Resolve merge conflict

test/web/activity_pub/activity_pub_controller_test.exs

@@ -1,8 +1,12 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory
   alias Pleroma.Web.ActivityPub.{UserView, ObjectView}
-  alias Pleroma.{Repo, User}
+  alias Pleroma.{Object, Repo, User}
   alias Pleroma.Activity
 
   setup_all do
@@ -71,6 +75,44 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
       assert json_response(conn, 404)
     end
+
+    test "it returns 404 for tombstone objects", %{conn: conn} do
+      tombstone = insert(:tombstone)
+      uuid = String.split(tombstone.data["id"], "/") |> List.last()
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/objects/#{uuid}")
+
+      assert json_response(conn, 404)
+    end
+  end
+
+  describe "/activities/:uuid" do
+    test "it returns a json representation of the activity", %{conn: conn} do
+      activity = insert(:note_activity)
+      uuid = String.split(activity.data["id"], "/") |> List.last()
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/activities/#{uuid}")
+
+      assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
+    end
+
+    test "it returns 404 for non-public activities", %{conn: conn} do
+      activity = insert(:direct_note_activity)
+      uuid = String.split(activity.data["id"], "/") |> List.last()
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/activities/#{uuid}")
+
+      assert json_response(conn, 404)
+    end
   end
 
   describe "/inbox" do
@@ -108,6 +150,32 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       :timer.sleep(500)
       assert Activity.get_by_ap_id(data["id"])
     end
+
+    test "it rejects reads from other users", %{conn: conn} do
+      user = insert(:user)
+      otheruser = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, otheruser)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/inbox")
+
+      assert json_response(conn, 403)
+    end
+
+    test "it returns a note activity in a collection", %{conn: conn} do
+      note_activity = insert(:direct_note_activity)
+      user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/inbox")
+
+      assert response(conn, 200) =~ note_activity.data["object"]["content"]
+    end
   end
 
   describe "/users/:nickname/outbox" do
@@ -134,6 +202,96 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
       assert response(conn, 200) =~ announce_activity.data["object"]
     end
+
+    test "it rejects posts from other users", %{conn: conn} do
+      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+      user = insert(:user)
+      otheruser = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, otheruser)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 403)
+    end
+
+    test "it inserts an incoming create activity into the database", %{conn: conn} do
+      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      result = json_response(conn, 201)
+      assert Activity.get_by_ap_id(result["id"])
+    end
+
+    test "it rejects an incoming activity with bogus type", %{conn: conn} do
+      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+      user = insert(:user)
+
+      data =
+        data
+        |> Map.put("type", "BadType")
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 400)
+    end
+
+    test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
+      note_activity = insert(:note_activity)
+      user = User.get_cached_by_ap_id(note_activity.data["actor"])
+
+      data = %{
+        type: "Delete",
+        object: %{
+          id: note_activity.data["object"]["id"]
+        }
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      result = json_response(conn, 201)
+      assert Activity.get_by_ap_id(result["id"])
+
+      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      assert object
+      assert object.data["type"] == "Tombstone"
+    end
+
+    test "it rejects delete activity of object from other actor", %{conn: conn} do
+      note_activity = insert(:note_activity)
+      user = insert(:user)
+
+      data = %{
+        type: "Delete",
+        object: %{
+          id: note_activity.data["object"]["id"]
+        }
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 400)
+    end
   end
 
   describe "/users/:nickname/followers" do

test/web/activity_pub/activity_pub_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   use Pleroma.DataCase
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -14,6 +18,42 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
     :ok
   end
 
+  describe "fetching restricted by visibility" do
+    test "it restricts by the appropriate visibility" do
+      user = insert(:user)
+
+      {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
+
+      {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+
+      {:ok, unlisted_activity} =
+        CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
+
+      {:ok, private_activity} =
+        CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "direct", "actor_id" => user.ap_id})
+
+      assert activities == [direct_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "unlisted", "actor_id" => user.ap_id})
+
+      assert activities == [unlisted_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "private", "actor_id" => user.ap_id})
+
+      assert activities == [private_activity]
+
+      activities =
+        ActivityPub.fetch_activities([], %{:visibility => "public", "actor_id" => user.ap_id})
+
+      assert activities == [public_activity]
+    end
+  end
+
   describe "building a user from his ap id" do
     test "it returns a user" do
       user_id = "http://mastodon.example.org/users/admin"
@@ -27,6 +67,24 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   end
 
   describe "insertion" do
+    test "drops activities beyond a certain limit" do
+      limit = Pleroma.Config.get([:instance, :remote_limit])
+
+      random_text =
+        :crypto.strong_rand_bytes(limit + 1)
+        |> Base.encode64()
+        |> binary_part(0, limit + 1)
+
+      data = %{
+        "ok" => true,
+        "object" => %{
+          "content" => random_text
+        }
+      }
+
+      assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data)
+    end
+
     test "returns the activity if one with the same id is already in" do
       activity = insert(:note_activity)
       {:ok, new_activity} = ActivityPub.insert(activity.data)
@@ -176,6 +234,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
     assert Enum.member?(activities, activity_one)
   end
 
+  test "excludes reblogs on request" do
+    user = insert(:user)
+    {:ok, expected_activity} = ActivityBuilder.insert(%{"type" => "Create"}, %{:user => user})
+    {:ok, _} = ActivityBuilder.insert(%{"type" => "Announce"}, %{:user => user})
+
+    [activity] = ActivityPub.fetch_user_activities(user, nil, %{"exclude_reblogs" => "true"})
+
+    assert activity == expected_activity
+  end
+
   describe "public fetch activities" do
     test "doesn't retrieve unlisted activities" do
       user = insert(:user)
@@ -478,7 +546,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
 
       assert Repo.get(Activity, delete.id) != nil
 
-      assert Repo.get(Object, object.id) == nil
+      assert Repo.get(Object, object.id).data["type"] == "Tombstone"
     end
   end
 
@@ -569,6 +637,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
     assert object
   end
 
+  test "returned pinned statuses" do
+    Pleroma.Config.put([:instance, :max_pinned_statuses], 3)
+    user = insert(:user)
+
+    {:ok, activity_one} = CommonAPI.post(user, %{"status" => "HI!!!"})
+    {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
+    {:ok, activity_three} = CommonAPI.post(user, %{"status" => "HI!!!"})
+
+    CommonAPI.pin(activity_one.id, user)
+    user = refresh_record(user)
+
+    CommonAPI.pin(activity_two.id, user)
+    user = refresh_record(user)
+
+    CommonAPI.pin(activity_three.id, user)
+    user = refresh_record(user)
+
+    activities = ActivityPub.fetch_user_activities(user, nil, %{"pinned" => "true"})
+
+    assert 3 = length(activities)
+  end
+
   def data_uri do
     File.read!("test/fixtures/avatar_data_uri")
   end

test/web/activity_pub/relay_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.RelayTest do
   use Pleroma.DataCase
 

test/web/activity_pub/transmogrifier_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
   use Pleroma.DataCase
   alias Pleroma.Web.ActivityPub.Transmogrifier
@@ -684,6 +688,36 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       :error = Transmogrifier.handle_incoming(data)
     end
+
+    test "it remaps video URLs as attachments if necessary" do
+      {:ok, object} =
+        ActivityPub.fetch_object_from_id(
+          "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3"
+        )
+
+      attachment = %{
+        "type" => "Link",
+        "mediaType" => "video/mp4",
+        "href" =>
+          "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
+        "mimeType" => "video/mp4",
+        "size" => 5_015_880,
+        "url" => [
+          %{
+            "href" =>
+              "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
+            "mediaType" => "video/mp4",
+            "type" => "Link"
+          }
+        ],
+        "width" => 480
+      }
+
+      assert object.data["url"] ==
+               "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3"
+
+      assert object.data["attachment"] == [attachment]
+    end
   end
 
   describe "prepare outgoing" do

test/web/admin_api/admin_api_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
   use Pleroma.Web.ConnCase
 

test/web/common_api/common_api_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.CommonAPI.Test do
   use Pleroma.DataCase
   alias Pleroma.Web.CommonAPI
@@ -92,4 +96,65 @@ defmodule Pleroma.Web.CommonAPI.Test do
       {:error, _} = CommonAPI.favorite(activity.id, user)
     end
   end
+
+  describe "pinned statuses" do
+    setup do
+      Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+
+      user = insert(:user)
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+
+      [user: user, activity: activity]
+    end
+
+    test "pin status", %{user: user, activity: activity} do
+      assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
+
+      id = activity.id
+      user = refresh_record(user)
+
+      assert %User{info: %{pinned_activities: [^id]}} = user
+    end
+
+    test "only self-authored can be pinned", %{activity: activity} do
+      user = insert(:user)
+
+      assert {:error, "Could not pin"} = CommonAPI.pin(activity.id, user)
+    end
+
+    test "max pinned statuses", %{user: user, activity: activity_one} do
+      {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
+
+      assert {:ok, ^activity_one} = CommonAPI.pin(activity_one.id, user)
+
+      user = refresh_record(user)
+
+      assert {:error, "You have already pinned the maximum number of statuses"} =
+               CommonAPI.pin(activity_two.id, user)
+    end
+
+    test "unpin status", %{user: user, activity: activity} do
+      {:ok, activity} = CommonAPI.pin(activity.id, user)
+
+      user = refresh_record(user)
+
+      assert {:ok, ^activity} = CommonAPI.unpin(activity.id, user)
+
+      user = refresh_record(user)
+
+      assert %User{info: %{pinned_activities: []}} = user
+    end
+
+    test "should unpin when deleting a status", %{user: user, activity: activity} do
+      {:ok, activity} = CommonAPI.pin(activity.id, user)
+
+      user = refresh_record(user)
+
+      assert {:ok, _} = CommonAPI.delete(activity.id, user)
+
+      user = refresh_record(user)
+
+      assert %User{info: %{pinned_activities: []}} = user
+    end
+  end
 end

test/web/common_api/common_api_utils_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.CommonAPI.UtilsTest do
   alias Pleroma.Web.CommonAPI.Utils
   alias Pleroma.Web.Endpoint
@@ -52,4 +56,54 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
 
     assert expected == Utils.emoji_from_profile(user)
   end
+
+  describe "format_input/4" do
+    test "works for bare text/plain" do
+      text = "hello world!"
+      expected = "hello world!"
+
+      output = Utils.format_input(text, [], [], "text/plain")
+
+      assert output == expected
+
+      text = "hello world!\n\nsecond paragraph!"
+      expected = "hello world!<br><br>second paragraph!"
+
+      output = Utils.format_input(text, [], [], "text/plain")
+
+      assert output == expected
+    end
+
+    test "works for bare text/html" do
+      text = "<p>hello world!</p>"
+      expected = "<p>hello world!</p>"
+
+      output = Utils.format_input(text, [], [], "text/html")
+
+      assert output == expected
+
+      text = "<p>hello world!</p>\n\n<p>second paragraph</p>"
+      expected = "<p>hello world!</p>\n\n<p>second paragraph</p>"
+
+      output = Utils.format_input(text, [], [], "text/html")
+
+      assert output == expected
+    end
+
+    test "works for bare text/markdown" do
+      text = "**hello world**"
+      expected = "<p><strong>hello world</strong></p>\n"
+
+      output = Utils.format_input(text, [], [], "text/markdown")
+
+      assert output == expected
+
+      text = "**hello world**\n\n*another paragraph*"
+      expected = "<p><strong>hello world</strong></p>\n<p><em>another paragraph</em></p>\n"
+
+      output = Utils.format_input(text, [], [], "text/markdown")
+
+      assert output == expected
+    end
+  end
 end

test/web/federator_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.FederatorTest do
   alias Pleroma.Web.Federator
   alias Pleroma.Web.CommonAPI

test/web/http_sigs/http_sig_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 # http signatures
 # Test data from https://tools.ietf.org/html/draft-cavage-http-signatures-08#appendix-C
 defmodule Pleroma.Web.HTTPSignaturesTest do

test/web/mastodon_api/account_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
   use Pleroma.DataCase
   import Pleroma.Factory
@@ -55,7 +59,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         privacy: "public",
         sensitive: false
       },
-      pleroma: %{tags: []}
+      pleroma: %{
+        confirmation_pending: false,
+        tags: []
+      }
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
@@ -93,7 +100,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         privacy: "public",
         sensitive: false
       },
-      pleroma: %{tags: []}
+      pleroma: %{
+        confirmation_pending: false,
+        tags: []
+      }
     }
 
     assert expected == AccountView.render("account.json", %{user: user})

test/web/mastodon_api/list_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.MastodonAPI.ListViewTest do
   use Pleroma.DataCase
   import Pleroma.Factory

test/web/mastodon_api/mastodon_api_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
   use Pleroma.Web.ConnCase
 
@@ -292,7 +296,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
       assert %{} = json_response(conn, 200)
 
-      assert Repo.get(Activity, activity.id) == nil
+      refute Repo.get(Activity, activity.id)
     end
 
     test "when you didn't create it", %{conn: conn} do
@@ -836,6 +840,26 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       assert [%{"id" => id}] = json_response(conn, 200)
       assert id == to_string(image_post.id)
     end
+
+    test "gets a user's statuses without reblogs", %{conn: conn} do
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, _, _} = CommonAPI.repeat(post.id, user)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "true"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(post.id)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}/statuses", %{"exclude_reblogs" => "1"})
+
+      assert [%{"id" => id}] = json_response(conn, 200)
+      assert id == to_string(post.id)
+    end
   end
 
   describe "user relationships" do
@@ -1288,6 +1312,24 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     end)
   end
 
+  test "search doesn't show statuses that it shouldn't", %{conn: conn} do
+    {:ok, activity} =
+      CommonAPI.post(insert(:user), %{
+        "status" => "This is about 2hu, but private",
+        "visibility" => "private"
+      })
+
+    capture_log(fn ->
+      conn =
+        conn
+        |> get("/api/v1/search", %{"q" => activity.data["object"]["id"]})
+
+      assert results = json_response(conn, 200)
+
+      [] = results["statuses"]
+    end)
+  end
+
   test "search fetches remote accounts", %{conn: conn} do
     conn =
       conn
@@ -1429,4 +1471,84 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     user = User.get_cached_by_ap_id(user.ap_id)
     assert user.info.settings == %{"programming" => "socks"}
   end
+
+  describe "pinned statuses" do
+    setup do
+      Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+
+      user = insert(:user)
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+
+      [user: user, activity: activity]
+    end
+
+    test "returns pinned statuses", %{conn: conn, user: user, activity: activity} do
+      {:ok, _} = CommonAPI.pin(activity.id, user)
+
+      result =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
+        |> json_response(200)
+
+      id_str = to_string(activity.id)
+
+      assert [%{"id" => ^id_str, "pinned" => true}] = result
+    end
+
+    test "pin status", %{conn: conn, user: user, activity: activity} do
+      id_str = to_string(activity.id)
+
+      assert %{"id" => ^id_str, "pinned" => true} =
+               conn
+               |> assign(:user, user)
+               |> post("/api/v1/statuses/#{activity.id}/pin")
+               |> json_response(200)
+
+      assert [%{"id" => ^id_str, "pinned" => true}] =
+               conn
+               |> assign(:user, user)
+               |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
+               |> json_response(200)
+    end
+
+    test "unpin status", %{conn: conn, user: user, activity: activity} do
+      {:ok, _} = CommonAPI.pin(activity.id, user)
+
+      id_str = to_string(activity.id)
+      user = refresh_record(user)
+
+      assert %{"id" => ^id_str, "pinned" => false} =
+               conn
+               |> assign(:user, user)
+               |> post("/api/v1/statuses/#{activity.id}/unpin")
+               |> json_response(200)
+
+      assert [] =
+               conn
+               |> assign(:user, user)
+               |> get("/api/v1/accounts/#{user.id}/statuses?pinned=true")
+               |> json_response(200)
+    end
+
+    test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do
+      {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
+
+      id_str_one = to_string(activity_one.id)
+
+      assert %{"id" => ^id_str_one, "pinned" => true} =
+               conn
+               |> assign(:user, user)
+               |> post("/api/v1/statuses/#{id_str_one}/pin")
+               |> json_response(200)
+
+      user = refresh_record(user)
+
+      assert %{"error" => "You have already pinned the maximum number of statuses"} =
+               conn
+               |> assign(:user, user)
+               |> post("/api/v1/statuses/#{activity_two.id}/pin")
+               |> json_response(400)
+    end
+  end
 end

test/web/mastodon_api/status_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   use Pleroma.DataCase
 
@@ -5,6 +9,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   alias Pleroma.User
   alias Pleroma.Web.OStatus
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Activity
   import Pleroma.Factory
   import Tesla.Mock
 
@@ -57,6 +63,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       reblogged: false,
       favourited: false,
       muted: false,
+      pinned: false,
       sensitive: false,
       spoiler_text: note.data["object"]["summary"],
       visibility: "public",
@@ -157,6 +164,22 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     assert represented[:emojis] == []
   end
 
+  test "a peertube video" do
+    user = insert(:user)
+
+    {:ok, object} =
+      ActivityPub.fetch_object_from_id(
+        "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3"
+      )
+
+    %Activity{} = activity = Activity.get_create_activity_by_object_ap_id(object.data["id"])
+
+    represented = StatusView.render("status.json", %{for: user, activity: activity})
+
+    assert represented[:id] == to_string(activity.id)
+    assert length(represented[:media_attachments]) == 1
+  end
+
   describe "build_tags/1" do
     test "it returns a a dictionary tags" do
       object_tags = [

test/web/node_info_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.NodeInfoTest do
   use Pleroma.Web.ConnCase
 
@@ -15,6 +19,17 @@ defmodule Pleroma.Web.NodeInfoTest do
     assert user.ap_id in result["metadata"]["staffAccounts"]
   end
 
+  test "nodeinfo shows restricted nicknames", %{conn: conn} do
+    conn =
+      conn
+      |> get("/nodeinfo/2.0.json")
+
+    assert result = json_response(conn, 200)
+
+    assert Pleroma.Config.get([Pleroma.User, :restricted_nicknames]) ==
+             result["metadata"]["restrictedNicknames"]
+  end
+
   test "returns 404 when federation is disabled", %{conn: conn} do
     instance =
       Application.get_env(:pleroma, :instance)

test/web/oauth/authorization_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OAuth.AuthorizationTest do
   use Pleroma.DataCase
   alias Pleroma.Web.OAuth.{Authorization, App}

test/web/oauth/oauth_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OAuth.OAuthControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory
@@ -50,6 +54,26 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     assert Repo.get_by(Token, token: token)
   end
 
+  test "issues a token for `password` grant_type with valid credentials" do
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+
+    app = insert(:oauth_app)
+
+    conn =
+      build_conn()
+      |> post("/oauth/token", %{
+        "grant_type" => "password",
+        "username" => user.nickname,
+        "password" => password,
+        "client_id" => app.client_id,
+        "client_secret" => app.client_secret
+      })
+
+    assert %{"access_token" => token} = json_response(conn, 200)
+    assert Repo.get_by(Token, token: token)
+  end
+
   test "issues a token for request with HTTP basic auth client credentials" do
     user = insert(:user)
     app = insert(:oauth_app)
@@ -93,6 +117,43 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     refute Map.has_key?(resp, "access_token")
   end
 
+  test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do
+    setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+    unless setting do
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+      on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+    end
+
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+    {:ok, user} =
+      user
+      |> Ecto.Changeset.change()
+      |> Ecto.Changeset.put_embed(:info, info_change)
+      |> Repo.update()
+
+    refute Pleroma.User.auth_active?(user)
+
+    app = insert(:oauth_app)
+
+    conn =
+      build_conn()
+      |> post("/oauth/token", %{
+        "grant_type" => "password",
+        "username" => user.nickname,
+        "password" => password,
+        "client_id" => app.client_id,
+        "client_secret" => app.client_secret
+      })
+
+    assert resp = json_response(conn, 403)
+    assert %{"error" => _} = resp
+    refute Map.has_key?(resp, "access_token")
+  end
+
   test "rejects an invalid authorization code" do
     app = insert(:oauth_app)
 

test/web/oauth/token_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OAuth.TokenTest do
   use Pleroma.DataCase
   alias Pleroma.Web.OAuth.{App, Token, Authorization}

test/web/ostatus/activity_representer_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatus.ActivityRepresenterTest do
   use Pleroma.DataCase
 

test/web/ostatus/feed_representer_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatus.FeedRepresenterTest do
   use Pleroma.DataCase
   import Pleroma.Factory

test/web/ostatus/incoming_documents/delete_handling_test.exs

@@ -25,7 +25,7 @@ defmodule Pleroma.Web.OStatus.DeleteHandlingTest do
 
       refute Repo.get(Activity, note.id)
       refute Repo.get(Activity, like.id)
-      refute Object.get_by_ap_id(note.data["object"]["id"])
+      assert Object.get_by_ap_id(note.data["object"]["id"]).data["type"] == "Tombstone"
       assert Repo.get(Activity, second_note.id)
       assert Object.get_by_ap_id(second_note.data["object"]["id"])
 

test/web/ostatus/ostatus_controller_test.exs

@@ -1,7 +1,11 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatus.OStatusControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory
-  alias Pleroma.{User, Repo}
+  alias Pleroma.{User, Repo, Object}
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.OStatus.ActivityRepresenter
 
@@ -121,6 +125,22 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
     |> response(200)
   end
 
+  test "404s on deleted objects", %{conn: conn} do
+    note_activity = insert(:note_activity)
+    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["object"]["id"]))
+    object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+
+    conn
+    |> get("/objects/#{uuid}")
+    |> response(200)
+
+    Object.delete(object)
+
+    conn
+    |> get("/objects/#{uuid}")
+    |> response(404)
+  end
+
   test "404s on private activities", %{conn: conn} do
     note_activity = insert(:direct_note_activity)
     [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))

test/web/ostatus/ostatus_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatusTest do
   use Pleroma.DataCase
   alias Pleroma.Web.OStatus

test/web/ostatus/user_representer_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatus.UserRepresenterTest do
   use Pleroma.DataCase
   alias Pleroma.Web.OStatus.UserRepresenter

test/web/plugs/federating_plug_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.FederatingPlugTest do
   use Pleroma.Web.ConnCase
 

test/web/retry_queue_test.exs

@@ -1,5 +1,10 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule MockActivityPub do
-  def publish_one(ret) do
+  def publish_one({ret, waiter}) do
+    send(waiter, :complete)
     {ret, "success"}
   end
 end
@@ -11,21 +16,33 @@ defmodule Pleroma.Web.Federator.RetryQueueTest do
   @small_retry_count 0
   @hopeless_retry_count 10
 
+  setup do
+    RetryQueue.reset_stats()
+  end
+
+  test "RetryQueue responds to stats request" do
+    assert %{delivered: 0, dropped: 0} == RetryQueue.get_stats()
+  end
+
   test "failed posts are retried" do
     {:retry, _timeout} = RetryQueue.get_retry_params(@small_retry_count)
 
-    assert {:noreply, %{delivered: 1}} ==
-             RetryQueue.handle_info({:send, :ok, MockActivityPub, @small_retry_count}, %{
-               delivered: 0
-             })
+    wait_task =
+      Task.async(fn ->
+        receive do
+          :complete -> :ok
+        end
+      end)
+
+    RetryQueue.enqueue({:ok, wait_task.pid}, MockActivityPub, @small_retry_count)
+    Task.await(wait_task)
+    assert %{delivered: 1, dropped: 0} == RetryQueue.get_stats()
   end
 
   test "posts that have been tried too many times are dropped" do
     {:drop, _timeout} = RetryQueue.get_retry_params(@hopeless_retry_count)
 
-    assert {:noreply, %{dropped: 1}} ==
-             RetryQueue.handle_cast({:maybe_enqueue, %{}, nil, @hopeless_retry_count}, %{
-               dropped: 0
-             })
+    RetryQueue.enqueue({:ok, nil}, MockActivityPub, @hopeless_retry_count)
+    assert %{delivered: 0, dropped: 1} == RetryQueue.get_stats()
   end
 end

test/web/rich_media/controllers/rich_media_controller_test.exs

@@ -0,0 +1,54 @@
+defmodule Pleroma.Web.RichMedia.RichMediaControllerTest do
+  use Pleroma.Web.ConnCase
+  import Pleroma.Factory
+
+  setup do
+    Tesla.Mock.mock(fn
+      %{
+        method: :get,
+        url: "http://example.com/ogp"
+      } ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
+
+      %{method: :get, url: "http://example.com/empty"} ->
+        %Tesla.Env{status: 200, body: "hello"}
+    end)
+
+    :ok
+  end
+
+  describe "GET /api/rich_media/parse" do
+    setup do
+      user = insert(:user)
+
+      [user: user]
+    end
+
+    test "returns 404 if not metadata found", %{user: user} do
+      build_conn()
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/rich_media/parse", %{"url" => "http://example.com/empty"})
+      |> json_response(404)
+    end
+
+    test "returns OGP metadata", %{user: user} do
+      response =
+        build_conn()
+        |> with_credentials(user.nickname, "test")
+        |> get("/api/rich_media/parse", %{"url" => "http://example.com/ogp"})
+        |> json_response(200)
+
+      assert response == %{
+               "image" => "http://ia.media-imdb.com/images/rock.jpg",
+               "title" => "The Rock",
+               "type" => "video.movie",
+               "url" => "http://www.imdb.com/title/tt0117500/"
+             }
+    end
+  end
+
+  defp with_credentials(conn, username, password) do
+    header_content = "Basic " <> Base.encode64("#{username}:#{password}")
+    put_req_header(conn, "authorization", header_content)
+  end
+end

test/web/rich_media/parser_test.exs

@@ -0,0 +1,51 @@
+defmodule Pleroma.Web.RichMedia.ParserTest do
+  use ExUnit.Case, async: true
+
+  setup do
+    Tesla.Mock.mock(fn
+      %{
+        method: :get,
+        url: "http://example.com/ogp"
+      } ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
+
+      %{
+        method: :get,
+        url: "http://example.com/twitter-card"
+      } ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/twitter_card.html")}
+
+      %{method: :get, url: "http://example.com/empty"} ->
+        %Tesla.Env{status: 200, body: "hello"}
+    end)
+
+    :ok
+  end
+
+  test "returns error when no metadata present" do
+    assert {:error, _} = Pleroma.Web.RichMedia.Parser.parse("http://example.com/empty")
+  end
+
+  test "parses ogp" do
+    assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp") ==
+             {:ok,
+              %{
+                image: "http://ia.media-imdb.com/images/rock.jpg",
+                title: "The Rock",
+                type: "video.movie",
+                url: "http://www.imdb.com/title/tt0117500/"
+              }}
+  end
+
+  test "parses twitter card" do
+    assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/twitter-card") ==
+             {:ok,
+              %{
+                card: "summary",
+                site: "@flickr",
+                image: "https://farm6.staticflickr.com/5510/14338202952_93595258ff_z.jpg",
+                title: "Small Island Developing States Photo Submission",
+                description: "View the album on Flickr."
+              }}
+  end
+end

test/web/salmon/salmon_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.Salmon.SalmonTest do
   use Pleroma.DataCase
   alias Pleroma.Web.Salmon

test/web/streamer_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.StreamerTest do
   use Pleroma.DataCase
 

test/web/twitter_api/representers/activity_representer_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
   use Pleroma.DataCase
   alias Pleroma.{User, Activity, Object}
@@ -103,7 +107,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
           "published" => date,
           "type" => "Note",
           "content" => content_html,
-          "summary" => "2hu",
+          "summary" => "2hu :2hu:",
           "inReplyToStatusId" => 213_123,
           "attachment" => [
             object
@@ -125,7 +129,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
     }
 
     expected_html =
-      "<p>2hu</p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{
+      "<p>2hu <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /></p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{
         mentioned_user.ap_id
       }\">@shp</a>"
 
@@ -134,7 +138,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
       "user" => UserView.render("show.json", %{user: user, for: follower}),
       "is_local" => false,
       "statusnet_html" => expected_html,
-      "text" => "2hu" <> content,
+      "text" => "2hu :2hu:" <> content,
       "is_post_verb" => true,
       "created_at" => "Tue May 24 13:26:08 +0000 2016",
       "in_reply_to_status_id" => 213_123,
@@ -153,13 +157,16 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do
       "repeat_num" => 3,
       "favorited" => false,
       "repeated" => false,
+      "pinned" => false,
       "external_url" => "some url",
       "tags" => ["nsfw", "content", "mentioning"],
       "activity_type" => "post",
       "possibly_sensitive" => true,
       "uri" => activity.data["object"]["id"],
       "visibility" => "direct",
-      "summary" => "2hu"
+      "summary" => "2hu :2hu:",
+      "summary_html" =>
+        "2hu <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" />"
     }
 
     assert ActivityRepresenter.to_map(activity, %{

test/web/twitter_api/representers/object_representer_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do
   use Pleroma.DataCase
 

test/web/twitter_api/twitter_api_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   use Pleroma.Web.ConnCase
   alias Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter
@@ -108,6 +112,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   end
 
   describe "GET /statuses/public_timeline.json" do
+    setup [:valid_user]
+
     test "returns statuses", %{conn: conn} do
       user = insert(:user)
       activities = ActivityBuilder.insert_list(30, %{}, %{user: user})
@@ -141,14 +147,44 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       Application.put_env(:pleroma, :instance, instance)
     end
 
+    test "returns 200 to authenticated request when the instance is not public",
+         %{conn: conn, user: user} do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
     test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
       conn
       |> get("/api/statuses/public_timeline.json")
       |> json_response(200)
     end
+
+    test "returns 200 to authenticated request when the instance is public",
+         %{conn: conn, user: user} do
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+    end
   end
 
   describe "GET /statuses/public_and_external_timeline.json" do
+    setup [:valid_user]
+
     test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
       instance =
         Application.get_env(:pleroma, :instance)
@@ -167,11 +203,39 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       Application.put_env(:pleroma, :instance, instance)
     end
 
+    test "returns 200 to authenticated request when the instance is not public",
+         %{conn: conn, user: user} do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(200)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
     test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
       conn
       |> get("/api/statuses/public_and_external_timeline.json")
       |> json_response(200)
     end
+
+    test "returns 200 to authenticated request when the instance is public",
+         %{conn: conn, user: user} do
+      conn
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(200)
+    end
   end
 
   describe "GET /statuses/show/:id.json" do
@@ -515,6 +579,34 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       assert length(response) == 1
       assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
     end
+
+    test "with credentials with user_id, excluding RTs", %{conn: conn, user: current_user} do
+      user = insert(:user)
+      {:ok, activity} = ActivityBuilder.insert(%{"id" => 1, "type" => "Create"}, %{user: user})
+      {:ok, _} = ActivityBuilder.insert(%{"id" => 2, "type" => "Announce"}, %{user: user})
+
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> get("/api/statuses/user_timeline.json", %{
+          "user_id" => user.id,
+          "include_rts" => "false"
+        })
+
+      response = json_response(conn, 200)
+
+      assert length(response) == 1
+      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+
+      conn =
+        conn
+        |> get("/api/statuses/user_timeline.json", %{"user_id" => user.id, "include_rts" => "0"})
+
+      response = json_response(conn, 200)
+
+      assert length(response) == 1
+      assert Enum.at(response, 0) == ActivityRepresenter.to_map(activity, %{user: user})
+    end
   end
 
   describe "POST /friendships/create.json" do
@@ -873,6 +965,89 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
   end
 
+  describe "GET /api/account/confirm_email/:id/:token" do
+    setup do
+      user = insert(:user)
+      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+      {:ok, user} =
+        user
+        |> Changeset.change()
+        |> Changeset.put_embed(:info, info_change)
+        |> Repo.update()
+
+      assert user.info.confirmation_pending
+
+      [user: user]
+    end
+
+    test "it redirects to root url", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
+
+      assert 302 == conn.status
+    end
+
+    test "it confirms the user account", %{conn: conn, user: user} do
+      get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
+
+      user = Repo.get(User, user.id)
+
+      refute user.info.confirmation_pending
+      refute user.info.confirmation_token
+    end
+
+    test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
+
+      assert 500 == conn.status
+    end
+
+    test "it returns 500 if token is invalid", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
+
+      assert 500 == conn.status
+    end
+  end
+
+  describe "POST /api/account/resend_confirmation_email" do
+    setup do
+      setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+      unless setting do
+        Pleroma.Config.put([:instance, :account_activation_required], true)
+        on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+      end
+
+      user = insert(:user)
+      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+      {:ok, user} =
+        user
+        |> Changeset.change()
+        |> Changeset.put_embed(:info, info_change)
+        |> Repo.update()
+
+      assert user.info.confirmation_pending
+
+      [user: user]
+    end
+
+    test "it returns 204 No Content", %{conn: conn, user: user} do
+      conn
+      |> assign(:user, user)
+      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+      |> json_response(:no_content)
+    end
+
+    test "it sends confirmation email", %{conn: conn, user: user} do
+      conn
+      |> assign(:user, user)
+      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+
+      Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
+    end
+  end
+
   describe "GET /api/externalprofile/show" do
     test "it returns the user", %{conn: conn} do
       user = insert(:user)
@@ -907,6 +1082,31 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       assert Enum.sort(expected) == Enum.sort(result)
     end
 
+    test "it returns 20 followers per page", %{conn: conn} do
+      user = insert(:user)
+      followers = insert_list(21, :user)
+
+      Enum.each(followers, fn follower ->
+        User.follow(follower, user)
+      end)
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/statuses/followers")
+
+      result = json_response(res_conn, 200)
+      assert length(result) == 20
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/statuses/followers?page=2")
+
+      result = json_response(res_conn, 200)
+      assert length(result) == 1
+    end
+
     test "it returns a given user's followers with user_id", %{conn: conn} do
       user = insert(:user)
       follower_one = insert(:user)
@@ -970,6 +1170,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
   end
 
+  describe "GET /api/statuses/blocks" do
+    test "it returns the list of users blocked by requester", %{conn: conn} do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, user} = User.block(user, other_user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/statuses/blocks")
+
+      expected = UserView.render("index.json", %{users: [other_user], for: user})
+      result = json_response(conn, 200)
+      assert Enum.sort(expected) == Enum.sort(result)
+    end
+  end
+
   describe "GET /api/statuses/friends" do
     test "it returns the logged in user's friends", %{conn: conn} do
       user = insert(:user)
@@ -990,6 +1208,32 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       assert Enum.sort(expected) == Enum.sort(result)
     end
 
+    test "it returns 20 friends per page", %{conn: conn} do
+      user = insert(:user)
+      followeds = insert_list(21, :user)
+
+      {:ok, user} =
+        Enum.reduce(followeds, {:ok, user}, fn followed, {:ok, user} ->
+          User.follow(user, followed)
+        end)
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/statuses/friends")
+
+      result = json_response(res_conn, 200)
+      assert length(result) == 20
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/statuses/friends", %{page: 2})
+
+      result = json_response(res_conn, 200)
+      assert length(result) == 1
+    end
+
     test "it returns a given user's friends with user_id", %{conn: conn} do
       user = insert(:user)
       followed_one = insert(:user)
@@ -1501,4 +1745,79 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       assert object.data["name"] == description
     end
   end
+
+  describe "POST /api/statuses/user_timeline.json?user_id=:user_id&pinned=true" do
+    test "it returns a list of pinned statuses", %{conn: conn} do
+      Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+
+      user = insert(:user, %{name: "egor"})
+      {:ok, %{id: activity_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, _} = CommonAPI.pin(activity_id, user)
+
+      resp =
+        conn
+        |> get("/api/statuses/user_timeline.json", %{user_id: user.id, pinned: true})
+        |> json_response(200)
+
+      assert length(resp) == 1
+      assert [%{"id" => ^activity_id, "pinned" => true}] = resp
+    end
+  end
+
+  describe "POST /api/statuses/pin/:id" do
+    setup do
+      Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+      [user: insert(:user)]
+    end
+
+    test "without valid credentials", %{conn: conn} do
+      note_activity = insert(:note_activity)
+      conn = post(conn, "/api/statuses/pin/#{note_activity.id}.json")
+      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+    end
+
+    test "with credentials", %{conn: conn, user: user} do
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
+
+      request_path = "/api/statuses/pin/#{activity.id}.json"
+
+      response =
+        conn
+        |> with_credentials(user.nickname, "test")
+        |> post(request_path)
+
+      user = refresh_record(user)
+
+      assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: user})
+    end
+  end
+
+  describe "POST /api/statuses/unpin/:id" do
+    setup do
+      Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
+      [user: insert(:user)]
+    end
+
+    test "without valid credentials", %{conn: conn} do
+      note_activity = insert(:note_activity)
+      conn = post(conn, "/api/statuses/unpin/#{note_activity.id}.json")
+      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+    end
+
+    test "with credentials", %{conn: conn, user: user} do
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "test!"})
+      {:ok, activity} = CommonAPI.pin(activity.id, user)
+
+      request_path = "/api/statuses/unpin/#{activity.id}.json"
+
+      response =
+        conn
+        |> with_credentials(user.nickname, "test")
+        |> post(request_path)
+
+      user = refresh_record(user)
+
+      assert json_response(response, 200) == ActivityRepresenter.to_map(activity, %{user: user})
+    end
+  end
 end

test/web/twitter_api/twitter_api_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
   use Pleroma.DataCase
   alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView}
@@ -275,6 +279,31 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
              UserView.render("show.json", %{user: fetched_user})
   end
 
+  @moduletag skip: "needs 'account_activation_required: true' in config"
+  test "it sends confirmation email if :account_activation_required is specified in instance config" do
+    setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+    unless setting do
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+      on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+    end
+
+    data = %{
+      "nickname" => "lain",
+      "email" => "lain@wired.jp",
+      "fullname" => "lain iwakura",
+      "bio" => "",
+      "password" => "bear",
+      "confirm" => "bear"
+    }
+
+    {:ok, user} = TwitterAPI.register_user(data)
+
+    assert user.info.confirmation_pending
+
+    Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
+  end
+
   test "it registers a new user and parses mentions in the bio" do
     data1 = %{
       "nickname" => "john",

test/web/twitter_api/util_controller_test.exs

@@ -0,0 +1,35 @@
+defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  describe "POST /api/pleroma/follow_import" do
+    test "it returns HTTP 200", %{conn: conn} do
+      user1 = insert(:user)
+      user2 = insert(:user)
+
+      response =
+        conn
+        |> assign(:user, user1)
+        |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"})
+        |> json_response(:ok)
+
+      assert response == "job started"
+    end
+  end
+
+  describe "POST /api/pleroma/blocks_import" do
+    test "it returns HTTP 200", %{conn: conn} do
+      user1 = insert(:user)
+      user2 = insert(:user)
+
+      response =
+        conn
+        |> assign(:user, user1)
+        |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"})
+        |> json_response(:ok)
+
+      assert response == "job started"
+    end
+  end
+end

test/web/twitter_api/views/activity_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
   use Pleroma.DataCase
 
@@ -12,8 +16,46 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
   alias Pleroma.Web.ActivityPub.ActivityPub
 
   import Pleroma.Factory
+  import Tesla.Mock
+
+  setup do
+    mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
   import Mock
 
+  test "returns a temporary ap_id based user for activities missing db users" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+
+    Repo.delete(user)
+    Cachex.clear(:user_cache)
+
+    %{"user" => tw_user} = ActivityView.render("activity.json", activity: activity)
+
+    assert tw_user["screen_name"] == "erroruser@example.com"
+    assert tw_user["name"] == user.ap_id
+    assert tw_user["statusnet_profile_url"] == user.ap_id
+  end
+
+  test "tries to get a user by nickname if fetching by ap_id doesn't work" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+
+    {:ok, user} =
+      user
+      |> Ecto.Changeset.change(%{ap_id: "#{user.ap_id}/extension/#{user.nickname}"})
+      |> Repo.update()
+
+    Cachex.clear(:user_cache)
+
+    result = ActivityView.render("activity.json", activity: activity)
+    assert result["user"]["id"] == user.id
+  end
+
   test "a create activity with a html status" do
     text = """
     #Bike log - Commute Tuesday\nhttps://pla.bike/posts/20181211/\n#cycling #CHScycling #commute\nMVIMG_20181211_054020.jpg
@@ -30,6 +72,39 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
              "#Bike log - Commute Tuesday\nhttps://pla.bike/posts/20181211/\n#cycling #CHScycling #commute\nMVIMG_20181211_054020.jpg"
   end
 
+  test "a create activity with a summary containing emoji" do
+    {:ok, activity} =
+      CommonAPI.post(insert(:user), %{
+        "spoiler_text" => ":woollysocks: meow",
+        "status" => "."
+      })
+
+    result = ActivityView.render("activity.json", activity: activity)
+
+    expected = ":woollysocks: meow"
+
+    expected_html =
+      "<img height=\"32px\" width=\"32px\" alt=\"woollysocks\" title=\"woollysocks\" src=\"http://localhost:4001/finmoji/128px/woollysocks-128.png\" /> meow"
+
+    assert result["summary"] == expected
+    assert result["summary_html"] == expected_html
+  end
+
+  test "a create activity with a summary containing invalid HTML" do
+    {:ok, activity} =
+      CommonAPI.post(insert(:user), %{
+        "spoiler_text" => "<span style=\"color: magenta; font-size: 32px;\">meow</span>",
+        "status" => "."
+      })
+
+    result = ActivityView.render("activity.json", activity: activity)
+
+    expected = "meow"
+
+    assert result["summary"] == expected
+    assert result["summary_html"] == expected
+  end
+
   test "a create activity with a note" do
     user = insert(:user)
     other_user = insert(:user, %{nickname: "shp"})
@@ -61,15 +136,17 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
       "possibly_sensitive" => false,
       "repeat_num" => 0,
       "repeated" => false,
+      "pinned" => false,
       "statusnet_conversation_id" => convo_id,
+      "summary" => "",
+      "summary_html" => "",
       "statusnet_html" =>
         "Hey <span><a data-user=\"#{other_user.id}\" href=\"#{other_user.ap_id}\">@<span>shp</span></a></span>!",
       "tags" => [],
       "text" => "Hey @shp!",
       "uri" => activity.data["object"]["id"],
       "user" => UserView.render("show.json", %{user: user}),
-      "visibility" => "direct",
-      "summary" => nil
+      "visibility" => "direct"
     }
 
     assert result == expected
@@ -258,4 +335,18 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
 
     assert result == expected
   end
+
+  test "a peertube video" do
+    {:ok, object} =
+      ActivityPub.fetch_object_from_id(
+        "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3"
+      )
+
+    %Activity{} = activity = Activity.get_create_activity_by_object_ap_id(object.data["id"])
+
+    result = ActivityView.render("activity.json", activity: activity)
+
+    assert length(result["attachments"]) == 1
+    assert result["summary"] == "Friday Night"
+  end
 end

test/web/twitter_api/views/notification_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.NotificationViewTest do
   use Pleroma.DataCase
 

test/web/twitter_api/views/user_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.UserViewTest do
   use Pleroma.DataCase
 
@@ -86,7 +90,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => false,
       "statusnet_blocking" => false,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
@@ -96,7 +101,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     assert represented == UserView.render("show.json", %{user: user})
@@ -128,7 +136,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => false,
       "statusnet_blocking" => false,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
@@ -138,7 +147,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     assert represented == UserView.render("show.json", %{user: user, for: follower})
@@ -171,7 +183,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => true,
       "statusnet_blocking" => false,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => follower.ap_id,
       "cover_photo" => banner,
@@ -181,7 +194,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     assert represented == UserView.render("show.json", %{user: follower, for: user})
@@ -194,6 +210,13 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
     assert represented["rights"]["delete_others_notice"]
   end
 
+  test "a user that is a admin" do
+    user = insert(:user, %{info: %{is_admin: true}})
+    represented = UserView.render("show.json", %{user: user, for: user})
+
+    assert represented["rights"]["admin"]
+  end
+
   test "A blocked user for the blocker" do
     user = insert(:user)
     blocker = insert(:user)
@@ -221,7 +244,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => false,
       "statusnet_blocking" => true,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
@@ -231,7 +255,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     blocker = Repo.get(User, blocker.id)

test/web/views/error_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ErrorViewTest do
   use Pleroma.Web.ConnCase, async: true
 

test/web/web_finger/web_finger_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.WebFinger.WebFingerControllerTest do
   use Pleroma.Web.ConnCase
 

test/web/web_finger/web_finger_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.WebFingerTest do
   use Pleroma.DataCase
   alias Pleroma.Web.WebFinger

test/web/websub/websub_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.Websub.WebsubControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory

test/web/websub/websub_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.WebsubTest do
   use Pleroma.DataCase
   alias Pleroma.Web.Websub