From 333ff527fd44bce06b7c7e7450494ea929017b56 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:07:21 -0600 Subject: Validate client application metadata is retained in the object --- .../mastodon_api/controllers/status_controller_test.exs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index dcd1e6d5b..fada7c25c 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -357,6 +357,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert activity.data["to"] == [user2.ap_id] assert activity.data["cc"] == [] end + + test "preserves client application metadata", %{conn: conn} do + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "cofe is my copilot" + }) + + assert %{ + "content" => "cofe is my copilot", + "application" => %{ + "name" => "Some client 0", + "website" => "https://example.com" + } + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do -- cgit v1.2.3 From bd3d0e8b57f6a27b8c833d11f4b98d4dbfd846ad Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 11 Feb 2021 15:53:10 -0600 Subject: Use a custom oauth token so we can predict and validate the client_name and website --- .../mastodon_api/controllers/status_controller_test.exs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index fada7c25c..1ca829544 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,7 +358,16 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert activity.data["cc"] == [] end - test "preserves client application metadata", %{conn: conn} do + test "preserves client application metadata" do + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + + %Pleroma.Web.OAuth.Token{ + app: %Pleroma.Web.OAuth.App{ + client_name: _app_name, + website: _app_website + } + } = token + result = conn |> put_req_header("content-type", "application/json") @@ -369,8 +378,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert %{ "content" => "cofe is my copilot", "application" => %{ - "name" => "Some client 0", - "website" => "https://example.com" + "name" => app_name, + "website" => app_website } } = json_response_and_validate_schema(result, 200) end -- cgit v1.2.3 From 3554a65f45d0e513e5e23e987f6f8fb1da5e8525 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 13:05:12 -0600 Subject: Inject fake application metadata and validate it is stripped by transmogrifier --- test/pleroma/web/activity_pub/transmogrifier_test.exs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 7c97fa8f8..2c99875ff 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -202,7 +202,11 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do test "it strips internal fields" do user = insert(:user) - {:ok, activity} = CommonAPI.post(user, %{status: "#2hu :firefox:"}) + {:ok, activity} = + CommonAPI.post(user, %{ + status: "#2hu :firefox:", + application: %{name: "TestClient", website: "https://pleroma.social"} + }) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) @@ -213,6 +217,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do assert is_nil(modified["object"]["announcements"]) assert is_nil(modified["object"]["announcement_count"]) assert is_nil(modified["object"]["context_id"]) + assert is_nil(modified["object"]["application"]) end test "it strips internal fields of article" do -- cgit v1.2.3 From fb2a8e7ccd6cfbfb9bc226998a083405fcebcbe0 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 12 Feb 2021 13:15:33 -0600 Subject: Additional validation so we don't get caught off guard with a nil response if CommonAPI ever prevents us from injecting this data --- test/pleroma/web/activity_pub/transmogrifier_test.exs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 2c99875ff..33ccbe2a7 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -208,6 +208,12 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do application: %{name: "TestClient", website: "https://pleroma.social"} }) + # Ensure injected application data made it into the activity + # as we don't have a Token to derive it from, otherwise it will + # be nil and the test will pass + assert %{"application" => %{name: "TestClient", website: "https://pleroma.social"}} = + activity.object.data + {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert length(modified["object"]["tag"]) == 2 -- cgit v1.2.3 From d5ef02c7a7905dc2053298045873b365d2411cde Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 16:35:03 -0600 Subject: Mastodon makes this field null when posting with MastoFE or if you choose to not disclose it, so it's safe to be null by default --- test/pleroma/web/mastodon_api/views/status_view_test.exs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/views/status_view_test.exs b/test/pleroma/web/mastodon_api/views/status_view_test.exs index ed59cf285..2de3afc4f 100644 --- a/test/pleroma/web/mastodon_api/views/status_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/status_view_test.exs @@ -266,10 +266,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do url: "http://localhost:4001/tag/#{object_data["tag"]}" } ], - application: %{ - name: "Web", - website: nil - }, + application: nil, language: nil, emojis: [ %{ -- cgit v1.2.3 From 63739c5a58ccb65dd4a63019b270429d5a462e71 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 18 Feb 2021 17:23:17 -0600 Subject: Tests to validate client disclosure obeys user setting --- .../controllers/status_controller_test.exs | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs index 1ca829544..bae2ad4bf 100644 --- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs @@ -358,8 +358,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do assert activity.data["cc"] == [] end - test "preserves client application metadata" do - %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"]) + test "discloses application metadata when enabled" do + user = insert(:user, disclose_client: true) + %{user: _user, token: token, conn: conn} = oauth_access(["write:statuses"], user: user) %Pleroma.Web.OAuth.Token{ app: %Pleroma.Web.OAuth.App{ @@ -383,6 +384,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do } } = json_response_and_validate_schema(result, 200) end + + test "hides application metadata when disabled" do + user = insert(:user, disclose_client: false) + %{user: _user, token: _token, conn: conn} = oauth_access(["write:statuses"], user: user) + + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "club mate is my wingman" + }) + + assert %{ + "content" => "club mate is my wingman", + "application" => nil + } = json_response_and_validate_schema(result, 200) + end end describe "posting scheduled statuses" do -- cgit v1.2.3 From d35b6254b4540394a134e026289a2c09bfe42ddd Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 26 Feb 2021 18:14:57 -0600 Subject: Store the client application data in ActivityStreams format --- test/pleroma/web/activity_pub/transmogrifier_test.exs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs index 33ccbe2a7..f6a8cbb6f 100644 --- a/test/pleroma/web/activity_pub/transmogrifier_test.exs +++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs @@ -205,14 +205,17 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do {:ok, activity} = CommonAPI.post(user, %{ status: "#2hu :firefox:", - application: %{name: "TestClient", website: "https://pleroma.social"} + application: %{type: "Application", name: "TestClient", url: "https://pleroma.social"} }) # Ensure injected application data made it into the activity # as we don't have a Token to derive it from, otherwise it will # be nil and the test will pass - assert %{"application" => %{name: "TestClient", website: "https://pleroma.social"}} = - activity.object.data + assert %{ + type: "Application", + name: "TestClient", + url: "https://pleroma.social" + } == activity.object.data["application"] {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) -- cgit v1.2.3