10 files changed, 244 insertions, 22 deletions

diff --git a/test/captcha_test.exs b/test/captcha_test.exs
index 7f559ac72..7ca9a4607 100644
--- a/test/captcha_test.exs
+++ b/test/captcha_test.exs
@@ -29,16 +29,18 @@ defmodule Pleroma.CaptchaTest do
     end
 
     test "new and validate" do
-      assert Kocaptcha.new() == %{
-               type: :kocaptcha,
-               token: "afa1815e14e29355e6c8f6b143a39fa2",
-               url: "https://captcha.kotobank.ch/captchas/afa1815e14e29355e6c8f6b143a39fa2.png"
-             }
+      new = Kocaptcha.new()
+      assert new[:type] == :kocaptcha
+      assert new[:token] == "afa1815e14e29355e6c8f6b143a39fa2"
+
+      assert new[:url] ==
+               "https://captcha.kotobank.ch/captchas/afa1815e14e29355e6c8f6b143a39fa2.png"
 
       assert Kocaptcha.validate(
-               "afa1815e14e29355e6c8f6b143a39fa2",
-               "7oEy8c"
-             )
+               new[:token],
+               "7oEy8c",
+               new[:answer_data]
+             ) == :ok
     end
   end
 end
diff --git a/test/fixtures/rich_media/ogp.html b/test/fixtures/rich_media/ogp.html
new file mode 100644
index 000000000..c886b5871
--- /dev/null
+++ b/test/fixtures/rich_media/ogp.html
@@ -0,0 +1,9 @@
+<html prefix="og: http://ogp.me/ns#">
+  <head>
+  <title>The Rock (1996)</title>
+    <meta property="og:title" content="The Rock" />
+    <meta property="og:type" content="video.movie" />
+    <meta property="og:url" content="http://www.imdb.com/title/tt0117500/" />
+    <meta property="og:image" content="http://ia.media-imdb.com/images/rock.jpg" />
+  </head>
+</html>
diff --git a/test/support/captcha_mock.ex b/test/support/captcha_mock.ex
index 3ab02916f..9061f2b45 100644
--- a/test/support/captcha_mock.ex
+++ b/test/support/captcha_mock.ex
@@ -10,8 +10,5 @@ defmodule Pleroma.Captcha.Mock do
   def new(), do: %{type: :mock}
 
   @impl Service
-  def validate(_token, _captcha), do: true
-
-  @impl Service
-  def cleanup(), do: :ok
+  def validate(_token, _captcha, _data), do: :ok
 end
diff --git a/test/support/factory.ex b/test/support/factory.ex
index e5c0c5bcc..57fa4a79d 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -57,6 +57,19 @@ defmodule Pleroma.Factory do
     %Pleroma.Object{data: Map.merge(data, %{"to" => [user2.ap_id]})}
   end
 
+  def tombstone_factory do
+    data = %{
+      "type" => "Tombstone",
+      "id" => Pleroma.Web.ActivityPub.Utils.generate_object_id(),
+      "formerType" => "Note",
+      "deleted" => DateTime.utc_now() |> DateTime.to_iso8601()
+    }
+
+    %Pleroma.Object{
+      data: data
+    }
+  end
+
   def direct_note_activity_factory do
     dm = insert(:direct_note)
 
diff --git a/test/user_test.exs b/test/user_test.exs
index 4680850ea..869e9196d 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -706,10 +706,10 @@ defmodule Pleroma.UserTest do
   end
 
   describe "per-user rich-text filtering" do
-    test "html_filter_policy returns nil when rich-text is enabled" do
+    test "html_filter_policy returns default policies, when rich-text is enabled" do
       user = insert(:user)
 
-      assert nil == User.html_filter_policy(user)
+      assert Pleroma.Config.get([:markup, :scrub_policy]) == User.html_filter_policy(user)
     end
 
     test "html_filter_policy returns TwitterText scrubber when rich-text is disabled" do
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index cb95e0e09..7d1fe184e 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -6,7 +6,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory
   alias Pleroma.Web.ActivityPub.{UserView, ObjectView}
-  alias Pleroma.{Repo, User}
+  alias Pleroma.{Object, Repo, User}
   alias Pleroma.Activity
 
   setup_all do
@@ -75,6 +75,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
       assert json_response(conn, 404)
     end
+
+    test "it returns 404 for tombstone objects", %{conn: conn} do
+      tombstone = insert(:tombstone)
+      uuid = String.split(tombstone.data["id"], "/") |> List.last()
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/objects/#{uuid}")
+
+      assert json_response(conn, 404)
+    end
   end
 
   describe "/inbox" do
@@ -179,7 +191,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert json_response(conn, 403)
     end
 
-    test "it inserts an incoming activity into the database", %{conn: conn} do
+    test "it inserts an incoming create activity into the database", %{conn: conn} do
       data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
       user = insert(:user)
 
@@ -192,6 +204,68 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       result = json_response(conn, 201)
       assert Activity.get_by_ap_id(result["id"])
     end
+
+    test "it rejects an incoming activity with bogus type", %{conn: conn} do
+      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+      user = insert(:user)
+
+      data =
+        data
+        |> Map.put("type", "BadType")
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 400)
+    end
+
+    test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
+      note_activity = insert(:note_activity)
+      user = User.get_cached_by_ap_id(note_activity.data["actor"])
+
+      data = %{
+        type: "Delete",
+        object: %{
+          id: note_activity.data["object"]["id"]
+        }
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      result = json_response(conn, 201)
+      assert Activity.get_by_ap_id(result["id"])
+
+      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      assert object
+      assert object.data["type"] == "Tombstone"
+    end
+
+    test "it rejects delete activity of object from other actor", %{conn: conn} do
+      note_activity = insert(:note_activity)
+      user = insert(:user)
+
+      data = %{
+        type: "Delete",
+        object: %{
+          id: note_activity.data["object"]["id"]
+        }
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 400)
+    end
   end
 
   describe "/users/:nickname/followers" do
diff --git a/test/web/rich_media/controllers/rich_media_controller_test.exs b/test/web/rich_media/controllers/rich_media_controller_test.exs
new file mode 100644
index 000000000..37c82631f
--- /dev/null
+++ b/test/web/rich_media/controllers/rich_media_controller_test.exs
@@ -0,0 +1,54 @@
+defmodule Pleroma.Web.RichMedia.RichMediaControllerTest do
+  use Pleroma.Web.ConnCase
+  import Pleroma.Factory
+
+  setup do
+    Tesla.Mock.mock(fn
+      %{
+        method: :get,
+        url: "http://example.com/ogp"
+      } ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
+
+      %{method: :get, url: "http://example.com/empty"} ->
+        %Tesla.Env{status: 200, body: "hello"}
+    end)
+
+    :ok
+  end
+
+  describe "GET /api/rich_media/parse" do
+    setup do
+      user = insert(:user)
+
+      [user: user]
+    end
+
+    test "returns 404 if not metadata found", %{user: user} do
+      build_conn()
+      |> with_credentials(user.nickname, "test")
+      |> get("/api/rich_media/parse", %{"url" => "http://example.com/empty"})
+      |> json_response(404)
+    end
+
+    test "returns OGP metadata", %{user: user} do
+      response =
+        build_conn()
+        |> with_credentials(user.nickname, "test")
+        |> get("/api/rich_media/parse", %{"url" => "http://example.com/ogp"})
+        |> json_response(200)
+
+      assert response == %{
+               "image" => "http://ia.media-imdb.com/images/rock.jpg",
+               "title" => "The Rock",
+               "type" => "video.movie",
+               "url" => "http://www.imdb.com/title/tt0117500/"
+             }
+    end
+  end
+
+  defp with_credentials(conn, username, password) do
+    header_content = "Basic " <> Base.encode64("#{username}:#{password}")
+    put_req_header(conn, "authorization", header_content)
+  end
+end
diff --git a/test/web/rich_media/parser_test.exs b/test/web/rich_media/parser_test.exs
new file mode 100644
index 000000000..caf81e9fa
--- /dev/null
+++ b/test/web/rich_media/parser_test.exs
@@ -0,0 +1,33 @@
+defmodule Pleroma.Web.RichMedia.ParserTest do
+  use ExUnit.Case, async: true
+
+  setup do
+    Tesla.Mock.mock(fn
+      %{
+        method: :get,
+        url: "http://example.com/ogp"
+      } ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
+
+      %{method: :get, url: "http://example.com/empty"} ->
+        %Tesla.Env{status: 200, body: "hello"}
+    end)
+
+    :ok
+  end
+
+  test "returns error when no metadata present" do
+    assert {:error, _} = Pleroma.Web.RichMedia.Parser.parse("http://example.com/empty")
+  end
+
+  test "parses ogp" do
+    assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp") ==
+             {:ok,
+              %{
+                image: "http://ia.media-imdb.com/images/rock.jpg",
+                title: "The Rock",
+                type: "video.movie",
+                url: "http://www.imdb.com/title/tt0117500/"
+              }}
+  end
+end
diff --git a/test/web/twitter_api/views/activity_view_test.exs b/test/web/twitter_api/views/activity_view_test.exs
index 013245033..05780a54a 100644
--- a/test/web/twitter_api/views/activity_view_test.exs
+++ b/test/web/twitter_api/views/activity_view_test.exs
@@ -41,6 +41,35 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
              "#Bike log - Commute Tuesday\nhttps://pla.bike/posts/20181211/\n#cycling #CHScycling #commute\nMVIMG_20181211_054020.jpg"
   end
 
+  test "a create activity with a summary containing emoji" do
+    {:ok, activity} =
+      CommonAPI.post(insert(:user), %{
+        "spoiler_text" => ":woollysocks: meow",
+        "status" => "."
+      })
+
+    result = ActivityView.render("activity.json", activity: activity)
+
+    expected =
+      "<img height=\"32px\" width=\"32px\" alt=\"woollysocks\" title=\"woollysocks\" src=\"http://localhost:4001/finmoji/128px/woollysocks-128.png\" /> meow"
+
+    assert result["summary"] == expected
+  end
+
+  test "a create activity with a summary containing invalid HTML" do
+    {:ok, activity} =
+      CommonAPI.post(insert(:user), %{
+        "spoiler_text" => "<span style=\"color: magenta; font-size: 32px;\">meow</span>",
+        "status" => "."
+      })
+
+    result = ActivityView.render("activity.json", activity: activity)
+
+    expected = "meow"
+
+    assert result["summary"] == expected
+  end
+
   test "a create activity with a note" do
     user = insert(:user)
     other_user = insert(:user, %{nickname: "shp"})
@@ -73,14 +102,14 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
       "repeat_num" => 0,
       "repeated" => false,
       "statusnet_conversation_id" => convo_id,
+      "summary" => "",
       "statusnet_html" =>
         "Hey <span><a data-user=\"#{other_user.id}\" href=\"#{other_user.ap_id}\">@<span>shp</span></a></span>!",
       "tags" => [],
       "text" => "Hey @shp!",
       "uri" => activity.data["object"]["id"],
       "user" => UserView.render("show.json", %{user: user}),
-      "visibility" => "direct",
-      "summary" => nil
+      "visibility" => "direct"
     }
 
     assert result == expected
diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index 32e9466e1..5f7481eb6 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -90,7 +90,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => false,
       "statusnet_blocking" => false,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
@@ -135,7 +136,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => false,
       "statusnet_blocking" => false,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,
@@ -181,7 +183,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => true,
       "statusnet_blocking" => false,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => follower.ap_id,
       "cover_photo" => banner,
@@ -207,6 +210,13 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
     assert represented["rights"]["delete_others_notice"]
   end
 
+  test "a user that is a admin" do
+    user = insert(:user, %{info: %{is_admin: true}})
+    represented = UserView.render("show.json", %{user: user, for: user})
+
+    assert represented["rights"]["admin"]
+  end
+
   test "A blocked user for the blocker" do
     user = insert(:user)
     blocker = insert(:user)
@@ -234,7 +244,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "follows_you" => false,
       "statusnet_blocking" => true,
       "rights" => %{
-        "delete_others_notice" => false
+        "delete_others_notice" => false,
+        "admin" => false
       },
       "statusnet_profile_url" => user.ap_id,
       "cover_photo" => banner,