1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.Instances
12 alias Pleroma.Web.ActivityPub.ObjectView
13 alias Pleroma.Web.ActivityPub.Relay
14 alias Pleroma.Web.ActivityPub.UserView
15 alias Pleroma.Web.ActivityPub.Utils
16 alias Pleroma.Web.CommonAPI
19 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
23 clear_config_all([:instance, :federating],
24 do: Pleroma.Config.put([:instance, :federating], true)
28 clear_config([:instance, :allow_relay])
30 test "with the relay active, it returns the relay user", %{conn: conn} do
33 |> get(activity_pub_path(conn, :relay))
36 assert res["id"] =~ "/relay"
39 test "with the relay disabled, it returns 404", %{conn: conn} do
40 Pleroma.Config.put([:instance, :allow_relay], false)
43 |> get(activity_pub_path(conn, :relay))
49 describe "/internal/fetch" do
50 test "it returns the internal fetch user", %{conn: conn} do
53 |> get(activity_pub_path(conn, :internal_fetch))
56 assert res["id"] =~ "/fetch"
60 describe "/users/:nickname" do
61 test "it returns a json representation of the user with accept application/json", %{
68 |> put_req_header("accept", "application/json")
69 |> get("/users/#{user.nickname}")
71 user = User.get_cached_by_id(user.id)
73 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
76 test "it returns a json representation of the user with accept application/activity+json", %{
83 |> put_req_header("accept", "application/activity+json")
84 |> get("/users/#{user.nickname}")
86 user = User.get_cached_by_id(user.id)
88 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
91 test "it returns a json representation of the user with accept application/ld+json", %{
100 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
102 |> get("/users/#{user.nickname}")
104 user = User.get_cached_by_id(user.id)
106 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
110 describe "/object/:uuid" do
111 test "it returns a json representation of the object with accept application/json", %{
115 uuid = String.split(note.data["id"], "/") |> List.last()
119 |> put_req_header("accept", "application/json")
120 |> get("/objects/#{uuid}")
122 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
125 test "it returns a json representation of the object with accept application/activity+json",
128 uuid = String.split(note.data["id"], "/") |> List.last()
132 |> put_req_header("accept", "application/activity+json")
133 |> get("/objects/#{uuid}")
135 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
138 test "it returns a json representation of the object with accept application/ld+json", %{
142 uuid = String.split(note.data["id"], "/") |> List.last()
148 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
150 |> get("/objects/#{uuid}")
152 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
155 test "it returns 404 for non-public messages", %{conn: conn} do
156 note = insert(:direct_note)
157 uuid = String.split(note.data["id"], "/") |> List.last()
161 |> put_req_header("accept", "application/activity+json")
162 |> get("/objects/#{uuid}")
164 assert json_response(conn, 404)
167 test "it returns 404 for tombstone objects", %{conn: conn} do
168 tombstone = insert(:tombstone)
169 uuid = String.split(tombstone.data["id"], "/") |> List.last()
173 |> put_req_header("accept", "application/activity+json")
174 |> get("/objects/#{uuid}")
176 assert json_response(conn, 404)
180 describe "/object/:uuid/likes" do
182 like = insert(:like_activity)
183 like_object_ap_id = Object.normalize(like).data["id"]
190 [id: like.data["id"], uuid: uuid]
193 test "it returns the like activities in a collection", %{conn: conn, id: id, uuid: uuid} do
196 |> put_req_header("accept", "application/activity+json")
197 |> get("/objects/#{uuid}/likes")
198 |> json_response(200)
200 assert List.first(result["first"]["orderedItems"])["id"] == id
201 assert result["type"] == "OrderedCollection"
202 assert result["totalItems"] == 1
203 refute result["first"]["next"]
206 test "it does not crash when page number is exceeded total pages", %{conn: conn, uuid: uuid} do
209 |> put_req_header("accept", "application/activity+json")
210 |> get("/objects/#{uuid}/likes?page=2")
211 |> json_response(200)
213 assert result["type"] == "OrderedCollectionPage"
214 assert result["totalItems"] == 1
215 refute result["next"]
216 assert Enum.empty?(result["orderedItems"])
219 test "it contains the next key when likes count is more than 10", %{conn: conn} do
220 note = insert(:note_activity)
221 insert_list(11, :like_activity, note_activity: note)
225 |> Object.normalize()
233 |> put_req_header("accept", "application/activity+json")
234 |> get("/objects/#{uuid}/likes?page=1")
235 |> json_response(200)
237 assert result["totalItems"] == 11
238 assert length(result["orderedItems"]) == 10
239 assert result["next"]
243 describe "/activities/:uuid" do
244 test "it returns a json representation of the activity", %{conn: conn} do
245 activity = insert(:note_activity)
246 uuid = String.split(activity.data["id"], "/") |> List.last()
250 |> put_req_header("accept", "application/activity+json")
251 |> get("/activities/#{uuid}")
253 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
256 test "it returns 404 for non-public activities", %{conn: conn} do
257 activity = insert(:direct_note_activity)
258 uuid = String.split(activity.data["id"], "/") |> List.last()
262 |> put_req_header("accept", "application/activity+json")
263 |> get("/activities/#{uuid}")
265 assert json_response(conn, 404)
270 test "it inserts an incoming activity into the database", %{conn: conn} do
271 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
275 |> assign(:valid_signature, true)
276 |> put_req_header("content-type", "application/activity+json")
277 |> post("/inbox", data)
279 assert "ok" == json_response(conn, 200)
281 assert Activity.get_by_ap_id(data["id"])
284 test "it clears `unreachable` federation status of the sender", %{conn: conn} do
285 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
287 sender_url = data["actor"]
288 Instances.set_consistently_unreachable(sender_url)
289 refute Instances.reachable?(sender_url)
293 |> assign(:valid_signature, true)
294 |> put_req_header("content-type", "application/activity+json")
295 |> post("/inbox", data)
297 assert "ok" == json_response(conn, 200)
298 assert Instances.reachable?(sender_url)
302 describe "/users/:nickname/inbox" do
305 File.read!("test/fixtures/mastodon-post-activity.json")
311 test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
313 data = Map.put(data, "bcc", [user.ap_id])
317 |> assign(:valid_signature, true)
318 |> put_req_header("content-type", "application/activity+json")
319 |> post("/users/#{user.nickname}/inbox", data)
321 assert "ok" == json_response(conn, 200)
323 assert Activity.get_by_ap_id(data["id"])
326 test "it accepts messages from actors that are followed by the user", %{
330 recipient = insert(:user)
331 actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
333 {:ok, recipient} = User.follow(recipient, actor)
337 |> Map.put("attributedTo", actor.ap_id)
341 |> Map.put("actor", actor.ap_id)
342 |> Map.put("object", object)
346 |> assign(:valid_signature, true)
347 |> put_req_header("content-type", "application/activity+json")
348 |> post("/users/#{recipient.nickname}/inbox", data)
350 assert "ok" == json_response(conn, 200)
352 assert Activity.get_by_ap_id(data["id"])
355 test "it rejects reads from other users", %{conn: conn} do
357 otheruser = insert(:user)
361 |> assign(:user, otheruser)
362 |> put_req_header("accept", "application/activity+json")
363 |> get("/users/#{user.nickname}/inbox")
365 assert json_response(conn, 403)
368 test "it doesn't crash without an authenticated user", %{conn: conn} do
373 |> put_req_header("accept", "application/activity+json")
374 |> get("/users/#{user.nickname}/inbox")
376 assert json_response(conn, 403)
379 test "it returns a note activity in a collection", %{conn: conn} do
380 note_activity = insert(:direct_note_activity)
381 note_object = Object.normalize(note_activity)
382 user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
386 |> assign(:user, user)
387 |> put_req_header("accept", "application/activity+json")
388 |> get("/users/#{user.nickname}/inbox")
390 assert response(conn, 200) =~ note_object.data["content"]
393 test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
395 data = Map.put(data, "bcc", [user.ap_id])
397 sender_host = URI.parse(data["actor"]).host
398 Instances.set_consistently_unreachable(sender_host)
399 refute Instances.reachable?(sender_host)
403 |> assign(:valid_signature, true)
404 |> put_req_header("content-type", "application/activity+json")
405 |> post("/users/#{user.nickname}/inbox", data)
407 assert "ok" == json_response(conn, 200)
408 assert Instances.reachable?(sender_host)
411 test "it removes all follower collections but actor's", %{conn: conn} do
412 [actor, recipient] = insert_pair(:user)
415 File.read!("test/fixtures/activitypub-client-post-activity.json")
418 object = Map.put(data["object"], "attributedTo", actor.ap_id)
422 |> Map.put("id", Utils.generate_object_id())
423 |> Map.put("actor", actor.ap_id)
424 |> Map.put("object", object)
426 recipient.follower_address,
427 actor.follower_address
431 recipient.follower_address,
432 "https://www.w3.org/ns/activitystreams#Public"
436 |> assign(:valid_signature, true)
437 |> put_req_header("content-type", "application/activity+json")
438 |> post("/users/#{recipient.nickname}/inbox", data)
439 |> json_response(200)
441 activity = Activity.get_by_ap_id(data["id"])
444 assert actor.follower_address in activity.recipients
445 assert actor.follower_address in activity.data["cc"]
447 refute recipient.follower_address in activity.recipients
448 refute recipient.follower_address in activity.data["cc"]
449 refute recipient.follower_address in activity.data["to"]
453 describe "/users/:nickname/outbox" do
454 test "it will not bomb when there is no activity", %{conn: conn} do
459 |> put_req_header("accept", "application/activity+json")
460 |> get("/users/#{user.nickname}/outbox")
462 result = json_response(conn, 200)
463 assert user.ap_id <> "/outbox" == result["id"]
466 test "it returns a note activity in a collection", %{conn: conn} do
467 note_activity = insert(:note_activity)
468 note_object = Object.normalize(note_activity)
469 user = User.get_cached_by_ap_id(note_activity.data["actor"])
473 |> put_req_header("accept", "application/activity+json")
474 |> get("/users/#{user.nickname}/outbox")
476 assert response(conn, 200) =~ note_object.data["content"]
479 test "it returns an announce activity in a collection", %{conn: conn} do
480 announce_activity = insert(:announce_activity)
481 user = User.get_cached_by_ap_id(announce_activity.data["actor"])
485 |> put_req_header("accept", "application/activity+json")
486 |> get("/users/#{user.nickname}/outbox")
488 assert response(conn, 200) =~ announce_activity.data["object"]
491 test "it rejects posts from other users", %{conn: conn} do
492 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
494 otheruser = insert(:user)
498 |> assign(:user, otheruser)
499 |> put_req_header("content-type", "application/activity+json")
500 |> post("/users/#{user.nickname}/outbox", data)
502 assert json_response(conn, 403)
505 test "it inserts an incoming create activity into the database", %{conn: conn} do
506 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
511 |> assign(:user, user)
512 |> put_req_header("content-type", "application/activity+json")
513 |> post("/users/#{user.nickname}/outbox", data)
515 result = json_response(conn, 201)
516 assert Activity.get_by_ap_id(result["id"])
519 test "it rejects an incoming activity with bogus type", %{conn: conn} do
520 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
525 |> Map.put("type", "BadType")
529 |> assign(:user, user)
530 |> put_req_header("content-type", "application/activity+json")
531 |> post("/users/#{user.nickname}/outbox", data)
533 assert json_response(conn, 400)
536 test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
537 note_activity = insert(:note_activity)
538 note_object = Object.normalize(note_activity)
539 user = User.get_cached_by_ap_id(note_activity.data["actor"])
544 id: note_object.data["id"]
550 |> assign(:user, user)
551 |> put_req_header("content-type", "application/activity+json")
552 |> post("/users/#{user.nickname}/outbox", data)
554 result = json_response(conn, 201)
555 assert Activity.get_by_ap_id(result["id"])
557 assert object = Object.get_by_ap_id(note_object.data["id"])
558 assert object.data["type"] == "Tombstone"
561 test "it rejects delete activity of object from other actor", %{conn: conn} do
562 note_activity = insert(:note_activity)
563 note_object = Object.normalize(note_activity)
569 id: note_object.data["id"]
575 |> assign(:user, user)
576 |> put_req_header("content-type", "application/activity+json")
577 |> post("/users/#{user.nickname}/outbox", data)
579 assert json_response(conn, 400)
582 test "it increases like count when receiving a like action", %{conn: conn} do
583 note_activity = insert(:note_activity)
584 note_object = Object.normalize(note_activity)
585 user = User.get_cached_by_ap_id(note_activity.data["actor"])
590 id: note_object.data["id"]
596 |> assign(:user, user)
597 |> put_req_header("content-type", "application/activity+json")
598 |> post("/users/#{user.nickname}/outbox", data)
600 result = json_response(conn, 201)
601 assert Activity.get_by_ap_id(result["id"])
603 assert object = Object.get_by_ap_id(note_object.data["id"])
604 assert object.data["like_count"] == 1
608 describe "/relay/followers" do
609 test "it returns relay followers", %{conn: conn} do
610 relay_actor = Relay.get_actor()
612 User.follow(user, relay_actor)
616 |> assign(:relay, true)
617 |> get("/relay/followers")
618 |> json_response(200)
620 assert result["first"]["orderedItems"] == [user.ap_id]
624 describe "/relay/following" do
625 test "it returns relay following", %{conn: conn} do
628 |> assign(:relay, true)
629 |> get("/relay/following")
630 |> json_response(200)
632 assert result["first"]["orderedItems"] == []
636 describe "/users/:nickname/followers" do
637 test "it returns the followers in a collection", %{conn: conn} do
639 user_two = insert(:user)
640 User.follow(user, user_two)
644 |> get("/users/#{user_two.nickname}/followers")
645 |> json_response(200)
647 assert result["first"]["orderedItems"] == [user.ap_id]
650 test "it returns returns a uri if the user has 'hide_followers' set", %{conn: conn} do
652 user_two = insert(:user, %{info: %{hide_followers: true}})
653 User.follow(user, user_two)
657 |> get("/users/#{user_two.nickname}/followers")
658 |> json_response(200)
660 assert is_binary(result["first"])
663 test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is not authenticated",
665 user = insert(:user, %{info: %{hide_followers: true}})
669 |> get("/users/#{user.nickname}/followers?page=1")
671 assert result.status == 403
672 assert result.resp_body == ""
675 test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
677 user = insert(:user, %{info: %{hide_followers: true}})
678 other_user = insert(:user)
679 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
683 |> assign(:user, user)
684 |> get("/users/#{user.nickname}/followers?page=1")
685 |> json_response(200)
687 assert result["totalItems"] == 1
688 assert result["orderedItems"] == [other_user.ap_id]
691 test "it works for more than 10 users", %{conn: conn} do
694 Enum.each(1..15, fn _ ->
695 other_user = insert(:user)
696 User.follow(other_user, user)
701 |> get("/users/#{user.nickname}/followers")
702 |> json_response(200)
704 assert length(result["first"]["orderedItems"]) == 10
705 assert result["first"]["totalItems"] == 15
706 assert result["totalItems"] == 15
710 |> get("/users/#{user.nickname}/followers?page=2")
711 |> json_response(200)
713 assert length(result["orderedItems"]) == 5
714 assert result["totalItems"] == 15
718 describe "/users/:nickname/following" do
719 test "it returns the following in a collection", %{conn: conn} do
721 user_two = insert(:user)
722 User.follow(user, user_two)
726 |> get("/users/#{user.nickname}/following")
727 |> json_response(200)
729 assert result["first"]["orderedItems"] == [user_two.ap_id]
732 test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
733 user = insert(:user, %{info: %{hide_follows: true}})
734 user_two = insert(:user)
735 User.follow(user, user_two)
739 |> get("/users/#{user.nickname}/following")
740 |> json_response(200)
742 assert is_binary(result["first"])
745 test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is not authenticated",
747 user = insert(:user, %{info: %{hide_follows: true}})
751 |> get("/users/#{user.nickname}/following?page=1")
753 assert result.status == 403
754 assert result.resp_body == ""
757 test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
759 user = insert(:user, %{info: %{hide_follows: true}})
760 other_user = insert(:user)
761 {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
765 |> assign(:user, user)
766 |> get("/users/#{user.nickname}/following?page=1")
767 |> json_response(200)
769 assert result["totalItems"] == 1
770 assert result["orderedItems"] == [other_user.ap_id]
773 test "it works for more than 10 users", %{conn: conn} do
776 Enum.each(1..15, fn _ ->
777 user = User.get_cached_by_id(user.id)
778 other_user = insert(:user)
779 User.follow(user, other_user)
784 |> get("/users/#{user.nickname}/following")
785 |> json_response(200)
787 assert length(result["first"]["orderedItems"]) == 10
788 assert result["first"]["totalItems"] == 15
789 assert result["totalItems"] == 15
793 |> get("/users/#{user.nickname}/following?page=2")
794 |> json_response(200)
796 assert length(result["orderedItems"]) == 5
797 assert result["totalItems"] == 15