1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
8 alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
9 alias Pleroma.Web.CommonAPI
12 clear_config(:mrf_simple,
15 federated_timeline_removal: [],
25 describe "when :media_removal" do
27 clear_config([:mrf_simple, :media_removal], [])
28 media_message = build_media_message()
29 local_message = build_local_message()
31 assert SimplePolicy.filter(media_message) == {:ok, media_message}
32 assert SimplePolicy.filter(local_message) == {:ok, local_message}
35 test "has a matching host" do
36 clear_config([:mrf_simple, :media_removal], ["remote.instance"])
37 media_message = build_media_message()
38 local_message = build_local_message()
40 assert SimplePolicy.filter(media_message) ==
43 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
45 assert SimplePolicy.filter(local_message) == {:ok, local_message}
48 test "match with wildcard domain" do
49 clear_config([:mrf_simple, :media_removal], ["*.remote.instance"])
50 media_message = build_media_message()
51 local_message = build_local_message()
53 assert SimplePolicy.filter(media_message) ==
56 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
58 assert SimplePolicy.filter(local_message) == {:ok, local_message}
62 describe "when :media_nsfw" do
64 clear_config([:mrf_simple, :media_nsfw], [])
65 media_message = build_media_message()
66 local_message = build_local_message()
68 assert SimplePolicy.filter(media_message) == {:ok, media_message}
69 assert SimplePolicy.filter(local_message) == {:ok, local_message}
72 test "has a matching host" do
73 clear_config([:mrf_simple, :media_nsfw], ["remote.instance"])
74 media_message = build_media_message()
75 local_message = build_local_message()
77 assert SimplePolicy.filter(media_message) ==
78 {:ok, put_in(media_message, ["object", "sensitive"], true)}
80 assert SimplePolicy.filter(local_message) == {:ok, local_message}
83 test "match with wildcard domain" do
84 clear_config([:mrf_simple, :media_nsfw], ["*.remote.instance"])
85 media_message = build_media_message()
86 local_message = build_local_message()
88 assert SimplePolicy.filter(media_message) ==
89 {:ok, put_in(media_message, ["object", "sensitive"], true)}
91 assert SimplePolicy.filter(local_message) == {:ok, local_message}
95 defp build_media_message do
97 "actor" => "https://remote.instance/users/bob",
100 "attachment" => [%{}],
107 describe "when :report_removal" do
109 clear_config([:mrf_simple, :report_removal], [])
110 report_message = build_report_message()
111 local_message = build_local_message()
113 assert SimplePolicy.filter(report_message) == {:ok, report_message}
114 assert SimplePolicy.filter(local_message) == {:ok, local_message}
117 test "has a matching host" do
118 clear_config([:mrf_simple, :report_removal], ["remote.instance"])
119 report_message = build_report_message()
120 local_message = build_local_message()
122 assert {:reject, _} = SimplePolicy.filter(report_message)
123 assert SimplePolicy.filter(local_message) == {:ok, local_message}
126 test "match with wildcard domain" do
127 clear_config([:mrf_simple, :report_removal], ["*.remote.instance"])
128 report_message = build_report_message()
129 local_message = build_local_message()
131 assert {:reject, _} = SimplePolicy.filter(report_message)
132 assert SimplePolicy.filter(local_message) == {:ok, local_message}
136 defp build_report_message do
138 "actor" => "https://remote.instance/users/bob",
143 describe "when :federated_timeline_removal" do
145 clear_config([:mrf_simple, :federated_timeline_removal], [])
146 {_, ftl_message} = build_ftl_actor_and_message()
147 local_message = build_local_message()
149 assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
150 assert SimplePolicy.filter(local_message) == {:ok, local_message}
153 test "has a matching host" do
154 {actor, ftl_message} = build_ftl_actor_and_message()
156 ftl_message_actor_host =
158 |> Map.fetch!("actor")
162 clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
163 local_message = build_local_message()
165 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
166 assert actor.follower_address in ftl_message["to"]
167 refute actor.follower_address in ftl_message["cc"]
168 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
169 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
171 assert SimplePolicy.filter(local_message) == {:ok, local_message}
174 test "match with wildcard domain" do
175 {actor, ftl_message} = build_ftl_actor_and_message()
177 ftl_message_actor_host =
179 |> Map.fetch!("actor")
183 clear_config([:mrf_simple, :federated_timeline_removal], ["*." <> ftl_message_actor_host])
184 local_message = build_local_message()
186 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
187 assert actor.follower_address in ftl_message["to"]
188 refute actor.follower_address in ftl_message["cc"]
189 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
190 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
192 assert SimplePolicy.filter(local_message) == {:ok, local_message}
195 test "has a matching host but only as:Public in to" do
196 {_actor, ftl_message} = build_ftl_actor_and_message()
198 ftl_message_actor_host =
200 |> Map.fetch!("actor")
204 ftl_message = Map.put(ftl_message, "cc", [])
206 clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
208 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
209 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
210 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
214 defp build_ftl_actor_and_message do
215 actor = insert(:user)
219 "actor" => actor.ap_id,
220 "to" => ["https://www.w3.org/ns/activitystreams#Public", "http://foo.bar/baz"],
221 "cc" => [actor.follower_address, "http://foo.bar/qux"]
225 describe "when :reject" do
227 clear_config([:mrf_simple, :reject], [])
229 remote_message = build_remote_message()
231 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
234 test "activity has a matching host" do
235 clear_config([:mrf_simple, :reject], ["remote.instance"])
237 remote_message = build_remote_message()
239 assert {:reject, _} = SimplePolicy.filter(remote_message)
242 test "activity matches with wildcard domain" do
243 clear_config([:mrf_simple, :reject], ["*.remote.instance"])
245 remote_message = build_remote_message()
247 assert {:reject, _} = SimplePolicy.filter(remote_message)
250 test "actor has a matching host" do
251 clear_config([:mrf_simple, :reject], ["remote.instance"])
253 remote_user = build_remote_user()
255 assert {:reject, _} = SimplePolicy.filter(remote_user)
258 test "reject Announce when object would be rejected" do
259 clear_config([:mrf_simple, :reject], ["blocked.tld"])
262 "type" => "Announce",
263 "actor" => "https://okay.tld/users/alice",
264 "object" => %{"type" => "Note", "actor" => "https://blocked.tld/users/bob"}
267 assert {:reject, _} = SimplePolicy.filter(announce)
270 test "reject by URI object" do
271 clear_config([:mrf_simple, :reject], ["blocked.tld"])
274 "type" => "Announce",
275 "actor" => "https://okay.tld/users/alice",
276 "object" => "https://blocked.tld/activities/1"
279 assert {:reject, _} = SimplePolicy.filter(announce)
283 describe "when :followers_only" do
285 clear_config([:mrf_simple, :followers_only], [])
286 {_, ftl_message} = build_ftl_actor_and_message()
287 local_message = build_local_message()
289 assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
290 assert SimplePolicy.filter(local_message) == {:ok, local_message}
293 test "has a matching host" do
294 actor = insert(:user)
295 following_user = insert(:user)
296 non_following_user = insert(:user)
298 {:ok, _, _, _} = CommonAPI.follow(following_user, actor)
301 "actor" => actor.ap_id,
303 "https://www.w3.org/ns/activitystreams#Public",
304 following_user.ap_id,
305 non_following_user.ap_id
307 "cc" => [actor.follower_address, "http://foo.bar/qux"]
311 "actor" => actor.ap_id,
313 following_user.ap_id,
314 non_following_user.ap_id
321 |> Map.fetch!("actor")
325 clear_config([:mrf_simple, :followers_only], [actor_domain])
327 assert {:ok, new_activity} = SimplePolicy.filter(activity)
328 assert actor.follower_address in new_activity["cc"]
329 assert following_user.ap_id in new_activity["to"]
330 refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]
331 refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]
332 refute non_following_user.ap_id in new_activity["to"]
333 refute non_following_user.ap_id in new_activity["cc"]
335 assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)
336 assert new_dm_activity["to"] == [following_user.ap_id]
337 assert new_dm_activity["cc"] == []
341 describe "when :accept" do
343 clear_config([:mrf_simple, :accept], [])
345 local_message = build_local_message()
346 remote_message = build_remote_message()
348 assert SimplePolicy.filter(local_message) == {:ok, local_message}
349 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
352 test "is not empty but activity doesn't have a matching host" do
353 clear_config([:mrf_simple, :accept], ["non.matching.remote"])
355 local_message = build_local_message()
356 remote_message = build_remote_message()
358 assert SimplePolicy.filter(local_message) == {:ok, local_message}
359 assert {:reject, _} = SimplePolicy.filter(remote_message)
362 test "activity has a matching host" do
363 clear_config([:mrf_simple, :accept], ["remote.instance"])
365 local_message = build_local_message()
366 remote_message = build_remote_message()
368 assert SimplePolicy.filter(local_message) == {:ok, local_message}
369 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
372 test "activity matches with wildcard domain" do
373 clear_config([:mrf_simple, :accept], ["*.remote.instance"])
375 local_message = build_local_message()
376 remote_message = build_remote_message()
378 assert SimplePolicy.filter(local_message) == {:ok, local_message}
379 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
382 test "actor has a matching host" do
383 clear_config([:mrf_simple, :accept], ["remote.instance"])
385 remote_user = build_remote_user()
387 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
391 describe "when :avatar_removal" do
393 clear_config([:mrf_simple, :avatar_removal], [])
395 remote_user = build_remote_user()
397 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
400 test "is not empty but it doesn't have a matching host" do
401 clear_config([:mrf_simple, :avatar_removal], ["non.matching.remote"])
403 remote_user = build_remote_user()
405 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
408 test "has a matching host" do
409 clear_config([:mrf_simple, :avatar_removal], ["remote.instance"])
411 remote_user = build_remote_user()
412 {:ok, filtered} = SimplePolicy.filter(remote_user)
414 refute filtered["icon"]
417 test "match with wildcard domain" do
418 clear_config([:mrf_simple, :avatar_removal], ["*.remote.instance"])
420 remote_user = build_remote_user()
421 {:ok, filtered} = SimplePolicy.filter(remote_user)
423 refute filtered["icon"]
427 describe "when :banner_removal" do
429 clear_config([:mrf_simple, :banner_removal], [])
431 remote_user = build_remote_user()
433 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
436 test "is not empty but it doesn't have a matching host" do
437 clear_config([:mrf_simple, :banner_removal], ["non.matching.remote"])
439 remote_user = build_remote_user()
441 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
444 test "has a matching host" do
445 clear_config([:mrf_simple, :banner_removal], ["remote.instance"])
447 remote_user = build_remote_user()
448 {:ok, filtered} = SimplePolicy.filter(remote_user)
450 refute filtered["image"]
453 test "match with wildcard domain" do
454 clear_config([:mrf_simple, :banner_removal], ["*.remote.instance"])
456 remote_user = build_remote_user()
457 {:ok, filtered} = SimplePolicy.filter(remote_user)
459 refute filtered["image"]
463 describe "when :reject_deletes is empty" do
464 setup do: clear_config([:mrf_simple, :reject_deletes], [])
466 test "it accepts deletions even from rejected servers" do
467 clear_config([:mrf_simple, :reject], ["remote.instance"])
469 deletion_message = build_remote_deletion_message()
471 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
474 test "it accepts deletions even from non-whitelisted servers" do
475 clear_config([:mrf_simple, :accept], ["non.matching.remote"])
477 deletion_message = build_remote_deletion_message()
479 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
483 describe "when :reject_deletes is not empty but it doesn't have a matching host" do
484 setup do: clear_config([:mrf_simple, :reject_deletes], ["non.matching.remote"])
486 test "it accepts deletions even from rejected servers" do
487 clear_config([:mrf_simple, :reject], ["remote.instance"])
489 deletion_message = build_remote_deletion_message()
491 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
494 test "it accepts deletions even from non-whitelisted servers" do
495 clear_config([:mrf_simple, :accept], ["non.matching.remote"])
497 deletion_message = build_remote_deletion_message()
499 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
503 describe "when :reject_deletes has a matching host" do
504 setup do: clear_config([:mrf_simple, :reject_deletes], ["remote.instance"])
506 test "it rejects the deletion" do
507 deletion_message = build_remote_deletion_message()
509 assert {:reject, _} = SimplePolicy.filter(deletion_message)
513 describe "when :reject_deletes match with wildcard domain" do
514 setup do: clear_config([:mrf_simple, :reject_deletes], ["*.remote.instance"])
516 test "it rejects the deletion" do
517 deletion_message = build_remote_deletion_message()
519 assert {:reject, _} = SimplePolicy.filter(deletion_message)
523 defp build_local_message do
525 "actor" => "#{Pleroma.Web.Endpoint.url()}/users/alice",
531 defp build_remote_message do
532 %{"actor" => "https://remote.instance/users/bob"}
535 defp build_remote_user do
537 "id" => "https://remote.instance/users/bob",
539 "url" => "http://example.com/image.jpg",
543 "url" => "http://example.com/image.jpg",
550 defp build_remote_deletion_message do
553 "actor" => "https://remote.instance/users/bob"