From 259905a8932074514e3473d458bedce56cd25ac1 Mon Sep 17 00:00:00 2001 From: tusooa Date: Mon, 26 Dec 2022 10:13:48 -0500 Subject: Bump earmark to 1.4.22 --- test/pleroma/web/common_api/utils_test.exs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/common_api/utils_test.exs b/test/pleroma/web/common_api/utils_test.exs index b538c5979..d309c6ded 100644 --- a/test/pleroma/web/common_api/utils_test.exs +++ b/test/pleroma/web/common_api/utils_test.exs @@ -178,6 +178,10 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do code = "https://github.com/pragdave/earmark/" {result, [], []} = Utils.format_input(code, "text/markdown") assert result == ~s[

#{code}

] + + code = "https://github.com/~foo/bar" + {result, [], []} = Utils.format_input(code, "text/markdown") + assert result == ~s[

#{code}

] end test "link with local mention" do -- cgit v1.2.3 From d5125e6ce75ee9c2cf54e5399625d7a94e313571 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Thu, 5 Jan 2023 11:29:06 -0500 Subject: B StripLocation: Add test, work for all svgs. --- .../upload/filter/exiftool/strip_location_test.exs | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'test') diff --git a/test/pleroma/upload/filter/exiftool/strip_location_test.exs b/test/pleroma/upload/filter/exiftool/strip_location_test.exs index 7e1541f60..bcb5f3f60 100644 --- a/test/pleroma/upload/filter/exiftool/strip_location_test.exs +++ b/test/pleroma/upload/filter/exiftool/strip_location_test.exs @@ -31,12 +31,19 @@ defmodule Pleroma.Upload.Filter.Exiftool.StripLocationTest do refute String.match?(exif_filtered, ~r/GPS/) end - test "verify webp files are skipped" do - upload = %Pleroma.Upload{ - name: "sample.webp", - content_type: "image/webp" - } - - assert Filter.Exiftool.StripLocation.filter(upload) == {:ok, :noop} + test "verify webp, heic, svg files are skipped" do + uploads = + ~w{webp heic svg svg+xml} + |> Enum.map(fn type -> + %Pleroma.Upload{ + name: "sample.#{type}", + content_type: "image/#{type}" + } + end) + + uploads + |> Enum.each(fn upload -> + assert Filter.Exiftool.StripLocation.filter(upload) == {:ok, :noop} + end) end end -- cgit v1.2.3 From 3ab34048172f9fd99ad106d71b4e7ae5c57ab9e1 Mon Sep 17 00:00:00 2001 From: tusooa Date: Wed, 18 Jan 2023 18:36:52 -0500 Subject: Fix block_from_stranger setting --- test/pleroma/notification_test.exs | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'test') diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index 255097ed0..d169ab709 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -334,6 +334,32 @@ defmodule Pleroma.NotificationTest do refute Notification.create_notification(activity, followed) end + test "it disables notifications from non-followees" do + follower = insert(:user) + + followed = + insert(:user, + notification_settings: %Pleroma.User.NotificationSetting{block_from_strangers: true} + ) + + CommonAPI.follow(follower, followed) + {:ok, activity} = CommonAPI.post(follower, %{status: "hey @#{followed.nickname}"}) + refute Notification.create_notification(activity, followed) + end + + test "it allows notifications from followees" do + poster = insert(:user) + + receiver = + insert(:user, + notification_settings: %Pleroma.User.NotificationSetting{block_from_strangers: true} + ) + + CommonAPI.follow(receiver, poster) + {:ok, activity} = CommonAPI.post(poster, %{status: "hey @#{receiver.nickname}"}) + assert Notification.create_notification(activity, receiver) + end + test "it doesn't create a notification for user if he is the activity author" do activity = insert(:note_activity) author = User.get_cached_by_ap_id(activity.data["actor"]) -- cgit v1.2.3 From 1c225bfd6e86b58d2a70eb74d3774a438dc7796b Mon Sep 17 00:00:00 2001 From: tusooa Date: Thu, 26 Jan 2023 20:17:13 -0500 Subject: Allow customizing instance languages --- .../mastodon_api/controllers/instance_controller_test.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs index 13e3ffc0a..a556ef6a8 100644 --- a/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs @@ -92,4 +92,18 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do assert ["peer1.com", "peer2.com"] == Enum.sort(result) end + + test "instance languages", %{conn: conn} do + assert %{"languages" => ["en"]} = + conn + |> get("/api/v1/instance") + |> json_response_and_validate_schema(200) + + clear_config([:instance, :languages], ["aa", "bb"]) + + assert %{"languages" => ["aa", "bb"]} = + conn + |> get("/api/v1/instance") + |> json_response_and_validate_schema(200) + end end -- cgit v1.2.3 From 8e8a0f005cddf6b2cd1535ad634ac8cb8d0ca42e Mon Sep 17 00:00:00 2001 From: tusooa Date: Fri, 3 Feb 2023 15:38:08 -0500 Subject: Fix inproper content being cached in report content --- .../controllers/report_controller_test.exs | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs index aee26d80a..c141cf69d 100644 --- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs @@ -366,6 +366,34 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do |> json_response_and_validate_schema(:ok) end + test "renders content correctly", %{conn: conn} do + [reporter, target_user] = insert_pair(:user) + note = insert(:note, user: target_user, data: %{"content" => "mew 1"}) + note2 = insert(:note, user: target_user, data: %{"content" => "mew 2"}) + activity = insert(:note_activity, user: target_user, note: note) + activity2 = insert(:note_activity, user: target_user, note: note2) + + {:ok, _report} = + CommonAPI.report(reporter, %{ + account_id: target_user.id, + comment: "I feel offended", + status_ids: [activity.id, activity2.id] + }) + + CommonAPI.delete(activity.id, target_user) + CommonAPI.delete(activity2.id, target_user) + + response = + conn + |> get(report_path(conn, :index)) + |> json_response_and_validate_schema(:ok) + + assert [open_report] = response["reports"] + assert %{"statuses" => [s1, s2]} = open_report + assert "mew 1" in [s1["content"], s2["content"]] + assert "mew 2" in [s1["content"], s2["content"]] + end + test "returns 403 when requested by a non-admin" do user = insert(:user) token = insert(:oauth_token, user: user) -- cgit v1.2.3 From c3a07035646b255bc5f33743d13defbaa69d9991 Mon Sep 17 00:00:00 2001 From: Alexander Tumin Date: Tue, 7 Feb 2023 15:30:07 +0300 Subject: Require related object for notifications to filter on content --- test/pleroma/notification_test.exs | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'test') diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index d169ab709..e55aa3a08 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -1251,5 +1251,32 @@ defmodule Pleroma.NotificationTest do assert length(Notification.for_user(user)) == 1 end + + test "it returns notifications when related object is without content and filters are defined", + %{user: user} do + followed_user = insert(:user, is_locked: true) + + insert(:filter, user: followed_user, phrase: "test", hide: true) + + {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user) + refute FollowingRelationship.following?(user, followed_user) + assert [notification] = Notification.for_user(followed_user) + + assert %{type: "follow_request"} = + NotificationView.render("show.json", %{ + notification: notification, + for: followed_user + }) + + assert {:ok, _} = CommonAPI.accept_follow_request(user, followed_user) + + assert [notification] = Notification.for_user(followed_user) + + assert %{type: "follow"} = + NotificationView.render("show.json", %{ + notification: notification, + for: followed_user + }) + end end end -- cgit v1.2.3 From 0e89a9ad15bd86731b3babfced990d1d8ec7db4c Mon Sep 17 00:00:00 2001 From: tusooa Date: Sat, 5 Nov 2022 23:36:10 -0400 Subject: Test that zwnj is treated as word char in hashtags --- test/pleroma/web/common_api_test.exs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 44355c26d..2876d4093 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -518,6 +518,15 @@ defmodule Pleroma.Web.CommonAPITest do assert Object.tags(object) == ["2hu"] end + test "zwnj is treated as word character" do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{status: "#ساٴين‌س"}) + + object = Object.normalize(activity, fetch: false) + + assert Object.tags(object) == ["ساٴين‌س"] + end + test "it adds emoji in the object" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: ":firefox:"}) -- cgit v1.2.3 From f2ed05191ce0c63d3149f35b44cffc26f1061a39 Mon Sep 17 00:00:00 2001 From: tusooa Date: Fri, 6 Jan 2023 14:11:56 -0500 Subject: Test double dot link --- test/pleroma/web/common_api_test.exs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 2876d4093..5c9103e9f 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -527,6 +527,16 @@ defmodule Pleroma.Web.CommonAPITest do assert Object.tags(object) == ["ساٴين‌س"] end + test "double dot in link is allowed" do + user = insert(:user) + text = "https://example.to/something..mp3" + {:ok, activity} = CommonAPI.post(user, %{status: text}) + + object = Object.normalize(activity, fetch: false) + + assert object.data["content"] == "#{text}" + end + test "it adds emoji in the object" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: ":firefox:"}) -- cgit v1.2.3 From 410d50afe5e76100047563bae7a0a461790883dd Mon Sep 17 00:00:00 2001 From: tusooa Date: Sat, 11 Feb 2023 00:30:52 -0500 Subject: Ignores in exiftool read descriptions --- ...n_and_caption-abstract_and_stray_data_after.png | Bin 0 -> 820 bytes test/fixtures/image_with_stray_data_after.png | Bin 0 -> 104435 bytes .../filter/exiftool/read_description_test.exs | 27 +++++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png create mode 100755 test/fixtures/image_with_stray_data_after.png (limited to 'test') diff --git a/test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png b/test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png new file mode 100644 index 000000000..7ce8640fa Binary files /dev/null and b/test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png differ diff --git a/test/fixtures/image_with_stray_data_after.png b/test/fixtures/image_with_stray_data_after.png new file mode 100755 index 000000000..a280e4377 Binary files /dev/null and b/test/fixtures/image_with_stray_data_after.png differ diff --git a/test/pleroma/upload/filter/exiftool/read_description_test.exs b/test/pleroma/upload/filter/exiftool/read_description_test.exs index 7389fda47..7cc83969d 100644 --- a/test/pleroma/upload/filter/exiftool/read_description_test.exs +++ b/test/pleroma/upload/filter/exiftool/read_description_test.exs @@ -42,6 +42,33 @@ defmodule Pleroma.Upload.Filter.Exiftool.ReadDescriptionTest do {:ok, :filtered, uploads_after} end + test "Ignores warnings" do + uploads = %Pleroma.Upload{ + name: "image_with_imagedescription_and_caption-abstract_and_stray_data_after.png", + content_type: "image/png", + path: + Path.absname( + "test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png" + ), + tempfile: + Path.absname( + "test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png" + ) + } + + assert {:ok, :filtered, %{description: "a descriptive white pixel"}} = + Filter.Exiftool.ReadDescription.filter(uploads) + + uploads = %Pleroma.Upload{ + name: "image_with_stray_data_after.png", + content_type: "image/png", + path: Path.absname("test/fixtures/image_with_stray_data_after.png"), + tempfile: Path.absname("test/fixtures/image_with_stray_data_after.png") + } + + assert {:ok, :filtered, %{description: nil}} = Filter.Exiftool.ReadDescription.filter(uploads) + end + test "otherwise returns iptc:Caption-Abstract when present" do upload = %Pleroma.Upload{ name: "image_with_caption-abstract.jpg", -- cgit v1.2.3 From e4925f813afda5883fd12a48b99b2b12f83678d9 Mon Sep 17 00:00:00 2001 From: tusooa Date: Thu, 29 Dec 2022 14:33:46 -0500 Subject: Sanitize filenames when uploading --- .../pleroma/web/activity_pub/activity_pub_test.exs | 8 +++++++ .../controllers/media_controller_test.exs | 17 +++++++++++++ .../web/mastodon_api/update_credentials_test.exs | 28 ++++++++++++++++++++++ 3 files changed, 53 insertions(+) (limited to 'test') diff --git a/test/pleroma/web/activity_pub/activity_pub_test.exs b/test/pleroma/web/activity_pub/activity_pub_test.exs index fc6fc039d..a6f8b6152 100644 --- a/test/pleroma/web/activity_pub/activity_pub_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_test.exs @@ -1342,6 +1342,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do %{test_file: test_file} end + test "strips / from filename", %{test_file: file} do + file = %Plug.Upload{file | filename: "../../../../../nested/bad.jpg"} + {:ok, %Object{} = object} = ActivityPub.upload(file) + [%{"href" => href}] = object.data["url"] + assert Regex.match?(~r"/bad.jpg$", href) + refute Regex.match?(~r"/nested/", href) + end + test "sets a description if given", %{test_file: file} do {:ok, %Object{} = object} = ActivityPub.upload(file, description: "a cool file") assert object.data["name"] == "a cool file" diff --git a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs index 79d52bb2f..750296230 100644 --- a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs @@ -122,6 +122,23 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do assert :ok == File.rm(Path.absname("test/tmp/large_binary.data")) end + + test "Do not allow nested filename", %{conn: conn, image: image} do + image = %Plug.Upload{ + image + | filename: "../../../../../nested/file.jpg" + } + + desc = "Description of the image" + + media = + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/v1/media", %{"file" => image, "description" => desc}) + |> json_response_and_validate_schema(:ok) + + refute Regex.match?(~r"/nested/", media["url"]) + end end describe "Update media description" do diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs index d5fac7e25..57fa0f047 100644 --- a/test/pleroma/web/mastodon_api/update_credentials_test.exs +++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs @@ -383,6 +383,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do assert :ok == File.rm(Path.absname("test/tmp/large_binary.data")) end + test "Strip / from upload files", %{user: user, conn: conn} do + new_image = %Plug.Upload{ + content_type: "image/jpeg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "../../../../nested/an_image.jpg" + } + + assert user.avatar == %{} + + res = + patch(conn, "/api/v1/accounts/update_credentials", %{ + "avatar" => new_image, + "header" => new_image, + "pleroma_background_image" => new_image + }) + + assert user_response = json_response_and_validate_schema(res, 200) + assert user_response["avatar"] + assert user_response["header"] + assert user_response["pleroma"]["background_image"] + refute Regex.match?(~r"/nested/", user_response["avatar"]) + refute Regex.match?(~r"/nested/", user_response["header"]) + refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"]) + + user = User.get_by_id(user.id) + refute user.avatar == %{} + end + test "requires 'write:accounts' permission" do token1 = insert(:oauth_token, scopes: ["read"]) token2 = insert(:oauth_token, scopes: ["write", "follow"]) -- cgit v1.2.3