git.squeep.com Git - akkoma/blob - test/pleroma/web/static_fe/static_fe_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
   6   use Pleroma.Web.ConnCase
   7
   8   alias Pleroma.Activity
   9   alias Pleroma.Config
  10   alias Pleroma.Web.ActivityPub.Transmogrifier
  11   alias Pleroma.Web.CommonAPI
  12
  13   import Pleroma.Factory
  14
  15   setup_all do: clear_config([:static_fe, :enabled], true)
  16   setup do: clear_config([:instance, :federating], true)
  17
  18   setup %{conn: conn} do
  19     conn = put_req_header(conn, "accept", "text/html")
  20     user = insert(:user)
  21
  22     %{conn: conn, user: user}
  23   end
  24
  25   describe "user profile html" do
  26     test "just the profile as HTML", %{conn: conn, user: user} do
  27       conn = get(conn, "/users/#{user.nickname}")
  28
  29       assert html_response(conn, 200) =~ user.nickname
  30     end
  31
  32     test "404 when user not found", %{conn: conn} do
  33       conn = get(conn, "/users/limpopo")
  34
  35       assert html_response(conn, 404) =~ "not found"
  36     end
  37
  38     test "profile does not include private messages", %{conn: conn, user: user} do
  39       CommonAPI.post(user, %{status: "public"})
  40       CommonAPI.post(user, %{status: "private", visibility: "private"})
  41
  42       conn = get(conn, "/users/#{user.nickname}")
  43
  44       html = html_response(conn, 200)
  45
  46       assert html =~ ">public<"
  47       refute html =~ ">private<"
  48     end
  49
  50     test "pagination", %{conn: conn, user: user} do
  51       Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
  52
  53       conn = get(conn, "/users/#{user.nickname}")
  54
  55       html = html_response(conn, 200)
  56
  57       assert html =~ ">test30<"
  58       assert html =~ ">test11<"
  59       refute html =~ ">test10<"
  60       refute html =~ ">test1<"
  61     end
  62
  63     test "pagination, page 2", %{conn: conn, user: user} do
  64       activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
  65       {:ok, a11} = Enum.at(activities, 11)
  66
  67       conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
  68
  69       html = html_response(conn, 200)
  70
  71       assert html =~ ">test1<"
  72       assert html =~ ">test10<"
  73       refute html =~ ">test20<"
  74       refute html =~ ">test29<"
  75     end
  76
  77     test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
  78       ensure_federating_or_authenticated(conn, "/users/#{user.nickname}", user)
  79     end
  80   end
  81
  82   describe "notice html" do
  83     test "single notice page", %{conn: conn, user: user} do
  84       {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
  85
  86       conn = get(conn, "/notice/#{activity.id}")
  87
  88       html = html_response(conn, 200)
  89       assert html =~ "<header>"
  90       assert html =~ user.nickname
  91       assert html =~ "testing a thing!"
  92     end
  93
  94     test "redirects to json if requested", %{conn: conn, user: user} do
  95       {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
  96
  97       conn =
  98         conn
  99         |> put_req_header(
 100           "accept",
 101           "Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
 102         )
 103         |> get("/notice/#{activity.id}")
 104
 105       assert redirected_to(conn, 302) =~ activity.data["object"]
 106     end
 107
 108     test "filters HTML tags", %{conn: conn} do
 109       user = insert(:user)
 110       {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
 111
 112       conn =
 113         conn
 114         |> put_req_header("accept", "text/html")
 115         |> get("/notice/#{activity.id}")
 116
 117       html = html_response(conn, 200)
 118       assert html =~ ~s[&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;]
 119     end
 120
 121     test "shows the whole thread", %{conn: conn, user: user} do
 122       {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
 123
 124       CommonAPI.post(user, %{
 125         status: "these are the voyages or something",
 126         in_reply_to_status_id: activity.id
 127       })
 128
 129       conn = get(conn, "/notice/#{activity.id}")
 130
 131       html = html_response(conn, 200)
 132       assert html =~ "the final frontier"
 133       assert html =~ "voyages"
 134     end
 135
 136     test "redirect by AP object ID", %{conn: conn, user: user} do
 137       {:ok, %Activity{data: %{"object" => object_url}}} =
 138         CommonAPI.post(user, %{status: "beam me up"})
 139
 140       conn = get(conn, URI.parse(object_url).path)
 141
 142       assert html_response(conn, 302) =~ "redirected"
 143     end
 144
 145     test "redirect by activity ID", %{conn: conn, user: user} do
 146       {:ok, %Activity{data: %{"id" => id}}} =
 147         CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
 148
 149       conn = get(conn, URI.parse(id).path)
 150
 151       assert html_response(conn, 302) =~ "redirected"
 152     end
 153
 154     test "404 when notice not found", %{conn: conn} do
 155       conn = get(conn, "/notice/88c9c317")
 156
 157       assert html_response(conn, 404) =~ "not found"
 158     end
 159
 160     test "404 for private status", %{conn: conn, user: user} do
 161       {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
 162
 163       conn = get(conn, "/notice/#{activity.id}")
 164
 165       assert html_response(conn, 404) =~ "not found"
 166     end
 167
 168     test "302 for remote cached status", %{conn: conn, user: user} do
 169       message = %{
 170         "@context" => "https://www.w3.org/ns/activitystreams",
 171         "to" => user.follower_address,
 172         "cc" => "https://www.w3.org/ns/activitystreams#Public",
 173         "type" => "Create",
 174         "object" => %{
 175           "content" => "blah blah blah",
 176           "type" => "Note",
 177           "attributedTo" => user.ap_id,
 178           "inReplyTo" => nil
 179         },
 180         "actor" => user.ap_id
 181       }
 182
 183       assert {:ok, activity} = Transmogrifier.handle_incoming(message)
 184
 185       conn = get(conn, "/notice/#{activity.id}")
 186
 187       assert html_response(conn, 302) =~ "redirected"
 188     end
 189
 190     test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
 191       {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
 192
 193       ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)
 194     end
 195   end
 196 end