rafaelcaricio/gotosocial
1
0
Fork 0
forked from mirrors/gotosocial
Code Issues Pull requests Projects Releases Packages Wiki Activity

[bugfix] Ensure account fields can be set by JSON (#1762)

Browse source
This commit is contained in:
tobi 2023-05-12 11:17:31 +02:00 committed by GitHub
parent 6c9d8e78eb
commit 8eda0051ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 353 additions and 425 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/api/swagger.yaml
View file

@ -2469,7 +2469,7 @@ definitions:
x-go-name: Tag x-go-name: Tag
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
updateField: updateField:
description: By default, max 4 fields and 255 characters per property/value. description: By default, max 6 fields and 255 characters per property/value.
properties: properties:
name: name:
description: Name of the field description: Name of the field
@ -3088,6 +3088,7 @@ paths:
patch: patch:
consumes: consumes:
- multipart/form-data - multipart/form-data
- application/json
operationId: accountUpdate operationId: accountUpdate
parameters: parameters:
- description: Account should be made discoverable and shown in the profile directory (if enabled). - description: Account should be made discoverable and shown in the profile directory (if enabled).

101
internal/api/client/accounts/accountupdate.go
View file

@ -24,11 +24,13 @@ import (
"strconv" "strconv"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/gin-gonic/gin/binding"
"github.com/go-playground/form/v4" "github.com/go-playground/form/v4"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/oauth" "github.com/superseriousbusiness/gotosocial/internal/oauth"
"golang.org/x/exp/slices"
) )
// AccountUpdateCredentialsPATCHHandler swagger:operation PATCH /api/v1/accounts/update_credentials accountUpdate // AccountUpdateCredentialsPATCHHandler swagger:operation PATCH /api/v1/accounts/update_credentials accountUpdate
@ -41,6 +43,7 @@ import (
// //
// consumes: // consumes:
// - multipart/form-data // - multipart/form-data
// - application/json
// //
// produces: // produces:
// - application/json // - application/json
@ -169,26 +172,26 @@ func (m *Module) AccountUpdateCredentialsPATCHHandler(c *gin.Context) {
c.JSON(http.StatusOK, acctSensitive) c.JSON(http.StatusOK, acctSensitive)
} }
type fieldAttributesBinding struct{} // fieldsAttributesFormBinding satisfies gin's binding.Binding interface.
// Should only be used specifically for multipart/form-data MIME type.
type fieldsAttributesFormBinding struct{}
func (fieldAttributesBinding) Name() string { func (fieldsAttributesFormBinding) Name() string {
return "FieldAttributes" return "FieldsAttributes"
} }
func (fieldAttributesBinding) Bind(req *http.Request, obj any) error { func (fieldsAttributesFormBinding) Bind(req *http.Request, obj any) error {
if err := req.ParseForm(); err != nil { if err := req.ParseForm(); err != nil {
return err return err
} }
// Change default namespace prefix and suffix to
// allow correct parsing of the field attributes.
decoder := form.NewDecoder() decoder := form.NewDecoder()
// change default namespace prefix and suffix to allow correct parsing of the field attributes
decoder.SetNamespacePrefix("[") decoder.SetNamespacePrefix("[")
decoder.SetNamespaceSuffix("]") decoder.SetNamespaceSuffix("]")
if err := decoder.Decode(obj, req.Form); err != nil {
return err
}
return nil return decoder.Decode(obj, req.Form)
} }
func parseUpdateAccountForm(c *gin.Context) (*apimodel.UpdateCredentialsRequest, error) { func parseUpdateAccountForm(c *gin.Context) (*apimodel.UpdateCredentialsRequest, error) {
@ -196,36 +199,34 @@ func parseUpdateAccountForm(c *gin.Context) (*apimodel.UpdateCredentialsRequest,
Source: &apimodel.UpdateSource{}, Source: &apimodel.UpdateSource{},
} }
if err := c.ShouldBind(&form); err != nil { switch ct := c.ContentType(); ct {
return nil, fmt.Errorf("could not parse form from request: %s", err) case binding.MIMEJSON:
} // Bind with default json binding first.
if err := c.ShouldBindWith(form, binding.JSON); err != nil {
// use custom form binding to support field attributes in the form data return nil, err
if err := c.ShouldBindWith(&form, fieldAttributesBinding{}); err != nil {
return nil, fmt.Errorf("could not parse form from request: %s", err)
}
// parse source field-by-field
sourceMap := c.PostFormMap("source")
if privacy, ok := sourceMap["privacy"]; ok {
form.Source.Privacy = &privacy
}
if sensitive, ok := sourceMap["sensitive"]; ok {
sensitiveBool, err := strconv.ParseBool(sensitive)
if err != nil {
return nil, fmt.Errorf("error parsing form source[sensitive]: %s", err)
} }
form.Source.Sensitive = &sensitiveBool
}
if language, ok := sourceMap["language"]; ok { // Now use custom form binding for
form.Source.Language = &language // field attributes in the json data.
} var err error
form.FieldsAttributes, err = parseFieldsAttributesFromJSON(form.JSONFieldsAttributes)
if err != nil {
return nil, fmt.Errorf("custom json binding failed: %w", err)
}
case binding.MIMEMultipartPOSTForm:
// Bind with default form binding first.
if err := c.ShouldBindWith(form, binding.FormMultipart); err != nil {
return nil, err
}
if statusContentType, ok := sourceMap["status_content_type"]; ok { // Now use custom form binding for
form.Source.StatusContentType = &statusContentType // field attributes in the form data.
if err := c.ShouldBindWith(form, fieldsAttributesFormBinding{}); err != nil {
return nil, fmt.Errorf("custom form binding failed: %w", err)
}
default:
err := fmt.Errorf("content-type %s not supported for this endpoint; supported content-types are %s, %s", ct, binding.MIMEJSON, binding.MIMEMultipartPOSTForm)
return nil, err
} }
if form == nil || if form == nil ||
@ -248,3 +249,31 @@ func parseUpdateAccountForm(c *gin.Context) (*apimodel.UpdateCredentialsRequest,
return form, nil return form, nil
} }
func parseFieldsAttributesFromJSON(jsonFieldsAttributes *map[string]apimodel.UpdateField) (*[]apimodel.UpdateField, error) {
if jsonFieldsAttributes == nil {
// Nothing set, nothing to do.
return nil, nil
}
fieldsAttributes := make([]apimodel.UpdateField, 0, len(*jsonFieldsAttributes))
for keyStr, updateField := range *jsonFieldsAttributes {
key, err := strconv.Atoi(keyStr)
if err != nil {
return nil, fmt.Errorf("couldn't parse fieldAttributes key %s to int: %w", keyStr, err)
}
fieldsAttributes = append(fieldsAttributes, apimodel.UpdateField{
Key: key,
Name: updateField.Name,
Value: updateField.Value,
})
}
// Sort slice by the key each field was submitted with.
slices.SortFunc(fieldsAttributes, func(a, b apimodel.UpdateField) bool {
return a.Key < b.Key
})
return &fieldsAttributes, nil
}

631
internal/api/client/accounts/accountupdate_test.go
View file

@ -20,7 +20,8 @@ package accounts_test
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"io/ioutil" "fmt"
"io"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"testing" "testing"
@ -28,6 +29,7 @@ import (
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts" "github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/testrig" "github.com/superseriousbusiness/gotosocial/testrig"
) )
@ -35,460 +37,351 @@ type AccountUpdateTestSuite struct {
AccountStandardTestSuite AccountStandardTestSuite
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandler() { func (suite *AccountUpdateTestSuite) updateAccountFromFormData(data map[string]string, expectedHTTPStatus int, expectedBody string) (*apimodel.Account, error) {
// set up the request requestBody, w, err := testrig.CreateMultipartFormData("", "", data)
// we're updating the note and profile fields of zork
newBio := "this is my new bio read it and weep"
requestBody, w, err := testrig.CreateMultipartFormData(
"", "",
map[string]string{
"note": newBio,
"fields_attributes[0][name]": "pronouns",
"fields_attributes[0][value]": "they/them",
})
if err != nil { if err != nil {
panic(err) suite.FailNow(err.Error())
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler return suite.updateAccount(requestBody.Bytes(), w.FormDataContentType(), expectedHTTPStatus, expectedBody)
}
func (suite *AccountUpdateTestSuite) updateAccountFromFormDataWithFile(fieldName string, fileName string, data map[string]string, expectedHTTPStatus int, expectedBody string) (*apimodel.Account, error) {
requestBody, w, err := testrig.CreateMultipartFormData(fieldName, fileName, data)
if err != nil {
suite.FailNow(err.Error())
}
return suite.updateAccount(requestBody.Bytes(), w.FormDataContentType(), expectedHTTPStatus, expectedBody)
}
func (suite *AccountUpdateTestSuite) updateAccountFromJSON(data string, expectedHTTPStatus int, expectedBody string) (*apimodel.Account, error) {
return suite.updateAccount([]byte(data), "application/json", expectedHTTPStatus, expectedBody)
}
func (suite *AccountUpdateTestSuite) updateAccount(
bodyBytes []byte,
contentType string,
expectedHTTPStatus int,
expectedBody string,
) (*apimodel.Account, error) {
// Initialize http test context.
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, contentType)
// Trigger the handler.
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx)
// 1. we should have OK because our request was valid // Read the result.
suite.Equal(http.StatusOK, recorder.Code)
// 2. we should have no error message in the result body
result := recorder.Result() result := recorder.Result()
defer result.Body.Close() defer result.Body.Close()
// check the response b, err := io.ReadAll(result.Body)
b, err := ioutil.ReadAll(result.Body) if err != nil {
suite.NoError(err) return nil, err
}
// unmarshal the returned account errs := gtserror.MultiError{}
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount) // Check expected code + body.
suite.NoError(err) if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
errs = append(errs, fmt.Sprintf("expected %d got %d", expectedHTTPStatus, resultCode))
}
// If we got an expected body, return early.
if expectedBody != "" && string(b) != expectedBody {
errs = append(errs, fmt.Sprintf("expected %s got %s", expectedBody, string(b)))
}
if err := errs.Combine(); err != nil {
return nil, fmt.Errorf("%v (body %s)", err, string(b))
}
// Return account response.
resp := &apimodel.Account{}
if err := json.Unmarshal(b, resp); err != nil {
return nil, err
}
return resp, nil
}
func (suite *AccountUpdateTestSuite) TestUpdateAccountBasicFormData() {
data := map[string]string{
"note": "this is my new bio read it and weep",
"fields_attributes[0][name]": "pronouns",
"fields_attributes[0][value]": "they/them",
"fields_attributes[1][name]": "Website",
"fields_attributes[1][value]": "https://example.com",
}
apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
if err != nil {
suite.FailNow(err.Error())
}
// check the returned api model account
// fields should be updated
suite.Equal("<p>this is my new bio read it and weep</p>", apimodelAccount.Note) suite.Equal("<p>this is my new bio read it and weep</p>", apimodelAccount.Note)
suite.Equal("they/them", apimodelAccount.Fields[0].Value) suite.Equal("this is my new bio read it and weep", apimodelAccount.Source.Note)
suite.Equal(newBio, apimodelAccount.Source.Note)
if l := len(apimodelAccount.Fields); l != 2 {
suite.FailNow("", "expected %d fields, got %d", 2, l)
}
suite.Equal(`pronouns`, apimodelAccount.Fields[0].Name)
suite.Equal(`they/them`, apimodelAccount.Fields[0].Value)
suite.Equal(`Website`, apimodelAccount.Fields[1].Name)
suite.Equal(`<a href="https://example.com" rel="nofollow noreferrer noopener" target="_blank">https://example.com</a>`, apimodelAccount.Fields[1].Value)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerUnlockLock() { func (suite *AccountUpdateTestSuite) TestUpdateAccountBasicJSON() {
// set up the first request data := `
requestBody1, w1, err := testrig.CreateMultipartFormData( {
"", "", "note": "this is my new bio read it and weep",
map[string]string{ "fields_attributes": {
"locked": "false", "0": {
}) "name": "pronouns",
if err != nil { "value": "they/them"
panic(err) },
} "1": {
bodyBytes1 := requestBody1.Bytes() "name": "Website",
recorder1 := httptest.NewRecorder() "value": "https://example.com"
ctx1 := suite.newContext(recorder1, http.MethodPatch, bodyBytes1, accounts.UpdateCredentialsPath, w1.FormDataContentType()) }
}
// call the handler
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx1)
// 1. we should have OK because our request was valid
suite.Equal(http.StatusOK, recorder1.Code)
// 2. we should have no error message in the result body
result1 := recorder1.Result()
defer result1.Body.Close()
// check the response
b1, err := ioutil.ReadAll(result1.Body)
suite.NoError(err)
// unmarshal the returned account
apimodelAccount1 := &apimodel.Account{}
err = json.Unmarshal(b1, apimodelAccount1)
suite.NoError(err)
// check the returned api model account
// fields should be updated
suite.False(apimodelAccount1.Locked)
// set up the first request
requestBody2, w2, err := testrig.CreateMultipartFormData(
"", "",
map[string]string{
"locked": "true",
})
if err != nil {
panic(err)
}
bodyBytes2 := requestBody2.Bytes()
recorder2 := httptest.NewRecorder()
ctx2 := suite.newContext(recorder2, http.MethodPatch, bodyBytes2, accounts.UpdateCredentialsPath, w2.FormDataContentType())
// call the handler
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx2)
// 1. we should have OK because our request was valid
suite.Equal(http.StatusOK, recorder1.Code)
// 2. we should have no error message in the result body
result2 := recorder2.Result()
defer result2.Body.Close()
// check the response
b2, err := ioutil.ReadAll(result2.Body)
suite.NoError(err)
// unmarshal the returned account
apimodelAccount2 := &apimodel.Account{}
err = json.Unmarshal(b2, apimodelAccount2)
suite.NoError(err)
// check the returned api model account
// fields should be updated
suite.True(apimodelAccount2.Locked)
} }
`
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerGetAccountFirst() { apimodelAccount, err := suite.updateAccountFromJSON(data, http.StatusOK, "")
// get the account first to make sure it's in the database cache -- when the account is updated via
// the PATCH handler, it should invalidate the cache and not return the old version
_, err := suite.db.GetAccountByID(context.Background(), suite.testAccounts["local_account_1"].ID)
suite.NoError(err)
// set up the request
// we're updating the note of zork
newBio := "this is my new bio read it and weep"
requestBody, w, err := testrig.CreateMultipartFormData(
"", "",
map[string]string{
"note": newBio,
})
if err != nil { if err != nil {
panic(err) suite.FailNow(err.Error())
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx)
// 1. we should have OK because our request was valid
suite.Equal(http.StatusOK, recorder.Code)
// 2. we should have no error message in the result body
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err)
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
suite.NoError(err)
// check the returned api model account
// fields should be updated
suite.Equal("<p>this is my new bio read it and weep</p>", apimodelAccount.Note) suite.Equal("<p>this is my new bio read it and weep</p>", apimodelAccount.Note)
suite.Equal(newBio, apimodelAccount.Source.Note) suite.Equal("this is my new bio read it and weep", apimodelAccount.Source.Note)
if l := len(apimodelAccount.Fields); l != 2 {
suite.FailNow("", "expected %d fields, got %d", 2, l)
}
suite.Equal(`pronouns`, apimodelAccount.Fields[0].Name)
suite.Equal(`they/them`, apimodelAccount.Fields[0].Value)
suite.Equal(`Website`, apimodelAccount.Fields[1].Name)
suite.Equal(`<a href="https://example.com" rel="nofollow noreferrer noopener" target="_blank">https://example.com</a>`, apimodelAccount.Fields[1].Value)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerTwoFields() { func (suite *AccountUpdateTestSuite) TestUpdateAccountLockFormData() {
// set up the request data := map[string]string{
// we're updating the note of zork, and setting locked to true "locked": "true",
newBio := "this is my new bio read it and weep :rainbow:"
requestBody, w, err := testrig.CreateMultipartFormData(
"", "",
map[string]string{
"note": newBio,
"locked": "true",
})
if err != nil {
panic(err)
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) if err != nil {
suite.FailNow(err.Error())
}
// 1. we should have OK because our request was valid
suite.Equal(http.StatusOK, recorder.Code)
// 2. we should have no error message in the result body
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err)
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
suite.NoError(err)
// check the returned api model account
// fields should be updated
suite.Equal("<p>this is my new bio read it and weep :rainbow:</p>", apimodelAccount.Note)
suite.Equal(newBio, apimodelAccount.Source.Note)
suite.True(apimodelAccount.Locked) suite.True(apimodelAccount.Locked)
suite.NotEmpty(apimodelAccount.Emojis)
suite.Equal(apimodelAccount.Emojis[0].Shortcode, "rainbow")
// check the account in the database
dbZork, err := suite.db.GetAccountByID(context.Background(), apimodelAccount.ID)
suite.NoError(err)
suite.Equal(newBio, dbZork.NoteRaw)
suite.Equal("<p>this is my new bio read it and weep :rainbow:</p>", dbZork.Note)
suite.True(*dbZork.Locked)
suite.NotEmpty(dbZork.EmojiIDs)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerDiscoverable() { func (suite *AccountUpdateTestSuite) TestUpdateAccountLockJSON() {
requestBody, w, err := testrig.CreateMultipartFormData( data := `
"", "", {
map[string]string{ "locked": true
"discoverable": "false", }`
})
apimodelAccount, err := suite.updateAccountFromJSON(data, http.StatusOK, "")
if err != nil { if err != nil {
panic(err) suite.FailNow(err.Error())
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler suite.True(apimodelAccount.Locked)
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) }
// 1. we should have OK because our request was valid func (suite *AccountUpdateTestSuite) TestUpdateAccountUnlockFormData() {
suite.Equal(http.StatusOK, recorder.Code) data := map[string]string{
"locked": "false",
}
// 2. we should have no error message in the result body apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
result := recorder.Result() if err != nil {
defer result.Body.Close() suite.FailNow(err.Error())
}
// check the response suite.False(apimodelAccount.Locked)
b, err := ioutil.ReadAll(result.Body) }
suite.NoError(err)
// unmarshal the returned account func (suite *AccountUpdateTestSuite) TestUpdateAccountUnlockJSON() {
apimodelAccount := &apimodel.Account{} data := `
err = json.Unmarshal(b, apimodelAccount) {
suite.NoError(err) "locked": false
}`
apimodelAccount, err := suite.updateAccountFromJSON(data, http.StatusOK, "")
if err != nil {
suite.FailNow(err.Error())
}
suite.False(apimodelAccount.Locked)
}
func (suite *AccountUpdateTestSuite) TestUpdateAccountCache() {
// Get the account first to make sure it's in the database
// cache. When the account is updated via the PATCH handler,
// it should invalidate the cache and return the new version.
if _, err := suite.db.GetAccountByID(context.Background(), suite.testAccounts["local_account_1"].ID); err != nil {
suite.FailNow(err.Error())
}
data := map[string]string{
"note": "this is my new bio read it and weep",
}
apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
if err != nil {
suite.FailNow(err.Error())
}
suite.Equal("<p>this is my new bio read it and weep</p>", apimodelAccount.Note)
}
func (suite *AccountUpdateTestSuite) TestUpdateAccountDiscoverableFormData() {
data := map[string]string{
"discoverable": "false",
}
apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
if err != nil {
suite.FailNow(err.Error())
}
// check the returned api model account
// fields should be updated
suite.False(apimodelAccount.Discoverable) suite.False(apimodelAccount.Discoverable)
// check the account in the database // Check the account in the database too.
dbZork, err := suite.db.GetAccountByID(context.Background(), apimodelAccount.ID) dbZork, err := suite.db.GetAccountByID(context.Background(), apimodelAccount.ID)
suite.NoError(err) suite.NoError(err)
suite.False(*dbZork.Discoverable) suite.False(*dbZork.Discoverable)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerWithMedia() { func (suite *AccountUpdateTestSuite) TestUpdateAccountDiscoverableJSON() {
// set up the request data := `
// we're updating the header image, the display name, and the locked status of zork {
// we're removing the note/bio "discoverable": false
requestBody, w, err := testrig.CreateMultipartFormData( }`
"header", "../../../../testrig/media/test-jpeg.jpg",
map[string]string{ apimodelAccount, err := suite.updateAccountFromJSON(data, http.StatusOK, "")
"display_name": "updated zork display name!!!",
"note": "",
"locked": "true",
})
if err != nil { if err != nil {
panic(err) suite.FailNow(err.Error())
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler suite.False(apimodelAccount.Discoverable)
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx)
// 1. we should have OK because our request was valid // Check the account in the database too.
suite.Equal(http.StatusOK, recorder.Code) dbZork, err := suite.db.GetAccountByID(context.Background(), apimodelAccount.ID)
// 2. we should have no error message in the result body
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err) suite.NoError(err)
suite.False(*dbZork.Discoverable)
}
// unmarshal the returned account func (suite *AccountUpdateTestSuite) TestUpdateAccountWithImageFormData() {
apimodelAccount := &apimodel.Account{} data := map[string]string{
err = json.Unmarshal(b, apimodelAccount) "display_name": "updated zork display name!!!",
suite.NoError(err) "note": "",
"locked": "true",
}
// check the returned api model account apimodelAccount, err := suite.updateAccountFromFormDataWithFile("header", "../../../../testrig/media/test-jpeg.jpg", data, http.StatusOK, "")
// fields should be updated if err != nil {
suite.Equal("updated zork display name!!!", apimodelAccount.DisplayName) suite.FailNow(err.Error())
}
suite.Equal(data["display_name"], apimodelAccount.DisplayName)
suite.True(apimodelAccount.Locked) suite.True(apimodelAccount.Locked)
suite.Empty(apimodelAccount.Note) suite.Empty(apimodelAccount.Note)
suite.Empty(apimodelAccount.Source.Note) suite.Empty(apimodelAccount.Source.Note)
// header values...
// should be set
suite.NotEmpty(apimodelAccount.Header) suite.NotEmpty(apimodelAccount.Header)
suite.NotEmpty(apimodelAccount.HeaderStatic) suite.NotEmpty(apimodelAccount.HeaderStatic)
// should be different from the values set before // Can't predict IDs generated for new media
// so just ensure it's different than before.
suite.NotEqual("http://localhost:8080/fileserver/01F8MH1H7YV1Z7D2C8K2730QBF/header/original/01PFPMWK2FF0D9WMHEJHR07C3Q.jpg", apimodelAccount.Header) suite.NotEqual("http://localhost:8080/fileserver/01F8MH1H7YV1Z7D2C8K2730QBF/header/original/01PFPMWK2FF0D9WMHEJHR07C3Q.jpg", apimodelAccount.Header)
suite.NotEqual("http://localhost:8080/fileserver/01F8MH1H7YV1Z7D2C8K2730QBF/header/small/01PFPMWK2FF0D9WMHEJHR07C3Q.jpg", apimodelAccount.HeaderStatic) suite.NotEqual("http://localhost:8080/fileserver/01F8MH1H7YV1Z7D2C8K2730QBF/header/small/01PFPMWK2FF0D9WMHEJHR07C3Q.jpg", apimodelAccount.HeaderStatic)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerEmptyForm() { func (suite *AccountUpdateTestSuite) TestUpdateAccountEmptyFormData() {
// set up the request data := make(map[string]string)
bodyBytes := []byte{}
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, "")
// call the handler _, err := suite.updateAccountFromFormData(data, http.StatusBadRequest, `{"error":"Bad Request: empty form submitted"}`)
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) if err != nil {
suite.FailNow(err.Error())
// 1. we should have OK because our request was valid }
suite.Equal(http.StatusBadRequest, recorder.Code)
// 2. we should have no error message in the result body
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err)
suite.Equal(`{"error":"Bad Request: empty form submitted"}`, string(b))
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerUpdateSource() { func (suite *AccountUpdateTestSuite) TestUpdateAccountSourceFormData() {
// set up the request data := map[string]string{
// we're updating the language of zork "source[privacy]": string(apimodel.VisibilityPrivate),
newLanguage := "de" "source[language]": "de",
requestBody, w, err := testrig.CreateMultipartFormData( "source[sensitive]": "true",
"", "", "locked": "true",
map[string]string{
"source[privacy]": string(apimodel.VisibilityPrivate),
"source[language]": "de",
"source[sensitive]": "true",
"locked": "true",
})
if err != nil {
panic(err)
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) if err != nil {
suite.FailNow(err.Error())
}
// 1. we should have OK because our request was valid suite.Equal(data["source[language]"], apimodelAccount.Source.Language)
suite.Equal(http.StatusOK, recorder.Code)
// 2. we should have no error message in the result body
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err)
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
suite.NoError(err)
// check the returned api model account
// fields should be updated
suite.Equal(newLanguage, apimodelAccount.Source.Language)
suite.EqualValues(apimodel.VisibilityPrivate, apimodelAccount.Source.Privacy) suite.EqualValues(apimodel.VisibilityPrivate, apimodelAccount.Source.Privacy)
suite.True(apimodelAccount.Source.Sensitive) suite.True(apimodelAccount.Source.Sensitive)
suite.True(apimodelAccount.Locked) suite.True(apimodelAccount.Locked)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerUpdateStatusContentTypeOK() { func (suite *AccountUpdateTestSuite) TestUpdateAccountSourceJSON() {
// set up the request data := `
// we're updating the language of zork {
requestBody, w, err := testrig.CreateMultipartFormData( "source": {
"", "", "privacy": "private",
map[string]string{ "language": "de",
"source[status_content_type]": "text/markdown", "sensitive": true
}) },
"locked": true
}
`
apimodelAccount, err := suite.updateAccountFromJSON(data, http.StatusOK, "")
if err != nil { if err != nil {
panic(err) suite.FailNow(err.Error())
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler suite.Equal("de", apimodelAccount.Source.Language)
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) suite.EqualValues(apimodel.VisibilityPrivate, apimodelAccount.Source.Privacy)
suite.True(apimodelAccount.Source.Sensitive)
suite.True(apimodelAccount.Locked)
}
// 1. we should have OK because our request was valid func (suite *AccountUpdateTestSuite) TestUpdateAccountSourceBadContentTypeFormData() {
suite.Equal(http.StatusOK, recorder.Code) data := map[string]string{
"source[status_content_type]": "text/markdown",
}
// 2. we should have no error message in the result body apimodelAccount, err := suite.updateAccountFromFormData(data, http.StatusOK, "")
result := recorder.Result() if err != nil {
defer result.Body.Close() suite.FailNow(err.Error())
}
// check the response suite.Equal(data["source[status_content_type]"], apimodelAccount.Source.StatusContentType)
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err)
// unmarshal the returned account
apimodelAccount := &apimodel.Account{}
err = json.Unmarshal(b, apimodelAccount)
suite.NoError(err)
// check the returned api model account
// fields should be updated
suite.Equal("text/markdown", apimodelAccount.Source.StatusContentType)
// Check the account in the database too.
dbAccount, err := suite.db.GetAccountByID(context.Background(), suite.testAccounts["local_account_1"].ID) dbAccount, err := suite.db.GetAccountByID(context.Background(), suite.testAccounts["local_account_1"].ID)
if err != nil { if err != nil {
suite.FailNow(err.Error()) suite.FailNow(err.Error())
} }
suite.Equal(dbAccount.StatusContentType, "text/markdown") suite.Equal(data["source[status_content_type]"], dbAccount.StatusContentType)
} }
func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerUpdateStatusContentTypeBad() { func (suite *AccountUpdateTestSuite) TestAccountUpdateCredentialsPATCHHandlerUpdateStatusContentTypeBad() {
// set up the request data := map[string]string{
// we're updating the language of zork "source[status_content_type]": "peepeepoopoo",
requestBody, w, err := testrig.CreateMultipartFormData(
"", "",
map[string]string{
"source[status_content_type]": "peepeepoopoo",
})
if err != nil {
panic(err)
} }
bodyBytes := requestBody.Bytes()
recorder := httptest.NewRecorder()
ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, accounts.UpdateCredentialsPath, w.FormDataContentType())
// call the handler _, err := suite.updateAccountFromFormData(data, http.StatusBadRequest, `{"error":"Bad Request: status content type 'peepeepoopoo' was not recognized, valid options are 'text/plain', 'text/markdown'"}`)
suite.accountsModule.AccountUpdateCredentialsPATCHHandler(ctx) if err != nil {
suite.FailNow(err.Error())
suite.Equal(http.StatusBadRequest, recorder.Code) }
result := recorder.Result()
defer result.Body.Close()
// check the response
b, err := ioutil.ReadAll(result.Body)
suite.NoError(err)
suite.Equal(`{"error":"Bad Request: status content type 'peepeepoopoo' was not recognized, valid options are 'text/plain', 'text/markdown'"}`, string(b))
} }
func TestAccountUpdateTestSuite(t *testing.T) { func TestAccountUpdateTestSuite(t *testing.T) {

43
internal/api/model/account.go
View file

@ -140,27 +140,29 @@ type AccountCreateRequest struct {
// swagger:ignore // swagger:ignore
type UpdateCredentialsRequest struct { type UpdateCredentialsRequest struct {
// Account should be made discoverable and shown in the profile directory (if enabled). // Account should be made discoverable and shown in the profile directory (if enabled).
Discoverable *bool `form:"discoverable" json:"discoverable" xml:"discoverable"` Discoverable *bool `form:"discoverable" json:"discoverable"`
// Account is flagged as a bot. // Account is flagged as a bot.
Bot *bool `form:"bot" json:"bot" xml:"bot"` Bot *bool `form:"bot" json:"bot"`
// The display name to use for the account. // The display name to use for the account.
DisplayName *string `form:"display_name" json:"display_name" xml:"display_name"` DisplayName *string `form:"display_name" json:"display_name"`
// Bio/description of this account. // Bio/description of this account.
Note *string `form:"note" json:"note" xml:"note"` Note *string `form:"note" json:"note"`
// Avatar image encoded using multipart/form-data. // Avatar image encoded using multipart/form-data.
Avatar *multipart.FileHeader `form:"avatar" json:"avatar" xml:"avatar"` Avatar *multipart.FileHeader `form:"avatar" json:"-"`
// Header image encoded using multipart/form-data // Header image encoded using multipart/form-data
Header *multipart.FileHeader `form:"header" json:"header" xml:"header"` Header *multipart.FileHeader `form:"header" json:"-"`
// Require manual approval of follow requests. // Require manual approval of follow requests.
Locked *bool `form:"locked" json:"locked" xml:"locked"` Locked *bool `form:"locked" json:"locked"`
// New Source values for this account. // New Source values for this account.
Source *UpdateSource `form:"source" json:"source" xml:"source"` Source *UpdateSource `form:"source" json:"source"`
// Profile metadata name and value // Profile metadata names and values.
FieldsAttributes *[]UpdateField `form:"fields_attributes" json:"fields_attributes" xml:"fields_attributes"` FieldsAttributes *[]UpdateField `form:"fields_attributes" json:"-"`
// Profile metadata names and values, parsed from JSON.
JSONFieldsAttributes *map[string]UpdateField `form:"-" json:"fields_attributes"`
// Custom CSS to be included when rendering this account's profile or statuses. // Custom CSS to be included when rendering this account's profile or statuses.
CustomCSS *string `form:"custom_css" json:"custom_css" xml:"custom_css"` CustomCSS *string `form:"custom_css" json:"custom_css"`
// Enable RSS feed of public toots for this account at /@[username]/feed.rss // Enable RSS feed of public toots for this account at /@[username]/feed.rss
EnableRSS *bool `form:"enable_rss" json:"enable_rss" xml:"enable_rss"` EnableRSS *bool `form:"enable_rss" json:"enable_rss"`
} }
// UpdateSource is to be used specifically in an UpdateCredentialsRequest. // UpdateSource is to be used specifically in an UpdateCredentialsRequest.
@ -168,24 +170,27 @@ type UpdateCredentialsRequest struct {
// swagger:model updateSource // swagger:model updateSource
type UpdateSource struct { type UpdateSource struct {
// Default post privacy for authored statuses. // Default post privacy for authored statuses.
Privacy *string `form:"privacy" json:"privacy" xml:"privacy"` Privacy *string `form:"privacy" json:"privacy"`
// Mark authored statuses as sensitive by default. // Mark authored statuses as sensitive by default.
Sensitive *bool `form:"sensitive" json:"sensitive" xml:"sensitive"` Sensitive *bool `form:"sensitive" json:"sensitive"`
// Default language to use for authored statuses. (ISO 6391) // Default language to use for authored statuses. (ISO 6391)
Language *string `form:"language" json:"language" xml:"language"` Language *string `form:"language" json:"language"`
// Default format for authored statuses (text/plain or text/markdown). // Default format for authored statuses (text/plain or text/markdown).
StatusContentType *string `form:"status_content_type" json:"status_content_type" xml:"status_content_type"` StatusContentType *string `form:"status_content_type" json:"status_content_type"`
} }
// UpdateField is to be used specifically in an UpdateCredentialsRequest. // UpdateField is to be used specifically in an UpdateCredentialsRequest.
// By default, max 4 fields and 255 characters per property/value. // By default, max 6 fields and 255 characters per property/value.
// //
// swagger:model updateField // swagger:model updateField
type UpdateField struct { type UpdateField struct {
// Key this form field was submitted with;
// only set if it was submitted as JSON.
Key int `form:"-" json:"-"`
// Name of the field // Name of the field
Name *string `form:"name" json:"name" xml:"name"` Name *string `form:"name" json:"name"`
// Value of the field // Value of the field
Value *string `form:"value" json:"value" xml:"value"` Value *string `form:"value" json:"value"`
} }
// AccountFollowRequest models a request to follow an account. // AccountFollowRequest models a request to follow an account.