@@ -8,22 +8,89 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do | |||
import Pleroma.Web.ControllerHelper, | |||
only: [add_link_headers: 2, truthy_param?: 1, assign_account_by_id: 2, json_response: 3] | |||
alias Pleroma.Plugs.RateLimiter | |||
alias Pleroma.User | |||
alias Pleroma.Web.CommonAPI | |||
alias Pleroma.Web.ActivityPub.ActivityPub | |||
alias Pleroma.Web.MastodonAPI.StatusView | |||
alias Pleroma.Web.MastodonAPI.MastodonAPI | |||
alias Pleroma.Web.CommonAPI | |||
alias Pleroma.Web.MastodonAPI.ListView | |||
alias Pleroma.Plugs.RateLimiter | |||
alias Pleroma.Web.MastodonAPI.MastodonAPI | |||
alias Pleroma.Web.MastodonAPI.StatusView | |||
alias Pleroma.Web.OAuth.Token | |||
alias Pleroma.Web.TwitterAPI.TwitterAPI | |||
@relations ~w(follow unfollow)a | |||
@relations [:follow, :unfollow] | |||
@needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a | |||
plug(RateLimiter, {:relations_id_action, params: ["id", "uri"]} when action in @relations) | |||
plug(RateLimiter, :relations_actions when action in @relations) | |||
plug(:assign_account_by_id when action not in [:show, :statuses]) | |||
plug(RateLimiter, :app_account_creation when action == :create) | |||
plug(:assign_account_by_id when action in @needs_account) | |||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) | |||
@doc "POST /api/v1/accounts" | |||
def create( | |||
%{assigns: %{app: app}} = conn, | |||
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params | |||
) do | |||
params = | |||
params | |||
|> Map.take([ | |||
"email", | |||
"captcha_solution", | |||
"captcha_token", | |||
"captcha_answer_data", | |||
"token", | |||
"password" | |||
]) | |||
|> Map.put("nickname", nickname) | |||
|> Map.put("fullname", params["fullname"] || nickname) | |||
|> Map.put("bio", params["bio"] || "") | |||
|> Map.put("confirm", params["password"]) | |||
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true), | |||
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do | |||
json(conn, %{ | |||
token_type: "Bearer", | |||
access_token: token.token, | |||
scope: app.scopes, | |||
created_at: Token.Utils.format_created_at(token) | |||
}) | |||
else | |||
{:error, errors} -> json_response(conn, :bad_request, errors) | |||
end | |||
end | |||
def create(%{assigns: %{app: _app}} = conn, _) do | |||
render_error(conn, :bad_request, "Missing parameters") | |||
end | |||
def create(conn, _) do | |||
render_error(conn, :forbidden, "Invalid credentials") | |||
end | |||
@doc "GET /api/v1/accounts/verify_credentials" | |||
def verify_credentials(%{assigns: %{user: user}} = conn, _) do | |||
chat_token = Phoenix.Token.sign(conn, "user socket", user.id) | |||
render(conn, "show.json", | |||
user: user, | |||
for: user, | |||
with_pleroma_settings: true, | |||
with_chat_token: chat_token | |||
) | |||
end | |||
@doc "GET /api/v1/accounts/relationships" | |||
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do | |||
targets = User.get_all_by_ids(List.wrap(id)) | |||
render(conn, "relationships.json", user: user, targets: targets) | |||
end | |||
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array. | |||
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, []) | |||
@doc "GET /api/v1/accounts/:id" | |||
def show(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do | |||
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user), | |||
@@ -35,8 +35,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
require Logger | |||
plug(RateLimiter, :app_account_creation when action == :account_register) | |||
plug(RateLimiter, :search when action in [:search, :search2, :account_search]) | |||
plug(RateLimiter, :password_reset when action == :password_reset) | |||
@local_mastodon_name "Mastodon-Local" | |||
@@ -164,20 +162,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
end | |||
end | |||
def verify_credentials(%{assigns: %{user: user}} = conn, _) do | |||
chat_token = Phoenix.Token.sign(conn, "user socket", user.id) | |||
account = | |||
AccountView.render("show.json", %{ | |||
user: user, | |||
for: user, | |||
with_pleroma_settings: true, | |||
with_chat_token: chat_token | |||
}) | |||
json(conn, account) | |||
end | |||
def verify_app_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do | |||
with %Token{app: %App{} = app} <- Repo.preload(token, :app) do | |||
conn | |||
@@ -288,17 +272,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
end | |||
end | |||
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do | |||
targets = User.get_all_by_ids(List.wrap(id)) | |||
conn | |||
|> put_view(AccountView) | |||
|> render("relationships.json", %{user: user, targets: targets}) | |||
end | |||
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array. | |||
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, []) | |||
def update_media( | |||
%{assigns: %{user: user}} = conn, | |||
%{"id" => id, "description" => description} = _ | |||
@@ -649,49 +622,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
end | |||
end | |||
def account_register( | |||
%{assigns: %{app: app}} = conn, | |||
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params | |||
) do | |||
params = | |||
params | |||
|> Map.take([ | |||
"email", | |||
"captcha_solution", | |||
"captcha_token", | |||
"captcha_answer_data", | |||
"token", | |||
"password" | |||
]) | |||
|> Map.put("nickname", nickname) | |||
|> Map.put("fullname", params["fullname"] || nickname) | |||
|> Map.put("bio", params["bio"] || "") | |||
|> Map.put("confirm", params["password"]) | |||
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true), | |||
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do | |||
json(conn, %{ | |||
token_type: "Bearer", | |||
access_token: token.token, | |||
scope: app.scopes, | |||
created_at: Token.Utils.format_created_at(token) | |||
}) | |||
else | |||
{:error, errors} -> | |||
conn | |||
|> put_status(:bad_request) | |||
|> json(errors) | |||
end | |||
end | |||
def account_register(%{assigns: %{app: _app}} = conn, _) do | |||
render_error(conn, :bad_request, "Missing parameters") | |||
end | |||
def account_register(conn, _) do | |||
render_error(conn, :forbidden, "Invalid credentials") | |||
end | |||
def password_reset(conn, params) do | |||
nickname_or_email = params["email"] || params["nickname"] | |||
@@ -335,9 +335,9 @@ defmodule Pleroma.Web.Router do | |||
scope [] do | |||
pipe_through(:oauth_read) | |||
get("/accounts/verify_credentials", MastodonAPIController, :verify_credentials) | |||
get("/accounts/verify_credentials", AccountController, :verify_credentials) | |||
get("/accounts/relationships", MastodonAPIController, :relationships) | |||
get("/accounts/relationships", AccountController, :relationships) | |||
get("/accounts/:id/lists", AccountController, :lists) | |||
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array) | |||
@@ -459,7 +459,7 @@ defmodule Pleroma.Web.Router do | |||
scope "/api/v1", Pleroma.Web.MastodonAPI do | |||
pipe_through(:api) | |||
post("/accounts", MastodonAPIController, :account_register) | |||
post("/accounts", AccountController, :create) | |||
get("/instance", MastodonAPIController, :masto_instance) | |||
get("/instance/peers", MastodonAPIController, :peers) | |||
@@ -5,9 +5,11 @@ | |||
defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do | |||
use Pleroma.Web.ConnCase | |||
alias Pleroma.Repo | |||
alias Pleroma.User | |||
alias Pleroma.Web.ActivityPub.ActivityPub | |||
alias Pleroma.Web.CommonAPI | |||
alias Pleroma.Web.OAuth.Token | |||
import Pleroma.Factory | |||
@@ -595,4 +597,256 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do | |||
assert %{"id" => _id, "blocking" => false} = json_response(conn, 200) | |||
end | |||
describe "create account by app" do | |||
setup do | |||
valid_params = %{ | |||
username: "lain", | |||
email: "lain@example.org", | |||
password: "PlzDontHackLain", | |||
agreement: true | |||
} | |||
[valid_params: valid_params] | |||
end | |||
test "Account registration via Application", %{conn: conn} do | |||
conn = | |||
conn | |||
|> post("/api/v1/apps", %{ | |||
client_name: "client_name", | |||
redirect_uris: "urn:ietf:wg:oauth:2.0:oob", | |||
scopes: "read, write, follow" | |||
}) | |||
%{ | |||
"client_id" => client_id, | |||
"client_secret" => client_secret, | |||
"id" => _, | |||
"name" => "client_name", | |||
"redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", | |||
"vapid_key" => _, | |||
"website" => nil | |||
} = json_response(conn, 200) | |||
conn = | |||
conn | |||
|> post("/oauth/token", %{ | |||
grant_type: "client_credentials", | |||
client_id: client_id, | |||
client_secret: client_secret | |||
}) | |||
assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = | |||
json_response(conn, 200) | |||
assert token | |||
token_from_db = Repo.get_by(Token, token: token) | |||
assert token_from_db | |||
assert refresh | |||
assert scope == "read write follow" | |||
conn = | |||
build_conn() | |||
|> put_req_header("authorization", "Bearer " <> token) | |||
|> post("/api/v1/accounts", %{ | |||
username: "lain", | |||
email: "lain@example.org", | |||
password: "PlzDontHackLain", | |||
bio: "Test Bio", | |||
agreement: true | |||
}) | |||
%{ | |||
"access_token" => token, | |||
"created_at" => _created_at, | |||
"scope" => _scope, | |||
"token_type" => "Bearer" | |||
} = json_response(conn, 200) | |||
token_from_db = Repo.get_by(Token, token: token) | |||
assert token_from_db | |||
token_from_db = Repo.preload(token_from_db, :user) | |||
assert token_from_db.user | |||
assert token_from_db.user.info.confirmation_pending | |||
end | |||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do | |||
_user = insert(:user, email: "lain@example.org") | |||
app_token = insert(:oauth_token, user: nil) | |||
conn = | |||
conn | |||
|> put_req_header("authorization", "Bearer " <> app_token.token) | |||
res = post(conn, "/api/v1/accounts", valid_params) | |||
assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"} | |||
end | |||
test "rate limit", %{conn: conn} do | |||
app_token = insert(:oauth_token, user: nil) | |||
conn = | |||
put_req_header(conn, "authorization", "Bearer " <> app_token.token) | |||
|> Map.put(:remote_ip, {15, 15, 15, 15}) | |||
for i <- 1..5 do | |||
conn = | |||
conn | |||
|> post("/api/v1/accounts", %{ | |||
username: "#{i}lain", | |||
email: "#{i}lain@example.org", | |||
password: "PlzDontHackLain", | |||
agreement: true | |||
}) | |||
%{ | |||
"access_token" => token, | |||
"created_at" => _created_at, | |||
"scope" => _scope, | |||
"token_type" => "Bearer" | |||
} = json_response(conn, 200) | |||
token_from_db = Repo.get_by(Token, token: token) | |||
assert token_from_db | |||
token_from_db = Repo.preload(token_from_db, :user) | |||
assert token_from_db.user | |||
assert token_from_db.user.info.confirmation_pending | |||
end | |||
conn = | |||
conn | |||
|> post("/api/v1/accounts", %{ | |||
username: "6lain", | |||
email: "6lain@example.org", | |||
password: "PlzDontHackLain", | |||
agreement: true | |||
}) | |||
assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"} | |||
end | |||
test "returns bad_request if missing required params", %{ | |||
conn: conn, | |||
valid_params: valid_params | |||
} do | |||
app_token = insert(:oauth_token, user: nil) | |||
conn = | |||
conn | |||
|> put_req_header("authorization", "Bearer " <> app_token.token) | |||
res = post(conn, "/api/v1/accounts", valid_params) | |||
assert json_response(res, 200) | |||
[{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}] | |||
|> Stream.zip(valid_params) | |||
|> Enum.each(fn {ip, {attr, _}} -> | |||
res = | |||
conn | |||
|> Map.put(:remote_ip, ip) | |||
|> post("/api/v1/accounts", Map.delete(valid_params, attr)) | |||
|> json_response(400) | |||
assert res == %{"error" => "Missing parameters"} | |||
end) | |||
end | |||
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do | |||
conn = | |||
conn | |||
|> put_req_header("authorization", "Bearer " <> "invalid-token") | |||
res = post(conn, "/api/v1/accounts", valid_params) | |||
assert json_response(res, 403) == %{"error" => "Invalid credentials"} | |||
end | |||
end | |||
describe "GET /api/v1/accounts/:id/lists - account_lists" do | |||
test "returns lists to which the account belongs", %{conn: conn} do | |||
user = insert(:user) | |||
other_user = insert(:user) | |||
assert {:ok, %Pleroma.List{} = list} = Pleroma.List.create("Test List", user) | |||
{:ok, %{following: _following}} = Pleroma.List.follow(list, other_user) | |||
res = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/#{other_user.id}/lists") | |||
|> json_response(200) | |||
assert res == [%{"id" => to_string(list.id), "title" => "Test List"}] | |||
end | |||
end | |||
describe "verify_credentials" do | |||
test "verify_credentials", %{conn: conn} do | |||
user = insert(:user) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/verify_credentials") | |||
response = json_response(conn, 200) | |||
assert %{"id" => id, "source" => %{"privacy" => "public"}} = response | |||
assert response["pleroma"]["chat_token"] | |||
assert id == to_string(user.id) | |||
end | |||
test "verify_credentials default scope unlisted", %{conn: conn} do | |||
user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}}) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/verify_credentials") | |||
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) | |||
assert id == to_string(user.id) | |||
end | |||
test "locked accounts", %{conn: conn} do | |||
user = insert(:user, %{info: %User.Info{default_scope: "private"}}) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/verify_credentials") | |||
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) | |||
assert id == to_string(user.id) | |||
end | |||
end | |||
describe "user relationships" do | |||
test "returns the relationships for the current user", %{conn: conn} do | |||
user = insert(:user) | |||
other_user = insert(:user) | |||
{:ok, user} = User.follow(user, other_user) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]}) | |||
assert [relationship] = json_response(conn, 200) | |||
assert to_string(other_user.id) == relationship["id"] | |||
end | |||
test "returns an empty list on a bad request", %{conn: conn} do | |||
user = insert(:user) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/relationships", %{}) | |||
assert [] = json_response(conn, 200) | |||
end | |||
end | |||
end |
@@ -15,7 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
alias Pleroma.Web.ActivityPub.ActivityPub | |||
alias Pleroma.Web.CommonAPI | |||
alias Pleroma.Web.OAuth.App | |||
alias Pleroma.Web.OAuth.Token | |||
alias Pleroma.Web.Push | |||
import ExUnit.CaptureLog | |||
@@ -31,33 +30,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
clear_config([:instance, :public]) | |||
clear_config([:rich_media, :enabled]) | |||
test "verify_credentials", %{conn: conn} do | |||
user = insert(:user) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/verify_credentials") | |||
response = json_response(conn, 200) | |||
assert %{"id" => id, "source" => %{"privacy" => "public"}} = response | |||
assert response["pleroma"]["chat_token"] | |||
assert id == to_string(user.id) | |||
end | |||
test "verify_credentials default scope unlisted", %{conn: conn} do | |||
user = insert(:user, %{info: %User.Info{default_scope: "unlisted"}}) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/verify_credentials") | |||
assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) | |||
assert id == to_string(user.id) | |||
end | |||
test "apps/verify_credentials", %{conn: conn} do | |||
token = insert(:oauth_token) | |||
@@ -105,34 +77,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
assert expected == json_response(conn, 200) | |||
end | |||
describe "user relationships" do | |||
test "returns the relationships for the current user", %{conn: conn} do | |||
user = insert(:user) | |||
other_user = insert(:user) | |||
{:ok, user} = User.follow(user, other_user) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/relationships", %{"id" => [other_user.id]}) | |||
assert [relationship] = json_response(conn, 200) | |||
assert to_string(other_user.id) == relationship["id"] | |||
end | |||
test "returns an empty list on a bad request", %{conn: conn} do | |||
user = insert(:user) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/relationships", %{}) | |||
assert [] = json_response(conn, 200) | |||
end | |||
end | |||
describe "media upload" do | |||
setup do | |||
user = insert(:user) | |||
@@ -170,20 +114,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
end | |||
end | |||
describe "locked accounts" do | |||
test "verify_credentials", %{conn: conn} do | |||
user = insert(:user, %{info: %User.Info{default_scope: "private"}}) | |||
conn = | |||
conn | |||
|> assign(:user, user) | |||
|> get("/api/v1/accounts/verify_credentials") | |||
assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) | |||
assert id == to_string(user.id) | |||
end | |||
end | |||
describe "/api/v1/pleroma/mascot" do | |||
test "mascot upload", %{conn: conn} do | |||
user = insert(:user) | |||
@@ -555,172 +485,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
end | |||
end | |||
describe "create account by app" do | |||
setup do | |||
valid_params = %{ | |||
username: "lain", | |||
email: "lain@example.org", | |||
password: "PlzDontHackLain", | |||
agreement: true | |||
} | |||
[valid_params: valid_params] | |||
end | |||
test "Account registration via Application", %{conn: conn} do | |||
conn = | |||
conn | |||
|> post("/api/v1/apps", %{ | |||
client_name: "client_name", | |||
redirect_uris: "urn:ietf:wg:oauth:2.0:oob", | |||
scopes: "read, write, follow" | |||
}) | |||
%{ | |||
"client_id" => client_id, | |||
"client_secret" => client_secret, | |||
"id" => _, | |||
"name" => "client_name", | |||
"redirect_uri" => "urn:ietf:wg:oauth:2.0:oob", | |||
"vapid_key" => _, | |||
"website" => nil | |||
} = json_response(conn, 200) | |||
conn = | |||
conn | |||
|> post("/oauth/token", %{ | |||
grant_type: "client_credentials", | |||
client_id: client_id, | |||
client_secret: client_secret | |||
}) | |||
assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} = | |||
json_response(conn, 200) | |||
assert token | |||
token_from_db = Repo.get_by(Token, token: token) | |||
assert token_from_db | |||
assert refresh | |||
assert scope == "read write follow" | |||
conn = | |||
build_conn() | |||
|> put_req_header("authorization", "Bearer " <> token) | |||
|> post("/api/v1/accounts", %{ | |||
username: "lain", | |||
email: "lain@example.org", | |||
password: "PlzDontHackLain", | |||
bio: "Test Bio", | |||
agreement: true | |||
}) | |||
%{ | |||
"access_token" => token, | |||
"created_at" => _created_at, | |||
"scope" => _scope, | |||
"token_type" => "Bearer" | |||
} = json_response(conn, 200) | |||
token_from_db = Repo.get_by(Token, token: token) | |||
assert token_from_db | |||
token_from_db = Repo.preload(token_from_db, :user) | |||
assert token_from_db.user | |||
assert token_from_db.user.info.confirmation_pending | |||
end | |||
test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do | |||
_user = insert(:user, email: "lain@example.org") | |||
app_token = insert(:oauth_token, user: nil) | |||
conn = | |||
conn | |||
|> put_req_header("authorization", "Bearer " <> app_token.token) | |||
res = post(conn, "/api/v1/accounts", valid_params) | |||
assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"} | |||
end | |||
test "rate limit", %{conn: conn} do | |||
app_token = insert(:oauth_token, user: nil) | |||
conn = | |||
put_req_header(conn, "authorization", "Bearer " <> app_token.token) | |||
|> Map.put(:remote_ip, {15, 15, 15, 15}) | |||
for i <- 1..5 do | |||
conn = | |||
conn | |||
|> post("/api/v1/accounts", %{ | |||
username: "#{i}lain", | |||
email: "#{i}lain@example.org", | |||
password: "PlzDontHackLain", | |||
agreement: true | |||
}) | |||
%{ | |||
"access_token" => token, | |||
"created_at" => _created_at, | |||
"scope" => _scope, | |||
"token_type" => "Bearer" | |||
} = json_response(conn, 200) | |||
token_from_db = Repo.get_by(Token, token: token) | |||
assert token_from_db | |||
token_from_db = Repo.preload(token_from_db, :user) | |||
assert token_from_db.user | |||
assert token_from_db.user.info.confirmation_pending | |||
end | |||
conn = | |||
conn | |||
|> post("/api/v1/accounts", %{ | |||
username: "6lain", | |||
email: "6lain@example.org", | |||
password: "PlzDontHackLain", | |||
agreement: true | |||
}) | |||
assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"} | |||
end | |||
test "returns bad_request if missing required params", %{ | |||
conn: conn, | |||
valid_params: valid_params | |||
} do | |||
app_token = insert(:oauth_token, user: nil) | |||
conn = | |||
conn | |||
|> put_req_header("authorization", "Bearer " <> app_token.token) | |||
res = post(conn, "/api/v1/accounts", valid_params) | |||
assert json_response(res, 200) | |||
[{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}] | |||
|> Stream.zip(valid_params) | |||
|> Enum.each(fn {ip, {attr, _}} -> | |||
res = | |||
conn | |||
|> Map.put(:remote_ip, ip) | |||
|> post("/api/v1/accounts", Map.delete(valid_params, attr)) | |||
|> json_response(400) | |||
assert res == %{"error" => "Missing parameters"} | |||
end) | |||
end | |||
test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do | |||
conn = | |||
conn | |||
|> put_req_header("authorization", "Bearer " <> "invalid-token") | |||
res = post(conn, "/api/v1/accounts", valid_params) | |||
assert json_response(res, 403) == %{"error" => "Invalid credentials"} | |||
end | |||
end | |||
describe "GET /api/v1/polls/:id" do | |||
test "returns poll entity for object id", %{conn: conn} do | |||
user = insert(:user) | |||