projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms
[akkoma] / test / web / activity_pub / object_validator_test.exs
1 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
2 use Pleroma.DataCase
3
4 alias Pleroma.Object
5 alias Pleroma.Web.ActivityPub.ActivityPub
6 alias Pleroma.Web.ActivityPub.Builder
7 alias Pleroma.Web.ActivityPub.ObjectValidator
8 alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator
9 alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
10 alias Pleroma.Web.ActivityPub.Utils
11 alias Pleroma.Web.CommonAPI
12
13 import Pleroma.Factory
14
15 describe "attachments" do
16 test "works with honkerific attachments" do
17 attachment = %{
18 "mediaType" => "",
19 "name" => "",
20 "summary" => "298p3RG7j27tfsZ9RQ.jpg",
21 "type" => "Document",
22 "url" => "https://honk.tedunangst.com/d/298p3RG7j27tfsZ9RQ.jpg"
23 }
24
25 assert {:ok, attachment} =
26 AttachmentValidator.cast_and_validate(attachment)
27 |> Ecto.Changeset.apply_action(:insert)
28
29 assert attachment.mediaType == "application/octet-stream"
30 end
31
32 test "it turns mastodon attachments into our attachments" do
33 attachment = %{
34 "url" =>
35 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
36 "type" => "Document",
37 "name" => nil,
38 "mediaType" => "image/jpeg"
39 }
40
41 {:ok, attachment} =
42 AttachmentValidator.cast_and_validate(attachment)
43 |> Ecto.Changeset.apply_action(:insert)
44
45 assert [
46 %{
47 href:
48 "http://mastodon.example.org/system/media_attachments/files/000/000/002/original/334ce029e7bfb920.jpg",
49 type: "Link",
50 mediaType: "image/jpeg"
51 }
52 ] = attachment.url
53
54 assert attachment.mediaType == "image/jpeg"
55 end
56
57 test "it handles our own uploads" do
58 user = insert(:user)
59
60 file = %Plug.Upload{
61 content_type: "image/jpg",
62 path: Path.absname("test/fixtures/image.jpg"),
63 filename: "an_image.jpg"
64 }
65
66 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
67
68 {:ok, attachment} =
69 attachment.data
70 |> AttachmentValidator.cast_and_validate()
71 |> Ecto.Changeset.apply_action(:insert)
72
73 assert attachment.mediaType == "image/jpeg"
74 end
75 end
76
77 describe "chat message create activities" do
78 test "it is invalid if the object already exists" do
79 user = insert(:user)
80 recipient = insert(:user)
81 {:ok, activity} = CommonAPI.post_chat_message(user, recipient, "hey")
82 object = Object.normalize(activity, false)
83
84 {:ok, create_data, _} = Builder.create(user, object.data, [recipient.ap_id])
85
86 {:error, cng} = ObjectValidator.validate(create_data, [])
87
88 assert {:object, {"The object to create already exists", []}} in cng.errors
89 end
90
91 test "it is invalid if the object data has a different `to` or `actor` field" do
92 user = insert(:user)
93 recipient = insert(:user)
94 {:ok, object_data, _} = Builder.chat_message(recipient, user.ap_id, "Hey")
95
96 {:ok, create_data, _} = Builder.create(user, object_data, [recipient.ap_id])
97
98 {:error, cng} = ObjectValidator.validate(create_data, [])
99
100 assert {:to, {"Recipients don't match with object recipients", []}} in cng.errors
101 assert {:actor, {"Actor doesn't match with object actor", []}} in cng.errors
102 end
103 end
104
105 describe "chat messages" do
106 setup do
107 clear_config([:instance, :remote_limit])
108 user = insert(:user)
109 recipient = insert(:user, local: false)
110
111 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey :firefox:")
112
113 %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
114 end
115
116 test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
117 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
118
119 assert Map.put(valid_chat_message, "attachment", nil) == object
120 end
121
122 test "validates for a basic object with an attachment", %{
123 valid_chat_message: valid_chat_message,
124 user: user
125 } do
126 file = %Plug.Upload{
127 content_type: "image/jpg",
128 path: Path.absname("test/fixtures/image.jpg"),
129 filename: "an_image.jpg"
130 }
131
132 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
133
134 valid_chat_message =
135 valid_chat_message
136 |> Map.put("attachment", attachment.data)
137
138 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
139
140 assert object["attachment"]
141 end
142
143 test "validates for a basic object with an attachment in an array", %{
144 valid_chat_message: valid_chat_message,
145 user: user
146 } do
147 file = %Plug.Upload{
148 content_type: "image/jpg",
149 path: Path.absname("test/fixtures/image.jpg"),
150 filename: "an_image.jpg"
151 }
152
153 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
154
155 valid_chat_message =
156 valid_chat_message
157 |> Map.put("attachment", [attachment.data])
158
159 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
160
161 assert object["attachment"]
162 end
163
164 test "validates for a basic object with an attachment but without content", %{
165 valid_chat_message: valid_chat_message,
166 user: user
167 } do
168 file = %Plug.Upload{
169 content_type: "image/jpg",
170 path: Path.absname("test/fixtures/image.jpg"),
171 filename: "an_image.jpg"
172 }
173
174 {:ok, attachment} = ActivityPub.upload(file, actor: user.ap_id)
175
176 valid_chat_message =
177 valid_chat_message
178 |> Map.put("attachment", attachment.data)
179 |> Map.delete("content")
180
181 assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
182
183 assert object["attachment"]
184 end
185
186 test "does not validate if the message has no content", %{
187 valid_chat_message: valid_chat_message
188 } do
189 contentless =
190 valid_chat_message
191 |> Map.delete("content")
192
193 refute match?({:ok, _object, _meta}, ObjectValidator.validate(contentless, []))
194 end
195
196 test "does not validate if the message is longer than the remote_limit", %{
197 valid_chat_message: valid_chat_message
198 } do
199 Pleroma.Config.put([:instance, :remote_limit], 2)
200 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
201 end
202
203 test "does not validate if the recipient is blocking the actor", %{
204 valid_chat_message: valid_chat_message,
205 user: user,
206 recipient: recipient
207 } do
208 Pleroma.User.block(recipient, user)
209 refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
210 end
211
212 test "does not validate if the actor or the recipient is not in our system", %{
213 valid_chat_message: valid_chat_message
214 } do
215 chat_message =
216 valid_chat_message
217 |> Map.put("actor", "https://raymoo.com/raymoo")
218
219 {:error, _} = ObjectValidator.validate(chat_message, [])
220
221 chat_message =
222 valid_chat_message
223 |> Map.put("to", ["https://raymoo.com/raymoo"])
224
225 {:error, _} = ObjectValidator.validate(chat_message, [])
226 end
227
228 test "does not validate for a message with multiple recipients", %{
229 valid_chat_message: valid_chat_message,
230 user: user,
231 recipient: recipient
232 } do
233 chat_message =
234 valid_chat_message
235 |> Map.put("to", [user.ap_id, recipient.ap_id])
236
237 assert {:error, _} = ObjectValidator.validate(chat_message, [])
238 end
239
240 test "does not validate if it doesn't concern local users" do
241 user = insert(:user, local: false)
242 recipient = insert(:user, local: false)
243
244 {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
245 assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
246 end
247 end
248
249 describe "EmojiReacts" do
250 setup do
251 user = insert(:user)
252 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
253
254 object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
255
256 {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
257
258 %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
259 end
260
261 test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
262 assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
263 end
264
265 test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
266 without_content =
267 valid_emoji_react
268 |> Map.delete("content")
269
270 {:error, cng} = ObjectValidator.validate(without_content, [])
271
272 refute cng.valid?
273 assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
274 end
275
276 test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
277 without_emoji_content =
278 valid_emoji_react
279 |> Map.put("content", "x")
280
281 {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
282
283 refute cng.valid?
284
285 assert {:content, {"must be a single character emoji", []}} in cng.errors
286 end
287 end
288
289 describe "Undos" do
290 setup do
291 user = insert(:user)
292 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
293 {:ok, like} = CommonAPI.favorite(user, post_activity.id)
294 {:ok, valid_like_undo, []} = Builder.undo(user, like)
295
296 %{user: user, like: like, valid_like_undo: valid_like_undo}
297 end
298
299 test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
300 assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
301 end
302
303 test "it does not validate if the actor of the undo is not the actor of the object", %{
304 valid_like_undo: valid_like_undo
305 } do
306 other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
307
308 bad_actor =
309 valid_like_undo
310 |> Map.put("actor", other_user.ap_id)
311
312 {:error, cng} = ObjectValidator.validate(bad_actor, [])
313
314 assert {:actor, {"not the same as object actor", []}} in cng.errors
315 end
316
317 test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
318 missing_object =
319 valid_like_undo
320 |> Map.put("object", "https://gensokyo.2hu/objects/1")
321
322 {:error, cng} = ObjectValidator.validate(missing_object, [])
323
324 assert {:object, {"can't find object", []}} in cng.errors
325 assert length(cng.errors) == 1
326 end
327 end
328
329 describe "deletes" do
330 setup do
331 user = insert(:user)
332 {:ok, post_activity} = CommonAPI.post(user, %{status: "cancel me daddy"})
333
334 {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
335 {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
336
337 %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
338 end
339
340 test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
341 {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
342
343 assert valid_post_delete["deleted_activity_id"]
344 end
345
346 test "it is invalid if the object isn't in a list of certain types", %{
347 valid_post_delete: valid_post_delete
348 } do
349 object = Object.get_by_ap_id(valid_post_delete["object"])
350
351 data =
352 object.data
353 |> Map.put("type", "Like")
354
355 {:ok, _object} =
356 object
357 |> Ecto.Changeset.change(%{data: data})
358 |> Object.update_and_set_cache()
359
360 {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
361 assert {:object, {"object not in allowed types", []}} in cng.errors
362 end
363
364 test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
365 assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
366 end
367
368 test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
369 no_id =
370 valid_post_delete
371 |> Map.delete("id")
372
373 {:error, cng} = ObjectValidator.validate(no_id, [])
374
375 assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
376 end
377
378 test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
379 missing_object =
380 valid_post_delete
381 |> Map.put("object", "http://does.not/exist")
382
383 {:error, cng} = ObjectValidator.validate(missing_object, [])
384
385 assert {:object, {"can't find object", []}} in cng.errors
386 end
387
388 test "it's invalid if the actor of the object and the actor of delete are from different domains",
389 %{valid_post_delete: valid_post_delete} do
390 valid_user = insert(:user)
391
392 valid_other_actor =
393 valid_post_delete
394 |> Map.put("actor", valid_user.ap_id)
395
396 assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
397
398 invalid_other_actor =
399 valid_post_delete
400 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
401
402 {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
403
404 assert {:actor, {"is not allowed to delete object", []}} in cng.errors
405 end
406
407 test "it's valid if the actor of the object is a local superuser",
408 %{valid_post_delete: valid_post_delete} do
409 user =
410 insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
411
412 valid_other_actor =
413 valid_post_delete
414 |> Map.put("actor", user.ap_id)
415
416 {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
417 assert meta[:do_not_federate]
418 end
419 end
420
421 describe "likes" do
422 setup do
423 user = insert(:user)
424 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
425
426 valid_like = %{
427 "to" => [user.ap_id],
428 "cc" => [],
429 "type" => "Like",
430 "id" => Utils.generate_activity_id(),
431 "object" => post_activity.data["object"],
432 "actor" => user.ap_id,
433 "context" => "a context"
434 }
435
436 %{valid_like: valid_like, user: user, post_activity: post_activity}
437 end
438
439 test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
440 {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])
441
442 assert "id" in Map.keys(object)
443 end
444
445 test "is valid for a valid object", %{valid_like: valid_like} do
446 assert LikeValidator.cast_and_validate(valid_like).valid?
447 end
448
449 test "sets the 'to' field to the object actor if no recipients are given", %{
450 valid_like: valid_like,
451 user: user
452 } do
453 without_recipients =
454 valid_like
455 |> Map.delete("to")
456
457 {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])
458
459 assert object["to"] == [user.ap_id]
460 end
461
462 test "sets the context field to the context of the object if no context is given", %{
463 valid_like: valid_like,
464 post_activity: post_activity
465 } do
466 without_context =
467 valid_like
468 |> Map.delete("context")
469
470 {:ok, object, _meta} = ObjectValidator.validate(without_context, [])
471
472 assert object["context"] == post_activity.data["context"]
473 end
474
475 test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
476 without_actor = Map.delete(valid_like, "actor")
477
478 refute LikeValidator.cast_and_validate(without_actor).valid?
479
480 with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")
481
482 refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
483 end
484
485 test "it errors when the object is missing or not known", %{valid_like: valid_like} do
486 without_object = Map.delete(valid_like, "object")
487
488 refute LikeValidator.cast_and_validate(without_object).valid?
489
490 with_invalid_object = Map.put(valid_like, "object", "invalidobject")
491
492 refute LikeValidator.cast_and_validate(with_invalid_object).valid?
493 end
494
495 test "it errors when the actor has already like the object", %{
496 valid_like: valid_like,
497 user: user,
498 post_activity: post_activity
499 } do
500 _like = CommonAPI.favorite(user, post_activity.id)
501
502 refute LikeValidator.cast_and_validate(valid_like).valid?
503 end
504
505 test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
506 wrapped_like =
507 valid_like
508 |> Map.put("actor", %{"id" => valid_like["actor"]})
509 |> Map.put("object", %{"id" => valid_like["object"]})
510
511 validated = LikeValidator.cast_and_validate(wrapped_like)
512
513 assert validated.valid?
514
515 assert {:actor, valid_like["actor"]} in validated.changes
516 assert {:object, valid_like["object"]} in validated.changes
517 end
518 end
519
520 describe "announces" do
521 setup do
522 user = insert(:user)
523 announcer = insert(:user)
524 {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
525
526 object = Object.normalize(post_activity, false)
527 {:ok, valid_announce, []} = Builder.announce(announcer, object)
528
529 %{
530 valid_announce: valid_announce,
531 user: user,
532 post_activity: post_activity,
533 announcer: announcer
534 }
535 end
536
537 test "returns ok for a valid announce", %{valid_announce: valid_announce} do
538 assert {:ok, _object, _meta} = ObjectValidator.validate(valid_announce, [])
539 end
540
541 test "returns an error if the object can't be found", %{valid_announce: valid_announce} do
542 without_object =
543 valid_announce
544 |> Map.delete("object")
545
546 {:error, cng} = ObjectValidator.validate(without_object, [])
547
548 assert {:object, {"can't be blank", [validation: :required]}} in cng.errors
549
550 nonexisting_object =
551 valid_announce
552 |> Map.put("object", "https://gensokyo.2hu/objects/99999999")
553
554 {:error, cng} = ObjectValidator.validate(nonexisting_object, [])
555
556 assert {:object, {"can't find object", []}} in cng.errors
557 end
558
559 test "returns an error if we don't have the actor", %{valid_announce: valid_announce} do
560 nonexisting_actor =
561 valid_announce
562 |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
563
564 {:error, cng} = ObjectValidator.validate(nonexisting_actor, [])
565
566 assert {:actor, {"can't find user", []}} in cng.errors
567 end
568
569 test "returns an error if the actor already announced the object", %{
570 valid_announce: valid_announce,
571 announcer: announcer,
572 post_activity: post_activity
573 } do
574 _announce = CommonAPI.repeat(post_activity.id, announcer)
575
576 {:error, cng} = ObjectValidator.validate(valid_announce, [])
577
578 assert {:actor, {"already announced this object", []}} in cng.errors
579 assert {:object, {"already announced by this actor", []}} in cng.errors
580 end
581
582 test "returns an error if the actor can't announce the object", %{
583 announcer: announcer,
584 user: user
585 } do
586 {:ok, post_activity} =
587 CommonAPI.post(user, %{status: "a secret post", visibility: "private"})
588
589 object = Object.normalize(post_activity, false)
590
591 # Another user can't announce it
592 {:ok, announce, []} = Builder.announce(announcer, object, public: false)
593
594 {:error, cng} = ObjectValidator.validate(announce, [])
595
596 assert {:actor, {"can not announce this object", []}} in cng.errors
597
598 # The actor of the object can announce it
599 {:ok, announce, []} = Builder.announce(user, object, public: false)
600
601 assert {:ok, _, _} = ObjectValidator.validate(announce, [])
602
603 # The actor of the object can not announce it publicly
604 {:ok, announce, []} = Builder.announce(user, object, public: true)
605
606 {:error, cng} = ObjectValidator.validate(announce, [])
607
608 assert {:actor, {"can not announce this object publicly", []}} in cng.errors
609 end
610 end
611 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git