1 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
2 use Pleroma.Web.ConnCase
4 alias Pleroma.Web.ActivityPub.Transmogrifier
5 alias Pleroma.Web.CommonAPI
9 clear_config_all([:static_fe, :enabled]) do
10 Pleroma.Config.put([:static_fe, :enabled], true)
13 describe "user profile page" do
14 test "just the profile as HTML", %{conn: conn} do
19 |> put_req_header("accept", "text/html")
20 |> get("/users/#{user.nickname}")
22 assert html_response(conn, 200) =~ user.nickname
25 test "renders json unless there's an html accept header", %{conn: conn} do
30 |> put_req_header("accept", "application/json")
31 |> get("/users/#{user.nickname}")
33 assert json_response(conn, 200)
36 test "404 when user not found", %{conn: conn} do
39 |> put_req_header("accept", "text/html")
40 |> get("/users/limpopo")
42 assert html_response(conn, 404) =~ "not found"
45 test "profile does not include private messages", %{conn: conn} do
47 CommonAPI.post(user, %{"status" => "public"})
48 CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
52 |> put_req_header("accept", "text/html")
53 |> get("/users/#{user.nickname}")
55 html = html_response(conn, 200)
57 assert html =~ ">public<"
58 refute html =~ ">private<"
61 test "pagination", %{conn: conn} do
63 Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
67 |> put_req_header("accept", "text/html")
68 |> get("/users/#{user.nickname}")
70 html = html_response(conn, 200)
72 assert html =~ ">test30<"
73 assert html =~ ">test11<"
74 refute html =~ ">test10<"
75 refute html =~ ">test1<"
78 test "pagination, page 2", %{conn: conn} do
80 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
81 {:ok, a11} = Enum.at(activities, 11)
85 |> put_req_header("accept", "text/html")
86 |> get("/users/#{user.nickname}?max_id=#{a11.id}")
88 html = html_response(conn, 200)
90 assert html =~ ">test1<"
91 assert html =~ ">test10<"
92 refute html =~ ">test20<"
93 refute html =~ ">test29<"
97 describe "notice rendering" do
98 test "single notice page", %{conn: conn} do
100 {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
104 |> put_req_header("accept", "text/html")
105 |> get("/notice/#{activity.id}")
107 html = html_response(conn, 200)
108 assert html =~ "<header>"
109 assert html =~ user.nickname
110 assert html =~ "testing a thing!"
113 test "filters HTML tags", %{conn: conn} do
115 {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
119 |> put_req_header("accept", "text/html")
120 |> get("/notice/#{activity.id}")
122 html = html_response(conn, 200)
123 assert html =~ ~s[<script>alert('xss')</script>]
126 test "shows the whole thread", %{conn: conn} do
128 {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
130 CommonAPI.post(user, %{
131 "status" => "these are the voyages or something",
132 "in_reply_to_status_id" => activity.id
137 |> put_req_header("accept", "text/html")
138 |> get("/notice/#{activity.id}")
140 html = html_response(conn, 200)
141 assert html =~ "the final frontier"
142 assert html =~ "voyages"
145 test "redirect by AP object ID", %{conn: conn} do
148 {:ok, %Activity{data: %{"object" => object_url}}} =
149 CommonAPI.post(user, %{"status" => "beam me up"})
153 |> put_req_header("accept", "text/html")
154 |> get(URI.parse(object_url).path)
156 assert html_response(conn, 302) =~ "redirected"
159 test "redirect by activity ID", %{conn: conn} do
162 {:ok, %Activity{data: %{"id" => id}}} =
163 CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
167 |> put_req_header("accept", "text/html")
168 |> get(URI.parse(id).path)
170 assert html_response(conn, 302) =~ "redirected"
173 test "404 when notice not found", %{conn: conn} do
176 |> put_req_header("accept", "text/html")
177 |> get("/notice/88c9c317")
179 assert html_response(conn, 404) =~ "not found"
182 test "404 for private status", %{conn: conn} do
186 CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
190 |> put_req_header("accept", "text/html")
191 |> get("/notice/#{activity.id}")
193 assert html_response(conn, 404) =~ "not found"
196 test "302 for remote cached status", %{conn: conn} do
200 "@context" => "https://www.w3.org/ns/activitystreams",
201 "to" => user.follower_address,
202 "cc" => "https://www.w3.org/ns/activitystreams#Public",
205 "content" => "blah blah blah",
207 "attributedTo" => user.ap_id,
210 "actor" => user.ap_id
213 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
217 |> put_req_header("accept", "text/html")
218 |> get("/notice/#{activity.id}")
220 assert html_response(conn, 302) =~ "redirected"