defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
use Pleroma.DataCase
import Pleroma.Factory
- alias Pleroma.Config
alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
alias Pleroma.Web.CommonAPI
describe "when :media_removal" do
test "is empty" do
- Config.put([:mrf_simple, :media_removal], [])
+ clear_config([:mrf_simple, :media_removal], [])
media_message = build_media_message()
+ media_update_message = build_media_update_message()
local_message = build_local_message()
assert SimplePolicy.filter(media_message) == {:ok, media_message}
+ assert SimplePolicy.filter(media_update_message) == {:ok, media_update_message}
assert SimplePolicy.filter(local_message) == {:ok, local_message}
end
test "has a matching host" do
- Config.put([:mrf_simple, :media_removal], ["remote.instance"])
+ clear_config([:mrf_simple, :media_removal], [{"remote.instance", "Some reason"}])
media_message = build_media_message()
+ media_update_message = build_media_update_message()
local_message = build_local_message()
assert SimplePolicy.filter(media_message) ==
media_message
|> Map.put("object", Map.delete(media_message["object"], "attachment"))}
+ assert SimplePolicy.filter(media_update_message) ==
+ {:ok,
+ media_update_message
+ |> Map.put("object", Map.delete(media_update_message["object"], "attachment"))}
+
assert SimplePolicy.filter(local_message) == {:ok, local_message}
end
test "match with wildcard domain" do
- Config.put([:mrf_simple, :media_removal], ["*.remote.instance"])
+ clear_config([:mrf_simple, :media_removal], [{"*.remote.instance", "Whatever reason"}])
media_message = build_media_message()
+ media_update_message = build_media_update_message()
local_message = build_local_message()
assert SimplePolicy.filter(media_message) ==
media_message
|> Map.put("object", Map.delete(media_message["object"], "attachment"))}
+ assert SimplePolicy.filter(media_update_message) ==
+ {:ok,
+ media_update_message
+ |> Map.put("object", Map.delete(media_update_message["object"], "attachment"))}
+
assert SimplePolicy.filter(local_message) == {:ok, local_message}
end
end
describe "when :media_nsfw" do
test "is empty" do
- Config.put([:mrf_simple, :media_nsfw], [])
+ clear_config([:mrf_simple, :media_nsfw], [])
media_message = build_media_message()
+ media_update_message = build_media_update_message()
local_message = build_local_message()
assert SimplePolicy.filter(media_message) == {:ok, media_message}
+ assert SimplePolicy.filter(media_update_message) == {:ok, media_update_message}
assert SimplePolicy.filter(local_message) == {:ok, local_message}
end
test "has a matching host" do
- Config.put([:mrf_simple, :media_nsfw], ["remote.instance"])
+ clear_config([:mrf_simple, :media_nsfw], [{"remote.instance", "Whetever"}])
media_message = build_media_message()
+ media_update_message = build_media_update_message()
local_message = build_local_message()
assert SimplePolicy.filter(media_message) ==
- {:ok,
- media_message
- |> put_in(["object", "tag"], ["foo", "nsfw"])
- |> put_in(["object", "sensitive"], true)}
+ {:ok, put_in(media_message, ["object", "sensitive"], true)}
+
+ assert SimplePolicy.filter(media_update_message) ==
+ {:ok, put_in(media_update_message, ["object", "sensitive"], true)}
assert SimplePolicy.filter(local_message) == {:ok, local_message}
end
test "match with wildcard domain" do
- Config.put([:mrf_simple, :media_nsfw], ["*.remote.instance"])
+ clear_config([:mrf_simple, :media_nsfw], [{"*.remote.instance", "yeah yeah"}])
media_message = build_media_message()
+ media_update_message = build_media_update_message()
local_message = build_local_message()
assert SimplePolicy.filter(media_message) ==
- {:ok,
- media_message
- |> put_in(["object", "tag"], ["foo", "nsfw"])
- |> put_in(["object", "sensitive"], true)}
+ {:ok, put_in(media_message, ["object", "sensitive"], true)}
+
+ assert SimplePolicy.filter(media_update_message) ==
+ {:ok, put_in(media_update_message, ["object", "sensitive"], true)}
assert SimplePolicy.filter(local_message) == {:ok, local_message}
end
}
end
+ defp build_media_update_message do
+ %{
+ "actor" => "https://remote.instance/users/bob",
+ "type" => "Update",
+ "object" => %{
+ "attachment" => [%{}],
+ "tag" => ["foo"],
+ "sensitive" => false
+ }
+ }
+ end
+
describe "when :report_removal" do
test "is empty" do
- Config.put([:mrf_simple, :report_removal], [])
+ clear_config([:mrf_simple, :report_removal], [])
report_message = build_report_message()
local_message = build_local_message()
end
test "has a matching host" do
- Config.put([:mrf_simple, :report_removal], ["remote.instance"])
+ clear_config([:mrf_simple, :report_removal], [{"remote.instance", "muh"}])
report_message = build_report_message()
local_message = build_local_message()
end
test "match with wildcard domain" do
- Config.put([:mrf_simple, :report_removal], ["*.remote.instance"])
+ clear_config([:mrf_simple, :report_removal], [{"*.remote.instance", "suya"}])
report_message = build_report_message()
local_message = build_local_message()
describe "when :federated_timeline_removal" do
test "is empty" do
- Config.put([:mrf_simple, :federated_timeline_removal], [])
+ clear_config([:mrf_simple, :federated_timeline_removal], [])
{_, ftl_message} = build_ftl_actor_and_message()
local_message = build_local_message()
|> URI.parse()
|> Map.fetch!(:host)
- Config.put([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
+ clear_config([:mrf_simple, :federated_timeline_removal], [{ftl_message_actor_host, "uwu"}])
local_message = build_local_message()
assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
|> URI.parse()
|> Map.fetch!(:host)
- Config.put([:mrf_simple, :federated_timeline_removal], ["*." <> ftl_message_actor_host])
+ clear_config([:mrf_simple, :federated_timeline_removal], [
+ {"*." <> ftl_message_actor_host, "owo"}
+ ])
+
local_message = build_local_message()
assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
ftl_message = Map.put(ftl_message, "cc", [])
- Config.put([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
+ clear_config([:mrf_simple, :federated_timeline_removal], [
+ {ftl_message_actor_host, "spiderwaifu goes 88w88"}
+ ])
assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
end
end
+ describe "describe/1" do
+ test "returns a description of the policy" do
+ clear_config([:mrf_simple, :reject], [
+ {"remote.instance", "did not give my catboy a burg"}
+ ])
+
+ assert {:ok, %{mrf_simple: %{reject: ["remote.instance"]}}} = SimplePolicy.describe()
+ end
+
+ test "excludes domains listed in :transparency_exclusions" do
+ clear_config([:mrf, :transparency_exclusions], [{"remote.instance", ":("}])
+
+ clear_config([:mrf_simple, :reject], [
+ {"remote.instance", "did not give my catboy a burg"}
+ ])
+
+ {:ok, description} = SimplePolicy.describe()
+ assert %{mrf_simple: %{reject: []}} = description
+ assert description[:mrf_simple_info][:reject] == nil
+ end
+
+ test "obfuscates domains listed in :transparency_obfuscate_domains" do
+ clear_config([:mrf, :transparency_obfuscate_domains], ["remote.instance", "a.b"])
+
+ clear_config([:mrf_simple, :reject], [
+ {"remote.instance", "did not give my catboy a burg"},
+ {"a.b", "spam-poked me on facebook in 2006"}
+ ])
+
+ assert {:ok,
+ %{
+ mrf_simple: %{reject: ["rem***.*****nce", "a.b"]},
+ mrf_simple_info: %{reject: %{"rem***.*****nce" => %{}}}
+ }} = SimplePolicy.describe()
+ end
+ end
+
defp build_ftl_actor_and_message do
actor = insert(:user)
describe "when :reject" do
test "is empty" do
- Config.put([:mrf_simple, :reject], [])
+ clear_config([:mrf_simple, :reject], [])
remote_message = build_remote_message()
end
test "activity has a matching host" do
- Config.put([:mrf_simple, :reject], ["remote.instance"])
+ clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
remote_message = build_remote_message()
end
test "activity matches with wildcard domain" do
- Config.put([:mrf_simple, :reject], ["*.remote.instance"])
+ clear_config([:mrf_simple, :reject], [{"*.remote.instance", ""}])
remote_message = build_remote_message()
end
test "actor has a matching host" do
- Config.put([:mrf_simple, :reject], ["remote.instance"])
+ clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
remote_user = build_remote_user()
assert {:reject, _} = SimplePolicy.filter(remote_user)
end
+
+ test "reject Announce when object would be rejected" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+
+ announce = %{
+ "type" => "Announce",
+ "actor" => "https://okay.tld/users/alice",
+ "object" => %{"type" => "Note", "actor" => "https://blocked.tld/users/bob"}
+ }
+
+ assert {:reject, _} = SimplePolicy.filter(announce)
+ end
+
+ test "reject by URI object" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+
+ announce = %{
+ "type" => "Announce",
+ "actor" => "https://okay.tld/users/alice",
+ "object" => "https://blocked.tld/activities/1"
+ }
+
+ assert {:reject, _} = SimplePolicy.filter(announce)
+ end
+
+ test "accept by matching context URI if :handle_threads is disabled" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+ clear_config([:mrf_simple, :handle_threads], false)
+
+ remote_message =
+ build_remote_message()
+ |> Map.put("context", "https://blocked.tld/contexts/abc")
+
+ assert {:ok, _} = SimplePolicy.filter(remote_message)
+ end
+
+ test "accept by matching conversation field if :handle_threads is disabled" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+ clear_config([:mrf_simple, :handle_threads], false)
+
+ remote_message =
+ build_remote_message()
+ |> Map.put(
+ "conversation",
+ "tag:blocked.tld,1997-06-25:objectId=12345:objectType=Conversation"
+ )
+
+ assert {:ok, _} = SimplePolicy.filter(remote_message)
+ end
+
+ test "accept by matching reply ID if :handle_threads is disabled" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+ clear_config([:mrf_simple, :handle_threads], false)
+
+ remote_message =
+ build_remote_message()
+ |> Map.put("type", "Create")
+ |> Map.put("object", %{
+ "type" => "Note",
+ "inReplyTo" => "https://blocked.tld/objects/1"
+ })
+
+ assert {:ok, _} = SimplePolicy.filter(remote_message)
+ end
+
+ test "reject by matching context URI if :handle_threads is enabled" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+ clear_config([:mrf_simple, :handle_threads], true)
+
+ remote_message =
+ build_remote_message()
+ |> Map.put("context", "https://blocked.tld/contexts/abc")
+
+ assert {:reject, _} = SimplePolicy.filter(remote_message)
+ end
+
+ test "reject by matching conversation field if :handle_threads is enabled" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+ clear_config([:mrf_simple, :handle_threads], true)
+
+ remote_message =
+ build_remote_message()
+ |> Map.put(
+ "conversation",
+ "tag:blocked.tld,1997-06-25:objectId=12345:objectType=Conversation"
+ )
+
+ assert {:reject, _} = SimplePolicy.filter(remote_message)
+ end
+
+ test "reject by matching reply ID if :handle_threads is enabled" do
+ clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
+ clear_config([:mrf_simple, :handle_threads], true)
+
+ remote_message =
+ build_remote_message()
+ |> Map.put("type", "Create")
+ |> Map.put("object", %{
+ "type" => "Note",
+ "inReplyTo" => "https://blocked.tld/objects/1"
+ })
+
+ assert {:reject, _} = SimplePolicy.filter(remote_message)
+ end
end
describe "when :followers_only" do
test "is empty" do
- Config.put([:mrf_simple, :followers_only], [])
+ clear_config([:mrf_simple, :followers_only], [])
{_, ftl_message} = build_ftl_actor_and_message()
local_message = build_local_message()
|> URI.parse()
|> Map.fetch!(:host)
- Config.put([:mrf_simple, :followers_only], [actor_domain])
+ clear_config([:mrf_simple, :followers_only], [{actor_domain, ""}])
assert {:ok, new_activity} = SimplePolicy.filter(activity)
assert actor.follower_address in new_activity["cc"]
describe "when :accept" do
test "is empty" do
- Config.put([:mrf_simple, :accept], [])
+ clear_config([:mrf_simple, :accept], [])
local_message = build_local_message()
remote_message = build_remote_message()
end
test "is not empty but activity doesn't have a matching host" do
- Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+ clear_config([:mrf_simple, :accept], [{"non.matching.remote", ""}])
local_message = build_local_message()
remote_message = build_remote_message()
end
test "activity has a matching host" do
- Config.put([:mrf_simple, :accept], ["remote.instance"])
+ clear_config([:mrf_simple, :accept], [{"remote.instance", ""}])
local_message = build_local_message()
remote_message = build_remote_message()
end
test "activity matches with wildcard domain" do
- Config.put([:mrf_simple, :accept], ["*.remote.instance"])
+ clear_config([:mrf_simple, :accept], [{"*.remote.instance", ""}])
local_message = build_local_message()
remote_message = build_remote_message()
end
test "actor has a matching host" do
- Config.put([:mrf_simple, :accept], ["remote.instance"])
+ clear_config([:mrf_simple, :accept], [{"remote.instance", ""}])
remote_user = build_remote_user()
describe "when :avatar_removal" do
test "is empty" do
- Config.put([:mrf_simple, :avatar_removal], [])
+ clear_config([:mrf_simple, :avatar_removal], [])
remote_user = build_remote_user()
end
test "is not empty but it doesn't have a matching host" do
- Config.put([:mrf_simple, :avatar_removal], ["non.matching.remote"])
+ clear_config([:mrf_simple, :avatar_removal], [{"non.matching.remote", ""}])
remote_user = build_remote_user()
end
test "has a matching host" do
- Config.put([:mrf_simple, :avatar_removal], ["remote.instance"])
+ clear_config([:mrf_simple, :avatar_removal], [{"remote.instance", ""}])
remote_user = build_remote_user()
{:ok, filtered} = SimplePolicy.filter(remote_user)
end
test "match with wildcard domain" do
- Config.put([:mrf_simple, :avatar_removal], ["*.remote.instance"])
+ clear_config([:mrf_simple, :avatar_removal], [{"*.remote.instance", ""}])
remote_user = build_remote_user()
{:ok, filtered} = SimplePolicy.filter(remote_user)
describe "when :banner_removal" do
test "is empty" do
- Config.put([:mrf_simple, :banner_removal], [])
+ clear_config([:mrf_simple, :banner_removal], [])
remote_user = build_remote_user()
end
test "is not empty but it doesn't have a matching host" do
- Config.put([:mrf_simple, :banner_removal], ["non.matching.remote"])
+ clear_config([:mrf_simple, :banner_removal], [{"non.matching.remote", ""}])
remote_user = build_remote_user()
end
test "has a matching host" do
- Config.put([:mrf_simple, :banner_removal], ["remote.instance"])
+ clear_config([:mrf_simple, :banner_removal], [{"remote.instance", ""}])
remote_user = build_remote_user()
{:ok, filtered} = SimplePolicy.filter(remote_user)
end
test "match with wildcard domain" do
- Config.put([:mrf_simple, :banner_removal], ["*.remote.instance"])
+ clear_config([:mrf_simple, :banner_removal], [{"*.remote.instance", ""}])
remote_user = build_remote_user()
{:ok, filtered} = SimplePolicy.filter(remote_user)
end
describe "when :reject_deletes is empty" do
- setup do: Config.put([:mrf_simple, :reject_deletes], [])
+ setup do: clear_config([:mrf_simple, :reject_deletes], [])
test "it accepts deletions even from rejected servers" do
- Config.put([:mrf_simple, :reject], ["remote.instance"])
+ clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
deletion_message = build_remote_deletion_message()
end
test "it accepts deletions even from non-whitelisted servers" do
- Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+ clear_config([:mrf_simple, :accept], [{"non.matching.remote", ""}])
deletion_message = build_remote_deletion_message()
end
describe "when :reject_deletes is not empty but it doesn't have a matching host" do
- setup do: Config.put([:mrf_simple, :reject_deletes], ["non.matching.remote"])
+ setup do: clear_config([:mrf_simple, :reject_deletes], [{"non.matching.remote", ""}])
test "it accepts deletions even from rejected servers" do
- Config.put([:mrf_simple, :reject], ["remote.instance"])
+ clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
deletion_message = build_remote_deletion_message()
end
test "it accepts deletions even from non-whitelisted servers" do
- Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+ clear_config([:mrf_simple, :accept], [{"non.matching.remote", ""}])
deletion_message = build_remote_deletion_message()
end
describe "when :reject_deletes has a matching host" do
- setup do: Config.put([:mrf_simple, :reject_deletes], ["remote.instance"])
+ setup do: clear_config([:mrf_simple, :reject_deletes], [{"remote.instance", ""}])
test "it rejects the deletion" do
deletion_message = build_remote_deletion_message()
end
describe "when :reject_deletes match with wildcard domain" do
- setup do: Config.put([:mrf_simple, :reject_deletes], ["*.remote.instance"])
+ setup do: clear_config([:mrf_simple, :reject_deletes], [{"*.remote.instance", ""}])
test "it rejects the deletion" do
deletion_message = build_remote_deletion_message()
defp build_local_message do
%{
- "actor" => "#{Pleroma.Web.base_url()}/users/alice",
+ "actor" => "#{Pleroma.Web.Endpoint.url()}/users/alice",
"to" => [],
"cc" => []
}