projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Mastodon API: Sanitize display names
[akkoma] / test / web / mastodon_api / account_view_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
6 use Pleroma.DataCase
7 import Pleroma.Factory
8 alias Pleroma.User
9 alias Pleroma.Web.MastodonAPI.AccountView
10
11 test "Represent a user account" do
12 source_data = %{
13 "tag" => [
14 %{
15 "type" => "Emoji",
16 "icon" => %{"url" => "/file.png"},
17 "name" => ":karjalanpiirakka:"
18 }
19 ]
20 }
21
22 background_image = %{
23 "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
24 }
25
26 user =
27 insert(:user, %{
28 info: %{
29 note_count: 5,
30 follower_count: 3,
31 source_data: source_data,
32 background: background_image
33 },
34 nickname: "shp@shitposter.club",
35 name: ":karjalanpiirakka: shp",
36 bio: "<script src=\"invalid-html\"></script><span>valid html</span>",
37 inserted_at: ~N[2017-08-15 15:47:06.597036]
38 })
39
40 expected = %{
41 id: to_string(user.id),
42 username: "shp",
43 acct: user.nickname,
44 display_name: user.name,
45 locked: false,
46 created_at: "2017-08-15T15:47:06.000Z",
47 followers_count: 3,
48 following_count: 0,
49 statuses_count: 5,
50 note: "<span>valid html</span>",
51 url: user.ap_id,
52 avatar: "http://localhost:4001/images/avi.png",
53 avatar_static: "http://localhost:4001/images/avi.png",
54 header: "http://localhost:4001/images/banner.png",
55 header_static: "http://localhost:4001/images/banner.png",
56 emojis: [
57 %{
58 "static_url" => "/file.png",
59 "url" => "/file.png",
60 "shortcode" => "karjalanpiirakka",
61 "visible_in_picker" => false
62 }
63 ],
64 fields: [],
65 bot: false,
66 source: %{
67 note: "valid html",
68 sensitive: false,
69 pleroma: %{}
70 },
71 pleroma: %{
72 background_image: "https://example.com/images/asuka_hospital.png",
73 confirmation_pending: false,
74 tags: [],
75 is_admin: false,
76 is_moderator: false,
77 hide_favorites: true,
78 hide_followers: false,
79 hide_follows: false,
80 relationship: %{},
81 skip_thread_containment: false
82 }
83 }
84
85 assert expected == AccountView.render("account.json", %{user: user})
86 end
87
88 test "Represent the user account for the account owner" do
89 user = insert(:user)
90
91 notification_settings = %{
92 "followers" => true,
93 "follows" => true,
94 "non_follows" => true,
95 "non_followers" => true
96 }
97
98 privacy = user.info.default_scope
99
100 assert %{
101 pleroma: %{notification_settings: ^notification_settings},
102 source: %{privacy: ^privacy}
103 } = AccountView.render("account.json", %{user: user, for: user})
104 end
105
106 test "Represent a Service(bot) account" do
107 user =
108 insert(:user, %{
109 info: %{note_count: 5, follower_count: 3, source_data: %{"type" => "Service"}},
110 nickname: "shp@shitposter.club",
111 inserted_at: ~N[2017-08-15 15:47:06.597036]
112 })
113
114 expected = %{
115 id: to_string(user.id),
116 username: "shp",
117 acct: user.nickname,
118 display_name: user.name,
119 locked: false,
120 created_at: "2017-08-15T15:47:06.000Z",
121 followers_count: 3,
122 following_count: 0,
123 statuses_count: 5,
124 note: user.bio,
125 url: user.ap_id,
126 avatar: "http://localhost:4001/images/avi.png",
127 avatar_static: "http://localhost:4001/images/avi.png",
128 header: "http://localhost:4001/images/banner.png",
129 header_static: "http://localhost:4001/images/banner.png",
130 emojis: [],
131 fields: [],
132 bot: true,
133 source: %{
134 note: user.bio,
135 sensitive: false,
136 pleroma: %{}
137 },
138 pleroma: %{
139 background_image: nil,
140 confirmation_pending: false,
141 tags: [],
142 is_admin: false,
143 is_moderator: false,
144 hide_favorites: true,
145 hide_followers: false,
146 hide_follows: false,
147 relationship: %{},
148 skip_thread_containment: false
149 }
150 }
151
152 assert expected == AccountView.render("account.json", %{user: user})
153 end
154
155 test "Represent a smaller mention" do
156 user = insert(:user)
157
158 expected = %{
159 id: to_string(user.id),
160 acct: user.nickname,
161 username: user.nickname,
162 url: user.ap_id
163 }
164
165 assert expected == AccountView.render("mention.json", %{user: user})
166 end
167
168 test "represent a relationship" do
169 user = insert(:user)
170 other_user = insert(:user)
171
172 {:ok, user} = User.follow(user, other_user)
173 {:ok, user} = User.block(user, other_user)
174
175 expected = %{
176 id: to_string(other_user.id),
177 following: false,
178 followed_by: false,
179 blocking: true,
180 muting: false,
181 muting_notifications: false,
182 subscribing: false,
183 requested: false,
184 domain_blocking: false,
185 showing_reblogs: true,
186 endorsed: false
187 }
188
189 assert expected == AccountView.render("relationship.json", %{user: user, target: other_user})
190 end
191
192 test "represent an embedded relationship" do
193 user =
194 insert(:user, %{
195 info: %{note_count: 5, follower_count: 0, source_data: %{"type" => "Service"}},
196 nickname: "shp@shitposter.club",
197 inserted_at: ~N[2017-08-15 15:47:06.597036]
198 })
199
200 other_user = insert(:user)
201 {:ok, other_user} = User.follow(other_user, user)
202 {:ok, other_user} = User.block(other_user, user)
203 {:ok, _} = User.follow(insert(:user), user)
204
205 expected = %{
206 id: to_string(user.id),
207 username: "shp",
208 acct: user.nickname,
209 display_name: user.name,
210 locked: false,
211 created_at: "2017-08-15T15:47:06.000Z",
212 followers_count: 1,
213 following_count: 0,
214 statuses_count: 5,
215 note: user.bio,
216 url: user.ap_id,
217 avatar: "http://localhost:4001/images/avi.png",
218 avatar_static: "http://localhost:4001/images/avi.png",
219 header: "http://localhost:4001/images/banner.png",
220 header_static: "http://localhost:4001/images/banner.png",
221 emojis: [],
222 fields: [],
223 bot: true,
224 source: %{
225 note: user.bio,
226 sensitive: false,
227 pleroma: %{}
228 },
229 pleroma: %{
230 background_image: nil,
231 confirmation_pending: false,
232 tags: [],
233 is_admin: false,
234 is_moderator: false,
235 hide_favorites: true,
236 hide_followers: false,
237 hide_follows: false,
238 relationship: %{
239 id: to_string(user.id),
240 following: false,
241 followed_by: false,
242 blocking: true,
243 subscribing: false,
244 muting: false,
245 muting_notifications: false,
246 requested: false,
247 domain_blocking: false,
248 showing_reblogs: true,
249 endorsed: false
250 },
251 skip_thread_containment: false
252 }
253 }
254
255 assert expected == AccountView.render("account.json", %{user: user, for: other_user})
256 end
257
258 test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
259 user = insert(:user, %{info: %User.Info{pleroma_settings_store: %{fe: "test"}}})
260
261 result =
262 AccountView.render("account.json", %{user: user, for: user, with_pleroma_settings: true})
263
264 assert result.pleroma.settings_store == %{:fe => "test"}
265
266 result = AccountView.render("account.json", %{user: user, with_pleroma_settings: true})
267 assert result.pleroma[:settings_store] == nil
268
269 result = AccountView.render("account.json", %{user: user, for: user})
270 assert result.pleroma[:settings_store] == nil
271 end
272
273 test "sanitizes display names" do
274 user = insert(:user, name: "<marquee> username </marquee>")
275 result = AccountView.render("account.json", %{user: user})
276 refute result.display_name == "<marquee> username </marquee>"
277 end
278 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git