git.squeep.com Git - akkoma/blob - test/web/activity_pub/object_validator_test.exs

   1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
   2   use Pleroma.DataCase
   3
   4   alias Pleroma.Object
   5   alias Pleroma.Web.ActivityPub.ActivityPub
   6   alias Pleroma.Web.ActivityPub.Builder
   7   alias Pleroma.Web.ActivityPub.ObjectValidator
   8   alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator
   9   alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
  10   alias Pleroma.Web.ActivityPub.Utils
  11   alias Pleroma.Web.CommonAPI
  12
  13   import Pleroma.Factory
  14
  15   describe "attachments" do
  16     test "it turns mastodon attachments into our attachments" do
  17       attachment = %{
  18         "url" =>
  19           "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
  20         "type" => "Document",
  21         "name" => nil,
  22         "mediaType" => "image/jpeg"
  23       }
  24
  25       {:ok, attachment} =
  26         AttachmentValidator.cast_and_validate(attachment)
  27         |> Ecto.Changeset.apply_action(:insert)
  28
  29       assert [
  30                %{
  31                  href:
  32                    "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
  33                  type: "Link",
  34                  mediaType: "image/jpeg"
  35                }
  36              ] = attachment.url
  37     end
  38   end
  39
  40   describe "chat message create activities" do
  41     test "it is invalid if the object already exists" do
  42       user = insert(:user)
  43       recipient = insert(:user)
  44       {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey")
  45       object = Object.normalize(activity, false)
  46
  47       {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id])
  48
  49       {:error, cng} = ObjectValidator.validate(create_data, [])
  50
  51       assert {:object, {"The object to create already exists", []}} in cng.errors
  52     end
  53
  54     test "it is invalid if the object data has a different `to` or `actor` field" do
  55       user = insert(:user)
  56       recipient = insert(:user)
  57       {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
  58
  59       {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
  60
  61       {:error, cng} = ObjectValidator.validate(create_data, [])
  62
  63       assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
  64       assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
  65     end
  66   end
  67
  68   describe "chat messages" do
  69     setup do
  70       clear_config([:instance, :remote_limit])
  71       user = insert(:user)
  72       recipient = insert(:user, local: false)
  73
  74       {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:")
  75
  76       %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
  77     end
  78
  79     test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
  80       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
  81
  82       assert Map.put(valid_chat_message, "attachment", nil) == object
  83     end
  84
  85     test "validates for a basic object with an attachment", %{
  86       valid_chat_message: valid_chat_message,
  87       user: user
  88     } do
  89       file = %Plug.Upload{
  90         content_type: "image/jpg",
  91         path: Path.absname("test/fixtures/image.jpg"),
  92         filename: "an_image.jpg"
  93       }
  94
  95       {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
  96
  97       valid_chat_message =
  98         valid_chat_message
  99         |> Map.put("attachment", attachment.data)
 100
 101       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
 102
 103       assert object["attachment"]
 104     end
 105
 106     test "validates for a basic object with an attachment but without content", %{
 107       valid_chat_message: valid_chat_message,
 108       user: user
 109     } do
 110       file = %Plug.Upload{
 111         content_type: "image/jpg",
 112         path: Path.absname("test/fixtures/image.jpg"),
 113         filename: "an_image.jpg"
 114       }
 115
 116       {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
 117
 118       valid_chat_message =
 119         valid_chat_message
 120         |> Map.put("attachment", attachment.data)
 121         |> Map.delete("content")
 122
 123       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
 124
 125       assert object["attachment"]
 126     end
 127
 128     test "does not validate if the message has no content", %{
 129       valid_chat_message: valid_chat_message
 130     } do
 131       contentless =
 132         valid_chat_message
 133         |> Map.delete("content")
 134
 135       refute match?({:ok, _object, _meta}, ObjectValidator.validate(contentless, []))
 136     end
 137
 138     test "does not validate if the message is longer than the remote_limit", %{
 139       valid_chat_message: valid_chat_message
 140     } do
 141       Pleroma.Config.put([:instance, :remote_limit], 2)
 142       refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
 143     end
 144
 145     test "does not validate if the recipient is blocking the actor", %{
 146       valid_chat_message: valid_chat_message,
 147       user: user,
 148       recipient: recipient
 149     } do
 150       Pleroma.User.block(recipient, user)
 151       refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
 152     end
 153
 154     test "does not validate if the actor or the recipient is not in our system", %{
 155       valid_chat_message: valid_chat_message
 156     } do
 157       chat_message =
 158         valid_chat_message
 159         |> Map.put("actor", "https://raymoo.com/raymoo")
 160
 161       {:error, _} = ObjectValidator.validate(chat_message, [])
 162
 163       chat_message =
 164         valid_chat_message
 165         |> Map.put("to", ["https://raymoo.com/raymoo"])
 166
 167       {:error, _} = ObjectValidator.validate(chat_message, [])
 168     end
 169
 170     test "does not validate for a message with multiple recipients", %{
 171       valid_chat_message: valid_chat_message,
 172       user: user,
 173       recipient: recipient
 174     } do
 175       chat_message =
 176         valid_chat_message
 177         |> Map.put("to", [user.ap_id, recipient.ap_id])
 178
 179       assert {:error, _} = ObjectValidator.validate(chat_message, [])
 180     end
 181
 182     test "does not validate if it doesn't concern local users" do
 183       user = insert(:user, local: false)
 184       recipient = insert(:user, local: false)
 185
 186       {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
 187       assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
 188     end
 189   end
 190
 191   describe "EmojiReacts" do
 192     setup do
 193       user = insert(:user)
 194       {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
 195
 196       object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
 197
 198       {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
 199
 200       %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
 201     end
 202
 203     test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
 204       assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
 205     end
 206
 207     test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
 208       without_content =
 209         valid_emoji_react
 210         |> Map.delete("content")
 211
 212       {:error, cng} = ObjectValidator.validate(without_content, [])
 213
 214       refute cng.valid?
 215       assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
 216     end
 217
 218     test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
 219       without_emoji_content =
 220         valid_emoji_react
 221         |> Map.put("content", "x")
 222
 223       {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
 224
 225       refute cng.valid?
 226
 227       assert {:content, {"must be a single character emoji", []}} in cng.errors
 228     end
 229   end
 230
 231   describe "Undos" do
 232     setup do
 233       user = insert(:user)
 234       {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
 235       {:ok, like} = CommonAPI.favorite(user, post_activity.id)
 236       {:ok, valid_like_undo, []} = Builder.undo(user, like)
 237
 238       %{user: user, like: like, valid_like_undo: valid_like_undo}
 239     end
 240
 241     test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
 242       assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
 243     end
 244
 245     test "it does not validate if the actor of the undo is not the actor of the object", %{
 246       valid_like_undo: valid_like_undo
 247     } do
 248       other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
 249
 250       bad_actor =
 251         valid_like_undo
 252         |> Map.put("actor", other_user.ap_id)
 253
 254       {:error, cng} = ObjectValidator.validate(bad_actor, [])
 255
 256       assert {:actor, {"not the same as object actor", []}} in cng.errors
 257     end
 258
 259     test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
 260       missing_object =
 261         valid_like_undo
 262         |> Map.put("object", "https://gensokyo.2hu/objects/1")
 263
 264       {:error, cng} = ObjectValidator.validate(missing_object, [])
 265
 266       assert {:object, {"can't find object", []}} in cng.errors
 267       assert length(cng.errors) == 1
 268     end
 269   end
 270
 271   describe "deletes" do
 272     setup do
 273       user = insert(:user)
 274       {:ok, post_activity} = CommonAPI.post(user, %{status: "cancel me daddy"})
 275
 276       {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
 277       {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
 278
 279       %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
 280     end
 281
 282     test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
 283       {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
 284
 285       assert valid_post_delete["deleted_activity_id"]
 286     end
 287
 288     test "it is invalid if the object isn't in a list of certain types", %{
 289       valid_post_delete: valid_post_delete
 290     } do
 291       object = Object.get_by_ap_id(valid_post_delete["object"])
 292
 293       data =
 294         object.data
 295         |> Map.put("type", "Like")
 296
 297       {:ok, _object} =
 298         object
 299         |> Ecto.Changeset.change(%{data: data})
 300         |> Object.update_and_set_cache()
 301
 302       {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
 303       assert {:object, {"object not in allowed types", []}} in cng.errors
 304     end
 305
 306     test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
 307       assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
 308     end
 309
 310     test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
 311       no_id =
 312         valid_post_delete
 313         |> Map.delete("id")
 314
 315       {:error, cng} = ObjectValidator.validate(no_id, [])
 316
 317       assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
 318     end
 319
 320     test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
 321       missing_object =
 322         valid_post_delete
 323         |> Map.put("object", "http://does.not/exist")
 324
 325       {:error, cng} = ObjectValidator.validate(missing_object, [])
 326
 327       assert {:object, {"can't find object", []}} in cng.errors
 328     end
 329
 330     test "it's invalid if the actor of the object and the actor of delete are from different domains",
 331          %{valid_post_delete: valid_post_delete} do
 332       valid_user = insert(:user)
 333
 334       valid_other_actor =
 335         valid_post_delete
 336         |> Map.put("actor", valid_user.ap_id)
 337
 338       assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
 339
 340       invalid_other_actor =
 341         valid_post_delete
 342         |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
 343
 344       {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
 345
 346       assert {:actor, {"is not allowed to delete object", []}} in cng.errors
 347     end
 348
 349     test "it's valid if the actor of the object is a local superuser",
 350          %{valid_post_delete: valid_post_delete} do
 351       user =
 352         insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
 353
 354       valid_other_actor =
 355         valid_post_delete
 356         |> Map.put("actor", user.ap_id)
 357
 358       {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
 359       assert meta[:do_not_federate]
 360     end
 361   end
 362
 363   describe "likes" do
 364     setup do
 365       user = insert(:user)
 366       {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
 367
 368       valid_like = %{
 369         "to" => [user.ap_id],
 370         "cc" => [],
 371         "type" => "Like",
 372         "id" => Utils.generate_activity_id(),
 373         "object" => post_activity.data["object"],
 374         "actor" => user.ap_id,
 375         "context" => "a context"
 376       }
 377
 378       %{valid_like: valid_like, user: user, post_activity: post_activity}
 379     end
 380
 381     test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
 382       {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
 383
 384       assert "id" in Map.keys(object)
 385     end
 386
 387     test "is valid for a valid object", %{valid_like: valid_like} do
 388       assert LikeValidator.cast_and_validate(valid_like).valid?
 389     end
 390
 391     test "sets the 'to' field to the object actor if no recipients are given", %{
 392       valid_like: valid_like,
 393       user: user
 394     } do
 395       without_recipients =
 396         valid_like
 397         |> Map.delete("to")
 398
 399       {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
 400
 401       assert object["to"] == [user.ap_id]
 402     end
 403
 404     test "sets the context field to the context of the object if no context is given", %{
 405       valid_like: valid_like,
 406       post_activity: post_activity
 407     } do
 408       without_context =
 409         valid_like
 410         |> Map.delete("context")
 411
 412       {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
 413
 414       assert object["context"] == post_activity.data["context"]
 415     end
 416
 417     test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
 418       without_actor = Map.delete(valid_like, "actor")
 419
 420       refute LikeValidator.cast_and_validate(without_actor).valid?
 421
 422       with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
 423
 424       refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
 425     end
 426
 427     test "it errors when the object is missing or not known", %{valid_like: valid_like} do
 428       without_object = Map.delete(valid_like, "object")
 429
 430       refute LikeValidator.cast_and_validate(without_object).valid?
 431
 432       with_invalid_object = Map.put(valid_like, "object", "invalidobject")
 433
 434       refute LikeValidator.cast_and_validate(with_invalid_object).valid?
 435     end
 436
 437     test "it errors when the actor has already like the object", %{
 438       valid_like: valid_like,
 439       user: user,
 440       post_activity: post_activity
 441     } do
 442       _like = CommonAPI.favorite(user, post_activity.id)
 443
 444       refute LikeValidator.cast_and_validate(valid_like).valid?
 445     end
 446
 447     test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
 448       wrapped_like =
 449         valid_like
 450         |> Map.put("actor", %{"id" => valid_like["actor"]})
 451         |> Map.put("object", %{"id" => valid_like["object"]})
 452
 453       validated = LikeValidator.cast_and_validate(wrapped_like)
 454
 455       assert validated.valid?
 456
 457       assert {:actor, valid_like["actor"]} in validated.changes
 458       assert {:object, valid_like["object"]} in validated.changes
 459     end
 460   end
 461 end