// GoToSocial // Copyright (C) GoToSocial Authors admin@gotosocial.org // SPDX-License-Identifier: AGPL-3.0-or-later // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package statuses_test import ( "context" "encoding/json" "fmt" "io" "io/ioutil" "net/http" "net/http/httptest" "net/url" "strings" "testing" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/api/client/statuses" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/oauth" "github.com/superseriousbusiness/gotosocial/testrig" ) type StatusCreateTestSuite struct { StatusStandardTestSuite } const ( statusWithLinksAndTags = "#test alright, should be able to post #links with fragments in them now, let's see........\n\nhttps://docs.gotosocial.org/en/latest/user_guide/posts/#links\n\n#gotosocial\n\n(tobi remember to pull the docker image challenge)" statusMarkdown = "# Title\n\n## Smaller title\n\nThis is a post written in [markdown](https://www.markdownguide.org/)\n\n" statusMarkdownExpected = "

Title

Smaller title

This is a post written in markdown

" ) // Post a new status with some custom visibility settings func (suite *StatusCreateTestSuite) TestPostNewStatus() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"this is a brand new status! #helloworld"}, "spoiler_text": {"hello hello"}, "sensitive": {"true"}, "visibility": {string(apimodel.VisibilityMutualsOnly)}, "likeable": {"false"}, "replyable": {"false"}, "federated": {"false"}, } suite.statusModule.StatusCreatePOSTHandler(ctx) // check response // 1. we should have OK from our call to the function suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal("hello hello", statusReply.SpoilerText) suite.Equal("

this is a brand new status! #helloworld

", statusReply.Content) suite.True(statusReply.Sensitive) suite.Equal(apimodel.VisibilityPrivate, statusReply.Visibility) // even though we set this status to mutuals only, it should serialize to private, because the mastodon api has no idea about mutuals_only suite.Len(statusReply.Tags, 1) suite.Equal(apimodel.Tag{ Name: "helloworld", URL: "http://localhost:8080/tags/helloworld", }, statusReply.Tags[0]) gtsTag := >smodel.Tag{} err = suite.db.GetWhere(context.Background(), []db.Where{{Key: "name", Value: "helloworld"}}, gtsTag) suite.NoError(err) } func (suite *StatusCreateTestSuite) TestPostNewStatusMarkdown() { // set default post language of account 1 to markdown testAccount := suite.testAccounts["local_account_1"] testAccount.StatusContentType = "text/markdown" a := testAccount err := suite.db.UpdateAccount(context.Background(), a) if err != nil { suite.FailNow(err.Error()) } suite.Equal(a.StatusContentType, "text/markdown") t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, a) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {statusMarkdown}, "visibility": {string(apimodel.VisibilityPublic)}, } suite.statusModule.StatusCreatePOSTHandler(ctx) suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal(statusMarkdownExpected, statusReply.Content) } // mention an account that is not yet known to the instance -- it should be looked up and put in the db func (suite *StatusCreateTestSuite) TestMentionUnknownAccount() { // first remove remote account 1 from the database so it gets looked up again remoteAccount := suite.testAccounts["remote_account_1"] err := suite.db.DeleteAccount(context.Background(), remoteAccount.ID) suite.NoError(err) t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"hello @brand_new_person@unknown-instance.com"}, "visibility": {string(apimodel.VisibilityPublic)}, } suite.statusModule.StatusCreatePOSTHandler(ctx) suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) // if the status is properly formatted, that means the account has been put in the db suite.Equal(`

hello @brand_new_person

`, statusReply.Content) suite.Equal(apimodel.VisibilityPublic, statusReply.Visibility) } func (suite *StatusCreateTestSuite) TestPostAnotherNewStatus() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {statusWithLinksAndTags}, } suite.statusModule.StatusCreatePOSTHandler(ctx) // check response // 1. we should have OK from our call to the function suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal("

#test alright, should be able to post #links with fragments in them now, let's see........

https://docs.gotosocial.org/en/latest/user_guide/posts/#links

#gotosocial

(tobi remember to pull the docker image challenge)

", statusReply.Content) } func (suite *StatusCreateTestSuite) TestPostNewStatusWithEmoji() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"here is a rainbow emoji a few times! :rainbow: :rainbow: :rainbow: \n here's an emoji that isn't in the db: :test_emoji: "}, } suite.statusModule.StatusCreatePOSTHandler(ctx) suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal("", statusReply.SpoilerText) suite.Equal("

here is a rainbow emoji a few times! :rainbow: :rainbow: :rainbow:
here's an emoji that isn't in the db: :test_emoji:

", statusReply.Content) suite.Len(statusReply.Emojis, 1) apiEmoji := statusReply.Emojis[0] gtsEmoji := testrig.NewTestEmojis()["rainbow"] suite.Equal(gtsEmoji.Shortcode, apiEmoji.Shortcode) suite.Equal(gtsEmoji.ImageURL, apiEmoji.URL) suite.Equal(gtsEmoji.ImageStaticURL, apiEmoji.StaticURL) } // Try to reply to a status that doesn't exist func (suite *StatusCreateTestSuite) TestReplyToNonexistentStatus() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"this is a reply to a status that doesn't exist"}, "spoiler_text": {"don't open cuz it won't work"}, "in_reply_to_id": {"3759e7ef-8ee1-4c0c-86f6-8b70b9ad3d50"}, } suite.statusModule.StatusCreatePOSTHandler(ctx) // check response suite.EqualValues(http.StatusNotFound, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) suite.Equal(`{"error":"Not Found: target status not found"}`, string(b)) } // Post a reply to the status of a local user that allows replies. func (suite *StatusCreateTestSuite) TestReplyToLocalStatus() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {fmt.Sprintf("hello @%s this reply should work!", testrig.NewTestAccounts()["local_account_2"].Username)}, "in_reply_to_id": {testrig.NewTestStatuses()["local_account_2_status_1"].ID}, } suite.statusModule.StatusCreatePOSTHandler(ctx) // check response suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal("", statusReply.SpoilerText) suite.Equal(fmt.Sprintf("

hello @%s this reply should work!

", testrig.NewTestAccounts()["local_account_2"].Username, testrig.NewTestAccounts()["local_account_2"].Username), statusReply.Content) suite.False(statusReply.Sensitive) suite.Equal(apimodel.VisibilityPublic, statusReply.Visibility) suite.Equal(testrig.NewTestStatuses()["local_account_2_status_1"].ID, *statusReply.InReplyToID) suite.Equal(testrig.NewTestAccounts()["local_account_2"].ID, *statusReply.InReplyToAccountID) suite.Len(statusReply.Mentions, 1) } // Take a media file which is currently not associated with a status, and attach it to a new status. func (suite *StatusCreateTestSuite) TestAttachNewMediaSuccess() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) attachment := suite.testAttachments["local_account_1_unattached_1"] // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"here's an image attachment"}, "media_ids[]": {attachment.ID}, } suite.statusModule.StatusCreatePOSTHandler(ctx) // check response suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusResponse := &apimodel.Status{} err = json.Unmarshal(b, statusResponse) suite.NoError(err) suite.Equal("", statusResponse.SpoilerText) suite.Equal("

here's an image attachment

", statusResponse.Content) suite.False(statusResponse.Sensitive) suite.Equal(apimodel.VisibilityPublic, statusResponse.Visibility) // there should be one media attachment suite.Len(statusResponse.MediaAttachments, 1) // get the updated media attachment from the database gtsAttachment, err := suite.db.GetAttachmentByID(context.Background(), statusResponse.MediaAttachments[0].ID) suite.NoError(err) // convert it to a api attachment gtsAttachmentAsapi, err := suite.tc.AttachmentToAPIAttachment(context.Background(), gtsAttachment) suite.NoError(err) // compare it with what we have now suite.EqualValues(*statusResponse.MediaAttachments[0], gtsAttachmentAsapi) // the status id of the attachment should now be set to the id of the status we just created suite.Equal(statusResponse.ID, gtsAttachment.StatusID) } // Post a new status with a language tag that is not in canonical format func (suite *StatusCreateTestSuite) TestPostNewStatusWithNoncanonicalLanguageTag() { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"English? what's English? i speak American"}, "language": {"en-us"}, } suite.statusModule.StatusCreatePOSTHandler(ctx) suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal("

English? what's English? i speak American

", statusReply.Content) suite.NotNil(statusReply.Language) suite.Equal("en-US", *statusReply.Language) } // Post a new status with an attached poll. func (suite *StatusCreateTestSuite) testPostNewStatusWithPoll(configure func(request *http.Request)) { t := suite.testTokens["local_account_1"] oauthToken := oauth.DBTokenToToken(t) // setup recorder := httptest.NewRecorder() ctx, _ := testrig.CreateGinTestContext(recorder, nil) ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) ctx.Set(oauth.SessionAuthorizedToken, oauthToken) ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", statuses.BasePath), nil) // the endpoint we're hitting ctx.Request.Header.Set("accept", "application/json") configure(ctx.Request) suite.statusModule.StatusCreatePOSTHandler(ctx) suite.EqualValues(http.StatusOK, recorder.Code) result := recorder.Result() defer result.Body.Close() b, err := ioutil.ReadAll(result.Body) suite.NoError(err) statusReply := &apimodel.Status{} err = json.Unmarshal(b, statusReply) suite.NoError(err) suite.Equal("

this is a status with a poll!

", statusReply.Content) suite.Equal(apimodel.VisibilityPublic, statusReply.Visibility) if suite.NotNil(statusReply.Poll) { if suite.Len(statusReply.Poll.Options, 2) { suite.Equal("first option", statusReply.Poll.Options[0].Title) suite.Equal("second option", statusReply.Poll.Options[1].Title) } suite.NotZero(statusReply.Poll.ExpiresAt) suite.False(statusReply.Poll.Expired) suite.True(statusReply.Poll.Multiple) } } func (suite *StatusCreateTestSuite) TestPostNewStatusWithPollForm() { suite.testPostNewStatusWithPoll(func(request *http.Request) { request.Form = url.Values{ "status": {"this is a status with a poll!"}, "visibility": {"public"}, "poll[options][]": {"first option", "second option"}, "poll[expires_in]": {"3600"}, "poll[multiple]": {"true"}, } }) } func (suite *StatusCreateTestSuite) TestPostNewStatusWithPollJSON() { suite.testPostNewStatusWithPoll(func(request *http.Request) { request.Header.Set("content-type", "application/json") request.Body = io.NopCloser(strings.NewReader(`{ "status": "this is a status with a poll!", "visibility": "public", "poll": { "options": ["first option", "second option"], "expires_in": 3600, "multiple": true } }`)) }) } func TestStatusCreateTestSuite(t *testing.T) { suite.Run(t, new(StatusCreateTestSuite)) }