git.squeep.com Git - akkoma/blob - test/web/activity_pub/object_validator_test.exs

   1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
   2   use Pleroma.DataCase
   3
   4   alias Pleroma.Object
   5   alias Pleroma.Web.ActivityPub.ActivityPub
   6   alias Pleroma.Web.ActivityPub.Builder
   7   alias Pleroma.Web.ActivityPub.ObjectValidator
   8   alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator
   9   alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
  10   alias Pleroma.Web.ActivityPub.Utils
  11   alias Pleroma.Web.CommonAPI
  12
  13   import Pleroma.Factory
  14
  15   describe "attachments" do
  16     test "it turns mastodon attachments into our attachments" do
  17       attachment = %{
  18         "url" =>
  19           "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
  20         "type" => "Document",
  21         "name" => nil,
  22         "mediaType" => "image/jpeg"
  23       }
  24
  25       {:ok, attachment} =
  26         AttachmentValidator.cast_and_validate(attachment)
  27         |> Ecto.Changeset.apply_action(:insert)
  28
  29       assert [
  30                %{
  31                  href:
  32                    "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
  33                  type: "Link",
  34                  mediaType: "image/jpeg"
  35                }
  36              ] = attachment.url
  37     end
  38   end
  39
  40   describe "chat message create activities" do
  41     test "it is invalid if the object already exists" do
  42       user = insert(:user)
  43       recipient = insert(:user)
  44       {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey")
  45       object = Object.normalize(activity, false)
  46
  47       {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id])
  48
  49       {:error, cng} = ObjectValidator.validate(create_data, [])
  50
  51       assert {:object, {"The object to create already exists", []}} in cng.errors
  52     end
  53
  54     test "it is invalid if the object data has a different `to` or `actor` field" do
  55       user = insert(:user)
  56       recipient = insert(:user)
  57       {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
  58
  59       {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
  60
  61       {:error, cng} = ObjectValidator.validate(create_data, [])
  62
  63       assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
  64       assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
  65     end
  66   end
  67
  68   describe "chat messages" do
  69     setup do
  70       clear_config([:instance, :remote_limit])
  71       user = insert(:user)
  72       recipient = insert(:user, local: false)
  73
  74       {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:")
  75
  76       %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
  77     end
  78
  79     test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
  80       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
  81
  82       assert Map.put(valid_chat_message, "attachment", nil) == object
  83     end
  84
  85     test "validates for a basic object with an attachment", %{
  86       valid_chat_message: valid_chat_message,
  87       user: user
  88     } do
  89       file = %Plug.Upload{
  90         content_type: "image/jpg",
  91         path: Path.absname("test/fixtures/image.jpg"),
  92         filename: "an_image.jpg"
  93       }
  94
  95       {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
  96
  97       valid_chat_message =
  98         valid_chat_message
  99         |> Map.put("attachment", attachment.data)
 100
 101       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
 102
 103       assert object["attachment"]
 104     end
 105
 106     test "does not validate if the message is longer than the remote_limit", %{
 107       valid_chat_message: valid_chat_message
 108     } do
 109       Pleroma.Config.put([:instance, :remote_limit], 2)
 110       refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
 111     end
 112
 113     test "does not validate if the recipient is blocking the actor", %{
 114       valid_chat_message: valid_chat_message,
 115       user: user,
 116       recipient: recipient
 117     } do
 118       Pleroma.User.block(recipient, user)
 119       refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
 120     end
 121
 122     test "does not validate if the actor or the recipient is not in our system", %{
 123       valid_chat_message: valid_chat_message
 124     } do
 125       chat_message =
 126         valid_chat_message
 127         |> Map.put("actor", "https://raymoo.com/raymoo")
 128
 129       {:error, _} = ObjectValidator.validate(chat_message, [])
 130
 131       chat_message =
 132         valid_chat_message
 133         |> Map.put("to", ["https://raymoo.com/raymoo"])
 134
 135       {:error, _} = ObjectValidator.validate(chat_message, [])
 136     end
 137
 138     test "does not validate for a message with multiple recipients", %{
 139       valid_chat_message: valid_chat_message,
 140       user: user,
 141       recipient: recipient
 142     } do
 143       chat_message =
 144         valid_chat_message
 145         |> Map.put("to", [user.ap_id, recipient.ap_id])
 146
 147       assert {:error, _} = ObjectValidator.validate(chat_message, [])
 148     end
 149
 150     test "does not validate if it doesn't concern local users" do
 151       user = insert(:user, local: false)
 152       recipient = insert(:user, local: false)
 153
 154       {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
 155       assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
 156     end
 157   end
 158
 159   describe "EmojiReacts" do
 160     setup do
 161       user = insert(:user)
 162       {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
 163
 164       object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
 165
 166       {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
 167
 168       %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
 169     end
 170
 171     test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
 172       assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
 173     end
 174
 175     test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
 176       without_content =
 177         valid_emoji_react
 178         |> Map.delete("content")
 179
 180       {:error, cng} = ObjectValidator.validate(without_content, [])
 181
 182       refute cng.valid?
 183       assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
 184     end
 185
 186     test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
 187       without_emoji_content =
 188         valid_emoji_react
 189         |> Map.put("content", "x")
 190
 191       {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
 192
 193       refute cng.valid?
 194
 195       assert {:content, {"must be a single character emoji", []}} in cng.errors
 196     end
 197   end
 198
 199   describe "Undos" do
 200     setup do
 201       user = insert(:user)
 202       {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
 203       {:ok, like} = CommonAPI.favorite(user, post_activity.id)
 204       {:ok, valid_like_undo, []} = Builder.undo(user, like)
 205
 206       %{user: user, like: like, valid_like_undo: valid_like_undo}
 207     end
 208
 209     test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
 210       assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
 211     end
 212
 213     test "it does not validate if the actor of the undo is not the actor of the object", %{
 214       valid_like_undo: valid_like_undo
 215     } do
 216       other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
 217
 218       bad_actor =
 219         valid_like_undo
 220         |> Map.put("actor", other_user.ap_id)
 221
 222       {:error, cng} = ObjectValidator.validate(bad_actor, [])
 223
 224       assert {:actor, {"not the same as object actor", []}} in cng.errors
 225     end
 226
 227     test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
 228       missing_object =
 229         valid_like_undo
 230         |> Map.put("object", "https://gensokyo.2hu/objects/1")
 231
 232       {:error, cng} = ObjectValidator.validate(missing_object, [])
 233
 234       assert {:object, {"can't find object", []}} in cng.errors
 235       assert length(cng.errors) == 1
 236     end
 237   end
 238
 239   describe "deletes" do
 240     setup do
 241       user = insert(:user)
 242       {:ok, post_activity} = CommonAPI.post(user, %{"status" => "cancel me daddy"})
 243
 244       {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
 245       {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
 246
 247       %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
 248     end
 249
 250     test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
 251       {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
 252
 253       assert valid_post_delete["deleted_activity_id"]
 254     end
 255
 256     test "it is invalid if the object isn't in a list of certain types", %{
 257       valid_post_delete: valid_post_delete
 258     } do
 259       object = Object.get_by_ap_id(valid_post_delete["object"])
 260
 261       data =
 262         object.data
 263         |> Map.put("type", "Like")
 264
 265       {:ok, _object} =
 266         object
 267         |> Ecto.Changeset.change(%{data: data})
 268         |> Object.update_and_set_cache()
 269
 270       {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
 271       assert {:object, {"object not in allowed types", []}} in cng.errors
 272     end
 273
 274     test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
 275       assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
 276     end
 277
 278     test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
 279       no_id =
 280         valid_post_delete
 281         |> Map.delete("id")
 282
 283       {:error, cng} = ObjectValidator.validate(no_id, [])
 284
 285       assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
 286     end
 287
 288     test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
 289       missing_object =
 290         valid_post_delete
 291         |> Map.put("object", "http://does.not/exist")
 292
 293       {:error, cng} = ObjectValidator.validate(missing_object, [])
 294
 295       assert {:object, {"can't find object", []}} in cng.errors
 296     end
 297
 298     test "it's invalid if the actor of the object and the actor of delete are from different domains",
 299          %{valid_post_delete: valid_post_delete} do
 300       valid_user = insert(:user)
 301
 302       valid_other_actor =
 303         valid_post_delete
 304         |> Map.put("actor", valid_user.ap_id)
 305
 306       assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
 307
 308       invalid_other_actor =
 309         valid_post_delete
 310         |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
 311
 312       {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
 313
 314       assert {:actor, {"is not allowed to delete object", []}} in cng.errors
 315     end
 316
 317     test "it's valid if the actor of the object is a local superuser",
 318          %{valid_post_delete: valid_post_delete} do
 319       user =
 320         insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
 321
 322       valid_other_actor =
 323         valid_post_delete
 324         |> Map.put("actor", user.ap_id)
 325
 326       {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
 327       assert meta[:do_not_federate]
 328     end
 329   end
 330
 331   describe "likes" do
 332     setup do
 333       user = insert(:user)
 334       {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
 335
 336       valid_like = %{
 337         "to" => [user.ap_id],
 338         "cc" => [],
 339         "type" => "Like",
 340         "id" => Utils.generate_activity_id(),
 341         "object" => post_activity.data["object"],
 342         "actor" => user.ap_id,
 343         "context" => "a context"
 344       }
 345
 346       %{valid_like: valid_like, user: user, post_activity: post_activity}
 347     end
 348
 349     test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
 350       {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
 351
 352       assert "id" in Map.keys(object)
 353     end
 354
 355     test "is valid for a valid object", %{valid_like: valid_like} do
 356       assert LikeValidator.cast_and_validate(valid_like).valid?
 357     end
 358
 359     test "sets the 'to' field to the object actor if no recipients are given", %{
 360       valid_like: valid_like,
 361       user: user
 362     } do
 363       without_recipients =
 364         valid_like
 365         |> Map.delete("to")
 366
 367       {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
 368
 369       assert object["to"] == [user.ap_id]
 370     end
 371
 372     test "sets the context field to the context of the object if no context is given", %{
 373       valid_like: valid_like,
 374       post_activity: post_activity
 375     } do
 376       without_context =
 377         valid_like
 378         |> Map.delete("context")
 379
 380       {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
 381
 382       assert object["context"] == post_activity.data["context"]
 383     end
 384
 385     test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
 386       without_actor = Map.delete(valid_like, "actor")
 387
 388       refute LikeValidator.cast_and_validate(without_actor).valid?
 389
 390       with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
 391
 392       refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
 393     end
 394
 395     test "it errors when the object is missing or not known", %{valid_like: valid_like} do
 396       without_object = Map.delete(valid_like, "object")
 397
 398       refute LikeValidator.cast_and_validate(without_object).valid?
 399
 400       with_invalid_object = Map.put(valid_like, "object", "invalidobject")
 401
 402       refute LikeValidator.cast_and_validate(with_invalid_object).valid?
 403     end
 404
 405     test "it errors when the actor has already like the object", %{
 406       valid_like: valid_like,
 407       user: user,
 408       post_activity: post_activity
 409     } do
 410       _like = CommonAPI.favorite(user, post_activity.id)
 411
 412       refute LikeValidator.cast_and_validate(valid_like).valid?
 413     end
 414
 415     test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
 416       wrapped_like =
 417         valid_like
 418         |> Map.put("actor", %{"id" => valid_like["actor"]})
 419         |> Map.put("object", %{"id" => valid_like["object"]})
 420
 421       validated = LikeValidator.cast_and_validate(wrapped_like)
 422
 423       assert validated.valid?
 424
 425       assert {:actor, valid_like["actor"]} in validated.changes
 426       assert {:object, valid_like["object"]} in validated.changes
 427     end
 428   end
 429 end