1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
5 alias Pleroma.Web.ActivityPub.ActivityPub
6 alias Pleroma.Web.ActivityPub.Builder
7 alias Pleroma.Web.ActivityPub.ObjectValidator
8 alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator
9 alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
10 alias Pleroma.Web.ActivityPub.Utils
11 alias Pleroma.Web.CommonAPI
13 import Pleroma.Factory
15 describe "attachments" do
16 test "it turns mastodon attachments into our attachments" do
19 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
22 "mediaType" => "image/jpeg"
26 AttachmentValidator.cast_and_validate(attachment)
27 |> Ecto.Changeset.apply_action(:insert)
32 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
34 mediaType: "image/jpeg"
40 describe "chat message create activities" do
41 test "it is invalid if the object already exists" do
43 recipient = insert(:user)
44 {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey")
45 object = Object.normalize(activity, false)
47 {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id])
49 {:error, cng} = ObjectValidator.validate(create_data, [])
51 assert {:object, {"The object to create already exists", []}} in cng.errors
54 test "it is invalid if the object data has a different `to` or `actor` field" do
56 recipient = insert(:user)
57 {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
59 {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
61 {:error, cng} = ObjectValidator.validate(create_data, [])
63 assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
64 assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
68 describe "chat messages" do
70 clear_config([:instance, :remote_limit])
72 recipient = insert(:user, local: false)
74 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:")
76 %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
79 test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
80 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
82 assert Map.put(valid_chat_message, "attachment", nil) == object
85 test "validates for a basic object with an attachment", %{
86 valid_chat_message: valid_chat_message,
90 content_type: "image/jpg",
91 path: Path.absname("test/fixtures/image.jpg"),
92 filename: "an_image.jpg"
95 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
99 |> Map.put("attachment", attachment.data)
101 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
103 assert object["attachment"]
106 test "does not validate if the message is longer than the remote_limit", %{
107 valid_chat_message: valid_chat_message
109 Pleroma.Config.put([:instance, :remote_limit], 2)
110 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
113 test "does not validate if the recipient is blocking the actor", %{
114 valid_chat_message: valid_chat_message,
118 Pleroma.User.block(recipient, user)
119 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
122 test "does not validate if the actor or the recipient is not in our system", %{
123 valid_chat_message: valid_chat_message
127 |> Map.put("actor", "https://raymoo.com/raymoo")
129 {:error, _} = ObjectValidator.validate(chat_message, [])
133 |> Map.put("to", ["https://raymoo.com/raymoo"])
135 {:error, _} = ObjectValidator.validate(chat_message, [])
138 test "does not validate for a message with multiple recipients", %{
139 valid_chat_message: valid_chat_message,
145 |> Map.put("to", [user.ap_id, recipient.ap_id])
147 assert {:error, _} = ObjectValidator.validate(chat_message, [])
150 test "does not validate if it doesn't concern local users" do
151 user = insert(:user, local: false)
152 recipient = insert(:user, local: false)
154 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
155 assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
159 describe "deletes" do
162 {:ok, post_activity} = CommonAPI.post(user, %{"status" => "cancel me daddy"})
164 {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
165 {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
167 %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
170 test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
171 {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
173 assert valid_post_delete["deleted_activity_id"]
176 test "it is invalid if the object isn't in a list of certain types", %{
177 valid_post_delete: valid_post_delete
179 object = Object.get_by_ap_id(valid_post_delete["object"])
183 |> Map.put("type", "Like")
187 |> Ecto.Changeset.change(%{data: data})
188 |> Object.update_and_set_cache()
190 {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
191 assert {:object, {"object not in allowed types", []}} in cng.errors
194 test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
195 assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
198 test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
203 {:error, cng} = ObjectValidator.validate(no_id, [])
205 assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
208 test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
211 |> Map.put("object", "http://does.not/exist")
213 {:error, cng} = ObjectValidator.validate(missing_object, [])
215 assert {:object, {"can't find object", []}} in cng.errors
218 test "it's invalid if the actor of the object and the actor of delete are from different domains",
219 %{valid_post_delete: valid_post_delete} do
220 valid_user = insert(:user)
224 |> Map.put("actor", valid_user.ap_id)
226 assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
228 invalid_other_actor =
230 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
232 {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
234 assert {:actor, {"is not allowed to delete object", []}} in cng.errors
237 test "it's valid if the actor of the object is a local superuser",
238 %{valid_post_delete: valid_post_delete} do
240 insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
244 |> Map.put("actor", user.ap_id)
246 {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
247 assert meta[:do_not_federate]
254 {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
257 "to" => [user.ap_id],
260 "id" => Utils.generate_activity_id(),
261 "object" => post_activity.data["object"],
262 "actor" => user.ap_id,
263 "context" => "a context"
266 %{valid_like: valid_like, user: user, post_activity: post_activity}
269 test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
270 {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
272 assert "id" in Map.keys(object)
275 test "is valid for a valid object", %{valid_like: valid_like} do
276 assert LikeValidator.cast_and_validate(valid_like).valid?
279 test "sets the 'to' field to the object actor if no recipients are given", %{
280 valid_like: valid_like,
287 {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
289 assert object["to"] == [user.ap_id]
292 test "sets the context field to the context of the object if no context is given", %{
293 valid_like: valid_like,
294 post_activity: post_activity
298 |> Map.delete("context")
300 {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
302 assert object["context"] == post_activity.data["context"]
305 test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
306 without_actor = Map.delete(valid_like, "actor")
308 refute LikeValidator.cast_and_validate(without_actor).valid?
310 with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
312 refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
315 test "it errors when the object is missing or not known", %{valid_like: valid_like} do
316 without_object = Map.delete(valid_like, "object")
318 refute LikeValidator.cast_and_validate(without_object).valid?
320 with_invalid_object = Map.put(valid_like, "object", "invalidobject")
322 refute LikeValidator.cast_and_validate(with_invalid_object).valid?
325 test "it errors when the actor has already like the object", %{
326 valid_like: valid_like,
328 post_activity: post_activity
330 _like = CommonAPI.favorite(user, post_activity.id)
332 refute LikeValidator.cast_and_validate(valid_like).valid?
335 test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
338 |> Map.put("actor", %{"id" => valid_like["actor"]})
339 |> Map.put("object", %{"id" => valid_like["object"]})
341 validated = LikeValidator.cast_and_validate(wrapped_like)
343 assert validated.valid?
345 assert {:actor, valid_like["actor"]} in validated.changes
346 assert {:object, valid_like["object"]} in validated.changes