1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Web.ActivityPub.Transmogrifier
11 alias Pleroma.Web.CommonAPI
13 import Pleroma.Factory
15 setup_all do: clear_config([:static_fe, :enabled], true)
16 setup do: clear_config([:instance, :federating], true)
18 setup %{conn: conn} do
19 conn = put_req_header(conn, "accept", "text/html")
22 %{conn: conn, user: user}
25 describe "user profile html" do
26 test "just the profile as HTML", %{conn: conn, user: user} do
27 conn = get(conn, "/users/#{user.nickname}")
29 assert html_response(conn, 200) =~ user.nickname
32 test "404 when user not found", %{conn: conn} do
33 conn = get(conn, "/users/limpopo")
35 assert html_response(conn, 404) =~ "not found"
38 test "profile does not include private messages", %{conn: conn, user: user} do
39 CommonAPI.post(user, %{status: "public"})
40 CommonAPI.post(user, %{status: "private", visibility: "private"})
42 conn = get(conn, "/users/#{user.nickname}")
44 html = html_response(conn, 200)
46 assert html =~ ">public<"
47 refute html =~ ">private<"
50 test "pagination", %{conn: conn, user: user} do
51 Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
53 conn = get(conn, "/users/#{user.nickname}")
55 html = html_response(conn, 200)
57 assert html =~ ">test30<"
58 assert html =~ ">test11<"
59 refute html =~ ">test10<"
60 refute html =~ ">test1<"
63 test "pagination, page 2", %{conn: conn, user: user} do
64 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
65 {:ok, a11} = Enum.at(activities, 11)
67 conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
69 html = html_response(conn, 200)
71 assert html =~ ">test1<"
72 assert html =~ ">test10<"
73 refute html =~ ">test20<"
74 refute html =~ ">test29<"
77 test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
78 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}", user)
82 describe "notice html" do
83 test "single notice page", %{conn: conn, user: user} do
84 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
86 conn = get(conn, "/notice/#{activity.id}")
88 html = html_response(conn, 200)
89 assert html =~ "<header>"
90 assert html =~ user.nickname
91 assert html =~ "testing a thing!"
94 test "redirects to json if requested", %{conn: conn, user: user} do
95 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
101 "Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
103 |> get("/notice/#{activity.id}")
105 assert redirected_to(conn, 302) =~ activity.data["object"]
108 test "filters HTML tags", %{conn: conn} do
110 {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
114 |> put_req_header("accept", "text/html")
115 |> get("/notice/#{activity.id}")
117 html = html_response(conn, 200)
118 assert html =~ ~s[<script>alert('xss')</script>]
121 test "shows the whole thread", %{conn: conn, user: user} do
122 {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
124 CommonAPI.post(user, %{
125 status: "these are the voyages or something",
126 in_reply_to_status_id: activity.id
129 conn = get(conn, "/notice/#{activity.id}")
131 html = html_response(conn, 200)
132 assert html =~ "the final frontier"
133 assert html =~ "voyages"
136 test "redirect by AP object ID", %{conn: conn, user: user} do
137 {:ok, %Activity{data: %{"object" => object_url}}} =
138 CommonAPI.post(user, %{status: "beam me up"})
140 conn = get(conn, URI.parse(object_url).path)
142 assert html_response(conn, 302) =~ "redirected"
145 test "redirect by activity ID", %{conn: conn, user: user} do
146 {:ok, %Activity{data: %{"id" => id}}} =
147 CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
149 conn = get(conn, URI.parse(id).path)
151 assert html_response(conn, 302) =~ "redirected"
154 test "404 when notice not found", %{conn: conn} do
155 conn = get(conn, "/notice/88c9c317")
157 assert html_response(conn, 404) =~ "not found"
160 test "404 for private status", %{conn: conn, user: user} do
161 {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
163 conn = get(conn, "/notice/#{activity.id}")
165 assert html_response(conn, 404) =~ "not found"
168 test "302 for remote cached status", %{conn: conn, user: user} do
170 "@context" => "https://www.w3.org/ns/activitystreams",
171 "to" => user.follower_address,
172 "cc" => "https://www.w3.org/ns/activitystreams#Public",
175 "content" => "blah blah blah",
177 "attributedTo" => user.ap_id,
180 "actor" => user.ap_id
183 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
185 conn = get(conn, "/notice/#{activity.id}")
187 assert html_response(conn, 302) =~ "redirected"
190 test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
191 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
193 ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)