From d474995efa83e03f8aeaf57c1437aaa483960f7a Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 14 May 2019 20:12:47 +0700 Subject: Add Tests --- test/list_test.exs | 29 +++++++++++++++++++++++++++ test/web/activity_pub/activity_pub_test.exs | 14 +++++++++++++ test/web/activity_pub/transmogrifier_test.exs | 12 +++++++++++ test/web/common_api/common_api_test.exs | 13 ++++++++++++ 4 files changed, 68 insertions(+) (limited to 'test') diff --git a/test/list_test.exs b/test/list_test.exs index 1909c0cd9..0e72b6660 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -113,4 +113,33 @@ defmodule Pleroma.ListTest do assert owned_list in lists_2 refute not_owned_list in lists_2 end + + test "get ap_id by user nickname and list id" do + nickname = "foo" + list_id = 42 + + expected = Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" + + assert Pleroma.List.ap_id(%Pleroma.User{nickname: nickname}, list_id) == expected + assert Pleroma.List.ap_id({nickname, list_id}) == expected + end + + test "get by ap_id" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + ap_id = Pleroma.List.ap_id(user, list.id) + + assert Pleroma.List.get_by_ap_id(ap_id) == list + end + + test "memberships" do + user = insert(:user) + member = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + assert Pleroma.List.memberships(member) == [list_ap_id] + end end diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 0f90aa1ac..e38de388b 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1156,6 +1156,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do end end + test "fetch_activities/2 returns activities addressed to a list " do + user = insert(:user) + member = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + activity = Repo.preload(activity, :bookmark) + + assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity] + end + def data_uri do File.read!("test/fixtures/avatar_data_uri") end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index c24b50f8c..e93189df6 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -1028,6 +1028,18 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert modified["directMessage"] == true end + + test "it strips BCC field" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) + + assert is_nil(modified["bcc"]) + end end describe "user upgrade" do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index a5b07c446..11f3c8357 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -87,6 +87,19 @@ defmodule Pleroma.Web.CommonAPITest do assert object.data["content"] == "

2hu

alert('xss')" end + + test "it allows to address a list" do + user = insert(:user) + {:ok, list} = Pleroma.List.create("foo", user) + + list_ap_id = Pleroma.List.ap_id(user, list.id) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + assert activity.data["bcc"] == [list_ap_id] + assert activity.recipients == [list_ap_id, user.ap_id] + end end describe "reactions" do -- cgit v1.2.3 From f2936e0a0723956c167a06dc51518da172a508b2 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 17 May 2019 19:56:37 +0700 Subject: Add `ap_id` to List --- test/list_test.exs | 18 ++---------------- test/web/common_api/common_api_test.exs | 6 ++---- 2 files changed, 4 insertions(+), 20 deletions(-) (limited to 'test') diff --git a/test/list_test.exs b/test/list_test.exs index 0e72b6660..6c5c6b197 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -114,22 +114,10 @@ defmodule Pleroma.ListTest do refute not_owned_list in lists_2 end - test "get ap_id by user nickname and list id" do - nickname = "foo" - list_id = 42 - - expected = Pleroma.Web.Endpoint.url() <> "/users/#{nickname}/lists/#{list_id}" - - assert Pleroma.List.ap_id(%Pleroma.User{nickname: nickname}, list_id) == expected - assert Pleroma.List.ap_id({nickname, list_id}) == expected - end - test "get by ap_id" do user = insert(:user) {:ok, list} = Pleroma.List.create("foo", user) - ap_id = Pleroma.List.ap_id(user, list.id) - - assert Pleroma.List.get_by_ap_id(ap_id) == list + assert Pleroma.List.get_by_ap_id(list.ap_id) == list end test "memberships" do @@ -138,8 +126,6 @@ defmodule Pleroma.ListTest do {:ok, list} = Pleroma.List.create("foo", user) {:ok, list} = Pleroma.List.follow(list, member) - list_ap_id = Pleroma.List.ap_id(user, list.id) - - assert Pleroma.List.memberships(member) == [list_ap_id] + assert Pleroma.List.memberships(member) == [list.ap_id] end end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 23e89d685..84744e5af 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -114,13 +114,11 @@ defmodule Pleroma.Web.CommonAPITest do user = insert(:user) {:ok, list} = Pleroma.List.create("foo", user) - list_ap_id = Pleroma.List.ap_id(user, list.id) - {:ok, activity} = CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) - assert activity.data["bcc"] == [list_ap_id] - assert activity.recipients == [list_ap_id, user.ap_id] + assert activity.data["bcc"] == [list.ap_id] + assert activity.recipients == [list.ap_id, user.ap_id] end end -- cgit v1.2.3 From a7affbdd6d46caddea05ee6b34e0b2a24a62e721 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Fri, 24 May 2019 21:41:11 +0700 Subject: Fix tests --- test/web/activity_pub/activity_pub_test.exs | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 5d0d5a40e..23b11d015 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1193,6 +1193,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) activity = Repo.preload(activity, :bookmark) + activity = %Activity{activity | thread_muted?: !!activity.thread_muted?} assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity] end -- cgit v1.2.3 From 958fb9aa8082eabf63b106007b3bef09847cafc6 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 16:36:08 +0700 Subject: Add "listMessage" --- test/web/common_api/common_api_test.exs | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 694b52356..932c6877d 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -139,6 +139,7 @@ defmodule Pleroma.Web.CommonAPITest do assert activity.data["bcc"] == [list.ap_id] assert activity.recipients == [list.ap_id, user.ap_id] + assert activity.data["listMessage"] == list.ap_id end end -- cgit v1.2.3 From 9e06873d58e031a0f90c6a4d436a6abb5f1ebbae Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 11 Jul 2019 19:29:24 +0700 Subject: Add `list` to Visibility --- test/list_test.exs | 11 +++++ test/web/activity_pub/visibilty_test.exs | 72 ++++++++++++++++++++++++++++---- 2 files changed, 76 insertions(+), 7 deletions(-) (limited to 'test') diff --git a/test/list_test.exs b/test/list_test.exs index 6c5c6b197..f39033d02 100644 --- a/test/list_test.exs +++ b/test/list_test.exs @@ -128,4 +128,15 @@ defmodule Pleroma.ListTest do assert Pleroma.List.memberships(member) == [list.ap_id] end + + test "member?" do + user = insert(:user) + member = insert(:user) + + {:ok, list} = Pleroma.List.create("foo", user) + {:ok, list} = Pleroma.List.follow(list, member) + + assert Pleroma.List.member?(list, member) + refute Pleroma.List.member?(list, user) + end end diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs index 4d5c07da4..2ce6928c4 100644 --- a/test/web/activity_pub/visibilty_test.exs +++ b/test/web/activity_pub/visibilty_test.exs @@ -16,6 +16,9 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do following = insert(:user) unrelated = insert(:user) {:ok, following} = Pleroma.User.follow(following, user) + {:ok, list} = Pleroma.List.create("foo", user) + + Pleroma.List.follow(list, unrelated) {:ok, public} = CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "public"}) @@ -29,6 +32,12 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do {:ok, unlisted} = CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "unlisted"}) + {:ok, list} = + CommonAPI.post(user, %{ + "status" => "@#{mentioned.nickname}", + "visibility" => "list:#{list.id}" + }) + %{ public: public, private: private, @@ -37,29 +46,65 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do user: user, mentioned: mentioned, following: following, - unrelated: unrelated + unrelated: unrelated, + list: list } end - test "is_direct?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_direct?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do assert Visibility.is_direct?(direct) refute Visibility.is_direct?(public) refute Visibility.is_direct?(private) refute Visibility.is_direct?(unlisted) + assert Visibility.is_direct?(list) end - test "is_public?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_public?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do refute Visibility.is_public?(direct) assert Visibility.is_public?(public) refute Visibility.is_public?(private) assert Visibility.is_public?(unlisted) + refute Visibility.is_public?(list) end - test "is_private?", %{public: public, private: private, direct: direct, unlisted: unlisted} do + test "is_private?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do refute Visibility.is_private?(direct) refute Visibility.is_private?(public) assert Visibility.is_private?(private) refute Visibility.is_private?(unlisted) + refute Visibility.is_private?(list) + end + + test "is_list?", %{ + public: public, + private: private, + direct: direct, + unlisted: unlisted, + list: list + } do + refute Visibility.is_list?(direct) + refute Visibility.is_list?(public) + refute Visibility.is_list?(private) + refute Visibility.is_list?(unlisted) + assert Visibility.is_list?(list) end test "visible_for_user?", %{ @@ -70,7 +115,8 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do user: user, mentioned: mentioned, following: following, - unrelated: unrelated + unrelated: unrelated, + list: list } do # All visible to author @@ -78,13 +124,15 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do assert Visibility.visible_for_user?(private, user) assert Visibility.visible_for_user?(unlisted, user) assert Visibility.visible_for_user?(direct, user) + assert Visibility.visible_for_user?(list, user) - # All visible to a mentioned user + # All visible to a mentioned user, except when it's a list activity assert Visibility.visible_for_user?(public, mentioned) assert Visibility.visible_for_user?(private, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(direct, mentioned) + refute(Visibility.visible_for_user?(list, mentioned)) # DM not visible for just follower @@ -92,6 +140,7 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do assert Visibility.visible_for_user?(private, following) assert Visibility.visible_for_user?(unlisted, following) refute Visibility.visible_for_user?(direct, following) + refute Visibility.visible_for_user?(list, following) # Public and unlisted visible for unrelated user @@ -99,6 +148,9 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do assert Visibility.visible_for_user?(unlisted, unrelated) refute Visibility.visible_for_user?(private, unrelated) refute Visibility.visible_for_user?(direct, unrelated) + + # Visible for a list member + assert Visibility.visible_for_user?(list, unrelated) end test "doesn't die when the user doesn't exist", @@ -115,18 +167,24 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do public: public, private: private, direct: direct, - unlisted: unlisted + unlisted: unlisted, + list: list } do assert Visibility.get_visibility(public) == "public" assert Visibility.get_visibility(private) == "private" assert Visibility.get_visibility(direct) == "direct" assert Visibility.get_visibility(unlisted) == "unlisted" + assert Visibility.get_visibility(list) == "list" end test "get_visibility with directMessage flag" do assert Visibility.get_visibility(%{data: %{"directMessage" => true}}) == "direct" end + test "get_visibility with listMessage flag" do + assert Visibility.get_visibility(%{data: %{"listMessage" => ""}}) == "list" + end + describe "entire_thread_visible_for_user?/2" do test "returns false if not found activity", %{user: user} do refute Visibility.entire_thread_visible_for_user?(%Activity{}, user) -- cgit v1.2.3 From 27ed260eed51798a20608b1c062d32bfc7b6cdc4 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 12 Jul 2019 18:36:07 +0300 Subject: AP user view: Add a test for hiding totalItems in following/followers --- test/web/activity_pub/views/user_view_test.exs | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'test') diff --git a/test/web/activity_pub/views/user_view_test.exs b/test/web/activity_pub/views/user_view_test.exs index 969860c4c..86254117f 100644 --- a/test/web/activity_pub/views/user_view_test.exs +++ b/test/web/activity_pub/views/user_view_test.exs @@ -8,6 +8,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do alias Pleroma.User alias Pleroma.Web.ActivityPub.UserView + alias Pleroma.Web.CommonAPI test "Renders a user, including the public key" do user = insert(:user) @@ -82,4 +83,28 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do refute result["endpoints"]["oauthTokenEndpoint"] end end + + describe "followers" do + test "sets totalItems to zero when followers are hidden" do + user = insert(:user) + other_user = insert(:user) + {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user) + assert %{"totalItems" => 1} = UserView.render("followers.json", %{user: user}) + info = Map.put(user.info, :hide_followers, true) + user = Map.put(user, :info, info) + assert %{"totalItems" => 0} = UserView.render("followers.json", %{user: user}) + end + end + + describe "following" do + test "sets totalItems to zero when follows are hidden" do + user = insert(:user) + other_user = insert(:user) + {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user) + assert %{"totalItems" => 1} = UserView.render("following.json", %{user: user}) + info = Map.put(user.info, :hide_follows, true) + user = Map.put(user, :info, info) + assert %{"totalItems" => 0} = UserView.render("following.json", %{user: user}) + end + end end -- cgit v1.2.3 From 360e4cdaa2708d54903765c61afbc5ea5f1b2cdb Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Jul 2019 11:25:58 -0500 Subject: Move these to pleroma namespace in Mastodon API --- test/web/mastodon_api/mastodon_api_controller_test.exs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 8afb1497b..b7c050dbf 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -593,7 +593,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do conn = conn |> assign(:user, user) - |> patch("/api/v1/accounts/update_avatar", %{img: avatar_image}) + |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image}) user = refresh_record(user) @@ -618,7 +618,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do conn = conn |> assign(:user, user) - |> patch("/api/v1/accounts/update_avatar", %{img: ""}) + |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: ""}) user = User.get_cached_by_id(user.id) @@ -633,7 +633,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do conn = conn |> assign(:user, user) - |> patch("/api/v1/accounts/update_banner", %{"banner" => @image}) + |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => @image}) user = refresh_record(user) assert user.info.banner["type"] == "Image" @@ -647,7 +647,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do conn = conn |> assign(:user, user) - |> patch("/api/v1/accounts/update_banner", %{"banner" => ""}) + |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => ""}) user = refresh_record(user) assert user.info.banner == %{} @@ -661,7 +661,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do conn = conn |> assign(:user, user) - |> patch("/api/v1/accounts/update_background", %{"img" => @image}) + |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => @image}) user = refresh_record(user) assert user.info.background["type"] == "Image" @@ -674,7 +674,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do conn = conn |> assign(:user, user) - |> patch("/api/v1/accounts/update_background", %{"img" => ""}) + |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => ""}) user = refresh_record(user) assert user.info.background == %{} -- cgit v1.2.3 From 1f6ac7680d1ae07be7c7dfd81a8cec2ba52f1c82 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 12 Jul 2019 19:41:05 +0300 Subject: ActivityPub User view: Following/Followers refactoring - Render the collection items if the user requesting == the user rendered - Do not render the first page if hide_{followers,follows} is set, just give the URI to it --- test/web/activity_pub/activity_pub_controller_test.exs | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 1f8eb9d71..cbc25bcdb 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -551,7 +551,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert result["first"]["orderedItems"] == [user.ap_id] end - test "it returns returns empty if the user has 'hide_followers' set", %{conn: conn} do + test "it returns returns a uri if the user has 'hide_followers' set", %{conn: conn} do user = insert(:user) user_two = insert(:user, %{info: %{hide_followers: true}}) User.follow(user, user_two) @@ -561,8 +561,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do |> get("/users/#{user_two.nickname}/followers") |> json_response(200) - assert result["first"]["orderedItems"] == [] - assert result["totalItems"] == 0 + assert is_binary(result["first"]) end test "it works for more than 10 users", %{conn: conn} do @@ -606,7 +605,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert result["first"]["orderedItems"] == [user_two.ap_id] end - test "it returns returns empty if the user has 'hide_follows' set", %{conn: conn} do + test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do user = insert(:user, %{info: %{hide_follows: true}}) user_two = insert(:user) User.follow(user, user_two) @@ -616,8 +615,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do |> get("/users/#{user.nickname}/following") |> json_response(200) - assert result["first"]["orderedItems"] == [] - assert result["totalItems"] == 0 + assert is_binary(result["first"]) end test "it works for more than 10 users", %{conn: conn} do -- cgit v1.2.3 From 92055941bd55cb75ab7b5a26d03918390e64b754 Mon Sep 17 00:00:00 2001 From: Maksim Date: Fri, 12 Jul 2019 16:42:54 +0000 Subject: Pleroma.Web.Metadata - tests --- test/web/metadata/player_view_test.exs | 33 +++++++++ test/web/metadata/twitter_card_test.exs | 123 ++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 test/web/metadata/player_view_test.exs create mode 100644 test/web/metadata/twitter_card_test.exs (limited to 'test') diff --git a/test/web/metadata/player_view_test.exs b/test/web/metadata/player_view_test.exs new file mode 100644 index 000000000..742b0ed8b --- /dev/null +++ b/test/web/metadata/player_view_test.exs @@ -0,0 +1,33 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Metadata.PlayerViewTest do + use Pleroma.DataCase + + alias Pleroma.Web.Metadata.PlayerView + + test "it renders audio tag" do + res = + PlayerView.render( + "player.html", + %{"mediaType" => "audio", "href" => "test-href"} + ) + |> Phoenix.HTML.safe_to_string() + + assert res == + "

" + end + + test "it renders videos tag" do + res = + PlayerView.render( + "player.html", + %{"mediaType" => "video", "href" => "test-href"} + ) + |> Phoenix.HTML.safe_to_string() + + assert res == + "

" + end +end diff --git a/test/web/metadata/twitter_card_test.exs b/test/web/metadata/twitter_card_test.exs new file mode 100644 index 000000000..0814006d2 --- /dev/null +++ b/test/web/metadata/twitter_card_test.exs @@ -0,0 +1,123 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do + use Pleroma.DataCase + import Pleroma.Factory + + alias Pleroma.User + alias Pleroma.Web.CommonAPI + alias Pleroma.Web.Endpoint + alias Pleroma.Web.Metadata.Providers.TwitterCard + alias Pleroma.Web.Metadata.Utils + alias Pleroma.Web.Router + + test "it renders twitter card for user info" do + user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994") + avatar_url = Utils.attachment_url(User.avatar_url(user)) + res = TwitterCard.build_tags(%{user: user}) + + assert res == [ + {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []}, + {:meta, [property: "twitter:description", content: "born 19 March 1994"], []}, + {:meta, [property: "twitter:image", content: avatar_url], []}, + {:meta, [property: "twitter:card", content: "summary"], []} + ] + end + + test "it does not render attachments if post is nsfw" do + Pleroma.Config.put([Pleroma.Web.Metadata, :unfurl_nsfw], false) + user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994") + {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"}) + + note = + insert(:note, %{ + data: %{ + "actor" => user.ap_id, + "tag" => [], + "id" => "https://pleroma.gov/objects/whatever", + "content" => "pleroma in a nutshell", + "sensitive" => true, + "attachment" => [ + %{ + "url" => [%{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}] + }, + %{ + "url" => [ + %{ + "mediaType" => "application/octet-stream", + "href" => "https://pleroma.gov/fqa/badapple.sfc" + } + ] + }, + %{ + "url" => [ + %{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"} + ] + } + ] + } + }) + + result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id}) + + assert [ + {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []}, + {:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []}, + {:meta, [property: "twitter:image", content: "http://localhost:4001/images/avi.png"], + []}, + {:meta, [property: "twitter:card", content: "summary_large_image"], []} + ] == result + end + + test "it renders supported types of attachments and skips unknown types" do + user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994") + {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"}) + + note = + insert(:note, %{ + data: %{ + "actor" => user.ap_id, + "tag" => [], + "id" => "https://pleroma.gov/objects/whatever", + "content" => "pleroma in a nutshell", + "attachment" => [ + %{ + "url" => [%{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}] + }, + %{ + "url" => [ + %{ + "mediaType" => "application/octet-stream", + "href" => "https://pleroma.gov/fqa/badapple.sfc" + } + ] + }, + %{ + "url" => [ + %{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"} + ] + } + ] + } + }) + + result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id}) + + assert [ + {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []}, + {:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []}, + {:meta, [property: "twitter:card", content: "summary_large_image"], []}, + {:meta, [property: "twitter:player", content: "https://pleroma.gov/tenshi.png"], []}, + {:meta, [property: "twitter:card", content: "player"], []}, + {:meta, + [ + property: "twitter:player", + content: Router.Helpers.o_status_url(Endpoint, :notice_player, activity.id) + ], []}, + {:meta, [property: "twitter:player:width", content: "480"], []}, + {:meta, [property: "twitter:player:height", content: "480"], []} + ] == result + end +end -- cgit v1.2.3 From 97b79efbcd4ad829a575019f842e7dcd7548266a Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 12 Jul 2019 20:54:20 +0300 Subject: ActivityPub Controller: Actually pass for_user to following/followers views and give 403 errors when trying to request hidden follower pages when unauthenticated --- .../activity_pub/activity_pub_controller_test.exs | 57 ++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'test') diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index cbc25bcdb..452172bb4 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -12,6 +12,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.ActivityPub.UserView alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.CommonAPI setup_all do Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) @@ -564,6 +565,34 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert is_binary(result["first"]) end + test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is not authenticated", + %{conn: conn} do + user = insert(:user, %{info: %{hide_followers: true}}) + + result = + conn + |> get("/users/#{user.nickname}/followers?page=1") + + assert result.status == 403 + assert result.resp_body == "" + end + + test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user", + %{conn: conn} do + user = insert(:user, %{info: %{hide_followers: true}}) + other_user = insert(:user) + {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user) + + result = + conn + |> assign(:user, user) + |> get("/users/#{user.nickname}/followers?page=1") + |> json_response(200) + + assert result["totalItems"] == 1 + assert result["orderedItems"] == [other_user.ap_id] + end + test "it works for more than 10 users", %{conn: conn} do user = insert(:user) @@ -618,6 +647,34 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do assert is_binary(result["first"]) end + test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is not authenticated", + %{conn: conn} do + user = insert(:user, %{info: %{hide_follows: true}}) + + result = + conn + |> get("/users/#{user.nickname}/following?page=1") + + assert result.status == 403 + assert result.resp_body == "" + end + + test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user", + %{conn: conn} do + user = insert(:user, %{info: %{hide_follows: true}}) + other_user = insert(:user) + {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user) + + result = + conn + |> assign(:user, user) + |> get("/users/#{user.nickname}/following?page=1") + |> json_response(200) + + assert result["totalItems"] == 1 + assert result["orderedItems"] == [other_user.ap_id] + end + test "it works for more than 10 users", %{conn: conn} do user = insert(:user) -- cgit v1.2.3 From 369e9bb42fc907f2e3f92e7e44dc52d6940dc046 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sat, 13 Jul 2019 14:49:39 +0300 Subject: [#1041] Rate-limited status actions (per user and per user+status). --- test/plugs/rate_limiter_test.exs | 80 +++++++++++++++++++++++++++++++++++----- 1 file changed, 71 insertions(+), 9 deletions(-) (limited to 'test') diff --git a/test/plugs/rate_limiter_test.exs b/test/plugs/rate_limiter_test.exs index f8251b5c7..395095079 100644 --- a/test/plugs/rate_limiter_test.exs +++ b/test/plugs/rate_limiter_test.exs @@ -10,12 +10,13 @@ defmodule Pleroma.Plugs.RateLimiterTest do import Pleroma.Factory - @limiter_name :testing + # Note: each example must work with separate buckets in order to prevent concurrency issues test "init/1" do - Pleroma.Config.put([:rate_limit, @limiter_name], {1, 1}) + limiter_name = :test_init + Pleroma.Config.put([:rate_limit, limiter_name], {1, 1}) - assert {@limiter_name, {1, 1}} == RateLimiter.init(@limiter_name) + assert {limiter_name, {1, 1}, []} == RateLimiter.init(limiter_name) assert nil == RateLimiter.init(:foo) end @@ -24,14 +25,15 @@ defmodule Pleroma.Plugs.RateLimiterTest do end test "it restricts by opts" do + limiter_name = :test_opts scale = 1000 limit = 5 - Pleroma.Config.put([:rate_limit, @limiter_name], {scale, limit}) + Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit}) - opts = RateLimiter.init(@limiter_name) + opts = RateLimiter.init(limiter_name) conn = conn(:get, "/") - bucket_name = "#{@limiter_name}:#{RateLimiter.ip(conn)}" + bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}" conn = RateLimiter.call(conn, opts) assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit) @@ -65,18 +67,78 @@ defmodule Pleroma.Plugs.RateLimiterTest do refute conn.halted end + test "`bucket_name` option overrides default bucket name" do + limiter_name = :test_bucket_name + scale = 1000 + limit = 5 + + Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit}) + base_bucket_name = "#{limiter_name}:group1" + opts = RateLimiter.init({limiter_name, bucket_name: base_bucket_name}) + + conn = conn(:get, "/") + default_bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}" + customized_bucket_name = "#{base_bucket_name}:#{RateLimiter.ip(conn)}" + + RateLimiter.call(conn, opts) + assert {1, 4, _, _, _} = ExRated.inspect_bucket(customized_bucket_name, scale, limit) + assert {0, 5, _, _, _} = ExRated.inspect_bucket(default_bucket_name, scale, limit) + end + + test "`params` option appends specified params' values to bucket name" do + limiter_name = :test_params + scale = 1000 + limit = 5 + + Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit}) + opts = RateLimiter.init({limiter_name, params: ["id"]}) + id = "1" + + conn = conn(:get, "/?id=#{id}") + conn = Plug.Conn.fetch_query_params(conn) + + default_bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}" + parametrized_bucket_name = "#{limiter_name}:#{id}:#{RateLimiter.ip(conn)}" + + RateLimiter.call(conn, opts) + assert {1, 4, _, _, _} = ExRated.inspect_bucket(parametrized_bucket_name, scale, limit) + assert {0, 5, _, _, _} = ExRated.inspect_bucket(default_bucket_name, scale, limit) + end + + test "it supports combination of options modifying bucket name" do + limiter_name = :test_options_combo + scale = 1000 + limit = 5 + + Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit}) + base_bucket_name = "#{limiter_name}:group1" + opts = RateLimiter.init({limiter_name, bucket_name: base_bucket_name, params: ["id"]}) + id = "100" + + conn = conn(:get, "/?id=#{id}") + conn = Plug.Conn.fetch_query_params(conn) + + default_bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}" + parametrized_bucket_name = "#{base_bucket_name}:#{id}:#{RateLimiter.ip(conn)}" + + RateLimiter.call(conn, opts) + assert {1, 4, _, _, _} = ExRated.inspect_bucket(parametrized_bucket_name, scale, limit) + assert {0, 5, _, _, _} = ExRated.inspect_bucket(default_bucket_name, scale, limit) + end + test "optional limits for authenticated users" do + limiter_name = :test_authenticated Ecto.Adapters.SQL.Sandbox.checkout(Pleroma.Repo) scale = 1000 limit = 5 - Pleroma.Config.put([:rate_limit, @limiter_name], [{1, 10}, {scale, limit}]) + Pleroma.Config.put([:rate_limit, limiter_name], [{1, 10}, {scale, limit}]) - opts = RateLimiter.init(@limiter_name) + opts = RateLimiter.init(limiter_name) user = insert(:user) conn = conn(:get, "/") |> assign(:user, user) - bucket_name = "#{@limiter_name}:#{user.id}" + bucket_name = "#{limiter_name}:#{user.id}" conn = RateLimiter.call(conn, opts) assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit) -- cgit v1.2.3 From 80c46d6d8b84d77d86efc32c1d2af225c1eada33 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sat, 13 Jul 2019 18:30:45 +0000 Subject: nodeinfo: implement MRF transparency exclusions --- test/web/node_info_test.exs | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'test') diff --git a/test/web/node_info_test.exs b/test/web/node_info_test.exs index be1173513..d7f848bfa 100644 --- a/test/web/node_info_test.exs +++ b/test/web/node_info_test.exs @@ -83,4 +83,47 @@ defmodule Pleroma.Web.NodeInfoTest do Pleroma.Config.put([:instance, :safe_dm_mentions], option) end + + test "it shows MRF transparency data if enabled", %{conn: conn} do + option = Pleroma.Config.get([:instance, :mrf_transparency]) + Pleroma.Config.put([:instance, :mrf_transparency], true) + + simple_config = %{"reject" => ["example.com"]} + Pleroma.Config.put(:mrf_simple, simple_config) + + response = + conn + |> get("/nodeinfo/2.1.json") + |> json_response(:ok) + + assert response["metadata"]["federation"]["mrf_simple"] == simple_config + + Pleroma.Config.put([:instance, :mrf_transparency], option) + Pleroma.Config.put(:mrf_simple, %{}) + end + + test "it performs exclusions from MRF transparency data if configured", %{conn: conn} do + option = Pleroma.Config.get([:instance, :mrf_transparency]) + Pleroma.Config.put([:instance, :mrf_transparency], true) + + exclusions = Pleroma.Config.get([:instance, :mrf_transparency_exclusions]) + Pleroma.Config.put([:instance, :mrf_transparency_exclusions], ["other.site"]) + + simple_config = %{"reject" => ["example.com", "other.site"]} + expected_config = %{"reject" => ["example.com"]} + + Pleroma.Config.put(:mrf_simple, simple_config) + + response = + conn + |> get("/nodeinfo/2.1.json") + |> json_response(:ok) + + assert response["metadata"]["federation"]["mrf_simple"] == expected_config + assert response["metadata"]["federation"]["exclusions"] == true + + Pleroma.Config.put([:instance, :mrf_transparency], option) + Pleroma.Config.put([:instance, :mrf_transparency_exclusions], exclusions) + Pleroma.Config.put(:mrf_simple, %{}) + end end -- cgit v1.2.3 From efa9a13d4e27c797ae02a44ddc95fd81fea36804 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Jul 2019 13:31:43 +0200 Subject: HttpRequestMock: Add missing mocks for object containment tests --- test/support/http_request_mock.ex | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'test') diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index ff6bb78f9..80586426b 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -879,6 +879,30 @@ defmodule HttpRequestMock do }} end + def get("https://info.pleroma.site/activity.json", _, _, Accept: "application/activity+json") do + {:ok, + %Tesla.Env{ + status: 200, + body: File.read!("test/fixtures/tesla_mock/https__info.pleroma.site_activity.json") + }} + end + + def get("https://info.pleroma.site/activity2.json", _, _, Accept: "application/activity+json") do + {:ok, + %Tesla.Env{ + status: 200, + body: File.read!("test/fixtures/tesla_mock/https__info.pleroma.site_activity2.json") + }} + end + + def get("https://info.pleroma.site/activity3.json", _, _, Accept: "application/activity+json") do + {:ok, + %Tesla.Env{ + status: 200, + body: File.read!("test/fixtures/tesla_mock/https__info.pleroma.site_activity3.json") + }} + end + def get(url, query, body, headers) do {:error, "Not implemented the mock response for get #{inspect(url)}, #{query}, #{inspect(body)}, #{ -- cgit v1.2.3 From f00562ed6bef980bc14038b15078d3427876f7db Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Jul 2019 13:39:05 +0200 Subject: HttpRequestMock: Add 404s on OStatus fetching for info.pleroma.site --- test/support/http_request_mock.ex | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'test') diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 80586426b..7811f7807 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -887,6 +887,10 @@ defmodule HttpRequestMock do }} end + def get("https://info.pleroma.site/activity.json", _, _, _) do + {:ok, %Tesla.Env{status: 404, body: ""}} + end + def get("https://info.pleroma.site/activity2.json", _, _, Accept: "application/activity+json") do {:ok, %Tesla.Env{ @@ -895,6 +899,10 @@ defmodule HttpRequestMock do }} end + def get("https://info.pleroma.site/activity2.json", _, _, _) do + {:ok, %Tesla.Env{status: 404, body: ""}} + end + def get("https://info.pleroma.site/activity3.json", _, _, Accept: "application/activity+json") do {:ok, %Tesla.Env{ @@ -903,6 +911,10 @@ defmodule HttpRequestMock do }} end + def get("https://info.pleroma.site/activity3.json", _, _, _) do + {:ok, %Tesla.Env{status: 404, body: ""}} + end + def get(url, query, body, headers) do {:error, "Not implemented the mock response for get #{inspect(url)}, #{query}, #{inspect(body)}, #{ -- cgit v1.2.3 From e7c39b7ac8f0462ab563d3cf51f24c76feab0e8d Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Sun, 14 Jul 2019 13:29:31 +0000 Subject: Feature/1072 muting notifications --- test/notification_test.exs | 117 ++++++++++++++++++-- test/user_test.exs | 16 +++ .../mastodon_api/mastodon_api_controller_test.exs | 120 ++++++++++++++++++--- .../twitter_api/twitter_api_controller_test.exs | 32 ++++++ 4 files changed, 265 insertions(+), 20 deletions(-) (limited to 'test') diff --git a/test/notification_test.exs b/test/notification_test.exs index 1d36f14bf..dda570b49 100644 --- a/test/notification_test.exs +++ b/test/notification_test.exs @@ -74,26 +74,37 @@ defmodule Pleroma.NotificationTest do Task.await(task_user_notification) end - test "it doesn't create a notification for user if the user blocks the activity author" do + test "it creates a notification for user if the user blocks the activity author" do activity = insert(:note_activity) author = User.get_cached_by_ap_id(activity.data["actor"]) user = insert(:user) {:ok, user} = User.block(user, author) - refute Notification.create_notification(activity, user) + assert Notification.create_notification(activity, user) end - test "it doesn't create a notificatin for the user if the user mutes the activity author" do + test "it creates a notificatin for the user if the user mutes the activity author" do muter = insert(:user) muted = insert(:user) {:ok, _} = User.mute(muter, muted) muter = Repo.get(User, muter.id) {:ok, activity} = CommonAPI.post(muted, %{"status" => "Hi @#{muter.nickname}"}) - refute Notification.create_notification(activity, muter) + assert Notification.create_notification(activity, muter) end - test "it doesn't create a notification for an activity from a muted thread" do + test "notification created if user is muted without notifications" do + muter = insert(:user) + muted = insert(:user) + + {:ok, muter} = User.mute(muter, muted, false) + + {:ok, activity} = CommonAPI.post(muted, %{"status" => "Hi @#{muter.nickname}"}) + + assert Notification.create_notification(activity, muter) + end + + test "it creates a notification for an activity from a muted thread" do muter = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(muter, %{"status" => "hey"}) @@ -105,7 +116,7 @@ defmodule Pleroma.NotificationTest do "in_reply_to_status_id" => activity.id }) - refute Notification.create_notification(activity, muter) + assert Notification.create_notification(activity, muter) end test "it disables notifications from followers" do @@ -532,4 +543,98 @@ defmodule Pleroma.NotificationTest do assert Enum.empty?(Notification.for_user(user)) end end + + describe "for_user" do + test "it returns notifications for muted user without notifications" do + user = insert(:user) + muted = insert(:user) + {:ok, user} = User.mute(user, muted, false) + + {:ok, _activity} = TwitterAPI.create_status(muted, %{"status" => "hey @#{user.nickname}"}) + + assert length(Notification.for_user(user)) == 1 + end + + test "it doesn't return notifications for muted user with notifications" do + user = insert(:user) + muted = insert(:user) + {:ok, user} = User.mute(user, muted) + + {:ok, _activity} = TwitterAPI.create_status(muted, %{"status" => "hey @#{user.nickname}"}) + + assert Notification.for_user(user) == [] + end + + test "it doesn't return notifications for blocked user" do + user = insert(:user) + blocked = insert(:user) + {:ok, user} = User.block(user, blocked) + + {:ok, _activity} = TwitterAPI.create_status(blocked, %{"status" => "hey @#{user.nickname}"}) + + assert Notification.for_user(user) == [] + end + + test "it doesn't return notificatitons for blocked domain" do + user = insert(:user) + blocked = insert(:user, ap_id: "http://some-domain.com") + {:ok, user} = User.block_domain(user, "some-domain.com") + + {:ok, _activity} = TwitterAPI.create_status(blocked, %{"status" => "hey @#{user.nickname}"}) + + assert Notification.for_user(user) == [] + end + + test "it doesn't return notifications for muted thread" do + user = insert(:user) + another_user = insert(:user) + + {:ok, activity} = + TwitterAPI.create_status(another_user, %{"status" => "hey @#{user.nickname}"}) + + {:ok, _} = Pleroma.ThreadMute.add_mute(user.id, activity.data["context"]) + assert Notification.for_user(user) == [] + end + + test "it returns notifications for muted user with notifications and with_muted parameter" do + user = insert(:user) + muted = insert(:user) + {:ok, user} = User.mute(user, muted) + + {:ok, _activity} = TwitterAPI.create_status(muted, %{"status" => "hey @#{user.nickname}"}) + + assert length(Notification.for_user(user, %{with_muted: true})) == 1 + end + + test "it returns notifications for blocked user and with_muted parameter" do + user = insert(:user) + blocked = insert(:user) + {:ok, user} = User.block(user, blocked) + + {:ok, _activity} = TwitterAPI.create_status(blocked, %{"status" => "hey @#{user.nickname}"}) + + assert length(Notification.for_user(user, %{with_muted: true})) == 1 + end + + test "it returns notificatitons for blocked domain and with_muted parameter" do + user = insert(:user) + blocked = insert(:user, ap_id: "http://some-domain.com") + {:ok, user} = User.block_domain(user, "some-domain.com") + + {:ok, _activity} = TwitterAPI.create_status(blocked, %{"status" => "hey @#{user.nickname}"}) + + assert length(Notification.for_user(user, %{with_muted: true})) == 1 + end + + test "it returns notifications for muted thread with_muted parameter" do + user = insert(:user) + another_user = insert(:user) + + {:ok, activity} = + TwitterAPI.create_status(another_user, %{"status" => "hey @#{user.nickname}"}) + + {:ok, _} = Pleroma.ThreadMute.add_mute(user.id, activity.data["context"]) + assert length(Notification.for_user(user, %{with_muted: true})) == 1 + end + end end diff --git a/test/user_test.exs b/test/user_test.exs index 7c3fe976d..264b7a40e 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -687,10 +687,12 @@ defmodule Pleroma.UserTest do muted_user = insert(:user) refute User.mutes?(user, muted_user) + refute User.muted_notifications?(user, muted_user) {:ok, user} = User.mute(user, muted_user) assert User.mutes?(user, muted_user) + assert User.muted_notifications?(user, muted_user) end test "it unmutes users" do @@ -701,6 +703,20 @@ defmodule Pleroma.UserTest do {:ok, user} = User.unmute(user, muted_user) refute User.mutes?(user, muted_user) + refute User.muted_notifications?(user, muted_user) + end + + test "it mutes user without notifications" do + user = insert(:user) + muted_user = insert(:user) + + refute User.mutes?(user, muted_user) + refute User.muted_notifications?(user, muted_user) + + {:ok, user} = User.mute(user, muted_user, false) + + assert User.mutes?(user, muted_user) + refute User.muted_notifications?(user, muted_user) end end diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index b7c050dbf..6ffa64dc8 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1274,6 +1274,71 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do result = json_response(conn_res, 200) assert [%{"id" => ^notification4_id}, %{"id" => ^notification3_id}] = result end + + test "doesn't see notifications after muting user with notifications", %{conn: conn} do + user = insert(:user) + user2 = insert(:user) + + {:ok, _, _, _} = CommonAPI.follow(user, user2) + {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"}) + + conn = assign(conn, :user, user) + + conn = get(conn, "/api/v1/notifications") + + assert length(json_response(conn, 200)) == 1 + + {:ok, user} = User.mute(user, user2) + + conn = assign(build_conn(), :user, user) + conn = get(conn, "/api/v1/notifications") + + assert json_response(conn, 200) == [] + end + + test "see notifications after muting user without notifications", %{conn: conn} do + user = insert(:user) + user2 = insert(:user) + + {:ok, _, _, _} = CommonAPI.follow(user, user2) + {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"}) + + conn = assign(conn, :user, user) + + conn = get(conn, "/api/v1/notifications") + + assert length(json_response(conn, 200)) == 1 + + {:ok, user} = User.mute(user, user2, false) + + conn = assign(build_conn(), :user, user) + conn = get(conn, "/api/v1/notifications") + + assert length(json_response(conn, 200)) == 1 + end + + test "see notifications after muting user with notifications and with_muted parameter", %{ + conn: conn + } do + user = insert(:user) + user2 = insert(:user) + + {:ok, _, _, _} = CommonAPI.follow(user, user2) + {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"}) + + conn = assign(conn, :user, user) + + conn = get(conn, "/api/v1/notifications") + + assert length(json_response(conn, 200)) == 1 + + {:ok, user} = User.mute(user, user2) + + conn = assign(build_conn(), :user, user) + conn = get(conn, "/api/v1/notifications", %{"with_muted" => "true"}) + + assert length(json_response(conn, 200)) == 1 + end end describe "reblogging" do @@ -2105,25 +2170,52 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do assert %{"error" => "Record not found"} = json_response(conn_res, 404) end - test "muting / unmuting a user", %{conn: conn} do - user = insert(:user) - other_user = insert(:user) + describe "mute/unmute" do + test "with notifications", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) - conn = - conn - |> assign(:user, user) - |> post("/api/v1/accounts/#{other_user.id}/mute") + conn = + conn + |> assign(:user, user) + |> post("/api/v1/accounts/#{other_user.id}/mute") - assert %{"id" => _id, "muting" => true} = json_response(conn, 200) + response = json_response(conn, 200) - user = User.get_cached_by_id(user.id) + assert %{"id" => _id, "muting" => true, "muting_notifications" => true} = response + user = User.get_cached_by_id(user.id) - conn = - build_conn() - |> assign(:user, user) - |> post("/api/v1/accounts/#{other_user.id}/unmute") + conn = + build_conn() + |> assign(:user, user) + |> post("/api/v1/accounts/#{other_user.id}/unmute") - assert %{"id" => _id, "muting" => false} = json_response(conn, 200) + response = json_response(conn, 200) + assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response + end + + test "without notifications", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + conn = + conn + |> assign(:user, user) + |> post("/api/v1/accounts/#{other_user.id}/mute", %{"notifications" => "false"}) + + response = json_response(conn, 200) + + assert %{"id" => _id, "muting" => true, "muting_notifications" => false} = response + user = User.get_cached_by_id(user.id) + + conn = + build_conn() + |> assign(:user, user) + |> post("/api/v1/accounts/#{other_user.id}/unmute") + + response = json_response(conn, 200) + assert %{"id" => _id, "muting" => false, "muting_notifications" => false} = response + end end test "subscribing / unsubscribing to a user", %{conn: conn} do diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 7ec0e101d..de6177575 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -521,6 +521,38 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do for: current_user }) end + + test "muted user", %{conn: conn, user: current_user} do + other_user = insert(:user) + + {:ok, current_user} = User.mute(current_user, other_user) + + {:ok, _activity} = + ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) + + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> get("/api/qvitter/statuses/notifications.json") + + assert json_response(conn, 200) == [] + end + + test "muted user with with_muted parameter", %{conn: conn, user: current_user} do + other_user = insert(:user) + + {:ok, current_user} = User.mute(current_user, other_user) + + {:ok, _activity} = + ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user}) + + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> get("/api/qvitter/statuses/notifications.json", %{"with_muted" => "true"}) + + assert length(json_response(conn, 200)) == 1 + end end describe "POST /api/qvitter/statuses/notifications/read" do -- cgit v1.2.3 From a2c601acb5e91ccfee2f38cb24ec3f86aaafc8a1 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Jul 2019 14:24:56 +0200 Subject: FetcherTest: Containment refute called(OStatus.fetch_activity_from_url) --- test/object/fetcher_test.exs | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/object/fetcher_test.exs b/test/object/fetcher_test.exs index 3b666e0d1..56a9d775f 100644 --- a/test/object/fetcher_test.exs +++ b/test/object/fetcher_test.exs @@ -9,6 +9,7 @@ defmodule Pleroma.Object.FetcherTest do alias Pleroma.Object alias Pleroma.Object.Fetcher import Tesla.Mock + import Mock setup do mock(fn @@ -26,16 +27,31 @@ defmodule Pleroma.Object.FetcherTest do end describe "actor origin containment" do - test "it rejects objects with a bogus origin" do + test_with_mock "it rejects objects with a bogus origin", + Pleroma.Web.OStatus, + [:passthrough], + [] do {:error, _} = Fetcher.fetch_object_from_id("https://info.pleroma.site/activity.json") + + refute called(Pleroma.Web.OStatus.fetch_activity_from_url(:_)) end - test "it rejects objects when attributedTo is wrong (variant 1)" do + test_with_mock "it rejects objects when attributedTo is wrong (variant 1)", + Pleroma.Web.OStatus, + [:passthrough], + [] do {:error, _} = Fetcher.fetch_object_from_id("https://info.pleroma.site/activity2.json") + + refute called(Pleroma.Web.OStatus.fetch_activity_from_url(:_)) end - test "it rejects objects when attributedTo is wrong (variant 2)" do + test_with_mock "it rejects objects when attributedTo is wrong (variant 2)", + Pleroma.Web.OStatus, + [:passthrough], + [] do {:error, _} = Fetcher.fetch_object_from_id("https://info.pleroma.site/activity3.json") + + refute called(Pleroma.Web.OStatus.fetch_activity_from_url(:_)) end end -- cgit v1.2.3 From 739bbe0d3bbe06ca9d634498ea5909f35fc5ad84 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 14 Jul 2019 17:47:08 +0000 Subject: security: detect object containment violations at the IR level It is more efficient to check for object containment violations at the IR level instead of in the protocol handlers. OStatus containment is especially a tricky situation, as the containment rules don't match those of IR and ActivityPub. Accordingly, we just always do a final containment check at the IR level before the object is added to the IR object graph. --- test/object/containment_test.exs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'test') diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs index 1beed6236..61cd1b412 100644 --- a/test/object/containment_test.exs +++ b/test/object/containment_test.exs @@ -68,4 +68,34 @@ defmodule Pleroma.Object.ContainmentTest do "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}" end end + + describe "containment of children" do + test "contain_child() catches spoofing attempts" do + data = %{ + "id" => "http://example.com/whatever", + "type" => "Create", + "object" => %{ + "id" => "http://example.net/~alyssa/activities/1234", + "attributedTo" => "http://example.org/~alyssa" + }, + "actor" => "http://example.com/~bob" + } + + :error = Containment.contain_child(data) + end + + test "contain_child() allows correct origins" do + data = %{ + "id" => "http://example.org/~alyssa/activities/5678", + "type" => "Create", + "object" => %{ + "id" => "http://example.org/~alyssa/activities/1234", + "attributedTo" => "http://example.org/~alyssa" + }, + "actor" => "http://example.org/~alyssa" + } + + :ok = Containment.contain_child(data) + end + end end -- cgit v1.2.3 From 841314c2d504ad108f6a85713546b188096ad735 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 14 Jul 2019 17:49:12 +0000 Subject: tests: fix object containment violations in the transmogrifier tests Some objects were not completely rewritten in the tests, which caused object containment violations. Fix them by rewriting the object IDs to be in an appropriate namespace. --- test/web/activity_pub/transmogrifier_test.exs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'test') diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index b896a532b..cabe925f9 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -416,6 +416,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do |> Map.put("attributedTo", user.ap_id) |> Map.put("to", ["https://www.w3.org/ns/activitystreams#Public"]) |> Map.put("cc", []) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) @@ -439,6 +440,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do |> Map.put("attributedTo", user.ap_id) |> Map.put("to", nil) |> Map.put("cc", nil) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) -- cgit v1.2.3 From dce8ebc9eabac1a597491a0edc5c145285c55671 Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Sun, 14 Jul 2019 19:25:03 +0000 Subject: Unfollow should also unsubscribe --- test/web/common_api/common_api_test.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'test') diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 958c931c4..b59b6cbf6 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -346,6 +346,20 @@ defmodule Pleroma.Web.CommonAPITest do end end + describe "unfollow/2" do + test "also unsubscribes a user" do + [follower, followed] = insert_pair(:user) + {:ok, follower, followed, _} = CommonAPI.follow(follower, followed) + {:ok, followed} = User.subscribe(follower, followed) + + assert User.subscribed_to?(follower, followed) + + {:ok, follower} = CommonAPI.unfollow(follower, followed) + + refute User.subscribed_to?(follower, followed) + end + end + describe "accept_follow_request/2" do test "after acceptance, it sets all existing pending follow request states to 'accept'" do user = insert(:user, info: %{locked: true}) -- cgit v1.2.3 From fa17879c204980c6fb0025b2e51a978669c441da Mon Sep 17 00:00:00 2001 From: Maksim Date: Sun, 14 Jul 2019 21:01:32 +0000 Subject: added tests for Web.MediaProxy --- test/media_proxy_test.exs | 209 -------------------- .../media_proxy/media_proxy_controller_test.exs | 73 +++++++ test/web/media_proxy/media_proxy_test.exs | 215 +++++++++++++++++++++ 3 files changed, 288 insertions(+), 209 deletions(-) delete mode 100644 test/media_proxy_test.exs create mode 100644 test/web/media_proxy/media_proxy_controller_test.exs create mode 100644 test/web/media_proxy/media_proxy_test.exs (limited to 'test') diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs deleted file mode 100644 index fbf200931..000000000 --- a/test/media_proxy_test.exs +++ /dev/null @@ -1,209 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2018 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.MediaProxyTest do - use ExUnit.Case - import Pleroma.Web.MediaProxy - alias Pleroma.Web.MediaProxy.MediaProxyController - - setup do - enabled = Pleroma.Config.get([:media_proxy, :enabled]) - on_exit(fn -> Pleroma.Config.put([:media_proxy, :enabled], enabled) end) - :ok - end - - describe "when enabled" do - setup do - Pleroma.Config.put([:media_proxy, :enabled], true) - :ok - end - - test "ignores invalid url" do - assert url(nil) == nil - assert url("") == nil - end - - test "ignores relative url" do - assert url("/local") == "/local" - assert url("/") == "/" - end - - test "ignores local url" do - local_url = Pleroma.Web.Endpoint.url() <> "/hello" - local_root = Pleroma.Web.Endpoint.url() - assert url(local_url) == local_url - assert url(local_root) == local_root - end - - test "encodes and decodes URL" do - url = "https://pleroma.soykaf.com/static/logo.png" - encoded = url(url) - - assert String.starts_with?( - encoded, - Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()) - ) - - assert String.ends_with?(encoded, "/logo.png") - - assert decode_result(encoded) == url - end - - test "encodes and decodes URL without a path" do - url = "https://pleroma.soykaf.com" - encoded = url(url) - assert decode_result(encoded) == url - end - - test "encodes and decodes URL without an extension" do - url = "https://pleroma.soykaf.com/path/" - encoded = url(url) - assert String.ends_with?(encoded, "/path") - assert decode_result(encoded) == url - end - - test "encodes and decodes URL and ignores query params for the path" do - url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true" - encoded = url(url) - assert String.ends_with?(encoded, "/logo.png") - assert decode_result(encoded) == url - end - - test "validates signature" do - secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) - - on_exit(fn -> - Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base) - end) - - encoded = url("https://pleroma.social") - - Pleroma.Config.put( - [Pleroma.Web.Endpoint, :secret_key_base], - "00000000000000000000000000000000000000000000000" - ) - - [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") - assert decode_url(sig, base64) == {:error, :invalid_signature} - end - - test "filename_matches preserves the encoded or decoded path" do - assert MediaProxyController.filename_matches( - true, - "/Hello world.jpg", - "http://pleroma.social/Hello world.jpg" - ) == :ok - - assert MediaProxyController.filename_matches( - true, - "/Hello%20world.jpg", - "http://pleroma.social/Hello%20world.jpg" - ) == :ok - - assert MediaProxyController.filename_matches( - true, - "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", - "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" - ) == :ok - end - - test "uses the configured base_url" do - base_url = Pleroma.Config.get([:media_proxy, :base_url]) - - if base_url do - on_exit(fn -> - Pleroma.Config.put([:media_proxy, :base_url], base_url) - end) - end - - Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") - - url = "https://pleroma.soykaf.com/static/logo.png" - encoded = url(url) - - assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url])) - end - - # Some sites expect ASCII encoded characters in the URL to be preserved even if - # unnecessary. - # Issues: https://git.pleroma.social/pleroma/pleroma/issues/580 - # https://git.pleroma.social/pleroma/pleroma/issues/1055 - test "preserve ASCII encoding" do - url = - "https://pleroma.com/%20/%21/%22/%23/%24/%25/%26/%27/%28/%29/%2A/%2B/%2C/%2D/%2E/%2F/%30/%31/%32/%33/%34/%35/%36/%37/%38/%39/%3A/%3B/%3C/%3D/%3E/%3F/%40/%41/%42/%43/%44/%45/%46/%47/%48/%49/%4A/%4B/%4C/%4D/%4E/%4F/%50/%51/%52/%53/%54/%55/%56/%57/%58/%59/%5A/%5B/%5C/%5D/%5E/%5F/%60/%61/%62/%63/%64/%65/%66/%67/%68/%69/%6A/%6B/%6C/%6D/%6E/%6F/%70/%71/%72/%73/%74/%75/%76/%77/%78/%79/%7A/%7B/%7C/%7D/%7E/%7F/%80/%81/%82/%83/%84/%85/%86/%87/%88/%89/%8A/%8B/%8C/%8D/%8E/%8F/%90/%91/%92/%93/%94/%95/%96/%97/%98/%99/%9A/%9B/%9C/%9D/%9E/%9F/%C2%A0/%A1/%A2/%A3/%A4/%A5/%A6/%A7/%A8/%A9/%AA/%AB/%AC/%C2%AD/%AE/%AF/%B0/%B1/%B2/%B3/%B4/%B5/%B6/%B7/%B8/%B9/%BA/%BB/%BC/%BD/%BE/%BF/%C0/%C1/%C2/%C3/%C4/%C5/%C6/%C7/%C8/%C9/%CA/%CB/%CC/%CD/%CE/%CF/%D0/%D1/%D2/%D3/%D4/%D5/%D6/%D7/%D8/%D9/%DA/%DB/%DC/%DD/%DE/%DF/%E0/%E1/%E2/%E3/%E4/%E5/%E6/%E7/%E8/%E9/%EA/%EB/%EC/%ED/%EE/%EF/%F0/%F1/%F2/%F3/%F4/%F5/%F6/%F7/%F8/%F9/%FA/%FB/%FC/%FD/%FE/%FF" - - encoded = url(url) - assert decode_result(encoded) == url - end - - # This includes unsafe/reserved characters which are not interpreted as part of the URL - # and would otherwise have to be ASCII encoded. It is our role to ensure the proxied URL - # is unmodified, so we are testing these characters anyway. - test "preserve non-unicode characters per RFC3986" do - url = - "https://pleroma.com/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-._~:/?#[]@!$&'()*+,;=|^`{}" - - encoded = url(url) - assert decode_result(encoded) == url - end - - test "preserve unicode characters" do - url = "https://ko.wikipedia.org/wiki/위키백과:대문" - - encoded = url(url) - assert decode_result(encoded) == url - end - - test "does not change whitelisted urls" do - upload_config = Pleroma.Config.get([Pleroma.Upload]) - media_url = "https://media.pleroma.social" - Pleroma.Config.put([Pleroma.Upload, :base_url], media_url) - Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"]) - Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") - - url = "#{media_url}/static/logo.png" - encoded = url(url) - - assert String.starts_with?(encoded, media_url) - - Pleroma.Config.put([Pleroma.Upload], upload_config) - end - end - - describe "when disabled" do - setup do - enabled = Pleroma.Config.get([:media_proxy, :enabled]) - - if enabled do - Pleroma.Config.put([:media_proxy, :enabled], false) - - on_exit(fn -> - Pleroma.Config.put([:media_proxy, :enabled], enabled) - :ok - end) - end - - :ok - end - - test "does not encode remote urls" do - assert url("https://google.fr") == "https://google.fr" - end - end - - defp decode_result(encoded) do - [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") - {:ok, decoded} = decode_url(sig, base64) - decoded - end - - test "mediaproxy whitelist" do - Pleroma.Config.put([:media_proxy, :enabled], true) - Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"]) - url = "https://feld.me/foo.png" - - unencoded = url(url) - assert unencoded == url - end -end diff --git a/test/web/media_proxy/media_proxy_controller_test.exs b/test/web/media_proxy/media_proxy_controller_test.exs new file mode 100644 index 000000000..53b8f556b --- /dev/null +++ b/test/web/media_proxy/media_proxy_controller_test.exs @@ -0,0 +1,73 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2018 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do + use Pleroma.Web.ConnCase + import Mock + alias Pleroma.Config + + setup do + media_proxy_config = Config.get([:media_proxy]) || [] + on_exit(fn -> Config.put([:media_proxy], media_proxy_config) end) + :ok + end + + test "it returns 404 when MediaProxy disabled", %{conn: conn} do + Config.put([:media_proxy, :enabled], false) + + assert %Plug.Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/hhgfh/eeeee") + + assert %Plug.Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/hhgfh/eeee/fff") + end + + test "it returns 403 when signature invalidated", %{conn: conn} do + Config.put([:media_proxy, :enabled], true) + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + path = URI.parse(Pleroma.Web.MediaProxy.encode_url("https://google.fn")).path + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "000") + + assert %Plug.Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, path) + + assert %Plug.Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, "/proxy/hhgfh/eeee") + + assert %Plug.Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, "/proxy/hhgfh/eeee/fff") + end + + test "redirects on valid url when filename invalidated", %{conn: conn} do + Config.put([:media_proxy, :enabled], true) + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png") + invalid_url = String.replace(url, "test.png", "test-file.png") + response = get(conn, invalid_url) + html = "You are being redirected." + assert response.status == 302 + assert response.resp_body == html + end + + test "it performs ReverseProxy.call when signature valid", %{conn: conn} do + Config.put([:media_proxy, :enabled], true) + Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png") + + with_mock Pleroma.ReverseProxy, + call: fn _conn, _url, _opts -> %Plug.Conn{status: :success} end do + assert %Plug.Conn{status: :success} = get(conn, url) + end + end +end diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs new file mode 100644 index 000000000..cb4807e0b --- /dev/null +++ b/test/web/media_proxy/media_proxy_test.exs @@ -0,0 +1,215 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2018 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MediaProxyTest do + use ExUnit.Case + import Pleroma.Web.MediaProxy + alias Pleroma.Web.MediaProxy.MediaProxyController + + setup do + enabled = Pleroma.Config.get([:media_proxy, :enabled]) + on_exit(fn -> Pleroma.Config.put([:media_proxy, :enabled], enabled) end) + :ok + end + + describe "when enabled" do + setup do + Pleroma.Config.put([:media_proxy, :enabled], true) + :ok + end + + test "ignores invalid url" do + assert url(nil) == nil + assert url("") == nil + end + + test "ignores relative url" do + assert url("/local") == "/local" + assert url("/") == "/" + end + + test "ignores local url" do + local_url = Pleroma.Web.Endpoint.url() <> "/hello" + local_root = Pleroma.Web.Endpoint.url() + assert url(local_url) == local_url + assert url(local_root) == local_root + end + + test "encodes and decodes URL" do + url = "https://pleroma.soykaf.com/static/logo.png" + encoded = url(url) + + assert String.starts_with?( + encoded, + Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()) + ) + + assert String.ends_with?(encoded, "/logo.png") + + assert decode_result(encoded) == url + end + + test "encodes and decodes URL without a path" do + url = "https://pleroma.soykaf.com" + encoded = url(url) + assert decode_result(encoded) == url + end + + test "encodes and decodes URL without an extension" do + url = "https://pleroma.soykaf.com/path/" + encoded = url(url) + assert String.ends_with?(encoded, "/path") + assert decode_result(encoded) == url + end + + test "encodes and decodes URL and ignores query params for the path" do + url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true" + encoded = url(url) + assert String.ends_with?(encoded, "/logo.png") + assert decode_result(encoded) == url + end + + test "validates signature" do + secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) + + on_exit(fn -> + Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base) + end) + + encoded = url("https://pleroma.social") + + Pleroma.Config.put( + [Pleroma.Web.Endpoint, :secret_key_base], + "00000000000000000000000000000000000000000000000" + ) + + [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") + assert decode_url(sig, base64) == {:error, :invalid_signature} + end + + test "filename_matches preserves the encoded or decoded path" do + assert MediaProxyController.filename_matches( + %{"filename" => "/Hello world.jpg"}, + "/Hello world.jpg", + "http://pleroma.social/Hello world.jpg" + ) == :ok + + assert MediaProxyController.filename_matches( + %{"filename" => "/Hello%20world.jpg"}, + "/Hello%20world.jpg", + "http://pleroma.social/Hello%20world.jpg" + ) == :ok + + assert MediaProxyController.filename_matches( + %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}, + "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", + "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" + ) == :ok + + assert MediaProxyController.filename_matches( + %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"}, + "/my%2Flong%2Furl%2F2019%2F07%2FS.jp", + "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" + ) == {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"} + end + + test "uses the configured base_url" do + base_url = Pleroma.Config.get([:media_proxy, :base_url]) + + if base_url do + on_exit(fn -> + Pleroma.Config.put([:media_proxy, :base_url], base_url) + end) + end + + Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") + + url = "https://pleroma.soykaf.com/static/logo.png" + encoded = url(url) + + assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url])) + end + + # Some sites expect ASCII encoded characters in the URL to be preserved even if + # unnecessary. + # Issues: https://git.pleroma.social/pleroma/pleroma/issues/580 + # https://git.pleroma.social/pleroma/pleroma/issues/1055 + test "preserve ASCII encoding" do + url = + "https://pleroma.com/%20/%21/%22/%23/%24/%25/%26/%27/%28/%29/%2A/%2B/%2C/%2D/%2E/%2F/%30/%31/%32/%33/%34/%35/%36/%37/%38/%39/%3A/%3B/%3C/%3D/%3E/%3F/%40/%41/%42/%43/%44/%45/%46/%47/%48/%49/%4A/%4B/%4C/%4D/%4E/%4F/%50/%51/%52/%53/%54/%55/%56/%57/%58/%59/%5A/%5B/%5C/%5D/%5E/%5F/%60/%61/%62/%63/%64/%65/%66/%67/%68/%69/%6A/%6B/%6C/%6D/%6E/%6F/%70/%71/%72/%73/%74/%75/%76/%77/%78/%79/%7A/%7B/%7C/%7D/%7E/%7F/%80/%81/%82/%83/%84/%85/%86/%87/%88/%89/%8A/%8B/%8C/%8D/%8E/%8F/%90/%91/%92/%93/%94/%95/%96/%97/%98/%99/%9A/%9B/%9C/%9D/%9E/%9F/%C2%A0/%A1/%A2/%A3/%A4/%A5/%A6/%A7/%A8/%A9/%AA/%AB/%AC/%C2%AD/%AE/%AF/%B0/%B1/%B2/%B3/%B4/%B5/%B6/%B7/%B8/%B9/%BA/%BB/%BC/%BD/%BE/%BF/%C0/%C1/%C2/%C3/%C4/%C5/%C6/%C7/%C8/%C9/%CA/%CB/%CC/%CD/%CE/%CF/%D0/%D1/%D2/%D3/%D4/%D5/%D6/%D7/%D8/%D9/%DA/%DB/%DC/%DD/%DE/%DF/%E0/%E1/%E2/%E3/%E4/%E5/%E6/%E7/%E8/%E9/%EA/%EB/%EC/%ED/%EE/%EF/%F0/%F1/%F2/%F3/%F4/%F5/%F6/%F7/%F8/%F9/%FA/%FB/%FC/%FD/%FE/%FF" + + encoded = url(url) + assert decode_result(encoded) == url + end + + # This includes unsafe/reserved characters which are not interpreted as part of the URL + # and would otherwise have to be ASCII encoded. It is our role to ensure the proxied URL + # is unmodified, so we are testing these characters anyway. + test "preserve non-unicode characters per RFC3986" do + url = + "https://pleroma.com/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-._~:/?#[]@!$&'()*+,;=|^`{}" + + encoded = url(url) + assert decode_result(encoded) == url + end + + test "preserve unicode characters" do + url = "https://ko.wikipedia.org/wiki/위키백과:대문" + + encoded = url(url) + assert decode_result(encoded) == url + end + + test "does not change whitelisted urls" do + upload_config = Pleroma.Config.get([Pleroma.Upload]) + media_url = "https://media.pleroma.social" + Pleroma.Config.put([Pleroma.Upload, :base_url], media_url) + Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"]) + Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") + + url = "#{media_url}/static/logo.png" + encoded = url(url) + + assert String.starts_with?(encoded, media_url) + + Pleroma.Config.put([Pleroma.Upload], upload_config) + end + end + + describe "when disabled" do + setup do + enabled = Pleroma.Config.get([:media_proxy, :enabled]) + + if enabled do + Pleroma.Config.put([:media_proxy, :enabled], false) + + on_exit(fn -> + Pleroma.Config.put([:media_proxy, :enabled], enabled) + :ok + end) + end + + :ok + end + + test "does not encode remote urls" do + assert url("https://google.fr") == "https://google.fr" + end + end + + defp decode_result(encoded) do + [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") + {:ok, decoded} = decode_url(sig, base64) + decoded + end + + test "mediaproxy whitelist" do + Pleroma.Config.put([:media_proxy, :enabled], true) + Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"]) + url = "https://feld.me/foo.png" + + unencoded = url(url) + assert unencoded == url + end +end -- cgit v1.2.3 From a87c313309b73ced5970c59d00117c357f51fecb Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:00:29 +0700 Subject: Support `list` visibility in StatusView --- test/web/mastodon_api/status_view_test.exs | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'test') diff --git a/test/web/mastodon_api/status_view_test.exs b/test/web/mastodon_api/status_view_test.exs index ac42819d8..995bd52c8 100644 --- a/test/web/mastodon_api/status_view_test.exs +++ b/test/web/mastodon_api/status_view_test.exs @@ -541,4 +541,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do assert result[:reblog][:account][:pleroma][:relationship] == AccountView.render("relationship.json", %{user: user, target: user}) end + + test "visibility/list" do + user = insert(:user) + + {:ok, list} = Pleroma.List.create("foo", user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"}) + + status = StatusView.render("status.json", activity: activity) + + assert status.visibility == "list" + end end -- cgit v1.2.3 From de13c9bb8fc08b12d9694f63f92935ba39a51118 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Mon, 15 Jul 2019 14:54:40 +0700 Subject: List messages must be visible for mentioned users --- test/web/activity_pub/visibilty_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/web/activity_pub/visibilty_test.exs b/test/web/activity_pub/visibilty_test.exs index 2ce6928c4..b62a89e68 100644 --- a/test/web/activity_pub/visibilty_test.exs +++ b/test/web/activity_pub/visibilty_test.exs @@ -126,13 +126,13 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do assert Visibility.visible_for_user?(direct, user) assert Visibility.visible_for_user?(list, user) - # All visible to a mentioned user, except when it's a list activity + # All visible to a mentioned user assert Visibility.visible_for_user?(public, mentioned) assert Visibility.visible_for_user?(private, mentioned) assert Visibility.visible_for_user?(unlisted, mentioned) assert Visibility.visible_for_user?(direct, mentioned) - refute(Visibility.visible_for_user?(list, mentioned)) + assert Visibility.visible_for_user?(list, mentioned) # DM not visible for just follower -- cgit v1.2.3 From c66044b923bf90647abd7f581ea67542ba53db10 Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 11:00:55 +0300 Subject: atom keys with leading : --- test/web/admin_api/admin_api_controller_test.exs | 47 ++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index 1b71cbff3..ee48b752c 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -1720,7 +1720,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do configs: [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => [ %{"tuple" => [":key2", "some_val"]}, %{ @@ -1750,7 +1750,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do "configs" => [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => [ %{"tuple" => [":key2", "some_val"]}, %{ @@ -1782,7 +1782,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do configs: [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => %{"key" => "some_val"} } ] @@ -1793,7 +1793,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do "configs" => [ %{ "group" => "pleroma", - "key" => "key1", + "key" => ":key1", "value" => %{"key" => "some_val"} } ] @@ -1862,6 +1862,45 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do ] } end + + test "queues key as atom", %{conn: conn} do + conn = + post(conn, "/api/pleroma/admin/config", %{ + configs: [ + %{ + "group" => "pleroma_job_queue", + "key" => ":queues", + "value" => [ + %{"tuple" => [":federator_incoming", 50]}, + %{"tuple" => [":federator_outgoing", 50]}, + %{"tuple" => [":web_push", 50]}, + %{"tuple" => [":mailer", 10]}, + %{"tuple" => [":transmogrifier", 20]}, + %{"tuple" => [":scheduled_activities", 10]}, + %{"tuple" => [":background", 5]} + ] + } + ] + }) + + assert json_response(conn, 200) == %{ + "configs" => [ + %{ + "group" => "pleroma_job_queue", + "key" => ":queues", + "value" => [ + %{"tuple" => [":federator_incoming", 50]}, + %{"tuple" => [":federator_outgoing", 50]}, + %{"tuple" => [":web_push", 50]}, + %{"tuple" => [":mailer", 10]}, + %{"tuple" => [":transmogrifier", 20]}, + %{"tuple" => [":scheduled_activities", 10]}, + %{"tuple" => [":background", 5]} + ] + } + ] + } + end end end -- cgit v1.2.3 From b8607c151c946f64e6cfadf84caa3921fffad02d Mon Sep 17 00:00:00 2001 From: Alex S Date: Mon, 15 Jul 2019 15:45:27 +0300 Subject: migrating task refactor --- test/tasks/config_test.exs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/tasks/config_test.exs b/test/tasks/config_test.exs index bbcc57217..a9b79eb5b 100644 --- a/test/tasks/config_test.exs +++ b/test/tasks/config_test.exs @@ -34,8 +34,8 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do Mix.Tasks.Pleroma.Config.run(["migrate_to_db"]) - first_db = Config.get_by_params(%{group: "pleroma", key: "first_setting"}) - second_db = Config.get_by_params(%{group: "pleroma", key: "second_setting"}) + first_db = Config.get_by_params(%{group: "pleroma", key: ":first_setting"}) + second_db = Config.get_by_params(%{group: "pleroma", key: ":second_setting"}) refute Config.get_by_params(%{group: "pleroma", key: "Pleroma.Repo"}) assert Config.from_binary(first_db.value) == [key: "value", key2: [Pleroma.Repo]] @@ -45,13 +45,13 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do test "settings are migrated to file and deleted from db", %{temp_file: temp_file} do Config.create(%{ group: "pleroma", - key: "setting_first", + key: ":setting_first", value: [key: "value", key2: [Pleroma.Activity]] }) Config.create(%{ group: "pleroma", - key: "setting_second", + key: ":setting_second", value: [key: "valu2", key2: [Pleroma.Repo]] }) @@ -61,7 +61,7 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do assert File.exists?(temp_file) {:ok, file} = File.read(temp_file) - assert file =~ "config :pleroma, setting_first:" - assert file =~ "config :pleroma, setting_second:" + assert file =~ "config :pleroma, :setting_first," + assert file =~ "config :pleroma, :setting_second," end end -- cgit v1.2.3 From c32384c1ea433bb0f5f087707d0165cea1f23d45 Mon Sep 17 00:00:00 2001 From: Maksim Date: Mon, 15 Jul 2019 13:01:22 +0000 Subject: tests for Pleroma.Signature --- test/signature_test.exs | 99 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 test/signature_test.exs (limited to 'test') diff --git a/test/signature_test.exs b/test/signature_test.exs new file mode 100644 index 000000000..4920196c7 --- /dev/null +++ b/test/signature_test.exs @@ -0,0 +1,99 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.SignatureTest do + use Pleroma.DataCase + + import Pleroma.Factory + import Tesla.Mock + + alias Pleroma.Signature + + setup do + mock(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + @private_key "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA48qb4v6kqigZutO9Ot0wkp27GIF2LiVaADgxQORZozZR63jH\nTaoOrS3Xhngbgc8SSOhfXET3omzeCLqaLNfXnZ8OXmuhJfJSU6mPUvmZ9QdT332j\nfN/g3iWGhYMf/M9ftCKh96nvFVO/tMruzS9xx7tkrfJjehdxh/3LlJMMImPtwcD7\nkFXwyt1qZTAU6Si4oQAJxRDQXHp1ttLl3Ob829VM7IKkrVmY8TD+JSlV0jtVJPj6\n1J19ytKTx/7UaucYvb9HIiBpkuiy5n/irDqKLVf5QEdZoNCdojOZlKJmTLqHhzKP\n3E9TxsUjhrf4/EqegNc/j982RvOxeu4i40zMQwIDAQABAoIBAQDH5DXjfh21i7b4\ncXJuw0cqget617CDUhemdakTDs9yH+rHPZd3mbGDWuT0hVVuFe4vuGpmJ8c+61X0\nRvugOlBlavxK8xvYlsqTzAmPgKUPljyNtEzQ+gz0I+3mH2jkin2rL3D+SksZZgKm\nfiYMPIQWB2WUF04gB46DDb2mRVuymGHyBOQjIx3WC0KW2mzfoFUFRlZEF+Nt8Ilw\nT+g/u0aZ1IWoszbsVFOEdghgZET0HEarum0B2Je/ozcPYtwmU10iBANGMKdLqaP/\nj954BPunrUf6gmlnLZKIKklJj0advx0NA+cL79+zeVB3zexRYSA5o9q0WPhiuTwR\n/aedWHnBAoGBAP0sDWBAM1Y4TRAf8ZI9PcztwLyHPzfEIqzbObJJnx1icUMt7BWi\n+/RMOnhrlPGE1kMhOqSxvXYN3u+eSmWTqai2sSH5Hdw2EqnrISSTnwNUPINX7fHH\njEkgmXQ6ixE48SuBZnb4w1EjdB/BA6/sjL+FNhggOc87tizLTkMXmMtTAoGBAOZV\n+wPuAMBDBXmbmxCuDIjoVmgSlgeRunB1SA8RCPAFAiUo3+/zEgzW2Oz8kgI+xVwM\n33XkLKrWG1Orhpp6Hm57MjIc5MG+zF4/YRDpE/KNG9qU1tiz0UD5hOpIU9pP4bR/\ngxgPxZzvbk4h5BfHWLpjlk8UUpgk6uxqfti48c1RAoGBALBOKDZ6HwYRCSGMjUcg\n3NPEUi84JD8qmFc2B7Tv7h2he2ykIz9iFAGpwCIyETQsJKX1Ewi0OlNnD3RhEEAy\nl7jFGQ+mkzPSeCbadmcpYlgIJmf1KN/x7fDTAepeBpCEzfZVE80QKbxsaybd3Dp8\nCfwpwWUFtBxr4c7J+gNhAGe/AoGAPn8ZyqkrPv9wXtyfqFjxQbx4pWhVmNwrkBPi\nZ2Qh3q4dNOPwTvTO8vjghvzIyR8rAZzkjOJKVFgftgYWUZfM5gE7T2mTkBYq8W+U\n8LetF+S9qAM2gDnaDx0kuUTCq7t87DKk6URuQ/SbI0wCzYjjRD99KxvChVGPBHKo\n1DjqMuECgYEAgJGNm7/lJCS2wk81whfy/ttKGsEIkyhPFYQmdGzSYC5aDc2gp1R3\nxtOkYEvdjfaLfDGEa4UX8CHHF+w3t9u8hBtcdhMH6GYb9iv6z0VBTt4A/11HUR49\n3Z7TQ18Iyh3jAUCzFV9IJlLIExq5Y7P4B3ojWFBN607sDCt8BMPbDYs=\n-----END RSA PRIVATE KEY-----" + + @public_key %{ + "id" => "https://mastodon.social/users/lambadalambda#main-key", + "owner" => "https://mastodon.social/users/lambadalambda", + "publicKeyPem" => + "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0P/Tq4gb4G/QVuMGbJo\nC/AfMNcv+m7NfrlOwkVzcU47jgESuYI4UtJayissCdBycHUnfVUd9qol+eznSODz\nCJhfJloqEIC+aSnuEPGA0POtWad6DU0E6/Ho5zQn5WAWUwbRQqowbrsm/GHo2+3v\neR5jGenwA6sYhINg/c3QQbksyV0uJ20Umyx88w8+TJuv53twOfmyDWuYNoQ3y5cc\nHKOZcLHxYOhvwg3PFaGfFHMFiNmF40dTXt9K96r7sbzc44iLD+VphbMPJEjkMuf8\nPGEFOBzy8pm3wJZw2v32RNW2VESwMYyqDzwHXGSq1a73cS7hEnc79gXlELsK04L9\nQQIDAQAB\n-----END PUBLIC KEY-----\n" + } + + @rsa_public_key { + :RSAPublicKey, + 24_650_000_183_914_698_290_885_268_529_673_621_967_457_234_469_123_179_408_466_269_598_577_505_928_170_923_974_132_111_403_341_217_239_999_189_084_572_368_839_502_170_501_850_920_051_662_384_964_248_315_257_926_552_945_648_828_895_432_624_227_029_881_278_113_244_073_644_360_744_504_606_177_648_469_825_063_267_913_017_309_199_785_535_546_734_904_379_798_564_556_494_962_268_682_532_371_146_333_972_821_570_577_277_375_020_977_087_539_994_500_097_107_935_618_711_808_260_846_821_077_839_605_098_669_707_417_692_791_905_543_116_911_754_774_323_678_879_466_618_738_207_538_013_885_607_095_203_516_030_057_611_111_308_904_599_045_146_148_350_745_339_208_006_497_478_057_622_336_882_506_112_530_056_970_653_403_292_123_624_453_213_574_011_183_684_739_084_105_206_483_178_943_532_208_537_215_396_831_110_268_758_639_826_369_857, + # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength + 65_537 + } + + describe "fetch_public_key/1" do + test "it returns key" do + expected_result = {:ok, @rsa_public_key} + + user = insert(:user, %{info: %{source_data: %{"publicKey" => @public_key}}}) + + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => user.ap_id}}) == + expected_result + end + + test "it returns error when not found user" do + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => "test-ap_id"}}) == + {:error, :error} + end + + test "it returns error if public key is empty" do + user = insert(:user, %{info: %{source_data: %{"publicKey" => %{}}}}) + + assert Signature.fetch_public_key(%Plug.Conn{params: %{"actor" => user.ap_id}}) == + {:error, :error} + end + end + + describe "refetch_public_key/1" do + test "it returns key" do + ap_id = "https://mastodon.social/users/lambadalambda" + + assert Signature.refetch_public_key(%Plug.Conn{params: %{"actor" => ap_id}}) == + {:ok, @rsa_public_key} + end + + test "it returns error when not found user" do + assert Signature.refetch_public_key(%Plug.Conn{params: %{"actor" => "test-ap_id"}}) == + {:error, {:error, :ok}} + end + end + + describe "sign/2" do + test "it returns signature headers" do + user = + insert(:user, %{ + ap_id: "https://mastodon.social/users/lambadalambda", + info: %{keys: @private_key} + }) + + assert Signature.sign( + user, + %{ + host: "test.test", + "content-length": 100 + } + ) == + "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\"" + end + + test "it returns error" do + user = + insert(:user, %{ap_id: "https://mastodon.social/users/lambadalambda", info: %{keys: ""}}) + + assert Signature.sign( + user, + %{host: "test.test", "content-length": 100} + ) == {:error, []} + end + end +end -- cgit v1.2.3