diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/support/factory.ex | 11 | ||||
| -rw-r--r-- | test/support/httpoison_mock.ex | 6 | ||||
| -rw-r--r-- | test/user_test.exs | 21 | ||||
| -rw-r--r-- | test/web/activity_pub/activity_pub_controller_test.exs | 12 | ||||
| -rw-r--r-- | test/web/activity_pub/transmogrifier_test.exs | 23 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 120 | ||||
| -rw-r--r-- | test/web/oauth/oauth_controller_test.exs | 113 | ||||
| -rw-r--r-- | test/web/ostatus/ostatus_controller_test.exs | 76 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 126 | ||||
| -rw-r--r-- | test/web/twitter_api/views/user_view_test.exs | 12 |
10 files changed, 511 insertions, 9 deletions
diff --git a/test/support/factory.ex b/test/support/factory.ex index 5cf456e3c..6c48d390f 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -146,4 +146,15 @@ defmodule Pleroma.Factory do subscribers: [] } end + + def oauth_app_factory do + %Pleroma.Web.OAuth.App{ + client_name: "Some client", + redirect_uris: "https://example.com/callback", + scopes: "read", + website: "https://example.com", + client_id: "aaabbb==", + client_secret: "aaa;/&bbb" + } + end end diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 6e8336a93..befebad8a 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -4,7 +4,7 @@ defmodule HTTPoisonMock do def get(url, body \\ [], headers \\ []) def get( - "http://gerzilla.de/.well-known/webfinger?resource=acct:kaniini@gerzilla.de", + "https://gerzilla.de/.well-known/webfinger?resource=acct:kaniini@gerzilla.de", [Accept: "application/xrd+xml,application/jrd+json"], follow_redirect: true ) do @@ -16,7 +16,7 @@ defmodule HTTPoisonMock do end def get( - "http://framatube.org/.well-known/webfinger?resource=acct:framasoft@framatube.org", + "https://framatube.org/.well-known/webfinger?resource=acct:framasoft@framatube.org", [Accept: "application/xrd+xml,application/jrd+json"], follow_redirect: true ) do @@ -28,7 +28,7 @@ defmodule HTTPoisonMock do end def get( - "http://gnusocial.de/.well-known/webfinger?resource=acct:winterdienst@gnusocial.de", + "https://gnusocial.de/.well-known/webfinger?resource=acct:winterdienst@gnusocial.de", [Accept: "application/xrd+xml,application/jrd+json"], follow_redirect: true ) do diff --git a/test/user_test.exs b/test/user_test.exs index 8c8cfd673..200352981 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -361,6 +361,27 @@ defmodule Pleroma.UserTest do end end + describe "domain blocking" do + test "blocks domains" do + user = insert(:user) + collateral_user = insert(:user, %{ap_id: "https://awful-and-rude-instance.com/user/bully"}) + + {:ok, user} = User.block_domain(user, "awful-and-rude-instance.com") + + assert User.blocks?(user, collateral_user) + end + + test "unblocks domains" do + user = insert(:user) + collateral_user = insert(:user, %{ap_id: "https://awful-and-rude-instance.com/user/bully"}) + + {:ok, user} = User.block_domain(user, "awful-and-rude-instance.com") + {:ok, user} = User.unblock_domain(user, "awful-and-rude-instance.com") + + refute User.blocks?(user, collateral_user) + end + end + test "get recipients from activity" do actor = insert(:user) user = insert(:user, local: true) diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 25b47ee31..bbf89136b 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -32,6 +32,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note}) end + + test "it returns 404 for non-public messages", %{conn: conn} do + note = insert(:direct_note) + uuid = String.split(note.data["id"], "/") |> List.last() + + conn = + conn + |> put_req_header("accept", "application/activity+json") + |> get("/objects/#{uuid}") + + assert json_response(conn, 404) + end end describe "/users/:nickname/inbox" do diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 384844095..7e771b9f8 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -266,6 +266,29 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert user.bio == "<p>Some bio</p>" end + test "it works for incoming update activities which lock the account" do + data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!() + + object = + update_data["object"] + |> Map.put("actor", data["actor"]) + |> Map.put("id", data["actor"]) + |> Map.put("manuallyApprovesFollowers", true) + + update_data = + update_data + |> Map.put("actor", data["actor"]) + |> Map.put("object", object) + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(update_data) + + user = User.get_cached_by_ap_id(data["actor"]) + assert user.info["locked"] == true + end + test "it works for incoming deletes" do activity = insert(:note_activity) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 2abcf0dfe..d1812457d 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -4,6 +4,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do alias Pleroma.Web.TwitterAPI.TwitterAPI alias Pleroma.{Repo, User, Activity, Notification} alias Pleroma.Web.{OStatus, CommonAPI} + alias Pleroma.Web.ActivityPub.ActivityPub import Pleroma.Factory import ExUnit.CaptureLog @@ -505,6 +506,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert to_string(activity.id) == id end + + test "returns 500 for a wrong id", %{conn: conn} do + user = insert(:user) + + resp = + conn + |> assign(:user, user) + |> post("/api/v1/statuses/1/favourite") + |> json_response(500) + + assert resp == "Something went wrong" + end end describe "unfavoriting" do @@ -632,6 +645,73 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do end end + describe "locked accounts" do + test "/api/v1/follow_requests works" do + user = insert(:user, %{info: %{"locked" => true}}) + other_user = insert(:user) + + {:ok, activity} = ActivityPub.follow(other_user, user) + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + + conn = + build_conn() + |> assign(:user, user) + |> get("/api/v1/follow_requests") + + assert [relationship] = json_response(conn, 200) + assert to_string(other_user.id) == relationship["id"] + end + + test "/api/v1/follow_requests/:id/authorize works" do + user = insert(:user, %{info: %{"locked" => true}}) + other_user = insert(:user) + + {:ok, activity} = ActivityPub.follow(other_user, user) + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + + conn = + build_conn() + |> assign(:user, user) + |> post("/api/v1/follow_requests/#{other_user.id}/authorize") + + assert relationship = json_response(conn, 200) + assert to_string(other_user.id) == relationship["id"] + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == true + end + + test "/api/v1/follow_requests/:id/reject works" do + user = insert(:user, %{info: %{"locked" => true}}) + other_user = insert(:user) + + {:ok, activity} = ActivityPub.follow(other_user, user) + + conn = + build_conn() + |> assign(:user, user) + |> post("/api/v1/follow_requests/#{other_user.id}/reject") + + assert relationship = json_response(conn, 200) + assert to_string(other_user.id) == relationship["id"] + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + end + end + test "account fetching", %{conn: conn} do user = insert(:user) @@ -780,6 +860,46 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert [%{"id" => ^other_user_id}] = json_response(conn, 200) end + test "blocking / unblocking a domain", %{conn: conn} do + user = insert(:user) + other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"}) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"}) + + assert %{} = json_response(conn, 200) + user = User.get_cached_by_ap_id(user.ap_id) + assert User.blocks?(user, other_user) + + conn = + build_conn() + |> assign(:user, user) + |> delete("/api/v1/domain_blocks", %{"domain" => "dogwhistle.zone"}) + + assert %{} = json_response(conn, 200) + user = User.get_cached_by_ap_id(user.ap_id) + refute User.blocks?(user, other_user) + end + + test "getting a list of domain blocks" do + user = insert(:user) + + {:ok, user} = User.block_domain(user, "bad.site") + {:ok, user} = User.block_domain(user, "even.worse.site") + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/domain_blocks") + + domain_blocks = json_response(conn, 200) + + assert "bad.site" in domain_blocks + assert "even.worse.site" in domain_blocks + end + test "unimplemented mute endpoints" do user = insert(:user) other_user = insert(:user) diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs new file mode 100644 index 000000000..3a902f128 --- /dev/null +++ b/test/web/oauth/oauth_controller_test.exs @@ -0,0 +1,113 @@ +defmodule Pleroma.Web.OAuth.OAuthControllerTest do + use Pleroma.Web.ConnCase + import Pleroma.Factory + + alias Pleroma.Repo + alias Pleroma.Web.OAuth.{Authorization, Token} + + test "redirects with oauth authorization" do + user = insert(:user) + app = insert(:oauth_app) + + conn = + build_conn() + |> post("/oauth/authorize", %{ + "authorization" => %{ + "name" => user.nickname, + "password" => "test", + "client_id" => app.client_id, + "redirect_uri" => app.redirect_uris, + "state" => "statepassed" + } + }) + + target = redirected_to(conn) + assert target =~ app.redirect_uris + + query = URI.parse(target).query |> URI.query_decoder() |> Map.new() + + assert %{"state" => "statepassed", "code" => code} = query + assert Repo.get_by(Authorization, token: code) + end + + test "issues a token for an all-body request" do + user = insert(:user) + app = insert(:oauth_app) + + {:ok, auth} = Authorization.create_authorization(app, user) + + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "authorization_code", + "code" => auth.token, + "redirect_uri" => app.redirect_uris, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert %{"access_token" => token} = json_response(conn, 200) + assert Repo.get_by(Token, token: token) + end + + test "issues a token for request with HTTP basic auth client credentials" do + user = insert(:user) + app = insert(:oauth_app) + + {:ok, auth} = Authorization.create_authorization(app, user) + + app_encoded = + (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret)) + |> Base.encode64() + + conn = + build_conn() + |> put_req_header("authorization", "Basic " <> app_encoded) + |> post("/oauth/token", %{ + "grant_type" => "authorization_code", + "code" => auth.token, + "redirect_uri" => app.redirect_uris + }) + + assert %{"access_token" => token} = json_response(conn, 200) + assert Repo.get_by(Token, token: token) + end + + test "rejects token exchange with invalid client credentials" do + user = insert(:user) + app = insert(:oauth_app) + + {:ok, auth} = Authorization.create_authorization(app, user) + + conn = + build_conn() + |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=") + |> post("/oauth/token", %{ + "grant_type" => "authorization_code", + "code" => auth.token, + "redirect_uri" => app.redirect_uris + }) + + assert resp = json_response(conn, 400) + assert %{"error" => _} = resp + refute Map.has_key?(resp, "access_token") + end + + test "rejects an invalid authorization code" do + app = insert(:oauth_app) + + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "authorization_code", + "code" => "Imobviouslyinvalid", + "redirect_uri" => app.redirect_uris, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert resp = json_response(conn, 400) + assert %{"error" => _} = json_response(conn, 400) + refute Map.has_key?(resp, "access_token") + end +end diff --git a/test/web/ostatus/ostatus_controller_test.exs b/test/web/ostatus/ostatus_controller_test.exs index ba8855093..d5adf3bf3 100644 --- a/test/web/ostatus/ostatus_controller_test.exs +++ b/test/web/ostatus/ostatus_controller_test.exs @@ -53,11 +53,21 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do conn = conn + |> put_req_header("content-type", "application/atom+xml") |> get("/users/#{user.nickname}/feed.atom") assert response(conn, 200) =~ note_activity.data["object"]["content"] end + test "returns 404 for a missing feed", %{conn: conn} do + conn = + conn + |> put_req_header("content-type", "application/atom+xml") + |> get("/users/nonexisting/feed.atom") + + assert response(conn, 404) + end + test "gets an object", %{conn: conn} do note_activity = insert(:note_activity) user = User.get_by_ap_id(note_activity.data["actor"]) @@ -77,6 +87,29 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do assert response(conn, 200) == expected end + test "404s on private objects", %{conn: conn} do + note_activity = insert(:direct_note_activity) + user = User.get_by_ap_id(note_activity.data["actor"]) + [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["object"]["id"])) + url = "/objects/#{uuid}" + + conn = + conn + |> get(url) + + assert response(conn, 404) + end + + test "404s on nonexisting objects", %{conn: conn} do + url = "/objects/123" + + conn = + conn + |> get(url) + + assert response(conn, 404) + end + test "gets an activity", %{conn: conn} do note_activity = insert(:note_activity) [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"])) @@ -89,6 +122,28 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do assert response(conn, 200) end + test "404s on private activities", %{conn: conn} do + note_activity = insert(:direct_note_activity) + [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"])) + url = "/activities/#{uuid}" + + conn = + conn + |> get(url) + + assert response(conn, 404) + end + + test "404s on nonexistent activities", %{conn: conn} do + url = "/activities/123" + + conn = + conn + |> get(url) + + assert response(conn, 404) + end + test "gets a notice", %{conn: conn} do note_activity = insert(:note_activity) url = "/notice/#{note_activity.id}" @@ -99,4 +154,25 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do assert response(conn, 200) end + + test "404s a private notice", %{conn: conn} do + note_activity = insert(:direct_note_activity) + url = "/notice/#{note_activity.id}" + + conn = + conn + |> get(url) + + assert response(conn, 404) + end + + test "404s a nonexisting notice", %{conn: conn} do + url = "/notice/123" + + conn = + conn + |> get(url) + + assert response(conn, 404) + end end diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index c2ea41aa3..bd11551df 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -260,7 +260,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do test "with credentials", %{conn: conn, user: current_user} do other_user = insert(:user) - {:ok, activity} = + {:ok, _activity} = ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) conn = @@ -510,6 +510,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert json_response(conn, 200) end + + test "with credentials, invalid param", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/favorites/create/wrong.json") + + assert json_response(conn, 400) + end + + test "with credentials, invalid activity", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/favorites/create/1.json") + + assert json_response(conn, 500) + end end describe "POST /api/favorites/destroy/:id" do @@ -668,6 +686,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do conn = conn + |> assign(:user, user) |> get("/api/statuses/friends", %{"user_id" => user.id}) assert MapSet.equal?( @@ -689,6 +708,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do conn = conn + |> assign(:user, user) |> get("/api/statuses/friends", %{"screen_name" => user.nickname}) assert MapSet.equal?( @@ -742,6 +762,38 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) end + + test "it locks an account", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "locked" => "true" + }) + + user = Repo.get!(User, user.id) + assert user.info["locked"] == true + + assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) + end + + test "it unlocks an account", %{conn: conn} do + user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/account/update_profile.json", %{ + "locked" => "false" + }) + + user = Repo.get!(User, user.id) + assert user.info["locked"] == false + + assert json_response(conn, 200) == UserView.render("user.json", %{user: user, for: user}) + end end defp valid_user(_context) do @@ -791,7 +843,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do test "Convert newlines to <br> in bio", %{conn: conn} do user = insert(:user) - conn = + _conn = conn |> assign(:user, user) |> post("/api/account/update_profile.json", %{ @@ -902,6 +954,76 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do |> post("/api/pleroma/delete_account", %{"password" => "test"}) assert json_response(conn, 200) == %{"status" => "success"} + # Wait a second for the started task to end + :timer.sleep(1000) + end + end + + describe "GET /api/pleroma/friend_requests" do + test "it lists friend requests" do + user = insert(:user, %{info: %{"locked" => true}}) + other_user = insert(:user) + + {:ok, activity} = ActivityPub.follow(other_user, user) + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + + conn = + build_conn() + |> assign(:user, user) + |> get("/api/pleroma/friend_requests") + + assert [relationship] = json_response(conn, 200) + assert other_user.id == relationship["id"] + end + end + + describe "POST /api/pleroma/friendships/approve" do + test "it approves a friend request" do + user = insert(:user, %{info: %{"locked" => true}}) + other_user = insert(:user) + + {:ok, activity} = ActivityPub.follow(other_user, user) + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + + conn = + build_conn() + |> assign(:user, user) + |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)}) + + assert relationship = json_response(conn, 200) + assert other_user.id == relationship["id"] + assert relationship["follows_you"] == true + end + end + + describe "POST /api/pleroma/friendships/deny" do + test "it denies a friend request" do + user = insert(:user, %{info: %{"locked" => true}}) + other_user = insert(:user) + + {:ok, activity} = ActivityPub.follow(other_user, user) + + user = Repo.get(User, user.id) + other_user = Repo.get(User, other_user.id) + + assert User.following?(other_user, user) == false + + conn = + build_conn() + |> assign(:user, user) + |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)}) + + assert relationship = json_response(conn, 200) + assert other_user.id == relationship["id"] + assert relationship["follows_you"] == false end end end diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs index 9f8bf4cdc..eea743b32 100644 --- a/test/web/twitter_api/views/user_view_test.exs +++ b/test/web/twitter_api/views/user_view_test.exs @@ -59,7 +59,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "statusnet_profile_url" => user.ap_id, "cover_photo" => banner, "background_image" => nil, - "is_local" => true + "is_local" => true, + "locked" => false } assert represented == UserView.render("show.json", %{user: user}) @@ -94,7 +95,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "statusnet_profile_url" => user.ap_id, "cover_photo" => banner, "background_image" => nil, - "is_local" => true + "is_local" => true, + "locked" => false } assert represented == UserView.render("show.json", %{user: user, for: follower}) @@ -130,7 +132,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "statusnet_profile_url" => follower.ap_id, "cover_photo" => banner, "background_image" => nil, - "is_local" => true + "is_local" => true, + "locked" => false } assert represented == UserView.render("show.json", %{user: follower, for: user}) @@ -173,7 +176,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "statusnet_profile_url" => user.ap_id, "cover_photo" => banner, "background_image" => nil, - "is_local" => true + "is_local" => true, + "locked" => false } blocker = Repo.get(User, blocker.id) |