From e2ced0491770d6260fe51d5144b81200fd97f268 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 16 Apr 2020 15:21:47 +0200 Subject: ChatMessages: Better validation. --- test/web/activity_pub/object_validator_test.exs | 52 +++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 3c5c3696e..bf0bfdfaf 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -5,9 +5,61 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI + alias Pleroma.Web.ActivityPub.Builder import Pleroma.Factory + describe "chat messages" do + setup do + user = insert(:user) + recipient = insert(:user, local: false) + + {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey") + + %{user: user, recipient: recipient, valid_chat_message: valid_chat_message} + end + + test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do + assert {:ok, _object, _meta} = ObjectValidator.validate(valid_chat_message, []) + end + + test "does not validate if the actor or the recipient is not in our system", %{ + valid_chat_message: valid_chat_message + } do + chat_message = + valid_chat_message + |> Map.put("actor", "https://raymoo.com/raymoo") + + {:error, _} = ObjectValidator.validate(chat_message, []) + + chat_message = + valid_chat_message + |> Map.put("to", ["https://raymoo.com/raymoo"]) + + {:error, _} = ObjectValidator.validate(chat_message, []) + end + + test "does not validate for a message with multiple recipients", %{ + valid_chat_message: valid_chat_message, + user: user, + recipient: recipient + } do + chat_message = + valid_chat_message + |> Map.put("to", [user.ap_id, recipient.ap_id]) + + assert {:error, _} = ObjectValidator.validate(chat_message, []) + end + + test "does not validate if it doesn't concern local users" do + user = insert(:user, local: false) + recipient = insert(:user, local: false) + + {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey") + assert {:error, _} = ObjectValidator.validate(valid_chat_message, []) + end + end + describe "likes" do setup do user = insert(:user) -- cgit v1.2.3 From ce23673ca1539350802326c62d6e72bd040950f6 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 20 Apr 2020 11:45:11 +0200 Subject: ChatMessageValidator: Don't validate messages that are too long. --- test/web/activity_pub/object_validator_test.exs | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index bf0bfdfaf..e416e0808 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -11,6 +11,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do describe "chat messages" do setup do + clear_config([:instance, :remote_limit]) user = insert(:user) recipient = insert(:user, local: false) @@ -23,6 +24,13 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert {:ok, _object, _meta} = ObjectValidator.validate(valid_chat_message, []) end + test "does not validate if the message is longer than the remote_limit", %{ + valid_chat_message: valid_chat_message + } do + Pleroma.Config.put([:instance, :remote_limit], 2) + refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, [])) + end + test "does not validate if the actor or the recipient is not in our system", %{ valid_chat_message: valid_chat_message } do -- cgit v1.2.3 From 970b74383b43aa9a54c3cf59012944355e3eafbc Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 20 Apr 2020 12:29:19 +0200 Subject: Credo fixes. --- test/web/activity_pub/object_validator_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index e416e0808..3ac5ecaf4 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -1,11 +1,11 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do use Pleroma.DataCase + alias Pleroma.Web.ActivityPub.Builder alias Pleroma.Web.ActivityPub.ObjectValidator alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI - alias Pleroma.Web.ActivityPub.Builder import Pleroma.Factory -- cgit v1.2.3 From 7e53da250e3b41e01073148efea0fc4f49dea9d5 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 20 Apr 2020 14:08:54 +0200 Subject: ChatMessage: Support emoji. --- test/web/activity_pub/object_validator_test.exs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 3ac5ecaf4..8230ae0d9 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -15,13 +15,15 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do user = insert(:user) recipient = insert(:user, local: false) - {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey") + {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:") %{user: user, recipient: recipient, valid_chat_message: valid_chat_message} end test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do - assert {:ok, _object, _meta} = ObjectValidator.validate(valid_chat_message, []) + assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) + + assert object == valid_chat_message end test "does not validate if the message is longer than the remote_limit", %{ -- cgit v1.2.3 From 2e62a63749e040b108b8afe2c8839c470f89fa04 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 22 Apr 2020 12:48:52 +0200 Subject: ChatMessageValidator: Validation changes Don't validate if the recipient is blocking the actor. --- test/web/activity_pub/object_validator_test.exs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 8230ae0d9..bc2317e55 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -33,6 +33,15 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, [])) end + test "does not validate if the recipient is blocking the actor", %{ + valid_chat_message: valid_chat_message, + user: user, + recipient: recipient + } do + Pleroma.User.block(recipient, user) + refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, [])) + end + test "does not validate if the actor or the recipient is not in our system", %{ valid_chat_message: valid_chat_message } do -- cgit v1.2.3 From abd09282292f7e902c77b158ae3d86e9bfd5b986 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 28 Apr 2020 16:45:28 +0200 Subject: CreateChatMessageValidator: Validate object existence --- test/web/activity_pub/object_validator_test.exs | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index bc2317e55..baa4b2585 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -1,6 +1,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do use Pleroma.DataCase + alias Pleroma.Object alias Pleroma.Web.ActivityPub.Builder alias Pleroma.Web.ActivityPub.ObjectValidator alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator @@ -9,6 +10,21 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do import Pleroma.Factory + describe "chat message create activities" do + test "it is invalid if the object already exists" do + user = insert(:user) + recipient = insert(:user) + {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey") + object = Object.normalize(activity, false) + + {:ok, create_data, _} = Builder.create(user, object.data["id"], [recipient.ap_id]) + + {:error, cng} = ObjectValidator.validate(create_data, []) + + assert {:object, {"The object to create already exists", []}} in cng.errors + end + end + describe "chat messages" do setup do clear_config([:instance, :remote_limit]) -- cgit v1.2.3 From dedffd100c231aa69d7a7f7cd7126b90a84fc1ec Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 28 Apr 2020 17:29:54 +0200 Subject: Pipeline: Unify, refactor, DRY. --- test/web/activity_pub/object_validator_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index baa4b2585..41f67964a 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -17,7 +17,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey") object = Object.normalize(activity, false) - {:ok, create_data, _} = Builder.create(user, object.data["id"], [recipient.ap_id]) + {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id]) {:error, cng} = ObjectValidator.validate(create_data, []) -- cgit v1.2.3 From 20587aa931262a5479c98f13450311a135c5d356 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 29 Apr 2020 14:53:53 +0200 Subject: Chat message creation: Check actor. --- test/web/activity_pub/object_validator_test.exs | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 41f67964a..475b7bb21 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -23,6 +23,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert {:object, {"The object to create already exists", []}} in cng.errors end + + test "it is invalid if the object data has a different `to` or `actor` field" do + user = insert(:user) + recipient = insert(:user) + {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey") + + {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id]) + + {:error, cng} = ObjectValidator.validate(create_data, []) + + assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors + assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors + end end describe "chat messages" do -- cgit v1.2.3 From 20baa2eaf04425cf0a2eebc84760be6c12ee7f51 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 6 May 2020 16:12:36 +0200 Subject: ChatMessages: Add attachments. --- test/web/activity_pub/object_validator_test.exs | 50 ++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 60db7187f..951ed7800 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -2,14 +2,41 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do use Pleroma.DataCase alias Pleroma.Object + alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Builder alias Pleroma.Web.ActivityPub.ObjectValidator alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI import Pleroma.Factory + describe "attachments" do + test "it turns mastodon attachments into our attachments" do + attachment = %{ + "url" => + "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg", + "type" => "Document", + "name" => nil, + "mediaType" => "image/jpeg" + } + + {:ok, attachment} = + AttachmentValidator.cast_and_validate(attachment) + |> Ecto.Changeset.apply_action(:insert) + + assert [ + %{ + href: + "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg", + type: "Link", + mediaType: "image/jpeg" + } + ] = attachment.url + end + end + describe "chat message create activities" do test "it is invalid if the object already exists" do user = insert(:user) @@ -52,7 +79,28 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) - assert object == valid_chat_message + assert Map.put(valid_chat_message, "attachment", nil) == object + end + + test "validates for a basic object with an attachment", %{ + valid_chat_message: valid_chat_message, + user: user + } do + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id) + + valid_chat_message = + valid_chat_message + |> Map.put("attachment", attachment.data) + + assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) + + assert object["attachment"] end test "does not validate if the message is longer than the remote_limit", %{ -- cgit v1.2.3 From fc9d0b6eec1b206a27f4ec19f7939b3318a209ef Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 6 May 2020 16:31:21 +0200 Subject: Credo fixes. --- test/web/activity_pub/object_validator_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 951ed7800..fcc54c8a1 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -5,8 +5,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Builder alias Pleroma.Web.ActivityPub.ObjectValidator - alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI -- cgit v1.2.3 From 0f0acc740d30c47d093f27875d4decf0693b2845 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 13 May 2020 15:31:28 +0200 Subject: Chat: Allow posting without content if an attachment is present. --- test/web/activity_pub/object_validator_test.exs | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index d9f5a8fac..da33d3dbc 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -103,6 +103,38 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert object["attachment"] end + test "validates for a basic object with an attachment but without content", %{ + valid_chat_message: valid_chat_message, + user: user + } do + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id) + + valid_chat_message = + valid_chat_message + |> Map.put("attachment", attachment.data) + |> Map.delete("content") + + assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) + + assert object["attachment"] + end + + test "does not validate if the message has no content", %{ + valid_chat_message: valid_chat_message + } do + contentless = + valid_chat_message + |> Map.delete("content") + + refute match?({:ok, _object, _meta}, ObjectValidator.validate(contentless, [])) + end + test "does not validate if the message is longer than the remote_limit", %{ valid_chat_message: valid_chat_message } do -- cgit v1.2.3 From be4db41d713f981cc464e5fa7bc7191d3ff776d6 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 18 May 2020 18:45:33 +0200 Subject: ChatMessageValidator: Allow one message in an array, too. --- test/web/activity_pub/object_validator_test.exs | 35 +++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index da33d3dbc..a79e50a29 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -13,6 +13,20 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do import Pleroma.Factory describe "attachments" do + test "works with honkerific attachments" do + attachment = %{ + "mediaType" => "image/jpeg", + "name" => "298p3RG7j27tfsZ9RQ.jpg", + "summary" => "298p3RG7j27tfsZ9RQ.jpg", + "type" => "Document", + "url" => "https://honk.tedunangst.com/d/298p3RG7j27tfsZ9RQ.jpg" + } + + assert {:ok, attachment} = + AttachmentValidator.cast_and_validate(attachment) + |> Ecto.Changeset.apply_action(:insert) + end + test "it turns mastodon attachments into our attachments" do attachment = %{ "url" => @@ -103,6 +117,27 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert object["attachment"] end + test "validates for a basic object with an attachment in an array", %{ + valid_chat_message: valid_chat_message, + user: user + } do + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id) + + valid_chat_message = + valid_chat_message + |> Map.put("attachment", [attachment.data]) + + assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) + + assert object["attachment"] + end + test "validates for a basic object with an attachment but without content", %{ valid_chat_message: valid_chat_message, user: user -- cgit v1.2.3 From d19c7167704308df093f060082639c0a15996af7 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 18 May 2020 20:17:28 +0200 Subject: AttachmentValidator: Handle empty mediatypes --- test/web/activity_pub/object_validator_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index a79e50a29..ed6b84e8e 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -15,8 +15,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do describe "attachments" do test "works with honkerific attachments" do attachment = %{ - "mediaType" => "image/jpeg", - "name" => "298p3RG7j27tfsZ9RQ.jpg", + "mediaType" => "", + "name" => "", "summary" => "298p3RG7j27tfsZ9RQ.jpg", "type" => "Document", "url" => "https://honk.tedunangst.com/d/298p3RG7j27tfsZ9RQ.jpg" -- cgit v1.2.3 From cc0d462e91dd29c834c56b82e02022e1babda369 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 21 May 2020 15:08:56 +0200 Subject: Attachments: Have the mediaType on the root, too. --- test/web/activity_pub/object_validator_test.exs | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index ed6b84e8e..f9990bd2c 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -25,6 +25,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert {:ok, attachment} = AttachmentValidator.cast_and_validate(attachment) |> Ecto.Changeset.apply_action(:insert) + + assert attachment.mediaType == "application/octet-stream" end test "it turns mastodon attachments into our attachments" do @@ -48,6 +50,27 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do mediaType: "image/jpeg" } ] = attachment.url + + assert attachment.mediaType == "image/jpeg" + end + + test "it handles our own uploads" do + user = insert(:user) + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id) + + {:ok, attachment} = + attachment.data + |> AttachmentValidator.cast_and_validate() + |> Ecto.Changeset.apply_action(:insert) + + assert attachment.mediaType == "image/jpeg" end end -- cgit v1.2.3 From 2c9465cc51160546ae054d1a1912fbb8e9add8e8 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 30 May 2020 12:17:18 +0200 Subject: SafeText: Let through basic html. --- test/web/activity_pub/object_validator_test.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 929fdbc9b..31224abe0 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -113,6 +113,20 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do %{user: user, recipient: recipient, valid_chat_message: valid_chat_message} end + test "let's through some basic html", %{user: user, recipient: recipient} do + {:ok, valid_chat_message, _} = + Builder.chat_message( + user, + recipient.ap_id, + "hey example " + ) + + assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) + + assert object["content"] == + "hey example alert('uguu')" + end + test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) -- cgit v1.2.3 From abdb540d450b5e68ea452f78d865d63bca764a49 Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 19 Jun 2020 15:30:30 +0200 Subject: ObjectValidators: Add basic UpdateValidator. --- test/web/activity_pub/object_validator_test.exs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 31224abe0..adb56092d 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -622,4 +622,24 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do assert {:actor, {"can not announce this object publicly", []}} in cng.errors end end + + describe "updates" do + setup do + user = insert(:user) + + object = %{ + "id" => user.ap_id, + "name" => "A new name", + "summary" => "A new bio" + } + + {:ok, valid_update, []} = Builder.update(user, object) + + %{user: user, valid_update: valid_update} + end + + test "validates a basic object", %{valid_update: valid_update} do + assert {:ok, _update, []} = ObjectValidator.validate(valid_update, []) + end + end end -- cgit v1.2.3 From 75670a99e46a09f9bddc0959c680c2cb173e1f3b Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 19 Jun 2020 16:38:57 +0200 Subject: UpdateValidator: Only allow updates from the user themselves. --- test/web/activity_pub/object_validator_test.exs | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'test/web/activity_pub/object_validator_test.exs') diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index adb56092d..770a8dcf8 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -641,5 +641,17 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do test "validates a basic object", %{valid_update: valid_update} do assert {:ok, _update, []} = ObjectValidator.validate(valid_update, []) end + + test "returns an error if the object can't be updated by the actor", %{ + valid_update: valid_update + } do + other_user = insert(:user) + + update = + valid_update + |> Map.put("actor", other_user.ap_id) + + assert {:error, _cng} = ObjectValidator.validate(update, []) + end end end -- cgit v1.2.3