From cb363f018380cceb9531e0ddd12a979b8accc0b2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 29 Apr 2020 17:38:14 +0200 Subject: MastodonAPI: /api/v2/media endpoints --- .../controllers/media_controller_test.exs | 62 ++++++++++++++++++++-- 1 file changed, 57 insertions(+), 5 deletions(-) (limited to 'test/web/mastodon_api/controllers/media_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs index 6ac4cf63b..d872ff484 100644 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/web/mastodon_api/controllers/media_controller_test.exs @@ -11,7 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do setup do: oauth_access(["write:media"]) - describe "media upload" do + describe "Upload media" do setup do image = %Plug.Upload{ content_type: "image/jpg", @@ -25,7 +25,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do setup do: clear_config([:media_proxy]) setup do: clear_config([Pleroma.Upload]) - test "returns uploaded image", %{conn: conn, image: image} do + test "/api/v1/media", %{conn: conn, image: image} do desc = "Description of the image" media = @@ -40,9 +40,31 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do object = Object.get_by_id(media["id"]) assert object.data["actor"] == User.ap_id(conn.assigns[:user]) end + + test "/api/v2/media", %{conn: conn, image: image} do + desc = "Description of the image" + + response = + conn + |> post("/api/v2/media", %{"file" => image, "description" => desc}) + |> json_response(202) + + assert media_id = response["id"] + + media = + conn + |> get("/api/v1/media/#{media_id}") + |> json_response(200) + + assert media["type"] == "image" + assert media["description"] == desc + assert media["id"] + object = Object.get_by_id(media["id"]) + assert object.data["actor"] == User.ap_id(conn.assigns[:user]) + end end - describe "PUT /api/v1/media/:id" do + describe "Update media description" do setup %{user: actor} do file = %Plug.Upload{ content_type: "image/jpg", @@ -60,7 +82,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do [object: object] end - test "updates name of media", %{conn: conn, object: object} do + test "/api/v1/media/:id good request", %{conn: conn, object: object} do media = conn |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"}) @@ -70,7 +92,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert refresh_record(object).data["name"] == "test-media" end - test "returns error when request is bad", %{conn: conn, object: object} do + test "/api/v1/media/:id bad request", %{conn: conn, object: object} do media = conn |> put("/api/v1/media/#{object.id}", %{}) @@ -79,4 +101,34 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media == %{"error" => "bad_request"} end end + + describe "Get media by id" do + setup %{user: actor} do + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, %Object{} = object} = + ActivityPub.upload( + file, + actor: User.ap_id(actor), + description: "test-media" + ) + + [object: object] + end + + test "/api/v1/media/:id", %{conn: conn, object: object} do + media = + conn + |> get("/api/v1/media/#{object.id}") + |> json_response(:ok) + + assert media["description"] == "test-media" + assert media["type"] == "image" + assert media["id"] + end + end end -- cgit v1.2.3 From 0f885b4b86ad7ba738ef0dd0de7f7d0496b7e43d Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 14 May 2020 16:18:30 +0400 Subject: Fix OpenAPI spec --- .../mastodon_api/controllers/media_controller_test.exs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'test/web/mastodon_api/controllers/media_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs index d872ff484..715747818 100644 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/web/mastodon_api/controllers/media_controller_test.exs @@ -30,8 +30,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do media = conn + |> put_req_header("content-type", "multipart/form-data") |> post("/api/v1/media", %{"file" => image, "description" => desc}) - |> json_response(:ok) + |> json_response_and_validate_schema(:ok) assert media["type"] == "image" assert media["description"] == desc @@ -46,15 +47,16 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do response = conn + |> put_req_header("content-type", "multipart/form-data") |> post("/api/v2/media", %{"file" => image, "description" => desc}) - |> json_response(202) + |> json_response_and_validate_schema(202) assert media_id = response["id"] media = conn |> get("/api/v1/media/#{media_id}") - |> json_response(200) + |> json_response_and_validate_schema(200) assert media["type"] == "image" assert media["description"] == desc @@ -85,8 +87,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do test "/api/v1/media/:id good request", %{conn: conn, object: object} do media = conn + |> put_req_header("content-type", "multipart/form-data") |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"}) - |> json_response(:ok) + |> json_response_and_validate_schema(:ok) assert media["description"] == "test-media" assert refresh_record(object).data["name"] == "test-media" @@ -95,8 +98,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do test "/api/v1/media/:id bad request", %{conn: conn, object: object} do media = conn + |> put_req_header("content-type", "multipart/form-data") |> put("/api/v1/media/#{object.id}", %{}) - |> json_response(400) + |> json_response_and_validate_schema(400) assert media == %{"error" => "bad_request"} end @@ -124,7 +128,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do media = conn |> get("/api/v1/media/#{object.id}") - |> json_response(:ok) + |> json_response_and_validate_schema(:ok) assert media["description"] == "test-media" assert media["type"] == "image" -- cgit v1.2.3 From bb03dfdb03714027640087ad1bd6475a8bb1c2c3 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 14 May 2020 16:29:32 +0400 Subject: Do not require `description` in `update` action --- test/web/mastodon_api/controllers/media_controller_test.exs | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'test/web/mastodon_api/controllers/media_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs index 715747818..7ba1727f2 100644 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/web/mastodon_api/controllers/media_controller_test.exs @@ -94,16 +94,6 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media["description"] == "test-media" assert refresh_record(object).data["name"] == "test-media" end - - test "/api/v1/media/:id bad request", %{conn: conn, object: object} do - media = - conn - |> put_req_header("content-type", "multipart/form-data") - |> put("/api/v1/media/#{object.id}", %{}) - |> json_response_and_validate_schema(400) - - assert media == %{"error" => "bad_request"} - end end describe "Get media by id" do -- cgit v1.2.3 From af9dfdce6b502d3a33db7a496879dda56719f56e Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sun, 17 May 2020 08:46:43 +0300 Subject: MediaController OAuth scope assignments fix. Typo fix (`def get_media` instead of `def show`). --- .../web/mastodon_api/controllers/media_controller_test.exs | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'test/web/mastodon_api/controllers/media_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs index 7ba1727f2..98ec239b1 100644 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/web/mastodon_api/controllers/media_controller_test.exs @@ -9,9 +9,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub - setup do: oauth_access(["write:media"]) - describe "Upload media" do + setup do: oauth_access(["write:media"]) + setup do image = %Plug.Upload{ content_type: "image/jpg", @@ -42,7 +42,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert object.data["actor"] == User.ap_id(conn.assigns[:user]) end - test "/api/v2/media", %{conn: conn, image: image} do + test "/api/v2/media", %{conn: conn, user: user, image: image} do desc = "Description of the image" response = @@ -53,6 +53,8 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media_id = response["id"] + %{conn: conn} = oauth_access(["read:media"], user: user) + media = conn |> get("/api/v1/media/#{media_id}") @@ -62,11 +64,15 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media["description"] == desc assert media["id"] object = Object.get_by_id(media["id"]) + + # TODO: clarify: if this EP allows access to non-owned objects, the following may be false: assert object.data["actor"] == User.ap_id(conn.assigns[:user]) end end describe "Update media description" do + setup do: oauth_access(["write:media"]) + setup %{user: actor} do file = %Plug.Upload{ content_type: "image/jpg", @@ -97,6 +103,8 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do end describe "Get media by id" do + setup do: oauth_access(["read:media"]) + setup %{user: actor} do file = %Plug.Upload{ content_type: "image/jpg", -- cgit v1.2.3 From 9b765652649f8b6110bd70aa90b148a90057ff6a Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Mon, 18 May 2020 09:51:53 +0300 Subject: MediaController: enforced owner-only access in :show action. Improved error response on denied access (now 403). Adjusted tests. --- .../controllers/media_controller_test.exs | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'test/web/mastodon_api/controllers/media_controller_test.exs') diff --git a/test/web/mastodon_api/controllers/media_controller_test.exs b/test/web/mastodon_api/controllers/media_controller_test.exs index 98ec239b1..906fd940f 100644 --- a/test/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/web/mastodon_api/controllers/media_controller_test.exs @@ -63,10 +63,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media["type"] == "image" assert media["description"] == desc assert media["id"] - object = Object.get_by_id(media["id"]) - # TODO: clarify: if this EP allows access to non-owned objects, the following may be false: - assert object.data["actor"] == User.ap_id(conn.assigns[:user]) + object = Object.get_by_id(media["id"]) + assert object.data["actor"] == user.ap_id end end @@ -102,7 +101,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do end end - describe "Get media by id" do + describe "Get media by id (/api/v1/media/:id)" do setup do: oauth_access(["read:media"]) setup %{user: actor} do @@ -122,7 +121,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do [object: object] end - test "/api/v1/media/:id", %{conn: conn, object: object} do + test "it returns media object when requested by owner", %{conn: conn, object: object} do media = conn |> get("/api/v1/media/#{object.id}") @@ -132,5 +131,16 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert media["type"] == "image" assert media["id"] end + + test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do + %{conn: conn, user: other_user} = oauth_access(["read:media"]) + + assert object.data["actor"] == user.ap_id + refute user.id == other_user.id + + conn + |> get("/api/v1/media/#{object.id}") + |> json_response(403) + end end end -- cgit v1.2.3