# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
}
] = result
end
+
+ test "filtering", %{conn: conn, user: user} do
+ local_user = insert(:user)
+ {:ok, user, local_user} = User.follow(user, local_user)
+ {:ok, local_activity} = CommonAPI.post(local_user, %{status: "Status"})
+ with_media = create_with_media_activity(local_user)
+
+ remote_user = insert(:user, local: false)
+ {:ok, _user, remote_user} = User.follow(user, remote_user)
+ remote_activity = create_remote_activity(remote_user)
+
+ without_filter_ids =
+ conn
+ |> get("/api/v1/timelines/home")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ assert local_activity.id in without_filter_ids
+ assert remote_activity.id in without_filter_ids
+ assert with_media.id in without_filter_ids
+
+ only_local_ids =
+ conn
+ |> get("/api/v1/timelines/home?local=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ assert local_activity.id in only_local_ids
+ refute remote_activity.id in only_local_ids
+ assert with_media.id in only_local_ids
+
+ only_local_media_ids =
+ conn
+ |> get("/api/v1/timelines/home?local=true&only_media=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ refute local_activity.id in only_local_media_ids
+ refute remote_activity.id in only_local_media_ids
+ assert with_media.id in only_local_media_ids
+
+ remote_ids =
+ conn
+ |> get("/api/v1/timelines/home?remote=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ refute local_activity.id in remote_ids
+ assert remote_activity.id in remote_ids
+ refute with_media.id in remote_ids
+
+ assert conn
+ |> get("/api/v1/timelines/home?remote=true&only_media=true")
+ |> json_response_and_validate_schema(200) == []
+
+ assert conn
+ |> get("/api/v1/timelines/home?remote=true&local=true")
+ |> json_response_and_validate_schema(200) == []
+ end
end
describe "public" do
user = insert(:user)
{:ok, activity} = CommonAPI.post(user, %{status: "test"})
+ with_media = create_with_media_activity(user)
- _activity = insert(:note_activity, local: false)
+ remote = insert(:note_activity, local: false)
- conn = get(conn, "/api/v1/timelines/public?local=False")
+ assert conn
+ |> get("/api/v1/timelines/public?local=False")
+ |> json_response_and_validate_schema(:ok)
+ |> length == 3
- assert length(json_response_and_validate_schema(conn, :ok)) == 2
+ local_ids =
+ conn
+ |> get("/api/v1/timelines/public?local=True")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ assert activity.id in local_ids
+ assert with_media.id in local_ids
+ refute remote.id in local_ids
+
+ local_ids =
+ conn
+ |> get("/api/v1/timelines/public?local=True")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ assert activity.id in local_ids
+ assert with_media.id in local_ids
+ refute remote.id in local_ids
+
+ local_ids =
+ conn
+ |> get("/api/v1/timelines/public?local=True&only_media=true")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ refute activity.id in local_ids
+ assert with_media.id in local_ids
+ refute remote.id in local_ids
- conn = get(build_conn(), "/api/v1/timelines/public?local=True")
+ local_ids =
+ conn
+ |> get("/api/v1/timelines/public?local=1")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ assert activity.id in local_ids
+ assert with_media.id in local_ids
+ refute remote.id in local_ids
- assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok)
+ remote_id = remote.id
- conn = get(build_conn(), "/api/v1/timelines/public?local=1")
+ assert [%{"id" => ^remote_id}] =
+ conn
+ |> get("/api/v1/timelines/public?remote=true")
+ |> json_response_and_validate_schema(:ok)
- assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok)
+ with_media_id = with_media.id
+
+ assert [%{"id" => ^with_media_id}] =
+ conn
+ |> get("/api/v1/timelines/public?only_media=true")
+ |> json_response_and_validate_schema(:ok)
+
+ assert conn
+ |> get("/api/v1/timelines/public?remote=true&only_media=true")
+ |> json_response_and_validate_schema(:ok) == []
# does not contain repeats
{:ok, _} = CommonAPI.repeat(activity.id, user)
- conn = get(build_conn(), "/api/v1/timelines/public?local=true")
-
- assert [_] = json_response_and_validate_schema(conn, :ok)
+ assert [_, _] =
+ conn
+ |> get("/api/v1/timelines/public?local=true")
+ |> json_response_and_validate_schema(:ok)
end
test "the public timeline includes only public statuses for an authenticated user" do
[%{"id" => ^reply_from_me}, %{"id" => ^activity_id}] = response
end
+ test "doesn't return posts from users who blocked you when :blockers_visible is disabled" do
+ clear_config([:activitypub, :blockers_visible], false)
+
+ %{conn: conn, user: blockee} = oauth_access(["read:statuses"])
+ blocker = insert(:user)
+ {:ok, _} = User.block(blocker, blockee)
+
+ conn = assign(conn, :user, blockee)
+
+ {:ok, _} = CommonAPI.post(blocker, %{status: "hey!"})
+
+ response =
+ get(conn, "/api/v1/timelines/public")
+ |> json_response_and_validate_schema(200)
+
+ assert response == []
+ end
+
test "doesn't return replies if follow is posting with users from blocked domain" do
%{conn: conn, user: blocker} = oauth_access(["read:statuses"])
friend = insert(:user)
}
] = result
end
+
+ test "should return local-only posts for authenticated users" do
+ user = insert(:user)
+ %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
+
+ {:ok, %{id: id}} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+ result =
+ conn
+ |> get("/api/v1/timelines/public")
+ |> json_response_and_validate_schema(200)
+
+ assert [%{"id" => ^id}] = result
+ end
+
+ test "should not return local-only posts for users without read:statuses" do
+ user = insert(:user)
+ %{user: _reader, conn: conn} = oauth_access([])
+
+ {:ok, _activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+ result =
+ conn
+ |> get("/api/v1/timelines/public")
+ |> json_response_and_validate_schema(200)
+
+ assert [] = result
+ end
+
+ test "should not return local-only posts for anonymous users" do
+ user = insert(:user)
+
+ {:ok, _activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
+
+ result =
+ build_conn()
+ |> get("/api/v1/timelines/public")
+ |> json_response_and_validate_schema(200)
+
+ assert [] = result
+ end
+
+ test "should return 404 if disabled" do
+ clear_config([:instance, :federated_timeline_available], false)
+
+ result =
+ build_conn()
+ |> get("/api/v1/timelines/public")
+ |> json_response_and_validate_schema(404)
+
+ assert %{"error" => "Federated timeline is disabled"} = result
+ end
+
+ test "should not return 404 if local is specified" do
+ clear_config([:instance, :federated_timeline_available], false)
+
+ result =
+ build_conn()
+ |> get("/api/v1/timelines/public?local=true")
+ |> json_response_and_validate_schema(200)
+ end
end
defp local_and_remote_activities do
|> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
# Only direct should be visible here
- res_conn = get(conn_user_two, "api/v1/timelines/direct")
+ res_conn = get(conn_user_two, "/api/v1/timelines/direct")
assert [status] = json_response_and_validate_schema(res_conn, :ok)
build_conn()
|> assign(:user, user_one)
|> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
- |> get("api/v1/timelines/direct")
+ |> get("/api/v1/timelines/direct")
[status] = json_response_and_validate_schema(res_conn, :ok)
assert %{"visibility" => "direct"} = status
# Both should be visible here
- res_conn = get(conn_user_two, "api/v1/timelines/home")
+ res_conn = get(conn_user_two, "/api/v1/timelines/home")
[_s1, _s2] = json_response_and_validate_schema(res_conn, :ok)
})
end)
- res_conn = get(conn_user_two, "api/v1/timelines/direct")
+ res_conn = get(conn_user_two, "/api/v1/timelines/direct")
statuses = json_response_and_validate_schema(res_conn, :ok)
assert length(statuses) == 20
max_id = List.last(statuses)["id"]
- res_conn = get(conn_user_two, "api/v1/timelines/direct?max_id=#{max_id}")
+ res_conn = get(conn_user_two, "/api/v1/timelines/direct?max_id=#{max_id}")
assert [status] = json_response_and_validate_schema(res_conn, :ok)
visibility: "direct"
})
- res_conn = get(conn, "api/v1/timelines/direct")
+ res_conn = get(conn, "/api/v1/timelines/direct")
[status] = json_response_and_validate_schema(res_conn, :ok)
assert status["id"] == direct.id
}
] = result
end
+
+ test "filtering", %{user: user, conn: conn} do
+ {:ok, list} = Pleroma.List.create("name", user)
+
+ local_user = insert(:user)
+ {:ok, local_activity} = CommonAPI.post(local_user, %{status: "Marisa is stupid."})
+ with_media = create_with_media_activity(local_user)
+ {:ok, list} = Pleroma.List.follow(list, local_user)
+
+ remote_user = insert(:user, local: false)
+ remote_activity = create_remote_activity(remote_user)
+ {:ok, list} = Pleroma.List.follow(list, remote_user)
+
+ all_ids =
+ conn
+ |> get("/api/v1/timelines/list/#{list.id}")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ assert local_activity.id in all_ids
+ assert with_media.id in all_ids
+ assert remote_activity.id in all_ids
+
+ only_local_ids =
+ conn
+ |> get("/api/v1/timelines/list/#{list.id}?local=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ assert local_activity.id in only_local_ids
+ assert with_media.id in only_local_ids
+ refute remote_activity.id in only_local_ids
+
+ only_local_media_ids =
+ conn
+ |> get("/api/v1/timelines/list/#{list.id}?local=true&only_media=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ refute local_activity.id in only_local_media_ids
+ assert with_media.id in only_local_media_ids
+ refute remote_activity.id in only_local_media_ids
+
+ remote_ids =
+ conn
+ |> get("/api/v1/timelines/list/#{list.id}?remote=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ refute local_activity.id in remote_ids
+ refute with_media.id in remote_ids
+ assert remote_activity.id in remote_ids
+
+ assert conn
+ |> get("/api/v1/timelines/list/#{list.id}?remote=true&only_media=true")
+ |> json_response_and_validate_schema(200) == []
+
+ only_media_ids =
+ conn
+ |> get("/api/v1/timelines/list/#{list.id}?only_media=true")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ refute local_activity.id in only_media_ids
+ assert with_media.id in only_media_ids
+ refute remote_activity.id in only_media_ids
+
+ assert conn
+ |> get("/api/v1/timelines/list/#{list.id}?only_media=true&local=true&remote=true")
+ |> json_response_and_validate_schema(200) == []
+ end
end
describe "hashtag" do
following = insert(:user)
{:ok, activity} = CommonAPI.post(following, %{status: "test #2hu"})
+ with_media = create_with_media_activity(following)
- nconn = get(conn, "/api/v1/timelines/tag/2hu")
+ remote = insert(:user, local: false)
+ remote_activity = create_remote_activity(remote)
- assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok)
+ all_ids =
+ conn
+ |> get("/api/v1/timelines/tag/2hu")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
- assert id == to_string(activity.id)
+ assert activity.id in all_ids
+ assert with_media.id in all_ids
+ assert remote_activity.id in all_ids
# works for different capitalization too
- nconn = get(conn, "/api/v1/timelines/tag/2HU")
+ all_ids =
+ conn
+ |> get("/api/v1/timelines/tag/2HU")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
- assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok)
+ assert activity.id in all_ids
+ assert with_media.id in all_ids
+ assert remote_activity.id in all_ids
- assert id == to_string(activity.id)
+ local_ids =
+ conn
+ |> get("/api/v1/timelines/tag/2hu?local=true")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ assert activity.id in local_ids
+ assert with_media.id in local_ids
+ refute remote_activity.id in local_ids
+
+ remote_ids =
+ conn
+ |> get("/api/v1/timelines/tag/2hu?remote=true")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ refute activity.id in remote_ids
+ refute with_media.id in remote_ids
+ assert remote_activity.id in remote_ids
+
+ media_ids =
+ conn
+ |> get("/api/v1/timelines/tag/2hu?only_media=true")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ refute activity.id in media_ids
+ assert with_media.id in media_ids
+ refute remote_activity.id in media_ids
+
+ media_local_ids =
+ conn
+ |> get("/api/v1/timelines/tag/2hu?only_media=true&local=true")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ refute activity.id in media_local_ids
+ assert with_media.id in media_local_ids
+ refute remote_activity.id in media_local_ids
+
+ ids =
+ conn
+ |> get("/api/v1/timelines/tag/2hu?only_media=true&local=true&remote=true")
+ |> json_response_and_validate_schema(:ok)
+ |> Enum.map(& &1["id"])
+
+ refute activity.id in ids
+ refute with_media.id in ids
+ refute remote_activity.id in ids
+
+ assert conn
+ |> get("/api/v1/timelines/tag/2hu?only_media=true&remote=true")
+ |> json_response_and_validate_schema(:ok) == []
end
test "multi-hashtag timeline", %{conn: conn} do
%{conn: auth_conn} = oauth_access(["read:statuses"])
res_conn = get(auth_conn, "#{base_uri}?local=true")
- assert length(json_response(res_conn, 200)) == 1
+ assert length(json_response_and_validate_schema(res_conn, 200)) == 1
res_conn = get(auth_conn, "#{base_uri}?local=false")
- assert length(json_response(res_conn, 200)) == 2
+ assert length(json_response_and_validate_schema(res_conn, 200)) == 2
end
test "with default settings on private instances, returns 403 for unauthenticated users", %{
for local <- [true, false] do
res_conn = get(conn, "#{base_uri}?local=#{local}")
- assert json_response(res_conn, :unauthorized) == error_response
+ assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
end
ensure_authenticated_access(base_uri)
for local <- [true, false] do
res_conn = get(conn, "#{base_uri}?local=#{local}")
- assert json_response(res_conn, :unauthorized) == error_response
+ assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
end
ensure_authenticated_access(base_uri)
clear_config([:restrict_unauthenticated, :timelines, :federated], true)
res_conn = get(conn, "#{base_uri}?local=true")
- assert length(json_response(res_conn, 200)) == 1
+ assert length(json_response_and_validate_schema(res_conn, 200)) == 1
res_conn = get(conn, "#{base_uri}?local=false")
- assert json_response(res_conn, :unauthorized) == error_response
+ assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
ensure_authenticated_access(base_uri)
end
- test "with `%{local: true, federated: false}`, forbids unauthenticated access to public timeline" <>
- "(but not to local public activities which are delivered as part of federated timeline)",
+ test "with `%{local: true, federated: false}`, forbids unauthenticated access to public timeline",
%{conn: conn, base_uri: base_uri, error_response: error_response} do
+ # (but not to local public activities which are delivered as part of federated timeline)
clear_config([:restrict_unauthenticated, :timelines, :local], true)
clear_config([:restrict_unauthenticated, :timelines, :federated], false)
res_conn = get(conn, "#{base_uri}?local=true")
- assert json_response(res_conn, :unauthorized) == error_response
+ assert json_response_and_validate_schema(res_conn, :unauthorized) == error_response
# Note: local activities get delivered as part of federated timeline
res_conn = get(conn, "#{base_uri}?local=false")
- assert length(json_response(res_conn, 200)) == 2
+ assert length(json_response_and_validate_schema(res_conn, 200)) == 2
ensure_authenticated_access(base_uri)
end
end
+
+ describe "bubble" do
+ test "filtering" do
+ %{conn: conn, user: user} = oauth_access(["read:statuses"])
+ clear_config([:instance, :local_bubble], [])
+ # our endpoint host has a port in it so let's set the AP ID
+ local_user = insert(:user, %{ap_id: "https://localhost/users/user"})
+ remote_user = insert(:user, %{ap_id: "https://example.com/users/remote_user"})
+ {:ok, user, local_user} = User.follow(user, local_user)
+ {:ok, _user, remote_user} = User.follow(user, remote_user)
+
+ {:ok, local_activity} = CommonAPI.post(local_user, %{status: "Status"})
+ remote_activity = create_remote_activity(remote_user)
+
+ # If nothing, only include ours
+ clear_config([:instance, :local_bubble], [])
+
+ one_instance =
+ conn
+ |> get("/api/v1/timelines/bubble")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ assert local_activity.id in one_instance
+
+ # If we have others, also include theirs
+ clear_config([:instance, :local_bubble], ["example.com"])
+
+ two_instances =
+ conn
+ |> get("/api/v1/timelines/bubble")
+ |> json_response_and_validate_schema(200)
+ |> Enum.map(& &1["id"])
+
+ assert local_activity.id in two_instances
+ assert remote_activity.id in two_instances
+ end
+
+ test "restrict_unauthenticated with bubble timeline", %{conn: conn} do
+ clear_config([:restrict_unauthenticated, :timelines, :bubble], true)
+
+ conn
+ |> get("/api/v1/timelines/bubble")
+ |> json_response_and_validate_schema(:unauthorized)
+
+ clear_config([:restrict_unauthenticated, :timelines, :bubble], false)
+
+ conn
+ |> get("/api/v1/timelines/bubble")
+ |> json_response_and_validate_schema(200)
+ end
+ end
+
+ defp create_remote_activity(user) do
+ obj =
+ insert(:note, %{
+ data: %{
+ "to" => [
+ "https://www.w3.org/ns/activitystreams#Public",
+ User.ap_followers(user)
+ ]
+ },
+ user: user
+ })
+
+ insert(:note_activity, %{
+ note: obj,
+ recipients: [
+ "https://www.w3.org/ns/activitystreams#Public",
+ User.ap_followers(user)
+ ],
+ user: user,
+ local: false
+ })
+ end
+
+ defp create_with_media_activity(user) do
+ obj = insert(:attachment_note, user: user)
+
+ insert(:note_activity, %{
+ note: obj,
+ recipients: ["https://www.w3.org/ns/activitystreams#Public", User.ap_followers(user)],
+ user: user
+ })
+ end
end
projects / akkoma / blobdiff