1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
5 alias Pleroma.Web.ActivityPub.ActivityPub
6 alias Pleroma.Web.ActivityPub.Builder
7 alias Pleroma.Web.ActivityPub.ObjectValidator
8 alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator
9 alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
10 alias Pleroma.Web.ActivityPub.Utils
11 alias Pleroma.Web.CommonAPI
13 import Pleroma.Factory
15 describe "attachments" do
16 test "it turns mastodon attachments into our attachments" do
19 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
22 "mediaType" => "image/jpeg"
26 AttachmentValidator.cast_and_validate(attachment)
27 |> Ecto.Changeset.apply_action(:insert)
32 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
34 mediaType: "image/jpeg"
40 describe "chat message create activities" do
41 test "it is invalid if the object already exists" do
43 recipient = insert(:user)
44 {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey")
45 object = Object.normalize(activity, false)
47 {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id])
49 {:error, cng} = ObjectValidator.validate(create_data, [])
51 assert {:object, {"The object to create already exists", []}} in cng.errors
54 test "it is invalid if the object data has a different `to` or `actor` field" do
56 recipient = insert(:user)
57 {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
59 {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
61 {:error, cng} = ObjectValidator.validate(create_data, [])
63 assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
64 assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
68 describe "chat messages" do
70 clear_config([:instance, :remote_limit])
72 recipient = insert(:user, local: false)
74 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:")
76 %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
79 test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
80 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
82 assert Map.put(valid_chat_message, "attachment", nil) == object
85 test "validates for a basic object with an attachment", %{
86 valid_chat_message: valid_chat_message,
90 content_type: "image/jpg",
91 path: Path.absname("test/fixtures/image.jpg"),
92 filename: "an_image.jpg"
95 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
99 |> Map.put("attachment", attachment.data)
101 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
103 assert object["attachment"]
106 test "does not validate if the message is longer than the remote_limit", %{
107 valid_chat_message: valid_chat_message
109 Pleroma.Config.put([:instance, :remote_limit], 2)
110 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
113 test "does not validate if the recipient is blocking the actor", %{
114 valid_chat_message: valid_chat_message,
118 Pleroma.User.block(recipient, user)
119 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
122 test "does not validate if the actor or the recipient is not in our system", %{
123 valid_chat_message: valid_chat_message
127 |> Map.put("actor", "https://raymoo.com/raymoo")
129 {:error, _} = ObjectValidator.validate(chat_message, [])
133 |> Map.put("to", ["https://raymoo.com/raymoo"])
135 {:error, _} = ObjectValidator.validate(chat_message, [])
138 test "does not validate for a message with multiple recipients", %{
139 valid_chat_message: valid_chat_message,
145 |> Map.put("to", [user.ap_id, recipient.ap_id])
147 assert {:error, _} = ObjectValidator.validate(chat_message, [])
150 test "does not validate if it doesn't concern local users" do
151 user = insert(:user, local: false)
152 recipient = insert(:user, local: false)
154 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
155 assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
159 describe "EmojiReacts" do
162 {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
164 object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
166 {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
168 %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
171 test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
172 assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
175 test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
178 |> Map.delete("content")
180 {:error, cng} = ObjectValidator.validate(without_content, [])
183 assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
186 test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
187 without_emoji_content =
189 |> Map.put("content", "x")
191 {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
195 assert {:content, {"must be a single character emoji", []}} in cng.errors
202 {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
203 {:ok, like} = CommonAPI.favorite(user, post_activity.id)
204 {:ok, valid_like_undo, []} = Builder.undo(user, like)
206 %{user: user, like: like, valid_like_undo: valid_like_undo}
209 test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
210 assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
213 test "it does not validate if the actor of the undo is not the actor of the object", %{
214 valid_like_undo: valid_like_undo
216 other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
220 |> Map.put("actor", other_user.ap_id)
222 {:error, cng} = ObjectValidator.validate(bad_actor, [])
224 assert {:actor, {"not the same as object actor", []}} in cng.errors
227 test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
230 |> Map.put("object", "https://gensokyo.2hu/objects/1")
232 {:error, cng} = ObjectValidator.validate(missing_object, [])
234 assert {:object, {"can't find object", []}} in cng.errors
235 assert length(cng.errors) == 1
239 describe "deletes" do
242 {:ok, post_activity} = CommonAPI.post(user, %{"status" => "cancel me daddy"})
244 {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
245 {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
247 %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
250 test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
251 {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
253 assert valid_post_delete["deleted_activity_id"]
256 test "it is invalid if the object isn't in a list of certain types", %{
257 valid_post_delete: valid_post_delete
259 object = Object.get_by_ap_id(valid_post_delete["object"])
263 |> Map.put("type", "Like")
267 |> Ecto.Changeset.change(%{data: data})
268 |> Object.update_and_set_cache()
270 {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
271 assert {:object, {"object not in allowed types", []}} in cng.errors
274 test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
275 assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
278 test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
283 {:error, cng} = ObjectValidator.validate(no_id, [])
285 assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
288 test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
291 |> Map.put("object", "http://does.not/exist")
293 {:error, cng} = ObjectValidator.validate(missing_object, [])
295 assert {:object, {"can't find object", []}} in cng.errors
298 test "it's invalid if the actor of the object and the actor of delete are from different domains",
299 %{valid_post_delete: valid_post_delete} do
300 valid_user = insert(:user)
304 |> Map.put("actor", valid_user.ap_id)
306 assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
308 invalid_other_actor =
310 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
312 {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
314 assert {:actor, {"is not allowed to delete object", []}} in cng.errors
317 test "it's valid if the actor of the object is a local superuser",
318 %{valid_post_delete: valid_post_delete} do
320 insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
324 |> Map.put("actor", user.ap_id)
326 {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
327 assert meta[:do_not_federate]
334 {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
337 "to" => [user.ap_id],
340 "id" => Utils.generate_activity_id(),
341 "object" => post_activity.data["object"],
342 "actor" => user.ap_id,
343 "context" => "a context"
346 %{valid_like: valid_like, user: user, post_activity: post_activity}
349 test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
350 {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
352 assert "id" in Map.keys(object)
355 test "is valid for a valid object", %{valid_like: valid_like} do
356 assert LikeValidator.cast_and_validate(valid_like).valid?
359 test "sets the 'to' field to the object actor if no recipients are given", %{
360 valid_like: valid_like,
367 {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
369 assert object["to"] == [user.ap_id]
372 test "sets the context field to the context of the object if no context is given", %{
373 valid_like: valid_like,
374 post_activity: post_activity
378 |> Map.delete("context")
380 {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
382 assert object["context"] == post_activity.data["context"]
385 test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
386 without_actor = Map.delete(valid_like, "actor")
388 refute LikeValidator.cast_and_validate(without_actor).valid?
390 with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
392 refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
395 test "it errors when the object is missing or not known", %{valid_like: valid_like} do
396 without_object = Map.delete(valid_like, "object")
398 refute LikeValidator.cast_and_validate(without_object).valid?
400 with_invalid_object = Map.put(valid_like, "object", "invalidobject")
402 refute LikeValidator.cast_and_validate(with_invalid_object).valid?
405 test "it errors when the actor has already like the object", %{
406 valid_like: valid_like,
408 post_activity: post_activity
410 _like = CommonAPI.favorite(user, post_activity.id)
412 refute LikeValidator.cast_and_validate(valid_like).valid?
415 test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
418 |> Map.put("actor", %{"id" => valid_like["actor"]})
419 |> Map.put("object", %{"id" => valid_like["object"]})
421 validated = LikeValidator.cast_and_validate(wrapped_like)
423 assert validated.valid?
425 assert {:actor, valid_like["actor"]} in validated.changes
426 assert {:object, valid_like["object"]} in validated.changes