git.squeep.com Git - akkoma/blob - test/web/ostatus/ostatus_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.OStatus.OStatusControllerTest do
   6   use Pleroma.Web.ConnCase
   7
   8   import Pleroma.Factory
   9
  10   alias Pleroma.Config
  11   alias Pleroma.Object
  12   alias Pleroma.User
  13   alias Pleroma.Web.CommonAPI
  14
  15   setup_all do
  16     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
  17     :ok
  18   end
  19
  20   setup do: clear_config([:instance, :federating], true)
  21
  22   # Note: see ActivityPubControllerTest for JSON format tests
  23   describe "GET /objects/:uuid (text/html)" do
  24     setup %{conn: conn} do
  25       conn = put_req_header(conn, "accept", "text/html")
  26       %{conn: conn}
  27     end
  28
  29     test "redirects to /notice/id for html format", %{conn: conn} do
  30       note_activity = insert(:note_activity)
  31       object = Object.normalize(note_activity)
  32       [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
  33       url = "/objects/#{uuid}"
  34
  35       conn = get(conn, url)
  36       assert redirected_to(conn) == "/notice/#{note_activity.id}"
  37     end
  38
  39     test "404s on private objects", %{conn: conn} do
  40       note_activity = insert(:direct_note_activity)
  41       object = Object.normalize(note_activity)
  42       [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
  43
  44       conn
  45       |> get("/objects/#{uuid}")
  46       |> response(404)
  47     end
  48
  49     test "404s on non-existing objects", %{conn: conn} do
  50       conn
  51       |> get("/objects/123")
  52       |> response(404)
  53     end
  54   end
  55
  56   # Note: see ActivityPubControllerTest for JSON format tests
  57   describe "GET /activities/:uuid (text/html)" do
  58     setup %{conn: conn} do
  59       conn = put_req_header(conn, "accept", "text/html")
  60       %{conn: conn}
  61     end
  62
  63     test "redirects to /notice/id for html format", %{conn: conn} do
  64       note_activity = insert(:note_activity)
  65       [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
  66
  67       conn = get(conn, "/activities/#{uuid}")
  68       assert redirected_to(conn) == "/notice/#{note_activity.id}"
  69     end
  70
  71     test "404s on private activities", %{conn: conn} do
  72       note_activity = insert(:direct_note_activity)
  73       [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
  74
  75       conn
  76       |> get("/activities/#{uuid}")
  77       |> response(404)
  78     end
  79
  80     test "404s on nonexistent activities", %{conn: conn} do
  81       conn
  82       |> get("/activities/123")
  83       |> response(404)
  84     end
  85   end
  86
  87   describe "GET notice/2" do
  88     test "redirects to a proper object URL when json requested and the object is local", %{
  89       conn: conn
  90     } do
  91       note_activity = insert(:note_activity)
  92       expected_redirect_url = Object.normalize(note_activity).data["id"]
  93
  94       redirect_url =
  95         conn
  96         |> put_req_header("accept", "application/activity+json")
  97         |> get("/notice/#{note_activity.id}")
  98         |> redirected_to()
  99
 100       assert redirect_url == expected_redirect_url
 101     end
 102
 103     test "returns a 404 on remote notice when json requested", %{conn: conn} do
 104       note_activity = insert(:note_activity, local: false)
 105
 106       conn
 107       |> put_req_header("accept", "application/activity+json")
 108       |> get("/notice/#{note_activity.id}")
 109       |> response(404)
 110     end
 111
 112     test "500s when actor not found", %{conn: conn} do
 113       note_activity = insert(:note_activity)
 114       user = User.get_cached_by_ap_id(note_activity.data["actor"])
 115       User.invalidate_cache(user)
 116       Pleroma.Repo.delete(user)
 117
 118       conn =
 119         conn
 120         |> get("/notice/#{note_activity.id}")
 121
 122       assert response(conn, 500) == ~S({"error":"Something went wrong"})
 123     end
 124
 125     test "render html for redirect for html format", %{conn: conn} do
 126       note_activity = insert(:note_activity)
 127
 128       resp =
 129         conn
 130         |> put_req_header("accept", "text/html")
 131         |> get("/notice/#{note_activity.id}")
 132         |> response(200)
 133
 134       assert resp =~
 135                "<meta content=\"#{Pleroma.Web.base_url()}/notice/#{note_activity.id}\" property=\"og:url\">"
 136
 137       user = insert(:user)
 138
 139       {:ok, like_activity} = CommonAPI.favorite(user, note_activity.id)
 140
 141       assert like_activity.data["type"] == "Like"
 142
 143       resp =
 144         conn
 145         |> put_req_header("accept", "text/html")
 146         |> get("/notice/#{like_activity.id}")
 147         |> response(200)
 148
 149       assert resp =~ "<!--server-generated-meta-->"
 150     end
 151
 152     test "404s a private notice", %{conn: conn} do
 153       note_activity = insert(:direct_note_activity)
 154       url = "/notice/#{note_activity.id}"
 155
 156       conn =
 157         conn
 158         |> get(url)
 159
 160       assert response(conn, 404)
 161     end
 162
 163     test "404s a non-existing notice", %{conn: conn} do
 164       url = "/notice/123"
 165
 166       conn =
 167         conn
 168         |> get(url)
 169
 170       assert response(conn, 404)
 171     end
 172
 173     test "it requires authentication if instance is NOT federating", %{
 174       conn: conn
 175     } do
 176       user = insert(:user)
 177       note_activity = insert(:note_activity)
 178
 179       conn = put_req_header(conn, "accept", "text/html")
 180
 181       ensure_federating_or_authenticated(conn, "/notice/#{note_activity.id}", user)
 182     end
 183   end
 184
 185   describe "GET /notice/:id/embed_player" do
 186     setup do
 187       note_activity = insert(:note_activity)
 188       object = Pleroma.Object.normalize(note_activity)
 189
 190       object_data =
 191         Map.put(object.data, "attachment", [
 192           %{
 193             "url" => [
 194               %{
 195                 "href" =>
 196                   "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
 197                 "mediaType" => "video/mp4",
 198                 "type" => "Link"
 199               }
 200             ]
 201           }
 202         ])
 203
 204       object
 205       |> Ecto.Changeset.change(data: object_data)
 206       |> Pleroma.Repo.update()
 207
 208       %{note_activity: note_activity}
 209     end
 210
 211     test "renders embed player", %{conn: conn, note_activity: note_activity} do
 212       conn = get(conn, "/notice/#{note_activity.id}/embed_player")
 213
 214       assert Plug.Conn.get_resp_header(conn, "x-frame-options") == ["ALLOW"]
 215
 216       assert Plug.Conn.get_resp_header(
 217                conn,
 218                "content-security-policy"
 219              ) == [
 220                "default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; media-src 'self' https:;"
 221              ]
 222
 223       assert response(conn, 200) =~
 224                "<video controls loop><source src=\"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4\" type=\"video/mp4\">Your browser does not support video/mp4 playback.</video>"
 225     end
 226
 227     test "404s when activity isn't create", %{conn: conn} do
 228       note_activity = insert(:note_activity, data_attrs: %{"type" => "Like"})
 229
 230       assert conn
 231              |> get("/notice/#{note_activity.id}/embed_player")
 232              |> response(404)
 233     end
 234
 235     test "404s when activity is direct message", %{conn: conn} do
 236       note_activity = insert(:note_activity, data_attrs: %{"directMessage" => true})
 237
 238       assert conn
 239              |> get("/notice/#{note_activity.id}/embed_player")
 240              |> response(404)
 241     end
 242
 243     test "404s when attachment is empty", %{conn: conn} do
 244       note_activity = insert(:note_activity)
 245       object = Pleroma.Object.normalize(note_activity)
 246       object_data = Map.put(object.data, "attachment", [])
 247
 248       object
 249       |> Ecto.Changeset.change(data: object_data)
 250       |> Pleroma.Repo.update()
 251
 252       assert conn
 253              |> get("/notice/#{note_activity.id}/embed_player")
 254              |> response(404)
 255     end
 256
 257     test "404s when attachment isn't audio or video", %{conn: conn} do
 258       note_activity = insert(:note_activity)
 259       object = Pleroma.Object.normalize(note_activity)
 260
 261       object_data =
 262         Map.put(object.data, "attachment", [
 263           %{
 264             "url" => [
 265               %{
 266                 "href" => "https://peertube.moe/static/webseed/480.jpg",
 267                 "mediaType" => "image/jpg",
 268                 "type" => "Link"
 269               }
 270             ]
 271           }
 272         ])
 273
 274       object
 275       |> Ecto.Changeset.change(data: object_data)
 276       |> Pleroma.Repo.update()
 277
 278       conn
 279       |> get("/notice/#{note_activity.id}/embed_player")
 280       |> response(404)
 281     end
 282
 283     test "it requires authentication if instance is NOT federating", %{
 284       conn: conn,
 285       note_activity: note_activity
 286     } do
 287       user = insert(:user)
 288       conn = put_req_header(conn, "accept", "text/html")
 289
 290       ensure_federating_or_authenticated(conn, "/notice/#{note_activity.id}/embed_player", user)
 291     end
 292   end
 293 end