1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
8 alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
9 alias Pleroma.Web.CommonAPI
12 clear_config(:mrf_simple,
15 federated_timeline_removal: [],
25 describe "when :media_removal" do
27 clear_config([:mrf_simple, :media_removal], [])
28 media_message = build_media_message()
29 local_message = build_local_message()
31 assert SimplePolicy.filter(media_message) == {:ok, media_message}
32 assert SimplePolicy.filter(local_message) == {:ok, local_message}
35 test "has a matching host" do
36 clear_config([:mrf_simple, :media_removal], ["remote.instance"])
37 media_message = build_media_message()
38 local_message = build_local_message()
40 assert SimplePolicy.filter(media_message) ==
43 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
45 assert SimplePolicy.filter(local_message) == {:ok, local_message}
48 test "match with wildcard domain" do
49 clear_config([:mrf_simple, :media_removal], ["*.remote.instance"])
50 media_message = build_media_message()
51 local_message = build_local_message()
53 assert SimplePolicy.filter(media_message) ==
56 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
58 assert SimplePolicy.filter(local_message) == {:ok, local_message}
62 describe "when :media_nsfw" do
64 clear_config([:mrf_simple, :media_nsfw], [])
65 media_message = build_media_message()
66 local_message = build_local_message()
68 assert SimplePolicy.filter(media_message) == {:ok, media_message}
69 assert SimplePolicy.filter(local_message) == {:ok, local_message}
72 test "has a matching host" do
73 clear_config([:mrf_simple, :media_nsfw], ["remote.instance"])
74 media_message = build_media_message()
75 local_message = build_local_message()
77 assert SimplePolicy.filter(media_message) ==
80 |> put_in(["object", "tag"], ["foo", "nsfw"])
81 |> put_in(["object", "sensitive"], true)}
83 assert SimplePolicy.filter(local_message) == {:ok, local_message}
86 test "match with wildcard domain" do
87 clear_config([:mrf_simple, :media_nsfw], ["*.remote.instance"])
88 media_message = build_media_message()
89 local_message = build_local_message()
91 assert SimplePolicy.filter(media_message) ==
94 |> put_in(["object", "tag"], ["foo", "nsfw"])
95 |> put_in(["object", "sensitive"], true)}
97 assert SimplePolicy.filter(local_message) == {:ok, local_message}
101 defp build_media_message do
103 "actor" => "https://remote.instance/users/bob",
106 "attachment" => [%{}],
113 describe "when :report_removal" do
115 clear_config([:mrf_simple, :report_removal], [])
116 report_message = build_report_message()
117 local_message = build_local_message()
119 assert SimplePolicy.filter(report_message) == {:ok, report_message}
120 assert SimplePolicy.filter(local_message) == {:ok, local_message}
123 test "has a matching host" do
124 clear_config([:mrf_simple, :report_removal], ["remote.instance"])
125 report_message = build_report_message()
126 local_message = build_local_message()
128 assert {:reject, _} = SimplePolicy.filter(report_message)
129 assert SimplePolicy.filter(local_message) == {:ok, local_message}
132 test "match with wildcard domain" do
133 clear_config([:mrf_simple, :report_removal], ["*.remote.instance"])
134 report_message = build_report_message()
135 local_message = build_local_message()
137 assert {:reject, _} = SimplePolicy.filter(report_message)
138 assert SimplePolicy.filter(local_message) == {:ok, local_message}
142 defp build_report_message do
144 "actor" => "https://remote.instance/users/bob",
149 describe "when :federated_timeline_removal" do
151 clear_config([:mrf_simple, :federated_timeline_removal], [])
152 {_, ftl_message} = build_ftl_actor_and_message()
153 local_message = build_local_message()
155 assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
156 assert SimplePolicy.filter(local_message) == {:ok, local_message}
159 test "has a matching host" do
160 {actor, ftl_message} = build_ftl_actor_and_message()
162 ftl_message_actor_host =
164 |> Map.fetch!("actor")
168 clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
169 local_message = build_local_message()
171 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
172 assert actor.follower_address in ftl_message["to"]
173 refute actor.follower_address in ftl_message["cc"]
174 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
175 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
177 assert SimplePolicy.filter(local_message) == {:ok, local_message}
180 test "match with wildcard domain" do
181 {actor, ftl_message} = build_ftl_actor_and_message()
183 ftl_message_actor_host =
185 |> Map.fetch!("actor")
189 clear_config([:mrf_simple, :federated_timeline_removal], ["*." <> ftl_message_actor_host])
190 local_message = build_local_message()
192 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
193 assert actor.follower_address in ftl_message["to"]
194 refute actor.follower_address in ftl_message["cc"]
195 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
196 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
198 assert SimplePolicy.filter(local_message) == {:ok, local_message}
201 test "has a matching host but only as:Public in to" do
202 {_actor, ftl_message} = build_ftl_actor_and_message()
204 ftl_message_actor_host =
206 |> Map.fetch!("actor")
210 ftl_message = Map.put(ftl_message, "cc", [])
212 clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
214 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
215 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
216 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
220 defp build_ftl_actor_and_message do
221 actor = insert(:user)
225 "actor" => actor.ap_id,
226 "to" => ["https://www.w3.org/ns/activitystreams#Public", "http://foo.bar/baz"],
227 "cc" => [actor.follower_address, "http://foo.bar/qux"]
231 describe "when :reject" do
233 clear_config([:mrf_simple, :reject], [])
235 remote_message = build_remote_message()
237 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
240 test "activity has a matching host" do
241 clear_config([:mrf_simple, :reject], ["remote.instance"])
243 remote_message = build_remote_message()
245 assert {:reject, _} = SimplePolicy.filter(remote_message)
248 test "activity matches with wildcard domain" do
249 clear_config([:mrf_simple, :reject], ["*.remote.instance"])
251 remote_message = build_remote_message()
253 assert {:reject, _} = SimplePolicy.filter(remote_message)
256 test "actor has a matching host" do
257 clear_config([:mrf_simple, :reject], ["remote.instance"])
259 remote_user = build_remote_user()
261 assert {:reject, _} = SimplePolicy.filter(remote_user)
264 test "reject Announce when object would be rejected" do
265 clear_config([:mrf_simple, :reject], ["blocked.tld"])
268 "type" => "Announce",
269 "actor" => "https://okay.tld/users/alice",
270 "object" => %{"type" => "Note", "actor" => "https://blocked.tld/users/bob"}
273 assert {:reject, _} = SimplePolicy.filter(announce)
277 describe "when :followers_only" do
279 clear_config([:mrf_simple, :followers_only], [])
280 {_, ftl_message} = build_ftl_actor_and_message()
281 local_message = build_local_message()
283 assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
284 assert SimplePolicy.filter(local_message) == {:ok, local_message}
287 test "has a matching host" do
288 actor = insert(:user)
289 following_user = insert(:user)
290 non_following_user = insert(:user)
292 {:ok, _, _, _} = CommonAPI.follow(following_user, actor)
295 "actor" => actor.ap_id,
297 "https://www.w3.org/ns/activitystreams#Public",
298 following_user.ap_id,
299 non_following_user.ap_id
301 "cc" => [actor.follower_address, "http://foo.bar/qux"]
305 "actor" => actor.ap_id,
307 following_user.ap_id,
308 non_following_user.ap_id
315 |> Map.fetch!("actor")
319 clear_config([:mrf_simple, :followers_only], [actor_domain])
321 assert {:ok, new_activity} = SimplePolicy.filter(activity)
322 assert actor.follower_address in new_activity["cc"]
323 assert following_user.ap_id in new_activity["to"]
324 refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]
325 refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]
326 refute non_following_user.ap_id in new_activity["to"]
327 refute non_following_user.ap_id in new_activity["cc"]
329 assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)
330 assert new_dm_activity["to"] == [following_user.ap_id]
331 assert new_dm_activity["cc"] == []
335 describe "when :accept" do
337 clear_config([:mrf_simple, :accept], [])
339 local_message = build_local_message()
340 remote_message = build_remote_message()
342 assert SimplePolicy.filter(local_message) == {:ok, local_message}
343 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
346 test "is not empty but activity doesn't have a matching host" do
347 clear_config([:mrf_simple, :accept], ["non.matching.remote"])
349 local_message = build_local_message()
350 remote_message = build_remote_message()
352 assert SimplePolicy.filter(local_message) == {:ok, local_message}
353 assert {:reject, _} = SimplePolicy.filter(remote_message)
356 test "activity has a matching host" do
357 clear_config([:mrf_simple, :accept], ["remote.instance"])
359 local_message = build_local_message()
360 remote_message = build_remote_message()
362 assert SimplePolicy.filter(local_message) == {:ok, local_message}
363 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
366 test "activity matches with wildcard domain" do
367 clear_config([:mrf_simple, :accept], ["*.remote.instance"])
369 local_message = build_local_message()
370 remote_message = build_remote_message()
372 assert SimplePolicy.filter(local_message) == {:ok, local_message}
373 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
376 test "actor has a matching host" do
377 clear_config([:mrf_simple, :accept], ["remote.instance"])
379 remote_user = build_remote_user()
381 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
385 describe "when :avatar_removal" do
387 clear_config([:mrf_simple, :avatar_removal], [])
389 remote_user = build_remote_user()
391 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
394 test "is not empty but it doesn't have a matching host" do
395 clear_config([:mrf_simple, :avatar_removal], ["non.matching.remote"])
397 remote_user = build_remote_user()
399 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
402 test "has a matching host" do
403 clear_config([:mrf_simple, :avatar_removal], ["remote.instance"])
405 remote_user = build_remote_user()
406 {:ok, filtered} = SimplePolicy.filter(remote_user)
408 refute filtered["icon"]
411 test "match with wildcard domain" do
412 clear_config([:mrf_simple, :avatar_removal], ["*.remote.instance"])
414 remote_user = build_remote_user()
415 {:ok, filtered} = SimplePolicy.filter(remote_user)
417 refute filtered["icon"]
421 describe "when :banner_removal" do
423 clear_config([:mrf_simple, :banner_removal], [])
425 remote_user = build_remote_user()
427 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
430 test "is not empty but it doesn't have a matching host" do
431 clear_config([:mrf_simple, :banner_removal], ["non.matching.remote"])
433 remote_user = build_remote_user()
435 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
438 test "has a matching host" do
439 clear_config([:mrf_simple, :banner_removal], ["remote.instance"])
441 remote_user = build_remote_user()
442 {:ok, filtered} = SimplePolicy.filter(remote_user)
444 refute filtered["image"]
447 test "match with wildcard domain" do
448 clear_config([:mrf_simple, :banner_removal], ["*.remote.instance"])
450 remote_user = build_remote_user()
451 {:ok, filtered} = SimplePolicy.filter(remote_user)
453 refute filtered["image"]
457 describe "when :reject_deletes is empty" do
458 setup do: clear_config([:mrf_simple, :reject_deletes], [])
460 test "it accepts deletions even from rejected servers" do
461 clear_config([:mrf_simple, :reject], ["remote.instance"])
463 deletion_message = build_remote_deletion_message()
465 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
468 test "it accepts deletions even from non-whitelisted servers" do
469 clear_config([:mrf_simple, :accept], ["non.matching.remote"])
471 deletion_message = build_remote_deletion_message()
473 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
477 describe "when :reject_deletes is not empty but it doesn't have a matching host" do
478 setup do: clear_config([:mrf_simple, :reject_deletes], ["non.matching.remote"])
480 test "it accepts deletions even from rejected servers" do
481 clear_config([:mrf_simple, :reject], ["remote.instance"])
483 deletion_message = build_remote_deletion_message()
485 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
488 test "it accepts deletions even from non-whitelisted servers" do
489 clear_config([:mrf_simple, :accept], ["non.matching.remote"])
491 deletion_message = build_remote_deletion_message()
493 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
497 describe "when :reject_deletes has a matching host" do
498 setup do: clear_config([:mrf_simple, :reject_deletes], ["remote.instance"])
500 test "it rejects the deletion" do
501 deletion_message = build_remote_deletion_message()
503 assert {:reject, _} = SimplePolicy.filter(deletion_message)
507 describe "when :reject_deletes match with wildcard domain" do
508 setup do: clear_config([:mrf_simple, :reject_deletes], ["*.remote.instance"])
510 test "it rejects the deletion" do
511 deletion_message = build_remote_deletion_message()
513 assert {:reject, _} = SimplePolicy.filter(deletion_message)
517 defp build_local_message do
519 "actor" => "#{Pleroma.Web.base_url()}/users/alice",
525 defp build_remote_message do
526 %{"actor" => "https://remote.instance/users/bob"}
529 defp build_remote_user do
531 "id" => "https://remote.instance/users/bob",
533 "url" => "http://example.com/image.jpg",
537 "url" => "http://example.com/image.jpg",
544 defp build_remote_deletion_message do
547 "actor" => "https://remote.instance/users/bob"