Merge branch 'from/upstream-develop/tusooa/2871-fix-local-public' into 'develop'

local only fixes Closes #2871 See merge request pleroma/pleroma!3660
author: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2022-08-02 05:39:50 +0000
committer: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2022-08-02 05:39:50 +0000
commit: b2ba307f4dc7047ae2b21e2078ba741e2da11cdf (patch)
tree: f34d7bba2845a5dac744feec4539a268049740cc /test
parent: 7299795eb4c85d2f20f16fef4258d57f64034009 (diff)
parent: f1722a9f4a0a96c6a58fe25d57928c9843f96fc8 (diff)
download: pleroma-b2ba307f4dc7047ae2b21e2078ba741e2da11cdf.tar.gz
pleroma-b2ba307f4dc7047ae2b21e2078ba741e2da11cdf.zip
6 files changed, 207 insertions, 13 deletions
diff --git a/test/pleroma/activity/search_test.exs b/test/pleroma/activity/search_test.exs
index b8096fe73..3b5fd2c3c 100644
--- a/test/pleroma/activity/search_test.exs
+++ b/test/pleroma/activity/search_test.exs
@@ -18,6 +18,23 @@ defmodule Pleroma.Activity.SearchTest do
     assert result.id == post.id
   end
 
+  test "it finds local-only posts for authenticated users" do
+    user = insert(:user)
+    reader = insert(:user)
+    {:ok, post} = CommonAPI.post(user, %{status: "it's wednesday my dudes", visibility: "local"})
+
+    [result] = Search.search(reader, "wednesday")
+
+    assert result.id == post.id
+  end
+
+  test "it does not find local-only posts for anonymous users" do
+    user = insert(:user)
+    {:ok, _post} = CommonAPI.post(user, %{status: "it's wednesday my dudes", visibility: "local"})
+
+    assert [] = Search.search(nil, "wednesday")
+  end
+
   test "using plainto_tsquery on postgres < 11" do
     old_version = :persistent_term.get({Pleroma.Repo, :postgres_version})
     :persistent_term.put({Pleroma.Repo, :postgres_version}, 10.0)
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
index 1c5c40e84..ef91066c1 100644
--- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -247,6 +247,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert json_response(response, 200) == ObjectView.render("object.json", %{object: object})
     end
 
+    test "does not return local-only objects for remote users", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user, local: false)
+
+      {:ok, post} =
+        CommonAPI.post(user, %{status: "test @#{reader.nickname}", visibility: "local"})
+
+      assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+      object = Object.normalize(post, fetch: false)
+      uuid = String.split(object.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, reader)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+
+      json_response(response, 404)
+    end
+
     test "it returns a json representation of the object with accept application/json", %{
       conn: conn
     } do
@@ -1297,6 +1318,35 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert outbox_endpoint == result["id"]
     end
 
+    test "it returns a local note activity when authenticated as local user", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user)
+      {:ok, note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+      ap_id = note_activity.data["id"]
+
+      resp =
+        conn
+        |> assign(:user, reader)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => [%{"id" => ^ap_id}]} = resp
+    end
+
+    test "it does not return a local note activity when unauthenticated", %{conn: conn} do
+      user = insert(:user)
+      {:ok, _note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+
+      resp =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => []} = resp
+    end
+
     test "it returns a note activity in a collection", %{conn: conn} do
       note_activity = insert(:note_activity)
       note_object = Object.normalize(note_activity, fetch: false)
diff --git a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
index 50639e246..ba7293d36 100644
--- a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
@@ -408,6 +408,20 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert id_two == to_string(activity.id)
     end
 
+    test "gets local-only statuses for authenticated users", %{user: _user, conn: conn} do
+      user_one = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user_one, %{status: "HI!!!", visibility: "local"})
+
+      resp =
+        conn
+        |> get("/api/v1/accounts/#{user_one.id}/statuses")
+        |> json_response_and_validate_schema(200)
+
+      assert [%{"id" => id}] = resp
+      assert id == to_string(activity.id)
+    end
+
     test "gets an users media, excludes reblogs", %{conn: conn} do
       note = insert(:note_activity)
       user = User.get_cached_by_ap_id(note.data["actor"])
diff --git a/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs
index 8753c7716..9a5d88109 100644
--- a/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs
@@ -79,6 +79,51 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       assert status["id"] == to_string(activity.id)
     end
 
+    test "search local-only status as an authenticated user" do
+      user = insert(:user)
+      %{conn: conn} = oauth_access(["read:search"])
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{status: "This is about 2hu private 天子", visibility: "local"})
+
+      results =
+        conn
+        |> get("/api/v2/search?#{URI.encode_query(%{q: "2hu"})}")
+        |> json_response_and_validate_schema(200)
+
+      [status] = results["statuses"]
+      assert status["id"] == to_string(activity.id)
+    end
+
+    test "search local-only status as an unauthenticated user" do
+      user = insert(:user)
+      %{conn: conn} = oauth_access([])
+
+      {:ok, _activity} =
+        CommonAPI.post(user, %{status: "This is about 2hu private 天子", visibility: "local"})
+
+      results =
+        conn
+        |> get("/api/v2/search?#{URI.encode_query(%{q: "2hu"})}")
+        |> json_response_and_validate_schema(200)
+
+      assert [] = results["statuses"]
+    end
+
+    test "search local-only status as an anonymous user" do
+      user = insert(:user)
+
+      {:ok, _activity} =
+        CommonAPI.post(user, %{status: "This is about 2hu private 天子", visibility: "local"})
+
+      results =
+        build_conn()
+        |> get("/api/v2/search?#{URI.encode_query(%{q: "2hu"})}")
+        |> json_response_and_validate_schema(200)
+
+      assert [] = results["statuses"]
+    end
+
     @tag capture_log: true
     test "constructs hashtags from search query", %{conn: conn} do
       results =
diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
index dc6912b7b..d3ba9fced 100644
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -1901,23 +1901,50 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
              |> json_response_and_validate_schema(:ok)
   end
 
-  test "posting a local only status" do
-    %{user: _user, conn: conn} = oauth_access(["write:statuses"])
+  describe "local-only statuses" do
+    test "posting a local only status" do
+      %{user: _user, conn: conn} = oauth_access(["write:statuses"])
 
-    conn_one =
-      conn
-      |> put_req_header("content-type", "application/json")
-      |> post("/api/v1/statuses", %{
-        "status" => "cofe",
-        "visibility" => "local"
-      })
+      conn_one =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "cofe",
+          "visibility" => "local"
+        })
+
+      local = Utils.as_local_public()
 
-    local = Utils.as_local_public()
+      assert %{"content" => "cofe", "id" => id, "visibility" => "local"} =
+               json_response_and_validate_schema(conn_one, 200)
+
+      assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id)
+    end
 
-    assert %{"content" => "cofe", "id" => id, "visibility" => "local"} =
-             json_response_and_validate_schema(conn_one, 200)
+    test "other users can read local-only posts" do
+      user = insert(:user)
+      %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
 
-    assert %Activity{id: ^id, data: %{"to" => [^local]}} = Activity.get_by_id(id)
+      {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+      received =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}")
+        |> json_response_and_validate_schema(:ok)
+
+      assert received["id"] == activity.id
+    end
+
+    test "anonymous users cannot see local-only posts" do
+      user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+      _received =
+        build_conn()
+        |> get("/api/v1/statuses/#{activity.id}")
+        |> json_response_and_validate_schema(:not_found)
+    end
   end
 
   describe "muted reactions" do
diff --git a/test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs
index 2c7e78595..1328b42c9 100644
--- a/test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs
@@ -367,6 +367,47 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
                }
              ] = result
     end
+
+    test "should return local-only posts for authenticated users" do
+      user = insert(:user)
+      %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
+
+      {:ok, %{id: id}} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+      result =
+        conn
+        |> get("/api/v1/timelines/public")
+        |> json_response_and_validate_schema(200)
+
+      assert [%{"id" => ^id}] = result
+    end
+
+    test "should not return local-only posts for users without read:statuses" do
+      user = insert(:user)
+      %{user: _reader, conn: conn} = oauth_access([])
+
+      {:ok, _activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+      result =
+        conn
+        |> get("/api/v1/timelines/public")
+        |> json_response_and_validate_schema(200)
+
+      assert [] = result
+    end
+
+    test "should not return local-only posts for anonymous users" do
+      user = insert(:user)
+
+      {:ok, _activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+      result =
+        build_conn()
+        |> get("/api/v1/timelines/public")
+        |> json_response_and_validate_schema(200)
+
+      assert [] = result
+    end
   end
 
   defp local_and_remote_activities do
author	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2022-08-02 05:39:50 +0000
committer	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2022-08-02 05:39:50 +0000
commit	b2ba307f4dc7047ae2b21e2078ba741e2da11cdf (patch)
tree	f34d7bba2845a5dac744feec4539a268049740cc /test
parent	7299795eb4c85d2f20f16fef4258d57f64034009 (diff)
parent	f1722a9f4a0a96c6a58fe25d57928c9843f96fc8 (diff)
download	pleroma-b2ba307f4dc7047ae2b21e2078ba741e2da11cdf.tar.gz pleroma-b2ba307f4dc7047ae2b21e2078ba741e2da11cdf.zip