  test "it turns a single string into a list" do
+    recipient = "https://lain.com/users/lain"
+
+    assert {:ok, [recipient]} == Recipients.cast(recipient)
+  end
+end

test/web/activity_pub/pipeline_test.exs

@@ -0,0 +1,87 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.PipelineTest do
+  use Pleroma.DataCase
+
+  import Mock
+  import Pleroma.Factory
+
+  describe "common_pipeline/2" do
+    test "it goes through validation, filtering, persisting, side effects and federation for local activities" do
+      activity = insert(:note_activity)
+      meta = [local: true]
+
+      with_mocks([
+        {Pleroma.Web.ActivityPub.ObjectValidator, [], [validate: fn o, m -> {:ok, o, m} end]},
+        {
+          Pleroma.Web.ActivityPub.MRF,
+          [],
+          [filter: fn o -> {:ok, o} end]
+        },
+        {
+          Pleroma.Web.ActivityPub.ActivityPub,
+          [],
+          [persist: fn o, m -> {:ok, o, m} end]
+        },
+        {
+          Pleroma.Web.ActivityPub.SideEffects,
+          [],
+          [handle: fn o, m -> {:ok, o, m} end]
+        },
+        {
+          Pleroma.Web.Federator,
+          [],
+          [publish: fn _o -> :ok end]
+        }
+      ]) do
+        assert {:ok, ^activity, ^meta} =
+                 Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta)
+
+        assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta))
+        assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity))
+        assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta))
+        assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta))
+        assert_called(Pleroma.Web.Federator.publish(activity))
+      end
+    end
+
+    test "it goes through validation, filtering, persisting, side effects without federation for remote activities" do
+      activity = insert(:note_activity)
+      meta = [local: false]
+
+      with_mocks([
+        {Pleroma.Web.ActivityPub.ObjectValidator, [], [validate: fn o, m -> {:ok, o, m} end]},
+        {
+          Pleroma.Web.ActivityPub.MRF,
+          [],
+          [filter: fn o -> {:ok, o} end]
+        },
+        {
+          Pleroma.Web.ActivityPub.ActivityPub,
+          [],
+          [persist: fn o, m -> {:ok, o, m} end]
+        },
+        {
+          Pleroma.Web.ActivityPub.SideEffects,
+          [],
+          [handle: fn o, m -> {:ok, o, m} end]
+        },
+        {
+          Pleroma.Web.Federator,
+          [],
+          []
+        }
+      ]) do
+        assert {:ok, ^activity, ^meta} =
+                 Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta)
+
+        assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta))
+        assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity))
+        assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta))
+        assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta))
+      end
+    end
+  end
+end

test/web/activity_pub/publisher_test.exs

@@ -48,10 +48,7 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
 
   describe "determine_inbox/2" do
     test "it returns sharedInbox for messages involving as:Public in to" do
-      user =
-        insert(:user, %{
-          source_data: %{"endpoints" => %{"sharedInbox" => "http://example.com/inbox"}}
-        })
+      user = insert(:user, %{shared_inbox: "http://example.com/inbox"})
 
       activity = %Activity{
         data: %{"to" => [@as_public], "cc" => [user.follower_address]}
@@ -61,10 +58,7 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
     end
 
     test "it returns sharedInbox for messages involving as:Public in cc" do
-      user =
-        insert(:user, %{
-          source_data: %{"endpoints" => %{"sharedInbox" => "http://example.com/inbox"}}
-        })
+      user = insert(:user, %{shared_inbox: "http://example.com/inbox"})
 
       activity = %Activity{
         data: %{"cc" => [@as_public], "to" => [user.follower_address]}
@@ -74,11 +68,7 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
     end
 
     test "it returns sharedInbox for messages involving multiple recipients in to" do
-      user =
-        insert(:user, %{
-          source_data: %{"endpoints" => %{"sharedInbox" => "http://example.com/inbox"}}
-        })
-
+      user = insert(:user, %{shared_inbox: "http://example.com/inbox"})
       user_two = insert(:user)
       user_three = insert(:user)
 
@@ -90,11 +80,7 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
     end
 
     test "it returns sharedInbox for messages involving multiple recipients in cc" do
-      user =
-        insert(:user, %{
-          source_data: %{"endpoints" => %{"sharedInbox" => "http://example.com/inbox"}}
-        })
-
+      user = insert(:user, %{shared_inbox: "http://example.com/inbox"})
       user_two = insert(:user)
       user_three = insert(:user)
 
@@ -107,12 +93,10 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
 
     test "it returns sharedInbox for messages involving multiple recipients in total" do
       user =
-        insert(:user,
-          source_data: %{
-            "inbox" => "http://example.com/personal-inbox",
-            "endpoints" => %{"sharedInbox" => "http://example.com/inbox"}
-          }
-        )
+        insert(:user, %{
+          shared_inbox: "http://example.com/inbox",
+          inbox: "http://example.com/personal-inbox"
+        })
 
       user_two = insert(:user)
 
@@ -125,12 +109,10 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
 
     test "it returns inbox for messages involving single recipients in total" do
       user =
-        insert(:user,
-          source_data: %{
-            "inbox" => "http://example.com/personal-inbox",
-            "endpoints" => %{"sharedInbox" => "http://example.com/inbox"}
-          }
-        )
+        insert(:user, %{
+          shared_inbox: "http://example.com/inbox",
+          inbox: "http://example.com/personal-inbox"
+        })
 
       activity = %Activity{
         data: %{"to" => [user.ap_id], "cc" => []}
@@ -258,11 +240,11 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
                    [:passthrough],
                    [] do
       follower =
-        insert(:user,
+        insert(:user, %{
           local: false,
-          source_data: %{"inbox" => "https://domain.com/users/nick1/inbox"},
+          inbox: "https://domain.com/users/nick1/inbox",
           ap_enabled: true
-        )
+        })
 
       actor = insert(:user, follower_address: follower.ap_id)
       user = insert(:user)
@@ -295,14 +277,14 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
       fetcher =
         insert(:user,
           local: false,
-          source_data: %{"inbox" => "https://domain.com/users/nick1/inbox"},
+          inbox: "https://domain.com/users/nick1/inbox",
           ap_enabled: true
         )
 
       another_fetcher =
         insert(:user,
           local: false,
-          source_data: %{"inbox" => "https://domain2.com/users/nick1/inbox"},
+          inbox: "https://domain2.com/users/nick1/inbox",
           ap_enabled: true
         )
 

test/web/activity_pub/relay_test.exs

@@ -89,6 +89,11 @@ defmodule Pleroma.Web.ActivityPub.RelayTest do
           }
         )
 
+      Tesla.Mock.mock(fn
+        %{method: :get, url: "http://mastodon.example.org/eee/99541947525187367"} ->
+          %Tesla.Env{status: 500, body: ""}
+      end)
+
       assert capture_log(fn ->
                assert Relay.publish(activity) == {:error, nil}
              end) =~ "[error] error: nil"

test/web/activity_pub/side_effects_test.exs

@@ -0,0 +1,267 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
+  use Oban.Testing, repo: Pleroma.Repo
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Notification
+  alias Pleroma.Object
+  alias Pleroma.Repo
+  alias Pleroma.Tests.ObanHelpers
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.Builder
+  alias Pleroma.Web.ActivityPub.SideEffects
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+  import Mock
+
+  describe "delete objects" do
+    setup do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, op} = CommonAPI.post(other_user, %{status: "big oof"})
+      {:ok, post} = CommonAPI.post(user, %{status: "hey", in_reply_to_id: op})
+      {:ok, favorite} = CommonAPI.favorite(user, post.id)
+      object = Object.normalize(post)
+      {:ok, delete_data, _meta} = Builder.delete(user, object.data["id"])
+      {:ok, delete_user_data, _meta} = Builder.delete(user, user.ap_id)
+      {:ok, delete, _meta} = ActivityPub.persist(delete_data, local: true)
+      {:ok, delete_user, _meta} = ActivityPub.persist(delete_user_data, local: true)
+
+      %{
+        user: user,
+        delete: delete,
+        post: post,
+        object: object,
+        delete_user: delete_user,
+        op: op,
+        favorite: favorite
+      }
+    end
+
+    test "it handles object deletions", %{
+      delete: delete,
+      post: post,
+      object: object,
+      user: user,
+      op: op,
+      favorite: favorite
+    } do
+      with_mock Pleroma.Web.ActivityPub.ActivityPub, [:passthrough],
+        stream_out: fn _ -> nil end,
+        stream_out_participations: fn _, _ -> nil end do
+        {:ok, delete, _} = SideEffects.handle(delete)
+        user = User.get_cached_by_ap_id(object.data["actor"])
+
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out(delete))
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out_participations(object, user))
+      end
+
+      object = Object.get_by_id(object.id)
+      assert object.data["type"] == "Tombstone"
+      refute Activity.get_by_id(post.id)
+      refute Activity.get_by_id(favorite.id)
+
+      user = User.get_by_id(user.id)
+      assert user.note_count == 0
+
+      object = Object.normalize(op.data["object"], false)
+
+      assert object.data["repliesCount"] == 0
+    end
+
+    test "it handles object deletions when the object itself has been pruned", %{
+      delete: delete,
+      post: post,
+      object: object,
+      user: user,
+      op: op
+    } do
+      with_mock Pleroma.Web.ActivityPub.ActivityPub, [:passthrough],
+        stream_out: fn _ -> nil end,
+        stream_out_participations: fn _, _ -> nil end do
+        {:ok, delete, _} = SideEffects.handle(delete)
+        user = User.get_cached_by_ap_id(object.data["actor"])
+
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out(delete))
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out_participations(object, user))
+      end
+
+      object = Object.get_by_id(object.id)
+      assert object.data["type"] == "Tombstone"
+      refute Activity.get_by_id(post.id)
+
+      user = User.get_by_id(user.id)
+      assert user.note_count == 0
+
+      object = Object.normalize(op.data["object"], false)
+
+      assert object.data["repliesCount"] == 0
+    end
+
+    test "it handles user deletions", %{delete_user: delete, user: user} do
+      {:ok, _delete, _} = SideEffects.handle(delete)
+      ObanHelpers.perform_all()
+
+      assert User.get_cached_by_ap_id(user.ap_id).deactivated
+    end
+  end
+
+  describe "EmojiReact objects" do
+    setup do
+      poster = insert(:user)
+      user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})
+
+      {:ok, emoji_react_data, []} = Builder.emoji_react(user, post.object, "👌")
+      {:ok, emoji_react, _meta} = ActivityPub.persist(emoji_react_data, local: true)
+
+      %{emoji_react: emoji_react, user: user, poster: poster}
+    end
+
+    test "adds the reaction to the object", %{emoji_react: emoji_react, user: user} do
+      {:ok, emoji_react, _} = SideEffects.handle(emoji_react)
+      object = Object.get_by_ap_id(emoji_react.data["object"])
+
+      assert object.data["reaction_count"] == 1
+      assert ["👌", [user.ap_id]] in object.data["reactions"]
+    end
+
+    test "creates a notification", %{emoji_react: emoji_react, poster: poster} do
+      {:ok, emoji_react, _} = SideEffects.handle(emoji_react)
+      assert Repo.get_by(Notification, user_id: poster.id, activity_id: emoji_react.id)
+    end
+  end
+
+  describe "Undo objects" do
+    setup do
+      poster = insert(:user)
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})
+      {:ok, like} = CommonAPI.favorite(user, post.id)
+      {:ok, reaction} = CommonAPI.react_with_emoji(post.id, user, "👍")
+      {:ok, announce, _} = CommonAPI.repeat(post.id, user)
+      {:ok, block} = ActivityPub.block(user, poster)
+      User.block(user, poster)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, like)
+      {:ok, like_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, reaction)
+      {:ok, reaction_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, announce)
+      {:ok, announce_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, block)
+      {:ok, block_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      %{
+        like_undo: like_undo,
+        post: post,
+        like: like,
+        reaction_undo: reaction_undo,
+        reaction: reaction,
+        announce_undo: announce_undo,
+        announce: announce,
+        block_undo: block_undo,
+        block: block,
+        poster: poster,
+        user: user
+      }
+    end
+
+    test "deletes the original block", %{block_undo: block_undo, block: block} do
+      {:ok, _block_undo, _} = SideEffects.handle(block_undo)
+      refute Activity.get_by_id(block.id)
+    end
+
+    test "unblocks the blocked user", %{block_undo: block_undo, block: block} do
+      blocker = User.get_by_ap_id(block.data["actor"])
+      blocked = User.get_by_ap_id(block.data["object"])
+
+      {:ok, _block_undo, _} = SideEffects.handle(block_undo)
+      refute User.blocks?(blocker, blocked)
+    end
+
+    test "an announce undo removes the announce from the object", %{
+      announce_undo: announce_undo,
+      post: post
+    } do
+      {:ok, _announce_undo, _} = SideEffects.handle(announce_undo)
+
+      object = Object.get_by_ap_id(post.data["object"])
+
+      assert object.data["announcement_count"] == 0
+      assert object.data["announcements"] == []
+    end
+
+    test "deletes the original announce", %{announce_undo: announce_undo, announce: announce} do
+      {:ok, _announce_undo, _} = SideEffects.handle(announce_undo)
+      refute Activity.get_by_id(announce.id)
+    end
+
+    test "a reaction undo removes the reaction from the object", %{
+      reaction_undo: reaction_undo,
+      post: post
+    } do
+      {:ok, _reaction_undo, _} = SideEffects.handle(reaction_undo)
+
+      object = Object.get_by_ap_id(post.data["object"])
+
+      assert object.data["reaction_count"] == 0
+      assert object.data["reactions"] == []
+    end
+
+    test "deletes the original reaction", %{reaction_undo: reaction_undo, reaction: reaction} do
+      {:ok, _reaction_undo, _} = SideEffects.handle(reaction_undo)
+      refute Activity.get_by_id(reaction.id)
+    end
+
+    test "a like undo removes the like from the object", %{like_undo: like_undo, post: post} do
+      {:ok, _like_undo, _} = SideEffects.handle(like_undo)
+
+      object = Object.get_by_ap_id(post.data["object"])
+
+      assert object.data["like_count"] == 0
+      assert object.data["likes"] == []
+    end
+
+    test "deletes the original like", %{like_undo: like_undo, like: like} do
+      {:ok, _like_undo, _} = SideEffects.handle(like_undo)
+      refute Activity.get_by_id(like.id)
+    end
+  end
+
+  describe "like objects" do
+    setup do
+      poster = insert(:user)
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})
+
+      {:ok, like_data, _meta} = Builder.like(user, post.object)
+      {:ok, like, _meta} = ActivityPub.persist(like_data, local: true)
+
+      %{like: like, user: user, poster: poster}
+    end
+
+    test "add the like to the original object", %{like: like, user: user} do
+      {:ok, like, _} = SideEffects.handle(like)
+      object = Object.get_by_ap_id(like.data["object"])
+      assert object.data["like_count"] == 1
+      assert user.ap_id in object.data["likes"]
+    end
+
+    test "creates a notification", %{like: like, poster: poster} do
+      {:ok, like, _} = SideEffects.handle(like)
+      assert Repo.get_by(Notification, user_id: poster.id, activity_id: like.id)
+    end
+  end
+end

test/web/activity_pub/transmogrifier/delete_handling_test.exs

@@ -0,0 +1,114 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.DeleteHandlingTest do
+  use Oban.Testing, repo: Pleroma.Repo
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Tests.ObanHelpers
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+
+  import Pleroma.Factory
+
+  setup_all do
+    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  test "it works for incoming deletes" do
+    activity = insert(:note_activity)
+    deleting_user = insert(:user)
+
+    data =
+      File.read!("test/fixtures/mastodon-delete.json")
+      |> Poison.decode!()
+      |> Map.put("actor", deleting_user.ap_id)
+      |> put_in(["object", "id"], activity.data["object"])
+
+    {:ok, %Activity{actor: actor, local: false, data: %{"id" => id}}} =
+      Transmogrifier.handle_incoming(data)
+
+    assert id == data["id"]
+
+    # We delete the Create activity because we base our timelines on it.
+    # This should be changed after we unify objects and activities
+    refute Activity.get_by_id(activity.id)
+    assert actor == deleting_user.ap_id
+
+    # Objects are replaced by a tombstone object.
+    object = Object.normalize(activity.data["object"])
+    assert object.data["type"] == "Tombstone"
+  end
+
+  test "it works for incoming when the object has been pruned" do
+    activity = insert(:note_activity)
+
+    {:ok, object} =
+      Object.normalize(activity.data["object"])
+      |> Repo.delete()
+
+    Cachex.del(:object_cache, "object:#{object.data["id"]}")
+
+    deleting_user = insert(:user)
+
+    data =
+      File.read!("test/fixtures/mastodon-delete.json")
+      |> Poison.decode!()
+      |> Map.put("actor", deleting_user.ap_id)
+      |> put_in(["object", "id"], activity.data["object"])
+
+    {:ok, %Activity{actor: actor, local: false, data: %{"id" => id}}} =
+      Transmogrifier.handle_incoming(data)
+
+    assert id == data["id"]
+
+    # We delete the Create activity because we base our timelines on it.
+    # This should be changed after we unify objects and activities
+    refute Activity.get_by_id(activity.id)
+    assert actor == deleting_user.ap_id
+  end
+
+  test "it fails for incoming deletes with spoofed origin" do
+    activity = insert(:note_activity)
+    %{ap_id: ap_id} = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
+
+    data =
+      File.read!("test/fixtures/mastodon-delete.json")
+      |> Poison.decode!()
+      |> Map.put("actor", ap_id)
+      |> put_in(["object", "id"], activity.data["object"])
+
+    assert match?({:error, _}, Transmogrifier.handle_incoming(data))
+  end
+
+  @tag capture_log: true
+  test "it works for incoming user deletes" do
+    %{ap_id: ap_id} = insert(:user, ap_id: "http://mastodon.example.org/users/admin")
+
+    data =
+      File.read!("test/fixtures/mastodon-delete-user.json")
+      |> Poison.decode!()
+
+    {:ok, _} = Transmogrifier.handle_incoming(data)
+    ObanHelpers.perform_all()
+
+    assert User.get_cached_by_ap_id(ap_id).deactivated
+  end
+
+  test "it fails for incoming user deletes with spoofed origin" do
+    %{ap_id: ap_id} = insert(:user)
+
+    data =
+      File.read!("test/fixtures/mastodon-delete-user.json")
+      |> Poison.decode!()
+      |> Map.put("actor", ap_id)
+
+    assert match?({:error, _}, Transmogrifier.handle_incoming(data))
+
+    assert User.get_cached_by_ap_id(ap_id)
+  end
+end

test/web/activity_pub/transmogrifier/emoji_react_handling_test.exs

@@ -0,0 +1,61 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.EmojiReactHandlingTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "it works for incoming emoji reactions" do
+    user = insert(:user)
+    other_user = insert(:user, local: false)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/emoji-reaction.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == other_user.ap_id
+    assert data["type"] == "EmojiReact"
+    assert data["id"] == "http://mastodon.example.org/users/admin#reactions/2"
+    assert data["object"] == activity.data["object"]
+    assert data["content"] == "👌"
+
+    object = Object.get_by_ap_id(data["object"])
+
+    assert object.data["reaction_count"] == 1
+    assert match?([["👌", _]], object.data["reactions"])
+  end
+
+  test "it reject invalid emoji reactions" do
+    user = insert(:user)
+    other_user = insert(:user, local: false)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/emoji-reaction-too-long.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+
+    assert {:error, _} = Transmogrifier.handle_incoming(data)
+
+    data =
+      File.read!("test/fixtures/emoji-reaction-no-emoji.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+
+    assert {:error, _} = Transmogrifier.handle_incoming(data)
+  end
+end

test/web/activity_pub/transmogrifier/like_handling_test.exs

@@ -0,0 +1,78 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.LikeHandlingTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "it works for incoming likes" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/mastodon-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _actor = insert(:user, ap_id: data["actor"], local: false)
+
+    {:ok, %Activity{data: data, local: false} = activity} = Transmogrifier.handle_incoming(data)
+
+    refute Enum.empty?(activity.recipients)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Like"
+    assert data["id"] == "http://mastodon.example.org/users/admin#likes/2"
+    assert data["object"] == activity.data["object"]
+  end
+
+  test "it works for incoming misskey likes, turning them into EmojiReacts" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/misskey-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _actor = insert(:user, ap_id: data["actor"], local: false)
+
+    {:ok, %Activity{data: activity_data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert activity_data["actor"] == data["actor"]
+    assert activity_data["type"] == "EmojiReact"
+    assert activity_data["id"] == data["id"]
+    assert activity_data["object"] == activity.data["object"]
+    assert activity_data["content"] == "🍮"
+  end
+
+  test "it works for incoming misskey likes that contain unicode emojis, turning them into EmojiReacts" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/misskey-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("_misskey_reaction", "⭐")
+
+    _actor = insert(:user, ap_id: data["actor"], local: false)
+
+    {:ok, %Activity{data: activity_data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert activity_data["actor"] == data["actor"]
+    assert activity_data["type"] == "EmojiReact"
+    assert activity_data["id"] == data["id"]
+    assert activity_data["object"] == activity.data["object"]
+    assert activity_data["content"] == "⭐"
+  end
+end

test/web/activity_pub/transmogrifier/undo_handling_test.exs

@@ -0,0 +1,185 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.UndoHandlingTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "it works for incoming emoji reaction undos" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+    {:ok, reaction_activity} = CommonAPI.react_with_emoji(activity.id, user, "👌")
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", reaction_activity.data["id"])
+      |> Map.put("actor", user.ap_id)
+
+    {:ok, activity} = Transmogrifier.handle_incoming(data)
+
+    assert activity.actor == user.ap_id
+    assert activity.data["id"] == data["id"]
+    assert activity.data["type"] == "Undo"
+  end
+
+  test "it returns an error for incoming unlikes wihout a like activity" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "leave a like pls"})
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    assert Transmogrifier.handle_incoming(data) == :error
+  end
+
+  test "it works for incoming unlikes with an existing like activity" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "leave a like pls"})
+
+    like_data =
+      File.read!("test/fixtures/mastodon-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _liker = insert(:user, ap_id: like_data["actor"], local: false)
+
+    {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", like_data)
+      |> Map.put("actor", like_data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Undo"
+    assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
+    assert data["object"] == "http://mastodon.example.org/users/admin#likes/2"
+
+    note = Object.get_by_ap_id(like_data["object"])
+    assert note.data["like_count"] == 0
+    assert note.data["likes"] == []
+  end
+
+  test "it works for incoming unlikes with an existing like activity and a compact object" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "leave a like pls"})
+
+    like_data =
+      File.read!("test/fixtures/mastodon-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _liker = insert(:user, ap_id: like_data["actor"], local: false)
+
+    {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", like_data["id"])
+      |> Map.put("actor", like_data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Undo"
+    assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
+    assert data["object"] == "http://mastodon.example.org/users/admin#likes/2"
+  end
+
+  test "it works for incoming unannounces with an existing notice" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
+
+    announce_data =
+      File.read!("test/fixtures/mastodon-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _announcer = insert(:user, ap_id: announce_data["actor"], local: false)
+
+    {:ok, %Activity{data: announce_data, local: false}} =
+      Transmogrifier.handle_incoming(announce_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", announce_data)
+      |> Map.put("actor", announce_data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["type"] == "Undo"
+
+    assert data["object"] ==
+             "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
+  end
+
+  test "it works for incomming unfollows with an existing follow" do
+    user = insert(:user)
+
+    follow_data =
+      File.read!("test/fixtures/mastodon-follow-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", user.ap_id)
+
+    _follower = insert(:user, ap_id: follow_data["actor"], local: false)
+
+    {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(follow_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-unfollow-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", follow_data)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["type"] == "Undo"
+    assert data["object"]["type"] == "Follow"
+    assert data["object"]["object"] == user.ap_id
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+
+    refute User.following?(User.get_cached_by_ap_id(data["actor"]), user)
+  end
+
+  test "it works for incoming unblocks with an existing block" do
+    user = insert(:user)
+
+    block_data =
+      File.read!("test/fixtures/mastodon-block-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", user.ap_id)
+
+    _blocker = insert(:user, ap_id: block_data["actor"], local: false)
+
+    {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(block_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-unblock-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", block_data)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+    assert data["type"] == "Undo"
+    assert data["object"] == block_data["id"]
+
+    blocker = User.get_cached_by_ap_id(data["actor"])
+
+    refute User.blocks?(blocker, user)
+  end
+end

test/web/activity_pub/transmogrifier_test.exs

@@ -212,8 +212,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "suya...",
-          "poll" => %{"options" => ["suya", "suya.", "suya.."], "expires_in" => 10}
+          status: "suya...",
+          poll: %{options: ["suya", "suya.", "suya.."], expires_in: 10}
         })
 
       object = Object.normalize(activity)
@@ -260,6 +260,24 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
                "<p>henlo from my Psion netBook</p><p>message sent from my Psion netBook</p>"
     end
 
+    test "it works for incoming honk announces" do
+      _user = insert(:user, ap_id: "https://honktest/u/test", local: false)
+      other_user = insert(:user)
+      {:ok, post} = CommonAPI.post(other_user, %{status: "bonkeronk"})
+
+      announce = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "actor" => "https://honktest/u/test",
+        "id" => "https://honktest/u/test/bonk/1793M7B9MQ48847vdx",
+        "object" => post.data["object"],
+        "published" => "2019-06-25T19:33:58Z",
+        "to" => "https://www.w3.org/ns/activitystreams#Public",
+        "type" => "Announce"
+      }
+
+      {:ok, %Activity{local: false}} = Transmogrifier.handle_incoming(announce)
+    end
+
     test "it works for incoming announces with actor being inlined (kroeg)" do
       data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!()
 
@@ -325,178 +343,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert object_data["cc"] == to
     end
 
-    test "it works for incoming likes" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/mastodon-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Like"
-      assert data["id"] == "http://mastodon.example.org/users/admin#likes/2"
-      assert data["object"] == activity.data["object"]
-    end
-
-    test "it works for incoming misskey likes, turning them into EmojiReacts" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/misskey-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == data["actor"]
-      assert data["type"] == "EmojiReact"
-      assert data["id"] == data["id"]
-      assert data["object"] == activity.data["object"]
-      assert data["content"] == "🍮"
-    end
-
-    test "it works for incoming misskey likes that contain unicode emojis, turning them into EmojiReacts" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/misskey-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-        |> Map.put("_misskey_reaction", "⭐")
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == data["actor"]
-      assert data["type"] == "EmojiReact"
-      assert data["id"] == data["id"]
-      assert data["object"] == activity.data["object"]
-      assert data["content"] == "⭐"
-    end
-
-    test "it works for incoming emoji reactions" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/emoji-reaction.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "EmojiReact"
-      assert data["id"] == "http://mastodon.example.org/users/admin#reactions/2"
-      assert data["object"] == activity.data["object"]
-      assert data["content"] == "👌"
-    end
-
-    test "it reject invalid emoji reactions" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/emoji-reaction-too-long.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      assert :error = Transmogrifier.handle_incoming(data)
-
-      data =
-        File.read!("test/fixtures/emoji-reaction-no-emoji.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      assert :error = Transmogrifier.handle_incoming(data)
-    end
-
-    test "it works for incoming emoji reaction undos" do
-      user = insert(:user)
-
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-      {:ok, reaction_activity, _object} = CommonAPI.react_with_emoji(activity.id, user, "👌")
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", reaction_activity.data["id"])
-        |> Map.put("actor", user.ap_id)
-
-      {:ok, activity} = Transmogrifier.handle_incoming(data)
-
-      assert activity.actor == user.ap_id
-      assert activity.data["id"] == data["id"]
-      assert activity.data["type"] == "Undo"
-    end
-
-    test "it returns an error for incoming unlikes wihout a like activity" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"})
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      assert Transmogrifier.handle_incoming(data) == :error
-    end
-
-    test "it works for incoming unlikes with an existing like activity" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"})
-
-      like_data =
-        File.read!("test/fixtures/mastodon-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", like_data)
-        |> Map.put("actor", like_data["actor"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Undo"
-      assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
-      assert data["object"]["id"] == "http://mastodon.example.org/users/admin#likes/2"
-    end
-
-    test "it works for incoming unlikes with an existing like activity and a compact object" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"})
-
-      like_data =
-        File.read!("test/fixtures/mastodon-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", like_data["id"])
-        |> Map.put("actor", like_data["actor"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Undo"
-      assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
-      assert data["object"]["id"] == "http://mastodon.example.org/users/admin#likes/2"
-    end
-
     test "it works for incoming announces" do
       data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()
 
@@ -516,7 +362,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it works for incoming announces with an existing activity" do
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
 
       data =
         File.read!("test/fixtures/mastodon-announce.json")
@@ -566,7 +412,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it does not clobber the addressing on announce activities" do
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
 
       data =
         File.read!("test/fixtures/mastodon-announce.json")
@@ -652,8 +498,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it strips internal reactions" do
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-      {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, user, "📢")
+      {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+      {:ok, _} = CommonAPI.react_with_emoji(activity.id, user, "📢")
 
       %{object: object} = Activity.get_by_id_with_object(activity.id)
       assert Map.has_key?(object.data, "reactions")
@@ -744,7 +590,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       user = User.get_cached_by_ap_id(activity.actor)
 
-      assert User.fields(user) == [
+      assert user.fields == [
                %{"name" => "foo", "value" => "bar"},
                %{"name" => "foo1", "value" => "bar1"}
              ]
@@ -765,7 +611,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       user = User.get_cached_by_ap_id(user.ap_id)
 
-      assert User.fields(user) == [
+      assert user.fields == [
                %{"name" => "foo", "value" => "updated"},
                %{"name" => "foo1", "value" => "updated"}
              ]
@@ -783,7 +629,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       user = User.get_cached_by_ap_id(user.ap_id)
 
-      assert User.fields(user) == [
+      assert user.fields == [
                %{"name" => "foo", "value" => "updated"},
                %{"name" => "foo1", "value" => "updated"}
              ]
@@ -794,7 +640,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       user = User.get_cached_by_ap_id(user.ap_id)
 
-      assert User.fields(user) == []
+      assert user.fields == []
     end
 
     test "it works for incoming update activities which lock the account" do
@@ -820,112 +666,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert user.locked == true
     end
 
-    test "it works for incoming deletes" do
-      activity = insert(:note_activity)
-      deleting_user = insert(:user)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete.json")
-        |> Poison.decode!()
-
-      object =
-        data["object"]
-        |> Map.put("id", activity.data["object"])
-
-      data =
-        data
-        |> Map.put("object", object)
-        |> Map.put("actor", deleting_user.ap_id)
-
-      {:ok, %Activity{actor: actor, local: false, data: %{"id" => id}}} =
-        Transmogrifier.handle_incoming(data)
-
-      assert id == data["id"]
-      refute Activity.get_by_id(activity.id)
-      assert actor == deleting_user.ap_id
-    end
-
-    test "it fails for incoming deletes with spoofed origin" do
-      activity = insert(:note_activity)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete.json")
-        |> Poison.decode!()
-
-      object =
-        data["object"]
-        |> Map.put("id", activity.data["object"])
-
-      data =
-        data
-        |> Map.put("object", object)
-
-      assert capture_log(fn ->
-               :error = Transmogrifier.handle_incoming(data)
-             end) =~
-               "[error] Could not decode user at fetch http://mastodon.example.org/users/gargron, {:error, :nxdomain}"
-
-      assert Activity.get_by_id(activity.id)
-    end
-
-    @tag capture_log: true
-    test "it works for incoming user deletes" do
-      %{ap_id: ap_id} = insert(:user, ap_id: "http://mastodon.example.org/users/admin")
-
-      data =
-        File.read!("test/fixtures/mastodon-delete-user.json")
-        |> Poison.decode!()
-
-      {:ok, _} = Transmogrifier.handle_incoming(data)
-      ObanHelpers.perform_all()
-
-      refute User.get_cached_by_ap_id(ap_id)
-    end
-
-    test "it fails for incoming user deletes with spoofed origin" do
-      %{ap_id: ap_id} = insert(:user)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete-user.json")
-        |> Poison.decode!()
-        |> Map.put("actor", ap_id)
-
-      assert capture_log(fn ->
-               assert :error == Transmogrifier.handle_incoming(data)
-             end) =~ "Object containment failed"
-
-      assert User.get_cached_by_ap_id(ap_id)
-    end
-
-    test "it works for incoming unannounces with an existing notice" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
-
-      announce_data =
-        File.read!("test/fixtures/mastodon-announce.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: announce_data, local: false}} =
-        Transmogrifier.handle_incoming(announce_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-announce.json")
-        |> Poison.decode!()
-        |> Map.put("object", announce_data)
-        |> Map.put("actor", announce_data["actor"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["type"] == "Undo"
-      assert object_data = data["object"]
-      assert object_data["type"] == "Announce"
-      assert object_data["object"] == activity.data["object"]
-
-      assert object_data["id"] ==
-               "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
-    end
-
     test "it works for incomming unfollows with an existing follow" do
       user = insert(:user)
 
@@ -1020,32 +760,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       refute User.following?(blocked, blocker)
     end
 
-    test "it works for incoming unblocks with an existing block" do
-      user = insert(:user)
-
-      block_data =
-        File.read!("test/fixtures/mastodon-block-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", user.ap_id)
-
-      {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(block_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-unblock-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", block_data)
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-      assert data["type"] == "Undo"
-      assert data["object"]["type"] == "Block"
-      assert data["object"]["object"] == user.ap_id
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-
-      blocker = User.get_cached_by_ap_id(data["actor"])
-
-      refute User.blocks?(blocker, user)
-    end
-
     test "it works for incoming accepts which were pre-accepted" do
       follower = insert(:user)
       followed = insert(:user)
@@ -1119,6 +833,12 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       follower = User.get_cached_by_id(follower.id)
 
       assert User.following?(follower, followed) == true
+
+      follower = User.get_by_id(follower.id)
+      assert follower.following_count == 1
+
+      followed = User.get_by_id(followed.id)
+      assert followed.follower_count == 1
     end
 
     test "it fails for incoming accepts which cannot be correlated" do
@@ -1219,6 +939,35 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       :error = Transmogrifier.handle_incoming(data)
     end
 
+    test "skip converting the content when it is nil" do
+      object_id = "https://peertube.social/videos/watch/278d2b7c-0f38-4aaa-afe6-9ecc0c4a34fe"
+
+      {:ok, object} = Fetcher.fetch_and_contain_remote_object_from_id(object_id)
+
+      result =
+        Pleroma.Web.ActivityPub.Transmogrifier.fix_object(Map.merge(object, %{"content" => nil}))
+
+      assert result["content"] == nil
+    end
+
+    test "it converts content of object to html" do
+      object_id = "https://peertube.social/videos/watch/278d2b7c-0f38-4aaa-afe6-9ecc0c4a34fe"
+
+      {:ok, %{"content" => content_markdown}} =
+        Fetcher.fetch_and_contain_remote_object_from_id(object_id)
+
+      {:ok, %Pleroma.Object{data: %{"content" => content}} = object} =
+        Fetcher.fetch_object_from_id(object_id)
+
+      assert content_markdown ==
+               "Support this and our other Michigan!/usr/group videos and meetings. Learn more at http://mug.org/membership\n\nTwenty Years in Jail: FreeBSD's Jails, Then and Now\n\nJails started as a limited virtualization system, but over the last two years they've..."
+
+      assert content ==
+               "<p>Support this and our other Michigan!/usr/group videos and meetings. Learn more at <a href=\"http://mug.org/membership\">http://mug.org/membership</a></p><p>Twenty Years in Jail: FreeBSD’s Jails, Then and Now</p><p>Jails started as a limited virtualization system, but over the last two years they’ve…</p>"
+
+      assert object.data["mediaType"] == "text/html"
+    end
+
     test "it remaps video URLs as attachments if necessary" do
       {:ok, object} =
         Fetcher.fetch_object_from_id(
@@ -1228,19 +977,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       attachment = %{
         "type" => "Link",
         "mediaType" => "video/mp4",
-        "href" =>
-          "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
-        "mimeType" => "video/mp4",
-        "size" => 5_015_880,
         "url" => [
           %{
             "href" =>
               "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
-            "mediaType" => "video/mp4",
-            "type" => "Link"
+            "mediaType" => "video/mp4"
           }
-        ],
-        "width" => 480
+        ]
       }
 
       assert object.data["url"] ==
@@ -1253,7 +996,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "test post"})
       object = Object.normalize(activity)
 
       note_obj = %{
@@ -1397,13 +1140,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     setup do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "post1"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "post1"})
 
       {:ok, reply1} =
-        CommonAPI.post(user, %{"status" => "reply1", "in_reply_to_status_id" => activity.id})
+        CommonAPI.post(user, %{status: "reply1", in_reply_to_status_id: activity.id})
 
       {:ok, reply2} =
-        CommonAPI.post(user, %{"status" => "reply2", "in_reply_to_status_id" => activity.id})
+        CommonAPI.post(user, %{status: "reply2", in_reply_to_status_id: activity.id})
 
       replies_uris = Enum.map([reply1, reply2], fn a -> a.object.data["id"] end)
 
@@ -1443,7 +1186,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "it inlines private announced objects" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey", "visibility" => "private"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey", visibility: "private"})
 
       {:ok, announce_activity, _} = CommonAPI.repeat(activity.id, user)
 
@@ -1458,7 +1201,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       other_user = insert(:user)
 
       {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "hey, @#{other_user.nickname}, how are ya? #2hu"})
+        CommonAPI.post(user, %{status: "hey, @#{other_user.nickname}, how are ya? #2hu"})
 
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
       object = modified["object"]
@@ -1482,7 +1225,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "it adds the sensitive property" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#nsfw hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "#nsfw hey"})
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
       assert modified["object"]["sensitive"]
@@ -1491,7 +1234,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "it adds the json-ld context and the conversation property" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
       assert modified["@context"] ==
@@ -1503,7 +1246,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "it sets the 'attributedTo' property to the actor of the object if it doesn't have one" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
       assert modified["object"]["actor"] == modified["object"]["attributedTo"]
@@ -1512,7 +1255,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "it strips internal hashtag data" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "#2hu"})
 
       expected_tag = %{
         "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu",
@@ -1528,7 +1271,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "it strips internal fields" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :firefox:"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "#2hu :firefox:"})
 
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
@@ -1560,14 +1303,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "2hu :moominmamma:"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "2hu :moominmamma:"})
 
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
       assert modified["directMessage"] == false
 
-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "@#{other_user.nickname} :moominmamma:"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "@#{other_user.nickname} :moominmamma:"})
 
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
@@ -1575,8 +1317,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "@#{other_user.nickname} :moominmamma:",
-          "visibility" => "direct"
+          status: "@#{other_user.nickname} :moominmamma:",
+          visibility: "direct"
         })
 
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
@@ -1588,8 +1330,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       user = insert(:user)
       {:ok, list} = Pleroma.List.create("foo", user)
 
-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "foobar", visibility: "list:#{list.id}"})
 
       {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
 
@@ -1622,10 +1363,10 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
         })
 
       user_two = insert(:user)
-      Pleroma.FollowingRelationship.follow(user_two, user, "accept")
+      Pleroma.FollowingRelationship.follow(user_two, user, :follow_accept)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
-      {:ok, unrelated_activity} = CommonAPI.post(user_two, %{"status" => "test"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "test"})
+      {:ok, unrelated_activity} = CommonAPI.post(user_two, %{status: "test"})
       assert "http://localhost:4001/users/rye@niu.moe/followers" in activity.recipients
 
       user = User.get_cached_by_id(user.id)
@@ -1791,8 +1532,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     {:ok, poll_activity} =
       CommonAPI.post(user, %{
-        "status" => "suya...",
-        "poll" => %{"options" => ["suya", "suya.", "suya.."], "expires_in" => 10}
+        status: "suya...",
+        poll: %{options: ["suya", "suya.", "suya.."], expires_in: 10}
       })
 
     poll_object = Object.normalize(poll_activity)
@@ -2061,11 +1802,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
                  %{
                    "mediaType" => "video/mp4",
                    "url" => [
-                     %{
-                       "href" => "https://peertube.moe/stat-480.mp4",
-                       "mediaType" => "video/mp4",
-                       "type" => "Link"
-                     }
+                     %{"href" => "https://peertube.moe/stat-480.mp4", "mediaType" => "video/mp4"}
                    ]
                  }
                ]
@@ -2083,23 +1820,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
                  %{
                    "mediaType" => "video/mp4",
                    "url" => [
-                     %{
-                       "href" => "https://pe.er/stat-480.mp4",
-                       "mediaType" => "video/mp4",
-                       "type" => "Link"
-                     }
+                     %{"href" => "https://pe.er/stat-480.mp4", "mediaType" => "video/mp4"}
                    ]
                  },
                  %{
-                   "href" => "https://pe.er/stat-480.mp4",
                    "mediaType" => "video/mp4",
-                   "mimeType" => "video/mp4",
                    "url" => [
-                     %{
-                       "href" => "https://pe.er/stat-480.mp4",
-                       "mediaType" => "video/mp4",
-                       "type" => "Link"
-                     }
+                     %{"href" => "https://pe.er/stat-480.mp4", "mediaType" => "video/mp4"}
                    ]
                  }
                ]
@@ -2149,28 +1876,27 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
     test "sets `replies` collection with a limited number of self-replies" do
       [user, another_user] = insert_list(2, :user)
 
-      {:ok, %{id: id1} = activity} = CommonAPI.post(user, %{"status" => "1"})
+      {:ok, %{id: id1} = activity} = CommonAPI.post(user, %{status: "1"})
 
       {:ok, %{id: id2} = self_reply1} =
-        CommonAPI.post(user, %{"status" => "self-reply 1", "in_reply_to_status_id" => id1})
+        CommonAPI.post(user, %{status: "self-reply 1", in_reply_to_status_id: id1})
 
       {:ok, self_reply2} =
-        CommonAPI.post(user, %{"status" => "self-reply 2", "in_reply_to_status_id" => id1})
+        CommonAPI.post(user, %{status: "self-reply 2", in_reply_to_status_id: id1})
 
       # Assuming to _not_ be present in `replies` due to :note_replies_output_limit is set to 2
-      {:ok, _} =
-        CommonAPI.post(user, %{"status" => "self-reply 3", "in_reply_to_status_id" => id1})
+      {:ok, _} = CommonAPI.post(user, %{status: "self-reply 3", in_reply_to_status_id: id1})
 
       {:ok, _} =
         CommonAPI.post(user, %{
-          "status" => "self-reply to self-reply",
-          "in_reply_to_status_id" => id2
+          status: "self-reply to self-reply",
+          in_reply_to_status_id: id2
         })
 
       {:ok, _} =
         CommonAPI.post(another_user, %{
-          "status" => "another user's reply",
-          "in_reply_to_status_id" => id1
+          status: "another user's reply",
+          in_reply_to_status_id: id1
         })
 
       object = Object.normalize(activity)
@@ -2180,4 +1906,18 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
                Transmogrifier.set_replies(object.data)["replies"]
     end
   end
+
+  test "take_emoji_tags/1" do
+    user = insert(:user, %{emoji: %{"firefox" => "https://example.org/firefox.png"}})
+
+    assert Transmogrifier.take_emoji_tags(user) == [
+             %{
+               "icon" => %{"type" => "Image", "url" => "https://example.org/firefox.png"},
+               "id" => "https://example.org/firefox.png",
+               "name" => ":firefox:",
+               "type" => "Emoji",
+               "updated" => "1970-01-01T00:00:00Z"
+             }
+           ]
+  end
 end

test/web/activity_pub/utils_test.exs

@@ -102,34 +102,6 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
     end
   end
 
-  describe "make_unlike_data/3" do
-    test "returns data for unlike activity" do
-      user = insert(:user)
-      like_activity = insert(:like_activity, data_attrs: %{"context" => "test context"})
-
-      object = Object.normalize(like_activity.data["object"])
-
-      assert Utils.make_unlike_data(user, like_activity, nil) == %{
-               "type" => "Undo",
-               "actor" => user.ap_id,
-               "object" => like_activity.data,
-               "to" => [user.follower_address, object.data["actor"]],
-               "cc" => [Pleroma.Constants.as_public()],
-               "context" => like_activity.data["context"]
-             }
-
-      assert Utils.make_unlike_data(user, like_activity, "9mJEZK0tky1w2xD2vY") == %{
-               "type" => "Undo",
-               "actor" => user.ap_id,
-               "object" => like_activity.data,
-               "to" => [user.follower_address, object.data["actor"]],
-               "cc" => [Pleroma.Constants.as_public()],
-               "context" => like_activity.data["context"],
-               "id" => "9mJEZK0tky1w2xD2vY"
-             }
-    end
-  end
-
   describe "make_like_data" do
     setup do
       user = insert(:user)
@@ -148,7 +120,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" =>
+          status:
             "hey @#{other_user.nickname}, @#{third_user.nickname} how about beering together this weekend?"
         })
 
@@ -167,8 +139,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "@#{other_user.nickname} @#{third_user.nickname} bought a new swimsuit!",
-          "visibility" => "private"
+          status: "@#{other_user.nickname} @#{third_user.nickname} bought a new swimsuit!",
+          visibility: "private"
         })
 
       %{"to" => to, "cc" => cc} = Utils.make_like_data(other_user, activity, nil)
@@ -196,11 +168,11 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "How do I pronounce LaTeX?",
-          "poll" => %{
-            "options" => ["laytekh", "lahtekh", "latex"],
-            "expires_in" => 20,
-            "multiple" => true
+          status: "How do I pronounce LaTeX?",
+          poll: %{
+            options: ["laytekh", "lahtekh", "latex"],
+            expires_in: 20,
+            multiple: true
           }
         })
 
@@ -215,17 +187,16 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "Are we living in a society?",
-          "poll" => %{
-            "options" => ["yes", "no"],
-            "expires_in" => 20
+          status: "Are we living in a society?",
+          poll: %{
+            options: ["yes", "no"],
+            expires_in: 20
           }
         })
 
       object = Object.normalize(activity)
       {:ok, [vote], object} = CommonAPI.vote(other_user, object, [0])
-      vote_object = Object.normalize(vote)
-      {:ok, _activity, _object} = ActivityPub.like(user, vote_object)
+      {:ok, _activity} = CommonAPI.favorite(user, activity.id)
       [fetched_vote] = Utils.get_existing_votes(other_user.ap_id, object)
       assert fetched_vote.id == vote.id
     end
@@ -346,7 +317,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
 
       user = insert(:user)
       refute Utils.get_existing_like(user.ap_id, object)
-      {:ok, like_activity, _object} = ActivityPub.like(user, object)
+      {:ok, like_activity} = CommonAPI.favorite(user, note_activity.id)
 
       assert ^like_activity = Utils.get_existing_like(user.ap_id, object)
     end
@@ -498,7 +469,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
     test "returns map with Flag object" do
       reporter = insert(:user)
       target_account = insert(:user)
-      {:ok, activity} = CommonAPI.post(target_account, %{"status" => "foobar"})
+      {:ok, activity} = CommonAPI.post(target_account, %{status: "foobar"})
       context = Utils.generate_context_id()
       content = "foobar"
 

test/web/activity_pub/views/object_view_test.exs

@@ -44,7 +44,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
       activity = insert(:note_activity, user: user)
 
       {:ok, self_reply1} =
-        CommonAPI.post(user, %{"status" => "self-reply 1", "in_reply_to_status_id" => activity.id})
+        CommonAPI.post(user, %{status: "self-reply 1", in_reply_to_status_id: activity.id})
 
       replies_uris = [self_reply1.object.data["id"]]
       result = ObjectView.render("object.json", %{object: refresh_record(activity)})
@@ -59,7 +59,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
     object = Object.normalize(note)
     user = insert(:user)
 
-    {:ok, like_activity, _} = CommonAPI.favorite(note.id, user)
+    {:ok, like_activity} = CommonAPI.favorite(user, note.id)
 
     result = ObjectView.render("object.json", %{object: like_activity})
 

test/web/activity_pub/views/user_view_test.exs

@@ -29,7 +29,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
     {:ok, user} =
       insert(:user)
-      |> User.upgrade_changeset(%{fields: fields})
+      |> User.update_changeset(%{fields: fields})
       |> User.update_and_set_cache()
 
     assert %{
@@ -38,7 +38,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
   end
 
   test "Renders with emoji tags" do
-    user = insert(:user, emoji: [%{"bib" => "/test"}])
+    user = insert(:user, emoji: %{"bib" => "/test"})
 
     assert %{
              "tag" => [
@@ -164,7 +164,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
     posts =
       for i <- 0..25 do
-        {:ok, activity} = CommonAPI.post(user, %{"status" => "post #{i}"})
+        {:ok, activity} = CommonAPI.post(user, %{status: "post #{i}"})
         activity
       end
 

test/web/activity_pub/visibilty_test.exs

@@ -21,21 +21,21 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
     Pleroma.List.follow(list, unrelated)
 
     {:ok, public} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "public"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "public"})
 
     {:ok, private} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "private"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "private"})
 
     {:ok, direct} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "direct"})
 
     {:ok, unlisted} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "unlisted"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "unlisted"})
 
     {:ok, list} =
       CommonAPI.post(user, %{
-        "status" => "@#{mentioned.nickname}",
-        "visibility" => "list:#{list.id}"
+        status: "@#{mentioned.nickname}",
+        visibility: "list:#{list.id}"
       })
 
     %{

test/web/admin_api/views/report_view_test.exs

@@ -15,7 +15,7 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.report(user, %{"account_id" => other_user.id})
+    {:ok, activity} = CommonAPI.report(user, %{account_id: other_user.id})
 
     expected = %{
       content: nil,
@@ -45,10 +45,10 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
   test "includes reported statuses" do
     user = insert(:user)
     other_user = insert(:user)
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "toot"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "toot"})
 
     {:ok, report_activity} =
-      CommonAPI.report(user, %{"account_id" => other_user.id, "status_ids" => [activity.id]})
+      CommonAPI.report(user, %{account_id: other_user.id, status_ids: [activity.id]})
 
     other_user = Pleroma.User.get_by_id(other_user.id)
 
@@ -81,7 +81,7 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.report(user, %{"account_id" => other_user.id})
+    {:ok, activity} = CommonAPI.report(user, %{account_id: other_user.id})
     {:ok, activity} = CommonAPI.update_report_state(activity.id, "closed")
 
     assert %{state: "closed"} =
@@ -94,8 +94,8 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
 
     {:ok, activity} =
       CommonAPI.report(user, %{
-        "account_id" => other_user.id,
-        "comment" => "posts are too good for this instance"
+        account_id: other_user.id,
+        comment: "posts are too good for this instance"
       })
 
     assert %{content: "posts are too good for this instance"} =
@@ -108,8 +108,8 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
 
     {:ok, activity} =
       CommonAPI.report(user, %{
-        "account_id" => other_user.id,
-        "comment" => ""
+        account_id: other_user.id,
+        comment: ""
       })
 
     data = Map.put(activity.data, "content", "<script> alert('hecked :D:D:D:D:D:D:D') </script>")
@@ -125,8 +125,8 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
 
     {:ok, activity} =
       CommonAPI.report(user, %{
-        "account_id" => other_user.id,
-        "comment" => ""
+        account_id: other_user.id,
+        comment: ""
       })
 
     Pleroma.User.delete(other_user)

test/web/api_spec/schema_examples_test.exs

@@ -0,0 +1,43 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.SchemaExamplesTest do
+  use ExUnit.Case, async: true
+  import Pleroma.Tests.ApiSpecHelpers
+
+  @content_type "application/json"
+
+  for operation <- api_operations() do
+    describe operation.operationId <> " Request Body" do
+      if operation.requestBody do
+        @media_type operation.requestBody.content[@content_type]
+        @schema resolve_schema(@media_type.schema)
+
+        if @media_type.example do
+          test "request body media type example matches schema" do
+            assert_schema(@media_type.example, @schema)
+          end
+        end
+
+        if @schema.example do
+          test "request body schema example matches schema" do
+            assert_schema(@schema.example, @schema)
+          end
+        end
+      end
+    end
+
+    for {status, response} <- operation.responses do
+      describe "#{operation.operationId} - #{status} Response" do
+        @schema resolve_schema(response.content[@content_type].schema)
+
+        if @schema.example do
+          test "example matches schema" do
+            assert_schema(@schema.example, @schema)
+          end
+        end
+      end
+    end
+  end
+end

test/web/auth/auth_test_controller_test.exs

@@ -0,0 +1,242 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Tests.AuthTestControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  describe "do_oauth_check" do
+    test "serves with proper OAuth token (fulfilling requested scopes)" do
+      %{conn: good_token_conn, user: user} = oauth_access(["read"])
+
+      assert %{"user_id" => user.id} ==
+               good_token_conn
+               |> get("/test/authenticated_api/do_oauth_check")
+               |> json_response(200)
+
+      # Unintended usage (:api) — use with :authenticated_api instead
+      assert %{"user_id" => user.id} ==
+               good_token_conn
+               |> get("/test/api/do_oauth_check")
+               |> json_response(200)
+    end
+
+    test "fails on no token / missing scope(s)" do
+      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
+
+      bad_token_conn
+      |> get("/test/authenticated_api/do_oauth_check")
+      |> json_response(403)
+
+      bad_token_conn
+      |> assign(:token, nil)
+      |> get("/test/api/do_oauth_check")
+      |> json_response(403)
+    end
+  end
+
+  describe "fallback_oauth_check" do
+    test "serves with proper OAuth token (fulfilling requested scopes)" do
+      %{conn: good_token_conn, user: user} = oauth_access(["read"])
+
+      assert %{"user_id" => user.id} ==
+               good_token_conn
+               |> get("/test/api/fallback_oauth_check")
+               |> json_response(200)
+
+      # Unintended usage (:authenticated_api) — use with :api instead
+      assert %{"user_id" => user.id} ==
+               good_token_conn
+               |> get("/test/authenticated_api/fallback_oauth_check")
+               |> json_response(200)
+    end
+
+    test "for :api on public instance, drops :user and renders on no token / missing scope(s)" do
+      clear_config([:instance, :public], true)
+
+      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
+
+      assert %{"user_id" => nil} ==
+               bad_token_conn
+               |> get("/test/api/fallback_oauth_check")
+               |> json_response(200)
+
+      assert %{"user_id" => nil} ==
+               bad_token_conn
+               |> assign(:token, nil)
+               |> get("/test/api/fallback_oauth_check")
+               |> json_response(200)
+    end
+
+    test "for :api on private instance, fails on no token / missing scope(s)" do
+      clear_config([:instance, :public], false)
+
+      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
+
+      bad_token_conn
+      |> get("/test/api/fallback_oauth_check")
+      |> json_response(403)
+
+      bad_token_conn
+      |> assign(:token, nil)
+      |> get("/test/api/fallback_oauth_check")
+      |> json_response(403)
+    end
+  end
+
+  describe "skip_oauth_check" do
+    test "for :authenticated_api, serves if :user is set (regardless of token / token scopes)" do
+      user = insert(:user)
+
+      assert %{"user_id" => user.id} ==
+               build_conn()
+               |> assign(:user, user)
+               |> get("/test/authenticated_api/skip_oauth_check")
+               |> json_response(200)
+
+      %{conn: bad_token_conn, user: user} = oauth_access(["irrelevant_scope"])
+
+      assert %{"user_id" => user.id} ==
+               bad_token_conn
+               |> get("/test/authenticated_api/skip_oauth_check")
+               |> json_response(200)
+    end
+
+    test "serves via :api on public instance if :user is not set" do
+      clear_config([:instance, :public], true)
+
+      assert %{"user_id" => nil} ==
+               build_conn()
+               |> get("/test/api/skip_oauth_check")
+               |> json_response(200)
+
+      build_conn()
+      |> get("/test/authenticated_api/skip_oauth_check")
+      |> json_response(403)
+    end
+
+    test "fails on private instance if :user is not set" do
+      clear_config([:instance, :public], false)
+
+      build_conn()
+      |> get("/test/api/skip_oauth_check")
+      |> json_response(403)
+
+      build_conn()
+      |> get("/test/authenticated_api/skip_oauth_check")
+      |> json_response(403)
+    end
+  end
+
+  describe "fallback_oauth_skip_publicity_check" do
+    test "serves with proper OAuth token (fulfilling requested scopes)" do
+      %{conn: good_token_conn, user: user} = oauth_access(["read"])
+
+      assert %{"user_id" => user.id} ==
+               good_token_conn
+               |> get("/test/api/fallback_oauth_skip_publicity_check")
+               |> json_response(200)
+
+      # Unintended usage (:authenticated_api)
+      assert %{"user_id" => user.id} ==
+               good_token_conn
+               |> get("/test/authenticated_api/fallback_oauth_skip_publicity_check")
+               |> json_response(200)
+    end
+
+    test "for :api on private / public instance, drops :user and renders on token issue" do
+      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
+
+      for is_public <- [true, false] do
+        clear_config([:instance, :public], is_public)
+
+        assert %{"user_id" => nil} ==
+                 bad_token_conn
+                 |> get("/test/api/fallback_oauth_skip_publicity_check")
+                 |> json_response(200)
+
+        assert %{"user_id" => nil} ==
+                 bad_token_conn
+                 |> assign(:token, nil)
+                 |> get("/test/api/fallback_oauth_skip_publicity_check")
+                 |> json_response(200)
+      end
+    end
+  end
+
+  describe "skip_oauth_skip_publicity_check" do
+    test "for :authenticated_api, serves if :user is set (regardless of token / token scopes)" do
+      user = insert(:user)
+
+      assert %{"user_id" => user.id} ==
+               build_conn()
+               |> assign(:user, user)
+               |> get("/test/authenticated_api/skip_oauth_skip_publicity_check")
+               |> json_response(200)
+
+      %{conn: bad_token_conn, user: user} = oauth_access(["irrelevant_scope"])
+
+      assert %{"user_id" => user.id} ==
+               bad_token_conn
+               |> get("/test/authenticated_api/skip_oauth_skip_publicity_check")
+               |> json_response(200)
+    end
+
+    test "for :api, serves on private and public instances regardless of whether :user is set" do
+      user = insert(:user)
+
+      for is_public <- [true, false] do
+        clear_config([:instance, :public], is_public)
+
+        assert %{"user_id" => nil} ==
+                 build_conn()
+                 |> get("/test/api/skip_oauth_skip_publicity_check")
+                 |> json_response(200)
+
+        assert %{"user_id" => user.id} ==
+                 build_conn()
+                 |> assign(:user, user)
+                 |> get("/test/api/skip_oauth_skip_publicity_check")
+                 |> json_response(200)
+      end
+    end
+  end
+
+  describe "missing_oauth_check_definition" do
+    def test_missing_oauth_check_definition_failure(endpoint, expected_error) do
+      %{conn: conn} = oauth_access(["read", "write", "follow", "push", "admin"])
+
+      assert %{"error" => expected_error} ==
+               conn
+               |> get(endpoint)
+               |> json_response(403)
+    end
+
+    test "fails if served via :authenticated_api" do
+      test_missing_oauth_check_definition_failure(
+        "/test/authenticated_api/missing_oauth_check_definition",
+        "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
+      )
+    end
+
+    test "fails if served via :api and the instance is private" do
+      clear_config([:instance, :public], false)
+
+      test_missing_oauth_check_definition_failure(
+        "/test/api/missing_oauth_check_definition",
+        "This resource requires authentication."
+      )
+    end
+
+    test "succeeds with dropped :user if served via :api on public instance" do
+      %{conn: conn} = oauth_access(["read", "write", "follow", "push", "admin"])
+
+      assert %{"user_id" => nil} ==
+               conn
+               |> get("/test/api/missing_oauth_check_definition")
+               |> json_response(200)
+    end
+  end
+end

test/web/auth/basic_auth_test.exs

@@ -0,0 +1,46 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.BasicAuthTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
+    conn: conn
+  } do
+    user = insert(:user)
+    assert Pbkdf2.verify_pass("test", user.password_hash)
+
+    basic_auth_contents =
+      (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
+      |> Base.encode64()
+
+    # Succeeds with HTTP Basic Auth
+    response =
+      conn
+      |> put_req_header("authorization", "Basic " <> basic_auth_contents)
+      |> get("/api/v1/accounts/verify_credentials")
+      |> json_response(200)
+
+    user_nickname = user.nickname
+    assert %{"username" => ^user_nickname} = response
+
+    # Succeeds with a properly scoped OAuth token
+    valid_token = insert(:oauth_token, scopes: ["read:accounts"])
+
+    conn
+    |> put_req_header("authorization", "Bearer #{valid_token.token}")
+    |> get("/api/v1/accounts/verify_credentials")
+    |> json_response(200)
+
+    # Fails with a wrong-scoped OAuth token (proof of restriction)
+    invalid_token = insert(:oauth_token, scopes: ["read:something"])
+
+    conn
+    |> put_req_header("authorization", "Bearer #{invalid_token.token}")
+    |> get("/api/v1/accounts/verify_credentials")
+    |> json_response(403)
+  end
+end

test/web/auth/pleroma_authenticator_test.exs

@@ -0,0 +1,43 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Web.Auth.PleromaAuthenticator
+  import Pleroma.Factory
+
+  setup do
+    password = "testpassword"
+    name = "AgentSmith"
+    user = insert(:user, nickname: name, password_hash: Pbkdf2.hash_pwd_salt(password))
+    {:ok, [user: user, name: name, password: password]}
+  end
+
+  test "get_user/authorization", %{user: user, name: name, password: password} do
+    params = %{"authorization" => %{"name" => name, "password" => password}}
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
+
+    assert {:ok, user} == res
+  end
+
+  test "get_user/authorization with invalid password", %{name: name} do
+    params = %{"authorization" => %{"name" => name, "password" => "password"}}
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
+
+    assert {:error, {:checkpw, false}} == res
+  end
+
+  test "get_user/grant_type_password", %{user: user, name: name, password: password} do
+    params = %{"grant_type" => "password", "username" => name, "password" => password}
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
+
+    assert {:ok, user} == res
+  end
+
+  test "error credintails" do
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: %{}})
+    assert {:error, :invalid_credentials} == res
+  end
+end

test/web/auth/totp_authenticator_test.exs

@@ -0,0 +1,51 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.MFA
+  alias Pleroma.MFA.BackupCodes
+  alias Pleroma.MFA.TOTP
+  alias Pleroma.Web.Auth.TOTPAuthenticator
+
+  import Pleroma.Factory
+
+  test "verify token" do
+    otp_secret = TOTP.generate_secret()
+    otp_token = TOTP.generate_token(otp_secret)
+
+    user =
+      insert(:user,
+        multi_factor_authentication_settings: %MFA.Settings{
+          enabled: true,
+          totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+        }
+      )
+
+    assert TOTPAuthenticator.verify(otp_token, user) == {:ok, :pass}
+    assert TOTPAuthenticator.verify(nil, user) == {:error, :invalid_token}
+    assert TOTPAuthenticator.verify("", user) == {:error, :invalid_token}
+  end
+
+  test "checks backup codes" do
+    [code | _] = backup_codes = BackupCodes.generate()
+
+    hashed_codes =
+      backup_codes
+      |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+
+    user =
+      insert(:user,
+        multi_factor_authentication_settings: %MFA.Settings{
+          enabled: true,
+          backup_codes: hashed_codes,
+          totp: %MFA.Settings.TOTP{secret: "otp_secret", confirmed: true}
+        }
+      )
+
+    assert TOTPAuthenticator.verify_recovery_code(user, code) == {:ok, :pass}
+    refute TOTPAuthenticator.verify_recovery_code(code, refresh_record(user)) == {:ok, :pass}
+  end
+end

test/web/common_api/common_api_test.exs

@@ -9,11 +9,13 @@ defmodule Pleroma.Web.CommonAPITest do
   alias Pleroma.Object
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Web.AdminAPI.AccountView
   alias Pleroma.Web.CommonAPI
 
   import Pleroma.Factory
+  import Mock
 
   require Pleroma.Constants
 
@@ -21,14 +23,176 @@ defmodule Pleroma.Web.CommonAPITest do
   setup do: clear_config([:instance, :limit])
   setup do: clear_config([:instance, :max_pinned_statuses])
 
+  describe "unblocking" do
+    test "it works even without an existing block activity" do
+      blocked = insert(:user)
+      blocker = insert(:user)
+      User.block(blocker, blocked)
+
+      assert User.blocks?(blocker, blocked)
+      assert {:ok, :no_activity} == CommonAPI.unblock(blocker, blocked)
+      refute User.blocks?(blocker, blocked)
+    end
+  end
+
+  describe "deletion" do
+    test "it works with pruned objects" do
+      user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      Object.normalize(post, false)
+      |> Object.prune()
+
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        assert {:ok, delete} = CommonAPI.delete(post.id, user)
+        assert delete.local
+        assert called(Pleroma.Web.Federator.publish(delete))
+      end
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "it allows users to delete their posts" do
+      user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        assert {:ok, delete} = CommonAPI.delete(post.id, user)
+        assert delete.local
+        assert called(Pleroma.Web.Federator.publish(delete))
+      end
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "it does not allow a user to delete their posts" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      assert {:error, "Could not delete"} = CommonAPI.delete(post.id, other_user)
+      assert Activity.get_by_id(post.id)
+    end
+
+    test "it allows moderators to delete other user's posts" do
+      user = insert(:user)
+      moderator = insert(:user, is_moderator: true)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+      assert delete.local
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "it allows admins to delete other user's posts" do
+      user = insert(:user)
+      moderator = insert(:user, is_admin: true)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+      assert delete.local
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "superusers deleting non-local posts won't federate the delete" do
+      # This is the user of the ingested activity
+      _user =
+        insert(:user,
+          local: false,
+          ap_id: "http://mastodon.example.org/users/admin",
+          last_refreshed_at: NaiveDateTime.utc_now()
+        )
+
+      moderator = insert(:user, is_admin: true)
+
+      data =
+        File.read!("test/fixtures/mastodon-post-activity.json")
+        |> Jason.decode!()
+
+      {:ok, post} = Transmogrifier.handle_incoming(data)
+
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+        assert delete.local
+        refute called(Pleroma.Web.Federator.publish(:_))
+      end
+
+      refute Activity.get_by_id(post.id)
+    end
+  end
+
+  test "favoriting race condition" do
+    user = insert(:user)
+    users_serial = insert_list(10, :user)
+    users = insert_list(10, :user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "."})
+
+    users_serial
+    |> Enum.map(fn user ->
+      CommonAPI.favorite(user, activity.id)
+    end)
+
+    object = Object.get_by_ap_id(activity.data["object"])
+    assert object.data["like_count"] == 10
+
+    users
+    |> Enum.map(fn user ->
+      Task.async(fn ->
+        CommonAPI.favorite(user, activity.id)
+      end)
+    end)
+    |> Enum.map(&Task.await/1)
+
+    object = Object.get_by_ap_id(activity.data["object"])
+    assert object.data["like_count"] == 20
+  end
+
+  test "repeating race condition" do
+    user = insert(:user)
+    users_serial = insert_list(10, :user)
+    users = insert_list(10, :user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "."})
+
+    users_serial
+    |> Enum.map(fn user ->
+      CommonAPI.repeat(activity.id, user)
+    end)
+
+    object = Object.get_by_ap_id(activity.data["object"])
+    assert object.data["announcement_count"] == 10
+
+    users
+    |> Enum.map(fn user ->
+      Task.async(fn ->
+        CommonAPI.repeat(activity.id, user)
+      end)
+    end)
+    |> Enum.map(&Task.await/1)
+
+    object = Object.get_by_ap_id(activity.data["object"])
+    assert object.data["announcement_count"] == 20
+  end
+
   test "when replying to a conversation / participation, it will set the correct context id even if no explicit reply_to is given" do
     user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"})
 
     [participation] = Participation.for_user(user)
 
     {:ok, convo_reply} =
-      CommonAPI.post(user, %{"status" => ".", "in_reply_to_conversation_id" => participation.id})
+      CommonAPI.post(user, %{status: ".", in_reply_to_conversation_id: participation.id})
 
     assert Visibility.is_direct?(convo_reply)
 
@@ -42,8 +206,8 @@ defmodule Pleroma.Web.CommonAPITest do
 
     {:ok, activity} =
       CommonAPI.post(har, %{
-        "status" => "@#{jafnhar.nickname} hey",
-        "visibility" => "direct"
+        status: "@#{jafnhar.nickname} hey",
+        visibility: "direct"
       })
 
     assert har.ap_id in activity.recipients
@@ -53,10 +217,10 @@ defmodule Pleroma.Web.CommonAPITest do
 
     {:ok, activity} =
       CommonAPI.post(har, %{
-        "status" => "I don't really like @#{tridi.nickname}",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => activity.id,
-        "in_reply_to_conversation_id" => participation.id
+        status: "I don't really like @#{tridi.nickname}",
+        visibility: "direct",
+        in_reply_to_status_id: activity.id,
+        in_reply_to_conversation_id: participation.id
       })
 
     assert har.ap_id in activity.recipients
@@ -73,8 +237,8 @@ defmodule Pleroma.Web.CommonAPITest do
 
     {:ok, activity} =
       CommonAPI.post(har, %{
-        "status" => "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
-        "visibility" => "direct"
+        status: "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
+        visibility: "direct"
       })
 
     refute tridi.ap_id in activity.recipients
@@ -83,7 +247,7 @@ defmodule Pleroma.Web.CommonAPITest do
 
   test "it de-duplicates tags" do
     user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu #2HU"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU"})
 
     object = Object.normalize(activity)
 
@@ -92,23 +256,11 @@ defmodule Pleroma.Web.CommonAPITest do
 
   test "it adds emoji in the object" do
     user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => ":firefox:"})
+    {:ok, activity} = CommonAPI.post(user, %{status: ":firefox:"})
 
     assert Object.normalize(activity).data["emoji"]["firefox"]
   end
 
-  test "it adds emoji when updating profiles" do
-    user = insert(:user, %{name: ":firefox:"})
-
-    {:ok, activity} = CommonAPI.update(user)
-    user = User.get_cached_by_ap_id(user.ap_id)
-    [firefox] = user.source_data["tag"]
-
-    assert firefox["name"] == ":firefox:"
-
-    assert Pleroma.Constants.as_public() in activity.recipients
-  end
-
   describe "posting" do
     test "it supports explicit addressing" do
       user = insert(:user)
@@ -118,9 +270,9 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" =>
+          status:
             "Hey, I think @#{user_three.nickname} is ugly. @#{user_four.nickname} is alright though.",
-          "to" => [user_two.nickname, user_four.nickname, "nonexistent"]
+          to: [user_two.nickname, user_four.nickname, "nonexistent"]
         })
 
       assert user.ap_id in activity.recipients
@@ -136,8 +288,8 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => post,
-          "content_type" => "text/html"
+          status: post,
+          content_type: "text/html"
         })
 
       object = Object.normalize(activity)
@@ -152,8 +304,8 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => post,
-          "content_type" => "text/markdown"
+          status: post,
+          content_type: "text/markdown"
         })
 
       object = Object.normalize(activity)
@@ -164,21 +316,21 @@ defmodule Pleroma.Web.CommonAPITest do
     test "it does not allow replies to direct messages that are not direct messages themselves" do
       user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"})
 
       assert {:ok, _} =
                CommonAPI.post(user, %{
-                 "status" => "suya..",
-                 "visibility" => "direct",
-                 "in_reply_to_status_id" => activity.id
+                 status: "suya..",
+                 visibility: "direct",
+                 in_reply_to_status_id: activity.id
                })
 
       Enum.each(["public", "private", "unlisted"], fn visibility ->
         assert {:error, "The message visibility must be direct"} =
                  CommonAPI.post(user, %{
-                   "status" => "suya..",
-                   "visibility" => visibility,
-                   "in_reply_to_status_id" => activity.id
+                   status: "suya..",
+                   visibility: visibility,
+                   in_reply_to_status_id: activity.id
                  })
       end)
     end
@@ -187,8 +339,7 @@ defmodule Pleroma.Web.CommonAPITest do
       user = insert(:user)
       {:ok, list} = Pleroma.List.create("foo", user)
 
-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "foobar", visibility: "list:#{list.id}"})
 
       assert activity.data["bcc"] == [list.ap_id]
       assert activity.recipients == [list.ap_id, user.ap_id]
@@ -199,7 +350,7 @@ defmodule Pleroma.Web.CommonAPITest do
       user = insert(:user)
 
       assert {:error, "Cannot post an empty status without attachments"} =
-               CommonAPI.post(user, %{"status" => ""})
+               CommonAPI.post(user, %{status: ""})
     end
 
     test "it validates character limits are correctly enforced" do
@@ -208,9 +359,9 @@ defmodule Pleroma.Web.CommonAPITest do
       user = insert(:user)
 
       assert {:error, "The status is over the character limit"} =
-               CommonAPI.post(user, %{"status" => "foobar"})
+               CommonAPI.post(user, %{status: "foobar"})
 
-      assert {:ok, activity} = CommonAPI.post(user, %{"status" => "12345"})
+      assert {:ok, activity} = CommonAPI.post(user, %{status: "12345"})
     end
 
     test "it can handle activities that expire" do
@@ -221,8 +372,7 @@ defmodule Pleroma.Web.CommonAPITest do
         |> NaiveDateTime.truncate(:second)
         |> NaiveDateTime.add(1_000_000, :second)
 
-      assert {:ok, activity} =
-               CommonAPI.post(user, %{"status" => "chai", "expires_in" => 1_000_000})
+      assert {:ok, activity} = CommonAPI.post(user, %{status: "chai", expires_in: 1_000_000})
 
       assert expiration = Pleroma.ActivityExpiration.get_by_activity_id(activity.id)
       assert expiration.scheduled_at == expires_at
@@ -234,14 +384,14 @@ defmodule Pleroma.Web.CommonAPITest do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
 
-      {:ok, reaction, _} = CommonAPI.react_with_emoji(activity.id, user, "👍")
+      {:ok, reaction} = CommonAPI.react_with_emoji(activity.id, user, "👍")
 
       assert reaction.data["actor"] == user.ap_id
       assert reaction.data["content"] == "👍"
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
 
       {:error, _} = CommonAPI.react_with_emoji(activity.id, user, ".")
     end
@@ -250,32 +400,43 @@ defmodule Pleroma.Web.CommonAPITest do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, reaction, _} = CommonAPI.react_with_emoji(activity.id, user, "👍")
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
+      {:ok, reaction} = CommonAPI.react_with_emoji(activity.id, user, "👍")
 
-      {:ok, unreaction, _} = CommonAPI.unreact_with_emoji(activity.id, user, "👍")
+      {:ok, unreaction} = CommonAPI.unreact_with_emoji(activity.id, user, "👍")
 
       assert unreaction.data["type"] == "Undo"
       assert unreaction.data["object"] == reaction.data["id"]
+      assert unreaction.local
     end
 
     test "repeating a status" do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
 
       {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
     end
 
+    test "can't repeat a repeat" do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
+
+      {:ok, %Activity{} = announce, _} = CommonAPI.repeat(activity.id, other_user)
+
+      refute match?({:ok, %Activity{}, _}, CommonAPI.repeat(announce.id, user))
+    end
+
     test "repeating a status privately" do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
 
       {:ok, %Activity{} = announce_activity, _} =
-        CommonAPI.repeat(activity.id, user, %{"visibility" => "private"})
+        CommonAPI.repeat(activity.id, user, %{visibility: "private"})
 
       assert Visibility.is_private?(announce_activity)
     end
@@ -284,27 +445,30 @@ defmodule Pleroma.Web.CommonAPITest do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, post_activity} = CommonAPI.post(other_user, %{status: "cofe"})
 
-      {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
+      {:ok, %Activity{data: data}} = CommonAPI.favorite(user, post_activity.id)
+      assert data["type"] == "Like"
+      assert data["actor"] == user.ap_id
+      assert data["object"] == post_activity.data["object"]
     end
 
     test "retweeting a status twice returns the status" do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, %Activity{} = activity, object} = CommonAPI.repeat(activity.id, user)
-      {:ok, ^activity, ^object} = CommonAPI.repeat(activity.id, user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
+      {:ok, %Activity{} = announce, object} = CommonAPI.repeat(activity.id, user)
+      {:ok, ^announce, ^object} = CommonAPI.repeat(activity.id, user)
     end
 
-    test "favoriting a status twice returns the status" do
+    test "favoriting a status twice returns ok, but without the like activity" do
       user = insert(:user)
       other_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, %Activity{} = activity, object} = CommonAPI.favorite(activity.id, user)
-      {:ok, ^activity, ^object} = CommonAPI.favorite(activity.id, user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
+      {:ok, %Activity{}} = CommonAPI.favorite(user, activity.id)
+      assert {:ok, :already_liked} = CommonAPI.favorite(user, activity.id)
     end
   end
 
@@ -313,7 +477,7 @@ defmodule Pleroma.Web.CommonAPITest do
       Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
 
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
 
       [user: user, activity: activity]
     end
@@ -330,8 +494,8 @@ defmodule Pleroma.Web.CommonAPITest do
     test "pin poll", %{user: user} do
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "How is fediverse today?",
-          "poll" => %{"options" => ["Absolutely outstanding", "Not good"], "expires_in" => 20}
+          status: "How is fediverse today?",
+          poll: %{options: ["Absolutely outstanding", "Not good"], expires_in: 20}
         })
 
       assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
@@ -343,7 +507,7 @@ defmodule Pleroma.Web.CommonAPITest do
     end
 
     test "unlisted statuses can be pinned", %{user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!", "visibility" => "unlisted"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!", visibility: "unlisted"})
       assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
     end
 
@@ -354,7 +518,7 @@ defmodule Pleroma.Web.CommonAPITest do
     end
 
     test "max pinned statuses", %{user: user, activity: activity_one} do
-      {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"})
 
       assert {:ok, ^activity_one} = CommonAPI.pin(activity_one.id, user)
 
@@ -369,7 +533,9 @@ defmodule Pleroma.Web.CommonAPITest do
 
       user = refresh_record(user)
 
-      assert {:ok, ^activity} = CommonAPI.unpin(activity.id, user)
+      id = activity.id
+
+      assert match?({:ok, %{id: ^id}}, CommonAPI.unpin(activity.id, user))
 
       user = refresh_record(user)
 
@@ -420,7 +586,7 @@ defmodule Pleroma.Web.CommonAPITest do
       reporter = insert(:user)
       target_user = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
+      {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"})
 
       reporter_ap_id = reporter.ap_id
       target_ap_id = target_user.ap_id
@@ -428,9 +594,9 @@ defmodule Pleroma.Web.CommonAPITest do
       comment = "foobar"
 
       report_data = %{
-        "account_id" => target_user.id,
-        "comment" => comment,
-        "status_ids" => [activity.id]
+        account_id: target_user.id,
+        comment: comment,
+        status_ids: [activity.id]
       }
 
       note_obj = %{
@@ -460,9 +626,9 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, %Activity{id: report_id}} =
         CommonAPI.report(reporter, %{
-          "account_id" => target_user.id,
-          "comment" => "I feel offended",
-          "status_ids" => [activity.id]
+          account_id: target_user.id,
+          comment: "I feel offended",
+          status_ids: [activity.id]
         })
 
       {:ok, report} = CommonAPI.update_report_state(report_id, "resolved")
@@ -481,9 +647,9 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, %Activity{id: report_id}} =
         CommonAPI.report(reporter, %{
-          "account_id" => target_user.id,
-          "comment" => "I feel offended",
-          "status_ids" => [activity.id]
+          account_id: target_user.id,
+          comment: "I feel offended",
+          status_ids: [activity.id]
         })
 
       assert CommonAPI.update_report_state(report_id, "test") == {:error, "Unsupported state"}
@@ -495,16 +661,16 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, %Activity{id: first_report_id}} =
         CommonAPI.report(reporter, %{
-          "account_id" => target_user.id,
-          "comment" => "I feel offended",
-          "status_ids" => [activity.id]
+          account_id: target_user.id,
+          comment: "I feel offended",
+          status_ids: [activity.id]
         })
 
       {:ok, %Activity{id: second_report_id}} =
         CommonAPI.report(reporter, %{
-          "account_id" => target_user.id,
-          "comment" => "I feel very offended!",
-          "status_ids" => [activity.id]
+          account_id: target_user.id,
+          comment: "I feel very offended!",
+          status_ids: [activity.id]
         })
 
       {:ok, report_ids} =
@@ -562,7 +728,7 @@ defmodule Pleroma.Web.CommonAPITest do
       assert {:ok, follower, followed, %{id: activity_id, data: %{"state" => "pending"}}} =
                CommonAPI.follow(follower, followed)
 
-      assert User.get_follow_state(follower, followed) == "pending"
+      assert User.get_follow_state(follower, followed) == :follow_pending
       assert {:ok, follower} = CommonAPI.unfollow(follower, followed)
       assert User.get_follow_state(follower, followed) == nil
 
@@ -584,7 +750,7 @@ defmodule Pleroma.Web.CommonAPITest do
       assert {:ok, follower, followed, %{id: activity_id, data: %{"state" => "pending"}}} =
                CommonAPI.follow(follower, followed)
 
-      assert User.get_follow_state(follower, followed) == "pending"
+      assert User.get_follow_state(follower, followed) == :follow_pending
       assert {:ok, follower} = CommonAPI.unfollow(follower, followed)
       assert User.get_follow_state(follower, followed) == nil
 
@@ -640,6 +806,14 @@ defmodule Pleroma.Web.CommonAPITest do
       assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
       assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
     end
+
+    test "doesn't create a following relationship if the corresponding follow request doesn't exist" do
+      user = insert(:user, locked: true)
+      not_follower = insert(:user)
+      CommonAPI.accept_follow_request(not_follower, user)
+
+      assert Pleroma.FollowingRelationship.following?(not_follower, user) == false
+    end
   end
 
   describe "vote/3" do
@@ -649,8 +823,8 @@ defmodule Pleroma.Web.CommonAPITest do
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20}
         })
 
       object = Object.normalize(activity)

test/web/common_api/common_api_utils_test.exs

@@ -7,7 +7,6 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
   alias Pleroma.Object
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.CommonAPI.Utils
-  alias Pleroma.Web.Endpoint
   use Pleroma.DataCase
 
   import ExUnit.CaptureLog
@@ -42,28 +41,6 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
     end
   end
 
-  test "parses emoji from name and bio" do
-    {:ok, user} = UserBuilder.insert(%{name: ":blank:", bio: ":firefox:"})
-
-    expected = [
-      %{
-        "type" => "Emoji",
-        "icon" => %{"type" => "Image", "url" => "#{Endpoint.url()}/emoji/Firefox.gif"},
-        "name" => ":firefox:"
-      },
-      %{
-        "type" => "Emoji",
-        "icon" => %{
-          "type" => "Image",
-          "url" => "#{Endpoint.url()}/emoji/blank.png"
-        },
-        "name" => ":blank:"
-      }
-    ]
-
-    assert expected == Utils.emoji_from_profile(user)
-  end
-
   describe "format_input/3" do
     test "works for bare text/plain" do
       text = "hello world!"
@@ -159,11 +136,11 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       {output, _, _} = Utils.format_input(text, "text/markdown")
 
       assert output ==
-               ~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a data-user="#{
+               ~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a class="u-url mention" data-user="#{
                  user.id
-               }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a data-user="#{
+               }" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a class="u-url mention" data-user="#{
                  user.id
-               }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>)
+               }" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>)
     end
   end
 
@@ -251,7 +228,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       user = insert(:user)
       mentioned_user = insert(:user)
       third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
       mentions = [mentioned_user.ap_id]
 
       {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "public", nil)
@@ -284,7 +261,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       user = insert(:user)
       mentioned_user = insert(:user)
       third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
       mentions = [mentioned_user.ap_id]
 
       {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "unlisted", nil)
@@ -315,7 +292,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       user = insert(:user)
       mentioned_user = insert(:user)
       third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
       mentions = [mentioned_user.ap_id]
 
       {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "private", nil)
@@ -345,7 +322,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       user = insert(:user)
       mentioned_user = insert(:user)
       third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
       mentions = [mentioned_user.ap_id]
 
       {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "direct", nil)
@@ -358,26 +335,6 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
     end
   end
 
-  describe "get_by_id_or_ap_id/1" do
-    test "get activity by id" do
-      activity = insert(:note_activity)
-      %Pleroma.Activity{} = note = Utils.get_by_id_or_ap_id(activity.id)
-      assert note.id == activity.id
-    end
-
-    test "get activity by ap_id" do
-      activity = insert(:note_activity)
-      %Pleroma.Activity{} = note = Utils.get_by_id_or_ap_id(activity.data["object"])
-      assert note.id == activity.id
-    end
-
-    test "get activity by object when type isn't `Create` " do
-      activity = insert(:like_activity)
-      %Pleroma.Activity{} = like = Utils.get_by_id_or_ap_id(activity.id)
-      assert like.data["object"] == activity.data["object"]
-    end
-  end
-
   describe "to_master_date/1" do
     test "removes microseconds from date (NaiveDateTime)" do
       assert Utils.to_masto_date(~N[2015-01-23 23:50:07.123]) == "2015-01-23T23:50:07.000Z"
@@ -472,6 +429,13 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       activity = insert(:note_activity, user: user, note: object)
       Pleroma.Repo.delete(object)
 
+      obj_url = activity.data["object"]
+
+      Tesla.Mock.mock(fn
+        %{method: :get, url: ^obj_url} ->
+          %Tesla.Env{status: 404, body: ""}
+      end)
+
       assert Utils.maybe_notify_mentioned_recipients(["test-test"], activity) == [
                "test-test"
              ]
@@ -499,8 +463,8 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       desc = Jason.encode!(%{object.id => "test-desc"})
 
       assert Utils.attachments_from_ids(%{
-               "media_ids" => ["#{object.id}"],
-               "descriptions" => desc
+               media_ids: ["#{object.id}"],
+               descriptions: desc
              }) == [
                Map.merge(object.data, %{"name" => "test-desc"})
              ]
@@ -508,7 +472,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
 
     test "returns attachments without descs" do
       object = insert(:note)
-      assert Utils.attachments_from_ids(%{"media_ids" => ["#{object.id}"]}) == [object.data]
+      assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}) == [object.data]
     end
 
     test "returns [] when not pass media_ids" do

test/web/federator_test.exs

@@ -29,7 +29,7 @@ defmodule Pleroma.Web.FederatorTest do
   describe "Publish an activity" do
     setup do
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI"})
 
       relay_mock = {
         Pleroma.Web.ActivityPub.Relay,
@@ -78,7 +78,7 @@ defmodule Pleroma.Web.FederatorTest do
         local: false,
         nickname: "nick1@domain.com",
         ap_id: "https://domain.com/users/nick1",
-        source_data: %{"inbox" => inbox1},
+        inbox: inbox1,
         ap_enabled: true
       })
 
@@ -86,7 +86,7 @@ defmodule Pleroma.Web.FederatorTest do
         local: false,
         nickname: "nick2@domain2.com",
         ap_id: "https://domain2.com/users/nick2",
-        source_data: %{"inbox" => inbox2},
+        inbox: inbox2,
         ap_enabled: true
       })
 
@@ -96,7 +96,7 @@ defmodule Pleroma.Web.FederatorTest do
       Instances.set_consistently_unreachable(URI.parse(inbox2).host)
 
       {:ok, _activity} =
-        CommonAPI.post(user, %{"status" => "HI @nick1@domain.com, @nick2@domain2.com!"})
+        CommonAPI.post(user, %{status: "HI @nick1@domain.com, @nick2@domain2.com!"})
 
       expected_dt = NaiveDateTime.to_iso8601(dt)
 
@@ -130,6 +130,9 @@ defmodule Pleroma.Web.FederatorTest do
 
       assert {:ok, job} = Federator.incoming_ap_doc(params)
       assert {:ok, _activity} = ObanHelpers.perform(job)
+
+      assert {:ok, job} = Federator.incoming_ap_doc(params)
+      assert {:error, :already_present} = ObanHelpers.perform(job)
     end
 
     test "rejects incoming AP docs with incorrect origin" do
@@ -148,7 +151,7 @@ defmodule Pleroma.Web.FederatorTest do
       }
 
       assert {:ok, job} = Federator.incoming_ap_doc(params)
-      assert :error = ObanHelpers.perform(job)
+      assert {:error, :origin_containment_failed} = ObanHelpers.perform(job)
     end
 
     test "it does not crash if MRF rejects the post" do
@@ -164,7 +167,7 @@ defmodule Pleroma.Web.FederatorTest do
         |> Poison.decode!()
 
       assert {:ok, job} = Federator.incoming_ap_doc(params)
-      assert :error = ObanHelpers.perform(job)
+      assert {:error, _} = ObanHelpers.perform(job)
     end
   end
 end

test/web/feed/tag_controller_test.exs

@@ -21,7 +21,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
     )
 
     user = insert(:user)
-    {:ok, activity1} = CommonAPI.post(user, %{"status" => "yeah #PleromaArt"})
+    {:ok, activity1} = CommonAPI.post(user, %{status: "yeah #PleromaArt"})
 
     object = Object.normalize(activity1)
 
@@ -43,9 +43,9 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
     |> Ecto.Changeset.change(data: object_data)
     |> Pleroma.Repo.update()
 
-    {:ok, activity2} = CommonAPI.post(user, %{"status" => "42 This is :moominmamma #PleromaArt"})
+    {:ok, activity2} = CommonAPI.post(user, %{status: "42 This is :moominmamma #PleromaArt"})
 
-    {:ok, _activity3} = CommonAPI.post(user, %{"status" => "This is :moominmamma"})
+    {:ok, _activity3} = CommonAPI.post(user, %{status: "This is :moominmamma"})
 
     response =
       conn
@@ -88,7 +88,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
     )
 
     user = insert(:user)
-    {:ok, activity1} = CommonAPI.post(user, %{"status" => "yeah #PleromaArt"})
+    {:ok, activity1} = CommonAPI.post(user, %{status: "yeah #PleromaArt"})
 
     object = Object.normalize(activity1)
 
@@ -110,9 +110,9 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
     |> Ecto.Changeset.change(data: object_data)
     |> Pleroma.Repo.update()
 
-    {:ok, activity2} = CommonAPI.post(user, %{"status" => "42 This is :moominmamma #PleromaArt"})
+    {:ok, activity2} = CommonAPI.post(user, %{status: "42 This is :moominmamma #PleromaArt"})
 
-    {:ok, _activity3} = CommonAPI.post(user, %{"status" => "This is :moominmamma"})
+    {:ok, _activity3} = CommonAPI.post(user, %{status: "This is :moominmamma"})
 
     response =
       conn
@@ -138,8 +138,8 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
            ]
 
     assert xpath(xml, ~x"//channel/item/pubDate/text()"sl) == [
-             FeedView.pub_date(activity1.data["published"]),
-             FeedView.pub_date(activity2.data["published"])
+             FeedView.pub_date(activity2.data["published"]),
+             FeedView.pub_date(activity1.data["published"])
            ]
 
     assert xpath(xml, ~x"//channel/item/enclosure/@url"sl) == [
@@ -150,8 +150,8 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
     obj2 = Object.normalize(activity2)
 
     assert xpath(xml, ~x"//channel/item/description/text()"sl) == [
-             HtmlEntities.decode(FeedView.activity_content(obj2)),
-             HtmlEntities.decode(FeedView.activity_content(obj1))
+             HtmlEntities.decode(FeedView.activity_content(obj2.data)),
+             HtmlEntities.decode(FeedView.activity_content(obj1.data))
            ]
 
     response =

test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs

@@ -14,6 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
 
   describe "updating credentials" do
     setup do: oauth_access(["write:accounts"])
+    setup :request_content_type
 
     test "sets user settings in a generic way", %{conn: conn} do
       res_conn =
@@ -25,7 +26,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           }
         })
 
-      assert user_data = json_response(res_conn, 200)
+      assert user_data = json_response_and_validate_schema(res_conn, 200)
       assert user_data["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
 
       user = Repo.get(User, user_data["id"])
@@ -41,7 +42,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           }
         })
 
-      assert user_data = json_response(res_conn, 200)
+      assert user_data = json_response_and_validate_schema(res_conn, 200)
 
       assert user_data["pleroma"]["settings_store"] ==
                %{
@@ -62,7 +63,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           }
         })
 
-      assert user_data = json_response(res_conn, 200)
+      assert user_data = json_response_and_validate_schema(res_conn, 200)
 
       assert user_data["pleroma"]["settings_store"] ==
                %{
@@ -79,18 +80,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           "note" => "I drink #cofe with @#{user2.nickname}\n\nsuya.."
         })
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
 
       assert user_data["note"] ==
-               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{
+               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{
                  user2.id
-               }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
+               }" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..)
     end
 
     test "updates the user's locking status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["locked"] == true
     end
 
@@ -100,24 +101,36 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{allow_following_move: "false"})
 
       assert refresh_record(user).allow_following_move == false
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["pleroma"]["allow_following_move"] == false
     end
 
     test "updates the user's default scope", %{conn: conn} do
-      conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
+      conn = patch(conn, "/api/v1/accounts/update_credentials", %{default_scope: "unlisted"})
 
-      assert user_data = json_response(conn, 200)
-      assert user_data["source"]["privacy"] == "cofe"
+      assert user_data = json_response_and_validate_schema(conn, 200)
+      assert user_data["source"]["privacy"] == "unlisted"
     end
 
     test "updates the user's hide_followers status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["pleroma"]["hide_followers"] == true
     end
 
+    test "updates the user's discoverable status", %{conn: conn} do
+      assert %{"source" => %{"pleroma" => %{"discoverable" => true}}} =
+               conn
+               |> patch("/api/v1/accounts/update_credentials", %{discoverable: "true"})
+               |> json_response_and_validate_schema(:ok)
+
+      assert %{"source" => %{"pleroma" => %{"discoverable" => false}}} =
+               conn
+               |> patch("/api/v1/accounts/update_credentials", %{discoverable: "false"})
+               |> json_response_and_validate_schema(:ok)
+    end
+
     test "updates the user's hide_followers_count and hide_follows_count", %{conn: conn} do
       conn =
         patch(conn, "/api/v1/accounts/update_credentials", %{
@@ -125,7 +138,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           hide_follows_count: "true"
         })
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["pleroma"]["hide_followers_count"] == true
       assert user_data["pleroma"]["hide_follows_count"] == true
     end
@@ -134,7 +147,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
       response =
         conn
         |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert response["pleroma"]["skip_thread_containment"] == true
       assert refresh_record(user).skip_thread_containment
@@ -143,28 +156,28 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
     test "updates the user's hide_follows status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_follows: "true"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["pleroma"]["hide_follows"] == true
     end
 
     test "updates the user's hide_favorites status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["pleroma"]["hide_favorites"] == true
     end
 
     test "updates the user's show_role status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{show_role: "false"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["source"]["pleroma"]["show_role"] == false
     end
 
     test "updates the user's no_rich_text status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["source"]["pleroma"]["no_rich_text"] == true
     end
 
@@ -172,7 +185,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
       conn =
         patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
       assert user_data["display_name"] == "markorepairs"
     end
 
@@ -185,7 +198,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
 
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
 
-      assert user_response = json_response(conn, 200)
+      assert user_response = json_response_and_validate_schema(conn, 200)
       assert user_response["avatar"] != User.avatar_url(user)
     end
 
@@ -198,7 +211,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
 
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header})
 
-      assert user_response = json_response(conn, 200)
+      assert user_response = json_response_and_validate_schema(conn, 200)
       assert user_response["header"] != User.banner_url(user)
     end
 
@@ -214,7 +227,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           "pleroma_background_image" => new_header
         })
 
-      assert user_response = json_response(conn, 200)
+      assert user_response = json_response_and_validate_schema(conn, 200)
       assert user_response["pleroma"]["background_image"]
     end
 
@@ -225,14 +238,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
       for token <- [token1, token2] do
         conn =
           build_conn()
+          |> put_req_header("content-type", "multipart/form-data")
           |> put_req_header("authorization", "Bearer #{token.token}")
           |> patch("/api/v1/accounts/update_credentials", %{})
 
         if token == token1 do
           assert %{"error" => "Insufficient permissions: write:accounts."} ==
-                   json_response(conn, 403)
+                   json_response_and_validate_schema(conn, 403)
         else
-          assert json_response(conn, 200)
+          assert json_response_and_validate_schema(conn, 200)
         end
       end
     end
@@ -247,11 +261,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
           "display_name" => name
         })
 
-      assert json_response(ret_conn, 200)
+      assert json_response_and_validate_schema(ret_conn, 200)
 
       conn = get(conn, "/api/v1/accounts/#{user.id}")
 
-      assert user_data = json_response(conn, 200)
+      assert user_data = json_response_and_validate_schema(conn, 200)
 
       assert user_data["note"] == note
       assert user_data["display_name"] == name
@@ -261,17 +275,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
     test "update fields", %{conn: conn} do
       fields = [
         %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
-        %{"name" => "link", "value" => "cofe.io"}
+        %{"name" => "link.io", "value" => "cofe.io"}
       ]
 
       account_data =
         conn
         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert account_data["fields"] == [
                %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
-               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
+               %{
+                 "name" => "link.io",
+                 "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)
+               }
              ]
 
       assert account_data["source"]["fields"] == [
@@ -279,14 +296,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
                  "name" => "<a href=\"http://google.com\">foo</a>",
                  "value" => "<script>bar</script>"
                },
-               %{"name" => "link", "value" => "cofe.io"}
+               %{"name" => "link.io", "value" => "cofe.io"}
              ]
+    end
 
+    test "update fields via x-www-form-urlencoded", %{conn: conn} do
       fields =
         [
           "fields_attributes[1][name]=link",
-          "fields_attributes[1][value]=cofe.io",
-          "fields_attributes[0][name]=<a href=\"http://google.com\">foo</a>",
+          "fields_attributes[1][value]=http://cofe.io",
+          "fields_attributes[0][name]=foo",
           "fields_attributes[0][value]=bar"
         ]
         |> Enum.join("&")
@@ -295,54 +314,23 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
         conn
         |> put_req_header("content-type", "application/x-www-form-urlencoded")
         |> patch("/api/v1/accounts/update_credentials", fields)
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert account["fields"] == [
-               %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
-               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
+               %{"name" => "foo", "value" => "bar"},
+               %{
+                 "name" => "link",
+                 "value" => ~S(<a href="http://cofe.io" rel="ugc">http://cofe.io</a>)
+               }
              ]
 
       assert account["source"]["fields"] == [
-               %{
-                 "name" => "<a href=\"http://google.com\">foo</a>",
-                 "value" => "bar"
-               },
-               %{"name" => "link", "value" => "cofe.io"}
+               %{"name" => "foo", "value" => "bar"},
+               %{"name" => "link", "value" => "http://cofe.io"}
              ]
+    end
 
-      name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
-      value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
-
-      long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
-
-      fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
-
-      assert %{"error" => "Invalid request"} ==
-               conn
-               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response(403)
-
-      long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
-
-      fields = [%{"name" => long_name, "value" => "bar"}]
-
-      assert %{"error" => "Invalid request"} ==
-               conn
-               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response(403)
-
-      Pleroma.Config.put([:instance, :max_account_fields], 1)
-
-      fields = [
-        %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
-        %{"name" => "link", "value" => "cofe.io"}
-      ]
-
-      assert %{"error" => "Invalid request"} ==
-               conn
-               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response(403)
-
+    test "update fields with empty name", %{conn: conn} do
       fields = [
         %{"name" => "foo", "value" => ""},
         %{"name" => "", "value" => "bar"}
@@ -351,11 +339,45 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
       account =
         conn
         |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert account["fields"] == [
                %{"name" => "foo", "value" => ""}
              ]
     end
+
+    test "update fields when invalid request", %{conn: conn} do
+      name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
+      value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
+
+      long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
+      long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
+
+      fields = [%{"name" => "foo", "value" => long_value}]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+               |> json_response_and_validate_schema(403)
+
+      fields = [%{"name" => long_name, "value" => "bar"}]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+               |> json_response_and_validate_schema(403)
+
+      Pleroma.Config.put([:instance, :max_account_fields], 1)
+
+      fields = [
+        %{"name" => "foo", "value" => "bar"},
+        %{"name" => "link", "value" => "cofe.io"}
+      ]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
+               |> json_response_and_validate_schema(403)
+    end
   end
 end

test/web/mastodon_api/controllers/app_controller_test.exs

@@ -16,8 +16,7 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
 
     conn =
       conn
-      |> assign(:user, token.user)
-      |> assign(:token, token)
+      |> put_req_header("authorization", "Bearer #{token.token}")
       |> get("/api/v1/apps/verify_credentials")
 
     app = Repo.preload(token, :app).app
@@ -28,7 +27,7 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
       "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
     }
 
-    assert expected == json_response(conn, 200)
+    assert expected == json_response_and_validate_schema(conn, 200)
   end
 
   test "creates an oauth app", %{conn: conn} do
@@ -37,6 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
 
     conn =
       conn
+      |> put_req_header("content-type", "application/json")
       |> assign(:user, user)
       |> post("/api/v1/apps", %{
         client_name: app_attrs.client_name,
@@ -55,6 +55,6 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
       "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
     }
 
-    assert expected == json_response(conn, 200)
+    assert expected == json_response_and_validate_schema(conn, 200)
   end
 end

test/web/mastodon_api/controllers/conversation_controller_test.exs

@@ -22,21 +22,21 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
 
     {:ok, direct} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
+        visibility: "direct"
       })
 
     assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1
 
     {:ok, _follower_only} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
-        "visibility" => "private"
+        status: "Hi @#{user_two.nickname}!",
+        visibility: "private"
       })
 
     res_conn = get(conn, "/api/v1/conversations")
 
-    assert response = json_response(res_conn, 200)
+    assert response = json_response_and_validate_schema(res_conn, 200)
 
     assert [
              %{
@@ -63,46 +63,46 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
 
     {:ok, direct1} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_two.nickname}!",
+        visibility: "direct"
       })
 
     {:ok, _direct2} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_three.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_three.nickname}!",
+        visibility: "direct"
       })
 
     {:ok, direct3} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
+        visibility: "direct"
       })
 
     {:ok, _direct4} =
       CommonAPI.post(user_two, %{
-        "status" => "Hi @#{user_three.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_three.nickname}!",
+        visibility: "direct"
       })
 
     {:ok, direct5} =
       CommonAPI.post(user_two, %{
-        "status" => "Hi @#{user_one.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_one.nickname}!",
+        visibility: "direct"
       })
 
-    [conversation1, conversation2] =
-      conn
-      |> get("/api/v1/conversations", %{"recipients" => [user_two.id]})
-      |> json_response(200)
+    assert [conversation1, conversation2] =
+             conn
+             |> get("/api/v1/conversations?recipients[]=#{user_two.id}")
+             |> json_response_and_validate_schema(200)
 
     assert conversation1["last_status"]["id"] == direct5.id
     assert conversation2["last_status"]["id"] == direct1.id
 
     [conversation1] =
       conn
-      |> get("/api/v1/conversations", %{"recipients" => [user_two.id, user_three.id]})
-      |> json_response(200)
+      |> get("/api/v1/conversations?recipients[]=#{user_two.id}&recipients[]=#{user_three.id}")
+      |> json_response_and_validate_schema(200)
 
     assert conversation1["last_status"]["id"] == direct3.id
   end
@@ -112,21 +112,21 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
 
     {:ok, direct} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}",
-        "visibility" => "direct"
+        status: "Hi @#{user_two.nickname}",
+        visibility: "direct"
       })
 
     {:ok, direct_reply} =
       CommonAPI.post(user_two, %{
-        "status" => "reply",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => direct.id
+        status: "reply",
+        visibility: "direct",
+        in_reply_to_status_id: direct.id
       })
 
     [%{"last_status" => res_last_status}] =
       conn
       |> get("/api/v1/conversations")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)
 
     assert res_last_status["id"] == direct_reply.id
   end
@@ -136,8 +136,8 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
 
     {:ok, direct} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}",
-        "visibility" => "direct"
+        status: "Hi @#{user_two.nickname}",
+        visibility: "direct"
       })
 
     assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
@@ -154,12 +154,12 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
     [%{"id" => direct_conversation_id, "unread" => true}] =
       user_two_conn
       |> get("/api/v1/conversations")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)
 
     %{"unread" => false} =
       user_two_conn
       |> post("/api/v1/conversations/#{direct_conversation_id}/read")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)
 
     assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
     assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
@@ -167,15 +167,15 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
     # The conversation is marked as unread on reply
     {:ok, _} =
       CommonAPI.post(user_two, %{
-        "status" => "reply",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => direct.id
+        status: "reply",
+        visibility: "direct",
+        in_reply_to_status_id: direct.id
       })
 
     [%{"unread" => true}] =
       conn
       |> get("/api/v1/conversations")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)
 
     assert User.get_cached_by_id(user_one.id).unread_conversation_count == 1
     assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
@@ -183,9 +183,9 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
     # A reply doesn't increment the user's unread_conversation_count if the conversation is unread
     {:ok, _} =
       CommonAPI.post(user_two, %{
-        "status" => "reply",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => direct.id
+        status: "reply",
+        visibility: "direct",
+        in_reply_to_status_id: direct.id
       })
 
     assert User.get_cached_by_id(user_one.id).unread_conversation_count == 1
@@ -197,8 +197,8 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
 
     {:ok, direct} =
       CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
-        "visibility" => "direct"
+        status: "Hi @#{user_two.nickname}!",
+        visibility: "direct"
       })
 
     res_conn = get(conn, "/api/v1/statuses/#{direct.id}/context")

test/web/mastodon_api/controllers/custom_emoji_controller_test.exs

@@ -6,11 +6,12 @@ defmodule Pleroma.Web.MastodonAPI.CustomEmojiControllerTest do
   use Pleroma.Web.ConnCase, async: true
 
   test "with tags", %{conn: conn} do
-    [emoji | _body] =
-      conn
-      |> get("/api/v1/custom_emojis")
-      |> json_response(200)
+    assert resp =
+             conn
+             |> get("/api/v1/custom_emojis")
+             |> json_response_and_validate_schema(200)
 
+    assert [emoji | _body] = resp
     assert Map.has_key?(emoji, "shortcode")
     assert Map.has_key?(emoji, "static_url")
     assert Map.has_key?(emoji, "tags")

test/web/mastodon_api/controllers/domain_block_controller_test.exs

@@ -13,15 +13,21 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
     %{user: user, conn: conn} = oauth_access(["write:blocks"])
     other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
 
-    ret_conn = post(conn, "/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
 
-    assert %{} = json_response(ret_conn, 200)
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
     user = User.get_cached_by_ap_id(user.ap_id)
     assert User.blocks?(user, other_user)
 
-    ret_conn = delete(conn, "/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> delete("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"})
 
-    assert %{} = json_response(ret_conn, 200)
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
     user = User.get_cached_by_ap_id(user.ap_id)
     refute User.blocks?(user, other_user)
   end
@@ -32,14 +38,10 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
     {:ok, user} = User.block_domain(user, "bad.site")
     {:ok, user} = User.block_domain(user, "even.worse.site")
 
-    conn =
-      conn
-      |> assign(:user, user)
-      |> get("/api/v1/domain_blocks")
-
-    domain_blocks = json_response(conn, 200)
-
-    assert "bad.site" in domain_blocks
-    assert "even.worse.site" in domain_blocks
+    assert ["even.worse.site", "bad.site"] ==
+             conn
+             |> assign(:user, user)
+             |> get("/api/v1/domain_blocks")
+             |> json_response_and_validate_schema(200)
   end
 end

test/web/mastodon_api/controllers/filter_controller_test.exs

@@ -15,9 +15,12 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
       context: ["home"]
     }
 
-    conn = post(conn, "/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
+    conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
 
-    assert response = json_response(conn, 200)
+    assert response = json_response_and_validate_schema(conn, 200)
     assert response["phrase"] == filter.phrase
     assert response["context"] == filter.context
     assert response["irreversible"] == false
@@ -48,12 +51,12 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
     response =
       conn
       |> get("/api/v1/filters")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)
 
     assert response ==
              render_json(
                FilterView,
-               "filters.json",
+               "index.json",
                filters: [filter_two, filter_one]
              )
   end
@@ -72,7 +75,7 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
 
     conn = get(conn, "/api/v1/filters/#{filter.filter_id}")
 
-    assert _response = json_response(conn, 200)
+    assert response = json_response_and_validate_schema(conn, 200)
   end
 
   test "update a filter" do
@@ -82,7 +85,8 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
       user_id: user.id,
       filter_id: 2,
       phrase: "knight",
-      context: ["home"]
+      context: ["home"],
+      hide: true
     }
 
     {:ok, _filter} = Pleroma.Filter.create(query)
@@ -93,14 +97,17 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
     }
 
     conn =
-      put(conn, "/api/v1/filters/#{query.filter_id}", %{
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> put("/api/v1/filters/#{query.filter_id}", %{
         phrase: new.phrase,
         context: new.context
       })
 
-    assert response = json_response(conn, 200)
+    assert response = json_response_and_validate_schema(conn, 200)
     assert response["phrase"] == new.phrase
     assert response["context"] == new.context
+    assert response["irreversible"] == true
   end
 
   test "delete a filter" do
@@ -117,7 +124,6 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
 
     conn = delete(conn, "/api/v1/filters/#{filter.filter_id}")
 
-    assert response = json_response(conn, 200)
-    assert response == %{}
+    assert json_response_and_validate_schema(conn, 200) == %{}
   end
 end

test/web/mastodon_api/controllers/follow_request_controller_test.exs

@@ -21,13 +21,13 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do
       other_user = insert(:user)
 
       {:ok, _activity} = ActivityPub.follow(other_user, user)
-      {:ok, other_user} = User.follow(other_user, user, "pending")
+      {:ok, other_user} = User.follow(other_user, user, :follow_pending)
 
       assert User.following?(other_user, user) == false
 
       conn = get(conn, "/api/v1/follow_requests")
 
-      assert [relationship] = json_response(conn, 200)
+      assert [relationship] = json_response_and_validate_schema(conn, 200)
       assert to_string(other_user.id) == relationship["id"]
     end
 
@@ -35,7 +35,7 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do
       other_user = insert(:user)
 
       {:ok, _activity} = ActivityPub.follow(other_user, user)
-      {:ok, other_user} = User.follow(other_user, user, "pending")
+      {:ok, other_user} = User.follow(other_user, user, :follow_pending)
 
       user = User.get_cached_by_id(user.id)
       other_user = User.get_cached_by_id(other_user.id)
@@ -44,7 +44,7 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do
 
       conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/authorize")
 
-      assert relationship = json_response(conn, 200)
+      assert relationship = json_response_and_validate_schema(conn, 200)
       assert to_string(other_user.id) == relationship["id"]
 
       user = User.get_cached_by_id(user.id)
@@ -62,7 +62,7 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do
 
       conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/reject")
 
-      assert relationship = json_response(conn, 200)
+      assert relationship = json_response_and_validate_schema(conn, 200)
       assert to_string(other_user.id) == relationship["id"]
 
       user = User.get_cached_by_id(user.id)

test/web/mastodon_api/controllers/instance_controller_test.exs

@@ -10,7 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
 
   test "get instance information", %{conn: conn} do
     conn = get(conn, "/api/v1/instance")
-    assert result = json_response(conn, 200)
+    assert result = json_response_and_validate_schema(conn, 200)
 
     email = Pleroma.Config.get([:instance, :email])
     # Note: not checking for "max_toot_chars" since it's optional
@@ -34,6 +34,10 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
              "banner_upload_limit" => _
            } = result
 
+    assert result["pleroma"]["metadata"]["features"]
+    assert result["pleroma"]["metadata"]["federation"]
+    assert result["pleroma"]["vapid_public_key"]
+
     assert email == from_config_email
   end
 
@@ -46,13 +50,13 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
     insert(:user, %{local: false, nickname: "u@peer1.com"})
     insert(:user, %{local: false, nickname: "u@peer2.com"})
 
-    {:ok, _} = Pleroma.Web.CommonAPI.post(user, %{"status" => "cofe"})
+    {:ok, _} = Pleroma.Web.CommonAPI.post(user, %{status: "cofe"})
 
     Pleroma.Stats.force_update()
 
     conn = get(conn, "/api/v1/instance")
 
-    assert result = json_response(conn, 200)
+    assert result = json_response_and_validate_schema(conn, 200)
 
     stats = result["stats"]
 
@@ -70,7 +74,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
 
     conn = get(conn, "/api/v1/instance/peers")
 
-    assert result = json_response(conn, 200)
+    assert result = json_response_and_validate_schema(conn, 200)
 
     assert ["peer1.com", "peer2.com"] == Enum.sort(result)
   end

test/web/mastodon_api/controllers/list_controller_test.exs

@@ -12,37 +12,44 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
   test "creating a list" do
     %{conn: conn} = oauth_access(["write:lists"])
 
-    conn = post(conn, "/api/v1/lists", %{"title" => "cuties"})
-
-    assert %{"title" => title} = json_response(conn, 200)
-    assert title == "cuties"
+    assert %{"title" => "cuties"} =
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> post("/api/v1/lists", %{"title" => "cuties"})
+             |> json_response_and_validate_schema(:ok)
   end
 
   test "renders error for invalid params" do
     %{conn: conn} = oauth_access(["write:lists"])
 
-    conn = post(conn, "/api/v1/lists", %{"title" => nil})
+    conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/lists", %{"title" => nil})
 
-    assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
+    assert %{"error" => "title - null value where string expected."} =
+             json_response_and_validate_schema(conn, 400)
   end
 
   test "listing a user's lists" do
     %{conn: conn} = oauth_access(["read:lists", "write:lists"])
 
     conn
+    |> put_req_header("content-type", "application/json")
     |> post("/api/v1/lists", %{"title" => "cuties"})
-    |> json_response(:ok)
+    |> json_response_and_validate_schema(:ok)
 
     conn
+    |> put_req_header("content-type", "application/json")
     |> post("/api/v1/lists", %{"title" => "cofe"})
-    |> json_response(:ok)
+    |> json_response_and_validate_schema(:ok)
 
     conn = get(conn, "/api/v1/lists")
 
     assert [
              %{"id" => _, "title" => "cofe"},
              %{"id" => _, "title" => "cuties"}
-           ] = json_response(conn, :ok)
+           ] = json_response_and_validate_schema(conn, :ok)
   end
 
   test "adding users to a list" do
@@ -50,9 +57,12 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
     other_user = insert(:user)
     {:ok, list} = Pleroma.List.create("name", user)
 
-    conn = post(conn, "/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+    assert %{} ==
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+             |> json_response_and_validate_schema(:ok)
 
-    assert %{} == json_response(conn, 200)
     %Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
     assert following == [other_user.follower_address]
   end
@@ -65,9 +75,12 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
     {:ok, list} = Pleroma.List.follow(list, other_user)
     {:ok, list} = Pleroma.List.follow(list, third_user)
 
-    conn = delete(conn, "/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+    assert %{} ==
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+             |> json_response_and_validate_schema(:ok)
 
-    assert %{} == json_response(conn, 200)
     %Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
     assert following == [third_user.follower_address]
   end
@@ -83,7 +96,7 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
       |> assign(:user, user)
       |> get("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
 
-    assert [%{"id" => id}] = json_response(conn, 200)
+    assert [%{"id" => id}] = json_response_and_validate_schema(conn, 200)
     assert id == to_string(other_user.id)
   end
 
@@ -96,7 +109,7 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
       |> assign(:user, user)
       |> get("/api/v1/lists/#{list.id}")
 
-    assert %{"id" => id} = json_response(conn, 200)
+    assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
     assert id == to_string(list.id)
   end
 
@@ -105,17 +118,18 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
 
     conn = get(conn, "/api/v1/lists/666")
 
-    assert %{"error" => "List not found"} = json_response(conn, :not_found)
+    assert %{"error" => "List not found"} = json_response_and_validate_schema(conn, :not_found)
   end
 
   test "renaming a list" do
     %{user: user, conn: conn} = oauth_access(["write:lists"])
     {:ok, list} = Pleroma.List.create("name", user)
 
-    conn = put(conn, "/api/v1/lists/#{list.id}", %{"title" => "newname"})
-
-    assert %{"title" => name} = json_response(conn, 200)
-    assert name == "newname"
+    assert %{"title" => "newname"} =
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"})
+             |> json_response_and_validate_schema(:ok)
   end
 
   test "validates title when renaming a list" do
@@ -125,9 +139,11 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
     conn =
       conn
       |> assign(:user, user)
+      |> put_req_header("content-type", "application/json")
       |> put("/api/v1/lists/#{list.id}", %{"title" => "  "})
 
-    assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
+    assert %{"error" => "can't be blank"} ==
+             json_response_and_validate_schema(conn, :unprocessable_entity)
   end
 
   test "deleting a list" do
@@ -136,7 +152,7 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
 
     conn = delete(conn, "/api/v1/lists/#{list.id}")
 
-    assert %{} = json_response(conn, 200)
+    assert %{} = json_response_and_validate_schema(conn, 200)
     assert is_nil(Repo.get(Pleroma.List, list.id))
   end
 end

test/web/mastodon_api/controllers/marker_controller_test.exs

@@ -11,6 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
     test "gets markers with correct scopes", %{conn: conn} do
       user = insert(:user)
       token = insert(:oauth_token, user: user, scopes: ["read:statuses"])
+      insert_list(7, :notification, user: user)
 
       {:ok, %{"notifications" => marker}} =
         Pleroma.Marker.upsert(
@@ -22,14 +23,15 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
         conn
         |> assign(:user, user)
         |> assign(:token, token)
-        |> get("/api/v1/markers", %{timeline: ["notifications"]})
-        |> json_response(200)
+        |> get("/api/v1/markers?timeline[]=notifications")
+        |> json_response_and_validate_schema(200)
 
       assert response == %{
                "notifications" => %{
                  "last_read_id" => "69420",
                  "updated_at" => NaiveDateTime.to_iso8601(marker.updated_at),
-                 "version" => 0
+                 "version" => 0,
+                 "pleroma" => %{"unread_count" => 7}
                }
              }
     end
@@ -45,7 +47,7 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
         |> assign(:user, user)
         |> assign(:token, token)
         |> get("/api/v1/markers", %{timeline: ["notifications"]})
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)
 
       assert response == %{"error" => "Insufficient permissions: read:statuses."}
     end
@@ -60,17 +62,19 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
         conn
         |> assign(:user, user)
         |> assign(:token, token)
+        |> put_req_header("content-type", "application/json")
         |> post("/api/v1/markers", %{
           home: %{last_read_id: "777"},
           notifications: %{"last_read_id" => "69420"}
         })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert %{
                "notifications" => %{
                  "last_read_id" => "69420",
                  "updated_at" => _,
-                 "version" => 0
+                 "version" => 0,
+                 "pleroma" => %{"unread_count" => 0}
                }
              } = response
     end
@@ -89,17 +93,19 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
         conn
         |> assign(:user, user)
         |> assign(:token, token)
+        |> put_req_header("content-type", "application/json")
         |> post("/api/v1/markers", %{
           home: %{last_read_id: "777"},
           notifications: %{"last_read_id" => "69888"}
         })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert response == %{
                "notifications" => %{
                  "last_read_id" => "69888",
                  "updated_at" => NaiveDateTime.to_iso8601(marker.updated_at),
-                 "version" => 0
+                 "version" => 0,
+                 "pleroma" => %{"unread_count" => 0}
                }
              }
     end
@@ -112,11 +118,12 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
         conn
         |> assign(:user, user)
         |> assign(:token, token)
+        |> put_req_header("content-type", "application/json")
         |> post("/api/v1/markers", %{
           home: %{last_read_id: "777"},
           notifications: %{"last_read_id" => "69420"}
         })
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)
 
       assert response == %{"error" => "Insufficient permissions: write:statuses."}
     end

test/web/mastodon_api/controllers/notification_controller_test.exs

@@ -12,11 +12,31 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
 
   import Pleroma.Factory
 
+  test "does NOT render account/pleroma/relationship if this is disabled by default" do
+    clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
+
+    %{user: user, conn: conn} = oauth_access(["read:notifications"])
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, [_notification]} = Notification.create_notifications(activity)
+
+    response =
+      conn
+      |> assign(:user, user)
+      |> get("/api/v1/notifications")
+      |> json_response_and_validate_schema(200)
+
+    assert Enum.all?(response, fn n ->
+             get_in(n, ["account", "pleroma", "relationship"]) == %{}
+           end)
+  end
+
   test "list of notifications" do
     %{user: user, conn: conn} = oauth_access(["read:notifications"])
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
 
     {:ok, [_notification]} = Notification.create_notifications(activity)
 
@@ -26,11 +46,13 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
       |> get("/api/v1/notifications")
 
     expected_response =
-      "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{
+      "hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{
         user.ap_id
       }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>"
 
-    assert [%{"status" => %{"content" => response}} | _rest] = json_response(conn, 200)
+    assert [%{"status" => %{"content" => response}} | _rest] =
+             json_response_and_validate_schema(conn, 200)
+
     assert response == expected_response
   end
 
@@ -38,52 +60,69 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     %{user: user, conn: conn} = oauth_access(["read:notifications"])
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
 
     {:ok, [notification]} = Notification.create_notifications(activity)
 
     conn = get(conn, "/api/v1/notifications/#{notification.id}")
 
     expected_response =
-      "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{
+      "hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{
         user.ap_id
       }\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>"
 
-    assert %{"status" => %{"content" => response}} = json_response(conn, 200)
+    assert %{"status" => %{"content" => response}} = json_response_and_validate_schema(conn, 200)
     assert response == expected_response
   end
 
-  test "dismissing a single notification" do
+  test "dismissing a single notification (deprecated endpoint)" do
     %{user: user, conn: conn} = oauth_access(["write:notifications"])
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
 
     {:ok, [notification]} = Notification.create_notifications(activity)
 
     conn =
       conn
       |> assign(:user, user)
-      |> post("/api/v1/notifications/dismiss", %{"id" => notification.id})
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/notifications/dismiss", %{"id" => to_string(notification.id)})
 
-    assert %{} = json_response(conn, 200)
+    assert %{} = json_response_and_validate_schema(conn, 200)
+  end
+
+  test "dismissing a single notification" do
+    %{user: user, conn: conn} = oauth_access(["write:notifications"])
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+
+    {:ok, [notification]} = Notification.create_notifications(activity)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> post("/api/v1/notifications/#{notification.id}/dismiss")
+
+    assert %{} = json_response_and_validate_schema(conn, 200)
   end
 
   test "clearing all notifications" do
     %{user: user, conn: conn} = oauth_access(["write:notifications", "read:notifications"])
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
 
     {:ok, [_notification]} = Notification.create_notifications(activity)
 
     ret_conn = post(conn, "/api/v1/notifications/clear")
 
-    assert %{} = json_response(ret_conn, 200)
+    assert %{} = json_response_and_validate_schema(ret_conn, 200)
 
     ret_conn = get(conn, "/api/v1/notifications")
 
-    assert all = json_response(ret_conn, 200)
+    assert all = json_response_and_validate_schema(ret_conn, 200)
     assert all == []
   end
 
@@ -91,10 +130,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     %{user: user, conn: conn} = oauth_access(["read:notifications"])
     other_user = insert(:user)
 
-    {:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity2} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity3} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity4} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity1} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity2} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity3} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity4} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
 
     notification1_id = get_notification_id_by_activity(activity1)
     notification2_id = get_notification_id_by_activity(activity2)
@@ -107,7 +146,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     result =
       conn
       |> get("/api/v1/notifications?limit=2&min_id=#{notification1_id}")
-      |> json_response(:ok)
+      |> json_response_and_validate_schema(:ok)
 
     assert [%{"id" => ^notification3_id}, %{"id" => ^notification2_id}] = result
 
@@ -115,7 +154,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     result =
       conn
       |> get("/api/v1/notifications?limit=2&since_id=#{notification1_id}")
-      |> json_response(:ok)
+      |> json_response_and_validate_schema(:ok)
 
     assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
 
@@ -123,7 +162,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     result =
       conn
       |> get("/api/v1/notifications?limit=2&max_id=#{notification4_id}")
-      |> json_response(:ok)
+      |> json_response_and_validate_schema(:ok)
 
     assert [%{"id" => ^notification3_id}, %{"id" => ^notification2_id}] = result
   end
@@ -134,47 +173,39 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
       other_user = insert(:user)
 
       {:ok, public_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "public"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "public"})
 
       {:ok, direct_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "direct"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "direct"})
 
       {:ok, unlisted_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "unlisted"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "unlisted"})
 
       {:ok, private_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "private"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "private"})
 
-      conn_res =
-        get(conn, "/api/v1/notifications", %{
-          exclude_visibilities: ["public", "unlisted", "private"]
-        })
+      query = params_to_query(%{exclude_visibilities: ["public", "unlisted", "private"]})
+      conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-      assert [%{"status" => %{"id" => id}}] = json_response(conn_res, 200)
+      assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200)
       assert id == direct_activity.id
 
-      conn_res =
-        get(conn, "/api/v1/notifications", %{
-          exclude_visibilities: ["public", "unlisted", "direct"]
-        })
+      query = params_to_query(%{exclude_visibilities: ["public", "unlisted", "direct"]})
+      conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-      assert [%{"status" => %{"id" => id}}] = json_response(conn_res, 200)
+      assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200)
       assert id == private_activity.id
 
-      conn_res =
-        get(conn, "/api/v1/notifications", %{
-          exclude_visibilities: ["public", "private", "direct"]
-        })
+      query = params_to_query(%{exclude_visibilities: ["public", "private", "direct"]})
+      conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-      assert [%{"status" => %{"id" => id}}] = json_response(conn_res, 200)
+      assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200)
       assert id == unlisted_activity.id
 
-      conn_res =
-        get(conn, "/api/v1/notifications", %{
-          exclude_visibilities: ["unlisted", "private", "direct"]
-        })
+      query = params_to_query(%{exclude_visibilities: ["unlisted", "private", "direct"]})
+      conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-      assert [%{"status" => %{"id" => id}}] = json_response(conn_res, 200)
+      assert [%{"status" => %{"id" => id}}] = json_response_and_validate_schema(conn_res, 200)
       assert id == public_activity.id
     end
 
@@ -182,27 +213,25 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
       user = insert(:user)
       %{user: other_user, conn: conn} = oauth_access(["read:notifications"])
 
-      {:ok, public_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "public"})
+      {:ok, public_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "public"})
 
       {:ok, direct_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "direct"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "direct"})
 
       {:ok, unlisted_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "unlisted"})
+        CommonAPI.post(other_user, %{status: ".", visibility: "unlisted"})
 
-      {:ok, private_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "private"})
+      {:ok, private_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "private"})
 
-      {:ok, _, _} = CommonAPI.favorite(public_activity.id, user)
-      {:ok, _, _} = CommonAPI.favorite(direct_activity.id, user)
-      {:ok, _, _} = CommonAPI.favorite(unlisted_activity.id, user)
-      {:ok, _, _} = CommonAPI.favorite(private_activity.id, user)
+      {:ok, _} = CommonAPI.favorite(user, public_activity.id)
+      {:ok, _} = CommonAPI.favorite(user, direct_activity.id)
+      {:ok, _} = CommonAPI.favorite(user, unlisted_activity.id)
+      {:ok, _} = CommonAPI.favorite(user, private_activity.id)
 
       activity_ids =
         conn
-        |> get("/api/v1/notifications", %{exclude_visibilities: ["direct"]})
-        |> json_response(200)
+        |> get("/api/v1/notifications?exclude_visibilities[]=direct")
+        |> json_response_and_validate_schema(200)
         |> Enum.map(& &1["status"]["id"])
 
       assert public_activity.id in activity_ids
@@ -212,8 +241,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
 
       activity_ids =
         conn
-        |> get("/api/v1/notifications", %{exclude_visibilities: ["unlisted"]})
-        |> json_response(200)
+        |> get("/api/v1/notifications?exclude_visibilities[]=unlisted")
+        |> json_response_and_validate_schema(200)
         |> Enum.map(& &1["status"]["id"])
 
       assert public_activity.id in activity_ids
@@ -223,8 +252,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
 
       activity_ids =
         conn
-        |> get("/api/v1/notifications", %{exclude_visibilities: ["private"]})
-        |> json_response(200)
+        |> get("/api/v1/notifications?exclude_visibilities[]=private")
+        |> json_response_and_validate_schema(200)
         |> Enum.map(& &1["status"]["id"])
 
       assert public_activity.id in activity_ids
@@ -234,8 +263,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
 
       activity_ids =
         conn
-        |> get("/api/v1/notifications", %{exclude_visibilities: ["public"]})
-        |> json_response(200)
+        |> get("/api/v1/notifications?exclude_visibilities[]=public")
+        |> json_response_and_validate_schema(200)
         |> Enum.map(& &1["status"]["id"])
 
       refute public_activity.id in activity_ids
@@ -248,19 +277,18 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
       user = insert(:user)
       %{user: other_user, conn: conn} = oauth_access(["read:notifications"])
 
-      {:ok, public_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "public"})
+      {:ok, public_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "public"})
 
       {:ok, unlisted_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "unlisted"})
+        CommonAPI.post(other_user, %{status: ".", visibility: "unlisted"})
 
       {:ok, _, _} = CommonAPI.repeat(public_activity.id, user)
       {:ok, _, _} = CommonAPI.repeat(unlisted_activity.id, user)
 
       activity_ids =
         conn
-        |> get("/api/v1/notifications", %{exclude_visibilities: ["unlisted"]})
-        |> json_response(200)
+        |> get("/api/v1/notifications?exclude_visibilities[]=unlisted")
+        |> json_response_and_validate_schema(200)
         |> Enum.map(& &1["status"]["id"])
 
       assert public_activity.id in activity_ids
@@ -272,9 +300,9 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     %{user: user, conn: conn} = oauth_access(["read:notifications"])
     other_user = insert(:user)
 
-    {:ok, mention_activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
-    {:ok, favorite_activity, _} = CommonAPI.favorite(create_activity.id, other_user)
+    {:ok, mention_activity} = CommonAPI.post(other_user, %{status: "hey @#{user.nickname}"})
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
+    {:ok, favorite_activity} = CommonAPI.favorite(other_user, create_activity.id)
     {:ok, reblog_activity, _} = CommonAPI.repeat(create_activity.id, other_user)
     {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user)
 
@@ -283,34 +311,36 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     reblog_notification_id = get_notification_id_by_activity(reblog_activity)
     follow_notification_id = get_notification_id_by_activity(follow_activity)
 
-    conn_res =
-      get(conn, "/api/v1/notifications", %{exclude_types: ["mention", "favourite", "reblog"]})
+    query = params_to_query(%{exclude_types: ["mention", "favourite", "reblog"]})
+    conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-    assert [%{"id" => ^follow_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^follow_notification_id}] = json_response_and_validate_schema(conn_res, 200)
 
-    conn_res =
-      get(conn, "/api/v1/notifications", %{exclude_types: ["favourite", "reblog", "follow"]})
+    query = params_to_query(%{exclude_types: ["favourite", "reblog", "follow"]})
+    conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-    assert [%{"id" => ^mention_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^mention_notification_id}] =
+             json_response_and_validate_schema(conn_res, 200)
 
-    conn_res =
-      get(conn, "/api/v1/notifications", %{exclude_types: ["reblog", "follow", "mention"]})
+    query = params_to_query(%{exclude_types: ["reblog", "follow", "mention"]})
+    conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-    assert [%{"id" => ^favorite_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^favorite_notification_id}] =
+             json_response_and_validate_schema(conn_res, 200)
 
-    conn_res =
-      get(conn, "/api/v1/notifications", %{exclude_types: ["follow", "mention", "favourite"]})
+    query = params_to_query(%{exclude_types: ["follow", "mention", "favourite"]})
+    conn_res = get(conn, "/api/v1/notifications?" <> query)
 
-    assert [%{"id" => ^reblog_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^reblog_notification_id}] = json_response_and_validate_schema(conn_res, 200)
   end
 
   test "filters notifications using include_types" do
     %{user: user, conn: conn} = oauth_access(["read:notifications"])
     other_user = insert(:user)
 
-    {:ok, mention_activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
-    {:ok, favorite_activity, _} = CommonAPI.favorite(create_activity.id, other_user)
+    {:ok, mention_activity} = CommonAPI.post(other_user, %{status: "hey @#{user.nickname}"})
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
+    {:ok, favorite_activity} = CommonAPI.favorite(other_user, create_activity.id)
     {:ok, reblog_activity, _} = CommonAPI.repeat(create_activity.id, other_user)
     {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user)
 
@@ -319,32 +349,34 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     reblog_notification_id = get_notification_id_by_activity(reblog_activity)
     follow_notification_id = get_notification_id_by_activity(follow_activity)
 
-    conn_res = get(conn, "/api/v1/notifications", %{include_types: ["follow"]})
+    conn_res = get(conn, "/api/v1/notifications?include_types[]=follow")
 
-    assert [%{"id" => ^follow_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^follow_notification_id}] = json_response_and_validate_schema(conn_res, 200)
 
-    conn_res = get(conn, "/api/v1/notifications", %{include_types: ["mention"]})
+    conn_res = get(conn, "/api/v1/notifications?include_types[]=mention")
 
-    assert [%{"id" => ^mention_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^mention_notification_id}] =
+             json_response_and_validate_schema(conn_res, 200)
 
-    conn_res = get(conn, "/api/v1/notifications", %{include_types: ["favourite"]})
+    conn_res = get(conn, "/api/v1/notifications?include_types[]=favourite")
 
-    assert [%{"id" => ^favorite_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^favorite_notification_id}] =
+             json_response_and_validate_schema(conn_res, 200)
 
-    conn_res = get(conn, "/api/v1/notifications", %{include_types: ["reblog"]})
+    conn_res = get(conn, "/api/v1/notifications?include_types[]=reblog")
 
-    assert [%{"id" => ^reblog_notification_id}] = json_response(conn_res, 200)
+    assert [%{"id" => ^reblog_notification_id}] = json_response_and_validate_schema(conn_res, 200)
 
-    result = conn |> get("/api/v1/notifications") |> json_response(200)
+    result = conn |> get("/api/v1/notifications") |> json_response_and_validate_schema(200)
 
     assert length(result) == 4
 
+    query = params_to_query(%{include_types: ["follow", "mention", "favourite", "reblog"]})
+
     result =
       conn
-      |> get("/api/v1/notifications", %{
-        include_types: ["follow", "mention", "favourite", "reblog"]
-      })
-      |> json_response(200)
+      |> get("/api/v1/notifications?" <> query)
+      |> json_response_and_validate_schema(200)
 
     assert length(result) == 4
   end
@@ -353,10 +385,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     %{user: user, conn: conn} = oauth_access(["read:notifications", "write:notifications"])
     other_user = insert(:user)
 
-    {:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity2} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity3} = CommonAPI.post(user, %{"status" => "hi @#{other_user.nickname}"})
-    {:ok, activity4} = CommonAPI.post(user, %{"status" => "hi @#{other_user.nickname}"})
+    {:ok, activity1} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity2} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity3} = CommonAPI.post(user, %{status: "hi @#{other_user.nickname}"})
+    {:ok, activity4} = CommonAPI.post(user, %{status: "hi @#{other_user.nickname}"})
 
     notification1_id = get_notification_id_by_activity(activity1)
     notification2_id = get_notification_id_by_activity(activity2)
@@ -366,7 +398,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     result =
       conn
       |> get("/api/v1/notifications")
-      |> json_response(:ok)
+      |> json_response_and_validate_schema(:ok)
 
     assert [%{"id" => ^notification2_id}, %{"id" => ^notification1_id}] = result
 
@@ -378,22 +410,19 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     result =
       conn2
       |> get("/api/v1/notifications")
-      |> json_response(:ok)
+      |> json_response_and_validate_schema(:ok)
 
     assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
 
-    conn_destroy =
-      conn
-      |> delete("/api/v1/notifications/destroy_multiple", %{
-        "ids" => [notification1_id, notification2_id]
-      })
+    query = params_to_query(%{ids: [notification1_id, notification2_id]})
+    conn_destroy = delete(conn, "/api/v1/notifications/destroy_multiple?" <> query)
 
-    assert json_response(conn_destroy, 200) == %{}
+    assert json_response_and_validate_schema(conn_destroy, 200) == %{}
 
     result =
       conn2
       |> get("/api/v1/notifications")
-      |> json_response(:ok)
+      |> json_response_and_validate_schema(:ok)
 
     assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result
   end
@@ -403,17 +432,17 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     user2 = insert(:user)
 
     {:ok, _, _, _} = CommonAPI.follow(user, user2)
-    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+    {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"})
 
     ret_conn = get(conn, "/api/v1/notifications")
 
-    assert length(json_response(ret_conn, 200)) == 1
+    assert length(json_response_and_validate_schema(ret_conn, 200)) == 1
 
     {:ok, _user_relationships} = User.mute(user, user2)
 
     conn = get(conn, "/api/v1/notifications")
 
-    assert json_response(conn, 200) == []
+    assert json_response_and_validate_schema(conn, 200) == []
   end
 
   test "see notifications after muting user without notifications" do
@@ -421,17 +450,17 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     user2 = insert(:user)
 
     {:ok, _, _, _} = CommonAPI.follow(user, user2)
-    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+    {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"})
 
     ret_conn = get(conn, "/api/v1/notifications")
 
-    assert length(json_response(ret_conn, 200)) == 1
+    assert length(json_response_and_validate_schema(ret_conn, 200)) == 1
 
     {:ok, _user_relationships} = User.mute(user, user2, false)
 
     conn = get(conn, "/api/v1/notifications")
 
-    assert length(json_response(conn, 200)) == 1
+    assert length(json_response_and_validate_schema(conn, 200)) == 1
   end
 
   test "see notifications after muting user with notifications and with_muted parameter" do
@@ -439,31 +468,44 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     user2 = insert(:user)
 
     {:ok, _, _, _} = CommonAPI.follow(user, user2)
-    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+    {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"})
 
     ret_conn = get(conn, "/api/v1/notifications")
 
-    assert length(json_response(ret_conn, 200)) == 1
+    assert length(json_response_and_validate_schema(ret_conn, 200)) == 1
 
     {:ok, _user_relationships} = User.mute(user, user2)
 
-    conn = get(conn, "/api/v1/notifications", %{"with_muted" => "true"})
+    conn = get(conn, "/api/v1/notifications?with_muted=true")
 
-    assert length(json_response(conn, 200)) == 1
+    assert length(json_response_and_validate_schema(conn, 200)) == 1
   end
 
+  @tag capture_log: true
   test "see move notifications" do
     old_user = insert(:user)
     new_user = insert(:user, also_known_as: [old_user.ap_id])
     %{user: follower, conn: conn} = oauth_access(["read:notifications"])
 
+    old_user_url = old_user.ap_id
+
+    body =
+      File.read!("test/fixtures/users_mock/localhost.json")
+      |> String.replace("{{nickname}}", old_user.nickname)
+      |> Jason.encode!()
+
+    Tesla.Mock.mock(fn
+      %{method: :get, url: ^old_user_url} ->
+        %Tesla.Env{status: 200, body: body}
+    end)
+
     User.follow(follower, old_user)
     Pleroma.Web.ActivityPub.ActivityPub.move(old_user, new_user)
     Pleroma.Tests.ObanHelpers.perform_all()
 
     conn = get(conn, "/api/v1/notifications")
 
-    assert length(json_response(conn, 200)) == 1
+    assert length(json_response_and_validate_schema(conn, 200)) == 1
   end
 
   describe "link headers" do
@@ -473,14 +515,14 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
 
       {:ok, activity1} =
         CommonAPI.post(other_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "public"
+          status: "hi @#{user.nickname}",
+          visibility: "public"
         })
 
       {:ok, activity2} =
         CommonAPI.post(other_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "public"
+          status: "hi @#{user.nickname}",
+          visibility: "public"
         })
 
       notification1 = Repo.get_by(Notification, activity_id: activity1.id)
@@ -489,10 +531,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
       conn =
         conn
         |> assign(:user, user)
-        |> get("/api/v1/notifications", %{media_only: true})
+        |> get("/api/v1/notifications?limit=5")
 
       assert [link_header] = get_resp_header(conn, "link")
-      assert link_header =~ ~r/media_only=true/
+      assert link_header =~ ~r/limit=5/
       assert link_header =~ ~r/min_id=#{notification2.id}/
       assert link_header =~ ~r/max_id=#{notification1.id}/
     end
@@ -505,20 +547,20 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
       %{id: account_id} = other_user1 = insert(:user)
       other_user2 = insert(:user)
 
-      {:ok, _activity} = CommonAPI.post(other_user1, %{"status" => "hi @#{user.nickname}"})
-      {:ok, _activity} = CommonAPI.post(other_user2, %{"status" => "bye @#{user.nickname}"})
+      {:ok, _activity} = CommonAPI.post(other_user1, %{status: "hi @#{user.nickname}"})
+      {:ok, _activity} = CommonAPI.post(other_user2, %{status: "bye @#{user.nickname}"})
 
       assert [%{"account" => %{"id" => ^account_id}}] =
                conn
                |> assign(:user, user)
-               |> get("/api/v1/notifications", %{account_id: account_id})
-               |> json_response(200)
+               |> get("/api/v1/notifications?account_id=#{account_id}")
+               |> json_response_and_validate_schema(200)
 
       assert %{"error" => "Account is not found"} =
                conn
                |> assign(:user, user)
-               |> get("/api/v1/notifications", %{account_id: "cofe"})
-               |> json_response(404)
+               |> get("/api/v1/notifications?account_id=cofe")
+               |> json_response_and_validate_schema(404)
     end
   end
 
@@ -528,4 +570,11 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
     |> Map.get(:id)
     |> to_string()
   end
+
+  defp params_to_query(%{} = params) do
+    Enum.map_join(params, "&", fn
+      {k, v} when is_list(v) -> Enum.map_join(v, "&", &"#{k}[]=#{&1}")
+      {k, v} -> k <> "=" <> v
+    end)
+  end
 end

test/web/mastodon_api/controllers/poll_controller_test.exs

@@ -16,15 +16,15 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
     test "returns poll entity for object id", %{user: user, conn: conn} do
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "Pleroma does",
-          "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20}
+          status: "Pleroma does",
+          poll: %{options: ["what Mastodon't", "n't what Mastodoes"], expires_in: 20}
         })
 
       object = Object.normalize(activity)
 
       conn = get(conn, "/api/v1/polls/#{object.id}")
 
-      response = json_response(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
       id = to_string(object.id)
       assert %{"id" => ^id, "expired" => false, "multiple" => false} = response
     end
@@ -34,16 +34,16 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
 
       {:ok, activity} =
         CommonAPI.post(other_user, %{
-          "status" => "Pleroma does",
-          "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20},
-          "visibility" => "private"
+          status: "Pleroma does",
+          poll: %{options: ["what Mastodon't", "n't what Mastodoes"], expires_in: 20},
+          visibility: "private"
         })
 
       object = Object.normalize(activity)
 
       conn = get(conn, "/api/v1/polls/#{object.id}")
 
-      assert json_response(conn, 404)
+      assert json_response_and_validate_schema(conn, 404)
     end
   end
 
@@ -55,19 +55,22 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
 
       {:ok, activity} =
         CommonAPI.post(other_user, %{
-          "status" => "A very delicious sandwich",
-          "poll" => %{
-            "options" => ["Lettuce", "Grilled Bacon", "Tomato"],
-            "expires_in" => 20,
-            "multiple" => true
+          status: "A very delicious sandwich",
+          poll: %{
+            options: ["Lettuce", "Grilled Bacon", "Tomato"],
+            expires_in: 20,
+            multiple: true
           }
         })
 
       object = Object.normalize(activity)
 
-      conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})
 
-      assert json_response(conn, 200)
+      assert json_response_and_validate_schema(conn, 200)
       object = Object.get_by_id(object.id)
 
       assert Enum.all?(object.data["anyOf"], fn %{"replies" => %{"totalItems" => total_items}} ->
@@ -78,15 +81,16 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
     test "author can't vote", %{user: user, conn: conn} do
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20}
         })
 
       object = Object.normalize(activity)
 
       assert conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [1]})
-             |> json_response(422) == %{"error" => "Poll's author can't vote"}
+             |> json_response_and_validate_schema(422) == %{"error" => "Poll's author can't vote"}
 
       object = Object.get_by_id(object.id)
 
@@ -98,15 +102,16 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
 
       {:ok, activity} =
         CommonAPI.post(other_user, %{
-          "status" => "The glass is",
-          "poll" => %{"options" => ["half empty", "half full"], "expires_in" => 20}
+          status: "The glass is",
+          poll: %{options: ["half empty", "half full"], expires_in: 20}
         })
 
       object = Object.normalize(activity)
 
       assert conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1]})
-             |> json_response(422) == %{"error" => "Too many choices"}
+             |> json_response_and_validate_schema(422) == %{"error" => "Too many choices"}
 
       object = Object.get_by_id(object.id)
 
@@ -120,21 +125,27 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
 
       {:ok, activity} =
         CommonAPI.post(other_user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20}
         })
 
       object = Object.normalize(activity)
 
-      conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [2]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]})
 
-      assert json_response(conn, 422) == %{"error" => "Invalid indices"}
+      assert json_response_and_validate_schema(conn, 422) == %{"error" => "Invalid indices"}
     end
 
     test "returns 404 error when object is not exist", %{conn: conn} do
-      conn = post(conn, "/api/v1/polls/1/votes", %{"choices" => [0]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/1/votes", %{"choices" => [0]})
 
-      assert json_response(conn, 404) == %{"error" => "Record not found"}
+      assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
     end
 
     test "returns 404 when poll is private and not available for user", %{conn: conn} do
@@ -142,16 +153,19 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
 
       {:ok, activity} =
         CommonAPI.post(other_user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20},
-          "visibility" => "private"
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20},
+          visibility: "private"
         })
 
       object = Object.normalize(activity)
 
-      conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [0]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]})
 
-      assert json_response(conn, 404) == %{"error" => "Record not found"}
+      assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
     end
   end
 end

test/web/mastodon_api/controllers/report_controller_test.exs

@@ -14,7 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
   setup do
     target_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
+    {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"})
 
     [target_user: target_user, activity: activity]
   end
@@ -22,8 +22,9 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
   test "submit a basic report", %{conn: conn, target_user: target_user} do
     assert %{"action_taken" => false, "id" => _} =
              conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/reports", %{"account_id" => target_user.id})
-             |> json_response(200)
+             |> json_response_and_validate_schema(200)
   end
 
   test "submit a report with statuses and comment", %{
@@ -33,23 +34,25 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
   } do
     assert %{"action_taken" => false, "id" => _} =
              conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/reports", %{
                "account_id" => target_user.id,
                "status_ids" => [activity.id],
                "comment" => "bad status!",
                "forward" => "false"
              })
-             |> json_response(200)
+             |> json_response_and_validate_schema(200)
   end
 
   test "account_id is required", %{
     conn: conn,
     activity: activity
   } do
-    assert %{"error" => "Valid `account_id` required"} =
+    assert %{"error" => "Missing field: account_id."} =
              conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/reports", %{"status_ids" => [activity.id]})
-             |> json_response(400)
+             |> json_response_and_validate_schema(400)
   end
 
   test "comment must be up to the size specified in the config", %{
@@ -63,17 +66,21 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
 
     assert ^error =
              conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/reports", %{"account_id" => target_user.id, "comment" => comment})
-             |> json_response(400)
+             |> json_response_and_validate_schema(400)
   end
 
   test "returns error when account is not exist", %{
     conn: conn,
     activity: activity
   } do
-    conn = post(conn, "/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"})
+    conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/reports", %{"status_ids" => [activity.id], "account_id" => "foo"})
 
-    assert json_response(conn, 400) == %{"error" => "Account not found"}
+    assert json_response_and_validate_schema(conn, 400) == %{"error" => "Account not found"}
   end
 
   test "doesn't fail if an admin has no email", %{conn: conn, target_user: target_user} do
@@ -81,7 +88,8 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
 
     assert %{"action_taken" => false, "id" => _} =
              conn
+             |> put_req_header("content-type", "application/json")
              |> post("/api/v1/reports", %{"account_id" => target_user.id})
-             |> json_response(200)
+             |> json_response_and_validate_schema(200)
   end
 end

test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs

@@ -24,19 +24,19 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
     # min_id
     conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&min_id=#{scheduled_activity_id1}")
 
-    result = json_response(conn_res, 200)
+    result = json_response_and_validate_schema(conn_res, 200)
     assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
 
     # since_id
     conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&since_id=#{scheduled_activity_id1}")
 
-    result = json_response(conn_res, 200)
+    result = json_response_and_validate_schema(conn_res, 200)
     assert [%{"id" => ^scheduled_activity_id4}, %{"id" => ^scheduled_activity_id3}] = result
 
     # max_id
     conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&max_id=#{scheduled_activity_id4}")
 
-    result = json_response(conn_res, 200)
+    result = json_response_and_validate_schema(conn_res, 200)
     assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
   end
 
@@ -46,12 +46,12 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
 
     res_conn = get(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}")
 
-    assert %{"id" => scheduled_activity_id} = json_response(res_conn, 200)
+    assert %{"id" => scheduled_activity_id} = json_response_and_validate_schema(res_conn, 200)
     assert scheduled_activity_id == scheduled_activity.id |> to_string()
 
     res_conn = get(conn, "/api/v1/scheduled_statuses/404")
 
-    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+    assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404)
   end
 
   test "updates a scheduled activity" do
@@ -74,22 +74,32 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
     assert job.args == %{"activity_id" => scheduled_activity.id}
     assert DateTime.truncate(job.scheduled_at, :second) == to_datetime(scheduled_at)
 
-    new_scheduled_at = Timex.shift(NaiveDateTime.utc_now(), minutes: 120)
+    new_scheduled_at =
+      NaiveDateTime.utc_now()
+      |> Timex.shift(minutes: 120)
+      |> Timex.format!("%Y-%m-%dT%H:%M:%S.%fZ", :strftime)
 
     res_conn =
-      put(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> put("/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
         scheduled_at: new_scheduled_at
       })
 
-    assert %{"scheduled_at" => expected_scheduled_at} = json_response(res_conn, 200)
+    assert %{"scheduled_at" => expected_scheduled_at} =
+             json_response_and_validate_schema(res_conn, 200)
+
     assert expected_scheduled_at == Pleroma.Web.CommonAPI.Utils.to_masto_date(new_scheduled_at)
     job = refresh_record(job)
 
     assert DateTime.truncate(job.scheduled_at, :second) == to_datetime(new_scheduled_at)
 
-    res_conn = put(conn, "/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})
+    res_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> put("/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})
 
-    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+    assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404)
   end
 
   test "deletes a scheduled activity" do
@@ -115,7 +125,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
       |> assign(:user, user)
       |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}")
 
-    assert %{} = json_response(res_conn, 200)
+    assert %{} = json_response_and_validate_schema(res_conn, 200)
     refute Repo.get(ScheduledActivity, scheduled_activity.id)
     refute Repo.get(Oban.Job, job.id)
 
@@ -124,6 +134,6 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
       |> assign(:user, user)
       |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}")
 
-    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+    assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404)
   end
 end

test/web/mastodon_api/controllers/search_controller_test.exs

@@ -13,7 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
   import Tesla.Mock
   import Mock
 
-  setup do
+  setup_all do
     mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
     :ok
   end
@@ -27,8 +27,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
         capture_log(fn ->
           results =
             conn
-            |> get("/api/v2/search", %{"q" => "2hu"})
-            |> json_response(200)
+            |> get("/api/v2/search?q=2hu")
+            |> json_response_and_validate_schema(200)
 
           assert results["accounts"] == []
           assert results["statuses"] == []
@@ -42,20 +42,20 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       user_two = insert(:user, %{nickname: "shp@shitposter.club"})
       user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu private 天子"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "This is about 2hu private 天子"})
 
       {:ok, _activity} =
         CommonAPI.post(user, %{
-          "status" => "This is about 2hu, but private",
-          "visibility" => "private"
+          status: "This is about 2hu, but private",
+          visibility: "private"
         })
 
-      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+      {:ok, _} = CommonAPI.post(user_two, %{status: "This isn't"})
 
       results =
         conn
-        |> get("/api/v2/search", %{"q" => "2hu #private"})
-        |> json_response(200)
+        |> get("/api/v2/search?#{URI.encode_query(%{q: "2hu #private"})}")
+        |> json_response_and_validate_schema(200)
 
       [account | _] = results["accounts"]
       assert account["id"] == to_string(user_three.id)
@@ -68,8 +68,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       assert status["id"] == to_string(activity.id)
 
       results =
-        get(conn, "/api/v2/search", %{"q" => "天子"})
-        |> json_response(200)
+        get(conn, "/api/v2/search?q=天子")
+        |> json_response_and_validate_schema(200)
 
       [status] = results["statuses"]
       assert status["id"] == to_string(activity.id)
@@ -80,17 +80,17 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       user_smith = insert(:user, %{nickname: "Agent", name: "I love 2hu"})
       user_neo = insert(:user, %{nickname: "Agent Neo", name: "Agent"})
 
-      {:ok, act1} = CommonAPI.post(user, %{"status" => "This is about 2hu private 天子"})
-      {:ok, act2} = CommonAPI.post(user_smith, %{"status" => "Agent Smith"})
-      {:ok, act3} = CommonAPI.post(user_neo, %{"status" => "Agent Smith"})
+      {:ok, act1} = CommonAPI.post(user, %{status: "This is about 2hu private 天子"})
+      {:ok, act2} = CommonAPI.post(user_smith, %{status: "Agent Smith"})
+      {:ok, act3} = CommonAPI.post(user_neo, %{status: "Agent Smith"})
       Pleroma.User.block(user, user_smith)
 
       results =
         conn
         |> assign(:user, user)
         |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"]))
-        |> get("/api/v2/search", %{"q" => "Agent"})
-        |> json_response(200)
+        |> get("/api/v2/search?q=Agent")
+        |> json_response_and_validate_schema(200)
 
       status_ids = Enum.map(results["statuses"], fn g -> g["id"] end)
 
@@ -107,8 +107,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
 
       results =
         conn
-        |> get("/api/v1/accounts/search", %{"q" => "shp"})
-        |> json_response(200)
+        |> get("/api/v1/accounts/search?q=shp")
+        |> json_response_and_validate_schema(200)
 
       result_ids = for result <- results, do: result["acct"]
 
@@ -117,8 +117,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
 
       results =
         conn
-        |> get("/api/v1/accounts/search", %{"q" => "2hu"})
-        |> json_response(200)
+        |> get("/api/v1/accounts/search?q=2hu")
+        |> json_response_and_validate_schema(200)
 
       result_ids = for result <- results, do: result["acct"]
 
@@ -130,8 +130,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
 
       results =
         conn
-        |> get("/api/v1/accounts/search", %{"q" => "shp@shitposter.club xxx "})
-        |> json_response(200)
+        |> get("/api/v1/accounts/search?q=shp@shitposter.club xxx")
+        |> json_response_and_validate_schema(200)
 
       assert length(results) == 1
     end
@@ -146,8 +146,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
         capture_log(fn ->
           results =
             conn
-            |> get("/api/v1/search", %{"q" => "2hu"})
-            |> json_response(200)
+            |> get("/api/v1/search?q=2hu")
+            |> json_response_and_validate_schema(200)
 
           assert results["accounts"] == []
           assert results["statuses"] == []
@@ -161,20 +161,20 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       user_two = insert(:user, %{nickname: "shp@shitposter.club"})
       user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "This is about 2hu"})
 
       {:ok, _activity} =
         CommonAPI.post(user, %{
-          "status" => "This is about 2hu, but private",
-          "visibility" => "private"
+          status: "This is about 2hu, but private",
+          visibility: "private"
         })
 
-      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+      {:ok, _} = CommonAPI.post(user_two, %{status: "This isn't"})
 
       results =
         conn
-        |> get("/api/v1/search", %{"q" => "2hu"})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu")
+        |> json_response_and_validate_schema(200)
 
       [account | _] = results["accounts"]
       assert account["id"] == to_string(user_three.id)
@@ -189,13 +189,13 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       capture_log(fn ->
         {:ok, %{id: activity_id}} =
           CommonAPI.post(insert(:user), %{
-            "status" => "check out https://shitposter.club/notice/2827873"
+            status: "check out https://shitposter.club/notice/2827873"
           })
 
         results =
           conn
-          |> get("/api/v1/search", %{"q" => "https://shitposter.club/notice/2827873"})
-          |> json_response(200)
+          |> get("/api/v1/search?q=https://shitposter.club/notice/2827873")
+          |> json_response_and_validate_schema(200)
 
         [status, %{"id" => ^activity_id}] = results["statuses"]
 
@@ -207,15 +207,17 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
     test "search doesn't show statuses that it shouldn't", %{conn: conn} do
       {:ok, activity} =
         CommonAPI.post(insert(:user), %{
-          "status" => "This is about 2hu, but private",
-          "visibility" => "private"
+          status: "This is about 2hu, but private",
+          visibility: "private"
         })
 
       capture_log(fn ->
+        q = Object.normalize(activity).data["id"]
+
         results =
           conn
-          |> get("/api/v1/search", %{"q" => Object.normalize(activity).data["id"]})
-          |> json_response(200)
+          |> get("/api/v1/search?q=#{q}")
+          |> json_response_and_validate_schema(200)
 
         [] = results["statuses"]
       end)
@@ -228,8 +230,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
         conn
         |> assign(:user, user)
         |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"]))
-        |> get("/api/v1/search", %{"q" => "mike@osada.macgirvin.com", "resolve" => "true"})
-        |> json_response(200)
+        |> get("/api/v1/search?q=mike@osada.macgirvin.com&resolve=true")
+        |> json_response_and_validate_schema(200)
 
       [account] = results["accounts"]
       assert account["acct"] == "mike@osada.macgirvin.com"
@@ -238,8 +240,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
     test "search doesn't fetch remote accounts if resolve is false", %{conn: conn} do
       results =
         conn
-        |> get("/api/v1/search", %{"q" => "mike@osada.macgirvin.com", "resolve" => "false"})
-        |> json_response(200)
+        |> get("/api/v1/search?q=mike@osada.macgirvin.com&resolve=false")
+        |> json_response_and_validate_schema(200)
 
       assert [] == results["accounts"]
     end
@@ -249,21 +251,21 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       _user_two = insert(:user, %{nickname: "shp@shitposter.club"})
       _user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
 
-      {:ok, _activity1} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
-      {:ok, _activity2} = CommonAPI.post(user, %{"status" => "This is also about 2hu"})
+      {:ok, _activity1} = CommonAPI.post(user, %{status: "This is about 2hu"})
+      {:ok, _activity2} = CommonAPI.post(user, %{status: "This is also about 2hu"})
 
       result =
         conn
-        |> get("/api/v1/search", %{"q" => "2hu", "limit" => 1})
+        |> get("/api/v1/search?q=2hu&limit=1")
 
-      assert results = json_response(result, 200)
+      assert results = json_response_and_validate_schema(result, 200)
       assert [%{"id" => activity_id1}] = results["statuses"]
       assert [_] = results["accounts"]
 
       results =
         conn
-        |> get("/api/v1/search", %{"q" => "2hu", "limit" => 1, "offset" => 1})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu&limit=1&offset=1")
+        |> json_response_and_validate_schema(200)
 
       assert [%{"id" => activity_id2}] = results["statuses"]
       assert [] = results["accounts"]
@@ -275,30 +277,30 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       user = insert(:user)
       _user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
 
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "This is about 2hu"})
 
       assert %{"statuses" => [_activity], "accounts" => [], "hashtags" => []} =
                conn
-               |> get("/api/v1/search", %{"q" => "2hu", "type" => "statuses"})
-               |> json_response(200)
+               |> get("/api/v1/search?q=2hu&type=statuses")
+               |> json_response_and_validate_schema(200)
 
       assert %{"statuses" => [], "accounts" => [_user_two], "hashtags" => []} =
                conn
-               |> get("/api/v1/search", %{"q" => "2hu", "type" => "accounts"})
-               |> json_response(200)
+               |> get("/api/v1/search?q=2hu&type=accounts")
+               |> json_response_and_validate_schema(200)
     end
 
     test "search uses account_id to filter statuses by the author", %{conn: conn} do
       user = insert(:user, %{nickname: "shp@shitposter.club"})
       user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
 
-      {:ok, activity1} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
-      {:ok, activity2} = CommonAPI.post(user_two, %{"status" => "This is also about 2hu"})
+      {:ok, activity1} = CommonAPI.post(user, %{status: "This is about 2hu"})
+      {:ok, activity2} = CommonAPI.post(user_two, %{status: "This is also about 2hu"})
 
       results =
         conn
-        |> get("/api/v1/search", %{"q" => "2hu", "account_id" => user.id})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu&account_id=#{user.id}")
+        |> json_response_and_validate_schema(200)
 
       assert [%{"id" => activity_id1}] = results["statuses"]
       assert activity_id1 == activity1.id
@@ -306,8 +308,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
 
       results =
         conn
-        |> get("/api/v1/search", %{"q" => "2hu", "account_id" => user_two.id})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu&account_id=#{user_two.id}")
+        |> json_response_and_validate_schema(200)
 
       assert [%{"id" => activity_id2}] = results["statuses"]
       assert activity_id2 == activity2.id

test/web/mastodon_api/controllers/subscription_controller_test.exs

@@ -6,6 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
   use Pleroma.Web.ConnCase
 
   import Pleroma.Factory
+
   alias Pleroma.Web.Push
   alias Pleroma.Web.Push.Subscription
 
@@ -27,6 +28,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       build_conn()
       |> assign(:user, user)
       |> assign(:token, token)
+      |> put_req_header("content-type", "application/json")
 
     %{conn: conn, user: user, token: token}
   end
@@ -35,7 +37,10 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
     quote do
       vapid_details = Application.get_env(:web_push_encryption, :vapid_details, [])
       Application.put_env(:web_push_encryption, :vapid_details, [])
-      assert "Something went wrong" == unquote(yield)
+
+      assert %{"error" => "Web push subscription is disabled on this Pleroma instance"} ==
+               unquote(yield)
+
       Application.put_env(:web_push_encryption, :vapid_details, vapid_details)
     end
   end
@@ -44,8 +49,8 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
     test "returns error when push disabled ", %{conn: conn} do
       assert_error_when_disable_push do
         conn
-        |> post("/api/v1/push/subscription", %{})
-        |> json_response(500)
+        |> post("/api/v1/push/subscription", %{subscription: @sub})
+        |> json_response_and_validate_schema(403)
       end
     end
 
@@ -56,7 +61,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
           "data" => %{"alerts" => %{"mention" => true, "test" => true}},
           "subscription" => @sub
         })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       [subscription] = Pleroma.Repo.all(Subscription)
 
@@ -74,7 +79,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> get("/api/v1/push/subscription", %{})
-        |> json_response(500)
+        |> json_response_and_validate_schema(403)
       end
     end
 
@@ -82,9 +87,9 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       res =
         conn
         |> get("/api/v1/push/subscription", %{})
-        |> json_response(404)
+        |> json_response_and_validate_schema(404)
 
-      assert "Not found" == res
+      assert %{"error" => "Record not found"} == res
     end
 
     test "returns a user subsciption", %{conn: conn, user: user, token: token} do
@@ -98,7 +103,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       res =
         conn
         |> get("/api/v1/push/subscription", %{})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       expect = %{
         "alerts" => %{"mention" => true},
@@ -127,7 +132,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> put("/api/v1/push/subscription", %{data: %{"alerts" => %{"mention" => false}}})
-        |> json_response(500)
+        |> json_response_and_validate_schema(403)
       end
     end
 
@@ -137,7 +142,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
         |> put("/api/v1/push/subscription", %{
           data: %{"alerts" => %{"mention" => false, "follow" => true}}
         })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       expect = %{
         "alerts" => %{"follow" => true, "mention" => false},
@@ -155,7 +160,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> delete("/api/v1/push/subscription", %{})
-        |> json_response(500)
+        |> json_response_and_validate_schema(403)
       end
     end
 
@@ -163,9 +168,9 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       res =
         conn
         |> delete("/api/v1/push/subscription", %{})
-        |> json_response(404)
+        |> json_response_and_validate_schema(404)
 
-      assert "Not found" == res
+      assert %{"error" => "Record not found"} == res
     end
 
     test "returns empty result and delete user subsciption", %{
@@ -183,7 +188,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       res =
         conn
         |> delete("/api/v1/push/subscription", %{})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)
 
       assert %{} == res
       refute Pleroma.Repo.get(Subscription, subscription.id)

test/web/mastodon_api/controllers/suggestion_controller_test.exs

@@ -5,41 +5,13 @@
 defmodule Pleroma.Web.MastodonAPI.SuggestionControllerTest do
   use Pleroma.Web.ConnCase
 
-  alias Pleroma.Config
-
-  import Pleroma.Factory
-  import Tesla.Mock
-
   setup do: oauth_access(["read"])
 
-  setup %{user: user} do
-    other_user = insert(:user)
-    host = Config.get([Pleroma.Web.Endpoint, :url, :host])
-    url500 = "http://test500?#{host}&#{user.nickname}"
-    url200 = "http://test200?#{host}&#{user.nickname}"
-
-    mock(fn
-      %{method: :get, url: ^url500} ->
-        %Tesla.Env{status: 500, body: "bad request"}
-
-      %{method: :get, url: ^url200} ->
-        %Tesla.Env{
-          status: 200,
-          body:
-            ~s([{"acct":"yj455","avatar":"https://social.heldscal.la/avatar/201.jpeg","avatar_static":"https://social.heldscal.la/avatar/s/201.jpeg"}, {"acct":"#{
-              other_user.ap_id
-            }","avatar":"https://social.heldscal.la/avatar/202.jpeg","avatar_static":"https://social.heldscal.la/avatar/s/202.jpeg"}])
-        }
-    end)
-
-    [other_user: other_user]
-  end
-
   test "returns empty result", %{conn: conn} do
     res =
       conn
       |> get("/api/v1/suggestions")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)
 
     assert res == []
   end

test/web/mastodon_api/controllers/timeline_controller_test.exs

@@ -20,35 +20,104 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
   describe "home" do
     setup do: oauth_access(["read:statuses"])
 
+    test "does NOT render account/pleroma/relationship if this is disabled by default", %{
+      user: user,
+      conn: conn
+    } do
+      clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
+
+      other_user = insert(:user)
+
+      {:ok, _} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+
+      response =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/timelines/home")
+        |> json_response_and_validate_schema(200)
+
+      assert Enum.all?(response, fn n ->
+               get_in(n, ["account", "pleroma", "relationship"]) == %{}
+             end)
+    end
+
     test "the home timeline", %{user: user, conn: conn} do
-      following = insert(:user)
+      uri = "/api/v1/timelines/home?with_relationships=1"
 
-      {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+      following = insert(:user, nickname: "followed")
+      third_user = insert(:user, nickname: "repeated")
 
-      ret_conn = get(conn, "/api/v1/timelines/home")
+      {:ok, _activity} = CommonAPI.post(following, %{status: "post"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "repeated post"})
+      {:ok, _, _} = CommonAPI.repeat(activity.id, following)
 
-      assert Enum.empty?(json_response(ret_conn, :ok))
+      ret_conn = get(conn, uri)
+
+      assert Enum.empty?(json_response_and_validate_schema(ret_conn, :ok))
 
       {:ok, _user} = User.follow(user, following)
 
-      conn = get(conn, "/api/v1/timelines/home")
+      ret_conn = get(conn, uri)
 
-      assert [%{"content" => "test"}] = json_response(conn, :ok)
+      assert [
+               %{
+                 "reblog" => %{
+                   "content" => "repeated post",
+                   "account" => %{
+                     "pleroma" => %{
+                       "relationship" => %{"following" => false, "followed_by" => false}
+                     }
+                   }
+                 },
+                 "account" => %{"pleroma" => %{"relationship" => %{"following" => true}}}
+               },
+               %{
+                 "content" => "post",
+                 "account" => %{
+                   "acct" => "followed",
+                   "pleroma" => %{"relationship" => %{"following" => true}}
+                 }
+               }
+             ] = json_response_and_validate_schema(ret_conn, :ok)
+
+      {:ok, _user} = User.follow(third_user, user)
+
+      ret_conn = get(conn, uri)
+
+      assert [
+               %{
+                 "reblog" => %{
+                   "content" => "repeated post",
+                   "account" => %{
+                     "acct" => "repeated",
+                     "pleroma" => %{
+                       "relationship" => %{"following" => false, "followed_by" => true}
+                     }
+                   }
+                 },
+                 "account" => %{"pleroma" => %{"relationship" => %{"following" => true}}}
+               },
+               %{
+                 "content" => "post",
+                 "account" => %{
+                   "acct" => "followed",
+                   "pleroma" => %{"relationship" => %{"following" => true}}
+                 }
+               }
+             ] = json_response_and_validate_schema(ret_conn, :ok)
     end
 
     test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do
-      {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
-      {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+      {:ok, public_activity} = CommonAPI.post(user, %{status: ".", visibility: "public"})
+      {:ok, direct_activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"})
 
-      {:ok, unlisted_activity} =
-        CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
+      {:ok, unlisted_activity} = CommonAPI.post(user, %{status: ".", visibility: "unlisted"})
 
-      {:ok, private_activity} =
-        CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
+      {:ok, private_activity} = CommonAPI.post(user, %{status: ".", visibility: "private"})
 
-      conn = get(conn, "/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
+      conn = get(conn, "/api/v1/timelines/home?exclude_visibilities[]=direct")
 
-      assert status_ids = json_response(conn, :ok) |> Enum.map(& &1["id"])
+      assert status_ids = json_response_and_validate_schema(conn, :ok) |> Enum.map(& &1["id"])
       assert public_activity.id in status_ids
       assert unlisted_activity.id in status_ids
       assert private_activity.id in status_ids
@@ -61,33 +130,33 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     test "the public timeline", %{conn: conn} do
       following = insert(:user)
 
-      {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+      {:ok, _activity} = CommonAPI.post(following, %{status: "test"})
 
       _activity = insert(:note_activity, local: false)
 
-      conn = get(conn, "/api/v1/timelines/public", %{"local" => "False"})
+      conn = get(conn, "/api/v1/timelines/public?local=False")
 
-      assert length(json_response(conn, :ok)) == 2
+      assert length(json_response_and_validate_schema(conn, :ok)) == 2
 
-      conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "True"})
+      conn = get(build_conn(), "/api/v1/timelines/public?local=True")
 
-      assert [%{"content" => "test"}] = json_response(conn, :ok)
+      assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok)
 
-      conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "1"})
+      conn = get(build_conn(), "/api/v1/timelines/public?local=1")
 
-      assert [%{"content" => "test"}] = json_response(conn, :ok)
+      assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok)
     end
 
     test "the public timeline includes only public statuses for an authenticated user" do
       %{user: user, conn: conn} = oauth_access(["read:statuses"])
 
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "private"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "unlisted"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "direct"})
 
       res_conn = get(conn, "/api/v1/timelines/public")
-      assert length(json_response(res_conn, 200)) == 1
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1
     end
   end
 
@@ -105,15 +174,15 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
 
     test "if user is unauthenticated", %{conn: conn} do
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
 
-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
                "error" => "authorization required for timeline view"
              }
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
 
-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
                "error" => "authorization required for timeline view"
              }
     end
@@ -121,11 +190,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     test "if user is authenticated" do
       %{conn: conn} = oauth_access(["read:statuses"])
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
     end
   end
 
@@ -135,24 +204,24 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
 
     test "if user is unauthenticated", %{conn: conn} do
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
 
-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
                "error" => "authorization required for timeline view"
              }
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
     end
 
     test "if user is authenticated", %{conn: _conn} do
       %{conn: conn} = oauth_access(["read:statuses"])
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
     end
   end
 
@@ -162,12 +231,12 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
 
     test "if user is unauthenticated", %{conn: conn} do
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
 
-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
                "error" => "authorization required for timeline view"
              }
     end
@@ -175,11 +244,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     test "if user is authenticated", %{conn: _conn} do
       %{conn: conn} = oauth_access(["read:statuses"])
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1
 
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
     end
   end
 
@@ -192,14 +261,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
 
       {:ok, direct} =
         CommonAPI.post(user_one, %{
-          "status" => "Hi @#{user_two.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{user_two.nickname}!",
+          visibility: "direct"
         })
 
       {:ok, _follower_only} =
         CommonAPI.post(user_one, %{
-          "status" => "Hi @#{user_two.nickname}!",
-          "visibility" => "private"
+          status: "Hi @#{user_two.nickname}!",
+          visibility: "private"
         })
 
       conn_user_two =
@@ -210,7 +279,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
       # Only direct should be visible here
       res_conn = get(conn_user_two, "api/v1/timelines/direct")
 
-      [status] = json_response(res_conn, :ok)
+      assert [status] = json_response_and_validate_schema(res_conn, :ok)
 
       assert %{"visibility" => "direct"} = status
       assert status["url"] != direct.data["id"]
@@ -222,33 +291,34 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
         |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
         |> get("api/v1/timelines/direct")
 
-      [status] = json_response(res_conn, :ok)
+      [status] = json_response_and_validate_schema(res_conn, :ok)
 
       assert %{"visibility" => "direct"} = status
 
       # Both should be visible here
       res_conn = get(conn_user_two, "api/v1/timelines/home")
 
-      [_s1, _s2] = json_response(res_conn, :ok)
+      [_s1, _s2] = json_response_and_validate_schema(res_conn, :ok)
 
       # Test pagination
       Enum.each(1..20, fn _ ->
         {:ok, _} =
           CommonAPI.post(user_one, %{
-            "status" => "Hi @#{user_two.nickname}!",
-            "visibility" => "direct"
+            status: "Hi @#{user_two.nickname}!",
+            visibility: "direct"
           })
       end)
 
       res_conn = get(conn_user_two, "api/v1/timelines/direct")
 
-      statuses = json_response(res_conn, :ok)
+      statuses = json_response_and_validate_schema(res_conn, :ok)
       assert length(statuses) == 20
 
-      res_conn =
-        get(conn_user_two, "api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
+      max_id = List.last(statuses)["id"]
 
-      [status] = json_response(res_conn, :ok)
+      res_conn = get(conn_user_two, "api/v1/timelines/direct?max_id=#{max_id}")
+
+      assert [status] = json_response_and_validate_schema(res_conn, :ok)
 
       assert status["url"] != direct.data["id"]
     end
@@ -261,19 +331,19 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
 
       {:ok, _blocked_direct} =
         CommonAPI.post(blocked, %{
-          "status" => "Hi @#{blocker.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{blocker.nickname}!",
+          visibility: "direct"
         })
 
       {:ok, direct} =
         CommonAPI.post(other_user, %{
-          "status" => "Hi @#{blocker.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{blocker.nickname}!",
+          visibility: "direct"
         })
 
       res_conn = get(conn, "api/v1/timelines/direct")
 
-      [status] = json_response(res_conn, :ok)
+      [status] = json_response_and_validate_schema(res_conn, :ok)
       assert status["id"] == direct.id
     end
   end
@@ -283,14 +353,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
 
     test "list timeline", %{user: user, conn: conn} do
       other_user = insert(:user)
-      {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
-      {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
+      {:ok, _activity_one} = CommonAPI.post(user, %{status: "Marisa is cute."})
+      {:ok, activity_two} = CommonAPI.post(other_user, %{status: "Marisa is cute."})
       {:ok, list} = Pleroma.List.create("name", user)
       {:ok, list} = Pleroma.List.follow(list, other_user)
 
       conn = get(conn, "/api/v1/timelines/list/#{list.id}")
 
-      assert [%{"id" => id}] = json_response(conn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok)
 
       assert id == to_string(activity_two.id)
     end
@@ -300,12 +370,12 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
       conn: conn
     } do
       other_user = insert(:user)
-      {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
+      {:ok, activity_one} = CommonAPI.post(other_user, %{status: "Marisa is cute."})
 
       {:ok, _activity_two} =
         CommonAPI.post(other_user, %{
-          "status" => "Marisa is cute.",
-          "visibility" => "private"
+          status: "Marisa is cute.",
+          visibility: "private"
         })
 
       {:ok, list} = Pleroma.List.create("name", user)
@@ -313,7 +383,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
 
       conn = get(conn, "/api/v1/timelines/list/#{list.id}")
 
-      assert [%{"id" => id}] = json_response(conn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok)
 
       assert id == to_string(activity_one.id)
     end
@@ -326,18 +396,18 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     test "hashtag timeline", %{conn: conn} do
       following = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"})
+      {:ok, activity} = CommonAPI.post(following, %{status: "test #2hu"})
 
       nconn = get(conn, "/api/v1/timelines/tag/2hu")
 
-      assert [%{"id" => id}] = json_response(nconn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok)
 
       assert id == to_string(activity.id)
 
       # works for different capitalization too
       nconn = get(conn, "/api/v1/timelines/tag/2HU")
 
-      assert [%{"id" => id}] = json_response(nconn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok)
 
       assert id == to_string(activity.id)
     end
@@ -345,26 +415,25 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
     test "multi-hashtag timeline", %{conn: conn} do
       user = insert(:user)
 
-      {:ok, activity_test} = CommonAPI.post(user, %{"status" => "#test"})
-      {:ok, activity_test1} = CommonAPI.post(user, %{"status" => "#test #test1"})
-      {:ok, activity_none} = CommonAPI.post(user, %{"status" => "#test #none"})
+      {:ok, activity_test} = CommonAPI.post(user, %{status: "#test"})
+      {:ok, activity_test1} = CommonAPI.post(user, %{status: "#test #test1"})
+      {:ok, activity_none} = CommonAPI.post(user, %{status: "#test #none"})
 
-      any_test = get(conn, "/api/v1/timelines/tag/test", %{"any" => ["test1"]})
+      any_test = get(conn, "/api/v1/timelines/tag/test?any[]=test1")
 
-      [status_none, status_test1, status_test] = json_response(any_test, :ok)
+      [status_none, status_test1, status_test] = json_response_and_validate_schema(any_test, :ok)
 
       assert to_string(activity_test.id) == status_test["id"]
       assert to_string(activity_test1.id) == status_test1["id"]
       assert to_string(activity_none.id) == status_none["id"]
 
-      restricted_test =
-        get(conn, "/api/v1/timelines/tag/test", %{"all" => ["test1"], "none" => ["none"]})
+      restricted_test = get(conn, "/api/v1/timelines/tag/test?all[]=test1&none[]=none")
 
-      assert [status_test1] == json_response(restricted_test, :ok)
+      assert [status_test1] == json_response_and_validate_schema(restricted_test, :ok)
 
-      all_test = get(conn, "/api/v1/timelines/tag/test", %{"all" => ["none"]})
+      all_test = get(conn, "/api/v1/timelines/tag/test?all[]=none")
 
-      assert [status_none] == json_response(all_test, :ok)
+      assert [status_none] == json_response_and_validate_schema(all_test, :ok)
     end
   end
 end

test/web/mastodon_api/mastodon_api_controller_test.exs

@@ -7,35 +7,28 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
   describe "empty_array/2 (stubs)" do
     test "GET /api/v1/accounts/:id/identity_proofs" do
-      %{user: user, conn: conn} = oauth_access(["n/a"])
+      %{user: user, conn: conn} = oauth_access(["read:accounts"])
 
-      res =
-        conn
-        |> assign(:user, user)
-        |> get("/api/v1/accounts/#{user.id}/identity_proofs")
-        |> json_response(200)
-
-      assert res == []
+      assert [] ==
+               conn
+               |> get("/api/v1/accounts/#{user.id}/identity_proofs")
+               |> json_response(200)
     end
 
     test "GET /api/v1/endorsements" do
       %{conn: conn} = oauth_access(["read:accounts"])
 
-      res =
-        conn
-        |> get("/api/v1/endorsements")
-        |> json_response(200)
-
-      assert res == []
+      assert [] ==
+               conn
+               |> get("/api/v1/endorsements")
+               |> json_response(200)
     end
 
     test "GET /api/v1/trends", %{conn: conn} do
-      res =
-        conn
-        |> get("/api/v1/trends")
-        |> json_response(200)
-
-      assert res == []
+      assert [] ==
+               conn
+               |> get("/api/v1/trends")
+               |> json_response(200)
     end
   end
 end

test/web/mastodon_api/mastodon_api_test.exs

@@ -75,9 +75,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPITest do
 
       User.subscribe(subscriber, user)
 
-      {:ok, status} = CommonAPI.post(user, %{"status" => "Akariiiin"})
+      {:ok, status} = CommonAPI.post(user, %{status: "Akariiiin"})
 
-      {:ok, status1} = CommonAPI.post(user, %{"status" => "Magi"})
+      {:ok, status1} = CommonAPI.post(user, %{status: "Magi"})
       {:ok, [notification]} = Notification.create_notifications(status)
       {:ok, [notification1]} = Notification.create_notifications(status1)
       res = MastodonAPI.get_notifications(subscriber)

test/web/mastodon_api/views/account_view_test.exs

@@ -4,22 +4,21 @@
 
 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
   use Pleroma.DataCase
-  import Pleroma.Factory
+
   alias Pleroma.User
+  alias Pleroma.UserRelationship
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.MastodonAPI.AccountView
 
-  test "Represent a user account" do
-    source_data = %{
-      "tag" => [
-        %{
-          "type" => "Emoji",
-          "icon" => %{"url" => "/file.png"},
-          "name" => ":karjalanpiirakka:"
-        }
-      ]
-    }
+  import Pleroma.Factory
+  import Tesla.Mock
 
+  setup do
+    mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  test "Represent a user account" do
     background_image = %{
       "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
     }
@@ -28,13 +27,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       insert(:user, %{
         follower_count: 3,
         note_count: 5,
-        source_data: source_data,
         background: background_image,
         nickname: "shp@shitposter.club",
         name: ":karjalanpiirakka: shp",
         bio:
-          "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f",
-        inserted_at: ~N[2017-08-15 15:47:06.597036]
+          "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
+        inserted_at: ~N[2017-08-15 15:47:06.597036],
+        emoji: %{"karjalanpiirakka" => "/file.png"}
       })
 
     expected = %{
@@ -47,7 +46,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       followers_count: 3,
       following_count: 0,
       statuses_count: 5,
-      note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f",
+      note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f &#39;&amp;&lt;&gt;&quot;",
       url: user.ap_id,
       avatar: "http://localhost:4001/images/avi.png",
       avatar_static: "http://localhost:4001/images/avi.png",
@@ -64,7 +63,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       fields: [],
       bot: false,
       source: %{
-        note: "valid html. a\nb\nc\nd\nf",
+        note: "valid html. a\nb\nc\nd\nf '&<>\"",
         sensitive: false,
         pleroma: %{
           actor_type: "Person",
@@ -94,7 +93,14 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
   test "Represent the user account for the account owner" do
     user = insert(:user)
 
-    notification_settings = %Pleroma.User.NotificationSetting{}
+    notification_settings = %{
+      followers: true,
+      follows: true,
+      non_followers: true,
+      non_follows: true,
+      privacy_option: false
+    }
+
     privacy = user.default_scope
 
     assert %{
@@ -108,7 +114,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       insert(:user, %{
         follower_count: 3,
         note_count: 5,
-        source_data: %{},
         actor_type: "Service",
         nickname: "shp@shitposter.club",
         inserted_at: ~N[2017-08-15 15:47:06.597036]
@@ -161,6 +166,17 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
     assert expected == AccountView.render("show.json", %{user: user})
   end
 
+  test "Represent a Funkwhale channel" do
+    {:ok, user} =
+      User.get_or_fetch_by_ap_id(
+        "https://channels.tests.funkwhale.audio/federation/actors/compositions"
+      )
+
+    assert represented = AccountView.render("show.json", %{user: user})
+    assert represented.acct == "compositions@channels.tests.funkwhale.audio"
+    assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
+  end
+
   test "Represent a deactivated user for an admin" do
     admin = insert(:user, is_admin: true)
     deactivated_user = insert(:user, deactivated: true)
@@ -182,6 +198,32 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
   end
 
   describe "relationship" do
+    defp test_relationship_rendering(user, other_user, expected_result) do
+      opts = %{user: user, target: other_user, relationships: nil}
+      assert expected_result == AccountView.render("relationship.json", opts)
+
+      relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
+      opts = Map.put(opts, :relationships, relationships_opt)
+      assert expected_result == AccountView.render("relationship.json", opts)
+
+      assert [expected_result] ==
+               AccountView.render("relationships.json", %{user: user, targets: [other_user]})
+    end
+
+    @blank_response %{
+      following: false,
+      followed_by: false,
+      blocking: false,
+      blocked_by: false,
+      muting: false,
+      muting_notifications: false,
+      subscribing: false,
+      requested: false,
+      domain_blocking: false,
+      showing_reblogs: true,
+      endorsed: false
+    }
+
     test "represent a relationship for the following and followed user" do
       user = insert(:user)
       other_user = insert(:user)
@@ -192,23 +234,21 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       {:ok, _user_relationships} = User.mute(user, other_user, true)
       {:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, other_user)
 
-      expected = %{
-        id: to_string(other_user.id),
-        following: true,
-        followed_by: true,
-        blocking: false,
-        blocked_by: false,
-        muting: true,
-        muting_notifications: true,
-        subscribing: true,
-        requested: false,
-        domain_blocking: false,
-        showing_reblogs: false,
-        endorsed: false
-      }
+      expected =
+        Map.merge(
+          @blank_response,
+          %{
+            following: true,
+            followed_by: true,
+            muting: true,
+            muting_notifications: true,
+            subscribing: true,
+            showing_reblogs: false,
+            id: to_string(other_user.id)
+          }
+        )
 
-      assert expected ==
-               AccountView.render("relationship.json", %{user: user, target: other_user})
+      test_relationship_rendering(user, other_user, expected)
     end
 
     test "represent a relationship for the blocking and blocked user" do
@@ -220,23 +260,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       {:ok, _user_relationship} = User.block(user, other_user)
       {:ok, _user_relationship} = User.block(other_user, user)
 
-      expected = %{
-        id: to_string(other_user.id),
-        following: false,
-        followed_by: false,
-        blocking: true,
-        blocked_by: true,
-        muting: false,
-        muting_notifications: false,
-        subscribing: false,
-        requested: false,
-        domain_blocking: false,
-        showing_reblogs: true,
-        endorsed: false
-      }
+      expected =
+        Map.merge(
+          @blank_response,
+          %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
+        )
 
-      assert expected ==
-               AccountView.render("relationship.json", %{user: user, target: other_user})
+      test_relationship_rendering(user, other_user, expected)
     end
 
     test "represent a relationship for the user blocking a domain" do
@@ -245,8 +275,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
 
       {:ok, user} = User.block_domain(user, "bad.site")
 
-      assert %{domain_blocking: true, blocking: false} =
-               AccountView.render("relationship.json", %{user: user, target: other_user})
+      expected =
+        Map.merge(
+          @blank_response,
+          %{domain_blocking: true, blocking: false, id: to_string(other_user.id)}
+        )
+
+      test_relationship_rendering(user, other_user, expected)
     end
 
     test "represent a relationship for the user with a pending follow request" do
@@ -257,23 +292,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       user = User.get_cached_by_id(user.id)
       other_user = User.get_cached_by_id(other_user.id)
 
-      expected = %{
-        id: to_string(other_user.id),
-        following: false,
-        followed_by: false,
-        blocking: false,
-        blocked_by: false,
-        muting: false,
-        muting_notifications: false,
-        subscribing: false,
-        requested: true,
-        domain_blocking: false,
-        showing_reblogs: true,
-        endorsed: false
-      }
+      expected =
+        Map.merge(
+          @blank_response,
+          %{requested: true, following: false, id: to_string(other_user.id)}
+        )
 
-      assert expected ==
-               AccountView.render("relationship.json", %{user: user, target: other_user})
+      test_relationship_rendering(user, other_user, expected)
     end
   end
 
@@ -282,7 +307,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       insert(:user, %{
         follower_count: 0,
         note_count: 5,
-        source_data: %{},
         actor_type: "Service",
         nickname: "shp@shitposter.club",
         inserted_at: ~N[2017-08-15 15:47:06.597036]
@@ -435,8 +459,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
 
       {:ok, _activity} =
         CommonAPI.post(other_user, %{
-          "status" => "Hey @#{user.nickname}.",
-          "visibility" => "direct"
+          status: "Hey @#{user.nickname}.",
+          visibility: "direct"
         })
 
       user = User.get_cached_by_ap_id(user.ap_id)
@@ -449,6 +473,24 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
                :unread_conversation_count
              ] == 1
     end
+
+    test "shows unread_count only to the account owner" do
+      user = insert(:user)
+      insert_list(7, :notification, user: user)
+      other_user = insert(:user)
+
+      user = User.get_cached_by_ap_id(user.ap_id)
+
+      assert AccountView.render(
+               "show.json",
+               %{user: user, for: other_user}
+             )[:pleroma][:unread_notifications_count] == nil
+
+      assert AccountView.render(
+               "show.json",
+               %{user: user, for: user}
+             )[:pleroma][:unread_notifications_count] == 7
+    end
   end
 
   describe "follow requests counter" do

test/web/mastodon_api/views/conversation_view_test.exs

@@ -16,7 +16,7 @@ defmodule Pleroma.Web.MastodonAPI.ConversationViewTest do
     other_user = insert(:user)
 
     {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "hey @#{other_user.nickname}", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "hey @#{other_user.nickname}", visibility: "direct"})
 
     [participation] = Participation.for_user_with_last_activity_id(user)
 

test/web/mastodon_api/views/marker_view_test.exs

@@ -8,19 +8,21 @@ defmodule Pleroma.Web.MastodonAPI.MarkerViewTest do
   import Pleroma.Factory
 
   test "returns markers" do
-    marker1 = insert(:marker, timeline: "notifications", last_read_id: "17")
+    marker1 = insert(:marker, timeline: "notifications", last_read_id: "17", unread_count: 5)
     marker2 = insert(:marker, timeline: "home", last_read_id: "42")
 
     assert MarkerView.render("markers.json", %{markers: [marker1, marker2]}) == %{
              "home" => %{
                last_read_id: "42",
                updated_at: NaiveDateTime.to_iso8601(marker2.updated_at),
-               version: 0
+               version: 0,
+               pleroma: %{unread_count: 0}
              },
              "notifications" => %{
                last_read_id: "17",
                updated_at: NaiveDateTime.to_iso8601(marker1.updated_at),
-               version: 0
+               version: 0,
+               pleroma: %{unread_count: 5}
              }
            }
   end

test/web/mastodon_api/views/notification_view_test.exs

@@ -16,10 +16,25 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
   alias Pleroma.Web.MastodonAPI.StatusView
   import Pleroma.Factory
 
+  defp test_notifications_rendering(notifications, user, expected_result) do
+    result = NotificationView.render("index.json", %{notifications: notifications, for: user})
+
+    assert expected_result == result
+
+    result =
+      NotificationView.render("index.json", %{
+        notifications: notifications,
+        for: user,
+        relationships: nil
+      })
+
+    assert expected_result == result
+  end
+
   test "Mention notification" do
     user = insert(:user)
     mentioned_user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hey @#{mentioned_user.nickname}"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hey @#{mentioned_user.nickname}"})
     {:ok, [notification]} = Notification.create_notifications(activity)
     user = User.get_cached_by_id(user.id)
 
@@ -32,17 +47,14 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       created_at: Utils.to_masto_date(notification.inserted_at)
     }
 
-    result =
-      NotificationView.render("index.json", %{notifications: [notification], for: mentioned_user})
-
-    assert [expected] == result
+    test_notifications_rendering([notification], mentioned_user, [expected])
   end
 
   test "Favourite notification" do
     user = insert(:user)
     another_user = insert(:user)
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
-    {:ok, favorite_activity, _object} = CommonAPI.favorite(create_activity.id, another_user)
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
+    {:ok, favorite_activity} = CommonAPI.favorite(another_user, create_activity.id)
     {:ok, [notification]} = Notification.create_notifications(favorite_activity)
     create_activity = Activity.get_by_id(create_activity.id)
 
@@ -55,15 +67,13 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       created_at: Utils.to_masto_date(notification.inserted_at)
     }
 
-    result = NotificationView.render("index.json", %{notifications: [notification], for: user})
-
-    assert [expected] == result
+    test_notifications_rendering([notification], user, [expected])
   end
 
   test "Reblog notification" do
     user = insert(:user)
     another_user = insert(:user)
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
     {:ok, reblog_activity, _object} = CommonAPI.repeat(create_activity.id, another_user)
     {:ok, [notification]} = Notification.create_notifications(reblog_activity)
     reblog_activity = Activity.get_by_id(create_activity.id)
@@ -77,9 +87,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       created_at: Utils.to_masto_date(notification.inserted_at)
     }
 
-    result = NotificationView.render("index.json", %{notifications: [notification], for: user})
-
-    assert [expected] == result
+    test_notifications_rendering([notification], user, [expected])
   end
 
   test "Follow notification" do
@@ -96,23 +104,32 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       created_at: Utils.to_masto_date(notification.inserted_at)
     }
 
-    result =
-      NotificationView.render("index.json", %{notifications: [notification], for: followed})
-
-    assert [expected] == result
+    test_notifications_rendering([notification], followed, [expected])
 
     User.perform(:delete, follower)
     notification = Notification |> Repo.one() |> Repo.preload(:activity)
 
-    assert [] ==
-             NotificationView.render("index.json", %{notifications: [notification], for: followed})
+    test_notifications_rendering([notification], followed, [])
   end
 
+  @tag capture_log: true
   test "Move notification" do
     old_user = insert(:user)
     new_user = insert(:user, also_known_as: [old_user.ap_id])
     follower = insert(:user)
 
+    old_user_url = old_user.ap_id
+
+    body =
+      File.read!("test/fixtures/users_mock/localhost.json")
+      |> String.replace("{{nickname}}", old_user.nickname)
+      |> Jason.encode!()
+
+    Tesla.Mock.mock(fn
+      %{method: :get, url: ^old_user_url} ->
+        %Tesla.Env{status: 200, body: body}
+    end)
+
     User.follow(follower, old_user)
     Pleroma.Web.ActivityPub.ActivityPub.move(old_user, new_user)
     Pleroma.Tests.ObanHelpers.perform_all()
@@ -131,16 +148,15 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       created_at: Utils.to_masto_date(notification.inserted_at)
     }
 
-    assert [expected] ==
-             NotificationView.render("index.json", %{notifications: [notification], for: follower})
+    test_notifications_rendering([notification], follower, [expected])
   end
 
   test "EmojiReact notification" do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-    {:ok, _activity, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+    {:ok, _activity} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
 
     activity = Repo.get(Activity, activity.id)
 
@@ -158,7 +174,6 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       created_at: Utils.to_masto_date(notification.inserted_at)
     }
 
-    assert expected ==
-             NotificationView.render("show.json", %{notification: notification, for: user})
+    test_notifications_rendering([notification], user, [expected])
   end
 end

test/web/mastodon_api/views/poll_view_test.exs

@@ -22,10 +22,10 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "Is Tenshi eating a corndog cute?",
-        "poll" => %{
-          "options" => ["absolutely!", "sure", "yes", "why are you even asking?"],
-          "expires_in" => 20
+        status: "Is Tenshi eating a corndog cute?",
+        poll: %{
+          options: ["absolutely!", "sure", "yes", "why are you even asking?"],
+          expires_in: 20
         }
       })
 
@@ -43,7 +43,8 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do
         %{title: "why are you even asking?", votes_count: 0}
       ],
       voted: false,
-      votes_count: 0
+      votes_count: 0,
+      voters_count: nil
     }
 
     result = PollView.render("show.json", %{object: object})
@@ -61,17 +62,28 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "Which Mastodon developer is your favourite?",
-        "poll" => %{
-          "options" => ["Gargron", "Eugen"],
-          "expires_in" => 20,
-          "multiple" => true
+        status: "Which Mastodon developer is your favourite?",
+        poll: %{
+          options: ["Gargron", "Eugen"],
+          expires_in: 20,
+          multiple: true
         }
       })
 
+    voter = insert(:user)
+
     object = Object.normalize(activity)
 
-    assert %{multiple: true} = PollView.render("show.json", %{object: object})
+    {:ok, _votes, object} = CommonAPI.vote(voter, object, [0, 1])
+
+    assert match?(
+             %{
+               multiple: true,
+               voters_count: 1,
+               votes_count: 2
+             },
+             PollView.render("show.json", %{object: object})
+           )
   end
 
   test "detects emoji" do
@@ -79,10 +91,10 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "What's with the smug face?",
-        "poll" => %{
-          "options" => [":blank: sip", ":blank::blank: sip", ":blank::blank::blank: sip"],
-          "expires_in" => 20
+        status: "What's with the smug face?",
+        poll: %{
+          options: [":blank: sip", ":blank::blank: sip", ":blank::blank::blank: sip"],
+          expires_in: 20
         }
       })
 
@@ -97,11 +109,11 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "Which input devices do you use?",
-        "poll" => %{
-          "options" => ["mouse", "trackball", "trackpoint"],
-          "multiple" => true,
-          "expires_in" => 20
+        status: "Which input devices do you use?",
+        poll: %{
+          options: ["mouse", "trackball", "trackpoint"],
+          multiple: true,
+          expires_in: 20
         }
       })
 

test/web/mastodon_api/views/scheduled_activity_view_test.exs

@@ -14,7 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do
 
   test "A scheduled activity with a media attachment" do
     user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hi"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hi"})
 
     scheduled_at =
       NaiveDateTime.utc_now()
@@ -47,7 +47,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do
     expected = %{
       id: to_string(scheduled_activity.id),
       media_attachments:
-        %{"media_ids" => [upload.id]}
+        %{media_ids: [upload.id]}
         |> Utils.attachments_from_ids()
         |> Enum.map(&StatusView.render("attachment.json", %{attachment: &1})),
       params: %{

test/web/mastodon_api/views/status_view_test.exs

@@ -12,12 +12,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   alias Pleroma.Object
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.UserRelationship
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.CommonAPI.Utils
   alias Pleroma.Web.MastodonAPI.AccountView
   alias Pleroma.Web.MastodonAPI.StatusView
+
   import Pleroma.Factory
   import Tesla.Mock
+  import OpenApiSpex.TestAssertions
 
   setup do
     mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -28,14 +31,16 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     user = insert(:user)
     other_user = insert(:user)
     third_user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "dae cofe??"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "dae cofe??"})
 
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, user, "☕")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, third_user, "🍵")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, third_user, "🍵")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
     activity = Repo.get(Activity, activity.id)
     status = StatusView.render("show.json", activity: activity)
 
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
+
     assert status[:pleroma][:emoji_reactions] == [
              %{name: "☕", count: 2, me: false},
              %{name: "🍵", count: 1, me: false}
@@ -43,6 +48,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     status = StatusView.render("show.json", activity: activity, for: user)
 
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
+
     assert status[:pleroma][:emoji_reactions] == [
              %{name: "☕", count: 2, me: true},
              %{name: "🍵", count: 1, me: false}
@@ -52,7 +59,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   test "loads and returns the direct conversation id when given the `with_direct_conversation_id` option" do
     user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})
     [participation] = Participation.for_user(user)
 
     status =
@@ -66,12 +73,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     status = StatusView.render("show.json", activity: activity, for: user)
     assert status[:pleroma][:direct_conversation_id] == nil
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "returns the direct conversation id when given the `direct_conversation_id` option" do
     user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})
     [participation] = Participation.for_user(user)
 
     status =
@@ -82,16 +90,34 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       )
 
     assert status[:pleroma][:direct_conversation_id] == participation.id
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "returns a temporary ap_id based user for activities missing db users" do
     user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})
 
     Repo.delete(user)
     Cachex.clear(:user_cache)
 
+    finger_url =
+      "https://localhost/.well-known/webfinger?resource=acct:#{user.nickname}@localhost"
+
+    Tesla.Mock.mock_global(fn
+      %{method: :get, url: "http://localhost/.well-known/host-meta"} ->
+        %Tesla.Env{status: 404, body: ""}
+
+      %{method: :get, url: "https://localhost/.well-known/host-meta"} ->
+        %Tesla.Env{status: 404, body: ""}
+
+      %{
+        method: :get,
+        url: ^finger_url
+      } ->
+        %Tesla.Env{status: 404, body: ""}
+    end)
+
     %{account: ms_user} = StatusView.render("show.json", activity: activity)
 
     assert ms_user.acct == "erroruser@example.com"
@@ -100,7 +126,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   test "tries to get a user by nickname if fetching by ap_id doesn't work" do
     user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})
 
     {:ok, user} =
       user
@@ -112,6 +138,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     result = StatusView.render("show.json", activity: activity)
 
     assert result[:account][:id] == to_string(user.id)
+    assert_schema(result, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "a note with null content" do
@@ -130,6 +157,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     status = StatusView.render("show.json", %{activity: note})
 
     assert status.content == ""
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "a note activity" do
@@ -203,6 +231,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     }
 
     assert status == expected
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "tells if the message is muted for some reason" do
@@ -211,14 +240,25 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     {:ok, _user_relationships} = User.mute(user, other_user)
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "test"})
-    status = StatusView.render("show.json", %{activity: activity})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "test"})
 
+    relationships_opt = UserRelationship.view_relationships_option(user, [other_user])
+
+    opts = %{activity: activity}
+    status = StatusView.render("show.json", opts)
+    assert status.muted == false
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
+
+    status = StatusView.render("show.json", Map.put(opts, :relationships, relationships_opt))
     assert status.muted == false
 
-    status = StatusView.render("show.json", %{activity: activity, for: user})
-
+    for_opts = %{activity: activity, for: user}
+    status = StatusView.render("show.json", for_opts)
     assert status.muted == true
+
+    status = StatusView.render("show.json", Map.put(for_opts, :relationships, relationships_opt))
+    assert status.muted == true
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "tells if the message is thread muted" do
@@ -227,7 +267,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     {:ok, _user_relationships} = User.mute(user, other_user)
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "test"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "test"})
     status = StatusView.render("show.json", %{activity: activity, for: user})
 
     assert status.pleroma.thread_muted == false
@@ -242,7 +282,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   test "tells if the status is bookmarked" do
     user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Cute girls doing cute things"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Cute girls doing cute things"})
     status = StatusView.render("show.json", %{activity: activity})
 
     assert status.bookmarked == false
@@ -264,8 +304,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     note = insert(:note_activity)
     user = insert(:user)
 
-    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "he", "in_reply_to_status_id" => note.id})
+    {:ok, activity} = CommonAPI.post(user, %{status: "he", in_reply_to_status_id: note.id})
 
     status = StatusView.render("show.json", %{activity: activity})
 
@@ -280,12 +319,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     user = insert(:user)
     mentioned = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hi @#{mentioned.nickname}"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hi @#{mentioned.nickname}"})
 
     status = StatusView.render("show.json", %{activity: activity})
 
     assert status.mentions ==
              Enum.map([mentioned], fn u -> AccountView.render("mention.json", %{user: u}) end)
+
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "create mentions from the 'to' field" do
@@ -374,11 +415,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       pleroma: %{mime_type: "image/png"}
     }
 
+    api_spec = Pleroma.Web.ApiSpec.spec()
+
     assert expected == StatusView.render("attachment.json", %{attachment: object})
+    assert_schema(expected, "Attachment", api_spec)
 
     # If theres a "id", use that instead of the generated one
     object = Map.put(object, "id", 2)
-    assert %{id: "2"} = StatusView.render("attachment.json", %{attachment: object})
+    result = StatusView.render("attachment.json", %{attachment: object})
+
+    assert %{id: "2"} = result
+    assert_schema(result, "Attachment", api_spec)
   end
 
   test "put the url advertised in the Activity in to the url attribute" do
@@ -402,6 +449,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     assert represented[:id] == to_string(reblog.id)
     assert represented[:reblog][:id] == to_string(activity.id)
     assert represented[:emojis] == []
+    assert_schema(represented, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "a peertube video" do
@@ -416,6 +464,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     represented = StatusView.render("show.json", %{for: user, activity: activity})
 
+    assert represented[:id] == to_string(activity.id)
+    assert length(represented[:media_attachments]) == 1
+    assert_schema(represented, "Status", Pleroma.Web.ApiSpec.spec())
+  end
+
+  test "funkwhale audio" do
+    user = insert(:user)
+
+    {:ok, object} =
+      Pleroma.Object.Fetcher.fetch_object_from_id(
+        "https://channels.tests.funkwhale.audio/federation/music/uploads/42342395-0208-4fee-a38d-259a6dae0871"
+      )
+
+    %Activity{} = activity = Activity.get_create_by_object_ap_id(object.data["id"])
+
+    represented = StatusView.render("show.json", %{for: user, activity: activity})
+
     assert represented[:id] == to_string(activity.id)
     assert length(represented[:media_attachments]) == 1
   end
@@ -517,13 +582,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "drink more water"
+        status: "drink more water"
       })
 
     result = StatusView.render("show.json", %{activity: activity, for: other_user})
 
     assert result[:account][:pleroma][:relationship] ==
              AccountView.render("relationship.json", %{user: other_user, target: user})
+
+    assert_schema(result, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "embeds a relationship in the account in reposts" do
@@ -532,7 +599,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "˙˙ɐʎns"
+        status: "˙˙ɐʎns"
       })
 
     {:ok, activity, _object} = CommonAPI.repeat(activity.id, other_user)
@@ -544,6 +611,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     assert result[:reblog][:account][:pleroma][:relationship] ==
              AccountView.render("relationship.json", %{user: user, target: user})
+
+    assert_schema(result, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
   test "visibility/list" do
@@ -551,8 +620,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     {:ok, list} = Pleroma.List.create("foo", user)
 
-    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "foobar", visibility: "list:#{list.id}"})
 
     status = StatusView.render("show.json", activity: activity)
 
@@ -566,5 +634,6 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     assert status.length == listen_activity.data["object"]["length"]
     assert status.title == listen_activity.data["object"]["title"]
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 end

test/web/mastodon_api/views/subscription_view_test.exs

@@ -2,10 +2,10 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Web.MastodonAPI.PushSubscriptionViewTest do
+defmodule Pleroma.Web.MastodonAPI.SubscriptionViewTest do
   use Pleroma.DataCase
   import Pleroma.Factory
-  alias Pleroma.Web.MastodonAPI.PushSubscriptionView, as: View
+  alias Pleroma.Web.MastodonAPI.SubscriptionView, as: View
   alias Pleroma.Web.Push
 
   test "Represent a subscription" do
@@ -18,6 +18,6 @@ defmodule Pleroma.Web.MastodonAPI.PushSubscriptionViewTest do
       server_key: Keyword.get(Push.vapid_config(), :public_key)
     }
 
-    assert expected == View.render("push_subscription.json", %{subscription: subscription})
+    assert expected == View.render("show.json", %{subscription: subscription})
   end
 end

test/web/metadata/metadata_test.exs

@@ -0,0 +1,25 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MetadataTest do
+  use Pleroma.DataCase, async: true
+
+  import Pleroma.Factory
+
+  describe "restrict indexing remote users" do
+    test "for remote user" do
+      user = insert(:user, local: false)
+
+      assert Pleroma.Web.Metadata.build_tags(%{user: user}) =~
+               "<meta content=\"noindex, noarchive\" name=\"robots\">"
+    end
+
+    test "for local user" do
+      user = insert(:user)
+
+      refute Pleroma.Web.Metadata.build_tags(%{user: user}) =~
+               "<meta content=\"noindex, noarchive\" name=\"robots\">"
+    end
+  end
+end

test/web/metadata/restrict_indexing_test.exs

@@ -0,0 +1,21 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Metadata.Providers.RestrictIndexingTest do
+  use ExUnit.Case, async: true
+
+  describe "build_tags/1" do
+    test "for remote user" do
+      assert Pleroma.Web.Metadata.Providers.RestrictIndexing.build_tags(%{
+               user: %Pleroma.User{local: false}
+             }) == [{:meta, [name: "robots", content: "noindex, noarchive"], []}]
+    end
+
+    test "for local user" do
+      assert Pleroma.Web.Metadata.Providers.RestrictIndexing.build_tags(%{
+               user: %Pleroma.User{local: true}
+             }) == []
+    end
+  end
+end

test/web/metadata/twitter_card_test.exs

@@ -30,7 +30,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do
 
   test "it uses summary twittercard if post has no attachment" do
     user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "HI"})
 
     note =
       insert(:note, %{
@@ -56,7 +56,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do
   test "it renders avatar not attachment if post is nsfw and unfurl_nsfw is disabled" do
     Pleroma.Config.put([Pleroma.Web.Metadata, :unfurl_nsfw], false)
     user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "HI"})
 
     note =
       insert(:note, %{
@@ -100,7 +100,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do
 
   test "it renders supported types of attachments and skips unknown types" do
     user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "HI"})
 
     note =
       insert(:note, %{

test/web/mongooseim/mongoose_im_controller_test.exs

@@ -9,6 +9,7 @@ defmodule Pleroma.Web.MongooseIMController do
   test "/user_exists", %{conn: conn} do
     _user = insert(:user, nickname: "lain")
     _remote_user = insert(:user, nickname: "alice", local: false)
+    _deactivated_user = insert(:user, nickname: "konata", deactivated: true)
 
     res =
       conn
@@ -30,10 +31,24 @@ defmodule Pleroma.Web.MongooseIMController do
       |> json_response(404)
 
     assert res == false
+
+    res =
+      conn
+      |> get(mongoose_im_path(conn, :user_exists), user: "konata")
+      |> json_response(404)
+
+    assert res == false
   end
 
   test "/check_password", %{conn: conn} do
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("cool"))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("cool"))
+
+    _deactivated_user =
+      insert(:user,
+        nickname: "konata",
+        deactivated: true,
+        password_hash: Pbkdf2.hash_pwd_salt("cool")
+      )
 
     res =
       conn
@@ -49,6 +64,13 @@ defmodule Pleroma.Web.MongooseIMController do
 
     assert res == false
 
+    res =
+      conn
+      |> get(mongoose_im_path(conn, :check_password), user: "konata", pass: "cool")
+      |> json_response(404)
+
+    assert res == false
+
     res =
       conn
       |> get(mongoose_im_path(conn, :check_password), user: "nobody", pass: "cool")

test/web/node_info_test.exs

@@ -7,6 +7,8 @@ defmodule Pleroma.Web.NodeInfoTest do
 
   import Pleroma.Factory
 
+  alias Pleroma.Config
+
   setup do: clear_config([:mrf_simple])
   setup do: clear_config(:instance)
 
@@ -47,7 +49,7 @@ defmodule Pleroma.Web.NodeInfoTest do
 
     assert result = json_response(conn, 200)
 
-    assert Pleroma.Config.get([Pleroma.User, :restricted_nicknames]) ==
+    assert Config.get([Pleroma.User, :restricted_nicknames]) ==
              result["metadata"]["restrictedNicknames"]
   end
 
@@ -65,10 +67,10 @@ defmodule Pleroma.Web.NodeInfoTest do
   end
 
   test "returns fieldsLimits field", %{conn: conn} do
-    Pleroma.Config.put([:instance, :max_account_fields], 10)
-    Pleroma.Config.put([:instance, :max_remote_account_fields], 15)
-    Pleroma.Config.put([:instance, :account_field_name_length], 255)
-    Pleroma.Config.put([:instance, :account_field_value_length], 2048)
+    Config.put([:instance, :max_account_fields], 10)
+    Config.put([:instance, :max_remote_account_fields], 15)
+    Config.put([:instance, :account_field_name_length], 255)
+    Config.put([:instance, :account_field_value_length], 2048)
 
     response =
       conn
@@ -82,8 +84,8 @@ defmodule Pleroma.Web.NodeInfoTest do
   end
 
   test "it returns the safe_dm_mentions feature if enabled", %{conn: conn} do
-    option = Pleroma.Config.get([:instance, :safe_dm_mentions])
-    Pleroma.Config.put([:instance, :safe_dm_mentions], true)
+    option = Config.get([:instance, :safe_dm_mentions])
+    Config.put([:instance, :safe_dm_mentions], true)
 
     response =
       conn
@@ -92,7 +94,7 @@ defmodule Pleroma.Web.NodeInfoTest do
 
     assert "safe_dm_mentions" in response["metadata"]["features"]
 
-    Pleroma.Config.put([:instance, :safe_dm_mentions], false)
+    Config.put([:instance, :safe_dm_mentions], false)
 
     response =
       conn
@@ -101,14 +103,14 @@ defmodule Pleroma.Web.NodeInfoTest do
 
     refute "safe_dm_mentions" in response["metadata"]["features"]
 
-    Pleroma.Config.put([:instance, :safe_dm_mentions], option)
+    Config.put([:instance, :safe_dm_mentions], option)
   end
 
   describe "`metadata/federation/enabled`" do
     setup do: clear_config([:instance, :federating])
 
     test "it shows if federation is enabled/disabled", %{conn: conn} do
-      Pleroma.Config.put([:instance, :federating], true)
+      Config.put([:instance, :federating], true)
 
       response =
         conn
@@ -117,7 +119,7 @@ defmodule Pleroma.Web.NodeInfoTest do
 
       assert response["metadata"]["federation"]["enabled"] == true
 
-      Pleroma.Config.put([:instance, :federating], false)
+      Config.put([:instance, :federating], false)
 
       response =
         conn
@@ -128,15 +130,39 @@ defmodule Pleroma.Web.NodeInfoTest do
     end
   end
 
-  test "it shows MRF transparency data if enabled", %{conn: conn} do
-    config = Pleroma.Config.get([:instance, :rewrite_policy])
-    Pleroma.Config.put([:instance, :rewrite_policy], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
+  test "it shows default features flags", %{conn: conn} do
+    response =
+      conn
+      |> get("/nodeinfo/2.1.json")
+      |> json_response(:ok)
 
-    option = Pleroma.Config.get([:instance, :mrf_transparency])
-    Pleroma.Config.put([:instance, :mrf_transparency], true)
+    default_features = [
+      "pleroma_api",
+      "mastodon_api",
+      "mastodon_api_streaming",
+      "polls",
+      "pleroma_explicit_addressing",
+      "shareable_emoji_packs",
+      "multifetch",
+      "pleroma_emoji_reactions",
+      "pleroma:api/v1/notifications:include_types_filter"
+    ]
+
+    assert MapSet.subset?(
+             MapSet.new(default_features),
+             MapSet.new(response["metadata"]["features"])
+           )
+  end
+
+  test "it shows MRF transparency data if enabled", %{conn: conn} do
+    config = Config.get([:instance, :rewrite_policy])
+    Config.put([:instance, :rewrite_policy], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
+
+    option = Config.get([:instance, :mrf_transparency])
+    Config.put([:instance, :mrf_transparency], true)
 
     simple_config = %{"reject" => ["example.com"]}
-    Pleroma.Config.put(:mrf_simple, simple_config)
+    Config.put(:mrf_simple, simple_config)
 
     response =
       conn
@@ -145,25 +171,25 @@ defmodule Pleroma.Web.NodeInfoTest do
 
     assert response["metadata"]["federation"]["mrf_simple"] == simple_config
 
-    Pleroma.Config.put([:instance, :rewrite_policy], config)
-    Pleroma.Config.put([:instance, :mrf_transparency], option)
-    Pleroma.Config.put(:mrf_simple, %{})
+    Config.put([:instance, :rewrite_policy], config)
+    Config.put([:instance, :mrf_transparency], option)
+    Config.put(:mrf_simple, %{})
   end
 
   test "it performs exclusions from MRF transparency data if configured", %{conn: conn} do
-    config = Pleroma.Config.get([:instance, :rewrite_policy])
-    Pleroma.Config.put([:instance, :rewrite_policy], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
+    config = Config.get([:instance, :rewrite_policy])
+    Config.put([:instance, :rewrite_policy], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
 
-    option = Pleroma.Config.get([:instance, :mrf_transparency])
-    Pleroma.Config.put([:instance, :mrf_transparency], true)
+    option = Config.get([:instance, :mrf_transparency])
+    Config.put([:instance, :mrf_transparency], true)
 
-    exclusions = Pleroma.Config.get([:instance, :mrf_transparency_exclusions])
-    Pleroma.Config.put([:instance, :mrf_transparency_exclusions], ["other.site"])
+    exclusions = Config.get([:instance, :mrf_transparency_exclusions])
+    Config.put([:instance, :mrf_transparency_exclusions], ["other.site"])
 
     simple_config = %{"reject" => ["example.com", "other.site"]}
     expected_config = %{"reject" => ["example.com"]}
 
-    Pleroma.Config.put(:mrf_simple, simple_config)
+    Config.put(:mrf_simple, simple_config)
 
     response =
       conn
@@ -173,9 +199,9 @@ defmodule Pleroma.Web.NodeInfoTest do
     assert response["metadata"]["federation"]["mrf_simple"] == expected_config
     assert response["metadata"]["federation"]["exclusions"] == true
 
-    Pleroma.Config.put([:instance, :rewrite_policy], config)
-    Pleroma.Config.put([:instance, :mrf_transparency], option)
-    Pleroma.Config.put([:instance, :mrf_transparency_exclusions], exclusions)
-    Pleroma.Config.put(:mrf_simple, %{})
+    Config.put([:instance, :rewrite_policy], config)
+    Config.put([:instance, :mrf_transparency], option)
+    Config.put([:instance, :mrf_transparency_exclusions], exclusions)
+    Config.put(:mrf_simple, %{})
   end
 end

test/web/oauth/ldap_authorization_test.exs

@@ -19,7 +19,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "authorizes the existing user using LDAP credentials" do
     password = "testpassword"
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@@ -104,7 +104,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "falls back to the default authorization when LDAP is unavailable" do
     password = "testpassword"
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@@ -148,7 +148,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "disallow authorization for wrong LDAP credentials" do
     password = "testpassword"
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist

test/web/oauth/mfa_controller_test.exs

@@ -0,0 +1,306 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.OAuth.MFAControllerTest do
+  use Pleroma.Web.ConnCase
+  import Pleroma.Factory
+
+  alias Pleroma.MFA
+  alias Pleroma.MFA.BackupCodes
+  alias Pleroma.MFA.TOTP
+  alias Pleroma.Repo
+  alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.OAuthController
+
+  setup %{conn: conn} do
+    otp_secret = TOTP.generate_secret()
+
+    user =
+      insert(:user,
+        multi_factor_authentication_settings: %MFA.Settings{
+          enabled: true,
+          backup_codes: [Pbkdf2.hash_pwd_salt("test-code")],
+          totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+        }
+      )
+
+    app = insert(:oauth_app)
+    {:ok, conn: conn, user: user, app: app}
+  end
+
+  describe "show" do
+    setup %{conn: conn, user: user, app: app} do
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      {:ok, conn: conn, mfa_token: mfa_token}
+    end
+
+    test "GET /oauth/mfa renders mfa forms", %{conn: conn, mfa_token: mfa_token} do
+      conn =
+        get(
+          conn,
+          "/oauth/mfa",
+          %{
+            "mfa_token" => mfa_token.token,
+            "state" => "a_state",
+            "redirect_uri" => "http://localhost:8080/callback"
+          }
+        )
+
+      assert response = html_response(conn, 200)
+      assert response =~ "Two-factor authentication"
+      assert response =~ mfa_token.token
+      assert response =~ "http://localhost:8080/callback"
+    end
+
+    test "GET /oauth/mfa renders mfa recovery forms", %{conn: conn, mfa_token: mfa_token} do
+      conn =
+        get(
+          conn,
+          "/oauth/mfa",
+          %{
+            "mfa_token" => mfa_token.token,
+            "state" => "a_state",
+            "redirect_uri" => "http://localhost:8080/callback",
+            "challenge_type" => "recovery"
+          }
+        )
+
+      assert response = html_response(conn, 200)
+      assert response =~ "Two-factor recovery"
+      assert response =~ mfa_token.token
+      assert response =~ "http://localhost:8080/callback"
+    end
+  end
+
+  describe "verify" do
+    setup %{conn: conn, user: user, app: app} do
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      {:ok, conn: conn, user: user, mfa_token: mfa_token, app: app}
+    end
+
+    test "POST /oauth/mfa/verify, verify totp code", %{
+      conn: conn,
+      user: user,
+      mfa_token: mfa_token,
+      app: app
+    } do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+
+      conn =
+        conn
+        |> post("/oauth/mfa/verify", %{
+          "mfa" => %{
+            "mfa_token" => mfa_token.token,
+            "challenge_type" => "totp",
+            "code" => otp_token,
+            "state" => "a_state",
+            "redirect_uri" => OAuthController.default_redirect_uri(app)
+          }
+        })
+
+      target = redirected_to(conn)
+      target_url = %URI{URI.parse(target) | query: nil} |> URI.to_string()
+      query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+      assert %{"state" => "a_state", "code" => code} = query
+      assert target_url == OAuthController.default_redirect_uri(app)
+      auth = Repo.get_by(Authorization, token: code)
+      assert auth.scopes == ["write"]
+    end
+
+    test "POST /oauth/mfa/verify, verify recovery code", %{
+      conn: conn,
+      mfa_token: mfa_token,
+      app: app
+    } do
+      conn =
+        conn
+        |> post("/oauth/mfa/verify", %{
+          "mfa" => %{
+            "mfa_token" => mfa_token.token,
+            "challenge_type" => "recovery",
+            "code" => "test-code",
+            "state" => "a_state",
+            "redirect_uri" => OAuthController.default_redirect_uri(app)
+          }
+        })
+
+      target = redirected_to(conn)
+      target_url = %URI{URI.parse(target) | query: nil} |> URI.to_string()
+      query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+      assert %{"state" => "a_state", "code" => code} = query
+      assert target_url == OAuthController.default_redirect_uri(app)
+      auth = Repo.get_by(Authorization, token: code)
+      assert auth.scopes == ["write"]
+    end
+  end
+
+  describe "challenge/totp" do
+    test "returns access token with valid code", %{conn: conn, user: user, app: app} do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "totp",
+          "code" => otp_token,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(:ok)
+
+      ap_id = user.ap_id
+
+      assert match?(
+               %{
+                 "access_token" => _,
+                 "expires_in" => 600,
+                 "me" => ^ap_id,
+                 "refresh_token" => _,
+                 "scope" => "write",
+                 "token_type" => "Bearer"
+               },
+               response
+             )
+    end
+
+    test "returns errors when mfa token invalid", %{conn: conn, user: user, app: app} do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => "XXX",
+          "challenge_type" => "totp",
+          "code" => otp_token,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(400)
+
+      assert response == %{"error" => "Invalid code"}
+    end
+
+    test "returns error when otp code is invalid", %{conn: conn, user: user, app: app} do
+      mfa_token = insert(:mfa_token, user: user)
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "totp",
+          "code" => "XXX",
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(400)
+
+      assert response == %{"error" => "Invalid code"}
+    end
+
+    test "returns error when client credentails is wrong ", %{conn: conn, user: user} do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+      mfa_token = insert(:mfa_token, user: user)
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "totp",
+          "code" => otp_token,
+          "client_id" => "xxx",
+          "client_secret" => "xxx"
+        })
+        |> json_response(400)
+
+      assert response == %{"error" => "Invalid code"}
+    end
+  end
+
+  describe "challenge/recovery" do
+    setup %{conn: conn} do
+      app = insert(:oauth_app)
+      {:ok, conn: conn, app: app}
+    end
+
+    test "returns access token with valid code", %{conn: conn, app: app} do
+      otp_secret = TOTP.generate_secret()
+
+      [code | _] = backup_codes = BackupCodes.generate()
+
+      hashed_codes =
+        backup_codes
+        |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            backup_codes: hashed_codes,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "recovery",
+          "code" => code,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(:ok)
+
+      ap_id = user.ap_id
+
+      assert match?(
+               %{
+                 "access_token" => _,
+                 "expires_in" => 600,
+                 "me" => ^ap_id,
+                 "refresh_token" => _,
+                 "scope" => "write",
+                 "token_type" => "Bearer"
+               },
+               response
+             )
+
+      error_response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "recovery",
+          "code" => code,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(400)
+
+      assert error_response == %{"error" => "Invalid code"}
+    end
+  end
+end

test/web/oauth/oauth_controller_test.exs

@@ -6,6 +6,8 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory
 
+  alias Pleroma.MFA
+  alias Pleroma.MFA.TOTP
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.OAuth.Authorization
@@ -309,7 +311,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            app: app,
            conn: conn
          } do
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
+      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
       registration = insert(:registration, user: nil)
       redirect_uri = OAuthController.default_redirect_uri(app)
 
@@ -340,7 +342,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            app: app,
            conn: conn
          } do
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
+      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
       registration = insert(:registration, user: nil)
       unlisted_redirect_uri = "http://cross-site-request.com"
 
@@ -575,7 +577,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       # In case scope param is missing, expecting _all_ app-supported scopes to be granted
       for user <- [non_admin, admin],
           {requested_scopes, expected_scopes} <-
-            %{scopes_subset => scopes_subset, nil => app_scopes} do
+            %{scopes_subset => scopes_subset, nil: app_scopes} do
         conn =
           post(
             build_conn(),
@@ -604,6 +606,41 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       end
     end
 
+    test "redirect to on two-factor auth page" do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      app = insert(:oauth_app, scopes: ["read", "write", "follow"])
+
+      conn =
+        build_conn()
+        |> post("/oauth/authorize", %{
+          "authorization" => %{
+            "name" => user.nickname,
+            "password" => "test",
+            "client_id" => app.client_id,
+            "redirect_uri" => app.redirect_uris,
+            "scope" => "read write",
+            "state" => "statepassed"
+          }
+        })
+
+      result = html_response(conn, 200)
+
+      mfa_token = Repo.get_by(MFA.Token, user_id: user.id)
+      assert result =~ app.redirect_uris
+      assert result =~ "statepassed"
+      assert result =~ mfa_token.token
+      assert result =~ "Two-factor authentication"
+    end
+
     test "returns 401 for wrong credentials", %{conn: conn} do
       user = insert(:user)
       app = insert(:oauth_app)
@@ -713,7 +750,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
     test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
       password = "testpassword"
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
 
       app = insert(:oauth_app, scopes: ["read", "write"])
 
@@ -735,6 +772,46 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       assert token.scopes == app.scopes
     end
 
+    test "issues a mfa token for `password` grant_type, when MFA enabled" do
+      password = "testpassword"
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          password_hash: Pbkdf2.hash_pwd_salt(password),
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      app = insert(:oauth_app, scopes: ["read", "write"])
+
+      response =
+        build_conn()
+        |> post("/oauth/token", %{
+          "grant_type" => "password",
+          "username" => user.nickname,
+          "password" => password,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(403)
+
+      assert match?(
+               %{
+                 "supported_challenge_types" => "totp",
+                 "mfa_token" => _,
+                 "error" => "mfa_required"
+               },
+               response
+             )
+
+      token = Repo.get_by(MFA.Token, token: response["mfa_token"])
+      assert token.user_id == user.id
+      assert token.authorization_id
+    end
+
     test "issues a token for request with HTTP basic auth client credentials" do
       user = insert(:user)
       app = insert(:oauth_app, scopes: ["scope1", "scope2", "scope3"])
@@ -810,7 +887,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       password = "testpassword"
 
       {:ok, user} =
-        insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+        insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
         |> User.confirmation_changeset(need_confirmation: true)
         |> User.update_and_set_cache()
 
@@ -838,7 +915,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          password_hash: Pbkdf2.hash_pwd_salt(password),
           deactivated: true
         )
 
@@ -866,7 +943,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          password_hash: Pbkdf2.hash_pwd_salt(password),
           password_reset_pending: true
         )
 
@@ -895,7 +972,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          password_hash: Pbkdf2.hash_pwd_salt(password),
           confirmation_pending: true
         )
 

test/web/ostatus/ostatus_controller_test.exs

@@ -136,7 +136,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
       user = insert(:user)
 
-      {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user)
+      {:ok, like_activity} = CommonAPI.favorite(user, note_activity.id)
 
       assert like_activity.data["type"] == "Like"
 

test/web/pleroma_api/controllers/account_controller_test.exs

@@ -31,8 +31,28 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
 
     test "resend account confirmation email", %{conn: conn, user: user} do
       conn
+      |> put_req_header("content-type", "application/json")
       |> post("/api/v1/pleroma/accounts/confirmation_resend?email=#{user.email}")
-      |> json_response(:no_content)
+      |> json_response_and_validate_schema(:no_content)
+
+      ObanHelpers.perform_all()
+
+      email = Pleroma.Emails.UserEmail.account_confirmation_email(user)
+      notify_email = Config.get([:instance, :notify_email])
+      instance_name = Config.get([:instance, :name])
+
+      assert_email_sent(
+        from: {instance_name, notify_email},
+        to: {user.name, user.email},
+        html_body: email.html_body
+      )
+    end
+
+    test "resend account confirmation email (with nickname)", %{conn: conn, user: user} do
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/pleroma/accounts/confirmation_resend?nickname=#{user.nickname}")
+      |> json_response_and_validate_schema(:no_content)
 
       ObanHelpers.perform_all()
 
@@ -54,7 +74,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
     test "user avatar can be set", %{user: user, conn: conn} do
       avatar_image = File.read!("test/fixtures/avatar_data_uri")
 
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})
 
       user = refresh_record(user)
 
@@ -70,17 +93,20 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
                ]
              } = user.avatar
 
-      assert %{"url" => _} = json_response(conn, 200)
+      assert %{"url" => _} = json_response_and_validate_schema(conn, 200)
     end
 
     test "user avatar can be reset", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_avatar", %{img: ""})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: ""})
 
       user = User.get_cached_by_id(user.id)
 
       assert user.avatar == nil
 
-      assert %{"url" => nil} = json_response(conn, 200)
+      assert %{"url" => nil} = json_response_and_validate_schema(conn, 200)
     end
   end
 
@@ -88,21 +114,27 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
     setup do: oauth_access(["write:accounts"])
 
     test "can set profile banner", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})
 
       user = refresh_record(user)
       assert user.banner["type"] == "Image"
 
-      assert %{"url" => _} = json_response(conn, 200)
+      assert %{"url" => _} = json_response_and_validate_schema(conn, 200)
     end
 
     test "can reset profile banner", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})
 
       user = refresh_record(user)
       assert user.banner == %{}
 
-      assert %{"url" => nil} = json_response(conn, 200)
+      assert %{"url" => nil} = json_response_and_validate_schema(conn, 200)
     end
   end
 
@@ -110,19 +142,26 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
     setup do: oauth_access(["write:accounts"])
 
     test "background image can be set", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_background", %{"img" => @image})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => @image})
 
       user = refresh_record(user)
       assert user.background["type"] == "Image"
-      assert %{"url" => _} = json_response(conn, 200)
+      # assert %{"url" => _} = json_response(conn, 200)
+      assert %{"url" => _} = json_response_and_validate_schema(conn, 200)
     end
 
     test "background image can be reset", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_background", %{"img" => ""})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => ""})
 
       user = refresh_record(user)
       assert user.background == %{}
-      assert %{"url" => nil} = json_response(conn, 200)
+      assert %{"url" => nil} = json_response_and_validate_schema(conn, 200)
     end
   end
 
@@ -138,12 +177,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
       user: user
     } do
       [activity | _] = insert_pair(:note_activity)
-      CommonAPI.favorite(activity.id, user)
+      CommonAPI.favorite(user, activity.id)
 
       response =
         conn
         |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)
 
       [like] = response
 
@@ -151,15 +190,18 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
       assert like["id"] == activity.id
     end
 
-    test "does not return favorites for specified user_id when user is not logged in", %{
+    test "returns favorites for specified user_id when requester is not logged in", %{
       user: user
     } do
       activity = insert(:note_activity)
-      CommonAPI.favorite(activity.id, user)
+      CommonAPI.favorite(user, activity.id)
 
-      build_conn()
-      |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-      |> json_response(403)
+      response =
+        build_conn()
+        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+        |> json_response_and_validate_schema(200)
+
+      assert length(response) == 1
     end
 
     test "returns favorited DM only when user is logged in and he is one of recipients", %{
@@ -168,11 +210,11 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
     } do
       {:ok, direct} =
         CommonAPI.post(current_user, %{
-          "status" => "Hi @#{user.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{user.nickname}!",
+          visibility: "direct"
         })
 
-      CommonAPI.favorite(direct.id, user)
+      CommonAPI.favorite(user, direct.id)
 
       for u <- [user, current_user] do
         response =
@@ -180,14 +222,17 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
           |> assign(:user, u)
           |> assign(:token, insert(:oauth_token, user: u, scopes: ["read:favourites"]))
           |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-          |> json_response(:ok)
+          |> json_response_and_validate_schema(:ok)
 
         assert length(response) == 1
       end
 
-      build_conn()
-      |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-      |> json_response(403)
+      response =
+        build_conn()
+        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
+        |> json_response_and_validate_schema(200)
+
+      assert length(response) == 0
     end
 
     test "does not return others' favorited DM when user is not one of recipients", %{
@@ -198,16 +243,16 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
 
       {:ok, direct} =
         CommonAPI.post(user_two, %{
-          "status" => "Hi @#{user.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{user.nickname}!",
+          visibility: "direct"
         })
 
-      CommonAPI.favorite(direct.id, user)
+      CommonAPI.favorite(user, direct.id)
 
       response =
         conn
         |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)
 
       assert Enum.empty?(response)
     end
@@ -219,7 +264,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
       activities = insert_list(10, :note_activity)
 
       Enum.each(activities, fn activity ->
-        CommonAPI.favorite(activity.id, user)
+        CommonAPI.favorite(user, activity.id)
       end)
 
       third_activity = Enum.at(activities, 2)
@@ -227,11 +272,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
 
       response =
         conn
-        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites", %{
-          since_id: third_activity.id,
-          max_id: seventh_activity.id
-        })
-        |> json_response(:ok)
+        |> get(
+          "/api/v1/pleroma/accounts/#{user.id}/favourites?since_id=#{third_activity.id}&max_id=#{
+            seventh_activity.id
+          }"
+        )
+        |> json_response_and_validate_schema(:ok)
 
       assert length(response) == 3
       refute third_activity in response
@@ -245,13 +291,13 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
       7
       |> insert_list(:note_activity)
       |> Enum.each(fn activity ->
-        CommonAPI.favorite(activity.id, user)
+        CommonAPI.favorite(user, activity.id)
       end)
 
       response =
         conn
-        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites", %{limit: "3"})
-        |> json_response(:ok)
+        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites?limit=3")
+        |> json_response_and_validate_schema(:ok)
 
       assert length(response) == 3
     end
@@ -263,7 +309,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
       response =
         conn
         |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)
 
       assert Enum.empty?(response)
     end
@@ -271,28 +317,28 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
     test "returns 404 error when specified user is not exist", %{conn: conn} do
       conn = get(conn, "/api/v1/pleroma/accounts/test/favourites")
 
-      assert json_response(conn, 404) == %{"error" => "Record not found"}
+      assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
     end
 
     test "returns 403 error when user has hidden own favorites", %{conn: conn} do
       user = insert(:user, hide_favorites: true)
       activity = insert(:note_activity)
-      CommonAPI.favorite(activity.id, user)
+      CommonAPI.favorite(user, activity.id)
 
       conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/favourites")
 
-      assert json_response(conn, 403) == %{"error" => "Can't get favorites"}
+      assert json_response_and_validate_schema(conn, 403) == %{"error" => "Can't get favorites"}
     end
 
     test "hides favorites for new users by default", %{conn: conn} do
       user = insert(:user)
       activity = insert(:note_activity)
-      CommonAPI.favorite(activity.id, user)
+      CommonAPI.favorite(user, activity.id)
 
       assert user.hide_favorites
       conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/favourites")
 
-      assert json_response(conn, 403) == %{"error" => "Can't get favorites"}
+      assert json_response_and_validate_schema(conn, 403) == %{"error" => "Can't get favorites"}
     end
   end
 
@@ -306,11 +352,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
         |> assign(:user, user)
         |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/subscribe")
 
-      assert %{"id" => _id, "subscribing" => true} = json_response(ret_conn, 200)
+      assert %{"id" => _id, "subscribing" => true} =
+               json_response_and_validate_schema(ret_conn, 200)
 
       conn = post(conn, "/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe")
 
-      assert %{"id" => _id, "subscribing" => false} = json_response(conn, 200)
+      assert %{"id" => _id, "subscribing" => false} = json_response_and_validate_schema(conn, 200)
     end
   end
 
@@ -320,7 +367,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
 
       conn = post(conn, "/api/v1/pleroma/accounts/target_id/subscribe")
 
-      assert %{"error" => "Record not found"} = json_response(conn, 404)
+      assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
     end
   end
 
@@ -330,7 +377,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
 
       conn = post(conn, "/api/v1/pleroma/accounts/target_id/unsubscribe")
 
-      assert %{"error" => "Record not found"} = json_response(conn, 404)
+      assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
     end
   end
 end

test/web/pleroma_api/controllers/pleroma_api_controller_test.exs

@@ -3,12 +3,14 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
+  use Oban.Testing, repo: Pleroma.Repo
   use Pleroma.Web.ConnCase
 
   alias Pleroma.Conversation.Participation
   alias Pleroma.Notification
   alias Pleroma.Object
   alias Pleroma.Repo
+  alias Pleroma.Tests.ObanHelpers
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
 
@@ -18,7 +20,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
 
     result =
       conn
@@ -40,8 +42,10 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-    {:ok, activity, _object} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+    {:ok, _reaction_activity} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+
+    ObanHelpers.perform_all()
 
     result =
       conn
@@ -52,7 +56,9 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     assert %{"id" => id} = json_response(result, 200)
     assert to_string(activity.id) == id
 
-    object = Object.normalize(activity)
+    ObanHelpers.perform_all()
+
+    object = Object.get_by_ap_id(activity.data["object"])
 
     assert object.data["reaction_count"] == 0
   end
@@ -62,7 +68,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     other_user = insert(:user)
     doomed_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
 
     result =
       conn
@@ -71,8 +77,8 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
     assert result == []
 
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, doomed_user, "🎅")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, doomed_user, "🎅")
 
     User.perform(:delete, doomed_user)
 
@@ -100,7 +106,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     user = insert(:user)
     other_user = insert(:user)
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
 
     result =
       conn
@@ -109,8 +115,8 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
     assert result == []
 
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
 
     result =
       conn
@@ -127,7 +133,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
 
     {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}!", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}!", visibility: "direct"})
 
     [participation] = Participation.for_user(other_user)
 
@@ -145,18 +151,18 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     third_user = insert(:user)
 
     {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{third_user.nickname}!", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "Hi @#{third_user.nickname}!", visibility: "direct"})
 
     {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}!", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}!", visibility: "direct"})
 
     [participation] = Participation.for_user(other_user)
 
     {:ok, activity_two} =
       CommonAPI.post(other_user, %{
-        "status" => "Hi!",
-        "in_reply_to_status_id" => activity.id,
-        "in_reply_to_conversation_id" => participation.id
+        status: "Hi!",
+        in_reply_to_status_id: activity.id,
+        in_reply_to_conversation_id: participation.id
       })
 
     result =
@@ -169,13 +175,30 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
     id_one = activity.id
     id_two = activity_two.id
     assert [%{"id" => ^id_one}, %{"id" => ^id_two}] = result
+
+    {:ok, %{id: id_three}} =
+      CommonAPI.post(other_user, %{
+        status: "Bye!",
+        in_reply_to_status_id: activity.id,
+        in_reply_to_conversation_id: participation.id
+      })
+
+    assert [%{"id" => ^id_two}, %{"id" => ^id_three}] =
+             conn
+             |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses?limit=2")
+             |> json_response(:ok)
+
+    assert [%{"id" => ^id_three}] =
+             conn
+             |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses?min_id=#{id_two}")
+             |> json_response(:ok)
   end
 
   test "PATCH /api/v1/pleroma/conversations/:id" do
     %{user: user, conn: conn} = oauth_access(["write:conversations"])
     other_user = insert(:user)
 
-    {:ok, _activity} = CommonAPI.post(user, %{"status" => "Hi", "visibility" => "direct"})
+    {:ok, _activity} = CommonAPI.post(user, %{status: "Hi", visibility: "direct"})
 
     [participation] = Participation.for_user(user)
 
@@ -203,13 +226,13 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
   test "POST /api/v1/pleroma/conversations/read" do
     user = insert(:user)
-    %{user: other_user, conn: conn} = oauth_access(["write:notifications"])
+    %{user: other_user, conn: conn} = oauth_access(["write:conversations"])
 
     {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}", visibility: "direct"})
 
     {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}", visibility: "direct"})
 
     [participation2, participation1] = Participation.for_user(other_user)
     assert Participation.get(participation2.id).read == false
@@ -232,8 +255,8 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
     test "it marks a single notification as read", %{user: user1, conn: conn} do
       user2 = insert(:user)
-      {:ok, activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
+      {:ok, activity1} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, activity2} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
       {:ok, [notification1]} = Notification.create_notifications(activity1)
       {:ok, [notification2]} = Notification.create_notifications(activity2)
 
@@ -249,9 +272,9 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
     test "it marks multiple notifications as read", %{user: user1, conn: conn} do
       user2 = insert(:user)
-      {:ok, _activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, _activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, _activity3} = CommonAPI.post(user2, %{"status" => "HIE @#{user1.nickname}"})
+      {:ok, _activity1} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, _activity2} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, _activity3} = CommonAPI.post(user2, %{status: "HIE @#{user1.nickname}"})
 
       [notification3, notification2, notification1] = Notification.for_user(user1, %{limit: 3})
 

test/web/pleroma_api/controllers/two_factor_authentication_controller_test.exs

@@ -0,0 +1,260 @@
+defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+  alias Pleroma.MFA.Settings
+  alias Pleroma.MFA.TOTP
+
+  describe "GET /api/pleroma/accounts/mfa/settings" do
+    test "returns user mfa settings for new user", %{conn: conn} do
+      token = insert(:oauth_token, scopes: ["read", "follow"])
+      token2 = insert(:oauth_token, scopes: ["write"])
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> get("/api/pleroma/accounts/mfa")
+             |> json_response(:ok) == %{
+               "settings" => %{"enabled" => false, "totp" => false}
+             }
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> get("/api/pleroma/accounts/mfa")
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: read:security."
+             }
+    end
+
+    test "returns user mfa settings with enabled totp", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            enabled: true,
+            totp: %Settings.TOTP{secret: "XXX", delivery_type: "app", confirmed: true}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["read", "follow"], user: user)
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> get("/api/pleroma/accounts/mfa")
+             |> json_response(:ok) == %{
+               "settings" => %{"enabled" => true, "totp" => true}
+             }
+    end
+  end
+
+  describe "GET /api/pleroma/accounts/mfa/backup_codes" do
+    test "returns backup codes", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: "secret"}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> get("/api/pleroma/accounts/mfa/backup_codes")
+        |> json_response(:ok)
+
+      assert [<<_::bytes-size(6)>>, <<_::bytes-size(6)>>] = response["codes"]
+      user = refresh_record(user)
+      mfa_settings = user.multi_factor_authentication_settings
+      assert mfa_settings.totp.secret == "secret"
+      refute mfa_settings.backup_codes == ["1", "2", "3"]
+      refute mfa_settings.backup_codes == []
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> get("/api/pleroma/accounts/mfa/backup_codes")
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+
+  describe "GET /api/pleroma/accounts/mfa/setup/totp" do
+    test "return errors when method is invalid", %{conn: conn} do
+      user = insert(:user)
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> get("/api/pleroma/accounts/mfa/setup/torf")
+        |> json_response(400)
+
+      assert response == %{"error" => "undefined method"}
+    end
+
+    test "returns key and provisioning_uri", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{backup_codes: ["1", "2", "3"]}
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> get("/api/pleroma/accounts/mfa/setup/totp")
+        |> json_response(:ok)
+
+      user = refresh_record(user)
+      mfa_settings = user.multi_factor_authentication_settings
+      secret = mfa_settings.totp.secret
+      refute mfa_settings.enabled
+      assert mfa_settings.backup_codes == ["1", "2", "3"]
+
+      assert response == %{
+               "key" => secret,
+               "provisioning_uri" => TOTP.provisioning_uri(secret, "#{user.email}")
+             }
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> get("/api/pleroma/accounts/mfa/setup/totp")
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+
+  describe "GET /api/pleroma/accounts/mfa/confirm/totp" do
+    test "returns success result", %{conn: conn} do
+      secret = TOTP.generate_secret()
+      code = TOTP.generate_token(secret)
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: secret}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})
+             |> json_response(:ok)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      assert settings.enabled
+      assert settings.totp.secret == secret
+      assert settings.totp.confirmed
+      assert settings.backup_codes == ["1", "2", "3"]
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+
+    test "returns error if password incorrect", %{conn: conn} do
+      secret = TOTP.generate_secret()
+      code = TOTP.generate_token(secret)
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: secret}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "xxx", code: code})
+        |> json_response(422)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      refute settings.enabled
+      refute settings.totp.confirmed
+      assert settings.backup_codes == ["1", "2", "3"]
+      assert response == %{"error" => "Invalid password."}
+    end
+
+    test "returns error if code incorrect", %{conn: conn} do
+      secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: secret}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})
+        |> json_response(422)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      refute settings.enabled
+      refute settings.totp.confirmed
+      assert settings.backup_codes == ["1", "2", "3"]
+      assert response == %{"error" => "invalid_token"}
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+
+  describe "DELETE /api/pleroma/accounts/mfa/totp" do
+    test "returns success result", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: "secret"}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})
+             |> json_response(:ok)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      refute settings.enabled
+      assert settings.totp.secret == nil
+      refute settings.totp.confirmed
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+end

test/web/plugs/plug_test.exs

@@ -0,0 +1,91 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PlugTest do
+  @moduledoc "Tests for the functionality added via `use Pleroma.Web, :plug`"
+
+  alias Pleroma.Plugs.ExpectAuthenticatedCheckPlug
+  alias Pleroma.Plugs.ExpectPublicOrAuthenticatedCheckPlug
+  alias Pleroma.Plugs.PlugHelper
+
+  import Mock
+
+  use Pleroma.Web.ConnCase
+
+  describe "when plug is skipped, " do
+    setup_with_mocks(
+      [
+        {ExpectPublicOrAuthenticatedCheckPlug, [:passthrough], []}
+      ],
+      %{conn: conn}
+    ) do
+      conn = ExpectPublicOrAuthenticatedCheckPlug.skip_plug(conn)
+      %{conn: conn}
+    end
+
+    test "it neither adds plug to called plugs list nor calls `perform/2`, " <>
+           "regardless of :if_func / :unless_func options",
+         %{conn: conn} do
+      for opts <- [%{}, %{if_func: fn _ -> true end}, %{unless_func: fn _ -> false end}] do
+        ret_conn = ExpectPublicOrAuthenticatedCheckPlug.call(conn, opts)
+
+        refute called(ExpectPublicOrAuthenticatedCheckPlug.perform(:_, :_))
+        refute PlugHelper.plug_called?(ret_conn, ExpectPublicOrAuthenticatedCheckPlug)
+      end
+    end
+  end
+
+  describe "when plug is NOT skipped, " do
+    setup_with_mocks([{ExpectAuthenticatedCheckPlug, [:passthrough], []}]) do
+      :ok
+    end
+
+    test "with no pre-run checks, adds plug to called plugs list and calls `perform/2`", %{
+      conn: conn
+    } do
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{})
+
+      assert called(ExpectAuthenticatedCheckPlug.perform(ret_conn, :_))
+      assert PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+    end
+
+    test "when :if_func option is given, calls the plug only if provided function evals tru-ish",
+         %{conn: conn} do
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{if_func: fn _ -> false end})
+
+      refute called(ExpectAuthenticatedCheckPlug.perform(:_, :_))
+      refute PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{if_func: fn _ -> true end})
+
+      assert called(ExpectAuthenticatedCheckPlug.perform(ret_conn, :_))
+      assert PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+    end
+
+    test "if :unless_func option is given, calls the plug only if provided function evals falsy",
+         %{conn: conn} do
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{unless_func: fn _ -> true end})
+
+      refute called(ExpectAuthenticatedCheckPlug.perform(:_, :_))
+      refute PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{unless_func: fn _ -> false end})
+
+      assert called(ExpectAuthenticatedCheckPlug.perform(ret_conn, :_))
+      assert PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+    end
+
+    test "allows a plug to be called multiple times (even if it's in called plugs list)", %{
+      conn: conn
+    } do
+      conn = ExpectAuthenticatedCheckPlug.call(conn, %{an_option: :value1})
+      assert called(ExpectAuthenticatedCheckPlug.perform(conn, %{an_option: :value1}))
+
+      assert PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug)
+
+      conn = ExpectAuthenticatedCheckPlug.call(conn, %{an_option: :value2})
+      assert called(ExpectAuthenticatedCheckPlug.perform(conn, %{an_option: :value2}))
+    end
+  end
+end

test/web/push/impl_test.exs

@@ -13,8 +13,8 @@ defmodule Pleroma.Web.Push.ImplTest do
 
   import Pleroma.Factory
 
-  setup_all do
-    Tesla.Mock.mock_global(fn
+  setup do
+    Tesla.Mock.mock(fn
       %{method: :post, url: "https://example.com/example/1234"} ->
         %Tesla.Env{status: 200}
 
@@ -55,7 +55,7 @@ defmodule Pleroma.Web.Push.ImplTest do
       data: %{alerts: %{"follow" => true, "mention" => false}}
     )
 
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "<Lorem ipsum dolor sit amet."})
+    {:ok, activity} = CommonAPI.post(user, %{status: "<Lorem ipsum dolor sit amet."})
 
     notif =
       insert(:notification,
@@ -63,12 +63,12 @@ defmodule Pleroma.Web.Push.ImplTest do
         activity: activity
       )
 
-    assert Impl.perform(notif) == [:ok, :ok]
+    assert Impl.perform(notif) == {:ok, [:ok, :ok]}
   end
 
   @tag capture_log: true
   test "returns error if notif does not match " do
-    assert Impl.perform(%{}) == :error
+    assert Impl.perform(%{}) == {:error, :unknown_type}
   end
 
   test "successful message sending" do
@@ -111,7 +111,7 @@ defmodule Pleroma.Web.Push.ImplTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" =>
+        status:
           "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
       })
 
@@ -134,7 +134,7 @@ defmodule Pleroma.Web.Push.ImplTest do
     user = insert(:user, nickname: "Bob")
     other_user = insert(:user)
     {:ok, _, _, activity} = CommonAPI.follow(user, other_user)
-    object = Object.normalize(activity)
+    object = Object.normalize(activity, false)
 
     assert Impl.format_body(%{activity: activity}, user, object) == "@Bob has followed you"
 
@@ -147,7 +147,7 @@ defmodule Pleroma.Web.Push.ImplTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" =>
+        status:
           "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
       })
 
@@ -166,11 +166,11 @@ defmodule Pleroma.Web.Push.ImplTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" =>
+        status:
           "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
       })
 
-    {:ok, activity, _} = CommonAPI.favorite(activity.id, user)
+    {:ok, activity} = CommonAPI.favorite(user, activity.id)
     object = Object.normalize(activity)
 
     assert Impl.format_body(%{activity: activity}, user, object) == "@Bob has favorited your post"
@@ -184,8 +184,8 @@ defmodule Pleroma.Web.Push.ImplTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "visibility" => "direct",
-        "status" => "This is just between you and me, pal"
+        visibility: "direct",
+        status: "This is just between you and me, pal"
       })
 
     assert Impl.format_title(%{activity: activity}) ==
@@ -193,14 +193,14 @@ defmodule Pleroma.Web.Push.ImplTest do
   end
 
   describe "build_content/3" do
-    test "returns info content for direct message with enabled privacy option" do
+    test "hides details for notifications when privacy option enabled" do
       user = insert(:user, nickname: "Bob")
       user2 = insert(:user, nickname: "Rob", notification_settings: %{privacy_option: true})
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "visibility" => "direct",
-          "status" => "<Lorem ipsum dolor sit amet."
+          visibility: "direct",
+          status: "<Lorem ipsum dolor sit amet."
         })
 
       notif = insert(:notification, user: user2, activity: activity)
@@ -209,19 +209,44 @@ defmodule Pleroma.Web.Push.ImplTest do
       object = Object.normalize(activity)
 
       assert Impl.build_content(notif, actor, object) == %{
-               body: "@Bob",
-               title: "New Direct Message"
+               body: "New Direct Message"
+             }
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          visibility: "public",
+          status: "<Lorem ipsum dolor sit amet."
+        })
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body: "New Mention"
+             }
+
+      {:ok, activity} = CommonAPI.favorite(user, activity.id)
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body: "New Favorite"
              }
     end
 
-    test "returns regular content for direct message with disabled privacy option" do
+    test "returns regular content for notifications with privacy option disabled" do
       user = insert(:user, nickname: "Bob")
       user2 = insert(:user, nickname: "Rob", notification_settings: %{privacy_option: false})
 
       {:ok, activity} =
         CommonAPI.post(user, %{
-          "visibility" => "direct",
-          "status" =>
+          visibility: "direct",
+          status:
             "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
         })
 
@@ -235,6 +260,36 @@ defmodule Pleroma.Web.Push.ImplTest do
                  "@Bob: Lorem ipsum dolor sit amet, consectetur  adipiscing elit. Fusce sagittis fini...",
                title: "New Direct Message"
              }
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          visibility: "public",
+          status:
+            "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
+        })
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body:
+                 "@Bob: Lorem ipsum dolor sit amet, consectetur  adipiscing elit. Fusce sagittis fini...",
+               title: "New Mention"
+             }
+
+      {:ok, activity} = CommonAPI.favorite(user, activity.id)
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body: "@Bob has favorited your post",
+               title: "New Favorite"
+             }
     end
   end
 end

test/web/rel_me_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.RelMeTest do
-  use ExUnit.Case, async: true
+  use ExUnit.Case
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)

test/web/rich_media/helpers_test.exs

@@ -26,8 +26,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "[test](example.com/ogp)",
-        "content_type" => "text/markdown"
+        status: "[test](example.com/ogp)",
+        content_type: "text/markdown"
       })
 
     Config.put([:rich_media, :enabled], true)
@@ -40,8 +40,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "[test](example.com[]/ogp)",
-        "content_type" => "text/markdown"
+        status: "[test](example.com[]/ogp)",
+        content_type: "text/markdown"
       })
 
     Config.put([:rich_media, :enabled], true)
@@ -54,8 +54,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "[test](https://example.com/ogp)",
-        "content_type" => "text/markdown"
+        status: "[test](https://example.com/ogp)",
+        content_type: "text/markdown"
       })
 
     Config.put([:rich_media, :enabled], true)
@@ -69,8 +69,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "http://example.com/ogp",
-        "sensitive" => true
+        status: "http://example.com/ogp",
+        sensitive: true
       })
 
     %Object{} = object = Object.normalize(activity)
@@ -87,7 +87,7 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "http://example.com/ogp #nsfw"
+        status: "http://example.com/ogp #nsfw"
       })
 
     %Object{} = object = Object.normalize(activity)
@@ -103,12 +103,12 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
     user = insert(:user)
 
     {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "http://127.0.0.1:4000/notice/9kCP7VNyPJXFOXDrgO"})
+      CommonAPI.post(user, %{status: "http://127.0.0.1:4000/notice/9kCP7VNyPJXFOXDrgO"})
 
-    {:ok, activity2} = CommonAPI.post(user, %{"status" => "https://10.111.10.1/notice/9kCP7V"})
-    {:ok, activity3} = CommonAPI.post(user, %{"status" => "https://172.16.32.40/notice/9kCP7V"})
-    {:ok, activity4} = CommonAPI.post(user, %{"status" => "https://192.168.10.40/notice/9kCP7V"})
-    {:ok, activity5} = CommonAPI.post(user, %{"status" => "https://pleroma.local/notice/9kCP7V"})
+    {:ok, activity2} = CommonAPI.post(user, %{status: "https://10.111.10.1/notice/9kCP7V"})
+    {:ok, activity3} = CommonAPI.post(user, %{status: "https://172.16.32.40/notice/9kCP7V"})
+    {:ok, activity4} = CommonAPI.post(user, %{status: "https://192.168.10.40/notice/9kCP7V"})
+    {:ok, activity5} = CommonAPI.post(user, %{status: "https://pleroma.local/notice/9kCP7V"})
 
     Config.put([:rich_media, :enabled], true)
 

test/web/static_fe/static_fe_controller_test.exs

@@ -32,8 +32,8 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
     end
 
     test "profile does not include private messages", %{conn: conn, user: user} do
-      CommonAPI.post(user, %{"status" => "public"})
-      CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+      CommonAPI.post(user, %{status: "public"})
+      CommonAPI.post(user, %{status: "private", visibility: "private"})
 
       conn = get(conn, "/users/#{user.nickname}")
 
@@ -44,7 +44,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
     end
 
     test "pagination", %{conn: conn, user: user} do
-      Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
+      Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
 
       conn = get(conn, "/users/#{user.nickname}")
 
@@ -57,7 +57,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
     end
 
     test "pagination, page 2", %{conn: conn, user: user} do
-      activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
+      activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
       {:ok, a11} = Enum.at(activities, 11)
 
       conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
@@ -77,7 +77,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
 
   describe "notice html" do
     test "single notice page", %{conn: conn, user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
 
       conn = get(conn, "/notice/#{activity.id}")
 
@@ -89,7 +89,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
 
     test "filters HTML tags", %{conn: conn} do
       user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
 
       conn =
         conn
@@ -101,11 +101,11 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
     end
 
     test "shows the whole thread", %{conn: conn, user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
 
       CommonAPI.post(user, %{
-        "status" => "these are the voyages or something",
-        "in_reply_to_status_id" => activity.id
+        status: "these are the voyages or something",
+        in_reply_to_status_id: activity.id
       })
 
       conn = get(conn, "/notice/#{activity.id}")
@@ -117,7 +117,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
 
     test "redirect by AP object ID", %{conn: conn, user: user} do
       {:ok, %Activity{data: %{"object" => object_url}}} =
-        CommonAPI.post(user, %{"status" => "beam me up"})
+        CommonAPI.post(user, %{status: "beam me up"})
 
       conn = get(conn, URI.parse(object_url).path)
 
@@ -126,7 +126,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
 
     test "redirect by activity ID", %{conn: conn, user: user} do
       {:ok, %Activity{data: %{"id" => id}}} =
-        CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
+        CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
 
       conn = get(conn, URI.parse(id).path)
 
@@ -140,8 +140,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
     end
 
     test "404 for private status", %{conn: conn, user: user} do
-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
 
       conn = get(conn, "/notice/#{activity.id}")
 
@@ -171,7 +170,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
     end
 
     test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
 
       ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)
     end

test/web/streamer/ping_test.exs

@@ -1,36 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.PingTest do
-  use Pleroma.DataCase
-
-  import Pleroma.Factory
-  alias Pleroma.Web.Streamer
-
-  setup do
-    start_supervised({Streamer.supervisor(), [ping_interval: 30]})
-
-    :ok
-  end
-
-  describe "sockets" do
-    setup do
-      user = insert(:user)
-      {:ok, %{user: user}}
-    end
-
-    test "it sends pings", %{user: user} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, 40
-          assert_receive {:text, received_event}, 40
-          assert_receive {:text, received_event}, 40
-        end)
-
-      Streamer.add_socket("public", %{transport_pid: task.pid, assigns: %{user: user}})
-
-      Task.await(task)
-    end
-  end
-end

test/web/streamer/state_test.exs

@@ -1,54 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.StateTest do
-  use Pleroma.DataCase
-
-  import Pleroma.Factory
-  alias Pleroma.Web.Streamer
-  alias Pleroma.Web.Streamer.StreamerSocket
-
-  @moduletag needs_streamer: true
-
-  describe "sockets" do
-    setup do
-      user = insert(:user)
-      user2 = insert(:user)
-      {:ok, %{user: user, user2: user2}}
-    end
-
-    test "it can add a socket", %{user: user} do
-      Streamer.add_socket("public", %{transport_pid: 1, assigns: %{user: user}})
-
-      assert(%{"public" => [%StreamerSocket{transport_pid: 1}]} = Streamer.get_sockets())
-    end
-
-    test "it can add multiple sockets per user", %{user: user} do
-      Streamer.add_socket("public", %{transport_pid: 1, assigns: %{user: user}})
-      Streamer.add_socket("public", %{transport_pid: 2, assigns: %{user: user}})
-
-      assert(
-        %{
-          "public" => [
-            %StreamerSocket{transport_pid: 2},
-            %StreamerSocket{transport_pid: 1}
-          ]
-        } = Streamer.get_sockets()
-      )
-    end
-
-    test "it will not add a duplicate socket", %{user: user} do
-      Streamer.add_socket("activity", %{transport_pid: 1, assigns: %{user: user}})
-      Streamer.add_socket("activity", %{transport_pid: 1, assigns: %{user: user}})
-
-      assert(
-        %{
-          "activity" => [
-            %StreamerSocket{transport_pid: 1}
-          ]
-        } = Streamer.get_sockets()
-      )
-    end
-  end
-end

test/web/streamer/streamer_test.exs

@@ -12,15 +12,81 @@ defmodule Pleroma.Web.StreamerTest do
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.Streamer
-  alias Pleroma.Web.Streamer.StreamerSocket
-  alias Pleroma.Web.Streamer.Worker
 
   @moduletag needs_streamer: true, capture_log: true
 
-  @streamer_timeout 150
-  @streamer_start_wait 10
   setup do: clear_config([:instance, :skip_thread_containment])
 
+  describe "get_topic without an user" do
+    test "allows public" do
+      assert {:ok, "public"} = Streamer.get_topic("public", nil)
+      assert {:ok, "public:local"} = Streamer.get_topic("public:local", nil)
+      assert {:ok, "public:media"} = Streamer.get_topic("public:media", nil)
+      assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", nil)
+    end
+
+    test "allows hashtag streams" do
+      assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", nil, %{"tag" => "cofe"})
+    end
+
+    test "disallows user streams" do
+      assert {:error, _} = Streamer.get_topic("user", nil)
+      assert {:error, _} = Streamer.get_topic("user:notification", nil)
+      assert {:error, _} = Streamer.get_topic("direct", nil)
+    end
+
+    test "disallows list streams" do
+      assert {:error, _} = Streamer.get_topic("list", nil, %{"list" => 42})
+    end
+  end
+
+  describe "get_topic with an user" do
+    setup do
+      user = insert(:user)
+      {:ok, %{user: user}}
+    end
+
+    test "allows public streams", %{user: user} do
+      assert {:ok, "public"} = Streamer.get_topic("public", user)
+      assert {:ok, "public:local"} = Streamer.get_topic("public:local", user)
+      assert {:ok, "public:media"} = Streamer.get_topic("public:media", user)
+      assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", user)
+    end
+
+    test "allows user streams", %{user: user} do
+      expected_user_topic = "user:#{user.id}"
+      expected_notif_topic = "user:notification:#{user.id}"
+      expected_direct_topic = "direct:#{user.id}"
+      assert {:ok, ^expected_user_topic} = Streamer.get_topic("user", user)
+      assert {:ok, ^expected_notif_topic} = Streamer.get_topic("user:notification", user)
+      assert {:ok, ^expected_direct_topic} = Streamer.get_topic("direct", user)
+    end
+
+    test "allows hashtag streams", %{user: user} do
+      assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", user, %{"tag" => "cofe"})
+    end
+
+    test "disallows registering to an user stream", %{user: user} do
+      another_user = insert(:user)
+      assert {:error, _} = Streamer.get_topic("user:#{another_user.id}", user)
+      assert {:error, _} = Streamer.get_topic("user:notification:#{another_user.id}", user)
+      assert {:error, _} = Streamer.get_topic("direct:#{another_user.id}", user)
+    end
+
+    test "allows list stream that are owned by the user", %{user: user} do
+      {:ok, list} = List.create("Test", user)
+      assert {:error, _} = Streamer.get_topic("list:#{list.id}", user)
+      assert {:ok, _} = Streamer.get_topic("list", user, %{"list" => list.id})
+    end
+
+    test "disallows list stream that are not owned by the user", %{user: user} do
+      another_user = insert(:user)
+      {:ok, list} = List.create("Test", another_user)
+      assert {:error, _} = Streamer.get_topic("list:#{list.id}", user)
+      assert {:error, _} = Streamer.get_topic("list", user, %{"list" => list.id})
+    end
+  end
+
   describe "user streams" do
     setup do
       user = insert(:user)
@@ -28,34 +94,36 @@ defmodule Pleroma.Web.StreamerTest do
       {:ok, %{user: user, notify: notify}}
     end
 
+    test "it streams the user's post in the 'user' stream", %{user: user} do
+      Streamer.get_topic_and_add_socket("user", user)
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user, activity)
+    end
+
+    test "it streams boosts of the user in the 'user' stream", %{user: user} do
+      Streamer.get_topic_and_add_socket("user", user)
+
+      other_user = insert(:user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
+      {:ok, announce, _} = CommonAPI.repeat(activity.id, user)
+
+      assert_receive {:render_with_user, Pleroma.Web.StreamerView, "update.json", ^announce}
+      refute Streamer.filtered_by_user?(user, announce)
+    end
+
     test "it sends notify to in the 'user' stream", %{user: user, notify: notify} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, _}, @streamer_timeout
-        end)
-
-      Streamer.add_socket(
-        "user",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
+      Streamer.get_topic_and_add_socket("user", user)
       Streamer.stream("user", notify)
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^notify}
+      refute Streamer.filtered_by_user?(user, notify)
     end
 
     test "it sends notify to in the 'user:notification' stream", %{user: user, notify: notify} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, _}, @streamer_timeout
-        end)
-
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
+      Streamer.get_topic_and_add_socket("user:notification", user)
       Streamer.stream("user:notification", notify)
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^notify}
+      refute Streamer.filtered_by_user?(user, notify)
     end
 
     test "it doesn't send notify to the 'user:notification' stream when a user is blocked", %{
@@ -64,18 +132,12 @@ defmodule Pleroma.Web.StreamerTest do
       blocked = insert(:user)
       {:ok, _user_relationship} = User.block(user, blocked)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => ":("})
-      {:ok, notif, _} = CommonAPI.favorite(activity.id, blocked)
+      Streamer.get_topic_and_add_socket("user:notification", user)
 
-      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
+      {:ok, activity} = CommonAPI.post(user, %{status: ":("})
+      {:ok, _} = CommonAPI.favorite(blocked, activity.id)
 
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
-      Streamer.stream("user:notification", notif)
-      Task.await(task)
+      refute_receive _
     end
 
     test "it doesn't send notify to the 'user:notification' stream when a thread is muted", %{
@@ -83,121 +145,116 @@ defmodule Pleroma.Web.StreamerTest do
     } do
       user2 = insert(:user)
 
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"})
-      {:ok, activity} = CommonAPI.add_mute(user, activity)
-      {:ok, notif, _} = CommonAPI.favorite(activity.id, user2)
+      {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+      {:ok, _} = CommonAPI.add_mute(user, activity)
 
-      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
+      Streamer.get_topic_and_add_socket("user:notification", user)
 
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id)
 
-      Streamer.stream("user:notification", notif)
-      Task.await(task)
+      refute_receive _
+      assert Streamer.filtered_by_user?(user, favorite_activity)
     end
 
-    test "it doesn't send notify to the 'user:notification' stream' when a domain is blocked", %{
+    test "it sends favorite to 'user:notification' stream'", %{
+      user: user
+    } do
+      user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"})
+
+      {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+      Streamer.get_topic_and_add_socket("user:notification", user)
+      {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id)
+
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      assert notif.activity.id == favorite_activity.id
+      refute Streamer.filtered_by_user?(user, notif)
+    end
+
+    test "it doesn't send the 'user:notification' stream' when a domain is blocked", %{
       user: user
     } do
       user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"})
 
       {:ok, user} = User.block_domain(user, "hecking-lewd-place.com")
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"})
-      {:ok, notif, _} = CommonAPI.favorite(activity.id, user2)
+      {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+      Streamer.get_topic_and_add_socket("user:notification", user)
+      {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id)
 
-      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
-
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
-      Streamer.stream("user:notification", notif)
-      Task.await(task)
+      refute_receive _
+      assert Streamer.filtered_by_user?(user, favorite_activity)
     end
 
     test "it sends follow activities to the 'user:notification' stream", %{
       user: user
     } do
+      user_url = user.ap_id
       user2 = insert(:user)
-      task = Task.async(fn -> assert_receive {:text, _}, @streamer_timeout end)
 
-      Process.sleep(@streamer_start_wait)
+      body =
+        File.read!("test/fixtures/users_mock/localhost.json")
+        |> String.replace("{{nickname}}", user.nickname)
+        |> Jason.encode!()
 
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      Tesla.Mock.mock_global(fn
+        %{method: :get, url: ^user_url} ->
+          %Tesla.Env{status: 200, body: body}
+      end)
 
-      {:ok, _follower, _followed, _activity} = CommonAPI.follow(user2, user)
+      Streamer.get_topic_and_add_socket("user:notification", user)
+      {:ok, _follower, _followed, follow_activity} = CommonAPI.follow(user2, user)
 
-      # We don't directly pipe the notification to the streamer as it's already
-      # generated as a side effect of CommonAPI.follow().
-      Task.await(task)
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      assert notif.activity.id == follow_activity.id
+      refute Streamer.filtered_by_user?(user, notif)
     end
   end
 
-  test "it sends to public" do
+  test "it sends to public authenticated" do
     user = insert(:user)
     other_user = insert(:user)
 
-    task =
-      Task.async(fn ->
-        assert_receive {:text, _}, @streamer_timeout
-      end)
+    Streamer.get_topic_and_add_socket("public", other_user)
 
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user
-    }
+    {:ok, activity} = CommonAPI.post(user, %{status: "Test"})
+    assert_receive {:render_with_user, _, _, ^activity}
+    refute Streamer.filtered_by_user?(user, activity)
+  end
 
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "Test"})
+  test "works for deletions" do
+    user = insert(:user)
+    other_user = insert(:user)
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "Test"})
 
-    topics = %{
-      "public" => [fake_socket]
-    }
+    Streamer.get_topic_and_add_socket("public", user)
 
-    Worker.push_to_socket(topics, "public", activity)
+    {:ok, _} = CommonAPI.delete(activity.id, other_user)
+    activity_id = activity.id
+    assert_receive {:text, event}
+    assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event)
+  end
 
-    Task.await(task)
+  test "it sends to public unauthenticated" do
+    user = insert(:user)
 
-    task =
-      Task.async(fn ->
-        expected_event =
-          %{
-            "event" => "delete",
-            "payload" => activity.id
-          }
-          |> Jason.encode!()
+    Streamer.get_topic_and_add_socket("public", nil)
 
-        assert_receive {:text, received_event}, @streamer_timeout
-        assert received_event == expected_event
-      end)
+    {:ok, activity} = CommonAPI.post(user, %{status: "Test"})
+    activity_id = activity.id
+    assert_receive {:text, event}
+    assert %{"event" => "update", "payload" => payload} = Jason.decode!(event)
+    assert %{"id" => ^activity_id} = Jason.decode!(payload)
 
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user
-    }
-
-    {:ok, activity} = CommonAPI.delete(activity.id, other_user)
-
-    topics = %{
-      "public" => [fake_socket]
-    }
-
-    Worker.push_to_socket(topics, "public", activity)
-
-    Task.await(task)
+    {:ok, _} = CommonAPI.delete(activity.id, user)
+    assert_receive {:text, event}
+    assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event)
   end
 
   describe "thread_containment" do
-    test "it doesn't send to user if recipients invalid and thread containment is enabled" do
+    test "it filters to user if recipients invalid and thread containment is enabled" do
       Pleroma.Config.put([:instance, :skip_thread_containment], false)
       author = insert(:user)
       user = insert(:user)
-      User.follow(user, author, "accept")
+      User.follow(user, author, :follow_accept)
 
       activity =
         insert(:note_activity,
@@ -208,19 +265,17 @@ defmodule Pleroma.Web.StreamerTest do
             )
         )
 
-      task = Task.async(fn -> refute_receive {:text, _}, 1_000 end)
-      fake_socket = %StreamerSocket{transport_pid: task.pid, user: user}
-      topics = %{"public" => [fake_socket]}
-      Worker.push_to_socket(topics, "public", activity)
-
-      Task.await(task)
+      Streamer.get_topic_and_add_socket("public", user)
+      Streamer.stream("public", activity)
+      assert_receive {:render_with_user, _, _, ^activity}
+      assert Streamer.filtered_by_user?(user, activity)
     end
 
     test "it sends message if recipients invalid and thread containment is disabled" do
       Pleroma.Config.put([:instance, :skip_thread_containment], true)
       author = insert(:user)
       user = insert(:user)
-      User.follow(user, author, "accept")
+      User.follow(user, author, :follow_accept)
 
       activity =
         insert(:note_activity,
@@ -231,19 +286,18 @@ defmodule Pleroma.Web.StreamerTest do
             )
         )
 
-      task = Task.async(fn -> assert_receive {:text, _}, 1_000 end)
-      fake_socket = %StreamerSocket{transport_pid: task.pid, user: user}
-      topics = %{"public" => [fake_socket]}
-      Worker.push_to_socket(topics, "public", activity)
+      Streamer.get_topic_and_add_socket("public", user)
+      Streamer.stream("public", activity)
 
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user, activity)
     end
 
     test "it sends message if recipients invalid and thread containment is enabled but user's thread containment is disabled" do
       Pleroma.Config.put([:instance, :skip_thread_containment], false)
       author = insert(:user)
       user = insert(:user, skip_thread_containment: true)
-      User.follow(user, author, "accept")
+      User.follow(user, author, :follow_accept)
 
       activity =
         insert(:note_activity,
@@ -254,255 +308,168 @@ defmodule Pleroma.Web.StreamerTest do
             )
         )
 
-      task = Task.async(fn -> assert_receive {:text, _}, 1_000 end)
-      fake_socket = %StreamerSocket{transport_pid: task.pid, user: user}
-      topics = %{"public" => [fake_socket]}
-      Worker.push_to_socket(topics, "public", activity)
+      Streamer.get_topic_and_add_socket("public", user)
+      Streamer.stream("public", activity)
 
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user, activity)
     end
   end
 
   describe "blocks" do
-    test "it doesn't send messages involving blocked users" do
+    test "it filters messages involving blocked users" do
       user = insert(:user)
       blocked_user = insert(:user)
       {:ok, _user_relationship} = User.block(user, blocked_user)
 
-      {:ok, activity} = CommonAPI.post(blocked_user, %{"status" => "Test"})
-
-      task =
-        Task.async(fn ->
-          refute_receive {:text, _}, 1_000
-        end)
-
-      fake_socket = %StreamerSocket{
-        transport_pid: task.pid,
-        user: user
-      }
-
-      topics = %{
-        "public" => [fake_socket]
-      }
-
-      Worker.push_to_socket(topics, "public", activity)
-
-      Task.await(task)
+      Streamer.get_topic_and_add_socket("public", user)
+      {:ok, activity} = CommonAPI.post(blocked_user, %{status: "Test"})
+      assert_receive {:render_with_user, _, _, ^activity}
+      assert Streamer.filtered_by_user?(user, activity)
     end
 
-    test "it doesn't send messages transitively involving blocked users" do
+    test "it filters messages transitively involving blocked users" do
       blocker = insert(:user)
       blockee = insert(:user)
       friend = insert(:user)
 
-      task =
-        Task.async(fn ->
-          refute_receive {:text, _}, 1_000
-        end)
-
-      fake_socket = %StreamerSocket{
-        transport_pid: task.pid,
-        user: blocker
-      }
-
-      topics = %{
-        "public" => [fake_socket]
-      }
+      Streamer.get_topic_and_add_socket("public", blocker)
 
       {:ok, _user_relationship} = User.block(blocker, blockee)
 
-      {:ok, activity_one} = CommonAPI.post(friend, %{"status" => "hey! @#{blockee.nickname}"})
+      {:ok, activity_one} = CommonAPI.post(friend, %{status: "hey! @#{blockee.nickname}"})
 
-      Worker.push_to_socket(topics, "public", activity_one)
+      assert_receive {:render_with_user, _, _, ^activity_one}
+      assert Streamer.filtered_by_user?(blocker, activity_one)
 
-      {:ok, activity_two} = CommonAPI.post(blockee, %{"status" => "hey! @#{friend.nickname}"})
+      {:ok, activity_two} = CommonAPI.post(blockee, %{status: "hey! @#{friend.nickname}"})
 
-      Worker.push_to_socket(topics, "public", activity_two)
+      assert_receive {:render_with_user, _, _, ^activity_two}
+      assert Streamer.filtered_by_user?(blocker, activity_two)
 
-      {:ok, activity_three} = CommonAPI.post(blockee, %{"status" => "hey! @#{blocker.nickname}"})
+      {:ok, activity_three} = CommonAPI.post(blockee, %{status: "hey! @#{blocker.nickname}"})
 
-      Worker.push_to_socket(topics, "public", activity_three)
-
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^activity_three}
+      assert Streamer.filtered_by_user?(blocker, activity_three)
     end
   end
 
-  test "it doesn't send unwanted DMs to list" do
-    user_a = insert(:user)
-    user_b = insert(:user)
-    user_c = insert(:user)
+  describe "lists" do
+    test "it doesn't send unwanted DMs to list" do
+      user_a = insert(:user)
+      user_b = insert(:user)
+      user_c = insert(:user)
 
-    {:ok, user_a} = User.follow(user_a, user_b)
+      {:ok, user_a} = User.follow(user_a, user_b)
 
-    {:ok, list} = List.create("Test", user_a)
-    {:ok, list} = List.follow(list, user_b)
+      {:ok, list} = List.create("Test", user_a)
+      {:ok, list} = List.follow(list, user_b)
 
-    {:ok, activity} =
-      CommonAPI.post(user_b, %{
-        "status" => "@#{user_c.nickname} Test",
-        "visibility" => "direct"
-      })
+      Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id})
 
-    task =
-      Task.async(fn ->
-        refute_receive {:text, _}, 1_000
-      end)
+      {:ok, _activity} =
+        CommonAPI.post(user_b, %{
+          status: "@#{user_c.nickname} Test",
+          visibility: "direct"
+        })
 
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user_a
-    }
+      refute_receive _
+    end
 
-    topics = %{
-      "list:#{list.id}" => [fake_socket]
-    }
+    test "it doesn't send unwanted private posts to list" do
+      user_a = insert(:user)
+      user_b = insert(:user)
 
-    Worker.handle_call({:stream, "list", activity}, self(), topics)
+      {:ok, list} = List.create("Test", user_a)
+      {:ok, list} = List.follow(list, user_b)
 
-    Task.await(task)
+      Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id})
+
+      {:ok, _activity} =
+        CommonAPI.post(user_b, %{
+          status: "Test",
+          visibility: "private"
+        })
+
+      refute_receive _
+    end
+
+    test "it sends wanted private posts to list" do
+      user_a = insert(:user)
+      user_b = insert(:user)
+
+      {:ok, user_a} = User.follow(user_a, user_b)
+
+      {:ok, list} = List.create("Test", user_a)
+      {:ok, list} = List.follow(list, user_b)
+
+      Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id})
+
+      {:ok, activity} =
+        CommonAPI.post(user_b, %{
+          status: "Test",
+          visibility: "private"
+        })
+
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user_a, activity)
+    end
   end
 
-  test "it doesn't send unwanted private posts to list" do
-    user_a = insert(:user)
-    user_b = insert(:user)
+  describe "muted reblogs" do
+    test "it filters muted reblogs" do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      user3 = insert(:user)
+      CommonAPI.follow(user1, user2)
+      CommonAPI.hide_reblogs(user1, user2)
 
-    {:ok, list} = List.create("Test", user_a)
-    {:ok, list} = List.follow(list, user_b)
+      {:ok, create_activity} = CommonAPI.post(user3, %{status: "I'm kawen"})
 
-    {:ok, activity} =
-      CommonAPI.post(user_b, %{
-        "status" => "Test",
-        "visibility" => "private"
-      })
+      Streamer.get_topic_and_add_socket("user", user1)
+      {:ok, announce_activity, _} = CommonAPI.repeat(create_activity.id, user2)
+      assert_receive {:render_with_user, _, _, ^announce_activity}
+      assert Streamer.filtered_by_user?(user1, announce_activity)
+    end
 
-    task =
-      Task.async(fn ->
-        refute_receive {:text, _}, 1_000
-      end)
+    test "it filters reblog notification for reblog-muted actors" do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      CommonAPI.follow(user1, user2)
+      CommonAPI.hide_reblogs(user1, user2)
 
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user_a
-    }
+      {:ok, create_activity} = CommonAPI.post(user1, %{status: "I'm kawen"})
+      Streamer.get_topic_and_add_socket("user", user1)
+      {:ok, _favorite_activity, _} = CommonAPI.repeat(create_activity.id, user2)
 
-    topics = %{
-      "list:#{list.id}" => [fake_socket]
-    }
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      assert Streamer.filtered_by_user?(user1, notif)
+    end
 
-    Worker.handle_call({:stream, "list", activity}, self(), topics)
+    test "it send non-reblog notification for reblog-muted actors" do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      CommonAPI.follow(user1, user2)
+      CommonAPI.hide_reblogs(user1, user2)
 
-    Task.await(task)
+      {:ok, create_activity} = CommonAPI.post(user1, %{status: "I'm kawen"})
+      Streamer.get_topic_and_add_socket("user", user1)
+      {:ok, _favorite_activity} = CommonAPI.favorite(user2, create_activity.id)
+
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      refute Streamer.filtered_by_user?(user1, notif)
+    end
   end
 
-  test "it sends wanted private posts to list" do
-    user_a = insert(:user)
-    user_b = insert(:user)
-
-    {:ok, user_a} = User.follow(user_a, user_b)
-
-    {:ok, list} = List.create("Test", user_a)
-    {:ok, list} = List.follow(list, user_b)
-
-    {:ok, activity} =
-      CommonAPI.post(user_b, %{
-        "status" => "Test",
-        "visibility" => "private"
-      })
-
-    task =
-      Task.async(fn ->
-        assert_receive {:text, _}, 1_000
-      end)
-
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user_a
-    }
-
-    Streamer.add_socket(
-      "list:#{list.id}",
-      fake_socket
-    )
-
-    Worker.handle_call({:stream, "list", activity}, self(), %{})
-
-    Task.await(task)
-  end
-
-  test "it doesn't send muted reblogs" do
-    user1 = insert(:user)
-    user2 = insert(:user)
-    user3 = insert(:user)
-    CommonAPI.hide_reblogs(user1, user2)
-
-    {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"})
-    {:ok, announce_activity, _} = CommonAPI.repeat(create_activity.id, user2)
-
-    task =
-      Task.async(fn ->
-        refute_receive {:text, _}, 1_000
-      end)
-
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user1
-    }
-
-    topics = %{
-      "public" => [fake_socket]
-    }
-
-    Worker.push_to_socket(topics, "public", announce_activity)
-
-    Task.await(task)
-  end
-
-  test "it does send non-reblog notification for reblog-muted actors" do
-    user1 = insert(:user)
-    user2 = insert(:user)
-    user3 = insert(:user)
-    CommonAPI.hide_reblogs(user1, user2)
-
-    {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"})
-    {:ok, favorite_activity, _} = CommonAPI.favorite(create_activity.id, user2)
-
-    task =
-      Task.async(fn ->
-        assert_receive {:text, _}, 1_000
-      end)
-
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user1
-    }
-
-    topics = %{
-      "public" => [fake_socket]
-    }
-
-    Worker.push_to_socket(topics, "public", favorite_activity)
-
-    Task.await(task)
-  end
-
-  test "it doesn't send posts from muted threads" do
+  test "it filters posts from muted threads" do
     user = insert(:user)
     user2 = insert(:user)
+    Streamer.get_topic_and_add_socket("user", user2)
     {:ok, user2, user, _activity} = CommonAPI.follow(user2, user)
-
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"})
-
-    {:ok, activity} = CommonAPI.add_mute(user2, activity)
-
-    task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
-
-    Streamer.add_socket(
-      "user",
-      %{transport_pid: task.pid, assigns: %{user: user2}}
-    )
-
-    Streamer.stream("user", activity)
-    Task.await(task)
+    {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+    {:ok, _} = CommonAPI.add_mute(user2, activity)
+    assert_receive {:render_with_user, _, _, ^activity}
+    assert Streamer.filtered_by_user?(user2, activity)
   end
 
   describe "direct streams" do
@@ -514,103 +481,88 @@ defmodule Pleroma.Web.StreamerTest do
       user = insert(:user)
       another_user = insert(:user)
 
-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, @streamer_timeout
-
-          assert %{"event" => "conversation", "payload" => received_payload} =
-                   Jason.decode!(received_event)
-
-          assert %{"last_status" => last_status} = Jason.decode!(received_payload)
-          [participation] = Participation.for_user(user)
-          assert last_status["pleroma"]["direct_conversation_id"] == participation.id
-        end)
-
-      Streamer.add_socket(
-        "direct",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      Streamer.get_topic_and_add_socket("direct", user)
 
       {:ok, _create_activity} =
         CommonAPI.post(another_user, %{
-          "status" => "hey @#{user.nickname}",
-          "visibility" => "direct"
+          status: "hey @#{user.nickname}",
+          visibility: "direct"
         })
 
-      Task.await(task)
+      assert_receive {:text, received_event}
+
+      assert %{"event" => "conversation", "payload" => received_payload} =
+               Jason.decode!(received_event)
+
+      assert %{"last_status" => last_status} = Jason.decode!(received_payload)
+      [participation] = Participation.for_user(user)
+      assert last_status["pleroma"]["direct_conversation_id"] == participation.id
     end
 
     test "it doesn't send conversation update to the 'direct' stream when the last message in the conversation is deleted" do
       user = insert(:user)
       another_user = insert(:user)
 
+      Streamer.get_topic_and_add_socket("direct", user)
+
       {:ok, create_activity} =
         CommonAPI.post(another_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "direct"
+          status: "hi @#{user.nickname}",
+          visibility: "direct"
         })
 
-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, @streamer_timeout
-          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
+      create_activity_id = create_activity.id
+      assert_receive {:render_with_user, _, _, ^create_activity}
+      assert_receive {:text, received_conversation1}
+      assert %{"event" => "conversation", "payload" => _} = Jason.decode!(received_conversation1)
 
-          refute_receive {:text, _}, @streamer_timeout
-        end)
+      {:ok, _} = CommonAPI.delete(create_activity_id, another_user)
 
-      Process.sleep(@streamer_start_wait)
+      assert_receive {:text, received_event}
 
-      Streamer.add_socket(
-        "direct",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      assert %{"event" => "delete", "payload" => ^create_activity_id} =
+               Jason.decode!(received_event)
 
-      {:ok, _} = CommonAPI.delete(create_activity.id, another_user)
-
-      Task.await(task)
+      refute_receive _
     end
 
     test "it sends conversation update to the 'direct' stream when a message is deleted" do
       user = insert(:user)
       another_user = insert(:user)
+      Streamer.get_topic_and_add_socket("direct", user)
 
       {:ok, create_activity} =
         CommonAPI.post(another_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "direct"
+          status: "hi @#{user.nickname}",
+          visibility: "direct"
         })
 
       {:ok, create_activity2} =
         CommonAPI.post(another_user, %{
-          "status" => "hi @#{user.nickname}",
-          "in_reply_to_status_id" => create_activity.id,
-          "visibility" => "direct"
+          status: "hi @#{user.nickname} 2",
+          in_reply_to_status_id: create_activity.id,
+          visibility: "direct"
         })
 
-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, @streamer_timeout
-          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
-
-          assert_receive {:text, received_event}, @streamer_timeout
-
-          assert %{"event" => "conversation", "payload" => received_payload} =
-                   Jason.decode!(received_event)
-
-          assert %{"last_status" => last_status} = Jason.decode!(received_payload)
-          assert last_status["id"] == to_string(create_activity.id)
-        end)
-
-      Process.sleep(@streamer_start_wait)
-
-      Streamer.add_socket(
-        "direct",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      assert_receive {:render_with_user, _, _, ^create_activity}
+      assert_receive {:render_with_user, _, _, ^create_activity2}
+      assert_receive {:text, received_conversation1}
+      assert %{"event" => "conversation", "payload" => _} = Jason.decode!(received_conversation1)
+      assert_receive {:text, received_conversation1}
+      assert %{"event" => "conversation", "payload" => _} = Jason.decode!(received_conversation1)
 
       {:ok, _} = CommonAPI.delete(create_activity2.id, another_user)
 
-      Task.await(task)
+      assert_receive {:text, received_event}
+      assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
+
+      assert_receive {:text, received_event}
+
+      assert %{"event" => "conversation", "payload" => received_payload} =
+               Jason.decode!(received_event)
+
+      assert %{"last_status" => last_status} = Jason.decode!(received_payload)
+      assert last_status["id"] == to_string(create_activity.id)
     end
   end
 end

test/web/twitter_api/password_controller_test.exs

@@ -54,7 +54,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
       assert response =~ "<h2>Password changed!</h2>"
 
       user = refresh_record(user)
-      assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+      assert Pbkdf2.verify_pass("test", user.password_hash)
       assert Enum.empty?(Token.get_user_tokens(user))
     end
 

test/web/twitter_api/remote_follow_controller_test.exs

@@ -6,11 +6,14 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
   use Pleroma.Web.ConnCase
 
   alias Pleroma.Config
+  alias Pleroma.MFA
+  alias Pleroma.MFA.TOTP
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
 
   import ExUnit.CaptureLog
   import Pleroma.Factory
+  import Ecto.Query
 
   setup do
     Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -160,6 +163,119 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
     end
   end
 
+  describe "POST /ostatus_subscribe - follow/2 with enabled Two-Factor Auth " do
+    test "render the MFA login form", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      user2 = insert(:user)
+
+      response =
+        conn
+        |> post(remote_follow_path(conn, :do_follow), %{
+          "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
+        })
+        |> response(200)
+
+      mfa_token = Pleroma.Repo.one(from(q in Pleroma.MFA.Token, where: q.user_id == ^user.id))
+
+      assert response =~ "Two-factor authentication"
+      assert response =~ "Authentication code"
+      assert response =~ mfa_token.token
+      refute user2.follower_address in User.following(user)
+    end
+
+    test "returns error when password is incorrect", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      user2 = insert(:user)
+
+      response =
+        conn
+        |> post(remote_follow_path(conn, :do_follow), %{
+          "authorization" => %{"name" => user.nickname, "password" => "test1", "id" => user2.id}
+        })
+        |> response(200)
+
+      assert response =~ "Wrong username or password"
+      refute user2.follower_address in User.following(user)
+    end
+
+    test "follows", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      {:ok, %{token: token}} = MFA.Token.create_token(user)
+
+      user2 = insert(:user)
+      otp_token = TOTP.generate_token(otp_secret)
+
+      conn =
+        conn
+        |> post(
+          remote_follow_path(conn, :do_follow),
+          %{
+            "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id}
+          }
+        )
+
+      assert redirected_to(conn) == "/users/#{user2.id}"
+      assert user2.follower_address in User.following(user)
+    end
+
+    test "returns error when auth code is incorrect", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      {:ok, %{token: token}} = MFA.Token.create_token(user)
+
+      user2 = insert(:user)
+      otp_token = TOTP.generate_token(TOTP.generate_secret())
+
+      response =
+        conn
+        |> post(
+          remote_follow_path(conn, :do_follow),
+          %{
+            "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id}
+          }
+        )
+        |> response(200)
+
+      assert response =~ "Wrong authentication code"
+      refute user2.follower_address in User.following(user)
+    end
+  end
+
   describe "POST /ostatus_subscribe - follow/2 without assigned user " do
     test "follows", %{conn: conn} do
       user = insert(:user)

test/web/twitter_api/twitter_api_controller_test.exs

@@ -19,13 +19,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
 
     test "with credentials, without any params" do
-      %{user: current_user, conn: conn} =
-        oauth_access(["read:notifications", "write:notifications"])
+      %{conn: conn} = oauth_access(["write:notifications"])
 
-      conn =
-        conn
-        |> assign(:user, current_user)
-        |> post("/api/qvitter/statuses/notifications/read")
+      conn = post(conn, "/api/qvitter/statuses/notifications/read")
 
       assert json_response(conn, 400) == %{
                "error" => "You need to specify latest_id",

test/web/twitter_api/twitter_api_test.exs

@@ -18,11 +18,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
   test "it registers a new user and returns the user." do
     data = %{
-      "nickname" => "lain",
-      "email" => "lain@wired.jp",
-      "fullname" => "lain iwakura",
-      "password" => "bear",
-      "confirm" => "bear"
+      :username => "lain",
+      :email => "lain@wired.jp",
+      :fullname => "lain iwakura",
+      :password => "bear",
+      :confirm => "bear"
     }
 
     {:ok, user} = TwitterAPI.register_user(data)
@@ -35,12 +35,12 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
   test "it registers a new user with empty string in bio and returns the user." do
     data = %{
-      "nickname" => "lain",
-      "email" => "lain@wired.jp",
-      "fullname" => "lain iwakura",
-      "bio" => "",
-      "password" => "bear",
-      "confirm" => "bear"
+      :username => "lain",
+      :email => "lain@wired.jp",
+      :fullname => "lain iwakura",
+      :bio => "",
+      :password => "bear",
+      :confirm => "bear"
     }
 
     {:ok, user} = TwitterAPI.register_user(data)
@@ -60,12 +60,12 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     end
 
     data = %{
-      "nickname" => "lain",
-      "email" => "lain@wired.jp",
-      "fullname" => "lain iwakura",
-      "bio" => "",
-      "password" => "bear",
-      "confirm" => "bear"
+      :username => "lain",
+      :email => "lain@wired.jp",
+      :fullname => "lain iwakura",
+      :bio => "",
+      :password => "bear",
+      :confirm => "bear"
     }
 
     {:ok, user} = TwitterAPI.register_user(data)
@@ -87,29 +87,29 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
   test "it registers a new user and parses mentions in the bio" do
     data1 = %{
-      "nickname" => "john",
-      "email" => "john@gmail.com",
-      "fullname" => "John Doe",
-      "bio" => "test",
-      "password" => "bear",
-      "confirm" => "bear"
+      :username => "john",
+      :email => "john@gmail.com",
+      :fullname => "John Doe",
+      :bio => "test",
+      :password => "bear",
+      :confirm => "bear"
     }
 
     {:ok, user1} = TwitterAPI.register_user(data1)
 
     data2 = %{
-      "nickname" => "lain",
-      "email" => "lain@wired.jp",
-      "fullname" => "lain iwakura",
-      "bio" => "@john test",
-      "password" => "bear",
-      "confirm" => "bear"
+      :username => "lain",
+      :email => "lain@wired.jp",
+      :fullname => "lain iwakura",
+      :bio => "@john test",
+      :password => "bear",
+      :confirm => "bear"
     }
 
     {:ok, user2} = TwitterAPI.register_user(data2)
 
     expected_text =
-      ~s(<span class="h-card"><a data-user="#{user1.id}" class="u-url mention" href="#{
+      ~s(<span class="h-card"><a class="u-url mention" data-user="#{user1.id}" href="#{
         user1.ap_id
       }" rel="ugc">@<span>john</span></a></span> test)
 
@@ -123,13 +123,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
       {:ok, invite} = UserInviteToken.create_invite()
 
       data = %{
-        "nickname" => "vinny",
-        "email" => "pasta@pizza.vs",
-        "fullname" => "Vinny Vinesauce",
-        "bio" => "streamer",
-        "password" => "hiptofbees",
-        "confirm" => "hiptofbees",
-        "token" => invite.token
+        :username => "vinny",
+        :email => "pasta@pizza.vs",
+        :fullname => "Vinny Vinesauce",
+        :bio => "streamer",
+        :password => "hiptofbees",
+        :confirm => "hiptofbees",
+        :token => invite.token
       }
 
       {:ok, user} = TwitterAPI.register_user(data)
@@ -145,13 +145,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
     test "returns error on invalid token" do
       data = %{
-        "nickname" => "GrimReaper",
-        "email" => "death@reapers.afterlife",
-        "fullname" => "Reaper Grim",
-        "bio" => "Your time has come",
-        "password" => "scythe",
-        "confirm" => "scythe",
-        "token" => "DudeLetMeInImAFairy"
+        :username => "GrimReaper",
+        :email => "death@reapers.afterlife",
+        :fullname => "Reaper Grim",
+        :bio => "Your time has come",
+        :password => "scythe",
+        :confirm => "scythe",
+        :token => "DudeLetMeInImAFairy"
       }
 
       {:error, msg} = TwitterAPI.register_user(data)
@@ -165,13 +165,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
       UserInviteToken.update_invite!(invite, used: true)
 
       data = %{
-        "nickname" => "GrimReaper",
-        "email" => "death@reapers.afterlife",
-        "fullname" => "Reaper Grim",
-        "bio" => "Your time has come",
-        "password" => "scythe",
-        "confirm" => "scythe",
-        "token" => invite.token
+        :username => "GrimReaper",
+        :email => "death@reapers.afterlife",
+        :fullname => "Reaper Grim",
+        :bio => "Your time has come",
+        :password => "scythe",
+        :confirm => "scythe",
+        :token => invite.token
       }
 
       {:error, msg} = TwitterAPI.register_user(data)
@@ -186,16 +186,16 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
     setup do
       data = %{
-        "nickname" => "vinny",
-        "email" => "pasta@pizza.vs",
-        "fullname" => "Vinny Vinesauce",
-        "bio" => "streamer",
-        "password" => "hiptofbees",
-        "confirm" => "hiptofbees"
+        :username => "vinny",
+        :email => "pasta@pizza.vs",
+        :fullname => "Vinny Vinesauce",
+        :bio => "streamer",
+        :password => "hiptofbees",
+        :confirm => "hiptofbees"
       }
 
       check_fn = fn invite ->
-        data = Map.put(data, "token", invite.token)
+        data = Map.put(data, :token, invite.token)
         {:ok, user} = TwitterAPI.register_user(data)
         fetched_user = User.get_cached_by_nickname("vinny")
 
@@ -250,13 +250,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
       UserInviteToken.update_invite!(invite, uses: 99)
 
       data = %{
-        "nickname" => "vinny",
-        "email" => "pasta@pizza.vs",
-        "fullname" => "Vinny Vinesauce",
-        "bio" => "streamer",
-        "password" => "hiptofbees",
-        "confirm" => "hiptofbees",
-        "token" => invite.token
+        :username => "vinny",
+        :email => "pasta@pizza.vs",
+        :fullname => "Vinny Vinesauce",
+        :bio => "streamer",
+        :password => "hiptofbees",
+        :confirm => "hiptofbees",
+        :token => invite.token
       }
 
       {:ok, user} = TwitterAPI.register_user(data)
@@ -269,13 +269,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
                AccountView.render("show.json", %{user: fetched_user})
 
       data = %{
-        "nickname" => "GrimReaper",
-        "email" => "death@reapers.afterlife",
-        "fullname" => "Reaper Grim",
-        "bio" => "Your time has come",
-        "password" => "scythe",
-        "confirm" => "scythe",
-        "token" => invite.token
+        :username => "GrimReaper",
+        :email => "death@reapers.afterlife",
+        :fullname => "Reaper Grim",
+        :bio => "Your time has come",
+        :password => "scythe",
+        :confirm => "scythe",
+        :token => invite.token
       }
 
       {:error, msg} = TwitterAPI.register_user(data)
@@ -292,13 +292,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
       {:ok, invite} = UserInviteToken.create_invite(%{expires_at: Date.utc_today(), max_use: 100})
 
       data = %{
-        "nickname" => "vinny",
-        "email" => "pasta@pizza.vs",
-        "fullname" => "Vinny Vinesauce",
-        "bio" => "streamer",
-        "password" => "hiptofbees",
-        "confirm" => "hiptofbees",
-        "token" => invite.token
+        :username => "vinny",
+        :email => "pasta@pizza.vs",
+        :fullname => "Vinny Vinesauce",
+        :bio => "streamer",
+        :password => "hiptofbees",
+        :confirm => "hiptofbees",
+        :token => invite.token
       }
 
       {:ok, user} = TwitterAPI.register_user(data)
@@ -317,13 +317,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
       UserInviteToken.update_invite!(invite, uses: 99)
 
       data = %{
-        "nickname" => "vinny",
-        "email" => "pasta@pizza.vs",
-        "fullname" => "Vinny Vinesauce",
-        "bio" => "streamer",
-        "password" => "hiptofbees",
-        "confirm" => "hiptofbees",
-        "token" => invite.token
+        :username => "vinny",
+        :email => "pasta@pizza.vs",
+        :fullname => "Vinny Vinesauce",
+        :bio => "streamer",
+        :password => "hiptofbees",
+        :confirm => "hiptofbees",
+        :token => invite.token
       }
 
       {:ok, user} = TwitterAPI.register_user(data)
@@ -335,13 +335,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
                AccountView.render("show.json", %{user: fetched_user})
 
       data = %{
-        "nickname" => "GrimReaper",
-        "email" => "death@reapers.afterlife",
-        "fullname" => "Reaper Grim",
-        "bio" => "Your time has come",
-        "password" => "scythe",
-        "confirm" => "scythe",
-        "token" => invite.token
+        :username => "GrimReaper",
+        :email => "death@reapers.afterlife",
+        :fullname => "Reaper Grim",
+        :bio => "Your time has come",
+        :password => "scythe",
+        :confirm => "scythe",
+        :token => invite.token
       }
 
       {:error, msg} = TwitterAPI.register_user(data)
@@ -355,13 +355,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
         UserInviteToken.create_invite(%{expires_at: Date.add(Date.utc_today(), -1), max_use: 100})
 
       data = %{
-        "nickname" => "GrimReaper",
-        "email" => "death@reapers.afterlife",
-        "fullname" => "Reaper Grim",
-        "bio" => "Your time has come",
-        "password" => "scythe",
-        "confirm" => "scythe",
-        "token" => invite.token
+        :username => "GrimReaper",
+        :email => "death@reapers.afterlife",
+        :fullname => "Reaper Grim",
+        :bio => "Your time has come",
+        :password => "scythe",
+        :confirm => "scythe",
+        :token => invite.token
       }
 
       {:error, msg} = TwitterAPI.register_user(data)
@@ -377,13 +377,13 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
       UserInviteToken.update_invite!(invite, uses: 100)
 
       data = %{
-        "nickname" => "GrimReaper",
-        "email" => "death@reapers.afterlife",
-        "fullname" => "Reaper Grim",
-        "bio" => "Your time has come",
-        "password" => "scythe",
-        "confirm" => "scythe",
-        "token" => invite.token
+        :username => "GrimReaper",
+        :email => "death@reapers.afterlife",
+        :fullname => "Reaper Grim",
+        :bio => "Your time has come",
+        :password => "scythe",
+        :confirm => "scythe",
+        :token => invite.token
       }
 
       {:error, msg} = TwitterAPI.register_user(data)
@@ -395,16 +395,15 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
   test "it returns the error on registration problems" do
     data = %{
-      "nickname" => "lain",
-      "email" => "lain@wired.jp",
-      "fullname" => "lain iwakura",
-      "bio" => "close the world.",
-      "password" => "bear"
+      :username => "lain",
+      :email => "lain@wired.jp",
+      :fullname => "lain iwakura",
+      :bio => "close the world."
     }
 
-    {:error, error_object} = TwitterAPI.register_user(data)
+    {:error, error} = TwitterAPI.register_user(data)
 
-    assert is_binary(error_object[:error])
+    assert is_binary(error)
     refute User.get_cached_by_nickname("lain")
   end
 

test/web/twitter_api/util_controller_test.exs

@@ -95,6 +95,30 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
         end
       end
     end
+
+    test "it imports follows with different nickname variations", %{conn: conn} do
+      [user2, user3, user4, user5, user6] = insert_list(5, :user)
+
+      identifiers =
+        [
+          user2.ap_id,
+          user3.nickname,
+          "  ",
+          "@" <> user4.nickname,
+          user5.nickname <> "@localhost",
+          "@" <> user6.nickname <> "@localhost"
+        ]
+        |> Enum.join("\n")
+
+      response =
+        conn
+        |> post("/api/pleroma/follow_import", %{"list" => identifiers})
+        |> json_response(:ok)
+
+      assert response == "job started"
+      assert [{:ok, job_result}] = ObanHelpers.perform_all()
+      assert job_result == [user2, user3, user4, user5, user6]
+    end
   end
 
   describe "POST /api/pleroma/blocks_import" do
@@ -136,6 +160,29 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
                )
       end
     end
+
+    test "it imports blocks with different nickname variations", %{conn: conn} do
+      [user2, user3, user4, user5, user6] = insert_list(5, :user)
+
+      identifiers =
+        [
+          user2.ap_id,
+          user3.nickname,
+          "@" <> user4.nickname,
+          user5.nickname <> "@localhost",
+          "@" <> user6.nickname <> "@localhost"
+        ]
+        |> Enum.join(" ")
+
+      response =
+        conn
+        |> post("/api/pleroma/blocks_import", %{"list" => identifiers})
+        |> json_response(:ok)
+
+      assert response == "job started"
+      assert [{:ok, job_result}] = ObanHelpers.perform_all()
+      assert job_result == [user2, user3, user4, user5, user6]
+    end
   end
 
   describe "PUT /api/pleroma/notification_settings" do
@@ -520,7 +567,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
 
       assert json_response(conn, 200) == %{"status" => "success"}
       fetched_user = User.get_cached_by_id(user.id)
-      assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
+      assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
     end
   end
 

test/web/web_finger/web_finger_test.exs

@@ -67,7 +67,7 @@ defmodule Pleroma.Web.WebFingerTest do
       assert data["magic_key"] == nil
       assert data["salmon"] == nil
 
-      assert data["topic"] == "https://mstdn.jp/users/kPherox.atom"
+      assert data["topic"] == nil
       assert data["subject"] == "acct:kPherox@mstdn.jp"
       assert data["ap_id"] == "https://mstdn.jp/users/kPherox"
       assert data["subscribe_address"] == "https://mstdn.jp/authorize_interaction?acct={uri}"