summaryrefslogtreecommitdiff
path: root/test/web
diff options
context:
space:
mode:
Diffstat (limited to 'test/web')
-rw-r--r--test/web/activity_pub/transmogrifier_test.exs117
-rw-r--r--test/web/activity_pub/views/object_view_test.exs40
-rw-r--r--test/web/admin_api/admin_api_controller_test.exs112
-rw-r--r--test/web/federator_test.exs38
-rw-r--r--test/web/mastodon_api/mastodon_socket_test.exs33
-rw-r--r--test/web/ostatus/ostatus_controller_test.exs27
-rw-r--r--test/web/retry_queue_test.exs31
-rw-r--r--test/web/twitter_api/twitter_api_controller_test.exs27
8 files changed, 419 insertions, 6 deletions
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index 0278ef5d1..829da0a65 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -361,6 +361,26 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
refute Repo.get(Activity, activity.id)
end
+ test "it fails for incoming deletes with spoofed origin" do
+ activity = insert(:note_activity)
+
+ data =
+ File.read!("test/fixtures/mastodon-delete.json")
+ |> Poison.decode!()
+
+ object =
+ data["object"]
+ |> Map.put("id", activity.data["object"]["id"])
+
+ data =
+ data
+ |> Map.put("object", object)
+
+ :error = Transmogrifier.handle_incoming(data)
+
+ assert Repo.get(Activity, activity.id)
+ end
+
test "it works for incoming unannounces with an existing notice" do
user = insert(:user)
{:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
@@ -872,12 +892,10 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
end
test "it rejects activities which reference objects with bogus origins" do
- user = insert(:user, %{local: false})
-
data = %{
"@context" => "https://www.w3.org/ns/activitystreams",
- "id" => user.ap_id <> "/activities/1234",
- "actor" => user.ap_id,
+ "id" => "http://mastodon.example.org/users/admin/activities/1234",
+ "actor" => "http://mastodon.example.org/users/admin",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"object" => "https://info.pleroma.site/activity.json",
"type" => "Announce"
@@ -885,5 +903,96 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
:error = Transmogrifier.handle_incoming(data)
end
+
+ test "it rejects objects when attributedTo is wrong (variant 1)" do
+ {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json")
+ end
+
+ test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "id" => "http://mastodon.example.org/users/admin/activities/1234",
+ "actor" => "http://mastodon.example.org/users/admin",
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+ "object" => "https://info.pleroma.site/activity2.json",
+ "type" => "Announce"
+ }
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
+
+ test "it rejects objects when attributedTo is wrong (variant 2)" do
+ {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json")
+ end
+
+ test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "id" => "http://mastodon.example.org/users/admin/activities/1234",
+ "actor" => "http://mastodon.example.org/users/admin",
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+ "object" => "https://info.pleroma.site/activity3.json",
+ "type" => "Announce"
+ }
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
+ end
+
+ describe "general origin containment" do
+ test "contain_origin_from_id() catches obvious spoofing attempts" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :error =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.org/~alyssa/activities/1234.json",
+ data
+ )
+ end
+
+ test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :ok =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.com/~alyssa/activities/1234",
+ data
+ )
+ end
+
+ test "contain_origin_from_id() allows matching IDs" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :ok =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.com/~alyssa/activities/1234.json",
+ data
+ )
+ end
+
+ test "users cannot be collided through fake direction spoofing attempts" do
+ user =
+ insert(:user, %{
+ nickname: "rye@niu.moe",
+ local: false,
+ ap_id: "https://niu.moe/users/rye",
+ follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
+ })
+
+ {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
+ end
+
+ test "all objects with fake directions are rejected by the object fetcher" do
+ {:error, _} =
+ ActivityPub.fetch_and_contain_remote_object_from_id(
+ "https://info.pleroma.site/activity4.json"
+ )
+ end
end
end
diff --git a/test/web/activity_pub/views/object_view_test.exs b/test/web/activity_pub/views/object_view_test.exs
index 7e08dff5d..d144a77fc 100644
--- a/test/web/activity_pub/views/object_view_test.exs
+++ b/test/web/activity_pub/views/object_view_test.exs
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
use Pleroma.DataCase
import Pleroma.Factory
+ alias Pleroma.Web.CommonAPI
alias Pleroma.Web.ActivityPub.ObjectView
test "renders a note object" do
@@ -15,4 +16,43 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
assert result["type"] == "Note"
assert result["@context"]
end
+
+ test "renders a note activity" do
+ note = insert(:note_activity)
+
+ result = ObjectView.render("object.json", %{object: note})
+
+ assert result["id"] == note.data["id"]
+ assert result["to"] == note.data["to"]
+ assert result["object"]["type"] == "Note"
+ assert result["object"]["content"] == note.data["object"]["content"]
+ assert result["type"] == "Create"
+ assert result["@context"]
+ end
+
+ test "renders a like activity" do
+ note = insert(:note_activity)
+ user = insert(:user)
+
+ {:ok, like_activity, _} = CommonAPI.favorite(note.id, user)
+
+ result = ObjectView.render("object.json", %{object: like_activity})
+
+ assert result["id"] == like_activity.data["id"]
+ assert result["object"] == note.data["object"]["id"]
+ assert result["type"] == "Like"
+ end
+
+ test "renders an announce activity" do
+ note = insert(:note_activity)
+ user = insert(:user)
+
+ {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user)
+
+ result = ObjectView.render("object.json", %{object: announce_activity})
+
+ assert result["id"] == announce_activity.data["id"]
+ assert result["object"] == note.data["object"]["id"]
+ assert result["type"] == "Announce"
+ end
end
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
new file mode 100644
index 000000000..fa0cb71bf
--- /dev/null
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -0,0 +1,112 @@
+defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
+ use Pleroma.Web.ConnCase
+
+ alias Pleroma.{Repo, User}
+
+ import Pleroma.Factory
+ import ExUnit.CaptureLog
+
+ describe "/api/pleroma/admin/user" do
+ test "Delete" do
+ admin = insert(:user, info: %{"is_admin" => true})
+ user = insert(:user)
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> delete("/api/pleroma/admin/user?nickname=#{user.nickname}")
+
+ assert json_response(conn, 200) == user.nickname
+ end
+
+ test "Create" do
+ admin = insert(:user, info: %{"is_admin" => true})
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> post("/api/pleroma/admin/user", %{
+ "nickname" => "lain",
+ "email" => "lain@example.org",
+ "password" => "test"
+ })
+
+ assert json_response(conn, 200) == "lain"
+ end
+ end
+
+ describe "/api/pleroma/admin/permission_group" do
+ test "GET is giving user_info" do
+ admin = insert(:user, info: %{"is_admin" => true})
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> get("/api/pleroma/admin/permission_group/#{admin.nickname}")
+
+ assert json_response(conn, 200) == admin.info
+ end
+
+ test "/:right POST, can add to a permission group" do
+ admin = insert(:user, info: %{"is_admin" => true})
+ user = insert(:user)
+
+ user_info =
+ user.info
+ |> Map.put("is_admin", true)
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> post("/api/pleroma/admin/permission_group/#{user.nickname}/admin")
+
+ assert json_response(conn, 200) == user_info
+ end
+
+ test "/:right DELETE, can remove from a permission group" do
+ admin = insert(:user, info: %{"is_admin" => true})
+ user = insert(:user, info: %{"is_admin" => true})
+
+ user_info =
+ user.info
+ |> Map.put("is_admin", false)
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> delete("/api/pleroma/admin/permission_group/#{user.nickname}/admin")
+
+ assert json_response(conn, 200) == user_info
+ end
+ end
+
+ test "/api/pleroma/admin/invite_token" do
+ admin = insert(:user, info: %{"is_admin" => true})
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> get("/api/pleroma/admin/invite_token")
+
+ assert conn.status == 200
+ end
+
+ test "/api/pleroma/admin/password_reset" do
+ admin = insert(:user, info: %{"is_admin" => true})
+ user = insert(:user, info: %{"is_admin" => true})
+
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> put_req_header("accept", "application/json")
+ |> get("/api/pleroma/admin/password_reset?nickname=#{user.nickname}")
+
+ assert conn.status == 200
+ end
+end
diff --git a/test/web/federator_test.exs b/test/web/federator_test.exs
index c709d1181..02e1ca76e 100644
--- a/test/web/federator_test.exs
+++ b/test/web/federator_test.exs
@@ -61,4 +61,42 @@ defmodule Pleroma.Web.FederatorTest do
Pleroma.Config.put([:instance, :allow_relay], true)
end
end
+
+ describe "Receive an activity" do
+ test "successfully processes incoming AP docs with correct origin" do
+ params = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "actor" => "http://mastodon.example.org/users/admin",
+ "type" => "Create",
+ "id" => "http://mastodon.example.org/users/admin/activities/1",
+ "object" => %{
+ "type" => "Note",
+ "content" => "hi world!",
+ "id" => "http://mastodon.example.org/users/admin/objects/1",
+ "attributedTo" => "http://mastodon.example.org/users/admin"
+ },
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"]
+ }
+
+ {:ok, _activity} = Federator.handle(:incoming_ap_doc, params)
+ end
+
+ test "rejects incoming AP docs with incorrect origin" do
+ params = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "actor" => "https://niu.moe/users/rye",
+ "type" => "Create",
+ "id" => "http://mastodon.example.org/users/admin/activities/1",
+ "object" => %{
+ "type" => "Note",
+ "content" => "hi world!",
+ "id" => "http://mastodon.example.org/users/admin/objects/1",
+ "attributedTo" => "http://mastodon.example.org/users/admin"
+ },
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"]
+ }
+
+ :error = Federator.handle(:incoming_ap_doc, params)
+ end
+ end
end
diff --git a/test/web/mastodon_api/mastodon_socket_test.exs b/test/web/mastodon_api/mastodon_socket_test.exs
new file mode 100644
index 000000000..c7d71defc
--- /dev/null
+++ b/test/web/mastodon_api/mastodon_socket_test.exs
@@ -0,0 +1,33 @@
+defmodule Pleroma.Web.MastodonApi.MastodonSocketTest do
+ use Pleroma.DataCase
+
+ alias Pleroma.Web.MastodonApi.MastodonSocket
+ alias Pleroma.Web.{Streamer, CommonAPI}
+ alias Pleroma.User
+
+ import Pleroma.Factory
+
+ test "public is working when non-authenticated" do
+ user = insert(:user)
+
+ task =
+ Task.async(fn ->
+ assert_receive {:text, _}, 4_000
+ end)
+
+ fake_socket = %{
+ transport_pid: task.pid,
+ assigns: %{}
+ }
+
+ topics = %{
+ "public" => [fake_socket]
+ }
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "Test"})
+
+ Streamer.push_to_socket(topics, "public", activity)
+
+ Task.await(task)
+ end
+end
diff --git a/test/web/ostatus/ostatus_controller_test.exs b/test/web/ostatus/ostatus_controller_test.exs
index c23b175e8..371c835c0 100644
--- a/test/web/ostatus/ostatus_controller_test.exs
+++ b/test/web/ostatus/ostatus_controller_test.exs
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
use Pleroma.Web.ConnCase
import Pleroma.Factory
alias Pleroma.{User, Repo}
+ alias Pleroma.Web.CommonAPI
alias Pleroma.Web.OStatus.ActivityRepresenter
test "decodes a salmon", %{conn: conn} do
@@ -167,6 +168,32 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
assert json_response(conn, 200)
end
+ test "only gets a notice in AS2 format for Create messages", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ url = "/notice/#{note_activity.id}"
+
+ conn =
+ conn
+ |> put_req_header("accept", "application/activity+json")
+ |> get(url)
+
+ assert json_response(conn, 200)
+
+ user = insert(:user)
+
+ {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user)
+ url = "/notice/#{like_activity.id}"
+
+ assert like_activity.data["type"] == "Like"
+
+ conn =
+ build_conn()
+ |> put_req_header("accept", "application/activity+json")
+ |> get(url)
+
+ assert response(conn, 404)
+ end
+
test "gets an activity in AS2 format", %{conn: conn} do
note_activity = insert(:note_activity)
[_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
diff --git a/test/web/retry_queue_test.exs b/test/web/retry_queue_test.exs
new file mode 100644
index 000000000..ce2964993
--- /dev/null
+++ b/test/web/retry_queue_test.exs
@@ -0,0 +1,31 @@
+defmodule MockActivityPub do
+ def publish_one(ret) do
+ {ret, "success"}
+ end
+end
+
+defmodule Pleroma.ActivityTest do
+ use Pleroma.DataCase
+ alias Pleroma.Web.Federator.RetryQueue
+
+ @small_retry_count 0
+ @hopeless_retry_count 10
+
+ test "failed posts are retried" do
+ {:retry, _timeout} = RetryQueue.get_retry_params(@small_retry_count)
+
+ assert {:noreply, %{delivered: 1}} ==
+ RetryQueue.handle_info({:send, :ok, MockActivityPub, @small_retry_count}, %{
+ delivered: 0
+ })
+ end
+
+ test "posts that have been tried too many times are dropped" do
+ {:drop, _timeout} = RetryQueue.get_retry_params(@hopeless_retry_count)
+
+ assert {:noreply, %{dropped: 1}} ==
+ RetryQueue.handle_cast({:maybe_enqueue, %{}, nil, @hopeless_retry_count}, %{
+ dropped: 0
+ })
+ end
+end
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 788e3a6eb..6bdcb4fd8 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -284,6 +284,12 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
"visibility" => "direct"
})
+ {:ok, direct_two} =
+ CommonAPI.post(user_two, %{
+ "status" => "Hi @#{user_one.nickname}!",
+ "visibility" => "direct"
+ })
+
{:ok, _follower_only} =
CommonAPI.post(user_one, %{
"status" => "Hi @#{user_two.nickname}!",
@@ -296,8 +302,9 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|> assign(:user, user_two)
|> get("/api/statuses/dm_timeline.json")
- [status] = json_response(res_conn, 200)
- assert status["id"] == direct.id
+ [status, status_two] = json_response(res_conn, 200)
+ assert status["id"] == direct_two.id
+ assert status_two["id"] == direct.id
end
end
@@ -1211,4 +1218,20 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert relationship["follows_you"] == false
end
end
+
+ describe "GET /api/pleroma/search_user" do
+ test "it returns users, ordered by similarity", %{conn: conn} do
+ user = insert(:user, %{name: "eal"})
+ user_two = insert(:user, %{name: "ean"})
+ user_three = insert(:user, %{name: "ebn"})
+
+ resp =
+ conn
+ |> get(twitter_api_search__path(conn, :search_user), query: "eal")
+ |> json_response(200)
+
+ assert length(resp) == 3
+ assert [user.id, user_two.id, user_three.id] == Enum.map(resp, fn %{"id" => id} -> id end)
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-01 13:08:35 +0000