summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/html_test.exs8
-rw-r--r--test/web/activity_pub/activity_pub_test.exs13
-rw-r--r--test/web/activity_pub/transmogrifier_test.exs25
-rw-r--r--test/web/common_api/common_api_test.exs23
-rw-r--r--test/web/mastodon_api/account_view_test.exs4
-rw-r--r--test/web/mastodon_api/mastodon_api_controller_test.exs2
-rw-r--r--test/web/oauth/ldap_authorization_test.exs189
-rw-r--r--test/web/oauth/oauth_controller_test.exs3
-rw-r--r--test/web/streamer_test.exs30
-rw-r--r--test/web/twitter_api/util_controller_test.exs22
-rw-r--r--test/web/twitter_api/views/activity_view_test.exs2
11 files changed, 316 insertions, 5 deletions
diff --git a/test/html_test.exs b/test/html_test.exs
index 29cab17f3..0b5d3d892 100644
--- a/test/html_test.exs
+++ b/test/html_test.exs
@@ -10,6 +10,8 @@ defmodule Pleroma.HTMLTest do
<b>this is in bold</b>
<p>this is a paragraph</p>
this is a linebreak<br />
+ this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
+ this is a link with not allowed "rel" attribute: <a href="http://example.com/" rel="tag noallowed">example.com</a>
this is an image: <img src="http://example.com/image.jpg"><br />
<script>alert('hacked')</script>
"""
@@ -24,6 +26,8 @@ defmodule Pleroma.HTMLTest do
this is in bold
this is a paragraph
this is a linebreak
+ this is a link with allowed "rel" attribute: example.com
+ this is a link with not allowed "rel" attribute: example.com
this is an image:
alert('hacked')
"""
@@ -44,6 +48,8 @@ defmodule Pleroma.HTMLTest do
this is in bold
<p>this is a paragraph</p>
this is a linebreak<br />
+ this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
+ this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
this is an image: <img src="http://example.com/image.jpg" /><br />
alert('hacked')
"""
@@ -66,6 +72,8 @@ defmodule Pleroma.HTMLTest do
<b>this is in bold</b>
<p>this is a paragraph</p>
this is a linebreak<br />
+ this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
+ this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
this is an image: <img src="http://example.com/image.jpg" /><br />
alert('hacked')
"""
diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs
index 2b83bfb1d..035778218 100644
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@@ -424,6 +424,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
assert length(activities) == 20
assert last == last_expected
end
+
+ test "doesn't return reblogs for users for whom reblogs have been muted" do
+ activity = insert(:note_activity)
+ user = insert(:user)
+ booster = insert(:user)
+ {:ok, user} = CommonAPI.hide_reblogs(user, booster)
+
+ {:ok, activity, _} = CommonAPI.repeat(activity.id, booster)
+
+ activities = ActivityPub.fetch_activities([], %{"muting_user" => user})
+
+ refute Enum.member?(activities, activity)
+ end
end
describe "like an object" do
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index 8184dbbae..afb931934 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -5,6 +5,7 @@
defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
use Pleroma.DataCase
alias Pleroma.Activity
+ alias Pleroma.Object
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
@@ -764,6 +765,30 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
assert object.data["attachment"] == [attachment]
end
+
+ test "it accepts Flag activities" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"})
+ object = Object.normalize(activity.data["object"])
+
+ message = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "cc" => [user.ap_id],
+ "object" => [user.ap_id, object.data["id"]],
+ "type" => "Flag",
+ "content" => "blocked AND reported!!!",
+ "actor" => other_user.ap_id
+ }
+
+ assert {:ok, activity} = Transmogrifier.handle_incoming(message)
+
+ assert activity.data["object"] == [user.ap_id, object.data["id"]]
+ assert activity.data["content"] == "blocked AND reported!!!"
+ assert activity.data["actor"] == other_user.ap_id
+ assert activity.data["cc"] == [user.ap_id]
+ end
end
describe "prepare outgoing" do
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index 181813c76..f83f80b40 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -221,4 +221,27 @@ defmodule Pleroma.Web.CommonAPITest do
} = flag_activity
end
end
+
+ describe "reblog muting" do
+ setup do
+ muter = insert(:user)
+
+ muted = insert(:user)
+
+ [muter: muter, muted: muted]
+ end
+
+ test "add a reblog mute", %{muter: muter, muted: muted} do
+ {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
+
+ assert Pleroma.User.showing_reblogs?(muter, muted) == false
+ end
+
+ test "remove a reblog mute", %{muter: muter, muted: muted} do
+ {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
+ {:ok, muter} = CommonAPI.show_reblogs(muter, muted)
+
+ assert Pleroma.User.showing_reblogs?(muter, muted) == true
+ end
+ end
end
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs
index c2ffc21da..6dc60afe9 100644
--- a/test/web/mastodon_api/account_view_test.exs
+++ b/test/web/mastodon_api/account_view_test.exs
@@ -144,7 +144,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
muting_notifications: false,
requested: false,
domain_blocking: false,
- showing_reblogs: false,
+ showing_reblogs: true,
endorsed: false
}
@@ -202,7 +202,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
muting_notifications: false,
requested: false,
domain_blocking: false,
- showing_reblogs: false,
+ showing_reblogs: true,
endorsed: false
}
}
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 059d5237d..74bf05708 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -1632,7 +1632,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert user = json_response(conn, 200)
assert user["note"] ==
- ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user=") <>
+ ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe" rel="tag">#cofe</a> with <span class="h-card"><a data-user=") <>
user2.id <>
~s(" class="u-url mention" href=") <>
user2.ap_id <> ~s(">@<span>) <> user2.nickname <> ~s(</span></a></span>)
diff --git a/test/web/oauth/ldap_authorization_test.exs b/test/web/oauth/ldap_authorization_test.exs
new file mode 100644
index 000000000..5bf7eb93c
--- /dev/null
+++ b/test/web/oauth/ldap_authorization_test.exs
@@ -0,0 +1,189 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
+ use Pleroma.Web.ConnCase
+ alias Pleroma.Repo
+ alias Pleroma.Web.OAuth.Token
+ import Pleroma.Factory
+ import ExUnit.CaptureLog
+ import Mock
+
+ setup_all do
+ ldap_authenticator =
+ Pleroma.Config.get(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.PleromaAuthenticator)
+
+ ldap_enabled = Pleroma.Config.get([:ldap, :enabled])
+
+ on_exit(fn ->
+ Pleroma.Config.put(Pleroma.Web.Auth.Authenticator, ldap_authenticator)
+ Pleroma.Config.put([:ldap, :enabled], ldap_enabled)
+ end)
+
+ Pleroma.Config.put(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator)
+ Pleroma.Config.put([:ldap, :enabled], true)
+
+ :ok
+ end
+
+ test "authorizes the existing user using LDAP credentials" do
+ password = "testpassword"
+ user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+ app = insert(:oauth_app, scopes: ["read", "write"])
+
+ host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+ port = Pleroma.Config.get([:ldap, :port])
+
+ with_mocks [
+ {:eldap, [],
+ [
+ open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
+ simple_bind: fn _connection, _dn, ^password -> :ok end,
+ close: fn _connection ->
+ send(self(), :close_connection)
+ :ok
+ end
+ ]}
+ ] do
+ conn =
+ build_conn()
+ |> post("/oauth/token", %{
+ "grant_type" => "password",
+ "username" => user.nickname,
+ "password" => password,
+ "client_id" => app.client_id,
+ "client_secret" => app.client_secret
+ })
+
+ assert %{"access_token" => token} = json_response(conn, 200)
+
+ token = Repo.get_by(Token, token: token)
+
+ assert token.user_id == user.id
+ assert_received :close_connection
+ end
+ end
+
+ test "creates a new user after successful LDAP authorization" do
+ password = "testpassword"
+ user = build(:user)
+ app = insert(:oauth_app, scopes: ["read", "write"])
+
+ host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+ port = Pleroma.Config.get([:ldap, :port])
+
+ with_mocks [
+ {:eldap, [],
+ [
+ open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
+ simple_bind: fn _connection, _dn, ^password -> :ok end,
+ equalityMatch: fn _type, _value -> :ok end,
+ wholeSubtree: fn -> :ok end,
+ search: fn _connection, _options ->
+ {:ok,
+ {:eldap_search_result, [{:eldap_entry, '', [{'mail', [to_charlist(user.email)]}]}],
+ []}}
+ end,
+ close: fn _connection ->
+ send(self(), :close_connection)
+ :ok
+ end
+ ]}
+ ] do
+ conn =
+ build_conn()
+ |> post("/oauth/token", %{
+ "grant_type" => "password",
+ "username" => user.nickname,
+ "password" => password,
+ "client_id" => app.client_id,
+ "client_secret" => app.client_secret
+ })
+
+ assert %{"access_token" => token} = json_response(conn, 200)
+
+ token = Repo.get_by(Token, token: token) |> Repo.preload(:user)
+
+ assert token.user.nickname == user.nickname
+ assert_received :close_connection
+ end
+ end
+
+ test "falls back to the default authorization when LDAP is unavailable" do
+ password = "testpassword"
+ user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+ app = insert(:oauth_app, scopes: ["read", "write"])
+
+ host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+ port = Pleroma.Config.get([:ldap, :port])
+
+ with_mocks [
+ {:eldap, [],
+ [
+ open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
+ simple_bind: fn _connection, _dn, ^password -> :ok end,
+ close: fn _connection ->
+ send(self(), :close_connection)
+ :ok
+ end
+ ]}
+ ] do
+ log =
+ capture_log(fn ->
+ conn =
+ build_conn()
+ |> post("/oauth/token", %{
+ "grant_type" => "password",
+ "username" => user.nickname,
+ "password" => password,
+ "client_id" => app.client_id,
+ "client_secret" => app.client_secret
+ })
+
+ assert %{"access_token" => token} = json_response(conn, 200)
+
+ token = Repo.get_by(Token, token: token)
+
+ assert token.user_id == user.id
+ end)
+
+ assert log =~ "Could not open LDAP connection: 'connect failed'"
+ refute_received :close_connection
+ end
+ end
+
+ test "disallow authorization for wrong LDAP credentials" do
+ password = "testpassword"
+ user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+ app = insert(:oauth_app, scopes: ["read", "write"])
+
+ host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
+ port = Pleroma.Config.get([:ldap, :port])
+
+ with_mocks [
+ {:eldap, [],
+ [
+ open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end,
+ simple_bind: fn _connection, _dn, ^password -> {:error, :invalidCredentials} end,
+ close: fn _connection ->
+ send(self(), :close_connection)
+ :ok
+ end
+ ]}
+ ] do
+ conn =
+ build_conn()
+ |> post("/oauth/token", %{
+ "grant_type" => "password",
+ "username" => user.nickname,
+ "password" => password,
+ "client_id" => app.client_id,
+ "client_secret" => app.client_secret
+ })
+
+ assert %{"error" => "Invalid credentials"} = json_response(conn, 400)
+ assert_received :close_connection
+ end
+ end
+end
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index ed94416ff..ff1e56fe9 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -132,11 +132,12 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
"client_secret" => app.client_secret
})
- assert %{"access_token" => token} = json_response(conn, 200)
+ assert %{"access_token" => token, "me" => ap_id} = json_response(conn, 200)
token = Repo.get_by(Token, token: token)
assert token
assert token.scopes == auth.scopes
+ assert user.ap_id == ap_id
end
test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
diff --git a/test/web/streamer_test.exs b/test/web/streamer_test.exs
index 0a2e91298..bfe18cb7f 100644
--- a/test/web/streamer_test.exs
+++ b/test/web/streamer_test.exs
@@ -202,4 +202,34 @@ defmodule Pleroma.Web.StreamerTest do
Task.await(task)
end
+
+ test "it doesn't send muted reblogs" do
+ user1 = insert(:user)
+ user2 = insert(:user)
+ user3 = insert(:user)
+ CommonAPI.hide_reblogs(user1, user2)
+
+ task =
+ Task.async(fn ->
+ refute_receive {:text, _}, 1_000
+ end)
+
+ fake_socket = %{
+ transport_pid: task.pid,
+ assigns: %{
+ user: user1
+ }
+ }
+
+ {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"})
+ {:ok, announce_activity, _} = CommonAPI.repeat(create_activity.id, user2)
+
+ topics = %{
+ "public" => [fake_socket]
+ }
+
+ Streamer.push_to_socket(topics, "public", announce_activity)
+
+ Task.await(task)
+ end
end
diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs
index fc762ab18..6e8a25056 100644
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@@ -1,6 +1,9 @@
defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
use Pleroma.Web.ConnCase
+ alias Pleroma.Notification
+ alias Pleroma.Repo
+ alias Pleroma.Web.CommonAPI
import Pleroma.Factory
describe "POST /api/pleroma/follow_import" do
@@ -52,6 +55,25 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
end
end
+ describe "POST /api/pleroma/notifications/read" do
+ test "it marks a single notification as read", %{conn: conn} do
+ user1 = insert(:user)
+ user2 = insert(:user)
+ {:ok, activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
+ {:ok, activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
+ {:ok, [notification1]} = Notification.create_notifications(activity1)
+ {:ok, [notification2]} = Notification.create_notifications(activity2)
+
+ conn
+ |> assign(:user, user1)
+ |> post("/api/pleroma/notifications/read", %{"id" => "#{notification1.id}"})
+ |> json_response(:ok)
+
+ assert Repo.get(Notification, notification1.id).seen
+ refute Repo.get(Notification, notification2.id).seen
+ end
+ end
+
describe "GET /api/statusnet/config.json" do
test "it returns the managed config", %{conn: conn} do
Pleroma.Config.put([:instance, :managed_config], false)
diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs
index 6f0786b1c..d9df01c6e 100644
--- a/test/web/twitter_api/views/activity_view_test.exs
+++ b/test/web/twitter_api/views/activity_view_test.exs
@@ -82,7 +82,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
result = ActivityView.render("activity.json", activity: activity)
assert result["statusnet_html"] ==
- "<a class=\"hashtag\" data-tag=\"bike\" href=\"http://localhost:4001/tag/bike\">#Bike</a> log - Commute Tuesday<br /><a href=\"https://pla.bike/posts/20181211/\">https://pla.bike/posts/20181211/</a><br /><a class=\"hashtag\" data-tag=\"cycling\" href=\"http://localhost:4001/tag/cycling\">#cycling</a> <a class=\"hashtag\" data-tag=\"chscycling\" href=\"http://localhost:4001/tag/chscycling\">#CHScycling</a> <a class=\"hashtag\" data-tag=\"commute\" href=\"http://localhost:4001/tag/commute\">#commute</a><br />MVIMG_20181211_054020.jpg"
+ "<a class=\"hashtag\" data-tag=\"bike\" href=\"http://localhost:4001/tag/bike\" rel=\"tag\">#Bike</a> log - Commute Tuesday<br /><a href=\"https://pla.bike/posts/20181211/\">https://pla.bike/posts/20181211/</a><br /><a class=\"hashtag\" data-tag=\"cycling\" href=\"http://localhost:4001/tag/cycling\" rel=\"tag\">#cycling</a> <a class=\"hashtag\" data-tag=\"chscycling\" href=\"http://localhost:4001/tag/chscycling\" rel=\"tag\">#CHScycling</a> <a class=\"hashtag\" data-tag=\"commute\" href=\"http://localhost:4001/tag/commute\" rel=\"tag\">#commute</a><br />MVIMG_20181211_054020.jpg"
assert result["text"] ==
"#Bike log - Commute Tuesday\nhttps://pla.bike/posts/20181211/\n#cycling #CHScycling #commute\nMVIMG_20181211_054020.jpg"
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 15:50:15 +0000