diff options
Diffstat (limited to 'test/web')
24 files changed, 1168 insertions, 14 deletions
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 3ed7be402..1c24b348c 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -5,6 +5,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do alias Pleroma.{Repo, User} alias Pleroma.Activity + describe "/relay" do + test "with the relay active, it returns the relay user", %{conn: conn} do + res = + conn + |> get(activity_pub_path(conn, :relay)) + |> json_response(200) + + assert res["id"] =~ "/relay" + end + + test "with the relay disabled, it returns 404", %{conn: conn} do + Pleroma.Config.put([:instance, :allow_relay], false) + + res = + conn + |> get(activity_pub_path(conn, :relay)) + |> json_response(404) + + Pleroma.Config.put([:instance, :allow_relay], true) + end + end + describe "/users/:nickname" do test "it returns a json representation of the user", %{conn: conn} do user = insert(:user) @@ -46,7 +68,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end end - describe "/users/:nickname/inbox" do + describe "/inbox" do test "it inserts an incoming activity into the database", %{conn: conn} do data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() @@ -62,6 +84,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end end + describe "/users/:nickname/inbox" do + test "it inserts an incoming activity into the database", %{conn: conn} do + user = insert(:user) + + data = + File.read!("test/fixtures/mastodon-post-activity.json") + |> Poison.decode!() + |> Map.put("bcc", [user.ap_id]) + + conn = + conn + |> assign(:valid_signature, true) + |> put_req_header("content-type", "application/activity+json") + |> post("/users/#{user.nickname}/inbox", data) + + assert "ok" == json_response(conn, 200) + :timer.sleep(500) + assert Activity.get_by_ap_id(data["id"]) + end + end + describe "/users/:nickname/outbox" do test "it returns a note activity in a collection", %{conn: conn} do note_activity = insert(:note_activity) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 1cf7d6bbc..35c381ac3 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -476,6 +476,54 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do end end + describe "timeline post-processing" do + test "it filters broken threads" do + user1 = insert(:user) + user2 = insert(:user) + user3 = insert(:user) + + {:ok, user1} = User.follow(user1, user3) + assert User.following?(user1, user3) + + {:ok, user2} = User.follow(user2, user3) + assert User.following?(user2, user3) + + {:ok, user3} = User.follow(user3, user2) + assert User.following?(user3, user2) + + {:ok, public_activity} = CommonAPI.post(user3, %{"status" => "hi 1"}) + + {:ok, private_activity_1} = + CommonAPI.post(user3, %{"status" => "hi 2", "visibility" => "private"}) + + {:ok, private_activity_2} = + CommonAPI.post(user2, %{ + "status" => "hi 3", + "visibility" => "private", + "in_reply_to_status_id" => private_activity_1.id + }) + + {:ok, private_activity_3} = + CommonAPI.post(user3, %{ + "status" => "hi 4", + "visibility" => "private", + "in_reply_to_status_id" => private_activity_2.id + }) + + assert user1.following == [user3.ap_id <> "/followers", user1.ap_id] + + activities = ActivityPub.fetch_activities([user1.ap_id | user1.following]) + + assert [public_activity, private_activity_1, private_activity_3] == activities + assert length(activities) == 3 + + activities = ActivityPub.contain_timeline(activities, user1) + + assert [public_activity, private_activity_1] == activities + assert length(activities) == 2 + end + end + test "it can fetch plume articles" do {:ok, object} = ActivityPub.fetch_object_from_id( diff --git a/test/web/activity_pub/relay_test.exs b/test/web/activity_pub/relay_test.exs new file mode 100644 index 000000000..41d13e055 --- /dev/null +++ b/test/web/activity_pub/relay_test.exs @@ -0,0 +1,11 @@ +defmodule Pleroma.Web.ActivityPub.RelayTest do + use Pleroma.DataCase + + alias Pleroma.Web.ActivityPub.Relay + + test "gets an actor for the relay" do + user = Relay.get_actor() + + assert user.ap_id =~ "/relay" + end +end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index afa25bb60..829da0a65 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -121,6 +121,38 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do "<p>henlo from my Psion netBook</p><p>message sent from my Psion netBook</p>" end + test "it works for incoming announces with actor being inlined (kroeg)" do + data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["actor"] == "https://puckipedia.com/" + end + + test "it works for incoming notices with tag not being an array (kroeg)" do + data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["object"]["emoji"] == %{ + "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png" + } + + data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert "test" in data["object"]["tag"] + end + + test "it works for incoming notices with url not being a string (prismo)" do + data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["object"]["url"] == "https://prismo.news/posts/83" + end + test "it works for incoming follow requests" do user = insert(:user) @@ -329,6 +361,26 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do refute Repo.get(Activity, activity.id) end + test "it fails for incoming deletes with spoofed origin" do + activity = insert(:note_activity) + + data = + File.read!("test/fixtures/mastodon-delete.json") + |> Poison.decode!() + + object = + data["object"] + |> Map.put("id", activity.data["object"]["id"]) + + data = + data + |> Map.put("object", object) + + :error = Transmogrifier.handle_incoming(data) + + assert Repo.get(Activity, activity.id) + end + test "it works for incoming unannounces with an existing notice" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) @@ -671,7 +723,9 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) - assert modified["@context"] == "https://www.w3.org/ns/activitystreams" + assert modified["@context"] == + Pleroma.Web.ActivityPub.Utils.make_json_ld_header()["@context"] + assert modified["object"]["conversation"] == modified["context"] end @@ -709,6 +763,39 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29" end + + test "it strips internal hashtag data" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"}) + + expected_tag = %{ + "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu", + "type" => "Hashtag", + "name" => "#2hu" + } + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert modified["object"]["tag"] == [expected_tag] + end + + test "it strips internal fields" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert length(modified["object"]["tag"]) == 2 + + assert is_nil(modified["object"]["emoji"]) + assert is_nil(modified["object"]["likes"]) + assert is_nil(modified["object"]["like_count"]) + assert is_nil(modified["object"]["announcements"]) + assert is_nil(modified["object"]["announcement_count"]) + assert is_nil(modified["object"]["context_id"]) + end end describe "user upgrade" do @@ -805,12 +892,10 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do end test "it rejects activities which reference objects with bogus origins" do - user = insert(:user, %{local: false}) - data = %{ "@context" => "https://www.w3.org/ns/activitystreams", - "id" => user.ap_id <> "/activities/1234", - "actor" => user.ap_id, + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "object" => "https://info.pleroma.site/activity.json", "type" => "Announce" @@ -818,5 +903,96 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do :error = Transmogrifier.handle_incoming(data) end + + test "it rejects objects when attributedTo is wrong (variant 1)" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json") + end + + test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity2.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end + + test "it rejects objects when attributedTo is wrong (variant 2)" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json") + end + + test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity3.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end + end + + describe "general origin containment" do + test "contain_origin_from_id() catches obvious spoofing attempts" do + data = %{ + "id" => "http://example.com/~alyssa/activities/1234.json" + } + + :error = + Transmogrifier.contain_origin_from_id( + "http://example.org/~alyssa/activities/1234.json", + data + ) + end + + test "contain_origin_from_id() allows alternate IDs within the same origin domain" do + data = %{ + "id" => "http://example.com/~alyssa/activities/1234.json" + } + + :ok = + Transmogrifier.contain_origin_from_id( + "http://example.com/~alyssa/activities/1234", + data + ) + end + + test "contain_origin_from_id() allows matching IDs" do + data = %{ + "id" => "http://example.com/~alyssa/activities/1234.json" + } + + :ok = + Transmogrifier.contain_origin_from_id( + "http://example.com/~alyssa/activities/1234.json", + data + ) + end + + test "users cannot be collided through fake direction spoofing attempts" do + user = + insert(:user, %{ + nickname: "rye@niu.moe", + local: false, + ap_id: "https://niu.moe/users/rye", + follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"}) + }) + + {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye") + end + + test "all objects with fake directions are rejected by the object fetcher" do + {:error, _} = + ActivityPub.fetch_and_contain_remote_object_from_id( + "https://info.pleroma.site/activity4.json" + ) + end end end diff --git a/test/web/activity_pub/views/object_view_test.exs b/test/web/activity_pub/views/object_view_test.exs index 6a1311be7..d144a77fc 100644 --- a/test/web/activity_pub/views/object_view_test.exs +++ b/test/web/activity_pub/views/object_view_test.exs @@ -2,6 +2,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do use Pleroma.DataCase import Pleroma.Factory + alias Pleroma.Web.CommonAPI alias Pleroma.Web.ActivityPub.ObjectView test "renders a note object" do @@ -13,5 +14,45 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do assert result["to"] == note.data["to"] assert result["content"] == note.data["content"] assert result["type"] == "Note" + assert result["@context"] + end + + test "renders a note activity" do + note = insert(:note_activity) + + result = ObjectView.render("object.json", %{object: note}) + + assert result["id"] == note.data["id"] + assert result["to"] == note.data["to"] + assert result["object"]["type"] == "Note" + assert result["object"]["content"] == note.data["object"]["content"] + assert result["type"] == "Create" + assert result["@context"] + end + + test "renders a like activity" do + note = insert(:note_activity) + user = insert(:user) + + {:ok, like_activity, _} = CommonAPI.favorite(note.id, user) + + result = ObjectView.render("object.json", %{object: like_activity}) + + assert result["id"] == like_activity.data["id"] + assert result["object"] == note.data["object"]["id"] + assert result["type"] == "Like" + end + + test "renders an announce activity" do + note = insert(:note_activity) + user = insert(:user) + + {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user) + + result = ObjectView.render("object.json", %{object: announce_activity}) + + assert result["id"] == announce_activity.data["id"] + assert result["object"] == note.data["object"]["id"] + assert result["type"] == "Announce" end end diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs new file mode 100644 index 000000000..fa0cb71bf --- /dev/null +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -0,0 +1,112 @@ +defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do + use Pleroma.Web.ConnCase + + alias Pleroma.{Repo, User} + + import Pleroma.Factory + import ExUnit.CaptureLog + + describe "/api/pleroma/admin/user" do + test "Delete" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}") + + assert json_response(conn, 200) == user.nickname + end + + test "Create" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user", %{ + "nickname" => "lain", + "email" => "lain@example.org", + "password" => "test" + }) + + assert json_response(conn, 200) == "lain" + end + end + + describe "/api/pleroma/admin/permission_group" do + test "GET is giving user_info" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/permission_group/#{admin.nickname}") + + assert json_response(conn, 200) == admin.info + end + + test "/:right POST, can add to a permission group" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user) + + user_info = + user.info + |> Map.put("is_admin", true) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + + assert json_response(conn, 200) == user_info + end + + test "/:right DELETE, can remove from a permission group" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user, info: %{"is_admin" => true}) + + user_info = + user.info + |> Map.put("is_admin", false) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + + assert json_response(conn, 200) == user_info + end + end + + test "/api/pleroma/admin/invite_token" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/invite_token") + + assert conn.status == 200 + end + + test "/api/pleroma/admin/password_reset" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}") + + assert conn.status == 200 + end +end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 2a2c40833..cd36e409c 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -21,4 +21,36 @@ defmodule Pleroma.Web.CommonAPI.Test do assert karjalanpiirakka["name"] == ":karjalanpiirakka:" end + + describe "posting" do + test "it filters out obviously bad tags when accepting a post as HTML" do + user = insert(:user) + + post = "<p><b>2hu</b></p><script>alert('xss')</script>" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/html" + }) + + content = activity.data["object"]["content"] + assert content == "<p><b>2hu</b></p>alert('xss')" + end + + test "it filters out obviously bad tags when accepting a post as Markdown" do + user = insert(:user) + + post = "<p><b>2hu</b></p><script>alert('xss')</script>" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/markdown" + }) + + content = activity.data["object"]["content"] + assert content == "<p><b>2hu</b></p>alert('xss')" + end + end end diff --git a/test/web/federator_test.exs b/test/web/federator_test.exs index 09533362a..02e1ca76e 100644 --- a/test/web/federator_test.exs +++ b/test/web/federator_test.exs @@ -1,6 +1,9 @@ defmodule Pleroma.Web.FederatorTest do alias Pleroma.Web.Federator + alias Pleroma.Web.CommonAPI use Pleroma.DataCase + import Pleroma.Factory + import Mock test "enqueues an element according to priority" do queue = [%{item: 1, priority: 2}] @@ -17,4 +20,83 @@ defmodule Pleroma.Web.FederatorTest do assert {2, [%{item: 1, priority: 2}]} = Federator.queue_pop(queue) end + + describe "Publish an activity" do + setup do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"}) + + relay_mock = { + Pleroma.Web.ActivityPub.Relay, + [], + [publish: fn _activity -> send(self(), :relay_publish) end] + } + + %{activity: activity, relay_mock: relay_mock} + end + + test "with relays active, it publishes to the relay", %{ + activity: activity, + relay_mock: relay_mock + } do + with_mocks([relay_mock]) do + Federator.handle(:publish, activity) + end + + assert_received :relay_publish + end + + test "with relays deactivated, it does not publish to the relay", %{ + activity: activity, + relay_mock: relay_mock + } do + Pleroma.Config.put([:instance, :allow_relay], false) + + with_mocks([relay_mock]) do + Federator.handle(:publish, activity) + end + + refute_received :relay_publish + + Pleroma.Config.put([:instance, :allow_relay], true) + end + end + + describe "Receive an activity" do + test "successfully processes incoming AP docs with correct origin" do + params = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "actor" => "http://mastodon.example.org/users/admin", + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/activities/1", + "object" => %{ + "type" => "Note", + "content" => "hi world!", + "id" => "http://mastodon.example.org/users/admin/objects/1", + "attributedTo" => "http://mastodon.example.org/users/admin" + }, + "to" => ["https://www.w3.org/ns/activitystreams#Public"] + } + + {:ok, _activity} = Federator.handle(:incoming_ap_doc, params) + end + + test "rejects incoming AP docs with incorrect origin" do + params = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "actor" => "https://niu.moe/users/rye", + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/activities/1", + "object" => %{ + "type" => "Note", + "content" => "hi world!", + "id" => "http://mastodon.example.org/users/admin/objects/1", + "attributedTo" => "http://mastodon.example.org/users/admin" + }, + "to" => ["https://www.w3.org/ns/activitystreams#Public"] + } + + :error = Federator.handle(:incoming_ap_doc, params) + end + end end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index e9deae64d..ad67cae6b 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -178,6 +178,32 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> get("api/v1/timelines/home") [_s1, _s2] = json_response(res_conn, 200) + + # Test pagination + Enum.each(1..20, fn _ -> + {:ok, _} = + CommonAPI.post(user_one, %{ + "status" => "Hi @#{user_two.nickname}!", + "visibility" => "direct" + }) + end) + + res_conn = + conn + |> assign(:user, user_two) + |> get("api/v1/timelines/direct") + + statuses = json_response(res_conn, 200) + assert length(statuses) == 20 + + res_conn = + conn + |> assign(:user, user_two) + |> get("api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]}) + + [status] = json_response(res_conn, 200) + + assert status["url"] != direct.data["id"] end test "replying to a status", %{conn: conn} do @@ -198,6 +224,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert activity.data["object"]["inReplyToStatusId"] == replied_to.id end + test "posting a status with an invalid in_reply_to_id", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""}) + + assert %{"content" => "xD", "id" => id} = json_response(conn, 200) + + activity = Repo.get(Activity, id) + + assert activity + end + test "verify_credentials", %{conn: conn} do user = insert(:user) @@ -280,6 +321,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert response = json_response(conn, 200) assert response["phrase"] == filter.phrase assert response["context"] == filter.context + assert response["id"] != nil + assert response["id"] != "" end test "fetching a list of filters", %{conn: conn} do @@ -927,11 +970,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do {:ok, [_activity]} = OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") - conn = + nconn = conn |> get("/api/v1/timelines/tag/2hu") - assert [%{"id" => id}] = json_response(conn, 200) + assert [%{"id" => id}] = json_response(nconn, 200) + + assert id == to_string(activity.id) + + # works for different capitalization too + nconn = + conn + |> get("/api/v1/timelines/tag/2HU") + + assert [%{"id" => id}] = json_response(nconn, 200) assert id == to_string(activity.id) end) diff --git a/test/web/mastodon_api/mastodon_socket_test.exs b/test/web/mastodon_api/mastodon_socket_test.exs new file mode 100644 index 000000000..c7d71defc --- /dev/null +++ b/test/web/mastodon_api/mastodon_socket_test.exs @@ -0,0 +1,33 @@ +defmodule Pleroma.Web.MastodonApi.MastodonSocketTest do + use Pleroma.DataCase + + alias Pleroma.Web.MastodonApi.MastodonSocket + alias Pleroma.Web.{Streamer, CommonAPI} + alias Pleroma.User + + import Pleroma.Factory + + test "public is working when non-authenticated" do + user = insert(:user) + + task = + Task.async(fn -> + assert_receive {:text, _}, 4_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{} + } + + topics = %{ + "public" => [fake_socket] + } + + {:ok, activity} = CommonAPI.post(user, %{"status" => "Test"}) + + Streamer.push_to_socket(topics, "public", activity) + + Task.await(task) + end +end diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index b9c019206..31554a07d 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -7,6 +7,24 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do alias Pleroma.Web.CommonAPI import Pleroma.Factory + test "a note with null content" do + note = insert(:note_activity) + + data = + note.data + |> put_in(["object", "content"], nil) + + note = + note + |> Map.put(:data, data) + + user = User.get_cached_by_ap_id(note.data["actor"]) + + status = StatusView.render("status.json", %{activity: note}) + + assert status.content == "" + end + test "a note activity" do note = insert(:note_activity) user = User.get_cached_by_ap_id(note.data["actor"]) diff --git a/test/web/node_info_test.exs b/test/web/node_info_test.exs index d48f40e47..a6376453c 100644 --- a/test/web/node_info_test.exs +++ b/test/web/node_info_test.exs @@ -14,4 +14,36 @@ defmodule Pleroma.Web.NodeInfoTest do assert user.ap_id in result["metadata"]["staffAccounts"] end + + test "returns 404 when federation is disabled" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> get("/.well-known/nodeinfo") + |> json_response(404) + + conn + |> get("/nodeinfo/2.0.json") + |> json_response(404) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 when federation is enabled" do + conn + |> get("/.well-known/nodeinfo") + |> json_response(200) + + conn + |> get("/nodeinfo/2.0.json") + |> json_response(200) + end end diff --git a/test/web/oauth/authorization_test.exs b/test/web/oauth/authorization_test.exs index 4a9e2a3ac..98c7c4133 100644 --- a/test/web/oauth/authorization_test.exs +++ b/test/web/oauth/authorization_test.exs @@ -55,4 +55,26 @@ defmodule Pleroma.Web.OAuth.AuthorizationTest do assert {:error, "token expired"} == Authorization.use_token(expired_auth) end + + test "delete authorizations" do + {:ok, app} = + Repo.insert( + App.register_changeset(%App{}, %{ + client_name: "client", + scopes: "scope", + redirect_uris: "url" + }) + ) + + user = insert(:user) + + {:ok, auth} = Authorization.create_authorization(app, user) + {:ok, auth} = Authorization.use_token(auth) + + {auths, _} = Authorization.delete_user_authorizations(user) + + {_, invalid} = Authorization.use_token(auth) + + assert auth != invalid + end end diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs index 58448949c..f926ff50b 100644 --- a/test/web/oauth/token_test.exs +++ b/test/web/oauth/token_test.exs @@ -29,4 +29,36 @@ defmodule Pleroma.Web.OAuth.TokenTest do auth = Repo.get(Authorization, auth.id) {:error, "already used"} = Token.exchange_token(app, auth) end + + test "deletes all tokens of a user" do + {:ok, app1} = + Repo.insert( + App.register_changeset(%App{}, %{ + client_name: "client1", + scopes: "scope", + redirect_uris: "url" + }) + ) + + {:ok, app2} = + Repo.insert( + App.register_changeset(%App{}, %{ + client_name: "client2", + scopes: "scope", + redirect_uris: "url" + }) + ) + + user = insert(:user) + + {:ok, auth1} = Authorization.create_authorization(app1, user) + {:ok, auth2} = Authorization.create_authorization(app2, user) + + {:ok, token1} = Token.exchange_token(app1, auth1) + {:ok, token2} = Token.exchange_token(app2, auth2) + + {tokens, _} = Token.delete_user_tokens(user) + + assert tokens == 2 + end end diff --git a/test/web/ostatus/ostatus_controller_test.exs b/test/web/ostatus/ostatus_controller_test.exs index c23b175e8..371c835c0 100644 --- a/test/web/ostatus/ostatus_controller_test.exs +++ b/test/web/ostatus/ostatus_controller_test.exs @@ -2,6 +2,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do use Pleroma.Web.ConnCase import Pleroma.Factory alias Pleroma.{User, Repo} + alias Pleroma.Web.CommonAPI alias Pleroma.Web.OStatus.ActivityRepresenter test "decodes a salmon", %{conn: conn} do @@ -167,6 +168,32 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do assert json_response(conn, 200) end + test "only gets a notice in AS2 format for Create messages", %{conn: conn} do + note_activity = insert(:note_activity) + url = "/notice/#{note_activity.id}" + + conn = + conn + |> put_req_header("accept", "application/activity+json") + |> get(url) + + assert json_response(conn, 200) + + user = insert(:user) + + {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user) + url = "/notice/#{like_activity.id}" + + assert like_activity.data["type"] == "Like" + + conn = + build_conn() + |> put_req_header("accept", "application/activity+json") + |> get(url) + + assert response(conn, 404) + end + test "gets an activity in AS2 format", %{conn: conn} do note_activity = insert(:note_activity) [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"])) diff --git a/test/web/ostatus/ostatus_test.exs b/test/web/ostatus/ostatus_test.exs index f095e41dd..f95da8b0a 100644 --- a/test/web/ostatus/ostatus_test.exs +++ b/test/web/ostatus/ostatus_test.exs @@ -456,4 +456,28 @@ defmodule Pleroma.Web.OStatusTest do "https://www.w3.org/ns/activitystreams#Public" ] end + + describe "is_representable?" do + test "Note objects are representable" do + note_activity = insert(:note_activity) + + assert OStatus.is_representable?(note_activity) + end + + test "Article objects are not representable" do + note_activity = insert(:note_activity) + + note_object = Object.normalize(note_activity.data["object"]) + + note_data = + note_object.data + |> Map.put("type", "Article") + + cs = Object.change(note_object, %{data: note_data}) + {:ok, article_object} = Repo.update(cs) + + # the underlying object is now an Article instead of a note, so this should fail + refute OStatus.is_representable?(note_activity) + end + end end diff --git a/test/web/plugs/federating_plug_test.exs b/test/web/plugs/federating_plug_test.exs new file mode 100644 index 000000000..1455a1c46 --- /dev/null +++ b/test/web/plugs/federating_plug_test.exs @@ -0,0 +1,33 @@ +defmodule Pleroma.Web.FederatingPlugTest do + use Pleroma.Web.ConnCase + + test "returns and halt the conn when federating is disabled" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, false) + + Application.put_env(:pleroma, :instance, instance) + + conn = + build_conn() + |> Pleroma.Web.FederatingPlug.call(%{}) + + assert conn.status == 404 + assert conn.halted + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "does nothing when federating is enabled" do + conn = + build_conn() + |> Pleroma.Web.FederatingPlug.call(%{}) + + refute conn.status + refute conn.halted + end +end diff --git a/test/web/retry_queue_test.exs b/test/web/retry_queue_test.exs new file mode 100644 index 000000000..ce2964993 --- /dev/null +++ b/test/web/retry_queue_test.exs @@ -0,0 +1,31 @@ +defmodule MockActivityPub do + def publish_one(ret) do + {ret, "success"} + end +end + +defmodule Pleroma.ActivityTest do + use Pleroma.DataCase + alias Pleroma.Web.Federator.RetryQueue + + @small_retry_count 0 + @hopeless_retry_count 10 + + test "failed posts are retried" do + {:retry, _timeout} = RetryQueue.get_retry_params(@small_retry_count) + + assert {:noreply, %{delivered: 1}} == + RetryQueue.handle_info({:send, :ok, MockActivityPub, @small_retry_count}, %{ + delivered: 0 + }) + end + + test "posts that have been tried too many times are dropped" do + {:drop, _timeout} = RetryQueue.get_retry_params(@hopeless_retry_count) + + assert {:noreply, %{dropped: 1}} == + RetryQueue.handle_cast({:maybe_enqueue, %{}, nil, @hopeless_retry_count}, %{ + dropped: 0 + }) + end +end diff --git a/test/web/streamer_test.exs b/test/web/streamer_test.exs index 47d491d1b..df58441f0 100644 --- a/test/web/streamer_test.exs +++ b/test/web/streamer_test.exs @@ -2,7 +2,7 @@ defmodule Pleroma.Web.StreamerTest do use Pleroma.DataCase alias Pleroma.Web.Streamer - alias Pleroma.User + alias Pleroma.{List, User} alias Pleroma.Web.CommonAPI import Pleroma.Factory @@ -60,4 +60,111 @@ defmodule Pleroma.Web.StreamerTest do Task.await(task) end + + test "it doesn't send unwanted DMs to list" do + user_a = insert(:user) + user_b = insert(:user) + user_c = insert(:user) + + {:ok, user_a} = User.follow(user_a, user_b) + + {:ok, list} = List.create("Test", user_a) + {:ok, list} = List.follow(list, user_b) + + task = + Task.async(fn -> + refute_receive {:text, _}, 1_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{ + user: user_a + } + } + + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "@#{user_c.nickname} Test", + "visibility" => "direct" + }) + + topics = %{ + "list:#{list.id}" => [fake_socket] + } + + Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + + Task.await(task) + end + + test "it doesn't send unwanted private posts to list" do + user_a = insert(:user) + user_b = insert(:user) + + {:ok, list} = List.create("Test", user_a) + {:ok, list} = List.follow(list, user_b) + + task = + Task.async(fn -> + refute_receive {:text, _}, 1_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{ + user: user_a + } + } + + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "Test", + "visibility" => "private" + }) + + topics = %{ + "list:#{list.id}" => [fake_socket] + } + + Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + + Task.await(task) + end + + test "it send wanted private posts to list" do + user_a = insert(:user) + user_b = insert(:user) + + {:ok, user_a} = User.follow(user_a, user_b) + + {:ok, list} = List.create("Test", user_a) + {:ok, list} = List.follow(list, user_b) + + task = + Task.async(fn -> + assert_receive {:text, _}, 1_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{ + user: user_a + } + } + + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "Test", + "visibility" => "private" + }) + + topics = %{ + "list:#{list.id}" => [fake_socket] + } + + Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + + Task.await(task) + end end diff --git a/test/web/twitter_api/representers/activity_representer_test.exs b/test/web/twitter_api/representers/activity_representer_test.exs index 894d20049..291fd5237 100644 --- a/test/web/twitter_api/representers/activity_representer_test.exs +++ b/test/web/twitter_api/representers/activity_representer_test.exs @@ -139,6 +139,10 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do "is_post_verb" => true, "created_at" => "Tue May 24 13:26:08 +0000 2016", "in_reply_to_status_id" => 213_123, + "in_reply_to_screen_name" => nil, + "in_reply_to_user_id" => nil, + "in_reply_to_profileurl" => nil, + "in_reply_to_ostatus_uri" => nil, "statusnet_conversation_id" => convo_object.id, "attachments" => [ ObjectRepresenter.to_map(object) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 87bcdaf71..6bdcb4fd8 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -100,6 +100,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert length(response) == 10 end + + test "returns 403 to unauthenticated request when the instance is not public" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> get("/api/statuses/public_timeline.json") + |> json_response(403) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 to unauthenticated request when the instance is public" do + conn + |> get("/api/statuses/public_timeline.json") + |> json_response(200) + end + end + + describe "GET /statuses/public_and_external_timeline.json" do + test "returns 403 to unauthenticated request when the instance is not public" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> get("/api/statuses/public_and_external_timeline.json") + |> json_response(403) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 to unauthenticated request when the instance is public" do + conn + |> get("/api/statuses/public_and_external_timeline.json") + |> json_response(200) + end end describe "GET /statuses/show/:id.json" do @@ -221,6 +271,43 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end + describe "GET /statuses/dm_timeline.json" do + test "it show direct messages", %{conn: conn} do + user_one = insert(:user) + user_two = insert(:user) + + {:ok, user_two} = User.follow(user_two, user_one) + + {:ok, direct} = + CommonAPI.post(user_one, %{ + "status" => "Hi @#{user_two.nickname}!", + "visibility" => "direct" + }) + + {:ok, direct_two} = + CommonAPI.post(user_two, %{ + "status" => "Hi @#{user_one.nickname}!", + "visibility" => "direct" + }) + + {:ok, _follower_only} = + CommonAPI.post(user_one, %{ + "status" => "Hi @#{user_two.nickname}!", + "visibility" => "private" + }) + + # Only direct should be visible here + res_conn = + conn + |> assign(:user, user_two) + |> get("/api/statuses/dm_timeline.json") + + [status, status_two] = json_response(res_conn, 200) + assert status["id"] == direct_two.id + assert status_two["id"] == direct.id + end + end + describe "GET /statuses/mentions.json" do setup [:valid_user] @@ -281,6 +368,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end + describe "POST /api/qvitter/statuses/notifications/read" do + setup [:valid_user] + + test "without valid credentials", %{conn: conn} do + conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567}) + assert json_response(conn, 403) == %{"error" => "Invalid credentials."} + end + + test "with credentials, without any params", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/qvitter/statuses/notifications/read") + + assert json_response(conn, 400) == %{ + "error" => "You need to specify latest_id", + "request" => "/api/qvitter/statuses/notifications/read" + } + end + + test "with credentials, with params", %{conn: conn, user: current_user} do + other_user = insert(:user) + + {:ok, _activity} = + ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) + + response_conn = + conn + |> with_credentials(current_user.nickname, "test") + |> get("/api/qvitter/statuses/notifications.json") + + [notification] = response = json_response(response_conn, 200) + + assert length(response) == 1 + + assert notification["is_seen"] == 0 + + response_conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]}) + + [notification] = response = json_response(response_conn, 200) + + assert length(response) == 1 + + assert notification["is_seen"] == 1 + end + end + describe "GET /statuses/user_timeline.json" do setup [:valid_user] @@ -1081,4 +1218,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert relationship["follows_you"] == false end end + + describe "GET /api/pleroma/search_user" do + test "it returns users, ordered by similarity", %{conn: conn} do + user = insert(:user, %{name: "eal"}) + user_two = insert(:user, %{name: "ean"}) + user_three = insert(:user, %{name: "ebn"}) + + resp = + conn + |> get(twitter_api_search__path(conn, :search_user), query: "eal") + |> json_response(200) + + assert length(resp) == 3 + assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end) + end + end end diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 6486540f8..8b9920bd9 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -48,7 +48,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do "https://www.w3.org/ns/activitystreams#Public" ) - assert Enum.member?(get_in(activity.data, ["cc"]), "shp") + assert Enum.member?(get_in(activity.data, ["to"]), "shp") assert activity.local == true assert %{"moominmamma" => "http://localhost:4001/finmoji/128px/moominmamma-128.png"} = diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs index b9a8efdad..5cef06f88 100644 --- a/test/web/twitter_api/views/activity_view_test.exs +++ b/test/web/twitter_api/views/activity_view_test.exs @@ -36,6 +36,10 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do "favorited" => false, "id" => activity.id, "in_reply_to_status_id" => nil, + "in_reply_to_screen_name" => nil, + "in_reply_to_user_id" => nil, + "in_reply_to_profileurl" => nil, + "in_reply_to_ostatus_uri" => nil, "is_local" => true, "is_post_verb" => true, "possibly_sensitive" => false, diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs index 50687f450..2c583c0d3 100644 --- a/test/web/twitter_api/views/user_view_test.exs +++ b/test/web/twitter_api/views/user_view_test.exs @@ -13,6 +13,13 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do [user: user] end + test "A user with only a nickname", %{user: user} do + user = %{user | name: nil, nickname: "scarlett@catgirl.science"} + represented = UserView.render("show.json", %{user: user}) + assert represented["name"] == user.nickname + assert represented["name_html"] == user.nickname + end + test "A user with an avatar object", %{user: user} do image = "image" user = %{user | avatar: %{"url" => [%{"href" => image}]}} @@ -88,7 +95,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "is_local" => true, "locked" => false, "default_scope" => "public", - "no_rich_text" => false + "no_rich_text" => false, + "fields" => [] } assert represented == UserView.render("show.json", %{user: user}) @@ -128,7 +136,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "is_local" => true, "locked" => false, "default_scope" => "public", - "no_rich_text" => false + "no_rich_text" => false, + "fields" => [] } assert represented == UserView.render("show.json", %{user: user, for: follower}) @@ -169,7 +178,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "is_local" => true, "locked" => false, "default_scope" => "public", - "no_rich_text" => false + "no_rich_text" => false, + "fields" => [] } assert represented == UserView.render("show.json", %{user: follower, for: user}) @@ -217,10 +227,37 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "is_local" => true, "locked" => false, "default_scope" => "public", - "no_rich_text" => false + "no_rich_text" => false, + "fields" => [] } blocker = Repo.get(User, blocker.id) assert represented == UserView.render("show.json", %{user: user, for: blocker}) end + + test "a user with mastodon fields" do + fields = [ + %{ + "name" => "Pronouns", + "value" => "she/her" + }, + %{ + "name" => "Website", + "value" => "https://example.org/" + } + ] + + user = + insert(:user, %{ + info: %{ + "source_data" => %{ + "attachment" => + Enum.map(fields, fn field -> Map.put(field, "type", "PropertyValue") end) + } + } + }) + + userview = UserView.render("show.json", %{user: user}) + assert userview["fields"] == fields + end end |