Merge remote-tracking branch 'soapbox/develop' into mastodon-admin-api

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
This commit is contained in:
marcin mikołajczak 2022-02-17 15:28:25 +01:00
commit e4677e212c
18 changed files with 944 additions and 7 deletions

View file

@ -1,8 +1,8 @@
# Soapbox
# Soapbox BE
![Soapbox](https://soapbox.pub/blog/soapbox-fe-v1.2-release/soapbox-fe-1.2-screenshot.png)
![Soapbox BE](https://gitlab.com/soapbox-pub/soapbox-be/uploads/288bc05ba65e60970ffddd37d58f7c21/be-1-0-thumb.png)
**Soapbox** is a federated social media server with a focus on user experience.
**Soapbox BE** is the preferred backend for Soapbox.
It is based on [Pleroma](https://pleroma.social/).
## Your social media server

View file

@ -342,6 +342,36 @@ See [Admin-API](admin_api.md)
* Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
* Note: Currently, Mastodon has no API for changing email. If they add it in future it might be incompatible with Pleroma.
## `/api/pleroma/move_account`
### Move account
* Method `POST`
* Authentication: required
* Params:
* `password`: user's password
* `target_account`: the nickname of the target account (e.g. `foo@example.org`)
* Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
* Note: This endpoint emits a `Move` activity to all followers of the current account. Some remote servers will automatically unfollow the current account and follow the target account upon seeing this, but this depends on the remote server implementation and cannot be guaranteed. For local followers , they will automatically unfollow and follow if and only if they have set the `allow_following_move` preference ("Allow auto-follow when following account moves").
## `/api/pleroma/aliases`
### Get aliases of the current account
* Method `GET`
* Authentication: required
* Response: JSON. Returns `{"aliases": [alias, ...]}`, where `alias` is the nickname of an alias, e.g. `foo@example.org`.
### Add alias to the current account
* Method `PUT`
* Authentication: required
* Params:
* `alias`: the nickname of the alias to add, e.g. `foo@example.org`.
* Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
### Delete alias from the current account
* Method `DELETE`
* Authentication: required
* Params:
* `alias`: the nickname of the alias to delete, e.g. `foo@example.org`.
* Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
# Pleroma Conversations
Pleroma Conversations have the same general structure that Mastodon Conversations have. The behavior differs in the following ways when using these endpoints:

View file

@ -194,12 +194,13 @@ def move_following(origin, target) do
|> join(:inner, [r], f in assoc(r, :follower))
|> where(following_id: ^origin.id)
|> where([r, f], f.allow_following_move == true)
|> where([r, f], f.local == true)
|> limit(50)
|> preload([:follower])
|> Repo.all()
|> Enum.map(fn following_relationship ->
Repo.delete(following_relationship)
Pleroma.Web.CommonAPI.follow(following_relationship.follower, target)
Pleroma.Web.CommonAPI.unfollow(following_relationship.follower, origin)
end)
|> case do
[] ->

View file

@ -2359,6 +2359,38 @@ def change_email(user, email) do
|> update_and_set_cache()
end
def alias_users(user) do
user.also_known_as
|> Enum.map(&User.get_cached_by_ap_id/1)
|> Enum.filter(fn user -> user != nil end)
end
def add_alias(user, new_alias_user) do
current_aliases = user.also_known_as || []
new_alias_ap_id = new_alias_user.ap_id
if new_alias_ap_id in current_aliases do
{:ok, user}
else
user
|> cast(%{also_known_as: current_aliases ++ [new_alias_ap_id]}, [:also_known_as])
|> update_and_set_cache()
end
end
def delete_alias(user, alias_user) do
current_aliases = user.also_known_as || []
alias_ap_id = alias_user.ap_id
if alias_ap_id in current_aliases do
user
|> cast(%{also_known_as: current_aliases -- [alias_ap_id]}, [:also_known_as])
|> update_and_set_cache()
else
{:error, :no_such_alias}
end
end
# Internal function; public one is `set_activation/2`
defp set_activation_status(user, status) do
user

View file

@ -413,7 +413,8 @@ def move(%User{} = origin, %User{} = target, local \\ true) do
"type" => "Move",
"actor" => origin.ap_id,
"object" => origin.ap_id,
"target" => target.ap_id
"target" => target.ap_id,
"to" => [origin.follower_address]
}
with true <- origin.ap_id in target.also_known_as,

View file

@ -141,6 +141,62 @@ defp instance do
type: :string,
format: :uri,
description: "The background image for the website"
},
configuration: %Schema{
type: :object,
description: "Instance configuration",
properties: %{
statuses: %Schema{
type: :object,
description: "A map with poll limits for local statuses",
properties: %{
max_characters: %Schema{
type: :integer,
description: "Posts character limit (CW/Subject included in the counter)"
},
max_media_attachments: %Schema{
type: :integer,
description: "Media attachment limit"
}
}
},
media_attachments: %Schema{
type: :object,
description: "A map with poll limits for media attachments",
properties: %{
image_size_limit: %Schema{
type: :integer,
description: "File size limit of uploaded images"
},
video_size_limit: %Schema{
type: :integer,
description: "File size limit of uploaded videos"
}
}
},
polls: %Schema{
type: :object,
description: "A map with poll limits for local polls",
properties: %{
max_options: %Schema{
type: :integer,
description: "Maximum number of options."
},
max_characters_per_option: %Schema{
type: :integer,
description: "Maximum number of characters per option."
},
min_expiration: %Schema{
type: :integer,
description: "Minimum expiration time (in seconds)."
},
max_expiration: %Schema{
type: :integer,
description: "Maximum expiration time (in seconds)."
}
}
}
}
}
},
example: %{

View file

@ -214,6 +214,146 @@ def captcha_operation do
}
end
def move_account_operation do
%Operation{
tags: ["Account credentials"],
summary: "Move account",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.move_account",
requestBody: request_body("Parameters", move_account_request(), required: true),
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{status: %Schema{type: :string, example: "success"}}
}),
400 => Operation.response("Error", "application/json", ApiError),
403 => Operation.response("Error", "application/json", ApiError),
404 => Operation.response("Error", "application/json", ApiError)
}
}
end
defp move_account_request do
%Schema{
title: "MoveAccountRequest",
description: "POST body for moving the account",
type: :object,
required: [:password, :target_account],
properties: %{
password: %Schema{type: :string, description: "Current password"},
target_account: %Schema{
type: :string,
description: "The nickname of the target account to move to"
}
}
}
end
def list_aliases_operation do
%Operation{
tags: ["Account credentials"],
summary: "List account aliases",
security: [%{"oAuth" => ["read:accounts"]}],
operationId: "UtilController.list_aliases",
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{
aliases: %Schema{
type: :array,
items: %Schema{type: :string},
example: ["foo@example.org"]
}
}
}),
400 => Operation.response("Error", "application/json", ApiError),
403 => Operation.response("Error", "application/json", ApiError)
}
}
end
def add_alias_operation do
%Operation{
tags: ["Account credentials"],
summary: "Add an alias to this account",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.add_alias",
requestBody: request_body("Parameters", add_alias_request(), required: true),
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{
status: %Schema{
type: :string,
example: "success"
}
}
}),
400 => Operation.response("Error", "application/json", ApiError),
403 => Operation.response("Error", "application/json", ApiError),
404 => Operation.response("Error", "application/json", ApiError)
}
}
end
defp add_alias_request do
%Schema{
title: "AddAliasRequest",
description: "PUT body for adding aliases",
type: :object,
required: [:alias],
properties: %{
alias: %Schema{
type: :string,
description: "The nickname of the account to add to aliases"
}
}
}
end
def delete_alias_operation do
%Operation{
tags: ["Account credentials"],
summary: "Delete an alias from this account",
security: [%{"oAuth" => ["write:accounts"]}],
operationId: "UtilController.delete_alias",
requestBody: request_body("Parameters", delete_alias_request(), required: true),
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
type: :object,
properties: %{
status: %Schema{
type: :string,
example: "success"
}
}
}),
400 => Operation.response("Error", "application/json", ApiError),
403 => Operation.response("Error", "application/json", ApiError),
404 => Operation.response("Error", "application/json", ApiError)
}
}
end
defp delete_alias_request do
%Schema{
title: "DeleteAliasRequest",
description: "PUT body for deleting aliases",
type: :object,
required: [:alias],
properties: %{
alias: %Schema{
type: :string,
description: "The nickname of the account to delete from aliases"
}
}
}
end
def healthcheck_operation do
%Operation{
tags: ["Accounts"],

View file

@ -55,6 +55,7 @@ def render("show.json", _) do
stats: %{mau: Pleroma.User.active_user_count()},
vapid_public_key: Keyword.get(Pleroma.Web.Push.vapid_config(), :public_key)
},
configuration: configuration(),
soapbox: %{
version: Soapbox.version()
}
@ -156,4 +157,23 @@ def fields_limits do
value_length: Config.get([:instance, :account_field_value_length])
}
end
def configuration do
%{
statuses: %{
max_characters: Config.get([:instance, :limit]),
max_media_attachments: Config.get([:instance, :max_media_attachments])
},
media_attachments: %{
image_size_limit: Config.get([:instance, :upload_limit]),
video_size_limit: Config.get([:instance, :upload_limit])
},
polls: %{
max_options: Config.get([:instance, :poll_limits, :max_options]),
max_characters_per_option: Config.get([:instance, :poll_limits, :max_option_chars]),
min_expiration: Config.get([:instance, :poll_limits, :min_expiration]),
max_expiration: Config.get([:instance, :poll_limits, :max_expiration])
}
}
end
end

View file

@ -370,6 +370,11 @@ defmodule Pleroma.Web.Router do
post("/delete_account", UtilController, :delete_account)
put("/notification_settings", UtilController, :update_notificaton_settings)
post("/disable_account", UtilController, :disable_account)
post("/move_account", UtilController, :move_account)
put("/aliases", UtilController, :add_alias)
get("/aliases", UtilController, :list_aliases)
delete("/aliases", UtilController, :delete_alias)
end
scope "/api/pleroma", Pleroma.Web.PleromaAPI do

View file

@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Emoji
alias Pleroma.Healthcheck
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.CommonAPI
alias Pleroma.Web.Plugs.OAuthScopesPlug
alias Pleroma.Web.WebFinger
@ -26,7 +27,18 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
:change_password,
:delete_account,
:update_notificaton_settings,
:disable_account
:disable_account,
:move_account,
:add_alias,
:delete_alias
]
)
plug(
OAuthScopesPlug,
%{scopes: ["read:accounts"]}
when action in [
:list_aliases
]
)
@ -158,6 +170,91 @@ def disable_account(%{assigns: %{user: user}} = conn, params) do
end
end
def move_account(%{assigns: %{user: user}, body_params: body_params} = conn, %{}) do
case CommonAPI.Utils.confirm_current_password(user, body_params.password) do
{:ok, user} ->
with {:ok, target_user} <- find_or_fetch_user_by_nickname(body_params.target_account),
{:ok, _user} <- ActivityPub.move(user, target_user) do
json(conn, %{status: "success"})
else
{:not_found, _} ->
conn
|> put_status(404)
|> json(%{error: "Target account not found."})
{:error, error} ->
json(conn, %{error: error})
end
{:error, msg} ->
json(conn, %{error: msg})
end
end
def add_alias(%{assigns: %{user: user}, body_params: body_params} = conn, _) do
with {:ok, alias_user} <- find_user_by_nickname(body_params.alias),
{:ok, _user} <- user |> User.add_alias(alias_user) do
json(conn, %{status: "success"})
else
{:not_found, _} ->
conn
|> put_status(404)
|> json(%{error: "Target account does not exist."})
{:error, error} ->
json(conn, %{error: error})
end
end
def delete_alias(%{assigns: %{user: user}, body_params: body_params} = conn, _) do
with {:ok, alias_user} <- find_user_by_nickname(body_params.alias),
{:ok, _user} <- user |> User.delete_alias(alias_user) do
json(conn, %{status: "success"})
else
{:error, :no_such_alias} ->
conn
|> put_status(404)
|> json(%{error: "Account has no such alias."})
{:error, error} ->
json(conn, %{error: error})
end
end
def list_aliases(%{assigns: %{user: user}} = conn, %{}) do
alias_nicks =
user
|> User.alias_users()
|> Enum.map(&User.full_nickname/1)
json(conn, %{aliases: alias_nicks})
end
defp find_user_by_nickname(nickname) do
user = User.get_cached_by_nickname(nickname)
if user == nil do
{:not_found, nil}
else
{:ok, user}
end
end
defp find_or_fetch_user_by_nickname(nickname) do
user = User.get_by_nickname(nickname)
if user != nil and user.local do
{:ok, user}
else
with {:ok, user} <- User.fetch_by_nickname(nickname) do
{:ok, user}
else
_ ->
{:not_found, nil}
end
end
end
def captcha(conn, _params) do
json(conn, Pleroma.Captcha.new())
end

View file

@ -0,0 +1 @@
<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Subject>acct:mewmew@lm.kazv.moe</Subject><Alias>https://lm.kazv.moe/users/mewmew</Alias><Alias>https://lm.kazv.moe/users/tester</Alias><Alias>https://lm.kazv.moe/users/testuser</Alias><Link href="https://lm.kazv.moe/users/mewmew" rel="http://webfinger.net/rel/profile-page" type="text/html" /><Link href="https://lm.kazv.moe/users/mewmew" rel="self" type="application/activity+json" /><Link href="https://lm.kazv.moe/users/mewmew" rel="self" type="application/ld+json; profile=&quot;https://www.w3.org/ns/activitystreams&quot;" /><Link rel="http://ostatus.org/schema/1.0/subscribe" template="https://lm.kazv.moe/ostatus_subscribe?acct={uri}" /></XRD>

View file

@ -0,0 +1 @@
<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="https://lm.kazv.moe/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>

View file

@ -0,0 +1 @@
{"@context":["https://www.w3.org/ns/activitystreams","https://lm.kazv.moe/schemas/litepub-0.1.jsonld",{"@language":"und"}],"alsoKnownAs":["https://lm.kazv.moe/users/tester","https://lm.kazv.moe/users/testuser"],"attachment":[],"capabilities":{"acceptsChatMessages":true},"discoverable":false,"endpoints":{"oauthAuthorizationEndpoint":"https://lm.kazv.moe/oauth/authorize","oauthRegistrationEndpoint":"https://lm.kazv.moe/api/v1/apps","oauthTokenEndpoint":"https://lm.kazv.moe/oauth/token","sharedInbox":"https://lm.kazv.moe/inbox","uploadMedia":"https://lm.kazv.moe/api/ap/upload_media"},"featured":"https://lm.kazv.moe/users/mewmew/collections/featured","followers":"https://lm.kazv.moe/users/mewmew/followers","following":"https://lm.kazv.moe/users/mewmew/following","id":"https://lm.kazv.moe/users/mewmew","inbox":"https://lm.kazv.moe/users/mewmew/inbox","manuallyApprovesFollowers":false,"name":"mew","outbox":"https://lm.kazv.moe/users/mewmew/outbox","preferredUsername":"mewmew","publicKey":{"id":"https://lm.kazv.moe/users/mewmew#main-key","owner":"https://lm.kazv.moe/users/mewmew","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nT3IVUwx799FSJyJEOY\n5D2c5zgtt2Z+BD9417eVLmVQF5fJlWgcKS4pbFc76zkYoBkZtV7XbzvN9KTNulpa\nUGNOM0/UdEoQLB8xbVCMm0ABUU8vbTWoMTxp93bfVHBz+33FPYdH1JHX4TCU/mJF\nX4UJMvFmMn5BFjSQm9GG6Eq2j6SAUsaTa8+Rrd8FzS6zb/dk3N/Llz0tfsZYS0sq\nEy9OYhsKOQ6eegULFJOF3Hz04vzwftmeXFsbb3aO2zKz3uAMYZglWHNBYJAePBtJ\ng362kqdJwgT14TFnZ0K2ziDPbkRULG1Kke/lsqw2rPF6Q6P4PeO1shCEDthoDoID\newIDAQAB\n-----END PUBLIC KEY-----\n\n"},"summary":"","tag":[],"type":"Person","url":"https://lm.kazv.moe/users/mewmew"}

View file

@ -2613,4 +2613,80 @@ test "it doesn't pin users you do not follow" do
refute User.endorses?(user, pinned_user)
end
end
describe "add_alias/2" do
test "should add alias for another user" do
user = insert(:user)
user2 = insert(:user)
assert {:ok, user_updated} = user |> User.add_alias(user2)
assert user_updated.also_known_as |> length() == 1
assert user2.ap_id in user_updated.also_known_as
end
test "should add multiple aliases" do
user = insert(:user)
user2 = insert(:user)
user3 = insert(:user)
assert {:ok, user} = user |> User.add_alias(user2)
assert {:ok, user_updated} = user |> User.add_alias(user3)
assert user_updated.also_known_as |> length() == 2
assert user2.ap_id in user_updated.also_known_as
assert user3.ap_id in user_updated.also_known_as
end
test "should not add duplicate aliases" do
user = insert(:user)
user2 = insert(:user)
assert {:ok, user} = user |> User.add_alias(user2)
assert {:ok, user_updated} = user |> User.add_alias(user2)
assert user_updated.also_known_as |> length() == 1
assert user2.ap_id in user_updated.also_known_as
end
end
describe "alias_users/1" do
test "should get aliases for a user" do
user = insert(:user)
user2 = insert(:user, also_known_as: [user.ap_id])
aliases = user2 |> User.alias_users()
assert aliases |> length() == 1
alias_user = aliases |> Enum.at(0)
assert alias_user.ap_id == user.ap_id
end
end
describe "delete_alias/2" do
test "should delete existing alias" do
user = insert(:user)
user2 = insert(:user, also_known_as: [user.ap_id])
assert {:ok, user_updated} = user2 |> User.delete_alias(user)
assert user_updated.also_known_as == []
end
test "should report error on non-existing alias" do
user = insert(:user)
user2 = insert(:user)
user3 = insert(:user, also_known_as: [user.ap_id])
assert {:error, :no_such_alias} = user3 |> User.delete_alias(user2)
user3_updated = User.get_cached_by_ap_id(user3.ap_id)
assert user3_updated.also_known_as |> length() == 1
assert user.ap_id in user3_updated.also_known_as
end
end
end

View file

@ -1836,9 +1836,12 @@ test "create" do
"target" => ^new_ap_id,
"type" => "Move"
},
local: true
local: true,
recipients: recipients
} = activity
assert old_user.follower_address in recipients
params = %{
"op" => "move_following",
"origin_id" => old_user.id,
@ -1869,6 +1872,42 @@ test "old user must be in the new user's `also_known_as` list" do
assert {:error, "Target account must have the origin in `alsoKnownAs`"} =
ActivityPub.move(old_user, new_user)
end
test "do not move remote user following relationships" do
%{ap_id: old_ap_id} = old_user = insert(:user)
%{ap_id: new_ap_id} = new_user = insert(:user, also_known_as: [old_ap_id])
follower_remote = insert(:user, local: false)
User.follow(follower_remote, old_user)
assert User.following?(follower_remote, old_user)
assert {:ok, activity} = ActivityPub.move(old_user, new_user)
assert %Activity{
actor: ^old_ap_id,
data: %{
"actor" => ^old_ap_id,
"object" => ^old_ap_id,
"target" => ^new_ap_id,
"type" => "Move"
},
local: true
} = activity
params = %{
"op" => "move_following",
"origin_id" => old_user.id,
"target_id" => new_user.id
}
assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)
Pleroma.Workers.BackgroundWorker.perform(%Oban.Job{args: params})
assert User.following?(follower_remote, old_user)
refute User.following?(follower_remote, new_user)
end
end
test "doesn't retrieve replies activities with exclude_replies" do

View file

@ -108,4 +108,14 @@ test "get instance rules", %{conn: conn} do
assert length(rules) == 3
end
test "get instance configuration", %{conn: conn} do
clear_config([:instance, :limit], 476)
conn = get(conn, "/api/v1/instance")
assert result = json_response_and_validate_schema(conn, 200)
assert result["configuration"]["statuses"]["max_characters"] == 476
end
end

View file

@ -516,4 +516,371 @@ test "with proper permissions and valid password (JSON body)", %{conn: conn, use
assert user.password_hash == nil
end
end
describe "POST /api/pleroma/move_account" do
setup do: oauth_access(["write:accounts"])
test "without permissions", %{conn: conn} do
target_user = insert(:user)
target_nick = target_user |> User.full_nickname()
conn =
conn
|> assign(:token, nil)
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "hi",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
}
end
test "with proper permissions and invalid password", %{conn: conn} do
target_user = insert(:user)
target_nick = target_user |> User.full_nickname()
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "hi",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."}
end
test "with proper permissions, valid password and target account does not alias this",
%{
conn: conn
} do
target_user = insert(:user)
target_nick = target_user |> User.full_nickname()
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "test",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Target account must have the origin in `alsoKnownAs`"
}
end
test "with proper permissions, valid password and target account does not exist",
%{
conn: conn
} do
target_nick = "not_found@mastodon.social"
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "test",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 404) == %{
"error" => "Target account not found."
}
end
test "with proper permissions, valid password, remote target account aliases this and local cache does not exist",
%{} do
user = insert(:user, ap_id: "https://lm.kazv.moe/users/testuser")
%{user: _user, conn: conn} = oauth_access(["write:accounts"], user: user)
target_nick = "mewmew@lm.kazv.moe"
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "test",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
end
test "with proper permissions, valid password, remote target account aliases this and local cache does not alias this",
%{} do
user = insert(:user, ap_id: "https://lm.kazv.moe/users/testuser")
%{user: _user, conn: conn} = oauth_access(["write:accounts"], user: user)
target_user =
insert(
:user,
ap_id: "https://lm.kazv.moe/users/mewmew",
nickname: "mewmew@lm.kazv.moe",
local: false
)
target_nick = target_user |> User.full_nickname()
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "test",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
end
test "with proper permissions, valid password, remote target account does not alias this and local cache aliases this",
%{
user: user,
conn: conn
} do
target_user =
insert(
:user,
ap_id: "https://lm.kazv.moe/users/mewmew",
nickname: "mewmew@lm.kazv.moe",
local: false,
also_known_as: [user.ap_id]
)
target_nick = target_user |> User.full_nickname()
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/pleroma/move_account", %{
"password" => "test",
"target_account" => target_nick
})
assert json_response_and_validate_schema(conn, 200) == %{
"error" => "Target account must have the origin in `alsoKnownAs`"
}
end
test "with proper permissions, valid password and target account aliases this", %{
conn: conn,
user: user
} do
target_user = insert(:user, also_known_as: [user.ap_id])
target_nick = target_user |> User.full_nickname()
follower = insert(:user)
User.follow(follower, user)
assert User.following?(follower, user)
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post(
"/api/pleroma/move_account",
%{
password: "test",
target_account: target_nick
}
)
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
params = %{
"op" => "move_following",
"origin_id" => user.id,
"target_id" => target_user.id
}
assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)
Pleroma.Workers.BackgroundWorker.perform(%Oban.Job{args: params})
refute User.following?(follower, user)
assert User.following?(follower, target_user)
end
test "prefix nickname by @ should work", %{
conn: conn,
user: user
} do
target_user = insert(:user, also_known_as: [user.ap_id])
target_nick = target_user |> User.full_nickname()
follower = insert(:user)
User.follow(follower, user)
assert User.following?(follower, user)
conn =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post(
"/api/pleroma/move_account",
%{
password: "test",
target_account: "@" <> target_nick
}
)
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
params = %{
"op" => "move_following",
"origin_id" => user.id,
"target_id" => target_user.id
}
assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)
Pleroma.Workers.BackgroundWorker.perform(%Oban.Job{args: params})
refute User.following?(follower, user)
assert User.following?(follower, target_user)
end
end
describe "GET /api/pleroma/aliases" do
setup do: oauth_access(["read:accounts"])
test "without permissions", %{conn: conn} do
conn =
conn
|> assign(:token, nil)
|> get("/api/pleroma/aliases")
assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: read:accounts."
}
end
test "with permissions", %{
conn: conn
} do
assert %{"aliases" => []} =
conn
|> get("/api/pleroma/aliases")
|> json_response_and_validate_schema(200)
end
test "with permissions and aliases", %{} do
user = insert(:user)
user2 = insert(:user)
assert {:ok, user} = user |> User.add_alias(user2)
%{user: _user, conn: conn} = oauth_access(["read:accounts"], user: user)
assert %{"aliases" => aliases} =
conn
|> get("/api/pleroma/aliases")
|> json_response_and_validate_schema(200)
assert aliases == [user2 |> User.full_nickname()]
end
end
describe "PUT /api/pleroma/aliases" do
setup do: oauth_access(["write:accounts"])
test "without permissions", %{conn: conn} do
conn =
conn
|> assign(:token, nil)
|> put_req_header("content-type", "application/json")
|> put("/api/pleroma/aliases", %{alias: "none"})
assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
}
end
test "with permissions, no alias param", %{
conn: conn
} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> put("/api/pleroma/aliases", %{})
assert %{"error" => "Missing field: alias."} = json_response_and_validate_schema(conn, 400)
end
test "with permissions, with alias param", %{
conn: conn
} do
user2 = insert(:user)
conn =
conn
|> put_req_header("content-type", "application/json")
|> put("/api/pleroma/aliases", %{alias: user2 |> User.full_nickname()})
assert json_response_and_validate_schema(conn, 200) == %{
"status" => "success"
}
end
end
describe "DELETE /api/pleroma/aliases" do
setup do
alias_user = insert(:user)
non_alias_user = insert(:user)
user = insert(:user, also_known_as: [alias_user.ap_id])
oauth_access(["write:accounts"], user: user)
|> Map.put(:alias_user, alias_user)
|> Map.put(:non_alias_user, non_alias_user)
end
test "without permissions", %{conn: conn} do
conn =
conn
|> assign(:token, nil)
|> put_req_header("content-type", "application/json")
|> delete("/api/pleroma/aliases", %{alias: "none"})
assert json_response_and_validate_schema(conn, 403) == %{
"error" => "Insufficient permissions: write:accounts."
}
end
test "with permissions, no alias param", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> delete("/api/pleroma/aliases", %{})
assert %{"error" => "Missing field: alias."} = json_response_and_validate_schema(conn, 400)
end
test "with permissions, account does not have such alias", %{
conn: conn,
non_alias_user: non_alias_user
} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> delete("/api/pleroma/aliases", %{alias: non_alias_user |> User.full_nickname()})
assert %{"error" => "Account has no such alias."} =
json_response_and_validate_schema(conn, 404)
end
test "with permissions, account does have such alias", %{
conn: conn,
alias_user: alias_user
} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> delete("/api/pleroma/aliases", %{alias: alias_user |> User.full_nickname()})
assert %{"status" => "success"} = json_response_and_validate_schema(conn, 200)
end
end
end

View file

@ -725,6 +725,15 @@ def get(
}}
end
def get(
"https://mastodon.social/.well-known/webfinger?resource=acct:not_found@mastodon.social",
_,
_,
[{"accept", "application/xrd+xml,application/jrd+json"}]
) do
{:ok, %Tesla.Env{status: 404}}
end
def get("http://gs.example.org/.well-known/host-meta", _, _, _) do
{:ok,
%Tesla.Env{
@ -1124,6 +1133,57 @@ def get(
}}
end
def get("http://lm.kazv.moe/.well-known/host-meta", _, _, _) do
{:ok,
%Tesla.Env{
status: 200,
body: File.read!("test/fixtures/tesla_mock/lm.kazv.moe_host_meta")
}}
end
def get("https://lm.kazv.moe/.well-known/host-meta", _, _, _) do
{:ok,
%Tesla.Env{
status: 200,
body: File.read!("test/fixtures/tesla_mock/lm.kazv.moe_host_meta")
}}
end
def get(
"https://lm.kazv.moe/.well-known/webfinger?resource=acct:mewmew@lm.kazv.moe",
_,
_,
[{"accept", "application/xrd+xml,application/jrd+json"}]
) do
{:ok,
%Tesla.Env{
status: 200,
body: File.read!("test/fixtures/tesla_mock/https___lm.kazv.moe_users_mewmew.xml"),
headers: [{"content-type", "application/xrd+xml"}]
}}
end
def get("https://lm.kazv.moe/users/mewmew", _, _, _) do
{:ok,
%Tesla.Env{
status: 200,
body: File.read!("test/fixtures/tesla_mock/mewmew@lm.kazv.moe.json"),
headers: activitypub_object_headers()
}}
end
def get("https://lm.kazv.moe/users/mewmew/collections/featured", _, _, _) do
{:ok,
%Tesla.Env{
status: 200,
body:
File.read!("test/fixtures/users_mock/masto_featured.json")
|> String.replace("{{domain}}", "lm.kazv.moe")
|> String.replace("{{nickname}}", "mewmew"),
headers: [{"content-type", "application/activity+json"}]
}}
end
def get("https://info.pleroma.site/activity.json", _, _, [
{"accept", "application/activity+json"}
]) do