1 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
2 use Pleroma.Web.ConnCase
6 alias Pleroma.Web.ActivityPub.Transmogrifier
7 alias Pleroma.Web.CommonAPI
11 clear_config_all([:static_fe, :enabled], true)
13 clear_config([:instance, :federating], true)
15 setup %{conn: conn} do
16 conn = put_req_header(conn, "accept", "text/html")
19 %{conn: conn, user: user}
22 describe "user profile html" do
23 test "just the profile as HTML", %{conn: conn, user: user} do
24 conn = get(conn, "/users/#{user.nickname}")
26 assert html_response(conn, 200) =~ user.nickname
29 test "404 when user not found", %{conn: conn} do
30 conn = get(conn, "/users/limpopo")
32 assert html_response(conn, 404) =~ "not found"
35 test "profile does not include private messages", %{conn: conn, user: user} do
36 CommonAPI.post(user, %{"status" => "public"})
37 CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
39 conn = get(conn, "/users/#{user.nickname}")
41 html = html_response(conn, 200)
43 assert html =~ ">public<"
44 refute html =~ ">private<"
47 test "pagination", %{conn: conn, user: user} do
48 Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
50 conn = get(conn, "/users/#{user.nickname}")
52 html = html_response(conn, 200)
54 assert html =~ ">test30<"
55 assert html =~ ">test11<"
56 refute html =~ ">test10<"
57 refute html =~ ">test1<"
60 test "pagination, page 2", %{conn: conn, user: user} do
61 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
62 {:ok, a11} = Enum.at(activities, 11)
64 conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
66 html = html_response(conn, 200)
68 assert html =~ ">test1<"
69 assert html =~ ">test10<"
70 refute html =~ ">test20<"
71 refute html =~ ">test29<"
74 test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
75 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}", user)
79 describe "notice html" do
80 test "single notice page", %{conn: conn, user: user} do
81 {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
83 conn = get(conn, "/notice/#{activity.id}")
85 html = html_response(conn, 200)
86 assert html =~ "<header>"
87 assert html =~ user.nickname
88 assert html =~ "testing a thing!"
91 test "filters HTML tags", %{conn: conn} do
93 {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
97 |> put_req_header("accept", "text/html")
98 |> get("/notice/#{activity.id}")
100 html = html_response(conn, 200)
101 assert html =~ ~s[<script>alert('xss')</script>]
104 test "shows the whole thread", %{conn: conn, user: user} do
105 {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
107 CommonAPI.post(user, %{
108 "status" => "these are the voyages or something",
109 "in_reply_to_status_id" => activity.id
112 conn = get(conn, "/notice/#{activity.id}")
114 html = html_response(conn, 200)
115 assert html =~ "the final frontier"
116 assert html =~ "voyages"
119 test "redirect by AP object ID", %{conn: conn, user: user} do
120 {:ok, %Activity{data: %{"object" => object_url}}} =
121 CommonAPI.post(user, %{"status" => "beam me up"})
123 conn = get(conn, URI.parse(object_url).path)
125 assert html_response(conn, 302) =~ "redirected"
128 test "redirect by activity ID", %{conn: conn, user: user} do
129 {:ok, %Activity{data: %{"id" => id}}} =
130 CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
132 conn = get(conn, URI.parse(id).path)
134 assert html_response(conn, 302) =~ "redirected"
137 test "404 when notice not found", %{conn: conn} do
138 conn = get(conn, "/notice/88c9c317")
140 assert html_response(conn, 404) =~ "not found"
143 test "404 for private status", %{conn: conn, user: user} do
145 CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
147 conn = get(conn, "/notice/#{activity.id}")
149 assert html_response(conn, 404) =~ "not found"
152 test "302 for remote cached status", %{conn: conn, user: user} do
154 "@context" => "https://www.w3.org/ns/activitystreams",
155 "to" => user.follower_address,
156 "cc" => "https://www.w3.org/ns/activitystreams#Public",
159 "content" => "blah blah blah",
161 "attributedTo" => user.ap_id,
164 "actor" => user.ap_id
167 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
169 conn = get(conn, "/notice/#{activity.id}")
171 assert html_response(conn, 302) =~ "redirected"
174 test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
175 {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
177 ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)