projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into chat-federation...
[akkoma] / test / web / activity_pub / object_validator_test.exs
1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
2 use Pleroma.DataCase
3
4 alias Pleroma.Object
5 alias Pleroma.Web.ActivityPub.ActivityPub
6 alias Pleroma.Web.ActivityPub.Builder
7 alias Pleroma.Web.ActivityPub.ObjectValidator
8 alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator
9 alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
10 alias Pleroma.Web.ActivityPub.Utils
11 alias Pleroma.Web.CommonAPI
12
13 import Pleroma.Factory
14
15 describe "attachments" do
16 test "works with honkerific attachments" do
17 attachment = %{
18 "mediaType" => "",
19 "name" => "",
20 "summary" => "298p3RG7j27tfsZ9RQ.jpg",
21 "type" => "Document",
22 "url" => "https://honk.tedunangst.com/d/298p3RG7j27tfsZ9RQ.jpg"
23 }
24
25 assert {:ok, attachment} =
26 AttachmentValidator.cast_and_validate(attachment)
27 |> Ecto.Changeset.apply_action(:insert)
28
29 assert attachment.mediaType == "application/octet-stream"
30 end
31
32 test "it turns mastodon attachments into our attachments" do
33 attachment = %{
34 "url" =>
35 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
36 "type" => "Document",
37 "name" => nil,
38 "mediaType" => "image/jpeg"
39 }
40
41 {:ok, attachment} =
42 AttachmentValidator.cast_and_validate(attachment)
43 |> Ecto.Changeset.apply_action(:insert)
44
45 assert [
46 %{
47 href:
48 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
49 type: "Link",
50 mediaType: "image/jpeg"
51 }
52 ] = attachment.url
53
54 assert attachment.mediaType == "image/jpeg"
55 end
56
57 test "it handles our own uploads" do
58 user = insert(:user)
59
60 file = %Plug.Upload{
61 content_type: "image/jpg",
62 path: Path.absname("test/fixtures/image.jpg"),
63 filename: "an_image.jpg"
64 }
65
66 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
67
68 {:ok, attachment} =
69 attachment.data
70 |> AttachmentValidator.cast_and_validate()
71 |> Ecto.Changeset.apply_action(:insert)
72
73 assert attachment.mediaType == "image/jpeg"
74 end
75 end
76
77 describe "chat message create activities" do
78 test "it is invalid if the object already exists" do
79 user = insert(:user)
80 recipient = insert(:user)
81 {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey")
82 object = Object.normalize(activity, false)
83
84 {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id])
85
86 {:error, cng} = ObjectValidator.validate(create_data, [])
87
88 assert {:object, {"The object to create already exists", []}} in cng.errors
89 end
90
91 test "it is invalid if the object data has a different `to` or `actor` field" do
92 user = insert(:user)
93 recipient = insert(:user)
94 {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
95
96 {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
97
98 {:error, cng} = ObjectValidator.validate(create_data, [])
99
100 assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
101 assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
102 end
103 end
104
105 describe "chat messages" do
106 setup do
107 clear_config([:instance, :remote_limit])
108 user = insert(:user)
109 recipient = insert(:user, local: false)
110
111 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:")
112
113 %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
114 end
115
116 test "let's through some basic html", %{user: user, recipient: recipient} do
117 {:ok, valid_chat_message, _} =
118 Builder.chat_message(
119 user,
120 recipient.ap_id,
121 "hey <a href='https://example.org'>example</a> <script>alert('uguu')</script>"
122 )
123
124 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
125
126 assert object["content"] ==
127 "hey <a href=\"https://example.org\">example</a> alert(&#39;uguu&#39;)"
128 end
129
130 test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
131 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
132
133 assert Map.put(valid_chat_message, "attachment", nil) == object
134 end
135
136 test "validates for a basic object with an attachment", %{
137 valid_chat_message: valid_chat_message,
138 user: user
139 } do
140 file = %Plug.Upload{
141 content_type: "image/jpg",
142 path: Path.absname("test/fixtures/image.jpg"),
143 filename: "an_image.jpg"
144 }
145
146 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
147
148 valid_chat_message =
149 valid_chat_message
150 |> Map.put("attachment", attachment.data)
151
152 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
153
154 assert object["attachment"]
155 end
156
157 test "validates for a basic object with an attachment in an array", %{
158 valid_chat_message: valid_chat_message,
159 user: user
160 } do
161 file = %Plug.Upload{
162 content_type: "image/jpg",
163 path: Path.absname("test/fixtures/image.jpg"),
164 filename: "an_image.jpg"
165 }
166
167 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
168
169 valid_chat_message =
170 valid_chat_message
171 |> Map.put("attachment", [attachment.data])
172
173 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
174
175 assert object["attachment"]
176 end
177
178 test "validates for a basic object with an attachment but without content", %{
179 valid_chat_message: valid_chat_message,
180 user: user
181 } do
182 file = %Plug.Upload{
183 content_type: "image/jpg",
184 path: Path.absname("test/fixtures/image.jpg"),
185 filename: "an_image.jpg"
186 }
187
188 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
189
190 valid_chat_message =
191 valid_chat_message
192 |> Map.put("attachment", attachment.data)
193 |> Map.delete("content")
194
195 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
196
197 assert object["attachment"]
198 end
199
200 test "does not validate if the message has no content", %{
201 valid_chat_message: valid_chat_message
202 } do
203 contentless =
204 valid_chat_message
205 |> Map.delete("content")
206
207 refute match?({:ok, _object, _meta}, ObjectValidator.validate(contentless, []))
208 end
209
210 test "does not validate if the message is longer than the remote_limit", %{
211 valid_chat_message: valid_chat_message
212 } do
213 Pleroma.Config.put([:instance, :remote_limit], 2)
214 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
215 end
216
217 test "does not validate if the recipient is blocking the actor", %{
218 valid_chat_message: valid_chat_message,
219 user: user,
220 recipient: recipient
221 } do
222 Pleroma.User.block(recipient, user)
223 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
224 end
225
226 test "does not validate if the recipient is not accepting chat messages", %{
227 valid_chat_message: valid_chat_message,
228 recipient: recipient
229 } do
230 recipient
231 |> Ecto.Changeset.change(%{accepts_chat_messages: false})
232 |> Pleroma.Repo.update!()
233
234 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
235 end
236
237 test "does not validate if the actor or the recipient is not in our system", %{
238 valid_chat_message: valid_chat_message
239 } do
240 chat_message =
241 valid_chat_message
242 |> Map.put("actor", "https://raymoo.com/raymoo")
243
244 {:error, _} = ObjectValidator.validate(chat_message, [])
245
246 chat_message =
247 valid_chat_message
248 |> Map.put("to", ["https://raymoo.com/raymoo"])
249
250 {:error, _} = ObjectValidator.validate(chat_message, [])
251 end
252
253 test "does not validate for a message with multiple recipients", %{
254 valid_chat_message: valid_chat_message,
255 user: user,
256 recipient: recipient
257 } do
258 chat_message =
259 valid_chat_message
260 |> Map.put("to", [user.ap_id, recipient.ap_id])
261
262 assert {:error, _} = ObjectValidator.validate(chat_message, [])
263 end
264
265 test "does not validate if it doesn't concern local users" do
266 user = insert(:user, local: false)
267 recipient = insert(:user, local: false)
268
269 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
270 assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
271 end
272 end
273
274 describe "EmojiReacts" do
275 setup do
276 user = insert(:user)
277 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
278
279 object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
280
281 {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
282
283 %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
284 end
285
286 test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
287 assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
288 end
289
290 test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
291 without_content =
292 valid_emoji_react
293 |> Map.delete("content")
294
295 {:error, cng} = ObjectValidator.validate(without_content, [])
296
297 refute cng.valid?
298 assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
299 end
300
301 test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
302 without_emoji_content =
303 valid_emoji_react
304 |> Map.put("content", "x")
305
306 {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
307
308 refute cng.valid?
309
310 assert {:content, {"must be a single character emoji", []}} in cng.errors
311 end
312 end
313
314 describe "Undos" do
315 setup do
316 user = insert(:user)
317 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
318 {:ok, like} = CommonAPI.favorite(user, post_activity.id)
319 {:ok, valid_like_undo, []} = Builder.undo(user, like)
320
321 %{user: user, like: like, valid_like_undo: valid_like_undo}
322 end
323
324 test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
325 assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
326 end
327
328 test "it does not validate if the actor of the undo is not the actor of the object", %{
329 valid_like_undo: valid_like_undo
330 } do
331 other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
332
333 bad_actor =
334 valid_like_undo
335 |> Map.put("actor", other_user.ap_id)
336
337 {:error, cng} = ObjectValidator.validate(bad_actor, [])
338
339 assert {:actor, {"not the same as object actor", []}} in cng.errors
340 end
341
342 test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
343 missing_object =
344 valid_like_undo
345 |> Map.put("object", "https://gensokyo.2hu/objects/1")
346
347 {:error, cng} = ObjectValidator.validate(missing_object, [])
348
349 assert {:object, {"can't find object", []}} in cng.errors
350 assert length(cng.errors) == 1
351 end
352 end
353
354 describe "deletes" do
355 setup do
356 user = insert(:user)
357 {:ok, post_activity} = CommonAPI.post(user, %{status: "cancel me daddy"})
358
359 {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
360 {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
361
362 %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
363 end
364
365 test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
366 {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
367
368 assert valid_post_delete["deleted_activity_id"]
369 end
370
371 test "it is invalid if the object isn't in a list of certain types", %{
372 valid_post_delete: valid_post_delete
373 } do
374 object = Object.get_by_ap_id(valid_post_delete["object"])
375
376 data =
377 object.data
378 |> Map.put("type", "Like")
379
380 {:ok, _object} =
381 object
382 |> Ecto.Changeset.change(%{data: data})
383 |> Object.update_and_set_cache()
384
385 {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
386 assert {:object, {"object not in allowed types", []}} in cng.errors
387 end
388
389 test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
390 assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
391 end
392
393 test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
394 no_id =
395 valid_post_delete
396 |> Map.delete("id")
397
398 {:error, cng} = ObjectValidator.validate(no_id, [])
399
400 assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
401 end
402
403 test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
404 missing_object =
405 valid_post_delete
406 |> Map.put("object", "http://does.not/exist")
407
408 {:error, cng} = ObjectValidator.validate(missing_object, [])
409
410 assert {:object, {"can't find object", []}} in cng.errors
411 end
412
413 test "it's invalid if the actor of the object and the actor of delete are from different domains",
414 %{valid_post_delete: valid_post_delete} do
415 valid_user = insert(:user)
416
417 valid_other_actor =
418 valid_post_delete
419 |> Map.put("actor", valid_user.ap_id)
420
421 assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
422
423 invalid_other_actor =
424 valid_post_delete
425 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
426
427 {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
428
429 assert {:actor, {"is not allowed to delete object", []}} in cng.errors
430 end
431
432 test "it's valid if the actor of the object is a local superuser",
433 %{valid_post_delete: valid_post_delete} do
434 user =
435 insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
436
437 valid_other_actor =
438 valid_post_delete
439 |> Map.put("actor", user.ap_id)
440
441 {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
442 assert meta[:do_not_federate]
443 end
444 end
445
446 describe "likes" do
447 setup do
448 user = insert(:user)
449 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
450
451 valid_like = %{
452 "to" => [user.ap_id],
453 "cc" => [],
454 "type" => "Like",
455 "id" => Utils.generate_activity_id(),
456 "object" => post_activity.data["object"],
457 "actor" => user.ap_id,
458 "context" => "a context"
459 }
460
461 %{valid_like: valid_like, user: user, post_activity: post_activity}
462 end
463
464 test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
465 {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
466
467 assert "id" in Map.keys(object)
468 end
469
470 test "is valid for a valid object", %{valid_like: valid_like} do
471 assert LikeValidator.cast_and_validate(valid_like).valid?
472 end
473
474 test "sets the 'to' field to the object actor if no recipients are given", %{
475 valid_like: valid_like,
476 user: user
477 } do
478 without_recipients =
479 valid_like
480 |> Map.delete("to")
481
482 {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
483
484 assert object["to"] == [user.ap_id]
485 end
486
487 test "sets the context field to the context of the object if no context is given", %{
488 valid_like: valid_like,
489 post_activity: post_activity
490 } do
491 without_context =
492 valid_like
493 |> Map.delete("context")
494
495 {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
496
497 assert object["context"] == post_activity.data["context"]
498 end
499
500 test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
501 without_actor = Map.delete(valid_like, "actor")
502
503 refute LikeValidator.cast_and_validate(without_actor).valid?
504
505 with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
506
507 refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
508 end
509
510 test "it errors when the object is missing or not known", %{valid_like: valid_like} do
511 without_object = Map.delete(valid_like, "object")
512
513 refute LikeValidator.cast_and_validate(without_object).valid?
514
515 with_invalid_object = Map.put(valid_like, "object", "invalidobject")
516
517 refute LikeValidator.cast_and_validate(with_invalid_object).valid?
518 end
519
520 test "it errors when the actor has already like the object", %{
521 valid_like: valid_like,
522 user: user,
523 post_activity: post_activity
524 } do
525 _like = CommonAPI.favorite(user, post_activity.id)
526
527 refute LikeValidator.cast_and_validate(valid_like).valid?
528 end
529
530 test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
531 wrapped_like =
532 valid_like
533 |> Map.put("actor", %{"id" => valid_like["actor"]})
534 |> Map.put("object", %{"id" => valid_like["object"]})
535
536 validated = LikeValidator.cast_and_validate(wrapped_like)
537
538 assert validated.valid?
539
540 assert {:actor, valid_like["actor"]} in validated.changes
541 assert {:object, valid_like["object"]} in validated.changes
542 end
543 end
544
545 describe "announces" do
546 setup do
547 user = insert(:user)
548 announcer = insert(:user)
549 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
550
551 object = Object.normalize(post_activity, false)
552 {:ok, valid_announce, []} = Builder.announce(announcer, object)
553
554 %{
555 valid_announce: valid_announce,
556 user: user,
557 post_activity: post_activity,
558 announcer: announcer
559 }
560 end
561
562 test "returns ok for a valid announce", %{valid_announce: valid_announce} do
563 assert {:ok, _object, _meta} = ObjectValidator.validate(valid_announce, [])
564 end
565
566 test "returns an error if the object can't be found", %{valid_announce: valid_announce} do
567 without_object =
568 valid_announce
569 |> Map.delete("object")
570
571 {:error, cng} = ObjectValidator.validate(without_object, [])
572
573 assert {:object, {"can't be blank", [validation: :required]}} in cng.errors
574
575 nonexisting_object =
576 valid_announce
577 |> Map.put("object", "https://gensokyo.2hu/objects/99999999")
578
579 {:error, cng} = ObjectValidator.validate(nonexisting_object, [])
580
581 assert {:object, {"can't find object", []}} in cng.errors
582 end
583
584 test "returns an error if we don't have the actor", %{valid_announce: valid_announce} do
585 nonexisting_actor =
586 valid_announce
587 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
588
589 {:error, cng} = ObjectValidator.validate(nonexisting_actor, [])
590
591 assert {:actor, {"can't find user", []}} in cng.errors
592 end
593
594 test "returns an error if the actor already announced the object", %{
595 valid_announce: valid_announce,
596 announcer: announcer,
597 post_activity: post_activity
598 } do
599 _announce = CommonAPI.repeat(post_activity.id, announcer)
600
601 {:error, cng} = ObjectValidator.validate(valid_announce, [])
602
603 assert {:actor, {"already announced this object", []}} in cng.errors
604 assert {:object, {"already announced by this actor", []}} in cng.errors
605 end
606
607 test "returns an error if the actor can't announce the object", %{
608 announcer: announcer,
609 user: user
610 } do
611 {:ok, post_activity} =
612 CommonAPI.post(user, %{status: "a secret post", visibility: "private"})
613
614 object = Object.normalize(post_activity, false)
615
616 # Another user can't announce it
617 {:ok, announce, []} = Builder.announce(announcer, object, public: false)
618
619 {:error, cng} = ObjectValidator.validate(announce, [])
620
621 assert {:actor, {"can not announce this object", []}} in cng.errors
622
623 # The actor of the object can announce it
624 {:ok, announce, []} = Builder.announce(user, object, public: false)
625
626 assert {:ok, _, _} = ObjectValidator.validate(announce, [])
627
628 # The actor of the object can not announce it publicly
629 {:ok, announce, []} = Builder.announce(user, object, public: true)
630
631 {:error, cng} = ObjectValidator.validate(announce, [])
632
633 assert {:actor, {"can not announce this object publicly", []}} in cng.errors
634 end
635 end
636
637 describe "updates" do
638 setup do
639 user = insert(:user)
640
641 object = %{
642 "id" => user.ap_id,
643 "name" => "A new name",
644 "summary" => "A new bio"
645 }
646
647 {:ok, valid_update, []} = Builder.update(user, object)
648
649 %{user: user, valid_update: valid_update}
650 end
651
652 test "validates a basic object", %{valid_update: valid_update} do
653 assert {:ok, _update, []} = ObjectValidator.validate(valid_update, [])
654 end
655
656 test "returns an error if the object can't be updated by the actor", %{
657 valid_update: valid_update
658 } do
659 other_user = insert(:user)
660
661 update =
662 valid_update
663 |> Map.put("actor", other_user.ap_id)
664
665 assert {:error, _cng} = ObjectValidator.validate(update, [])
666 end
667 end
668
669 describe "blocks" do
670 setup do
671 user = insert(:user, local: false)
672 blocked = insert(:user)
673
674 {:ok, valid_block, []} = Builder.block(user, blocked)
675
676 %{user: user, valid_block: valid_block}
677 end
678
679 test "validates a basic object", %{
680 valid_block: valid_block
681 } do
682 assert {:ok, _block, []} = ObjectValidator.validate(valid_block, [])
683 end
684
685 test "returns an error if we don't know the blocked user", %{
686 valid_block: valid_block
687 } do
688 block =
689 valid_block
690 |> Map.put("object", "https://gensokyo.2hu/users/raymoo")
691
692 assert {:error, _cng} = ObjectValidator.validate(block, [])
693 end
694 end
695 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git