diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/fixtures/fulmo.html | 151 | ||||
| -rw-r--r-- | test/pleroma/emoji/pack_test.exs | 58 | ||||
| -rw-r--r-- | test/pleroma/safe_zip_test.exs | 496 | ||||
| -rw-r--r-- | test/pleroma/web/activity_pub/activity_pub_controller_test.exs | 74 | ||||
| -rw-r--r-- | test/pleroma/web/activity_pub/mrf/fo_direct_reply_test.exs | 117 | ||||
| -rw-r--r-- | test/pleroma/web/activity_pub/mrf/quiet_reply_test.exs | 140 | ||||
| -rw-r--r-- | test/pleroma/web/activity_pub/object_validators/attachment_validator_test.exs | 17 | ||||
| -rw-r--r-- | test/pleroma/web/activity_pub/transmogrifier_test.exs | 240 | ||||
| -rw-r--r-- | test/pleroma/web/metadata/providers/open_graph_test.exs | 55 | ||||
| -rw-r--r-- | test/pleroma/web/metadata/providers/twitter_card_test.exs | 54 | ||||
| -rw-r--r-- | test/pleroma/web/rich_media/parser_test.exs | 1 | ||||
| -rw-r--r-- | test/pleroma/web/rich_media/parsers/twitter_card_test.exs | 37 |
12 files changed, 1166 insertions, 274 deletions
diff --git a/test/fixtures/fulmo.html b/test/fixtures/fulmo.html new file mode 100644 index 000000000..e54eaf8d8 --- /dev/null +++ b/test/fixtures/fulmo.html @@ -0,0 +1,151 @@ +<!DOCTYPE html> +<html lang='eo'> + <head> + <meta charset='utf-8'/> + <meta name='author' content='Tirifto'/> + <meta name='generator' content='Pageling'/> + <meta name='viewport' content='width=device-width, + height=device-height, + initial-scale=1.0'/> + <link rel='stylesheet' type='text/css' href='/r/stiloj/tiriftejo.css'/> + <link rel='alternate' type='application/atom+xml' href='/eo/novajhoj.atom'/> + <link rel='icon' size='16x16' type='image/vnd.microsoft.icon' href='/favicon.ico'/> + <link rel='icon' size='128x128' type='image/png' href='/icon.png'/> + <link rel='alternate' hreflang='eo' href='https://tirifto.xwx.moe/eo/rakontoj/fulmo.html'/> + <title>Fulmo</title> + <meta property='og:title' content='Fulmo'/> + <meta property='og:type' content='website'/> + <meta property='og:url' content='https://tirifto.xwx.moe/eo/rakontoj/fulmo.html'/> + <meta property='og:site_name' content='Tiriftejo'/> + <meta property='og:locale' content='eo'/> + <meta property='og:description' content='Pri feoj, kiuj devis ordigi falintan arbon.'/> + <meta property='og:image' content='https://tirifto.xwx.moe/r/ilustrajhoj/pinglordigado.png'/> + <meta property='og:image:alt' content='Meze de arbaro kuŝas falinta trunko, sen pingloj kaj kun branĉoj derompitaj. Post ĝi videblas du feoj: florofeo maldekstre kaj nubofeo dekstre. La florofeo iom kaŝas sin post la trunko. La nubofeo staras kaj tenas amason da pigloj. Ili iom rigardas al si.'/> + <meta property='og:image:height' content='630'/> + <meta property='og:image:width' content='1200'/> + <meta property='og:image' content='https://tirifto.xwx.moe/r/opengraph/eo.png'/> + <meta property='og:image:alt' content='La tirifta okulo ĉirkaŭita de ornamaj steloj kaj la teksto: »Tiriftejo. Esperanto.«'/> + <meta property='og:image:height' content='630'/> + <meta property='og:image:width' content='1200'/> + </head> + <body> + <header id='website-header'> + <nav id='website-navigation'> + <input type='checkbox' id='website-navigation-toggle' + aria-description='Montri ligilojn al ĉefaj paĝoj de la retejo.'/> + <label for='website-navigation-toggle'>Paĝoj</label> + <a href='/eo/verkoj.html'>Verkoj</a> + <a href='/eo/novajhoj.html'>Novaĵoj</a> + <a href='/eo/donacoj.html'>Donacoj</a> + <a href='/eo/prio.html'>Prio</a> + <a href='/eo/amikoj.html'>Amikoj</a> + <a href='/eo/kontakto.html'>Kontakto</a> + + </nav> + <span id='eye' role='img' aria-label=''></span> + <nav id='language-switcher' + aria-roledescription='lingvo-ŝanĝilo'> + <input type='checkbox' id='language-switcher-toggle' + aria-description='Montri ligilojn al tradukoj de tiu ĉi paĝo.'/> + <label for='language-switcher-toggle'>Lingvoj</label> + <a href='fulmo.html' lang='eo' hreflang='eo'><img aria-hidden='true' alt='' src='/r/flagoj/eo.png'/>Esperanto</a> + </nav> + </header> + <div class='bodier'> + <nav id='work-links'> + <a href='.'>Ceteraj rakontoj</a> + <a href='../bildosignoj'>Bildosignoj</a> + <a href='../eseoj'>Eseoj</a> + <a href='../ludoj'>Ludoj</a> + <a href='../poemoj'>Poemoj</a> + <a href='../vortaroj'>Vortaroj</a> + </nav> + <main> + <article> + <header> + <h1>Fulmo</h1> + <p>Skribis Tirifto</p> + <time datetime='2025-01-31'>2025-01-31</time> + </header> + <p>»Kial ĉiam mi? Tio ne justas! Oni kulpigas min, sed ja ne mi kulpas!« La nubofeo lamentis, dum ĝi ordigis restaĵojn de falinta arbo. Plejparto el la pingloj estis brulintaj, kaj el la trunko ankoraŭ leviĝis fumo.</p> + <p>Subite aŭdeblis ekstraj kraketoj deapude. Ĝi rigardis flanken, kaj vidis iun kaŭri apud la arbo, derompi branĉetojn, kaj orde ilin amasigi. Ŝajnis, ke ekde sia rimarkiĝo, la nekonatulo laŭeble kuntiriĝis, kaj strebis labori kiel eble plej silente.</p> + <p>»Saluton…?« La nubofeo stariĝis, alporolante la eston. Tiu kvazaŭ frostiĝis, sed timeme ankaŭ stariĝis.</p> + <p>»S- Saluton…« Ĝi respondis sen kuraĝo rigardi ĝiadirekten. Nun stare, videblis ke ĝi estas verdanta florofeo.</p> + <p>»… kion vi faras tie ĉi?« La nubofeo demandis.</p> + <p>»Nu… tiel kaj tiel… mi ordigas.«</p> + <p>»Ho. Mi ricevis taskon ordigi ĉi tie… se vi povas atendi, vi ne bezonas peni!«</p> + <p>»N- Nu… mi tamen volus…« Parolis la florofeo, plu deturnante la kapon.</p> + <p>»Nu… bone, se vi tion deziras… dankon!« La nubofeo dankis, kaj returniĝis al sia laboro.</p> + <p>Fojfoje ĝi scivole rigardis al sia nova kunlaboranto, kaj fojfoje renkontis similan rigardon de ĝia flanko, kiuokaze ambaŭ rigardoj rapide revenis al la ordigataj pingloj kaj branĉetoj. »(Kial tiom volonte helpi min?)« Pensis al si la nubofeo. »(Ĉu ĝi simple tiom bonkoras? Ĝi ja tre bele floras; eble ankaŭ ĝia koro tiel same belas…)« Kaj vere, ĝiaj surfloroj grandanime malfermis siajn belkolorajn folietojn, kaj bonodoris al mondo.</p> + <figure> + <picture> + <source srcset='/r/ilustrajhoj/pinglordigado.jxl' type='image/jxl'/> + <img src='/r/ilustrajhoj/pinglordigado.png' alt='Meze de arbaro kuŝas falinta trunko, sen pingloj kaj kun branĉoj derompitaj. Post ĝi videblas du feoj: florofeo maldekstre kaj nubofeo dekstre. La florofeo iom kaŝas sin post la trunko. La nubofeo staras kaj tenas amason da pigloj. Ili iom rigardas al si.'/> + </picture> + <figcaption> + Pinglordigado + <details> + <summary>© <time datetime='2025'>2025</time> Tirifto</summary> + <a href='https://artlibre.org/'><img src='/r/permesiloj/lal.svg' class='stamp licence' alt='Emblemo: Permesilo de arto libera'/></a> + </details> + </figcaption> + </figure> + <p>Post iom da tempo, ĉiu feo tralaboris ĝis la trunkomezo, kaj proksimiĝis al la alia feo. Kaj tiam ekpezis sur ili devosento rompi la silenton.</p> + <p>»… kia bela vetero, ĉu ne?« Diris la nubofeo, tuj rimarkonte, ke mallumiĝas, kaj la ĉielo restas kovrita de nuboj.</p> + <p>»Jes ja! Tre nube. Mi ŝatas nubojn!« Respondis la alia entuziasme, sed tuj haltetis kaj deturnis la kapon. Ambaŭ feoj daŭrigis laboron silente, kaj plu proksimiĝis, ĝis tiu preskaŭ estis finita.</p> + <p>»H… H… Ho ne…!« Subite ekdiris la nubofeo urĝe.</p> + <p>»Kio okazas?!«</p> + <p>»T… Tern…!«</p> + <p>»Jen! Tenu!« La florofeo etendis manon kun granda folio. La nubofeo ĝin prenis, kaj tien ternis. Aperis ekfulmo, kaj la cindriĝinta folio disfalis.</p> + <p>»Pardonu… mi ne volis…« Bedaŭris la nubofeo. »Mi ne scias, kial tio ĉiam okazas! Tiom plaĉas al mi promeni tere, sed ĉiuj diras, ke mi maldevus, ĉar ial ĝi ĉiam finiĝas tiel ĉi.« Ĝi montris al la arbo. »Eble ili pravas…«</p> + <p>»Nu…« diris la florofeo bedaŭre, kaj etendis la manon.</p> + <p>»H… H… Ne ree…!«</p> + <p>Ekfulmis. Alia ĵus metita folio cindriĝis en la manoj de la florofeo, time ferminta la okulojn.</p> + <p>»Dankegon… mi tre ŝatas vian helpon! Kaj mi ne… ne…«</p> + <p>Metiĝis. Ekfulmis. Cindriĝis.</p> + <p>»Io tre iritas mian nazon!« Plendis la nubofeo. Poste ĝi rimarkis la florpolvon, kiu disŝutiĝis el la florofeo en la tutan ĉirkaŭaĵon, kaj eĉ tuj antaŭ la nubofeon.</p> + <p>»N- Nu…« Diris la florofeo, honte rigardanta la teron. »… pardonu.«</p> + <footer> + <noscript><p>Ĉu vi ŝatas la verkon? <a href='/eo/donacoj.html'>Subtenu min</a> aŭ kopiu adreson de la verko por diskonigi ĝin!</p></noscript> + <script id='underbuttons'> + /* @license magnet:?xt=urn:btih:90dc5c0be029de84e523b9b3922520e79e0e6f08&dn=cc0.txt CC0-1.0 */ + document.getElementById('underbuttons').outerHTML = "<p><a href='/eo/donacoj.html' class='button' target='_blank'>Subtenu min</a> <button onclick='navigator.clipboard.writeText(window.location.href.split(\"\#\")[0]).then(() => window.alert(\"Ligilo al ĉi tiu verko estas kopiita. Sendu ĝin al iu por diskonigi la verkon! 🐱\"))'>Diskonigu la verkon</button></p>" + /* @license-end */ + </script> + <details class='history'> + <summary>Historio</summary> + <dl> + <dt><time datetime='2025-01-31'>2025-01-31</time></dt> + <dd>Unua publikigo.</dd> + </dl> + </details> + <details class='licence' open='details'> + <summary>Permesilo</summary> + <p>Ĉi tiun verkon vi rajtas libere kopii, disdoni, kaj ŝanĝi, laŭ kondiĉoj de la <a href='https://artlibre.org/'>Permesilo de arto libera</a>. (Resume: Vi devas mencii la aŭtoron kaj doni ligilon al la verko. Se vi ŝanĝas la verkon, vi devas laŭeble noti la faritajn ŝanĝojn, ilian daton, kaj eldoni ilin sub la sama permesilo.)</p> + <a href='https://artlibre.org/'><img src='/r/permesiloj/lal.svg' class='stamp licence' alt='Emblemo: Permesilo de arto libera'/></a> + </details> + </footer> + </article> + </main> + </div> + <footer id='website-footer'> + <div class='stamps'> + <a href='https://gnu.org/'> + <img class='stamp' src='/r/retetikedoj/gnu.png' lang='en' alt='GNU'/></a> + <img class='stamp' src='/r/retetikedoj/ihhtus.png' lang='el' alt='ΙΧΘΥΣ'/> + <img class='stamp' src='/r/retetikedoj/be-kind.apng' lang='en' alt='Be kind.'/> + <img class='stamp' src='/r/retetikedoj/kulturo-libera.png' lang='eo' alt='Kulturo libera.'/> + <img class='stamp' src='/r/retetikedoj/discord.png' lang='en' alt='Say ‘no’ to Discord.'/> + <a href='https://xwx.moe/'> + <img class='stamp' src='/r/retetikedoj/xwx-moe.png' alt='xwx.moe'/></a> + <a href='https://mojeek.co.uk' hreflang='en'> + <img class='stamp' src='/r/retetikedoj/mojeek.png' lang='en' alt='Mojeek'/></a> + <a href='https://raku.org/' hreflang='en'> + <img class='stamp' src='/r/retetikedoj/raku.png' alt='Raku'/></a> + <picture> + <source srcset='/r/retetikedoj/jxl.jxl' type='image/jxl'/> + <img class='stamp' src='/r/retetikedoj/jxl.png' alt='JPEG XL'/></picture> + </div> + </footer> + </body> +</html> diff --git a/test/pleroma/emoji/pack_test.exs b/test/pleroma/emoji/pack_test.exs index a05609e9a..6ab3e657e 100644 --- a/test/pleroma/emoji/pack_test.exs +++ b/test/pleroma/emoji/pack_test.exs @@ -4,6 +4,7 @@ defmodule Pleroma.Emoji.PackTest do use Pleroma.DataCase + alias Pleroma.Emoji alias Pleroma.Emoji.Pack @emoji_path Path.join( @@ -53,6 +54,63 @@ defmodule Pleroma.Emoji.PackTest do assert updated_pack.files_count == 5 end + + test "skips existing emojis when adding from zip file", %{pack: pack} do + # First, let's create a test pack with a "bear" emoji + test_pack_path = Path.join(@emoji_path, "test_bear_pack") + File.mkdir_p(test_pack_path) + + # Create a pack.json file + File.write!(Path.join(test_pack_path, "pack.json"), """ + { + "files": { "bear": "bear.png" }, + "pack": { + "description": "Bear Pack", "homepage": "https://pleroma.social", + "license": "Test license", "share-files": true + }} + """) + + # Copy a test image to use as the bear emoji + File.cp!( + Path.absname("test/instance_static/emoji/test_pack/blank.png"), + Path.join(test_pack_path, "bear.png") + ) + + # Load the pack to register the "bear" emoji in the global registry + {:ok, _bear_pack} = Pleroma.Emoji.Pack.load_pack("test_bear_pack") + + # Reload emoji to make sure the bear emoji is in the global registry + Emoji.reload() + + # Verify that the bear emoji exists in the global registry + assert Emoji.exist?("bear") + + # Now try to add a zip file that contains an emoji with the same shortcode + file = %Plug.Upload{ + content_type: "application/zip", + filename: "emojis.zip", + path: Path.absname("test/fixtures/emojis.zip") + } + + {:ok, updated_pack} = Pack.add_file(pack, nil, nil, file) + + # Verify that the "bear" emoji was skipped + refute Map.has_key?(updated_pack.files, "bear") + + # Other emojis should be added + assert Map.has_key?(updated_pack.files, "a_trusted_friend-128") + assert Map.has_key?(updated_pack.files, "auroraborealis") + assert Map.has_key?(updated_pack.files, "baby_in_a_box") + assert Map.has_key?(updated_pack.files, "bear-128") + + # Total count should be 4 (all emojis except "bear") + assert updated_pack.files_count == 4 + + # Clean up the test pack + on_exit(fn -> + File.rm_rf!(test_pack_path) + end) + end end test "returns error when zip file is bad", %{pack: pack} do diff --git a/test/pleroma/safe_zip_test.exs b/test/pleroma/safe_zip_test.exs new file mode 100644 index 000000000..3312d4e63 --- /dev/null +++ b/test/pleroma/safe_zip_test.exs @@ -0,0 +1,496 @@ +defmodule Pleroma.SafeZipTest do + # Not making this async because it creates and deletes files + use ExUnit.Case + + alias Pleroma.SafeZip + + @fixtures_dir "test/fixtures" + @tmp_dir "test/zip_tmp" + + setup do + # Ensure tmp directory exists + File.mkdir_p!(@tmp_dir) + + on_exit(fn -> + # Clean up any files created during tests + File.rm_rf!(@tmp_dir) + File.mkdir_p!(@tmp_dir) + end) + + :ok + end + + describe "list_dir_file/1" do + test "lists files in a valid zip" do + {:ok, files} = SafeZip.list_dir_file(Path.join(@fixtures_dir, "emojis.zip")) + assert is_list(files) + assert length(files) > 0 + end + + test "returns an empty list for empty zip" do + {:ok, files} = SafeZip.list_dir_file(Path.join(@fixtures_dir, "empty.zip")) + assert files == [] + end + + test "returns error for non-existent file" do + assert {:error, _} = SafeZip.list_dir_file(Path.join(@fixtures_dir, "nonexistent.zip")) + end + + test "only lists regular files, not directories" do + # Create a zip with both files and directories + zip_path = create_zip_with_directory() + + # List files with SafeZip + {:ok, files} = SafeZip.list_dir_file(zip_path) + + # Verify only regular files are listed, not directories + assert "file_in_dir/test_file.txt" in files + assert "root_file.txt" in files + + # Directory entries should not be included in the list + refute "file_in_dir/" in files + end + end + + describe "contains_all_data?/2" do + test "returns true when all files are in the archive" do + # For this test, we'll create our own zip file with known content + # to ensure we can test the contains_all_data? function properly + zip_path = create_zip_with_directory() + archive_data = File.read!(zip_path) + + # Check if the archive contains the root file + # Note: The function expects charlists (Erlang strings) in the MapSet + assert SafeZip.contains_all_data?(archive_data, MapSet.new([~c"root_file.txt"])) + end + + test "returns false when files are missing" do + archive_path = Path.join(@fixtures_dir, "emojis.zip") + archive_data = File.read!(archive_path) + + # Create a MapSet with non-existent files + fset = MapSet.new([~c"nonexistent.txt"]) + + refute SafeZip.contains_all_data?(archive_data, fset) + end + + test "returns false for invalid archive data" do + refute SafeZip.contains_all_data?("invalid data", MapSet.new([~c"file.txt"])) + end + + test "only checks for regular files, not directories" do + # Create a zip with both files and directories + zip_path = create_zip_with_directory() + archive_data = File.read!(zip_path) + + # Check if the archive contains a directory (should return false) + refute SafeZip.contains_all_data?(archive_data, MapSet.new([~c"file_in_dir/"])) + + # For this test, we'll manually check if the file exists in the archive + # by extracting it and verifying it exists + extract_dir = Path.join(@tmp_dir, "extract_check") + File.mkdir_p!(extract_dir) + {:ok, files} = SafeZip.unzip_file(zip_path, extract_dir) + + # Verify the root file was extracted + assert Enum.any?(files, fn file -> + Path.basename(file) == "root_file.txt" + end) + + # Verify the file exists on disk + assert File.exists?(Path.join(extract_dir, "root_file.txt")) + end + end + + describe "zip/4" do + test "creates a zip file on disk" do + # Create a test file + test_file_path = Path.join(@tmp_dir, "test_file.txt") + File.write!(test_file_path, "test content") + + # Create a zip file + zip_path = Path.join(@tmp_dir, "test.zip") + assert {:ok, ^zip_path} = SafeZip.zip(zip_path, ["test_file.txt"], @tmp_dir, false) + + # Verify the zip file exists + assert File.exists?(zip_path) + end + + test "creates a zip file in memory" do + # Create a test file + test_file_path = Path.join(@tmp_dir, "test_file.txt") + File.write!(test_file_path, "test content") + + # Create a zip file in memory + zip_name = Path.join(@tmp_dir, "test.zip") + + assert {:ok, {^zip_name, zip_data}} = + SafeZip.zip(zip_name, ["test_file.txt"], @tmp_dir, true) + + # Verify the zip data is binary + assert is_binary(zip_data) + end + + test "returns error for unsafe paths" do + # Try to zip a file with path traversal + assert {:error, _} = + SafeZip.zip( + Path.join(@tmp_dir, "test.zip"), + ["../fixtures/test.txt"], + @tmp_dir, + false + ) + end + + test "can create zip with directories" do + # Create a directory structure + dir_path = Path.join(@tmp_dir, "test_dir") + File.mkdir_p!(dir_path) + + file_in_dir_path = Path.join(dir_path, "file_in_dir.txt") + File.write!(file_in_dir_path, "file in directory") + + # Create a zip file + zip_path = Path.join(@tmp_dir, "dir_test.zip") + + assert {:ok, ^zip_path} = + SafeZip.zip( + zip_path, + ["test_dir/file_in_dir.txt"], + @tmp_dir, + false + ) + + # Verify the zip file exists + assert File.exists?(zip_path) + + # Extract and verify the directory structure is preserved + extract_dir = Path.join(@tmp_dir, "extract") + {:ok, files} = SafeZip.unzip_file(zip_path, extract_dir) + + # Check if the file path is in the list, accounting for possible full paths + assert Enum.any?(files, fn file -> + String.ends_with?(file, "file_in_dir.txt") + end) + + # Verify the file exists in the expected location + assert File.exists?(Path.join([extract_dir, "test_dir", "file_in_dir.txt"])) + end + end + + describe "unzip_file/3" do + test "extracts files from a zip archive" do + archive_path = Path.join(@fixtures_dir, "emojis.zip") + + # Extract the archive + assert {:ok, files} = SafeZip.unzip_file(archive_path, @tmp_dir) + + # Verify files were extracted + assert is_list(files) + assert length(files) > 0 + + # Verify at least one file exists + first_file = List.first(files) + + # Simply check that the file exists in the tmp directory + assert File.exists?(first_file) + end + + test "extracts specific files from a zip archive" do + archive_path = Path.join(@fixtures_dir, "emojis.zip") + + # Get list of files in the archive + {:ok, all_files} = SafeZip.list_dir_file(archive_path) + file_to_extract = List.first(all_files) + + # Extract only one file + assert {:ok, [extracted_file]} = + SafeZip.unzip_file(archive_path, @tmp_dir, [file_to_extract]) + + # Verify only the specified file was extracted + assert Path.basename(extracted_file) == Path.basename(file_to_extract) + + # Check that the file exists in the tmp directory + assert File.exists?(Path.join(@tmp_dir, Path.basename(file_to_extract))) + end + + test "returns error for invalid zip file" do + invalid_path = Path.join(@tmp_dir, "invalid.zip") + File.write!(invalid_path, "not a zip file") + + assert {:error, _} = SafeZip.unzip_file(invalid_path, @tmp_dir) + end + + test "creates directories when extracting files in subdirectories" do + # Create a zip with files in subdirectories + zip_path = create_zip_with_directory() + + # Extract the archive + assert {:ok, files} = SafeZip.unzip_file(zip_path, @tmp_dir) + + # Verify files were extracted - handle both relative and absolute paths + assert Enum.any?(files, fn file -> + Path.basename(file) == "test_file.txt" && + String.contains?(file, "file_in_dir") + end) + + assert Enum.any?(files, fn file -> + Path.basename(file) == "root_file.txt" + end) + + # Verify directory was created + dir_path = Path.join(@tmp_dir, "file_in_dir") + assert File.exists?(dir_path) + assert File.dir?(dir_path) + + # Verify file in directory was extracted + file_path = Path.join(dir_path, "test_file.txt") + assert File.exists?(file_path) + end + end + + describe "unzip_data/3" do + test "extracts files from zip data" do + archive_path = Path.join(@fixtures_dir, "emojis.zip") + archive_data = File.read!(archive_path) + + # Extract the archive from data + assert {:ok, files} = SafeZip.unzip_data(archive_data, @tmp_dir) + + # Verify files were extracted + assert is_list(files) + assert length(files) > 0 + + # Verify at least one file exists + first_file = List.first(files) + + # Simply check that the file exists in the tmp directory + assert File.exists?(first_file) + end + + test "extracts specific files from zip data" do + archive_path = Path.join(@fixtures_dir, "emojis.zip") + archive_data = File.read!(archive_path) + + # Get list of files in the archive + {:ok, all_files} = SafeZip.list_dir_file(archive_path) + file_to_extract = List.first(all_files) + + # Extract only one file + assert {:ok, extracted_files} = + SafeZip.unzip_data(archive_data, @tmp_dir, [file_to_extract]) + + # Verify only the specified file was extracted + assert Enum.any?(extracted_files, fn path -> + Path.basename(path) == Path.basename(file_to_extract) + end) + + # Simply check that the file exists in the tmp directory + assert File.exists?(Path.join(@tmp_dir, Path.basename(file_to_extract))) + end + + test "returns error for invalid zip data" do + assert {:error, _} = SafeZip.unzip_data("not a zip file", @tmp_dir) + end + + test "creates directories when extracting files in subdirectories from data" do + # Create a zip with files in subdirectories + zip_path = create_zip_with_directory() + archive_data = File.read!(zip_path) + + # Extract the archive from data + assert {:ok, files} = SafeZip.unzip_data(archive_data, @tmp_dir) + + # Verify files were extracted - handle both relative and absolute paths + assert Enum.any?(files, fn file -> + Path.basename(file) == "test_file.txt" && + String.contains?(file, "file_in_dir") + end) + + assert Enum.any?(files, fn file -> + Path.basename(file) == "root_file.txt" + end) + + # Verify directory was created + dir_path = Path.join(@tmp_dir, "file_in_dir") + assert File.exists?(dir_path) + assert File.dir?(dir_path) + + # Verify file in directory was extracted + file_path = Path.join(dir_path, "test_file.txt") + assert File.exists?(file_path) + end + end + + # Security tests + describe "security checks" do + test "prevents path traversal in zip extraction" do + # Create a malicious zip file with path traversal + malicious_zip_path = create_malicious_zip_with_path_traversal() + + # Try to extract it with SafeZip + assert {:error, _} = SafeZip.unzip_file(malicious_zip_path, @tmp_dir) + + # Verify the file was not extracted outside the target directory + refute File.exists?(Path.join(Path.dirname(@tmp_dir), "traversal_attempt.txt")) + end + + test "prevents directory traversal in zip listing" do + # Create a malicious zip file with path traversal + malicious_zip_path = create_malicious_zip_with_path_traversal() + + # Try to list files with SafeZip + assert {:error, _} = SafeZip.list_dir_file(malicious_zip_path) + end + + test "prevents path traversal in zip data extraction" do + # Create a malicious zip file with path traversal + malicious_zip_path = create_malicious_zip_with_path_traversal() + malicious_data = File.read!(malicious_zip_path) + + # Try to extract it with SafeZip + assert {:error, _} = SafeZip.unzip_data(malicious_data, @tmp_dir) + + # Verify the file was not extracted outside the target directory + refute File.exists?(Path.join(Path.dirname(@tmp_dir), "traversal_attempt.txt")) + end + + test "handles zip bomb attempts" do + # Create a zip bomb (a zip with many files or large files) + zip_bomb_path = create_zip_bomb() + + # The SafeZip module should handle this gracefully + # Either by successfully extracting it (if it's not too large) + # or by returning an error (if it detects a potential zip bomb) + result = SafeZip.unzip_file(zip_bomb_path, @tmp_dir) + + case result do + {:ok, _} -> + # If it successfully extracts, make sure it didn't fill up the disk + # This is a simple check to ensure the extraction was controlled + assert File.exists?(@tmp_dir) + + {:error, _} -> + # If it returns an error, that's also acceptable + # The important thing is that it doesn't crash or hang + assert true + end + end + + test "handles deeply nested directory structures" do + # Create a zip with deeply nested directories + deep_nest_path = create_deeply_nested_zip() + + # The SafeZip module should handle this gracefully + result = SafeZip.unzip_file(deep_nest_path, @tmp_dir) + + case result do + {:ok, files} -> + # If it successfully extracts, verify the files were extracted + assert is_list(files) + assert length(files) > 0 + + {:error, _} -> + # If it returns an error, that's also acceptable + # The important thing is that it doesn't crash or hang + assert true + end + end + end + + # Helper functions to create test fixtures + + # Creates a zip file with a path traversal attempt + defp create_malicious_zip_with_path_traversal do + malicious_zip_path = Path.join(@tmp_dir, "path_traversal.zip") + + # Create a file to include in the zip + test_file_path = Path.join(@tmp_dir, "test_file.txt") + File.write!(test_file_path, "malicious content") + + # Use Erlang's zip module directly to create a zip with path traversal + {:ok, charlist_path} = + :zip.create( + String.to_charlist(malicious_zip_path), + [{String.to_charlist("../traversal_attempt.txt"), File.read!(test_file_path)}] + ) + + to_string(charlist_path) + end + + # Creates a zip file with directory entries + defp create_zip_with_directory do + zip_path = Path.join(@tmp_dir, "with_directory.zip") + + # Create files to include in the zip + root_file_path = Path.join(@tmp_dir, "root_file.txt") + File.write!(root_file_path, "root file content") + + # Create a directory and a file in it + dir_path = Path.join(@tmp_dir, "file_in_dir") + File.mkdir_p!(dir_path) + + file_in_dir_path = Path.join(dir_path, "test_file.txt") + File.write!(file_in_dir_path, "file in directory content") + + # Use Erlang's zip module to create a zip with directory structure + {:ok, charlist_path} = + :zip.create( + String.to_charlist(zip_path), + [ + {String.to_charlist("root_file.txt"), File.read!(root_file_path)}, + {String.to_charlist("file_in_dir/test_file.txt"), File.read!(file_in_dir_path)} + ] + ) + + to_string(charlist_path) + end + + # Creates a zip bomb (a zip with many small files) + defp create_zip_bomb do + zip_path = Path.join(@tmp_dir, "zip_bomb.zip") + + # Create a small file to duplicate many times + small_file_path = Path.join(@tmp_dir, "small_file.txt") + File.write!(small_file_path, String.duplicate("A", 100)) + + # Create a list of many files to include in the zip + file_entries = + for i <- 1..100 do + {String.to_charlist("file_#{i}.txt"), File.read!(small_file_path)} + end + + # Use Erlang's zip module to create a zip with many files + {:ok, charlist_path} = + :zip.create( + String.to_charlist(zip_path), + file_entries + ) + + to_string(charlist_path) + end + + # Creates a zip with deeply nested directories + defp create_deeply_nested_zip do + zip_path = Path.join(@tmp_dir, "deep_nest.zip") + + # Create a file to include in the zip + file_content = "test content" + + # Create a list of deeply nested files + file_entries = + for i <- 1..10 do + nested_path = Enum.reduce(1..i, "nested", fn j, acc -> "#{acc}/level_#{j}" end) + {String.to_charlist("#{nested_path}/file.txt"), file_content} + end + + # Use Erlang's zip module to create a zip with deeply nested directories + {:ok, charlist_path} = + :zip.create( + String.to_charlist(zip_path), + file_entries + ) + + to_string(charlist_path) + end +end diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs index b08690ed2..46b3d5f0d 100644 --- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs @@ -1344,6 +1344,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end describe "GET /users/:nickname/outbox" do + setup do + Mox.stub_with(Pleroma.StaticStubbedConfigMock, Pleroma.Config) + :ok + end + test "it paginates correctly", %{conn: conn} do user = insert(:user) conn = assign(conn, :user, user) @@ -1432,6 +1437,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert %{"orderedItems" => []} = resp end + test "it does not return a local note activity when C2S API is disabled", %{conn: conn} do + clear_config([:activitypub, :client_api_enabled], false) + user = insert(:user) + reader = insert(:user) + {:ok, _note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"}) + + resp = + conn + |> assign(:user, reader) + |> put_req_header("accept", "application/activity+json") + |> get("/users/#{user.nickname}/outbox?page=true") + |> json_response(200) + + assert %{"orderedItems" => []} = resp + end + test "it returns a note activity in a collection", %{conn: conn} do note_activity = insert(:note_activity) note_object = Object.normalize(note_activity, fetch: false) @@ -1483,6 +1504,35 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert [answer_outbox] = outbox_get["orderedItems"] assert answer_outbox["id"] == activity.data["id"] end + + test "it works with authorized fetch forced when authenticated" do + clear_config([:activitypub, :authorized_fetch_mode], true) + + user = insert(:user) + outbox_endpoint = user.ap_id <> "/outbox" + + conn = + build_conn() + |> assign(:user, user) + |> put_req_header("accept", "application/activity+json") + |> get(outbox_endpoint) + + assert json_response(conn, 200) + end + + test "it fails with authorized fetch forced when unauthenticated", %{conn: conn} do + clear_config([:activitypub, :authorized_fetch_mode], true) + + user = insert(:user) + outbox_endpoint = user.ap_id <> "/outbox" + + conn = + conn + |> put_req_header("accept", "application/activity+json") + |> get(outbox_endpoint) + + assert response(conn, 401) + end end describe "POST /users/:nickname/outbox (C2S)" do @@ -2153,6 +2203,30 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do |> post("/api/ap/upload_media", %{"file" => image, "description" => desc}) |> json_response(403) end + + test "they don't work when C2S API is disabled", %{conn: conn} do + clear_config([:activitypub, :client_api_enabled], false) + + user = insert(:user) + + assert conn + |> assign(:user, user) + |> get("/api/ap/whoami") + |> response(403) + + desc = "Description of the image" + + image = %Plug.Upload{ + content_type: "image/jpeg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + assert conn + |> assign(:user, user) + |> post("/api/ap/upload_media", %{"file" => image, "description" => desc}) + |> response(403) + end end test "pinned collection", %{conn: conn} do diff --git a/test/pleroma/web/activity_pub/mrf/fo_direct_reply_test.exs b/test/pleroma/web/activity_pub/mrf/fo_direct_reply_test.exs deleted file mode 100644 index 2d6af3b68..000000000 --- a/test/pleroma/web/activity_pub/mrf/fo_direct_reply_test.exs +++ /dev/null @@ -1,117 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.ActivityPub.MRF.FODirectReplyTest do - use Pleroma.DataCase - import Pleroma.Factory - - require Pleroma.Constants - - alias Pleroma.Object - alias Pleroma.Web.ActivityPub.MRF.FODirectReply - alias Pleroma.Web.CommonAPI - - test "replying to followers-only/private is changed to direct" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = - CommonAPI.post(batman, %{ - status: "Has anyone seen Selina Kyle's latest selfies?", - visibility: "private" - }) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman 🤤 ❤️ 🐈⬛", - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - expected_to = [batman.ap_id] - expected_cc = [] - - assert {:ok, filtered} = FODirectReply.filter(reply) - - assert expected_to == filtered["to"] - assert expected_cc == filtered["cc"] - assert expected_to == filtered["object"]["to"] - assert expected_cc == filtered["object"]["cc"] - end - - test "replies to unlisted posts are unmodified" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = - CommonAPI.post(batman, %{ - status: "Has anyone seen Selina Kyle's latest selfies?", - visibility: "unlisted" - }) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman 🤤 ❤️ 🐈<200d>⬛", - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - assert {:ok, filtered} = FODirectReply.filter(reply) - - assert match?(^filtered, reply) - end - - test "replies to public posts are unmodified" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = - CommonAPI.post(batman, %{status: "Has anyone seen Selina Kyle's latest selfies?"}) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman 🤤 ❤️ 🐈<200d>⬛", - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - assert {:ok, filtered} = FODirectReply.filter(reply) - - assert match?(^filtered, reply) - end - - test "non-reply posts are unmodified" do - batman = insert(:user, nickname: "batman") - - {:ok, post} = CommonAPI.post(batman, %{status: "To the Batmobile!"}) - - assert {:ok, filtered} = FODirectReply.filter(post) - - assert match?(^filtered, post) - end -end diff --git a/test/pleroma/web/activity_pub/mrf/quiet_reply_test.exs b/test/pleroma/web/activity_pub/mrf/quiet_reply_test.exs deleted file mode 100644 index 79e64d650..000000000 --- a/test/pleroma/web/activity_pub/mrf/quiet_reply_test.exs +++ /dev/null @@ -1,140 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.ActivityPub.MRF.QuietReplyTest do - use Pleroma.DataCase - import Pleroma.Factory - - require Pleroma.Constants - - alias Pleroma.Object - alias Pleroma.Web.ActivityPub.MRF.QuietReply - alias Pleroma.Web.CommonAPI - - test "replying to public post is forced to be quiet" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = CommonAPI.post(batman, %{status: "To the Batmobile!"}) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [ - batman.ap_id, - Pleroma.Constants.as_public() - ], - "cc" => [robin.follower_address], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman Wait up, I forgot my spandex!", - "to" => [ - batman.ap_id, - Pleroma.Constants.as_public() - ], - "cc" => [robin.follower_address], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - expected_to = [batman.ap_id, robin.follower_address] - expected_cc = [Pleroma.Constants.as_public()] - - assert {:ok, filtered} = QuietReply.filter(reply) - - assert expected_to == filtered["to"] - assert expected_cc == filtered["cc"] - assert expected_to == filtered["object"]["to"] - assert expected_cc == filtered["object"]["cc"] - end - - test "replying to unlisted post is unmodified" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = CommonAPI.post(batman, %{status: "To the Batmobile!", visibility: "private"}) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [batman.ap_id], - "cc" => [], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman Wait up, I forgot my spandex!", - "to" => [batman.ap_id], - "cc" => [], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - assert {:ok, filtered} = QuietReply.filter(reply) - - assert match?(^filtered, reply) - end - - test "replying direct is unmodified" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = CommonAPI.post(batman, %{status: "To the Batmobile!"}) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [batman.ap_id], - "cc" => [], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman Wait up, I forgot my spandex!", - "to" => [batman.ap_id], - "cc" => [], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - assert {:ok, filtered} = QuietReply.filter(reply) - - assert match?(^filtered, reply) - end - - test "replying followers-only is unmodified" do - batman = insert(:user, nickname: "batman") - robin = insert(:user, nickname: "robin") - - {:ok, post} = CommonAPI.post(batman, %{status: "To the Batmobile!"}) - - reply = %{ - "type" => "Create", - "actor" => robin.ap_id, - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "object" => %{ - "type" => "Note", - "actor" => robin.ap_id, - "content" => "@batman Wait up, I forgot my spandex!", - "to" => [batman.ap_id, robin.follower_address], - "cc" => [], - "inReplyTo" => Object.normalize(post).data["id"] - } - } - - assert {:ok, filtered} = QuietReply.filter(reply) - - assert match?(^filtered, reply) - end - - test "non-reply posts are unmodified" do - batman = insert(:user, nickname: "batman") - - {:ok, post} = CommonAPI.post(batman, %{status: "To the Batmobile!"}) - - assert {:ok, filtered} = QuietReply.filter(post) - - assert match?(^filtered, post) - end -end diff --git a/test/pleroma/web/activity_pub/object_validators/attachment_validator_test.exs b/test/pleroma/web/activity_pub/object_validators/attachment_validator_test.exs index 6627fa6db..744ae8704 100644 --- a/test/pleroma/web/activity_pub/object_validators/attachment_validator_test.exs +++ b/test/pleroma/web/activity_pub/object_validators/attachment_validator_test.exs @@ -13,6 +13,23 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidatorTest do import Pleroma.Factory describe "attachments" do + test "works with apng" do + attachment = + %{ + "mediaType" => "image/apng", + "name" => "", + "type" => "Document", + "url" => + "https://media.misskeyusercontent.com/io/2859c26e-cd43-4550-848b-b6243bc3fe28.apng" + } + + assert {:ok, attachment} = + AttachmentValidator.cast_and_validate(attachment) + |> Ecto.Changeset.apply_action(:insert) + + assert attachment.mediaType == "image/apng" + end + test "fails without url" do attachment = %{ "mediaType" => "", diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index fcb8d65d1..e0395d7bb 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -156,6 +156,246 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do # It fetched the quoted post assert Object.normalize("https://misskey.io/notes/8vs6wxufd0") end + + test "doesn't allow remote edits to fake local likes" do + # as a spot check for no internal fields getting injected + now = DateTime.utc_now() + pub_date = DateTime.to_iso8601(Timex.subtract(now, Timex.Duration.from_minutes(3))) + edit_date = DateTime.to_iso8601(now) + + local_user = insert(:user) + + create_data = %{ + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/statuses/2619539638/activity", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "object" => %{ + "type" => "Note", + "id" => "http://mastodon.example.org/users/admin/statuses/2619539638", + "attributedTo" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "published" => pub_date, + "content" => "miaow", + "likes" => [local_user.ap_id] + } + } + + update_data = + create_data + |> Map.put("type", "Update") + |> Map.put("id", create_data["object"]["id"] <> "/update/1") + |> put_in(["object", "content"], "miaow :3") + |> put_in(["object", "updated"], edit_date) + |> put_in(["object", "formerRepresentations"], %{ + "type" => "OrderedCollection", + "totalItems" => 1, + "orderedItems" => [create_data["object"]] + }) + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(create_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]) + assert object.data["content"] == "miaow" + assert object.data["likes"] == [] + assert object.data["like_count"] == 0 + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(update_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]["id"]) + assert object.data["content"] == "miaow :3" + assert object.data["likes"] == [] + assert object.data["like_count"] == 0 + end + + test "strips internal fields from history items in edited notes" do + now = DateTime.utc_now() + pub_date = DateTime.to_iso8601(Timex.subtract(now, Timex.Duration.from_minutes(3))) + edit_date = DateTime.to_iso8601(now) + + local_user = insert(:user) + + create_data = %{ + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/statuses/2619539638/activity", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "object" => %{ + "type" => "Note", + "id" => "http://mastodon.example.org/users/admin/statuses/2619539638", + "attributedTo" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "published" => pub_date, + "content" => "miaow", + "likes" => [], + "like_count" => 0 + } + } + + update_data = + create_data + |> Map.put("type", "Update") + |> Map.put("id", create_data["object"]["id"] <> "/update/1") + |> put_in(["object", "content"], "miaow :3") + |> put_in(["object", "updated"], edit_date) + |> put_in(["object", "formerRepresentations"], %{ + "type" => "OrderedCollection", + "totalItems" => 1, + "orderedItems" => [ + Map.merge(create_data["object"], %{ + "likes" => [local_user.ap_id], + "like_count" => 1, + "pleroma" => %{"internal_field" => "should_be_stripped"} + }) + ] + }) + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(create_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]) + assert object.data["content"] == "miaow" + assert object.data["likes"] == [] + assert object.data["like_count"] == 0 + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(update_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]["id"]) + assert object.data["content"] == "miaow :3" + assert object.data["likes"] == [] + assert object.data["like_count"] == 0 + + # Check that internal fields are stripped from history items + history_item = List.first(object.data["formerRepresentations"]["orderedItems"]) + assert history_item["likes"] == [] + assert history_item["like_count"] == 0 + refute Map.has_key?(history_item, "pleroma") + end + + test "doesn't trip over remote likes in notes" do + now = DateTime.utc_now() + pub_date = DateTime.to_iso8601(Timex.subtract(now, Timex.Duration.from_minutes(3))) + edit_date = DateTime.to_iso8601(now) + + create_data = %{ + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/statuses/3409297097/activity", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "object" => %{ + "type" => "Note", + "id" => "http://mastodon.example.org/users/admin/statuses/3409297097", + "attributedTo" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "published" => pub_date, + "content" => "miaow", + "likes" => %{ + "id" => "http://mastodon.example.org/users/admin/statuses/3409297097/likes", + "totalItems" => 0, + "type" => "Collection" + } + } + } + + update_data = + create_data + |> Map.put("type", "Update") + |> Map.put("id", create_data["object"]["id"] <> "/update/1") + |> put_in(["object", "content"], "miaow :3") + |> put_in(["object", "updated"], edit_date) + |> put_in(["object", "likes", "totalItems"], 666) + |> put_in(["object", "formerRepresentations"], %{ + "type" => "OrderedCollection", + "totalItems" => 1, + "orderedItems" => [create_data["object"]] + }) + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(create_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]) + assert object.data["content"] == "miaow" + assert object.data["likes"] == [] + assert object.data["like_count"] == 0 + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(update_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]["id"]) + assert object.data["content"] == "miaow :3" + assert object.data["likes"] == [] + # in the future this should retain remote likes, but for now: + assert object.data["like_count"] == 0 + end + + test "doesn't trip over remote likes in polls" do + now = DateTime.utc_now() + pub_date = DateTime.to_iso8601(Timex.subtract(now, Timex.Duration.from_minutes(3))) + edit_date = DateTime.to_iso8601(now) + + create_data = %{ + "type" => "Create", + "id" => "http://mastodon.example.org/users/admin/statuses/2471790073/activity", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "object" => %{ + "type" => "Question", + "id" => "http://mastodon.example.org/users/admin/statuses/2471790073", + "attributedTo" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "cc" => [], + "published" => pub_date, + "content" => "vote!", + "anyOf" => [ + %{ + "type" => "Note", + "name" => "a", + "replies" => %{ + "type" => "Collection", + "totalItems" => 3 + } + }, + %{ + "type" => "Note", + "name" => "b", + "replies" => %{ + "type" => "Collection", + "totalItems" => 1 + } + } + ], + "likes" => %{ + "id" => "http://mastodon.example.org/users/admin/statuses/2471790073/likes", + "totalItems" => 0, + "type" => "Collection" + } + } + } + + update_data = + create_data + |> Map.put("type", "Update") + |> Map.put("id", create_data["object"]["id"] <> "/update/1") + |> put_in(["object", "content"], "vote now!") + |> put_in(["object", "updated"], edit_date) + |> put_in(["object", "likes", "totalItems"], 666) + |> put_in(["object", "formerRepresentations"], %{ + "type" => "OrderedCollection", + "totalItems" => 1, + "orderedItems" => [create_data["object"]] + }) + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(create_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]) + assert object.data["content"] == "vote!" + assert object.data["likes"] == [] + assert object.data["like_count"] == 0 + + {:ok, %Pleroma.Activity{} = activity} = Transmogrifier.handle_incoming(update_data) + %Pleroma.Object{} = object = Object.get_by_ap_id(activity.data["object"]["id"]) + assert object.data["content"] == "vote now!" + assert object.data["likes"] == [] + # in the future this should retain remote likes, but for now: + assert object.data["like_count"] == 0 + end end describe "prepare outgoing" do diff --git a/test/pleroma/web/metadata/providers/open_graph_test.exs b/test/pleroma/web/metadata/providers/open_graph_test.exs index 6a0fc9b10..29cc036ba 100644 --- a/test/pleroma/web/metadata/providers/open_graph_test.exs +++ b/test/pleroma/web/metadata/providers/open_graph_test.exs @@ -9,6 +9,7 @@ defmodule Pleroma.Web.Metadata.Providers.OpenGraphTest do alias Pleroma.UnstubbedConfigMock, as: ConfigMock alias Pleroma.Web.Metadata.Providers.OpenGraph + alias Pleroma.Web.Metadata.Utils setup do ConfigMock @@ -197,4 +198,58 @@ defmodule Pleroma.Web.Metadata.Providers.OpenGraphTest do "http://localhost:4001/proxy/preview/LzAnlke-l5oZbNzWsrHfprX1rGw/aHR0cHM6Ly9wbGVyb21hLmdvdi9hYm91dC9qdWNoZS53ZWJt/juche.webm" ], []} in result end + + test "meta tag ordering matches attachment order" do + user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994") + + note = + insert(:note, %{ + data: %{ + "actor" => user.ap_id, + "tag" => [], + "id" => "https://pleroma.gov/objects/whatever", + "summary" => "", + "content" => "pleroma in a nutshell", + "attachment" => [ + %{ + "url" => [ + %{ + "mediaType" => "image/png", + "href" => "https://example.com/first.png", + "height" => 1024, + "width" => 1280 + } + ] + }, + %{ + "url" => [ + %{ + "mediaType" => "image/png", + "href" => "https://example.com/second.png", + "height" => 1024, + "width" => 1280 + } + ] + } + ] + } + }) + + result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user}) + + assert [ + {:meta, [property: "og:title", content: Utils.user_name_string(user)], []}, + {:meta, [property: "og:url", content: "https://pleroma.gov/objects/whatever"], []}, + {:meta, [property: "og:description", content: "pleroma in a nutshell"], []}, + {:meta, [property: "og:type", content: "article"], []}, + {:meta, [property: "og:image", content: "https://example.com/first.png"], []}, + {:meta, [property: "og:image:alt", content: nil], []}, + {:meta, [property: "og:image:width", content: "1280"], []}, + {:meta, [property: "og:image:height", content: "1024"], []}, + {:meta, [property: "og:image", content: "https://example.com/second.png"], []}, + {:meta, [property: "og:image:alt", content: nil], []}, + {:meta, [property: "og:image:width", content: "1280"], []}, + {:meta, [property: "og:image:height", content: "1024"], []} + ] == result + end end diff --git a/test/pleroma/web/metadata/providers/twitter_card_test.exs b/test/pleroma/web/metadata/providers/twitter_card_test.exs index f8d01c5c8..f9e917719 100644 --- a/test/pleroma/web/metadata/providers/twitter_card_test.exs +++ b/test/pleroma/web/metadata/providers/twitter_card_test.exs @@ -202,4 +202,58 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do {:meta, [name: "twitter:player:stream:content_type", content: "video/webm"], []} ] == result end + + test "meta tag ordering matches attachment order" do + user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994") + + note = + insert(:note, %{ + data: %{ + "actor" => user.ap_id, + "tag" => [], + "id" => "https://pleroma.gov/objects/whatever", + "summary" => "", + "content" => "pleroma in a nutshell", + "attachment" => [ + %{ + "url" => [ + %{ + "mediaType" => "image/png", + "href" => "https://example.com/first.png", + "height" => 1024, + "width" => 1280 + } + ] + }, + %{ + "url" => [ + %{ + "mediaType" => "image/png", + "href" => "https://example.com/second.png", + "height" => 1024, + "width" => 1280 + } + ] + } + ] + } + }) + + result = TwitterCard.build_tags(%{object: note, activity_id: note.data["id"], user: user}) + + assert [ + {:meta, [name: "twitter:title", content: Utils.user_name_string(user)], []}, + {:meta, [name: "twitter:description", content: "pleroma in a nutshell"], []}, + {:meta, [name: "twitter:card", content: "summary_large_image"], []}, + {:meta, [name: "twitter:image", content: "https://example.com/first.png"], []}, + {:meta, [name: "twitter:image:alt", content: ""], []}, + {:meta, [name: "twitter:player:width", content: "1280"], []}, + {:meta, [name: "twitter:player:height", content: "1024"], []}, + {:meta, [name: "twitter:card", content: "summary_large_image"], []}, + {:meta, [name: "twitter:image", content: "https://example.com/second.png"], []}, + {:meta, [name: "twitter:image:alt", content: ""], []}, + {:meta, [name: "twitter:player:width", content: "1280"], []}, + {:meta, [name: "twitter:player:height", content: "1024"], []} + ] == result + end end diff --git a/test/pleroma/web/rich_media/parser_test.exs b/test/pleroma/web/rich_media/parser_test.exs index 8fd75b57a..20f61badc 100644 --- a/test/pleroma/web/rich_media/parser_test.exs +++ b/test/pleroma/web/rich_media/parser_test.exs @@ -54,7 +54,6 @@ defmodule Pleroma.Web.RichMedia.ParserTest do {:ok, %{ "card" => "summary", - "site" => "@flickr", "image" => "https://farm6.staticflickr.com/5510/14338202952_93595258ff_z.jpg", "title" => "Small Island Developing States Photo Submission", "description" => "View the album on Flickr.", diff --git a/test/pleroma/web/rich_media/parsers/twitter_card_test.exs b/test/pleroma/web/rich_media/parsers/twitter_card_test.exs index e84a4e50a..15b272ff2 100644 --- a/test/pleroma/web/rich_media/parsers/twitter_card_test.exs +++ b/test/pleroma/web/rich_media/parsers/twitter_card_test.exs @@ -17,10 +17,6 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do assert TwitterCard.parse(html, %{}) == %{ - "app:id:googleplay" => "com.nytimes.android", - "app:name:googleplay" => "NYTimes", - "app:url:googleplay" => "nytimes://reader/id/100000006583622", - "site" => nil, "description" => "With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.", "image" => @@ -44,7 +40,7 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do "description" => "With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.", "image" => - "https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-videoSixteenByNineJumbo1600.jpg", + "https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-facebookJumbo.jpg", "image:alt" => "", "title" => "She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.", @@ -61,16 +57,12 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do assert TwitterCard.parse(html, %{}) == %{ - "app:id:googleplay" => "com.nytimes.android", - "app:name:googleplay" => "NYTimes", - "app:url:googleplay" => "nytimes://reader/id/100000006583622", "card" => "summary_large_image", "description" => "With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.", "image" => - "https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-videoSixteenByNineJumbo1600.jpg", + "https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-facebookJumbo.jpg", "image:alt" => "", - "site" => nil, "title" => "She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.", "url" => @@ -90,13 +82,11 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do assert TwitterCard.parse(html, %{}) == %{ - "site" => "@atlasobscura", "title" => "The Missing Grave of Margaret Corbin, Revolutionary War Veteran", "card" => "summary_large_image", "image" => image_path, "description" => "She's the only woman veteran honored with a monument at West Point. But where was she buried?", - "site_name" => "Atlas Obscura", "type" => "article", "url" => "http://www.atlasobscura.com/articles/margaret-corbin-grave-west-point" } @@ -109,12 +99,8 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do assert TwitterCard.parse(html, %{}) == %{ - "site" => nil, "title" => "She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.", - "app:id:googleplay" => "com.nytimes.android", - "app:name:googleplay" => "NYTimes", - "app:url:googleplay" => "nytimes://reader/id/100000006583622", "description" => "With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.", "image" => @@ -124,4 +110,23 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do "https://www.nytimes.com/2019/08/01/nyregion/nypd-facial-recognition-children-teenagers.html" } end + + test "takes first image if multiple are specified" do + html = + File.read!("test/fixtures/fulmo.html") + |> Floki.parse_document!() + + assert TwitterCard.parse(html, %{}) == + %{ + "description" => "Pri feoj, kiuj devis ordigi falintan arbon.", + "image" => "https://tirifto.xwx.moe/r/ilustrajhoj/pinglordigado.png", + "title" => "Fulmo", + "type" => "website", + "url" => "https://tirifto.xwx.moe/eo/rakontoj/fulmo.html", + "image:alt" => + "Meze de arbaro kuŝas falinta trunko, sen pingloj kaj kun branĉoj derompitaj. Post ĝi videblas du feoj: florofeo maldekstre kaj nubofeo dekstre. La florofeo iom kaŝas sin post la trunko. La nubofeo staras kaj tenas amason da pigloj. Ili iom rigardas al si.", + "image:height" => "630", + "image:width" => "1200" + } + end end |