1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.OStatus.OStatusControllerTest do
6 use Pleroma.Web.ConnCase
12 alias Pleroma.Web.ActivityPub.ActivityPub
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.Endpoint
16 require Pleroma.Constants
19 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
23 setup do: clear_config([:static_fe, :enabled], false)
25 describe "Mastodon compatibility routes" do
26 setup %{conn: conn} do
27 conn = put_req_header(conn, "accept", "text/html")
33 "id" => Endpoint.url() <> "/users/raymoo/statuses/999999999",
34 "actor" => Endpoint.url() <> "/users/raymoo",
35 "to" => [Pleroma.Constants.as_public()]
41 "id" => object.data["id"] <> "/activity",
43 "object" => object.data["id"],
44 "actor" => object.data["actor"],
45 "to" => object.data["to"]
47 |> ActivityPub.persist(local: true)
49 %{conn: conn, activity: activity}
52 test "redirects to /notice/:id for html format", %{conn: conn, activity: activity} do
53 conn = get(conn, "/users/raymoo/statuses/999999999")
54 assert redirected_to(conn) == "/notice/#{activity.id}"
57 test "redirects to /notice/:id for html format for activity", %{
61 conn = get(conn, "/users/raymoo/statuses/999999999/activity")
62 assert redirected_to(conn) == "/notice/#{activity.id}"
66 # Note: see ActivityPubControllerTest for JSON format tests
67 describe "GET /objects/:uuid (text/html)" do
68 setup %{conn: conn} do
69 conn = put_req_header(conn, "accept", "text/html")
73 test "redirects to /notice/id for html format", %{conn: conn} do
74 note_activity = insert(:note_activity)
75 object = Object.normalize(note_activity, fetch: false)
76 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
77 url = "/objects/#{uuid}"
80 assert redirected_to(conn) == "/notice/#{note_activity.id}"
83 test "404s on private objects", %{conn: conn} do
84 note_activity = insert(:direct_note_activity)
85 object = Object.normalize(note_activity, fetch: false)
86 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
89 |> get("/objects/#{uuid}")
93 test "404s on non-existing objects", %{conn: conn} do
95 |> get("/objects/123")
100 # Note: see ActivityPubControllerTest for JSON format tests
101 describe "GET /activities/:uuid (text/html)" do
102 setup %{conn: conn} do
103 conn = put_req_header(conn, "accept", "text/html")
107 test "redirects to /notice/id for html format", %{conn: conn} do
108 note_activity = insert(:note_activity)
109 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
111 conn = get(conn, "/activities/#{uuid}")
112 assert redirected_to(conn) == "/notice/#{note_activity.id}"
115 test "404s on private activities", %{conn: conn} do
116 note_activity = insert(:direct_note_activity)
117 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
120 |> get("/activities/#{uuid}")
124 test "404s on nonexistent activities", %{conn: conn} do
126 |> get("/activities/123")
131 describe "GET notice/2" do
132 test "redirects to a proper object URL when json requested and the object is local", %{
135 note_activity = insert(:note_activity)
136 expected_redirect_url = Object.normalize(note_activity, fetch: false).data["id"]
140 |> put_req_header("accept", "application/activity+json")
141 |> get("/notice/#{note_activity.id}")
144 assert redirect_url == expected_redirect_url
147 test "returns a 404 on remote notice when json requested", %{conn: conn} do
148 note_activity = insert(:note_activity, local: false)
151 |> put_req_header("accept", "application/activity+json")
152 |> get("/notice/#{note_activity.id}")
156 test "500s when actor not found", %{conn: conn} do
157 note_activity = insert(:note_activity)
158 user = User.get_cached_by_ap_id(note_activity.data["actor"])
159 User.invalidate_cache(user)
160 Pleroma.Repo.delete(user)
164 |> get("/notice/#{note_activity.id}")
166 assert response(conn, 500) == ~S({"error":"Something went wrong"})
169 test "render html for redirect for html format", %{conn: conn} do
170 note_activity = insert(:note_activity)
174 |> put_req_header("accept", "text/html")
175 |> get("/notice/#{note_activity.id}")
179 "<meta content=\"#{Pleroma.Web.base_url()}/notice/#{note_activity.id}\" property=\"og:url\">"
183 {:ok, like_activity} = CommonAPI.favorite(user, note_activity.id)
185 assert like_activity.data["type"] == "Like"
189 |> put_req_header("accept", "text/html")
190 |> get("/notice/#{like_activity.id}")
193 assert resp =~ "<!--server-generated-meta-->"
196 test "404s a private notice", %{conn: conn} do
197 note_activity = insert(:direct_note_activity)
198 url = "/notice/#{note_activity.id}"
204 assert response(conn, 404)
207 test "404s a non-existing notice", %{conn: conn} do
214 assert response(conn, 404)
217 test "does not require authentication on non-federating instances", %{
220 clear_config([:instance, :federating], false)
221 note_activity = insert(:note_activity)
224 |> put_req_header("accept", "text/html")
225 |> get("/notice/#{note_activity.id}")
230 describe "GET /notice/:id/embed_player" do
232 note_activity = insert(:note_activity)
233 object = Pleroma.Object.normalize(note_activity, fetch: false)
236 Map.put(object.data, "attachment", [
241 "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
242 "mediaType" => "video/mp4",
250 |> Ecto.Changeset.change(data: object_data)
251 |> Pleroma.Repo.update()
253 %{note_activity: note_activity}
256 test "renders embed player", %{conn: conn, note_activity: note_activity} do
257 conn = get(conn, "/notice/#{note_activity.id}/embed_player")
259 assert Plug.Conn.get_resp_header(conn, "x-frame-options") == ["ALLOW"]
261 assert Plug.Conn.get_resp_header(
263 "content-security-policy"
265 "default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; media-src 'self' https:;"
268 assert response(conn, 200) =~
269 "<video controls loop><source src=\"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4\" type=\"video/mp4\">Your browser does not support video/mp4 playback.</video>"
272 test "404s when activity isn't create", %{conn: conn} do
273 note_activity = insert(:note_activity, data_attrs: %{"type" => "Like"})
276 |> get("/notice/#{note_activity.id}/embed_player")
280 test "404s when activity is direct message", %{conn: conn} do
281 note_activity = insert(:note_activity, data_attrs: %{"directMessage" => true})
284 |> get("/notice/#{note_activity.id}/embed_player")
288 test "404s when attachment is empty", %{conn: conn} do
289 note_activity = insert(:note_activity)
290 object = Pleroma.Object.normalize(note_activity, fetch: false)
291 object_data = Map.put(object.data, "attachment", [])
294 |> Ecto.Changeset.change(data: object_data)
295 |> Pleroma.Repo.update()
298 |> get("/notice/#{note_activity.id}/embed_player")
302 test "404s when attachment isn't audio or video", %{conn: conn} do
303 note_activity = insert(:note_activity)
304 object = Pleroma.Object.normalize(note_activity, fetch: false)
307 Map.put(object.data, "attachment", [
311 "href" => "https://peertube.moe/static/webseed/480.jpg",
312 "mediaType" => "image/jpg",
320 |> Ecto.Changeset.change(data: object_data)
321 |> Pleroma.Repo.update()
324 |> get("/notice/#{note_activity.id}/embed_player")
328 test "does not require authentication on non-federating instances", %{
330 note_activity: note_activity
332 clear_config([:instance, :federating], false)
335 |> put_req_header("accept", "text/html")
336 |> get("/notice/#{note_activity.id}/embed_player")