1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.Instances
12 alias Pleroma.Web.ActivityPub.ObjectView
13 alias Pleroma.Web.ActivityPub.Relay
14 alias Pleroma.Web.ActivityPub.UserView
15 alias Pleroma.Web.ActivityPub.Utils
16 alias Pleroma.Web.CommonAPI
19 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
23 clear_config_all([:instance, :federating],
24 do: Pleroma.Config.put([:instance, :federating], true)
28 clear_config([:instance, :allow_relay])
30 test "with the relay active, it returns the relay user", %{conn: conn} do
33 |> get(activity_pub_path(conn, :relay))
36 assert res["id"] =~ "/relay"
39 test "with the relay disabled, it returns 404", %{conn: conn} do
40 Pleroma.Config.put([:instance, :allow_relay], false)
43 |> get(activity_pub_path(conn, :relay))
49 describe "/internal/fetch" do
50 test "it returns the internal fetch user", %{conn: conn} do
53 |> get(activity_pub_path(conn, :internal_fetch))
56 assert res["id"] =~ "/fetch"
60 describe "/users/:nickname" do
61 test "it returns a json representation of the user with accept application/json", %{
68 |> put_req_header("accept", "application/json")
69 |> get("/users/#{user.nickname}")
71 user = User.get_cached_by_id(user.id)
73 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
76 test "it returns a json representation of the user with accept application/activity+json", %{
83 |> put_req_header("accept", "application/activity+json")
84 |> get("/users/#{user.nickname}")
86 user = User.get_cached_by_id(user.id)
88 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
91 test "it returns a json representation of the user with accept application/ld+json", %{
100 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
102 |> get("/users/#{user.nickname}")
104 user = User.get_cached_by_id(user.id)
106 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
110 describe "/object/:uuid" do
111 test "it returns a json representation of the object with accept application/json", %{
115 uuid = String.split(note.data["id"], "/") |> List.last()
119 |> put_req_header("accept", "application/json")
120 |> get("/objects/#{uuid}")
122 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
125 test "it returns a json representation of the object with accept application/activity+json",
128 uuid = String.split(note.data["id"], "/") |> List.last()
132 |> put_req_header("accept", "application/activity+json")
133 |> get("/objects/#{uuid}")
135 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
138 test "it returns a json representation of the object with accept application/ld+json", %{
142 uuid = String.split(note.data["id"], "/") |> List.last()
148 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
150 |> get("/objects/#{uuid}")
152 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
155 test "it returns 404 for non-public messages", %{conn: conn} do
156 note = insert(:direct_note)
157 uuid = String.split(note.data["id"], "/") |> List.last()
161 |> put_req_header("accept", "application/activity+json")
162 |> get("/objects/#{uuid}")
164 assert json_response(conn, 404)
167 test "it returns 404 for tombstone objects", %{conn: conn} do
168 tombstone = insert(:tombstone)
169 uuid = String.split(tombstone.data["id"], "/") |> List.last()
173 |> put_req_header("accept", "application/activity+json")
174 |> get("/objects/#{uuid}")
176 assert json_response(conn, 404)
179 test "it caches a response", %{conn: conn} do
181 uuid = String.split(note.data["id"], "/") |> List.last()
185 |> put_req_header("accept", "application/activity+json")
186 |> get("/objects/#{uuid}")
188 assert json_response(conn1, :ok)
189 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
193 |> put_req_header("accept", "application/activity+json")
194 |> get("/objects/#{uuid}")
196 assert json_response(conn1, :ok) == json_response(conn2, :ok)
197 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
200 test "cached purged after object deletion", %{conn: conn} do
202 uuid = String.split(note.data["id"], "/") |> List.last()
206 |> put_req_header("accept", "application/activity+json")
207 |> get("/objects/#{uuid}")
209 assert json_response(conn1, :ok)
210 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
216 |> put_req_header("accept", "application/activity+json")
217 |> get("/objects/#{uuid}")
219 assert "Not found" == json_response(conn2, :not_found)
223 describe "/activities/:uuid" do
224 test "it returns a json representation of the activity", %{conn: conn} do
225 activity = insert(:note_activity)
226 uuid = String.split(activity.data["id"], "/") |> List.last()
230 |> put_req_header("accept", "application/activity+json")
231 |> get("/activities/#{uuid}")
233 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
236 test "it returns 404 for non-public activities", %{conn: conn} do
237 activity = insert(:direct_note_activity)
238 uuid = String.split(activity.data["id"], "/") |> List.last()
242 |> put_req_header("accept", "application/activity+json")
243 |> get("/activities/#{uuid}")
245 assert json_response(conn, 404)
248 test "it caches a response", %{conn: conn} do
249 activity = insert(:note_activity)
250 uuid = String.split(activity.data["id"], "/") |> List.last()
254 |> put_req_header("accept", "application/activity+json")
255 |> get("/activities/#{uuid}")
257 assert json_response(conn1, :ok)
258 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
262 |> put_req_header("accept", "application/activity+json")
263 |> get("/activities/#{uuid}")
265 assert json_response(conn1, :ok) == json_response(conn2, :ok)
266 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
269 test "cached purged after activity deletion", %{conn: conn} do
271 {:ok, activity} = CommonAPI.post(user, %{"status" => "cofe"})
273 uuid = String.split(activity.data["id"], "/") |> List.last()
277 |> put_req_header("accept", "application/activity+json")
278 |> get("/activities/#{uuid}")
280 assert json_response(conn1, :ok)
281 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
283 Activity.delete_by_ap_id(activity.object.data["id"])
287 |> put_req_header("accept", "application/activity+json")
288 |> get("/activities/#{uuid}")
290 assert "Not found" == json_response(conn2, :not_found)
295 test "it inserts an incoming activity into the database", %{conn: conn} do
296 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
300 |> assign(:valid_signature, true)
301 |> put_req_header("content-type", "application/activity+json")
302 |> post("/inbox", data)
304 assert "ok" == json_response(conn, 200)
306 assert Activity.get_by_ap_id(data["id"])
309 test "it clears `unreachable` federation status of the sender", %{conn: conn} do
310 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
312 sender_url = data["actor"]
313 Instances.set_consistently_unreachable(sender_url)
314 refute Instances.reachable?(sender_url)
318 |> assign(:valid_signature, true)
319 |> put_req_header("content-type", "application/activity+json")
320 |> post("/inbox", data)
322 assert "ok" == json_response(conn, 200)
323 assert Instances.reachable?(sender_url)
327 describe "/users/:nickname/inbox" do
330 File.read!("test/fixtures/mastodon-post-activity.json")
336 test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
338 data = Map.put(data, "bcc", [user.ap_id])
342 |> assign(:valid_signature, true)
343 |> put_req_header("content-type", "application/activity+json")
344 |> post("/users/#{user.nickname}/inbox", data)
346 assert "ok" == json_response(conn, 200)
348 assert Activity.get_by_ap_id(data["id"])
351 test "it accepts messages from actors that are followed by the user", %{
355 recipient = insert(:user)
356 actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
358 {:ok, recipient} = User.follow(recipient, actor)
362 |> Map.put("attributedTo", actor.ap_id)
366 |> Map.put("actor", actor.ap_id)
367 |> Map.put("object", object)
371 |> assign(:valid_signature, true)
372 |> put_req_header("content-type", "application/activity+json")
373 |> post("/users/#{recipient.nickname}/inbox", data)
375 assert "ok" == json_response(conn, 200)
377 assert Activity.get_by_ap_id(data["id"])
380 test "it rejects reads from other users", %{conn: conn} do
382 otheruser = insert(:user)
386 |> assign(:user, otheruser)
387 |> put_req_header("accept", "application/activity+json")
388 |> get("/users/#{user.nickname}/inbox")
390 assert json_response(conn, 403)
393 test "it doesn't crash without an authenticated user", %{conn: conn} do
398 |> put_req_header("accept", "application/activity+json")
399 |> get("/users/#{user.nickname}/inbox")
401 assert json_response(conn, 403)
404 test "it returns a note activity in a collection", %{conn: conn} do
405 note_activity = insert(:direct_note_activity)
406 note_object = Object.normalize(note_activity)
407 user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
411 |> assign(:user, user)
412 |> put_req_header("accept", "application/activity+json")
413 |> get("/users/#{user.nickname}/inbox?page=true")
415 assert response(conn, 200) =~ note_object.data["content"]
418 test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
420 data = Map.put(data, "bcc", [user.ap_id])
422 sender_host = URI.parse(data["actor"]).host
423 Instances.set_consistently_unreachable(sender_host)
424 refute Instances.reachable?(sender_host)
428 |> assign(:valid_signature, true)
429 |> put_req_header("content-type", "application/activity+json")
430 |> post("/users/#{user.nickname}/inbox", data)
432 assert "ok" == json_response(conn, 200)
433 assert Instances.reachable?(sender_host)
436 test "it removes all follower collections but actor's", %{conn: conn} do
437 [actor, recipient] = insert_pair(:user)
440 File.read!("test/fixtures/activitypub-client-post-activity.json")
443 object = Map.put(data["object"], "attributedTo", actor.ap_id)
447 |> Map.put("id", Utils.generate_object_id())
448 |> Map.put("actor", actor.ap_id)
449 |> Map.put("object", object)
451 recipient.follower_address,
452 actor.follower_address
456 recipient.follower_address,
457 "https://www.w3.org/ns/activitystreams#Public"
461 |> assign(:valid_signature, true)
462 |> put_req_header("content-type", "application/activity+json")
463 |> post("/users/#{recipient.nickname}/inbox", data)
464 |> json_response(200)
466 activity = Activity.get_by_ap_id(data["id"])
469 assert actor.follower_address in activity.recipients
470 assert actor.follower_address in activity.data["cc"]
472 refute recipient.follower_address in activity.recipients
473 refute recipient.follower_address in activity.data["cc"]
474 refute recipient.follower_address in activity.data["to"]
478 describe "/users/:nickname/outbox" do
479 test "it will not bomb when there is no activity", %{conn: conn} do
484 |> put_req_header("accept", "application/activity+json")
485 |> get("/users/#{user.nickname}/outbox")
487 result = json_response(conn, 200)
488 assert user.ap_id <> "/outbox" == result["id"]
491 test "it returns a note activity in a collection", %{conn: conn} do
492 note_activity = insert(:note_activity)
493 note_object = Object.normalize(note_activity)
494 user = User.get_cached_by_ap_id(note_activity.data["actor"])
498 |> put_req_header("accept", "application/activity+json")
499 |> get("/users/#{user.nickname}/outbox?page=true")
501 assert response(conn, 200) =~ note_object.data["content"]
504 test "it returns an announce activity in a collection", %{conn: conn} do
505 announce_activity = insert(:announce_activity)
506 user = User.get_cached_by_ap_id(announce_activity.data["actor"])
510 |> put_req_header("accept", "application/activity+json")
511 |> get("/users/#{user.nickname}/outbox?page=true")
513 assert response(conn, 200) =~ announce_activity.data["object"]
516 test "it rejects posts from other users", %{conn: conn} do
517 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
519 otheruser = insert(:user)
523 |> assign(:user, otheruser)
524 |> put_req_header("content-type", "application/activity+json")
525 |> post("/users/#{user.nickname}/outbox", data)
527 assert json_response(conn, 403)
530 test "it inserts an incoming create activity into the database", %{conn: conn} do
531 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
536 |> assign(:user, user)
537 |> put_req_header("content-type", "application/activity+json")
538 |> post("/users/#{user.nickname}/outbox", data)
540 result = json_response(conn, 201)
541 assert Activity.get_by_ap_id(result["id"])
544 test "it rejects an incoming activity with bogus type", %{conn: conn} do
545 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
550 |> Map.put("type", "BadType")
554 |> assign(:user, user)
555 |> put_req_header("content-type", "application/activity+json")
556 |> post("/users/#{user.nickname}/outbox", data)
558 assert json_response(conn, 400)
561 test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
562 note_activity = insert(:note_activity)
563 note_object = Object.normalize(note_activity)
564 user = User.get_cached_by_ap_id(note_activity.data["actor"])
569 id: note_object.data["id"]
575 |> assign(:user, user)
576 |> put_req_header("content-type", "application/activity+json")
577 |> post("/users/#{user.nickname}/outbox", data)
579 result = json_response(conn, 201)
580 assert Activity.get_by_ap_id(result["id"])
582 assert object = Object.get_by_ap_id(note_object.data["id"])
583 assert object.data["type"] == "Tombstone"
586 test "it rejects delete activity of object from other actor", %{conn: conn} do
587 note_activity = insert(:note_activity)
588 note_object = Object.normalize(note_activity)
594 id: note_object.data["id"]
600 |> assign(:user, user)
601 |> put_req_header("content-type", "application/activity+json")
602 |> post("/users/#{user.nickname}/outbox", data)
604 assert json_response(conn, 400)
607 test "it increases like count when receiving a like action", %{conn: conn} do
608 note_activity = insert(:note_activity)
609 note_object = Object.normalize(note_activity)
610 user = User.get_cached_by_ap_id(note_activity.data["actor"])
615 id: note_object.data["id"]
621 |> assign(:user, user)
622 |> put_req_header("content-type", "application/activity+json")
623 |> post("/users/#{user.nickname}/outbox", data)
625 result = json_response(conn, 201)
626 assert Activity.get_by_ap_id(result["id"])
628 assert object = Object.get_by_ap_id(note_object.data["id"])
629 assert object.data["like_count"] == 1
633 describe "/relay/followers" do
634 test "it returns relay followers", %{conn: conn} do
635 relay_actor = Relay.get_actor()
637 User.follow(user, relay_actor)
641 |> assign(:relay, true)
642 |> get("/relay/followers")
643 |> json_response(200)
645 assert result["first"]["orderedItems"] == [user.ap_id]
649 describe "/relay/following" do
650 test "it returns relay following", %{conn: conn} do
653 |> assign(:relay, true)
654 |> get("/relay/following")
655 |> json_response(200)
657 assert result["first"]["orderedItems"] == []
661 describe "/users/:nickname/followers" do
662 test "it returns the followers in a collection", %{conn: conn} do
664 user_two = insert(:user)
665 User.follow(user, user_two)
669 |> get("/users/#{user_two.nickname}/followers")
670 |> json_response(200)
672 assert result["first"]["orderedItems"] == [user.ap_id]
675 test "it returns returns a uri if the user has 'hide_followers' set", %{conn: conn} do
677 user_two = insert(:user, %{info: %{hide_followers: true}})
678 User.follow(user, user_two)
682 |> get("/users/#{user_two.nickname}/followers")
683 |> json_response(200)
685 assert is_binary(result["first"])
688 test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is not authenticated",
690 user = insert(:user, %{info: %{hide_followers: true}})
694 |> get("/users/#{user.nickname}/followers?page=1")
696 assert result.status == 403
697 assert result.resp_body == ""
700 test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
702 user = insert(:user, %{info: %{hide_followers: true}})
703 other_user = insert(:user)
704 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
708 |> assign(:user, user)
709 |> get("/users/#{user.nickname}/followers?page=1")
710 |> json_response(200)
712 assert result["totalItems"] == 1
713 assert result["orderedItems"] == [other_user.ap_id]
716 test "it works for more than 10 users", %{conn: conn} do
719 Enum.each(1..15, fn _ ->
720 other_user = insert(:user)
721 User.follow(other_user, user)
726 |> get("/users/#{user.nickname}/followers")
727 |> json_response(200)
729 assert length(result["first"]["orderedItems"]) == 10
730 assert result["first"]["totalItems"] == 15
731 assert result["totalItems"] == 15
735 |> get("/users/#{user.nickname}/followers?page=2")
736 |> json_response(200)
738 assert length(result["orderedItems"]) == 5
739 assert result["totalItems"] == 15
743 describe "/users/:nickname/following" do
744 test "it returns the following in a collection", %{conn: conn} do
746 user_two = insert(:user)
747 User.follow(user, user_two)
751 |> get("/users/#{user.nickname}/following")
752 |> json_response(200)
754 assert result["first"]["orderedItems"] == [user_two.ap_id]
757 test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
758 user = insert(:user, %{info: %{hide_follows: true}})
759 user_two = insert(:user)
760 User.follow(user, user_two)
764 |> get("/users/#{user.nickname}/following")
765 |> json_response(200)
767 assert is_binary(result["first"])
770 test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is not authenticated",
772 user = insert(:user, %{info: %{hide_follows: true}})
776 |> get("/users/#{user.nickname}/following?page=1")
778 assert result.status == 403
779 assert result.resp_body == ""
782 test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
784 user = insert(:user, %{info: %{hide_follows: true}})
785 other_user = insert(:user)
786 {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
790 |> assign(:user, user)
791 |> get("/users/#{user.nickname}/following?page=1")
792 |> json_response(200)
794 assert result["totalItems"] == 1
795 assert result["orderedItems"] == [other_user.ap_id]
798 test "it works for more than 10 users", %{conn: conn} do
801 Enum.each(1..15, fn _ ->
802 user = User.get_cached_by_id(user.id)
803 other_user = insert(:user)
804 User.follow(user, other_user)
809 |> get("/users/#{user.nickname}/following")
810 |> json_response(200)
812 assert length(result["first"]["orderedItems"]) == 10
813 assert result["first"]["totalItems"] == 15
814 assert result["totalItems"] == 15
818 |> get("/users/#{user.nickname}/following?page=2")
819 |> json_response(200)
821 assert length(result["orderedItems"]) == 5
822 assert result["totalItems"] == 15