1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.Instances
12 alias Pleroma.Web.ActivityPub.ObjectView
13 alias Pleroma.Web.ActivityPub.UserView
14 alias Pleroma.Web.ActivityPub.Utils
15 alias Pleroma.Web.CommonAPI
18 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
20 config_path = [:instance, :federating]
21 initial_setting = Pleroma.Config.get(config_path)
23 Pleroma.Config.put(config_path, true)
24 on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
30 test "with the relay active, it returns the relay user", %{conn: conn} do
33 |> get(activity_pub_path(conn, :relay))
36 assert res["id"] =~ "/relay"
39 test "with the relay disabled, it returns 404", %{conn: conn} do
40 Pleroma.Config.put([:instance, :allow_relay], false)
43 |> get(activity_pub_path(conn, :relay))
47 Pleroma.Config.put([:instance, :allow_relay], true)
51 describe "/internal/fetch" do
52 test "it returns the internal fetch user", %{conn: conn} do
55 |> get(activity_pub_path(conn, :internal_fetch))
58 assert res["id"] =~ "/fetch"
62 describe "/users/:nickname" do
63 test "it returns a json representation of the user with accept application/json", %{
70 |> put_req_header("accept", "application/json")
71 |> get("/users/#{user.nickname}")
73 user = User.get_cached_by_id(user.id)
75 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
78 test "it returns a json representation of the user with accept application/activity+json", %{
85 |> put_req_header("accept", "application/activity+json")
86 |> get("/users/#{user.nickname}")
88 user = User.get_cached_by_id(user.id)
90 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
93 test "it returns a json representation of the user with accept application/ld+json", %{
102 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
104 |> get("/users/#{user.nickname}")
106 user = User.get_cached_by_id(user.id)
108 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
112 describe "/object/:uuid" do
113 test "it returns a json representation of the object with accept application/json", %{
117 uuid = String.split(note.data["id"], "/") |> List.last()
121 |> put_req_header("accept", "application/json")
122 |> get("/objects/#{uuid}")
124 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
127 test "it returns a json representation of the object with accept application/activity+json",
130 uuid = String.split(note.data["id"], "/") |> List.last()
134 |> put_req_header("accept", "application/activity+json")
135 |> get("/objects/#{uuid}")
137 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
140 test "it returns a json representation of the object with accept application/ld+json", %{
144 uuid = String.split(note.data["id"], "/") |> List.last()
150 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
152 |> get("/objects/#{uuid}")
154 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
157 test "it returns 404 for non-public messages", %{conn: conn} do
158 note = insert(:direct_note)
159 uuid = String.split(note.data["id"], "/") |> List.last()
163 |> put_req_header("accept", "application/activity+json")
164 |> get("/objects/#{uuid}")
166 assert json_response(conn, 404)
169 test "it returns 404 for tombstone objects", %{conn: conn} do
170 tombstone = insert(:tombstone)
171 uuid = String.split(tombstone.data["id"], "/") |> List.last()
175 |> put_req_header("accept", "application/activity+json")
176 |> get("/objects/#{uuid}")
178 assert json_response(conn, 404)
182 describe "/object/:uuid/likes" do
183 test "it returns the like activities in a collection", %{conn: conn} do
184 like = insert(:like_activity)
185 like_object_ap_id = Object.normalize(like).data["id"]
186 uuid = String.split(like_object_ap_id, "/") |> List.last()
190 |> put_req_header("accept", "application/activity+json")
191 |> get("/objects/#{uuid}/likes")
192 |> json_response(200)
194 assert List.first(result["first"]["orderedItems"])["id"] == like.data["id"]
198 describe "/activities/:uuid" do
199 test "it returns a json representation of the activity", %{conn: conn} do
200 activity = insert(:note_activity)
201 uuid = String.split(activity.data["id"], "/") |> List.last()
205 |> put_req_header("accept", "application/activity+json")
206 |> get("/activities/#{uuid}")
208 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
211 test "it returns 404 for non-public activities", %{conn: conn} do
212 activity = insert(:direct_note_activity)
213 uuid = String.split(activity.data["id"], "/") |> List.last()
217 |> put_req_header("accept", "application/activity+json")
218 |> get("/activities/#{uuid}")
220 assert json_response(conn, 404)
225 test "it inserts an incoming activity into the database", %{conn: conn} do
226 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
230 |> assign(:valid_signature, true)
231 |> put_req_header("content-type", "application/activity+json")
232 |> post("/inbox", data)
234 assert "ok" == json_response(conn, 200)
236 assert Activity.get_by_ap_id(data["id"])
239 test "it clears `unreachable` federation status of the sender", %{conn: conn} do
240 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
242 sender_url = data["actor"]
243 Instances.set_consistently_unreachable(sender_url)
244 refute Instances.reachable?(sender_url)
248 |> assign(:valid_signature, true)
249 |> put_req_header("content-type", "application/activity+json")
250 |> post("/inbox", data)
252 assert "ok" == json_response(conn, 200)
253 assert Instances.reachable?(sender_url)
257 describe "/users/:nickname/inbox" do
260 File.read!("test/fixtures/mastodon-post-activity.json")
266 test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
268 data = Map.put(data, "bcc", [user.ap_id])
272 |> assign(:valid_signature, true)
273 |> put_req_header("content-type", "application/activity+json")
274 |> post("/users/#{user.nickname}/inbox", data)
276 assert "ok" == json_response(conn, 200)
278 assert Activity.get_by_ap_id(data["id"])
281 test "it accepts messages from actors that are followed by the user", %{
285 recipient = insert(:user)
286 actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
288 {:ok, recipient} = User.follow(recipient, actor)
292 |> Map.put("attributedTo", actor.ap_id)
296 |> Map.put("actor", actor.ap_id)
297 |> Map.put("object", object)
301 |> assign(:valid_signature, true)
302 |> put_req_header("content-type", "application/activity+json")
303 |> post("/users/#{recipient.nickname}/inbox", data)
305 assert "ok" == json_response(conn, 200)
307 assert Activity.get_by_ap_id(data["id"])
310 test "it rejects reads from other users", %{conn: conn} do
312 otheruser = insert(:user)
316 |> assign(:user, otheruser)
317 |> put_req_header("accept", "application/activity+json")
318 |> get("/users/#{user.nickname}/inbox")
320 assert json_response(conn, 403)
323 test "it returns a note activity in a collection", %{conn: conn} do
324 note_activity = insert(:direct_note_activity)
325 note_object = Object.normalize(note_activity)
326 user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
330 |> assign(:user, user)
331 |> put_req_header("accept", "application/activity+json")
332 |> get("/users/#{user.nickname}/inbox")
334 assert response(conn, 200) =~ note_object.data["content"]
337 test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
339 data = Map.put(data, "bcc", [user.ap_id])
341 sender_host = URI.parse(data["actor"]).host
342 Instances.set_consistently_unreachable(sender_host)
343 refute Instances.reachable?(sender_host)
347 |> assign(:valid_signature, true)
348 |> put_req_header("content-type", "application/activity+json")
349 |> post("/users/#{user.nickname}/inbox", data)
351 assert "ok" == json_response(conn, 200)
352 assert Instances.reachable?(sender_host)
355 test "it removes all follower collections but actor's", %{conn: conn} do
356 [actor, recipient] = insert_pair(:user)
359 File.read!("test/fixtures/activitypub-client-post-activity.json")
362 object = Map.put(data["object"], "attributedTo", actor.ap_id)
366 |> Map.put("id", Utils.generate_object_id())
367 |> Map.put("actor", actor.ap_id)
368 |> Map.put("object", object)
370 recipient.follower_address,
371 actor.follower_address
375 recipient.follower_address,
376 "https://www.w3.org/ns/activitystreams#Public"
380 |> assign(:valid_signature, true)
381 |> put_req_header("content-type", "application/activity+json")
382 |> post("/users/#{recipient.nickname}/inbox", data)
383 |> json_response(200)
385 activity = Activity.get_by_ap_id(data["id"])
388 assert actor.follower_address in activity.recipients
389 assert actor.follower_address in activity.data["cc"]
391 refute recipient.follower_address in activity.recipients
392 refute recipient.follower_address in activity.data["cc"]
393 refute recipient.follower_address in activity.data["to"]
397 describe "/users/:nickname/outbox" do
398 test "it will not bomb when there is no activity", %{conn: conn} do
403 |> put_req_header("accept", "application/activity+json")
404 |> get("/users/#{user.nickname}/outbox")
406 result = json_response(conn, 200)
407 assert user.ap_id <> "/outbox" == result["id"]
410 test "it returns a note activity in a collection", %{conn: conn} do
411 note_activity = insert(:note_activity)
412 note_object = Object.normalize(note_activity)
413 user = User.get_cached_by_ap_id(note_activity.data["actor"])
417 |> put_req_header("accept", "application/activity+json")
418 |> get("/users/#{user.nickname}/outbox")
420 assert response(conn, 200) =~ note_object.data["content"]
423 test "it returns an announce activity in a collection", %{conn: conn} do
424 announce_activity = insert(:announce_activity)
425 user = User.get_cached_by_ap_id(announce_activity.data["actor"])
429 |> put_req_header("accept", "application/activity+json")
430 |> get("/users/#{user.nickname}/outbox")
432 assert response(conn, 200) =~ announce_activity.data["object"]
435 test "it rejects posts from other users", %{conn: conn} do
436 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
438 otheruser = insert(:user)
442 |> assign(:user, otheruser)
443 |> put_req_header("content-type", "application/activity+json")
444 |> post("/users/#{user.nickname}/outbox", data)
446 assert json_response(conn, 403)
449 test "it inserts an incoming create activity into the database", %{conn: conn} do
450 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
455 |> assign(:user, user)
456 |> put_req_header("content-type", "application/activity+json")
457 |> post("/users/#{user.nickname}/outbox", data)
459 result = json_response(conn, 201)
460 assert Activity.get_by_ap_id(result["id"])
463 test "it rejects an incoming activity with bogus type", %{conn: conn} do
464 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
469 |> Map.put("type", "BadType")
473 |> assign(:user, user)
474 |> put_req_header("content-type", "application/activity+json")
475 |> post("/users/#{user.nickname}/outbox", data)
477 assert json_response(conn, 400)
480 test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
481 note_activity = insert(:note_activity)
482 note_object = Object.normalize(note_activity)
483 user = User.get_cached_by_ap_id(note_activity.data["actor"])
488 id: note_object.data["id"]
494 |> assign(:user, user)
495 |> put_req_header("content-type", "application/activity+json")
496 |> post("/users/#{user.nickname}/outbox", data)
498 result = json_response(conn, 201)
499 assert Activity.get_by_ap_id(result["id"])
501 assert object = Object.get_by_ap_id(note_object.data["id"])
502 assert object.data["type"] == "Tombstone"
505 test "it rejects delete activity of object from other actor", %{conn: conn} do
506 note_activity = insert(:note_activity)
507 note_object = Object.normalize(note_activity)
513 id: note_object.data["id"]
519 |> assign(:user, user)
520 |> put_req_header("content-type", "application/activity+json")
521 |> post("/users/#{user.nickname}/outbox", data)
523 assert json_response(conn, 400)
526 test "it increases like count when receiving a like action", %{conn: conn} do
527 note_activity = insert(:note_activity)
528 note_object = Object.normalize(note_activity)
529 user = User.get_cached_by_ap_id(note_activity.data["actor"])
534 id: note_object.data["id"]
540 |> assign(:user, user)
541 |> put_req_header("content-type", "application/activity+json")
542 |> post("/users/#{user.nickname}/outbox", data)
544 result = json_response(conn, 201)
545 assert Activity.get_by_ap_id(result["id"])
547 assert object = Object.get_by_ap_id(note_object.data["id"])
548 assert object.data["like_count"] == 1
552 describe "/users/:nickname/followers" do
553 test "it returns the followers in a collection", %{conn: conn} do
555 user_two = insert(:user)
556 User.follow(user, user_two)
560 |> get("/users/#{user_two.nickname}/followers")
561 |> json_response(200)
563 assert result["first"]["orderedItems"] == [user.ap_id]
566 test "it returns returns a uri if the user has 'hide_followers' set", %{conn: conn} do
568 user_two = insert(:user, %{info: %{hide_followers: true}})
569 User.follow(user, user_two)
573 |> get("/users/#{user_two.nickname}/followers")
574 |> json_response(200)
576 assert is_binary(result["first"])
579 test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is not authenticated",
581 user = insert(:user, %{info: %{hide_followers: true}})
585 |> get("/users/#{user.nickname}/followers?page=1")
587 assert result.status == 403
588 assert result.resp_body == ""
591 test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
593 user = insert(:user, %{info: %{hide_followers: true}})
594 other_user = insert(:user)
595 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
599 |> assign(:user, user)
600 |> get("/users/#{user.nickname}/followers?page=1")
601 |> json_response(200)
603 assert result["totalItems"] == 1
604 assert result["orderedItems"] == [other_user.ap_id]
607 test "it works for more than 10 users", %{conn: conn} do
610 Enum.each(1..15, fn _ ->
611 other_user = insert(:user)
612 User.follow(other_user, user)
617 |> get("/users/#{user.nickname}/followers")
618 |> json_response(200)
620 assert length(result["first"]["orderedItems"]) == 10
621 assert result["first"]["totalItems"] == 15
622 assert result["totalItems"] == 15
626 |> get("/users/#{user.nickname}/followers?page=2")
627 |> json_response(200)
629 assert length(result["orderedItems"]) == 5
630 assert result["totalItems"] == 15
634 describe "/users/:nickname/following" do
635 test "it returns the following in a collection", %{conn: conn} do
637 user_two = insert(:user)
638 User.follow(user, user_two)
642 |> get("/users/#{user.nickname}/following")
643 |> json_response(200)
645 assert result["first"]["orderedItems"] == [user_two.ap_id]
648 test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
649 user = insert(:user, %{info: %{hide_follows: true}})
650 user_two = insert(:user)
651 User.follow(user, user_two)
655 |> get("/users/#{user.nickname}/following")
656 |> json_response(200)
658 assert is_binary(result["first"])
661 test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is not authenticated",
663 user = insert(:user, %{info: %{hide_follows: true}})
667 |> get("/users/#{user.nickname}/following?page=1")
669 assert result.status == 403
670 assert result.resp_body == ""
673 test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
675 user = insert(:user, %{info: %{hide_follows: true}})
676 other_user = insert(:user)
677 {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
681 |> assign(:user, user)
682 |> get("/users/#{user.nickname}/following?page=1")
683 |> json_response(200)
685 assert result["totalItems"] == 1
686 assert result["orderedItems"] == [other_user.ap_id]
689 test "it works for more than 10 users", %{conn: conn} do
692 Enum.each(1..15, fn _ ->
693 user = User.get_cached_by_id(user.id)
694 other_user = insert(:user)
695 User.follow(user, other_user)
700 |> get("/users/#{user.nickname}/following")
701 |> json_response(200)
703 assert length(result["first"]["orderedItems"]) == 10
704 assert result["first"]["totalItems"] == 15
705 assert result["totalItems"] == 15
709 |> get("/users/#{user.nickname}/following?page=2")
710 |> json_response(200)
712 assert length(result["orderedItems"]) == 5
713 assert result["totalItems"] == 15