Merge branch 'feature/database-configuration-whitelist' into 'develop'
[akkoma] / test / web / activity_pub / object_validator_test.exs
1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
2 use Pleroma.DataCase
3
4 alias Pleroma.Object
5 alias Pleroma.Web.ActivityPub.Builder
6 alias Pleroma.Web.ActivityPub.ObjectValidator
7 alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
8 alias Pleroma.Web.ActivityPub.Utils
9 alias Pleroma.Web.CommonAPI
10
11 import Pleroma.Factory
12
13 describe "EmojiReacts" do
14 setup do
15 user = insert(:user)
16 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
17
18 object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
19
20 {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
21
22 %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
23 end
24
25 test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
26 assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
27 end
28
29 test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
30 without_content =
31 valid_emoji_react
32 |> Map.delete("content")
33
34 {:error, cng} = ObjectValidator.validate(without_content, [])
35
36 refute cng.valid?
37 assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
38 end
39
40 test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
41 without_emoji_content =
42 valid_emoji_react
43 |> Map.put("content", "x")
44
45 {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
46
47 refute cng.valid?
48
49 assert {:content, {"must be a single character emoji", []}} in cng.errors
50 end
51 end
52
53 describe "Undos" do
54 setup do
55 user = insert(:user)
56 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
57 {:ok, like} = CommonAPI.favorite(user, post_activity.id)
58 {:ok, valid_like_undo, []} = Builder.undo(user, like)
59
60 %{user: user, like: like, valid_like_undo: valid_like_undo}
61 end
62
63 test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
64 assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
65 end
66
67 test "it does not validate if the actor of the undo is not the actor of the object", %{
68 valid_like_undo: valid_like_undo
69 } do
70 other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
71
72 bad_actor =
73 valid_like_undo
74 |> Map.put("actor", other_user.ap_id)
75
76 {:error, cng} = ObjectValidator.validate(bad_actor, [])
77
78 assert {:actor, {"not the same as object actor", []}} in cng.errors
79 end
80
81 test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
82 missing_object =
83 valid_like_undo
84 |> Map.put("object", "https://gensokyo.2hu/objects/1")
85
86 {:error, cng} = ObjectValidator.validate(missing_object, [])
87
88 assert {:object, {"can't find object", []}} in cng.errors
89 assert length(cng.errors) == 1
90 end
91 end
92
93 describe "deletes" do
94 setup do
95 user = insert(:user)
96 {:ok, post_activity} = CommonAPI.post(user, %{status: "cancel me daddy"})
97
98 {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
99 {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
100
101 %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
102 end
103
104 test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
105 {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
106
107 assert valid_post_delete["deleted_activity_id"]
108 end
109
110 test "it is invalid if the object isn't in a list of certain types", %{
111 valid_post_delete: valid_post_delete
112 } do
113 object = Object.get_by_ap_id(valid_post_delete["object"])
114
115 data =
116 object.data
117 |> Map.put("type", "Like")
118
119 {:ok, _object} =
120 object
121 |> Ecto.Changeset.change(%{data: data})
122 |> Object.update_and_set_cache()
123
124 {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
125 assert {:object, {"object not in allowed types", []}} in cng.errors
126 end
127
128 test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
129 assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
130 end
131
132 test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
133 no_id =
134 valid_post_delete
135 |> Map.delete("id")
136
137 {:error, cng} = ObjectValidator.validate(no_id, [])
138
139 assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
140 end
141
142 test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
143 missing_object =
144 valid_post_delete
145 |> Map.put("object", "http://does.not/exist")
146
147 {:error, cng} = ObjectValidator.validate(missing_object, [])
148
149 assert {:object, {"can't find object", []}} in cng.errors
150 end
151
152 test "it's invalid if the actor of the object and the actor of delete are from different domains",
153 %{valid_post_delete: valid_post_delete} do
154 valid_user = insert(:user)
155
156 valid_other_actor =
157 valid_post_delete
158 |> Map.put("actor", valid_user.ap_id)
159
160 assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
161
162 invalid_other_actor =
163 valid_post_delete
164 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
165
166 {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
167
168 assert {:actor, {"is not allowed to delete object", []}} in cng.errors
169 end
170
171 test "it's valid if the actor of the object is a local superuser",
172 %{valid_post_delete: valid_post_delete} do
173 user =
174 insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
175
176 valid_other_actor =
177 valid_post_delete
178 |> Map.put("actor", user.ap_id)
179
180 {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
181 assert meta[:do_not_federate]
182 end
183 end
184
185 describe "likes" do
186 setup do
187 user = insert(:user)
188 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
189
190 valid_like = %{
191 "to" => [user.ap_id],
192 "cc" => [],
193 "type" => "Like",
194 "id" => Utils.generate_activity_id(),
195 "object" => post_activity.data["object"],
196 "actor" => user.ap_id,
197 "context" => "a context"
198 }
199
200 %{valid_like: valid_like, user: user, post_activity: post_activity}
201 end
202
203 test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
204 {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
205
206 assert "id" in Map.keys(object)
207 end
208
209 test "is valid for a valid object", %{valid_like: valid_like} do
210 assert LikeValidator.cast_and_validate(valid_like).valid?
211 end
212
213 test "sets the 'to' field to the object actor if no recipients are given", %{
214 valid_like: valid_like,
215 user: user
216 } do
217 without_recipients =
218 valid_like
219 |> Map.delete("to")
220
221 {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
222
223 assert object["to"] == [user.ap_id]
224 end
225
226 test "sets the context field to the context of the object if no context is given", %{
227 valid_like: valid_like,
228 post_activity: post_activity
229 } do
230 without_context =
231 valid_like
232 |> Map.delete("context")
233
234 {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
235
236 assert object["context"] == post_activity.data["context"]
237 end
238
239 test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
240 without_actor = Map.delete(valid_like, "actor")
241
242 refute LikeValidator.cast_and_validate(without_actor).valid?
243
244 with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
245
246 refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
247 end
248
249 test "it errors when the object is missing or not known", %{valid_like: valid_like} do
250 without_object = Map.delete(valid_like, "object")
251
252 refute LikeValidator.cast_and_validate(without_object).valid?
253
254 with_invalid_object = Map.put(valid_like, "object", "invalidobject")
255
256 refute LikeValidator.cast_and_validate(with_invalid_object).valid?
257 end
258
259 test "it errors when the actor has already like the object", %{
260 valid_like: valid_like,
261 user: user,
262 post_activity: post_activity
263 } do
264 _like = CommonAPI.favorite(user, post_activity.id)
265
266 refute LikeValidator.cast_and_validate(valid_like).valid?
267 end
268
269 test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
270 wrapped_like =
271 valid_like
272 |> Map.put("actor", %{"id" => valid_like["actor"]})
273 |> Map.put("object", %{"id" => valid_like["object"]})
274
275 validated = LikeValidator.cast_and_validate(wrapped_like)
276
277 assert validated.valid?
278
279 assert {:actor, valid_like["actor"]} in validated.changes
280 assert {:object, valid_like["object"]} in validated.changes
281 end
282 end
283 end