use Pleroma.Web.ConnCase
import Pleroma.Factory
alias Pleroma.Web.ActivityPub.{UserView, ObjectView}
- alias Pleroma.{Repo, User}
+ alias Pleroma.{Object, Repo, User}
alias Pleroma.Activity
setup_all do
:timer.sleep(500)
assert Activity.get_by_ap_id(data["id"])
end
+
+ test "it rejects reads from other users", %{conn: conn} do
+ user = insert(:user)
+ otheruser = insert(:user)
+
+ conn =
+ conn
+ |> assign(:user, otheruser)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/users/#{user.nickname}/inbox")
+
+ assert json_response(conn, 403)
+ end
+
+ test "it returns a note activity in a collection", %{conn: conn} do
+ note_activity = insert(:direct_note_activity)
+ user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/users/#{user.nickname}/inbox")
+
+ assert response(conn, 200) =~ note_activity.data["object"]["content"]
+ end
end
describe "/users/:nickname/outbox" do
assert response(conn, 200) =~ announce_activity.data["object"]
end
+
+ test "it rejects posts from other users", %{conn: conn} do
+ data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+ user = insert(:user)
+ otheruser = insert(:user)
+
+ conn =
+ conn
+ |> assign(:user, otheruser)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 403)
+ end
+
+ test "it inserts an incoming create activity into the database", %{conn: conn} do
+ data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+ user = insert(:user)
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ result = json_response(conn, 201)
+ assert Activity.get_by_ap_id(result["id"])
+ end
+
+ test "it rejects an incoming activity with bogus type", %{conn: conn} do
+ data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+ user = insert(:user)
+
+ data =
+ data
+ |> Map.put("type", "BadType")
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
+
+ test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ user = User.get_cached_by_ap_id(note_activity.data["actor"])
+
+ data = %{
+ type: "Delete",
+ object: %{
+ id: note_activity.data["object"]["id"]
+ }
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ result = json_response(conn, 201)
+ assert Activity.get_by_ap_id(result["id"])
+
+ object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+ assert object
+ assert object.data["type"] == "Tombstone"
+ end
+
+ test "it rejects delete activity of object from other actor", %{conn: conn} do
+ note_activity = insert(:note_activity)
+ user = insert(:user)
+
+ data = %{
+ type: "Delete",
+ object: %{
+ id: note_activity.data["object"]["id"]
+ }
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
end
describe "/users/:nickname/followers" do