projects / akkoma / blob
? search:


c3d2ae3b41d046c7f82f7b7e25a717d593dc37d6
[akkoma] / test / web / static_fe / static_fe_controller_test.exs
1 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
2 use Pleroma.Web.ConnCase
3
4 alias Pleroma.Activity
5 alias Pleroma.Config
6 alias Pleroma.Web.ActivityPub.Transmogrifier
7 alias Pleroma.Web.CommonAPI
8
9 import Pleroma.Factory
10
11 clear_config_all([:static_fe, :enabled]) do
12 Config.put([:static_fe, :enabled], true)
13 end
14
15 clear_config([:instance, :federating]) do
16 Config.put([:instance, :federating], true)
17 end
18
19 setup %{conn: conn} do
20 conn = put_req_header(conn, "accept", "text/html")
21 user = insert(:user)
22
23 %{conn: conn, user: user}
24 end
25
26 describe "user profile html" do
27 test "just the profile as HTML", %{conn: conn, user: user} do
28 conn = get(conn, "/users/#{user.nickname}")
29
30 assert html_response(conn, 200) =~ user.nickname
31 end
32
33 test "404 when user not found", %{conn: conn} do
34 conn = get(conn, "/users/limpopo")
35
36 assert html_response(conn, 404) =~ "not found"
37 end
38
39 test "profile does not include private messages", %{conn: conn, user: user} do
40 CommonAPI.post(user, %{"status" => "public"})
41 CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
42
43 conn = get(conn, "/users/#{user.nickname}")
44
45 html = html_response(conn, 200)
46
47 assert html =~ ">public<"
48 refute html =~ ">private<"
49 end
50
51 test "pagination", %{conn: conn, user: user} do
52 Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
53
54 conn = get(conn, "/users/#{user.nickname}")
55
56 html = html_response(conn, 200)
57
58 assert html =~ ">test30<"
59 assert html =~ ">test11<"
60 refute html =~ ">test10<"
61 refute html =~ ">test1<"
62 end
63
64 test "pagination, page 2", %{conn: conn, user: user} do
65 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
66 {:ok, a11} = Enum.at(activities, 11)
67
68 conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
69
70 html = html_response(conn, 200)
71
72 assert html =~ ">test1<"
73 assert html =~ ">test10<"
74 refute html =~ ">test20<"
75 refute html =~ ">test29<"
76 end
77
78 test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
79 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}", user)
80 end
81 end
82
83 describe "notice html" do
84 test "single notice page", %{conn: conn, user: user} do
85 {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
86
87 conn = get(conn, "/notice/#{activity.id}")
88
89 html = html_response(conn, 200)
90 assert html =~ "<header>"
91 assert html =~ user.nickname
92 assert html =~ "testing a thing!"
93 end
94
95 test "filters HTML tags", %{conn: conn} do
96 user = insert(:user)
97 {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
98
99 conn =
100 conn
101 |> put_req_header("accept", "text/html")
102 |> get("/notice/#{activity.id}")
103
104 html = html_response(conn, 200)
105 assert html =~ ~s[&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;]
106 end
107
108 test "shows the whole thread", %{conn: conn, user: user} do
109 {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
110
111 CommonAPI.post(user, %{
112 "status" => "these are the voyages or something",
113 "in_reply_to_status_id" => activity.id
114 })
115
116 conn = get(conn, "/notice/#{activity.id}")
117
118 html = html_response(conn, 200)
119 assert html =~ "the final frontier"
120 assert html =~ "voyages"
121 end
122
123 test "redirect by AP object ID", %{conn: conn, user: user} do
124 {:ok, %Activity{data: %{"object" => object_url}}} =
125 CommonAPI.post(user, %{"status" => "beam me up"})
126
127 conn = get(conn, URI.parse(object_url).path)
128
129 assert html_response(conn, 302) =~ "redirected"
130 end
131
132 test "redirect by activity ID", %{conn: conn, user: user} do
133 {:ok, %Activity{data: %{"id" => id}}} =
134 CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
135
136 conn = get(conn, URI.parse(id).path)
137
138 assert html_response(conn, 302) =~ "redirected"
139 end
140
141 test "404 when notice not found", %{conn: conn} do
142 conn = get(conn, "/notice/88c9c317")
143
144 assert html_response(conn, 404) =~ "not found"
145 end
146
147 test "404 for private status", %{conn: conn, user: user} do
148 {:ok, activity} =
149 CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
150
151 conn = get(conn, "/notice/#{activity.id}")
152
153 assert html_response(conn, 404) =~ "not found"
154 end
155
156 test "302 for remote cached status", %{conn: conn, user: user} do
157 message = %{
158 "@context" => "https://www.w3.org/ns/activitystreams",
159 "to" => user.follower_address,
160 "cc" => "https://www.w3.org/ns/activitystreams#Public",
161 "type" => "Create",
162 "object" => %{
163 "content" => "blah blah blah",
164 "type" => "Note",
165 "attributedTo" => user.ap_id,
166 "inReplyTo" => nil
167 },
168 "actor" => user.ap_id
169 }
170
171 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
172
173 conn = get(conn, "/notice/#{activity.id}")
174
175 assert html_response(conn, 302) =~ "redirected"
176 end
177
178 test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
179 {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
180
181 ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)
182 end
183 end
184 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git