# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
use Pleroma.Web.ConnCase
+ import ExUnit.CaptureLog
+
alias Pleroma.Object
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
describe "Upload media" do
setup do: oauth_access(["write:media"])
+ setup do: clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
+ setup do: clear_config([Pleroma.Uploaders.Local, :uploads], "uploads")
setup do
image = %Plug.Upload{
- content_type: "image/jpg",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
object = Object.get_by_id(media["id"])
assert object.data["actor"] == user.ap_id
end
+
+ test "/api/v2/media, upload_limit", %{conn: conn, user: user} do
+ desc = "Description of the binary"
+
+ upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
+
+ assert :ok ==
+ File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
+
+ large_binary = %Plug.Upload{
+ content_type: nil,
+ path: Path.absname("test/tmp/large_binary.data"),
+ filename: "large_binary.data"
+ }
+
+ assert capture_log(fn ->
+ assert %{"error" => "file_too_large"} =
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/v2/media", %{
+ "file" => large_binary,
+ "description" => desc
+ })
+ |> json_response_and_validate_schema(400)
+ end) =~
+ "[error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: :file_too_large"
+
+ clear_config([:instance, :upload_limit], upload_limit)
+
+ assert response =
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/v2/media", %{
+ "file" => large_binary,
+ "description" => desc
+ })
+ |> json_response_and_validate_schema(202)
+
+ assert media_id = response["id"]
+
+ %{conn: conn} = oauth_access(["read:media"], user: user)
+
+ media =
+ conn
+ |> get("/api/v1/media/#{media_id}")
+ |> json_response_and_validate_schema(200)
+
+ assert media["type"] == "unknown"
+ assert media["description"] == desc
+ assert media["id"]
+
+ assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
+ end
+
+ test "Do not allow nested filename", %{conn: conn, image: image} do
+ image = %Plug.Upload{
+ image
+ | filename: "../../../../../nested/file.jpg"
+ }
+
+ desc = "Description of the image"
+
+ media =
+ conn
+ |> put_req_header("content-type", "multipart/form-data")
+ |> post("/api/v1/media", %{"file" => image, "description" => desc})
+ |> json_response_and_validate_schema(:ok)
+
+ refute Regex.match?(~r"/nested/", media["url"])
+ end
end
describe "Update media description" do
setup %{user: actor} do
file = %Plug.Upload{
- content_type: "image/jpg",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
setup %{user: actor} do
file = %Plug.Upload{
- content_type: "image/jpg",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
conn
|> get("/api/v1/media/#{object.id}")
- |> json_response(403)
+ |> json_response_and_validate_schema(403)
end
end
end
projects / akkoma / blobdiff