From 7cf708307644dad42412761c42c75da15dab7cc9 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 25 Feb 2020 16:21:48 +0300 Subject: relay list shows hosts without accepted follow --- .../activity_pub/activity_pub_controller_test.exs | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'test/web') diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 9151034da..b2352538a 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -341,6 +341,44 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert "ok" == json_response(conn, 200) assert Instances.reachable?(sender_url) end + + test "accept follow activity", %{conn: conn} do + Pleroma.Config.put([:instance, :federating], true) + relay = Relay.get_actor() + + assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor") + + followed_relay = Pleroma.User.get_by_ap_id("https://relay.mastodon.host/actor") + relay = refresh_record(relay) + + accept = + File.read!("test/fixtures/relay/accept-follow.json") + |> String.replace("{{ap_id}}", relay.ap_id) + |> String.replace("{{activity_id}}", activity.data["id"]) + + assert "ok" == + conn + |> assign(:valid_signature, true) + |> put_req_header("content-type", "application/activity+json") + |> post("/inbox", accept) + |> json_response(200) + + ObanHelpers.perform(all_enqueued(worker: ReceiverWorker)) + + assert Pleroma.FollowingRelationship.following?( + relay, + followed_relay + ) + + Mix.shell(Mix.Shell.Process) + + on_exit(fn -> + Mix.shell(Mix.Shell.IO) + end) + + :ok = Mix.Tasks.Pleroma.Relay.run(["list"]) + assert_receive {:mix_shell, :info, ["relay.mastodon.host"]} + end end describe "/users/:nickname/inbox" do -- cgit v1.2.3 From f8dc597c51ef294311687e5f3ff468635779638f Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 10 Mar 2020 13:08:00 -0500 Subject: Fix enforcement of character limits --- test/web/common_api/common_api_test.exs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'test/web') diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 299d968db..b80523160 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -202,13 +202,15 @@ defmodule Pleroma.Web.CommonAPITest do CommonAPI.post(user, %{"status" => ""}) end - test "it returns error when character limit is exceeded" do + test "it validates character limits are correctly enforced" do Pleroma.Config.put([:instance, :limit], 5) user = insert(:user) assert {:error, "The status is over the character limit"} = CommonAPI.post(user, %{"status" => "foobar"}) + + assert {:ok, activity} = CommonAPI.post(user, %{"status" => "12345"}) end test "it can handle activities that expire" do -- cgit v1.2.3 From e7837bc14e3fd539837802bca0c2ed05e2178ea5 Mon Sep 17 00:00:00 2001 From: feld Date: Wed, 11 Mar 2020 16:53:05 +0000 Subject: Merge branch 'fix/signup-without-email' into 'develop' Allow account registration without an email See merge request pleroma/pleroma!2246 --- .../controllers/account_controller_test.exs | 52 +++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) (limited to 'test/web') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 57d0f4416..7f7d8cea3 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -601,6 +601,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do [valid_params: valid_params] end + clear_config([:instance, :account_activation_required]) + test "Account registration via Application", %{conn: conn} do conn = post(conn, "/api/v1/apps", %{ @@ -685,7 +687,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert json_response(res, 200) [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}] - |> Stream.zip(valid_params) + |> Stream.zip(Map.delete(valid_params, :email)) |> Enum.each(fn {ip, {attr, _}} -> res = conn @@ -697,6 +699,54 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end) end + clear_config([:instance, :account_activation_required]) + + test "returns bad_request if missing email params when :account_activation_required is enabled", + %{conn: conn, valid_params: valid_params} do + Pleroma.Config.put([:instance, :account_activation_required], true) + + app_token = insert(:oauth_token, user: nil) + conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token) + + res = + conn + |> Map.put(:remote_ip, {127, 0, 0, 5}) + |> post("/api/v1/accounts", Map.delete(valid_params, :email)) + + assert json_response(res, 400) == %{"error" => "Missing parameters"} + + res = + conn + |> Map.put(:remote_ip, {127, 0, 0, 6}) + |> post("/api/v1/accounts", Map.put(valid_params, :email, "")) + + assert json_response(res, 400) == %{"error" => "{\"email\":[\"can't be blank\"]}"} + end + + test "allow registration without an email", %{conn: conn, valid_params: valid_params} do + app_token = insert(:oauth_token, user: nil) + conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token) + + res = + conn + |> Map.put(:remote_ip, {127, 0, 0, 7}) + |> post("/api/v1/accounts", Map.delete(valid_params, :email)) + + assert json_response(res, 200) + end + + test "allow registration with an empty email", %{conn: conn, valid_params: valid_params} do + app_token = insert(:oauth_token, user: nil) + conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token) + + res = + conn + |> Map.put(:remote_ip, {127, 0, 0, 8}) + |> post("/api/v1/accounts", Map.put(valid_params, :email, "")) + + assert json_response(res, 200) + end + test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token") -- cgit v1.2.3 From 5f9fbd7d336d2ffed6cd8f2640d9399f78ed7c2f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 13 Feb 2020 03:39:47 +0100 Subject: Formatting: Do not use \n and prefer
instead It moves bbcode to bbcode_pleroma as the former is owned by kaniini and transfering ownership wasn't done in a timely manner. Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374 Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375 --- test/web/common_api/common_api_utils_test.exs | 28 +++++++++++++-------------- 1 file changed, 13 insertions(+), 15 deletions(-) (limited to 'test/web') diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index b380d10d8..45fc94522 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -89,8 +89,8 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do assert output == expected - text = "

hello world!

\n\n

second paragraph

" - expected = "

hello world!

\n\n

second paragraph

" + text = "

hello world!


\n

second paragraph

" + expected = "

hello world!


\n

second paragraph

" {output, [], []} = Utils.format_input(text, "text/html") @@ -99,14 +99,14 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do test "works for bare text/markdown" do text = "**hello world**" - expected = "

hello world

\n" + expected = "

hello world

" {output, [], []} = Utils.format_input(text, "text/markdown") assert output == expected text = "**hello world**\n\n*another paragraph*" - expected = "

hello world

\n

another paragraph

\n" + expected = "

hello world

another paragraph

" {output, [], []} = Utils.format_input(text, "text/markdown") @@ -118,7 +118,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do by someone """ - expected = "

cool quote

\n
\n

by someone

\n" + expected = "

cool quote

by someone

" {output, [], []} = Utils.format_input(text, "text/markdown") @@ -134,7 +134,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do assert output == expected text = "[b]hello world![/b]\n\nsecond paragraph!" - expected = "hello world!
\n
\nsecond paragraph!" + expected = "hello world!

second paragraph!" {output, [], []} = Utils.format_input(text, "text/bbcode") @@ -143,7 +143,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do text = "[b]hello world![/b]\n\nsecond paragraph!" expected = - "hello world!
\n
\n<strong>second paragraph!</strong>" + "hello world!

<strong>second paragraph!</strong>" {output, [], []} = Utils.format_input(text, "text/bbcode") @@ -156,16 +156,14 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do text = "**hello world**\n\n*another @user__test and @user__test google.com paragraph*" - expected = - ~s(

hello world

\n

another @user__test and @user__test google.com paragraph

\n) - {output, _, _} = Utils.format_input(text, "text/markdown") - assert output == expected + assert output == + ~s(

hello world

another @user__test and @user__test google.com paragraph

) end end -- cgit v1.2.3 From fcf51a77baa4661d4b20d55b87577d5de0a8c422 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 15 Mar 2020 19:53:52 +0000 Subject: Merge branch 'features/staticfe-sanitization' into 'develop' static_fe: Sanitize HTML Closes #1614 See merge request pleroma/pleroma!2299 --- test/web/static_fe/static_fe_controller_test.exs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'test/web') diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs index 2ce8f9fa3..a3be90888 100644 --- a/test/web/static_fe/static_fe_controller_test.exs +++ b/test/web/static_fe/static_fe_controller_test.exs @@ -110,8 +110,20 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do assert html =~ "testing a thing!" end - test "shows the whole thread", %{conn: conn} do + test "filters HTML tags", %{conn: conn} do user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => ""}) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") + + html = html_response(conn, 200) + assert html =~ ~s[<script>alert('xss')</script>] + end + + test "shows the whole thread", %{conn: conn, user: user} do {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"}) CommonAPI.post(user, %{ -- cgit v1.2.3 From 9d0975529182a1f9002ed8ccd7aa94d058ef83f7 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 14 Mar 2020 15:39:58 +0300 Subject: rip out fetch_initial_posts Every time someone tries to use it, it goes mad and tries to scrape the entire fediverse for no visible reason, it's better to just remove it than continue shipping it in it's current state. idea acked by lain and feld on irc Closes #1595 #1422 --- test/web/activity_pub/utils_test.exs | 65 ------------------------------------ 1 file changed, 65 deletions(-) (limited to 'test/web') diff --git a/test/web/activity_pub/utils_test.exs b/test/web/activity_pub/utils_test.exs index e5ab54dd4..e913a5148 100644 --- a/test/web/activity_pub/utils_test.exs +++ b/test/web/activity_pub/utils_test.exs @@ -177,71 +177,6 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do end end - describe "fetch_ordered_collection" do - import Tesla.Mock - - test "fetches the first OrderedCollectionPage when an OrderedCollection is encountered" do - mock(fn - %{method: :get, url: "http://mastodon.com/outbox"} -> - json(%{"type" => "OrderedCollection", "first" => "http://mastodon.com/outbox?page=true"}) - - %{method: :get, url: "http://mastodon.com/outbox?page=true"} -> - json(%{"type" => "OrderedCollectionPage", "orderedItems" => ["ok"]}) - end) - - assert Utils.fetch_ordered_collection("http://mastodon.com/outbox", 1) == ["ok"] - end - - test "fetches several pages in the right order one after another, but only the specified amount" do - mock(fn - %{method: :get, url: "http://example.com/outbox"} -> - json(%{ - "type" => "OrderedCollectionPage", - "orderedItems" => [0], - "next" => "http://example.com/outbox?page=1" - }) - - %{method: :get, url: "http://example.com/outbox?page=1"} -> - json(%{ - "type" => "OrderedCollectionPage", - "orderedItems" => [1], - "next" => "http://example.com/outbox?page=2" - }) - - %{method: :get, url: "http://example.com/outbox?page=2"} -> - json(%{"type" => "OrderedCollectionPage", "orderedItems" => [2]}) - end) - - assert Utils.fetch_ordered_collection("http://example.com/outbox", 0) == [0] - assert Utils.fetch_ordered_collection("http://example.com/outbox", 1) == [0, 1] - end - - test "returns an error if the url doesn't have an OrderedCollection/Page" do - mock(fn - %{method: :get, url: "http://example.com/not-an-outbox"} -> - json(%{"type" => "NotAnOutbox"}) - end) - - assert {:error, _} = Utils.fetch_ordered_collection("http://example.com/not-an-outbox", 1) - end - - test "returns the what was collected if there are less pages than specified" do - mock(fn - %{method: :get, url: "http://example.com/outbox"} -> - json(%{ - "type" => "OrderedCollectionPage", - "orderedItems" => [0], - "next" => "http://example.com/outbox?page=1" - }) - - %{method: :get, url: "http://example.com/outbox?page=1"} -> - json(%{"type" => "OrderedCollectionPage", "orderedItems" => [1]}) - end) - - assert Utils.fetch_ordered_collection("http://example.com/outbox", 5) == [0, 1] - end - end - test "make_json_ld_header/0" do assert Utils.make_json_ld_header() == %{ "@context" => [ -- cgit v1.2.3 From c46d035f7bc79f451c8b2356f3b809c29684cfe4 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 13 Mar 2020 21:15:42 +0300 Subject: rate limiter: disable based on if remote ip was found, not on if the plug was enabled The current rate limiter disable logic won't trigger when the remote ip is not forwarded, only when the remoteip plug is not enabled, which is not the case on most instances since it's enabled by default. This changes the behavior to warn and disable when the remote ip was not forwarded, even if the RemoteIP plug is enabled. Also closes #1620 --- test/web/mastodon_api/controllers/account_controller_test.exs | 4 ---- 1 file changed, 4 deletions(-) (limited to 'test/web') diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 7f7d8cea3..7efccd9c4 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -756,10 +756,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end describe "create account by app / rate limit" do - clear_config([Pleroma.Plugs.RemoteIp, :enabled]) do - Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true) - end - clear_config([:rate_limit, :app_account_creation]) do Pleroma.Config.put([:rate_limit, :app_account_creation], {10_000, 2}) end -- cgit v1.2.3 From e25197788f05071a95daed5a6959c1b46aa69098 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 16 Mar 2020 00:17:28 +0300 Subject: static-fe tests: fix to work on stable --- test/web/static_fe/static_fe_controller_test.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test/web') diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs index a3be90888..2c999295a 100644 --- a/test/web/static_fe/static_fe_controller_test.exs +++ b/test/web/static_fe/static_fe_controller_test.exs @@ -123,7 +123,8 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do assert html =~ ~s[<script>alert('xss')</script>] end - test "shows the whole thread", %{conn: conn, user: user} do + test "shows the whole thread", %{conn: conn} do + user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"}) CommonAPI.post(user, %{ -- cgit v1.2.3