1 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
2 use Pleroma.Web.ConnCase
4 alias Pleroma.Web.ActivityPub.Transmogrifier
5 alias Pleroma.Web.CommonAPI
9 clear_config_all([:static_fe, :enabled]) do
10 Pleroma.Config.put([:static_fe, :enabled], true)
13 describe "user profile page" do
14 test "just the profile as HTML", %{conn: conn} do
19 |> put_req_header("accept", "text/html")
20 |> get("/users/#{user.nickname}")
22 assert html_response(conn, 200) =~ user.nickname
25 test "renders json unless there's an html accept header", %{conn: conn} do
30 |> put_req_header("accept", "application/json")
31 |> get("/users/#{user.nickname}")
33 assert json_response(conn, 200)
36 test "404 when user not found", %{conn: conn} do
39 |> put_req_header("accept", "text/html")
40 |> get("/users/limpopo")
42 assert html_response(conn, 404) =~ "not found"
45 test "profile does not include private messages", %{conn: conn} do
47 CommonAPI.post(user, %{"status" => "public"})
48 CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
52 |> put_req_header("accept", "text/html")
53 |> get("/users/#{user.nickname}")
55 html = html_response(conn, 200)
57 assert html =~ ">public<"
58 refute html =~ ">private<"
61 test "pagination", %{conn: conn} do
63 Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
67 |> put_req_header("accept", "text/html")
68 |> get("/users/#{user.nickname}")
70 html = html_response(conn, 200)
72 assert html =~ ">test30<"
73 assert html =~ ">test11<"
74 refute html =~ ">test10<"
75 refute html =~ ">test1<"
78 test "pagination, page 2", %{conn: conn} do
80 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
81 {:ok, a11} = Enum.at(activities, 11)
85 |> put_req_header("accept", "text/html")
86 |> get("/users/#{user.nickname}?max_id=#{a11.id}")
88 html = html_response(conn, 200)
90 assert html =~ ">test1<"
91 assert html =~ ">test10<"
92 refute html =~ ">test20<"
93 refute html =~ ">test29<"
97 describe "notice rendering" do
98 test "single notice page", %{conn: conn} do
100 {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
104 |> put_req_header("accept", "text/html")
105 |> get("/notice/#{activity.id}")
107 html = html_response(conn, 200)
108 assert html =~ "<header>"
109 assert html =~ user.nickname
110 assert html =~ "testing a thing!"
113 test "filters HTML tags", %{conn: conn} do
115 {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
119 |> put_req_header("accept", "text/html")
120 |> get("/notice/#{activity.id}")
122 html = html_response(conn, 200)
123 assert html =~ ~s[<script>alert('xss')</script>]
126 test "shows the whole thread", %{conn: conn, user: user} do
127 {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
129 CommonAPI.post(user, %{
130 "status" => "these are the voyages or something",
131 "in_reply_to_status_id" => activity.id
136 |> put_req_header("accept", "text/html")
137 |> get("/notice/#{activity.id}")
139 html = html_response(conn, 200)
140 assert html =~ "the final frontier"
141 assert html =~ "voyages"
144 test "redirect by AP object ID", %{conn: conn} do
147 {:ok, %Activity{data: %{"object" => object_url}}} =
148 CommonAPI.post(user, %{"status" => "beam me up"})
152 |> put_req_header("accept", "text/html")
153 |> get(URI.parse(object_url).path)
155 assert html_response(conn, 302) =~ "redirected"
158 test "redirect by activity ID", %{conn: conn} do
161 {:ok, %Activity{data: %{"id" => id}}} =
162 CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
166 |> put_req_header("accept", "text/html")
167 |> get(URI.parse(id).path)
169 assert html_response(conn, 302) =~ "redirected"
172 test "404 when notice not found", %{conn: conn} do
175 |> put_req_header("accept", "text/html")
176 |> get("/notice/88c9c317")
178 assert html_response(conn, 404) =~ "not found"
181 test "404 for private status", %{conn: conn} do
185 CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
189 |> put_req_header("accept", "text/html")
190 |> get("/notice/#{activity.id}")
192 assert html_response(conn, 404) =~ "not found"
195 test "302 for remote cached status", %{conn: conn} do
199 "@context" => "https://www.w3.org/ns/activitystreams",
200 "to" => user.follower_address,
201 "cc" => "https://www.w3.org/ns/activitystreams#Public",
204 "content" => "blah blah blah",
206 "attributedTo" => user.ap_id,
209 "actor" => user.ap_id
212 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
216 |> put_req_header("accept", "text/html")
217 |> get("/notice/#{activity.id}")
219 assert html_response(conn, 302) =~ "redirected"