summaryrefslogtreecommitdiff
path: root/test/web/activity_pub
diff options
context:
space:
mode:
Diffstat (limited to 'test/web/activity_pub')
-rw-r--r--test/web/activity_pub/activity_pub_controller_test.exs45
-rw-r--r--test/web/activity_pub/activity_pub_test.exs48
-rw-r--r--test/web/activity_pub/relay_test.exs11
-rw-r--r--test/web/activity_pub/transmogrifier_test.exs186
-rw-r--r--test/web/activity_pub/views/object_view_test.exs41
5 files changed, 325 insertions, 6 deletions
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index 3ed7be402..1c24b348c 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -5,6 +5,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
alias Pleroma.{Repo, User}
alias Pleroma.Activity
+ describe "/relay" do
+ test "with the relay active, it returns the relay user", %{conn: conn} do
+ res =
+ conn
+ |> get(activity_pub_path(conn, :relay))
+ |> json_response(200)
+
+ assert res["id"] =~ "/relay"
+ end
+
+ test "with the relay disabled, it returns 404", %{conn: conn} do
+ Pleroma.Config.put([:instance, :allow_relay], false)
+
+ res =
+ conn
+ |> get(activity_pub_path(conn, :relay))
+ |> json_response(404)
+
+ Pleroma.Config.put([:instance, :allow_relay], true)
+ end
+ end
+
describe "/users/:nickname" do
test "it returns a json representation of the user", %{conn: conn} do
user = insert(:user)
@@ -46,7 +68,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
end
end
- describe "/users/:nickname/inbox" do
+ describe "/inbox" do
test "it inserts an incoming activity into the database", %{conn: conn} do
data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
@@ -62,6 +84,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
end
end
+ describe "/users/:nickname/inbox" do
+ test "it inserts an incoming activity into the database", %{conn: conn} do
+ user = insert(:user)
+
+ data =
+ File.read!("test/fixtures/mastodon-post-activity.json")
+ |> Poison.decode!()
+ |> Map.put("bcc", [user.ap_id])
+
+ conn =
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/inbox", data)
+
+ assert "ok" == json_response(conn, 200)
+ :timer.sleep(500)
+ assert Activity.get_by_ap_id(data["id"])
+ end
+ end
+
describe "/users/:nickname/outbox" do
test "it returns a note activity in a collection", %{conn: conn} do
note_activity = insert(:note_activity)
diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs
index 1cf7d6bbc..35c381ac3 100644
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@@ -476,6 +476,54 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
end
end
+ describe "timeline post-processing" do
+ test "it filters broken threads" do
+ user1 = insert(:user)
+ user2 = insert(:user)
+ user3 = insert(:user)
+
+ {:ok, user1} = User.follow(user1, user3)
+ assert User.following?(user1, user3)
+
+ {:ok, user2} = User.follow(user2, user3)
+ assert User.following?(user2, user3)
+
+ {:ok, user3} = User.follow(user3, user2)
+ assert User.following?(user3, user2)
+
+ {:ok, public_activity} = CommonAPI.post(user3, %{"status" => "hi 1"})
+
+ {:ok, private_activity_1} =
+ CommonAPI.post(user3, %{"status" => "hi 2", "visibility" => "private"})
+
+ {:ok, private_activity_2} =
+ CommonAPI.post(user2, %{
+ "status" => "hi 3",
+ "visibility" => "private",
+ "in_reply_to_status_id" => private_activity_1.id
+ })
+
+ {:ok, private_activity_3} =
+ CommonAPI.post(user3, %{
+ "status" => "hi 4",
+ "visibility" => "private",
+ "in_reply_to_status_id" => private_activity_2.id
+ })
+
+ assert user1.following == [user3.ap_id <> "/followers", user1.ap_id]
+
+ activities = ActivityPub.fetch_activities([user1.ap_id | user1.following])
+
+ assert [public_activity, private_activity_1, private_activity_3] == activities
+ assert length(activities) == 3
+
+ activities = ActivityPub.contain_timeline(activities, user1)
+
+ assert [public_activity, private_activity_1] == activities
+ assert length(activities) == 2
+ end
+ end
+
test "it can fetch plume articles" do
{:ok, object} =
ActivityPub.fetch_object_from_id(
diff --git a/test/web/activity_pub/relay_test.exs b/test/web/activity_pub/relay_test.exs
new file mode 100644
index 000000000..41d13e055
--- /dev/null
+++ b/test/web/activity_pub/relay_test.exs
@@ -0,0 +1,11 @@
+defmodule Pleroma.Web.ActivityPub.RelayTest do
+ use Pleroma.DataCase
+
+ alias Pleroma.Web.ActivityPub.Relay
+
+ test "gets an actor for the relay" do
+ user = Relay.get_actor()
+
+ assert user.ap_id =~ "/relay"
+ end
+end
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index afa25bb60..829da0a65 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -121,6 +121,38 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
"<p>henlo from my Psion netBook</p><p>message sent from my Psion netBook</p>"
end
+ test "it works for incoming announces with actor being inlined (kroeg)" do
+ data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!()
+
+ {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+ assert data["actor"] == "https://puckipedia.com/"
+ end
+
+ test "it works for incoming notices with tag not being an array (kroeg)" do
+ data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!()
+
+ {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+ assert data["object"]["emoji"] == %{
+ "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png"
+ }
+
+ data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!()
+
+ {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+ assert "test" in data["object"]["tag"]
+ end
+
+ test "it works for incoming notices with url not being a string (prismo)" do
+ data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!()
+
+ {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+ assert data["object"]["url"] == "https://prismo.news/posts/83"
+ end
+
test "it works for incoming follow requests" do
user = insert(:user)
@@ -329,6 +361,26 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
refute Repo.get(Activity, activity.id)
end
+ test "it fails for incoming deletes with spoofed origin" do
+ activity = insert(:note_activity)
+
+ data =
+ File.read!("test/fixtures/mastodon-delete.json")
+ |> Poison.decode!()
+
+ object =
+ data["object"]
+ |> Map.put("id", activity.data["object"]["id"])
+
+ data =
+ data
+ |> Map.put("object", object)
+
+ :error = Transmogrifier.handle_incoming(data)
+
+ assert Repo.get(Activity, activity.id)
+ end
+
test "it works for incoming unannounces with an existing notice" do
user = insert(:user)
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
@@ -671,7 +723,9 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
- assert modified["@context"] == "https://www.w3.org/ns/activitystreams"
+ assert modified["@context"] ==
+ Pleroma.Web.ActivityPub.Utils.make_json_ld_header()["@context"]
+
assert modified["object"]["conversation"] == modified["context"]
end
@@ -709,6 +763,39 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29"
end
+
+ test "it strips internal hashtag data" do
+ user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"})
+
+ expected_tag = %{
+ "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu",
+ "type" => "Hashtag",
+ "name" => "#2hu"
+ }
+
+ {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
+
+ assert modified["object"]["tag"] == [expected_tag]
+ end
+
+ test "it strips internal fields" do
+ user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"})
+
+ {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
+
+ assert length(modified["object"]["tag"]) == 2
+
+ assert is_nil(modified["object"]["emoji"])
+ assert is_nil(modified["object"]["likes"])
+ assert is_nil(modified["object"]["like_count"])
+ assert is_nil(modified["object"]["announcements"])
+ assert is_nil(modified["object"]["announcement_count"])
+ assert is_nil(modified["object"]["context_id"])
+ end
end
describe "user upgrade" do
@@ -805,12 +892,10 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
end
test "it rejects activities which reference objects with bogus origins" do
- user = insert(:user, %{local: false})
-
data = %{
"@context" => "https://www.w3.org/ns/activitystreams",
- "id" => user.ap_id <> "/activities/1234",
- "actor" => user.ap_id,
+ "id" => "http://mastodon.example.org/users/admin/activities/1234",
+ "actor" => "http://mastodon.example.org/users/admin",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"object" => "https://info.pleroma.site/activity.json",
"type" => "Announce"
@@ -818,5 +903,96 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
:error = Transmogrifier.handle_incoming(data)
end
+
+ test "it rejects objects when attributedTo is wrong (variant 1)" do
+ {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json")
+ end
+
+ test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "id" => "http://mastodon.example.org/users/admin/activities/1234",
+ "actor" => "http://mastodon.example.org/users/admin",
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+ "object" => "https://info.pleroma.site/activity2.json",
+ "type" => "Announce"
+ }
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
+
+ test "it rejects objects when attributedTo is wrong (variant 2)" do
+ {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json")
+ end
+
+ test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "id" => "http://mastodon.example.org/users/admin/activities/1234",
+ "actor" => "http://mastodon.example.org/users/admin",
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+ "object" => "https://info.pleroma.site/activity3.json",
+ "type" => "Announce"
+ }
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
+ end
+
+ describe "general origin containment" do
+ test "contain_origin_from_id() catches obvious spoofing attempts" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :error =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.org/~alyssa/activities/1234.json",
+ data
+ )
+ end
+
+ test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :ok =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.com/~alyssa/activities/1234",
+ data
+ )
+ end
+
+ test "contain_origin_from_id() allows matching IDs" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :ok =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.com/~alyssa/activities/1234.json",
+ data
+ )
+ end
+
+ test "users cannot be collided through fake direction spoofing attempts" do
+ user =
+ insert(:user, %{
+ nickname: "rye@niu.moe",
+ local: false,
+ ap_id: "https://niu.moe/users/rye",
+ follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
+ })
+
+ {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
+ end
+
+ test "all objects with fake directions are rejected by the object fetcher" do
+ {:error, _} =
+ ActivityPub.fetch_and_contain_remote_object_from_id(
+ "https://info.pleroma.site/activity4.json"
+ )
+ end
end
end
diff --git a/test/web/activity_pub/views/object_view_test.exs b/test/web/activity_pub/views/object_view_test.exs
index 6a1311be7..d144a77fc 100644
--- a/test/web/activity_pub/views/object_view_test.exs
+++ b/test/web/activity_pub/views/object_view_test.exs
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
use Pleroma.DataCase
import Pleroma.Factory
+ alias Pleroma.Web.CommonAPI
alias Pleroma.Web.ActivityPub.ObjectView
test "renders a note object" do
@@ -13,5 +14,45 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
assert result["to"] == note.data["to"]
assert result["content"] == note.data["content"]
assert result["type"] == "Note"
+ assert result["@context"]
+ end
+
+ test "renders a note activity" do
+ note = insert(:note_activity)
+
+ result = ObjectView.render("object.json", %{object: note})
+
+ assert result["id"] == note.data["id"]
+ assert result["to"] == note.data["to"]
+ assert result["object"]["type"] == "Note"
+ assert result["object"]["content"] == note.data["object"]["content"]
+ assert result["type"] == "Create"
+ assert result["@context"]
+ end
+
+ test "renders a like activity" do
+ note = insert(:note_activity)
+ user = insert(:user)
+
+ {:ok, like_activity, _} = CommonAPI.favorite(note.id, user)
+
+ result = ObjectView.render("object.json", %{object: like_activity})
+
+ assert result["id"] == like_activity.data["id"]
+ assert result["object"] == note.data["object"]["id"]
+ assert result["type"] == "Like"
+ end
+
+ test "renders an announce activity" do
+ note = insert(:note_activity)
+ user = insert(:user)
+
+ {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user)
+
+ result = ObjectView.render("object.json", %{object: announce_activity})
+
+ assert result["id"] == announce_activity.data["id"]
+ assert result["object"] == note.data["object"]["id"]
+ assert result["type"] == "Announce"
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-28 23:06:12 +0000