git.squeep.com Git - akkoma/blob - test/web/common_api/common_api_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.CommonAPITest do
   6   use Pleroma.DataCase
   7   alias Pleroma.Activity
   8   alias Pleroma.Conversation.Participation
   9   alias Pleroma.Object
  10   alias Pleroma.User
  11   alias Pleroma.Web.ActivityPub.ActivityPub
  12   alias Pleroma.Web.CommonAPI
  13
  14   import Pleroma.Factory
  15
  16   test "when replying to a conversation / participation, it only mentions the recipients explicitly declared in the participation" do
  17     har = insert(:user)
  18     jafnhar = insert(:user)
  19     tridi = insert(:user)
  20
  21     {:ok, activity} =
  22       CommonAPI.post(har, %{
  23         "status" => "@#{jafnhar.nickname} hey",
  24         "visibility" => "direct"
  25       })
  26
  27     assert har.ap_id in activity.recipients
  28     assert jafnhar.ap_id in activity.recipients
  29
  30     [participation] = Participation.for_user(har)
  31
  32     {:ok, activity} =
  33       CommonAPI.post(har, %{
  34         "status" => "I don't really like @#{tridi.nickname}",
  35         "visibility" => "direct",
  36         "in_reply_to_status_id" => activity.id,
  37         "in_reply_to_conversation_id" => participation.id
  38       })
  39
  40     assert har.ap_id in activity.recipients
  41     assert jafnhar.ap_id in activity.recipients
  42     refute tridi.ap_id in activity.recipients
  43   end
  44
  45   test "with the safe_dm_mention option set, it does not mention people beyond the initial tags" do
  46     har = insert(:user)
  47     jafnhar = insert(:user)
  48     tridi = insert(:user)
  49     option = Pleroma.Config.get([:instance, :safe_dm_mentions])
  50     Pleroma.Config.put([:instance, :safe_dm_mentions], true)
  51
  52     {:ok, activity} =
  53       CommonAPI.post(har, %{
  54         "status" => "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
  55         "visibility" => "direct"
  56       })
  57
  58     refute tridi.ap_id in activity.recipients
  59     assert jafnhar.ap_id in activity.recipients
  60     Pleroma.Config.put([:instance, :safe_dm_mentions], option)
  61   end
  62
  63   test "it de-duplicates tags" do
  64     user = insert(:user)
  65     {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu #2HU"})
  66
  67     object = Object.normalize(activity)
  68
  69     assert object.data["tag"] == ["2hu"]
  70   end
  71
  72   test "it adds emoji in the object" do
  73     user = insert(:user)
  74     {:ok, activity} = CommonAPI.post(user, %{"status" => ":firefox:"})
  75
  76     assert Object.normalize(activity).data["emoji"]["firefox"]
  77   end
  78
  79   test "it adds emoji when updating profiles" do
  80     user = insert(:user, %{name: ":firefox:"})
  81
  82     CommonAPI.update(user)
  83     user = User.get_cached_by_ap_id(user.ap_id)
  84     [firefox] = user.info.source_data["tag"]
  85
  86     assert firefox["name"] == ":firefox:"
  87   end
  88
  89   describe "posting" do
  90     test "it supports explicit addressing" do
  91       user = insert(:user)
  92       user_two = insert(:user)
  93       user_three = insert(:user)
  94       user_four = insert(:user)
  95
  96       {:ok, activity} =
  97         CommonAPI.post(user, %{
  98           "status" =>
  99             "Hey, I think @#{user_three.nickname} is ugly. @#{user_four.nickname} is alright though.",
 100           "to" => [user_two.nickname, user_four.nickname, "nonexistent"]
 101         })
 102
 103       assert user.ap_id in activity.recipients
 104       assert user_two.ap_id in activity.recipients
 105       assert user_four.ap_id in activity.recipients
 106       refute user_three.ap_id in activity.recipients
 107     end
 108
 109     test "it filters out obviously bad tags when accepting a post as HTML" do
 110       user = insert(:user)
 111
 112       post = "<p><b>2hu</b></p><script>alert('xss')</script>"
 113
 114       {:ok, activity} =
 115         CommonAPI.post(user, %{
 116           "status" => post,
 117           "content_type" => "text/html"
 118         })
 119
 120       object = Object.normalize(activity)
 121
 122       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
 123     end
 124
 125     test "it filters out obviously bad tags when accepting a post as Markdown" do
 126       user = insert(:user)
 127
 128       post = "<p><b>2hu</b></p><script>alert('xss')</script>"
 129
 130       {:ok, activity} =
 131         CommonAPI.post(user, %{
 132           "status" => post,
 133           "content_type" => "text/markdown"
 134         })
 135
 136       object = Object.normalize(activity)
 137
 138       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
 139     end
 140
 141     test "it does not allow replies to direct messages that are not direct messages themselves" do
 142       user = insert(:user)
 143
 144       {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
 145
 146       assert {:ok, _} =
 147                CommonAPI.post(user, %{
 148                  "status" => "suya..",
 149                  "visibility" => "direct",
 150                  "in_reply_to_status_id" => activity.id
 151                })
 152
 153       Enum.each(["public", "private", "unlisted"], fn visibility ->
 154         assert {:error, "The message visibility must be direct"} =
 155                  CommonAPI.post(user, %{
 156                    "status" => "suya..",
 157                    "visibility" => visibility,
 158                    "in_reply_to_status_id" => activity.id
 159                  })
 160       end)
 161     end
 162
 163     test "it allows to address a list" do
 164       user = insert(:user)
 165       {:ok, list} = Pleroma.List.create("foo", user)
 166
 167       {:ok, activity} =
 168         CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
 169
 170       assert activity.data["bcc"] == [list.ap_id]
 171       assert activity.recipients == [list.ap_id, user.ap_id]
 172       assert activity.data["listMessage"] == list.ap_id
 173     end
 174
 175     test "it returns error when status is empty and no attachments" do
 176       user = insert(:user)
 177
 178       assert {:error, "Cannot post an empty status without attachments"} =
 179                CommonAPI.post(user, %{"status" => ""})
 180     end
 181
 182     test "it returns error when character limit is exceeded" do
 183       limit = Pleroma.Config.get([:instance, :limit])
 184       Pleroma.Config.put([:instance, :limit], 5)
 185
 186       user = insert(:user)
 187
 188       assert {:error, "The status is over the character limit"} =
 189                CommonAPI.post(user, %{"status" => "foobar"})
 190
 191       Pleroma.Config.put([:instance, :limit], limit)
 192     end
 193   end
 194
 195   describe "reactions" do
 196     test "repeating a status" do
 197       user = insert(:user)
 198       other_user = insert(:user)
 199
 200       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 201
 202       {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
 203     end
 204
 205     test "favoriting a status" do
 206       user = insert(:user)
 207       other_user = insert(:user)
 208
 209       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 210
 211       {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
 212     end
 213
 214     test "retweeting a status twice returns an error" do
 215       user = insert(:user)
 216       other_user = insert(:user)
 217
 218       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 219       {:ok, %Activity{}, _object} = CommonAPI.repeat(activity.id, user)
 220       {:error, _} = CommonAPI.repeat(activity.id, user)
 221     end
 222
 223     test "favoriting a status twice returns an error" do
 224       user = insert(:user)
 225       other_user = insert(:user)
 226
 227       {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
 228       {:ok, %Activity{}, _object} = CommonAPI.favorite(activity.id, user)
 229       {:error, _} = CommonAPI.favorite(activity.id, user)
 230     end
 231   end
 232
 233   describe "pinned statuses" do
 234     setup do
 235       Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
 236
 237       user = insert(:user)
 238       {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
 239
 240       [user: user, activity: activity]
 241     end
 242
 243     test "pin status", %{user: user, activity: activity} do
 244       assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
 245
 246       id = activity.id
 247       user = refresh_record(user)
 248
 249       assert %User{info: %{pinned_activities: [^id]}} = user
 250     end
 251
 252     test "unlisted statuses can be pinned", %{user: user} do
 253       {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!", "visibility" => "unlisted"})
 254       assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
 255     end
 256
 257     test "only self-authored can be pinned", %{activity: activity} do
 258       user = insert(:user)
 259
 260       assert {:error, "Could not pin"} = CommonAPI.pin(activity.id, user)
 261     end
 262
 263     test "max pinned statuses", %{user: user, activity: activity_one} do
 264       {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
 265
 266       assert {:ok, ^activity_one} = CommonAPI.pin(activity_one.id, user)
 267
 268       user = refresh_record(user)
 269
 270       assert {:error, "You have already pinned the maximum number of statuses"} =
 271                CommonAPI.pin(activity_two.id, user)
 272     end
 273
 274     test "unpin status", %{user: user, activity: activity} do
 275       {:ok, activity} = CommonAPI.pin(activity.id, user)
 276
 277       user = refresh_record(user)
 278
 279       assert {:ok, ^activity} = CommonAPI.unpin(activity.id, user)
 280
 281       user = refresh_record(user)
 282
 283       assert %User{info: %{pinned_activities: []}} = user
 284     end
 285
 286     test "should unpin when deleting a status", %{user: user, activity: activity} do
 287       {:ok, activity} = CommonAPI.pin(activity.id, user)
 288
 289       user = refresh_record(user)
 290
 291       assert {:ok, _} = CommonAPI.delete(activity.id, user)
 292
 293       user = refresh_record(user)
 294
 295       assert %User{info: %{pinned_activities: []}} = user
 296     end
 297   end
 298
 299   describe "mute tests" do
 300     setup do
 301       user = insert(:user)
 302
 303       activity = insert(:note_activity)
 304
 305       [user: user, activity: activity]
 306     end
 307
 308     test "add mute", %{user: user, activity: activity} do
 309       {:ok, _} = CommonAPI.add_mute(user, activity)
 310       assert CommonAPI.thread_muted?(user, activity)
 311     end
 312
 313     test "remove mute", %{user: user, activity: activity} do
 314       CommonAPI.add_mute(user, activity)
 315       {:ok, _} = CommonAPI.remove_mute(user, activity)
 316       refute CommonAPI.thread_muted?(user, activity)
 317     end
 318
 319     test "check that mutes can't be duplicate", %{user: user, activity: activity} do
 320       CommonAPI.add_mute(user, activity)
 321       {:error, _} = CommonAPI.add_mute(user, activity)
 322     end
 323   end
 324
 325   describe "reports" do
 326     test "creates a report" do
 327       reporter = insert(:user)
 328       target_user = insert(:user)
 329
 330       {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
 331
 332       reporter_ap_id = reporter.ap_id
 333       target_ap_id = target_user.ap_id
 334       activity_ap_id = activity.data["id"]
 335       comment = "foobar"
 336
 337       report_data = %{
 338         "account_id" => target_user.id,
 339         "comment" => comment,
 340         "status_ids" => [activity.id]
 341       }
 342
 343       assert {:ok, flag_activity} = CommonAPI.report(reporter, report_data)
 344
 345       assert %Activity{
 346                actor: ^reporter_ap_id,
 347                data: %{
 348                  "type" => "Flag",
 349                  "content" => ^comment,
 350                  "object" => [^target_ap_id, ^activity_ap_id],
 351                  "state" => "open"
 352                }
 353              } = flag_activity
 354     end
 355
 356     test "updates report state" do
 357       [reporter, target_user] = insert_pair(:user)
 358       activity = insert(:note_activity, user: target_user)
 359
 360       {:ok, %Activity{id: report_id}} =
 361         CommonAPI.report(reporter, %{
 362           "account_id" => target_user.id,
 363           "comment" => "I feel offended",
 364           "status_ids" => [activity.id]
 365         })
 366
 367       {:ok, report} = CommonAPI.update_report_state(report_id, "resolved")
 368
 369       assert report.data["state"] == "resolved"
 370     end
 371
 372     test "does not update report state when state is unsupported" do
 373       [reporter, target_user] = insert_pair(:user)
 374       activity = insert(:note_activity, user: target_user)
 375
 376       {:ok, %Activity{id: report_id}} =
 377         CommonAPI.report(reporter, %{
 378           "account_id" => target_user.id,
 379           "comment" => "I feel offended",
 380           "status_ids" => [activity.id]
 381         })
 382
 383       assert CommonAPI.update_report_state(report_id, "test") == {:error, "Unsupported state"}
 384     end
 385   end
 386
 387   describe "reblog muting" do
 388     setup do
 389       muter = insert(:user)
 390
 391       muted = insert(:user)
 392
 393       [muter: muter, muted: muted]
 394     end
 395
 396     test "add a reblog mute", %{muter: muter, muted: muted} do
 397       {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
 398
 399       assert User.showing_reblogs?(muter, muted) == false
 400     end
 401
 402     test "remove a reblog mute", %{muter: muter, muted: muted} do
 403       {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
 404       {:ok, muter} = CommonAPI.show_reblogs(muter, muted)
 405
 406       assert User.showing_reblogs?(muter, muted) == true
 407     end
 408   end
 409
 410   describe "unfollow/2" do
 411     test "also unsubscribes a user" do
 412       [follower, followed] = insert_pair(:user)
 413       {:ok, follower, followed, _} = CommonAPI.follow(follower, followed)
 414       {:ok, followed} = User.subscribe(follower, followed)
 415
 416       assert User.subscribed_to?(follower, followed)
 417
 418       {:ok, follower} = CommonAPI.unfollow(follower, followed)
 419
 420       refute User.subscribed_to?(follower, followed)
 421     end
 422   end
 423
 424   describe "accept_follow_request/2" do
 425     test "after acceptance, it sets all existing pending follow request states to 'accept'" do
 426       user = insert(:user, info: %{locked: true})
 427       follower = insert(:user)
 428       follower_two = insert(:user)
 429
 430       {:ok, follow_activity} = ActivityPub.follow(follower, user)
 431       {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
 432       {:ok, follow_activity_three} = ActivityPub.follow(follower_two, user)
 433
 434       assert follow_activity.data["state"] == "pending"
 435       assert follow_activity_two.data["state"] == "pending"
 436       assert follow_activity_three.data["state"] == "pending"
 437
 438       {:ok, _follower} = CommonAPI.accept_follow_request(follower, user)
 439
 440       assert Repo.get(Activity, follow_activity.id).data["state"] == "accept"
 441       assert Repo.get(Activity, follow_activity_two.id).data["state"] == "accept"
 442       assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
 443     end
 444
 445     test "after rejection, it sets all existing pending follow request states to 'reject'" do
 446       user = insert(:user, info: %{locked: true})
 447       follower = insert(:user)
 448       follower_two = insert(:user)
 449
 450       {:ok, follow_activity} = ActivityPub.follow(follower, user)
 451       {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
 452       {:ok, follow_activity_three} = ActivityPub.follow(follower_two, user)
 453
 454       assert follow_activity.data["state"] == "pending"
 455       assert follow_activity_two.data["state"] == "pending"
 456       assert follow_activity_three.data["state"] == "pending"
 457
 458       {:ok, _follower} = CommonAPI.reject_follow_request(follower, user)
 459
 460       assert Repo.get(Activity, follow_activity.id).data["state"] == "reject"
 461       assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
 462       assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
 463     end
 464   end
 465
 466   describe "vote/3" do
 467     test "does not allow to vote twice" do
 468       user = insert(:user)
 469       other_user = insert(:user)
 470
 471       {:ok, activity} =
 472         CommonAPI.post(user, %{
 473           "status" => "Am I cute?",
 474           "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
 475         })
 476
 477       object = Object.normalize(activity)
 478
 479       {:ok, _, object} = CommonAPI.vote(other_user, object, [0])
 480
 481       assert {:error, "Already voted"} == CommonAPI.vote(other_user, object, [1])
 482     end
 483   end
 484 end