e96106f1114777ca284f80921e9319b22d92a319
[akkoma] / test / web / common_api / common_api_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.CommonAPITest do
6 use Pleroma.DataCase
7 alias Pleroma.Activity
8 alias Pleroma.Object
9 alias Pleroma.User
10 alias Pleroma.Web.ActivityPub.ActivityPub
11 alias Pleroma.Web.CommonAPI
12
13 import Pleroma.Factory
14
15 test "with the safe_dm_mention option set, it does not mention people beyond the initial tags" do
16 har = insert(:user)
17 jafnhar = insert(:user)
18 tridi = insert(:user)
19 option = Pleroma.Config.get([:instance, :safe_dm_mentions])
20 Pleroma.Config.put([:instance, :safe_dm_mentions], true)
21
22 {:ok, activity} =
23 CommonAPI.post(har, %{
24 "status" => "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
25 "visibility" => "direct"
26 })
27
28 refute tridi.ap_id in activity.recipients
29 assert jafnhar.ap_id in activity.recipients
30 Pleroma.Config.put([:instance, :safe_dm_mentions], option)
31 end
32
33 test "it de-duplicates tags" do
34 user = insert(:user)
35 {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu #2HU"})
36
37 object = Object.normalize(activity.data["object"])
38
39 assert object.data["tag"] == ["2hu"]
40 end
41
42 test "it adds emoji in the object" do
43 user = insert(:user)
44 {:ok, activity} = CommonAPI.post(user, %{"status" => ":firefox:"})
45
46 assert Object.normalize(activity).data["emoji"]["firefox"]
47 end
48
49 test "it adds emoji when updating profiles" do
50 user = insert(:user, %{name: ":firefox:"})
51
52 CommonAPI.update(user)
53 user = User.get_cached_by_ap_id(user.ap_id)
54 [firefox] = user.info.source_data["tag"]
55
56 assert firefox["name"] == ":firefox:"
57 end
58
59 describe "posting" do
60 test "it supports explicit addressing" do
61 user = insert(:user)
62 user_two = insert(:user)
63 user_three = insert(:user)
64 user_four = insert(:user)
65
66 {:ok, activity} =
67 CommonAPI.post(user, %{
68 "status" =>
69 "Hey, I think @#{user_three.nickname} is ugly. @#{user_four.nickname} is alright though.",
70 "to" => [user_two.nickname, user_four.nickname, "nonexistent"]
71 })
72
73 assert user.ap_id in activity.recipients
74 assert user_two.ap_id in activity.recipients
75 assert user_four.ap_id in activity.recipients
76 refute user_three.ap_id in activity.recipients
77 end
78
79 test "it filters out obviously bad tags when accepting a post as HTML" do
80 user = insert(:user)
81
82 post = "<p><b>2hu</b></p><script>alert('xss')</script>"
83
84 {:ok, activity} =
85 CommonAPI.post(user, %{
86 "status" => post,
87 "content_type" => "text/html"
88 })
89
90 object = Object.normalize(activity.data["object"])
91
92 assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
93 end
94
95 test "it filters out obviously bad tags when accepting a post as Markdown" do
96 user = insert(:user)
97
98 post = "<p><b>2hu</b></p><script>alert('xss')</script>"
99
100 {:ok, activity} =
101 CommonAPI.post(user, %{
102 "status" => post,
103 "content_type" => "text/markdown"
104 })
105
106 object = Object.normalize(activity.data["object"])
107
108 assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
109 end
110
111 test "it does not allow replies to direct messages that are not direct messages themselves" do
112 user = insert(:user)
113
114 {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
115
116 assert {:ok, _} =
117 CommonAPI.post(user, %{
118 "status" => "suya..",
119 "visibility" => "direct",
120 "in_reply_to_status_id" => activity.id
121 })
122
123 Enum.each(["public", "private", "unlisted"], fn visibility ->
124 assert {:error, "The message visibility must be direct"} =
125 CommonAPI.post(user, %{
126 "status" => "suya..",
127 "visibility" => visibility,
128 "in_reply_to_status_id" => activity.id
129 })
130 end)
131 end
132 end
133
134 describe "reactions" do
135 test "repeating a status" do
136 user = insert(:user)
137 other_user = insert(:user)
138
139 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
140
141 {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
142 end
143
144 test "favoriting a status" do
145 user = insert(:user)
146 other_user = insert(:user)
147
148 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
149
150 {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
151 end
152
153 test "retweeting a status twice returns an error" do
154 user = insert(:user)
155 other_user = insert(:user)
156
157 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
158 {:ok, %Activity{}, _object} = CommonAPI.repeat(activity.id, user)
159 {:error, _} = CommonAPI.repeat(activity.id, user)
160 end
161
162 test "favoriting a status twice returns an error" do
163 user = insert(:user)
164 other_user = insert(:user)
165
166 {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
167 {:ok, %Activity{}, _object} = CommonAPI.favorite(activity.id, user)
168 {:error, _} = CommonAPI.favorite(activity.id, user)
169 end
170 end
171
172 describe "pinned statuses" do
173 setup do
174 Pleroma.Config.put([:instance, :max_pinned_statuses], 1)
175
176 user = insert(:user)
177 {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
178
179 [user: user, activity: activity]
180 end
181
182 test "pin status", %{user: user, activity: activity} do
183 assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
184
185 id = activity.id
186 user = refresh_record(user)
187
188 assert %User{info: %{pinned_activities: [^id]}} = user
189 end
190
191 test "only self-authored can be pinned", %{activity: activity} do
192 user = insert(:user)
193
194 assert {:error, "Could not pin"} = CommonAPI.pin(activity.id, user)
195 end
196
197 test "max pinned statuses", %{user: user, activity: activity_one} do
198 {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
199
200 assert {:ok, ^activity_one} = CommonAPI.pin(activity_one.id, user)
201
202 user = refresh_record(user)
203
204 assert {:error, "You have already pinned the maximum number of statuses"} =
205 CommonAPI.pin(activity_two.id, user)
206 end
207
208 test "unpin status", %{user: user, activity: activity} do
209 {:ok, activity} = CommonAPI.pin(activity.id, user)
210
211 user = refresh_record(user)
212
213 assert {:ok, ^activity} = CommonAPI.unpin(activity.id, user)
214
215 user = refresh_record(user)
216
217 assert %User{info: %{pinned_activities: []}} = user
218 end
219
220 test "should unpin when deleting a status", %{user: user, activity: activity} do
221 {:ok, activity} = CommonAPI.pin(activity.id, user)
222
223 user = refresh_record(user)
224
225 assert {:ok, _} = CommonAPI.delete(activity.id, user)
226
227 user = refresh_record(user)
228
229 assert %User{info: %{pinned_activities: []}} = user
230 end
231 end
232
233 describe "mute tests" do
234 setup do
235 user = insert(:user)
236
237 activity = insert(:note_activity)
238
239 [user: user, activity: activity]
240 end
241
242 test "add mute", %{user: user, activity: activity} do
243 {:ok, _} = CommonAPI.add_mute(user, activity)
244 assert CommonAPI.thread_muted?(user, activity)
245 end
246
247 test "remove mute", %{user: user, activity: activity} do
248 CommonAPI.add_mute(user, activity)
249 {:ok, _} = CommonAPI.remove_mute(user, activity)
250 refute CommonAPI.thread_muted?(user, activity)
251 end
252
253 test "check that mutes can't be duplicate", %{user: user, activity: activity} do
254 CommonAPI.add_mute(user, activity)
255 {:error, _} = CommonAPI.add_mute(user, activity)
256 end
257 end
258
259 describe "reports" do
260 test "creates a report" do
261 reporter = insert(:user)
262 target_user = insert(:user)
263
264 {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
265
266 reporter_ap_id = reporter.ap_id
267 target_ap_id = target_user.ap_id
268 activity_ap_id = activity.data["id"]
269 comment = "foobar"
270
271 report_data = %{
272 "account_id" => target_user.id,
273 "comment" => comment,
274 "status_ids" => [activity.id]
275 }
276
277 assert {:ok, flag_activity} = CommonAPI.report(reporter, report_data)
278
279 assert %Activity{
280 actor: ^reporter_ap_id,
281 data: %{
282 "type" => "Flag",
283 "content" => ^comment,
284 "object" => [^target_ap_id, ^activity_ap_id],
285 "state" => "open"
286 }
287 } = flag_activity
288 end
289
290 test "updates report state" do
291 [reporter, target_user] = insert_pair(:user)
292 activity = insert(:note_activity, user: target_user)
293
294 {:ok, %Activity{id: report_id}} =
295 CommonAPI.report(reporter, %{
296 "account_id" => target_user.id,
297 "comment" => "I feel offended",
298 "status_ids" => [activity.id]
299 })
300
301 {:ok, report} = CommonAPI.update_report_state(report_id, "resolved")
302
303 assert report.data["state"] == "resolved"
304 end
305
306 test "does not update report state when state is unsupported" do
307 [reporter, target_user] = insert_pair(:user)
308 activity = insert(:note_activity, user: target_user)
309
310 {:ok, %Activity{id: report_id}} =
311 CommonAPI.report(reporter, %{
312 "account_id" => target_user.id,
313 "comment" => "I feel offended",
314 "status_ids" => [activity.id]
315 })
316
317 assert CommonAPI.update_report_state(report_id, "test") == {:error, "Unsupported state"}
318 end
319 end
320
321 describe "reblog muting" do
322 setup do
323 muter = insert(:user)
324
325 muted = insert(:user)
326
327 [muter: muter, muted: muted]
328 end
329
330 test "add a reblog mute", %{muter: muter, muted: muted} do
331 {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
332
333 assert User.showing_reblogs?(muter, muted) == false
334 end
335
336 test "remove a reblog mute", %{muter: muter, muted: muted} do
337 {:ok, muter} = CommonAPI.hide_reblogs(muter, muted)
338 {:ok, muter} = CommonAPI.show_reblogs(muter, muted)
339
340 assert User.showing_reblogs?(muter, muted) == true
341 end
342 end
343
344 describe "accept_follow_request/2" do
345 test "after acceptance, it sets all existing pending follow request states to 'accept'" do
346 user = insert(:user, info: %{locked: true})
347 follower = insert(:user)
348 follower_two = insert(:user)
349
350 {:ok, follow_activity} = ActivityPub.follow(follower, user)
351 {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
352 {:ok, follow_activity_three} = ActivityPub.follow(follower_two, user)
353
354 assert follow_activity.data["state"] == "pending"
355 assert follow_activity_two.data["state"] == "pending"
356 assert follow_activity_three.data["state"] == "pending"
357
358 {:ok, _follower} = CommonAPI.accept_follow_request(follower, user)
359
360 assert Repo.get(Activity, follow_activity.id).data["state"] == "accept"
361 assert Repo.get(Activity, follow_activity_two.id).data["state"] == "accept"
362 assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
363 end
364
365 test "after rejection, it sets all existing pending follow request states to 'reject'" do
366 user = insert(:user, info: %{locked: true})
367 follower = insert(:user)
368 follower_two = insert(:user)
369
370 {:ok, follow_activity} = ActivityPub.follow(follower, user)
371 {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
372 {:ok, follow_activity_three} = ActivityPub.follow(follower_two, user)
373
374 assert follow_activity.data["state"] == "pending"
375 assert follow_activity_two.data["state"] == "pending"
376 assert follow_activity_three.data["state"] == "pending"
377
378 {:ok, _follower} = CommonAPI.reject_follow_request(follower, user)
379
380 assert Repo.get(Activity, follow_activity.id).data["state"] == "reject"
381 assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
382 assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
383 end
384 end
385 end