Merge branch 'release/2.0.1' into 'stable'v2.0.1

2.0.1 release

See merge request pleroma/pleroma!2298

6 files changed, 118 insertions, 86 deletions

diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index 9151034da..b2352538a 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -341,6 +341,44 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert "ok" == json_response(conn, 200)
       assert Instances.reachable?(sender_url)
     end
+
+    test "accept follow activity", %{conn: conn} do
+      Pleroma.Config.put([:instance, :federating], true)
+      relay = Relay.get_actor()
+
+      assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor")
+
+      followed_relay = Pleroma.User.get_by_ap_id("https://relay.mastodon.host/actor")
+      relay = refresh_record(relay)
+
+      accept =
+        File.read!("test/fixtures/relay/accept-follow.json")
+        |> String.replace("{{ap_id}}", relay.ap_id)
+        |> String.replace("{{activity_id}}", activity.data["id"])
+
+      assert "ok" ==
+               conn
+               |> assign(:valid_signature, true)
+               |> put_req_header("content-type", "application/activity+json")
+               |> post("/inbox", accept)
+               |> json_response(200)
+
+      ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+
+      assert Pleroma.FollowingRelationship.following?(
+               relay,
+               followed_relay
+             )
+
+      Mix.shell(Mix.Shell.Process)
+
+      on_exit(fn ->
+        Mix.shell(Mix.Shell.IO)
+      end)
+
+      :ok = Mix.Tasks.Pleroma.Relay.run(["list"])
+      assert_receive {:mix_shell, :info, ["relay.mastodon.host"]}
+    end
   end
 
   describe "/users/:nickname/inbox" do
diff --git a/test/web/activity_pub/utils_test.exs b/test/web/activity_pub/utils_test.exs
index e5ab54dd4..e913a5148 100644
--- a/test/web/activity_pub/utils_test.exs
+++ b/test/web/activity_pub/utils_test.exs
@@ -177,71 +177,6 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
     end
   end
 
-  describe "fetch_ordered_collection" do
-    import Tesla.Mock
-
-    test "fetches the first OrderedCollectionPage when an OrderedCollection is encountered" do
-      mock(fn
-        %{method: :get, url: "http://mastodon.com/outbox"} ->
-          json(%{"type" => "OrderedCollection", "first" => "http://mastodon.com/outbox?page=true"})
-
-        %{method: :get, url: "http://mastodon.com/outbox?page=true"} ->
-          json(%{"type" => "OrderedCollectionPage", "orderedItems" => ["ok"]})
-      end)
-
-      assert Utils.fetch_ordered_collection("http://mastodon.com/outbox", 1) == ["ok"]
-    end
-
-    test "fetches several pages in the right order one after another, but only the specified amount" do
-      mock(fn
-        %{method: :get, url: "http://example.com/outbox"} ->
-          json(%{
-            "type" => "OrderedCollectionPage",
-            "orderedItems" => [0],
-            "next" => "http://example.com/outbox?page=1"
-          })
-
-        %{method: :get, url: "http://example.com/outbox?page=1"} ->
-          json(%{
-            "type" => "OrderedCollectionPage",
-            "orderedItems" => [1],
-            "next" => "http://example.com/outbox?page=2"
-          })
-
-        %{method: :get, url: "http://example.com/outbox?page=2"} ->
-          json(%{"type" => "OrderedCollectionPage", "orderedItems" => [2]})
-      end)
-
-      assert Utils.fetch_ordered_collection("http://example.com/outbox", 0) == [0]
-      assert Utils.fetch_ordered_collection("http://example.com/outbox", 1) == [0, 1]
-    end
-
-    test "returns an error if the url doesn't have an OrderedCollection/Page" do
-      mock(fn
-        %{method: :get, url: "http://example.com/not-an-outbox"} ->
-          json(%{"type" => "NotAnOutbox"})
-      end)
-
-      assert {:error, _} = Utils.fetch_ordered_collection("http://example.com/not-an-outbox", 1)
-    end
-
-    test "returns the what was collected if there are less pages than specified" do
-      mock(fn
-        %{method: :get, url: "http://example.com/outbox"} ->
-          json(%{
-            "type" => "OrderedCollectionPage",
-            "orderedItems" => [0],
-            "next" => "http://example.com/outbox?page=1"
-          })
-
-        %{method: :get, url: "http://example.com/outbox?page=1"} ->
-          json(%{"type" => "OrderedCollectionPage", "orderedItems" => [1]})
-      end)
-
-      assert Utils.fetch_ordered_collection("http://example.com/outbox", 5) == [0, 1]
-    end
-  end
-
   test "make_json_ld_header/0" do
     assert Utils.make_json_ld_header() == %{
              "@context" => [
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index 299d968db..b80523160 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -202,13 +202,15 @@ defmodule Pleroma.Web.CommonAPITest do
                CommonAPI.post(user, %{"status" => ""})
     end
 
-    test "it returns error when character limit is exceeded" do
+    test "it validates character limits are correctly enforced" do
       Pleroma.Config.put([:instance, :limit], 5)
 
       user = insert(:user)
 
       assert {:error, "The status is over the character limit"} =
                CommonAPI.post(user, %{"status" => "foobar"})
+
+      assert {:ok, activity} = CommonAPI.post(user, %{"status" => "12345"})
     end
 
     test "it can handle activities that expire" do
diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs
index b380d10d8..45fc94522 100644
--- a/test/web/common_api/common_api_utils_test.exs
+++ b/test/web/common_api/common_api_utils_test.exs
@@ -89,8 +89,8 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
 
       assert output == expected
 
-      text = "<p>hello world!</p>\n\n<p>second paragraph</p>"
-      expected = "<p>hello world!</p>\n\n<p>second paragraph</p>"
+      text = "<p>hello world!</p><br/>\n<p>second paragraph</p>"
+      expected = "<p>hello world!</p><br/>\n<p>second paragraph</p>"
 
       {output, [], []} = Utils.format_input(text, "text/html")
 
@@ -99,14 +99,14 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
 
     test "works for bare text/markdown" do
       text = "**hello world**"
-      expected = "<p><strong>hello world</strong></p>\n"
+      expected = "<p><strong>hello world</strong></p>"
 
       {output, [], []} = Utils.format_input(text, "text/markdown")
 
       assert output == expected
 
       text = "**hello world**\n\n*another paragraph*"
-      expected = "<p><strong>hello world</strong></p>\n<p><em>another paragraph</em></p>\n"
+      expected = "<p><strong>hello world</strong></p><p><em>another paragraph</em></p>"
 
       {output, [], []} = Utils.format_input(text, "text/markdown")
 
@@ -118,7 +118,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       by someone
       """
 
-      expected = "<blockquote><p>cool quote</p>\n</blockquote>\n<p>by someone</p>\n"
+      expected = "<blockquote><p>cool quote</p></blockquote><p>by someone</p>"
 
       {output, [], []} = Utils.format_input(text, "text/markdown")
 
@@ -134,7 +134,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       assert output == expected
 
       text = "[b]hello world![/b]\n\nsecond paragraph!"
-      expected = "<strong>hello world!</strong><br>\n<br>\nsecond paragraph!"
+      expected = "<strong>hello world!</strong><br><br>second paragraph!"
 
       {output, [], []} = Utils.format_input(text, "text/bbcode")
 
@@ -143,7 +143,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       text = "[b]hello world![/b]\n\n<strong>second paragraph!</strong>"
 
       expected =
-        "<strong>hello world!</strong><br>\n<br>\n&lt;strong&gt;second paragraph!&lt;/strong&gt;"
+        "<strong>hello world!</strong><br><br>&lt;strong&gt;second paragraph!&lt;/strong&gt;"
 
       {output, [], []} = Utils.format_input(text, "text/bbcode")
 
@@ -156,16 +156,14 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
 
       text = "**hello world**\n\n*another @user__test and @user__test google.com paragraph*"
 
-      expected =
-        ~s(<p><strong>hello world</strong></p>\n<p><em>another <span class="h-card"><a data-user="#{
-          user.id
-        }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a data-user="#{
-          user.id
-        }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>\n)
-
       {output, _, _} = Utils.format_input(text, "text/markdown")
 
-      assert output == expected
+      assert output ==
+               ~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a data-user="#{
+                 user.id
+               }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a data-user="#{
+                 user.id
+               }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>)
     end
   end
 
diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs
index 57d0f4416..7efccd9c4 100644
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@@ -601,6 +601,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       [valid_params: valid_params]
     end
 
+    clear_config([:instance, :account_activation_required])
+
     test "Account registration via Application", %{conn: conn} do
       conn =
         post(conn, "/api/v1/apps", %{
@@ -685,7 +687,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert json_response(res, 200)
 
       [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
-      |> Stream.zip(valid_params)
+      |> Stream.zip(Map.delete(valid_params, :email))
       |> Enum.each(fn {ip, {attr, _}} ->
         res =
           conn
@@ -697,6 +699,54 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       end)
     end
 
+    clear_config([:instance, :account_activation_required])
+
+    test "returns bad_request if missing email params when :account_activation_required is enabled",
+         %{conn: conn, valid_params: valid_params} do
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+
+      app_token = insert(:oauth_token, user: nil)
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 5})
+        |> post("/api/v1/accounts", Map.delete(valid_params, :email))
+
+      assert json_response(res, 400) == %{"error" => "Missing parameters"}
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 6})
+        |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
+
+      assert json_response(res, 400) == %{"error" => "{\"email\":[\"can't be blank\"]}"}
+    end
+
+    test "allow registration without an email", %{conn: conn, valid_params: valid_params} do
+      app_token = insert(:oauth_token, user: nil)
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 7})
+        |> post("/api/v1/accounts", Map.delete(valid_params, :email))
+
+      assert json_response(res, 200)
+    end
+
+    test "allow registration with an empty email", %{conn: conn, valid_params: valid_params} do
+      app_token = insert(:oauth_token, user: nil)
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res =
+        conn
+        |> Map.put(:remote_ip, {127, 0, 0, 8})
+        |> post("/api/v1/accounts", Map.put(valid_params, :email, ""))
+
+      assert json_response(res, 200)
+    end
+
     test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
       conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
 
@@ -706,10 +756,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
   end
 
   describe "create account by app / rate limit" do
-    clear_config([Pleroma.Plugs.RemoteIp, :enabled]) do
-      Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
-    end
-
     clear_config([:rate_limit, :app_account_creation]) do
       Pleroma.Config.put([:rate_limit, :app_account_creation], {10_000, 2})
     end
diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs
index 2ce8f9fa3..2c999295a 100644
--- a/test/web/static_fe/static_fe_controller_test.exs
+++ b/test/web/static_fe/static_fe_controller_test.exs
@@ -110,6 +110,19 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
       assert html =~ "testing a thing!"
     end
 
+    test "filters HTML tags", %{conn: conn} do
+      user = insert(:user)
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
+
+      conn =
+        conn
+        |> put_req_header("accept", "text/html")
+        |> get("/notice/#{activity.id}")
+
+      html = html_response(conn, 200)
+      assert html =~ ~s[&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;]
+    end
+
     test "shows the whole thread", %{conn: conn} do
       user = insert(:user)
       {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})