defmodule Mobilizon.GraphQL.Resolvers.AdminTest do use Mobilizon.Web.ConnCase import Mobilizon.Factory import Swoosh.TestAssertions alias Mobilizon.Actors.Actor alias Mobilizon.Events.Event alias Mobilizon.Federation.ActivityPub.Relay alias Mobilizon.Reports.{Note, Report} alias Mobilizon.Users.User alias Mobilizon.GraphQL.{AbsintheHelpers, API} describe "Resolver: List the action logs" do @note_content "This a note on a report" test "list_action_logs/3 list action logs", %{conn: conn} do %User{} = user_moderator = insert(:user, role: :moderator) %Actor{} = moderator = insert(:actor, user: user_moderator) %User{} = user_moderator_2 = insert(:user, role: :moderator) %Actor{} = moderator_2 = insert(:actor, user: user_moderator_2) %Report{} = report = insert(:report) API.Reports.update_report_status(moderator, report, "resolved") {:ok, %Note{} = note} = API.Reports.create_report_note(report, moderator_2, @note_content) API.Reports.delete_report_note(note, moderator_2) query = """ { actionLogs { total elements { action, actor { preferredUsername }, object { ... on Report { id, status }, ... on ReportNote { content } } } } } """ res = conn |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs")) assert json_response(res, 200)["errors"] |> hd |> Map.get("message") == "You need to be logged-in and a moderator to list action logs" res = conn |> auth_conn(user_moderator) |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs")) assert json_response(res, 200)["errors"] == nil assert json_response(res, 200)["data"]["actionLogs"]["total"] == 3 assert json_response(res, 200)["data"]["actionLogs"]["elements"] |> length == 3 assert json_response(res, 200)["data"]["actionLogs"]["elements"] == [ %{ "action" => "NOTE_DELETION", "actor" => %{"preferredUsername" => moderator_2.preferred_username}, "object" => %{"content" => @note_content} }, %{ "action" => "NOTE_CREATION", "actor" => %{"preferredUsername" => moderator_2.preferred_username}, "object" => %{"content" => @note_content} }, %{ "action" => "REPORT_UPDATE_RESOLVED", "actor" => %{"preferredUsername" => moderator.preferred_username}, "object" => %{"id" => to_string(report.id), "status" => "RESOLVED"} } ] end end describe "Resolver: Get the dashboard statistics" do test "get_dashboard/3 gets dashboard information", %{conn: conn} do %Event{title: title} = insert(:event) %User{} = user_admin = insert(:user, role: :administrator) query = """ { dashboard { lastPublicEventPublished { title } numberOfUsers, numberOfComments, numberOfEvents, numberOfReports } } """ res = conn |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs")) assert json_response(res, 200)["errors"] |> hd |> Map.get("message") == "You need to be logged-in and an administrator to access dashboard statistics" res = conn |> auth_conn(user_admin) |> get("/api", AbsintheHelpers.query_skeleton(query, "actionLogs")) assert json_response(res, 200)["errors"] == nil assert json_response(res, 200)["data"]["dashboard"]["lastPublicEventPublished"]["title"] == title end end describe "Resolver: Get the list of relay followers" do @relay_followers_query """ { relayFollowers { elements { actor { preferredUsername, domain, }, approved }, total } } """ @relay_followings_query """ { relayFollowings { elements { targetActor { preferredUsername, domain, }, approved }, total } } """ test "test list_relay_followers/3 returns nothing when not logged-in", %{conn: conn} do follower_actor = insert(:actor, domain: "localhost", user: nil, url: "http://localhost:8080/actor", preferred_username: "instance_actor", name: "I am an instance actor" ) %Actor{} = relay_actor = Relay.get_actor() insert(:follower, actor: follower_actor, target_actor: relay_actor) res = conn |> AbsintheHelpers.graphql_query(query: @relay_followers_query) assert hd(res["errors"])["message"] == "You need to be logged in" assert hd(res["errors"])["status_code"] == 401 end test "test list_relay_followers/3 returns nothing when not an admin", %{conn: conn} do %User{} = user_moderator = insert(:user, role: :moderator) %User{} = user = insert(:user) follower_actor = insert(:actor, domain: "localhost", user: nil, url: "http://localhost:8080/actor", preferred_username: "instance_actor", name: "I am an instance actor" ) %Actor{} = relay_actor = Relay.get_actor() insert(:follower, actor: follower_actor, target_actor: relay_actor) res = conn |> auth_conn(user_moderator) |> AbsintheHelpers.graphql_query(query: @relay_followers_query) assert hd(res["errors"])["message"] == "You don't have permission to do this" assert hd(res["errors"])["status_code"] == 403 res = conn |> auth_conn(user) |> AbsintheHelpers.graphql_query(query: @relay_followers_query) assert hd(res["errors"])["message"] == "You don't have permission to do this" assert hd(res["errors"])["status_code"] == 403 end test "test list_relay_followers/3 returns relay followers", %{conn: conn} do %User{} = user_admin = insert(:user, role: :administrator) follower_actor = insert(:actor, domain: "localhost", user: nil, url: "http://localhost:8080/actor", preferred_username: "instance_actor", name: "I am an instance actor" ) %Actor{} = relay_actor = Relay.get_actor() insert(:follower, actor: follower_actor, target_actor: relay_actor) res = conn |> auth_conn(user_admin) |> AbsintheHelpers.graphql_query(query: @relay_followers_query) assert is_nil(res["errors"]) assert hd(res["data"]["relayFollowers"]["elements"]) == %{ "actor" => %{"preferredUsername" => "instance_actor", "domain" => "localhost"}, "approved" => false } end test "test list_relay_followings/3 returns nothing when not logged-in", %{conn: conn} do %Actor{} = following_actor = insert(:actor, domain: "localhost", user: nil, url: "http://localhost:8080/actor", preferred_username: "instance_actor", name: "I am an instance actor" ) %Actor{} = relay_actor = Relay.get_actor() insert(:follower, actor: relay_actor, target_actor: following_actor) res = conn |> AbsintheHelpers.graphql_query(query: @relay_followings_query) assert hd(res["errors"])["message"] == "You need to be logged in" assert hd(res["errors"])["status_code"] == 401 end test "test list_relay_followings/3 returns nothing when not an admin", %{conn: conn} do %User{} = user_moderator = insert(:user, role: :moderator) %User{} = user = insert(:user) %Actor{} = following_actor = insert(:actor, domain: "localhost", user: nil, url: "http://localhost:8080/actor", preferred_username: "instance_actor", name: "I am an instance actor" ) %Actor{} = relay_actor = Relay.get_actor() insert(:follower, actor: relay_actor, target_actor: following_actor) res = conn |> auth_conn(user_moderator) |> AbsintheHelpers.graphql_query(query: @relay_followings_query) assert hd(res["errors"])["message"] == "You don't have permission to do this" assert hd(res["errors"])["status_code"] == 403 res = conn |> auth_conn(user) |> AbsintheHelpers.graphql_query(query: @relay_followings_query) assert hd(res["errors"])["message"] == "You don't have permission to do this" assert hd(res["errors"])["status_code"] == 403 end test "test list_relay_followings/3 returns relay followings", %{conn: conn} do %User{} = user_admin = insert(:user, role: :administrator) %Actor{ preferred_username: following_actor_preferred_username, domain: following_actor_domain } = following_actor = insert(:actor, domain: "localhost", user: nil, url: "http://localhost:8080/actor", preferred_username: "instance_actor", name: "I am an instance actor" ) %Actor{} = relay_actor = Relay.get_actor() insert(:follower, actor: relay_actor, target_actor: following_actor) res = conn |> auth_conn(user_admin) |> AbsintheHelpers.graphql_query(query: @relay_followings_query) assert is_nil(res["errors"]) assert hd(res["data"]["relayFollowings"]["elements"]) == %{ "targetActor" => %{ "preferredUsername" => following_actor_preferred_username, "domain" => following_actor_domain }, "approved" => false } end end @admin_settings_fragment """ fragment adminSettingsFragment on AdminSettings { instanceName instanceDescription instanceLongDescription contact instanceTerms instanceTermsType instanceTermsUrl instancePrivacyPolicy instancePrivacyPolicyType instancePrivacyPolicyUrl instanceRules registrationsOpen } """ describe "Resolver: Get the instance admin settings" do @admin_settings_query """ query { adminSettings { ...adminSettingsFragment } } #{@admin_settings_fragment} """ setup %{conn: conn} do Cachex.clear(:config) [conn: conn] end test "from config files", %{conn: conn} do admin = insert(:user, role: :administrator) res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query(query: @admin_settings_query) assert res["data"]["adminSettings"]["instanceName"] == Application.get_env(:mobilizon, :instance)[:name] assert res["data"]["adminSettings"]["registrationsOpen"] == Application.get_env(:mobilizon, :instance)[:registrations_open] end @instance_name "My Awesome Instance" test "from DB", %{conn: conn} do admin = insert(:user, role: :administrator) insert(:admin_setting, group: "instance", name: "instance_name", value: @instance_name) insert(:admin_setting, group: "instance", name: "registrations_open", value: "false") res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query(query: @admin_settings_query) assert res["data"]["adminSettings"]["instanceName"] == @instance_name assert res["data"]["adminSettings"]["registrationsOpen"] == false end test "unless user isn't admin", %{conn: conn} do admin = insert(:user) res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query(query: @admin_settings_query) assert hd(res["errors"])["message"] == "You need to be logged-in and an administrator to access admin settings" end end describe "Resolver: Update the instance admin settings" do setup %{conn: conn} do Cachex.clear(:config) [conn: conn] end @update_instance_admin_settings_mutation """ mutation SaveAdminSettings( $instanceName: String $instanceDescription: String $instanceLongDescription: String $contact: String $instanceTerms: String $instanceTermsType: InstanceTermsType $instanceTermsUrl: String $instancePrivacyPolicy: String $instancePrivacyPolicyType: InstancePrivacyType $instancePrivacyPolicyUrl: String $instanceRules: String $registrationsOpen: Boolean ) { saveAdminSettings( instanceName: $instanceName instanceDescription: $instanceDescription instanceLongDescription: $instanceLongDescription contact: $contact instanceTerms: $instanceTerms instanceTermsType: $instanceTermsType instanceTermsUrl: $instanceTermsUrl instancePrivacyPolicy: $instancePrivacyPolicy instancePrivacyPolicyType: $instancePrivacyPolicyType instancePrivacyPolicyUrl: $instancePrivacyPolicyUrl instanceRules: $instanceRules registrationsOpen: $registrationsOpen ) { ...adminSettingsFragment } } #{@admin_settings_fragment} """ @new_instance_name "new Instance Name" test "does the setting update and updates instance actor as well", %{conn: conn} do admin = insert(:user, role: :administrator) res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query(query: @admin_settings_query) assert res["data"]["adminSettings"]["instanceName"] == Application.get_env(:mobilizon, :instance)[:name] assert res["data"]["adminSettings"]["registrationsOpen"] == Application.get_env(:mobilizon, :instance)[:registrations_open] res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @update_instance_admin_settings_mutation, variables: %{"instanceName" => @new_instance_name, "registrationsOpen" => false} ) assert res["data"]["saveAdminSettings"]["instanceName"] == @new_instance_name assert res["data"]["saveAdminSettings"]["registrationsOpen"] == false assert %Actor{name: @new_instance_name} = Relay.get_actor() end test "unless user isn't admin", %{conn: conn} do user = insert(:user) res = conn |> auth_conn(user) |> AbsintheHelpers.graphql_query( query: @update_instance_admin_settings_mutation, variables: %{"instanceName" => @new_instance_name, "registrationsOpen" => false} ) assert hd(res["errors"])["message"] == "You need to be logged-in and an administrator to save admin settings" end end @admin_update_user """ mutation AdminUpdateUser($id: ID!, $email: String, $role: UserRole, $confirmed: Boolean, $notify: Boolean) { adminUpdateUser(id: $id, email: $email, role: $role, confirmed: $confirmed, notify: $notify) { id email role confirmedAt } } """ describe "Resolver: Update an user email" do setup do admin = insert(:user, role: :administrator) user = insert(:user) {:ok, admin: admin, user: user} end test "when not an admin", %{conn: conn, user: user} do admin = insert(:user) res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "email" => "new@email.com"} ) assert hd(res["errors"])["message"] == "You need to be logged-in and an administrator to edit an user's details" end test "when putting same email", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "email" => user.email} ) assert hd(res["errors"])["message"] == "The new email must be different" end test "with an invalid email", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "email" => "not an email"} ) assert hd(res["errors"])["message"] == "The new email doesn't seem to be valid" end test "with a valid email, and no notification", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "email" => "new@email.com", "notify" => false} ) refute_email_sent() assert res["errors"] == nil assert res["data"]["adminUpdateUser"]["email"] == "new@email.com" end test "with a valid email, and notification", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "email" => "new@email.com", "notify" => true} ) assert_email_sent( to: user.email, subject: "An administrator manually changed the email attached to your account on Test instance" ) # # Swoosh.TestAssertions can't test multiple emails sent # assert_email_sent( # to: "new@email.com", # subject: # "An administrator manually changed the email attached to your account on Test instance" # ) assert res["errors"] == nil assert res["data"]["adminUpdateUser"]["email"] == "new@email.com" end end describe "Resolver: Update an user role" do setup do admin = insert(:user, role: :administrator) user = insert(:user) {:ok, admin: admin, user: user} end test "when putting same role", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "role" => String.upcase(to_string(user.role))} ) assert hd(res["errors"])["message"] == "The new role must be different" end test "with an invalid role", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "role" => "not a valid role"} ) assert hd(res["errors"])["message"] == "Argument \"role\" has invalid value $role." end test "with a valid role, and no notification", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "role" => "MODERATOR", "notify" => false} ) refute_email_sent() assert res["errors"] == nil assert res["data"]["adminUpdateUser"]["role"] == "MODERATOR" end test "with a valid role, and notification", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "role" => "MODERATOR", "notify" => true} ) assert_email_sent(to: user.email) assert res["errors"] == nil assert res["data"]["adminUpdateUser"]["role"] == "MODERATOR" end end describe "Resolver: Confirm an user" do setup do admin = insert(:user, role: :administrator) user = insert(:user) {:ok, admin: admin, user: user} end test "already confirmed", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "confirmed" => true, "notify" => false} ) refute_email_sent() assert hd(res["errors"])["message"] == "Can't confirm an already confirmed user" end test "while unconfirming", %{conn: conn, user: user, admin: admin} do res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "confirmed" => false, "notify" => false} ) refute_email_sent() assert hd(res["errors"])["message"] == "Deconfirming users is not supported" end test "while confirming, and no notification", %{conn: conn, admin: admin} do user = insert(:user, confirmed_at: nil) res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "confirmed" => true, "notify" => false} ) refute_email_sent() assert res["errors"] == nil refute res["data"]["adminUpdateUser"]["confirmedAt"] == nil end test "while confirming, and notification", %{conn: conn, admin: admin} do user = insert(:user, confirmed_at: nil) res = conn |> auth_conn(admin) |> AbsintheHelpers.graphql_query( query: @admin_update_user, variables: %{"id" => user.id, "confirmed" => true, "notify" => true} ) assert_email_sent(to: user.email) assert res["errors"] == nil refute res["data"]["adminUpdateUser"]["confirmedAt"] == nil end end end