git.squeep.com Git - akkoma/blob - test/web/common_api/common_api_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.CommonAPITest do
   6   use Pleroma.DataCase
   7   alias Pleroma.Activity
   8   alias Pleroma.Object
   9   alias Pleroma.User
  10   alias Pleroma.Web.CommonAPI
  11
  12   import Pleroma.Factory
  13
  14   test "with the safe_dm_mention option set, it does not mention people beyond the initial tags" do
  15     har = insert(:user)
  16     jafnhar = insert(:user)
  17     tridi = insert(:user)
  18     option = Pleroma.Config.get([:instance, :safe_dm_mentions])
  19     Pleroma.Config.put([:instance, :safe_dm_mentions], true)
  20
  21     {:ok, activity} =
  22       CommonAPI.post(har, %{
  23         "status" => "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
  24         "visibility" => "direct"
  25       })
  26
  27     refute tridi.ap_id in activity.recipients
  28     assert jafnhar.ap_id in activity.recipients
  29     Pleroma.Config.put([:instance, :safe_dm_mentions], option)
  30   end
  31
  32   test "it de-duplicates tags" do
  33     user = insert(:user)
  34     {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu #2HU"})
  35
  36     object = Object.normalize(activity.data["object"])
  37
  38     assert object.data["tag"] == ["2hu"]
  39   end
  40
  41   test "it adds emoji in the object" do
  42     user = insert(:user)
  43     {:ok, activity} = CommonAPI.post(user, %{"status" => ":firefox:"})
  44
  45     assert Object.normalize(activity).data["emoji"]["firefox"]
  46   end
  47
  48   test "it adds emoji when updating profiles" do
  49     user = insert(:user, %{name: ":firefox:"})
  50
  51     CommonAPI.update(user)
  52     user = User.get_cached_by_ap_id(user.ap_id)
  53     [firefox] = user.info.source_data["tag"]
  54
  55     assert firefox["name"] == ":firefox:"
  56   end
  57
  58   describe "posting" do
  59     test "it supports explicit addressing" do
  60       user = insert(:user)
  61       user_two = insert(:user)
  62       user_three = insert(:user)
  63       user_four = insert(:user)
  64
  65       {:ok, activity} =
  66         CommonAPI.post(user, %{
  67           "status" =>
  68             "Hey, I think @#{user_three.nickname} is ugly. @#{user_four.nickname} is alright though.",
  69           "to" => [user_two.nickname, user_four.nickname, "nonexistent"]
  70         })
  71
  72       assert user.ap_id in activity.recipients
  73       assert user_two.ap_id in activity.recipients
  74       assert user_four.ap_id in activity.recipients
  75       refute user_three.ap_id in activity.recipients
  76     end
  77
  78     test "it filters out obviously bad tags when accepting a post as HTML" do
  79       user = insert(:user)
  80
  81       post = "<p><b>2hu</b></p><script>alert('xss')</script>"
  82
  83       {:ok, activity} =
  84         CommonAPI.post(user, %{
  85           "status" => post,
  86           "content_type" => "text/html"
  87         })
  88
  89       object = Object.normalize(activity.data["object"])
  90
  91       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
  92     end
  93
  94     test "it filters out obviously bad tags when accepting a post as Markdown" do
  95       user = insert(:user)
  96
  97       post = "<p><b>2hu</b></p><script>alert('xss')</script>"
  98
  99       {:ok, activity} =
 100         CommonAPI.post(user, %{
 101           "status" => post,
 102           "content_type" => "text/markdown"
 103         })
 104
 105       object = Object.normalize(activity.data["object"])
 106
 107       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
 108     end
 109
 110     test "it does not allow replies to direct messages that are not direct messages themselves" do
 111       user = insert(:user)
 112
 113       {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
 114
 115       assert {:ok, _} =
 116                CommonAPI.post(user, %{
 117                  "status" => "suya..",
 118                  "visibility" => "direct",
 119                  "in_reply_to_status_id" => activity.id
 120                })
 121
 122       Enum.each(["public", "private", "unlisted"], fn visibility ->
 123         assert {:error, {:private_to_public, _}} =
 124                  CommonAPI.post(user, %{
 125                    "status" => "suya..",
 126                    "visibility" => visibility,
 127                    "in_reply_to_status_id" => activity.id
 128                  })
 129       end)
 130     end
 131
 132     test "it allows to address a list" do
 133       user = insert(:user)
 134       {:ok, list} = Pleroma.List.create("foo", user)
 135
 136       {:ok, activity} =
 137         CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
 138
 139       assert activity.data["bcc"] == [list.ap_id]
 140       assert activity.recipients == [list.ap_id, user.ap_id]
 141     end
 142   end
 143
 144   describe "reactions" do
 145     test "repeating a status" do
 146       user = insert(:user)
 147       other_user = insert(:user)
 148
 149       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 150
 151       {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
 152     end
 153
 154     test "favoriting a status" do
 155       user = insert(:user)
 156       other_user = insert(:user)
 157
 158       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 159
 160       {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
 161     end
 162
 163     test "retweeting a status twice returns an error" do
 164       user = insert(:user)
 165       other_user = insert(:user)
 166
 167       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 168       {:ok, %Activity{}, _object} = CommonAPI.repeat(activity.id, user)
 169       {:error, _} = CommonAPI.repeat(activity.id, user)
 170     end
 171
 172     test "favoriting a status twice returns an error" do
 173       user = insert(:user)
 174       other_user = insert(:user)
 175
 176       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 177       {:ok, %Activity{}, _object} = CommonAPI.favorite(activity.id, user)
 178       {:error, _} = CommonAPI.favorite(activity.id, user)
 179     end
 180   end
 181
 182   describe "pinned statuses" do
 183     setup do
 184       Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
 185
 186       user = insert(:user)
 187       {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
 188
 189       [user: user, activity: activity]
 190     end
 191
 192     test "pin status", %{user: user, activity: activity} do
 193       assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
 194
 195       id = activity.id
 196       user = refresh_record(user)
 197
 198       assert %User{info: %{pinned_activities: [^id]}} = user
 199     end
 200
 201     test "only self-authored can be pinned", %{activity: activity} do
 202       user = insert(:user)
 203
 204       assert {:error, "Could not pin"} = CommonAPI.pin(activity.id, user)
 205     end
 206
 207     test "max pinned statuses", %{user: user, activity: activity_one} do
 208       {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
 209
 210       assert {:ok, ^activity_one} = CommonAPI.pin(activity_one.id, user)
 211
 212       user = refresh_record(user)
 213
 214       assert {:error, "You have already pinned the maximum number of statuses"} =
 215                CommonAPI.pin(activity_two.id, user)
 216     end
 217
 218     test "unpin status", %{user: user, activity: activity} do
 219       {:ok, activity} = CommonAPI.pin(activity.id, user)
 220
 221       user = refresh_record(user)
 222
 223       assert {:ok, ^activity} = CommonAPI.unpin(activity.id, user)
 224
 225       user = refresh_record(user)
 226
 227       assert %User{info: %{pinned_activities: []}} = user
 228     end
 229
 230     test "should unpin when deleting a status", %{user: user, activity: activity} do
 231       {:ok, activity} = CommonAPI.pin(activity.id, user)
 232
 233       user = refresh_record(user)
 234
 235       assert {:ok, _} = CommonAPI.delete(activity.id, user)
 236
 237       user = refresh_record(user)
 238
 239       assert %User{info: %{pinned_activities: []}} = user
 240     end
 241   end
 242
 243   describe "mute tests" do
 244     setup do
 245       user = insert(:user)
 246
 247       activity = insert(:note_activity)
 248
 249       [user: user, activity: activity]
 250     end
 251
 252     test "add mute", %{user: user, activity: activity} do
 253       {:ok, _} = CommonAPI.add_mute(user, activity)
 254       assert CommonAPI.thread_muted?(user, activity)
 255     end
 256
 257     test "remove mute", %{user: user, activity: activity} do
 258       CommonAPI.add_mute(user, activity)
 259       {:ok, _} = CommonAPI.remove_mute(user, activity)
 260       refute CommonAPI.thread_muted?(user, activity)
 261     end
 262
 263     test "check that mutes can't be duplicate", %{user: user, activity: activity} do
 264       CommonAPI.add_mute(user, activity)
 265       {:error, _} = CommonAPI.add_mute(user, activity)
 266     end
 267   end
 268
 269   describe "reports" do
 270     test "creates a report" do
 271       reporter = insert(:user)
 272       target_user = insert(:user)
 273
 274       {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
 275
 276       reporter_ap_id = reporter.ap_id
 277       target_ap_id = target_user.ap_id
 278       activity_ap_id = activity.data["id"]
 279       comment = "foobar"
 280
 281       report_data = %{
 282         "account_id" => target_user.id,
 283         "comment" => comment,
 284         "status_ids" => [activity.id]
 285       }
 286
 287       assert {:ok, flag_activity} = CommonAPI.report(reporter, report_data)
 288
 289       assert %Activity{
 290                actor: ^reporter_ap_id,
 291                data: %{
 292                  "type" => "Flag",
 293                  "content" => ^comment,
 294                  "object" => [^target_ap_id, ^activity_ap_id],
 295                  "state" => "open"
 296                }
 297              } = flag_activity
 298     end
 299
 300     test "updates report state" do
 301       [reporter, target_user] = insert_pair(:user)
 302       activity = insert(:note_activity, user: target_user)
 303
 304       {:ok, %Activity{id: report_id}} =
 305         CommonAPI.report(reporter, %{
 306           "account_id" => target_user.id,
 307           "comment" => "I feel offended",
 308           "status_ids" => [activity.id]
 309         })
 310
 311       {:ok, report} = CommonAPI.update_report_state(report_id, "resolved")
 312
 313       assert report.data["state"] == "resolved"
 314     end
 315
 316     test "does not update report state when state is unsupported" do
 317       [reporter, target_user] = insert_pair(:user)
 318       activity = insert(:note_activity, user: target_user)
 319
 320       {:ok, %Activity{id: report_id}} =
 321         CommonAPI.report(reporter, %{
 322           "account_id" => target_user.id,
 323           "comment" => "I feel offended",
 324           "status_ids" => [activity.id]
 325         })
 326
 327       assert CommonAPI.update_report_state(report_id, "test") == {:error, "Unsupported state"}
 328     end
 329   end
 330
 331   describe "reblog muting" do
 332     setup do
 333       muter = insert(:user)
 334
 335       muted = insert(:user)
 336
 337       [muter: muter, muted: muted]
 338     end
 339
 340     test "add a reblog mute", %{muter: muter, muted: muted} do
 341       {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
 342
 343       assert User.showing_reblogs?(muter, muted) == false
 344     end
 345
 346     test "remove a reblog mute", %{muter: muter, muted: muted} do
 347       {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
 348       {:ok, muter} = CommonAPI.show_reblogs(muter, muted)
 349
 350       assert User.showing_reblogs?(muter, muted) == true
 351     end
 352   end
 353 end