ChatMessageValidator: Additional validation.

[akkoma] / test / web / activity_pub / object_validator_test.exs

diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs
index 929fdbc9bc9d09540dadc8404900cceef105671d..c1a87229751416b4f91885cb6aeb27410c9a3672 100644 (file)
--- a/test/web/activity_pub/object_validator_test.exs
+++ b/test/web/activity_pub/object_validator_test.exs
@@ -113,6 +113,20 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
       %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
     end
 
+    test "let's through some basic html", %{user: user, recipient: recipient} do
+      {:ok, valid_chat_message, _} =
+        Builder.chat_message(
+          user,
+          recipient.ap_id,
+          "hey <a href='https://example.org'>example</a> <script>alert('uguu')</script>"
+        )
+
+      assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
+
+      assert object["content"] ==
+               "hey <a href=\"https://example.org\">example</a> alert(&#39;uguu&#39;)"
+    end
+
     test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
 
@@ -209,6 +223,17 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
       refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
     end
 
+    test "does not validate if the recipient is not accepting chat messages", %{
+      valid_chat_message: valid_chat_message,
+      recipient: recipient
+    } do
+      recipient
+      |> Ecto.Changeset.change(%{accepts_chat_messages: false})
+      |> Pleroma.Repo.update!()
+
+      refute match?({:ok, _object, _meta}, ObjectValidator.validate(valid_chat_message, []))
+    end
+
     test "does not validate if the actor or the recipient is not in our system", %{
       valid_chat_message: valid_chat_message
     } do
@@ -608,4 +633,63 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
       assert {:actor, {"can not announce this object publicly", []}} in cng.errors
     end
   end
+
+  describe "updates" do
+    setup do
+      user = insert(:user)
+
+      object = %{
+        "id" => user.ap_id,
+        "name" => "A new name",
+        "summary" => "A new bio"
+      }
+
+      {:ok, valid_update, []} = Builder.update(user, object)
+
+      %{user: user, valid_update: valid_update}
+    end
+
+    test "validates a basic object", %{valid_update: valid_update} do
+      assert {:ok, _update, []} = ObjectValidator.validate(valid_update, [])
+    end
+
+    test "returns an error if the object can't be updated by the actor", %{
+      valid_update: valid_update
+    } do
+      other_user = insert(:user)
+
+      update =
+        valid_update
+        |> Map.put("actor", other_user.ap_id)
+
+      assert {:error, _cng} = ObjectValidator.validate(update, [])
+    end
+  end
+
+  describe "blocks" do
+    setup do
+      user = insert(:user, local: false)
+      blocked = insert(:user)
+
+      {:ok, valid_block, []} = Builder.block(user, blocked)
+
+      %{user: user, valid_block: valid_block}
+    end
+
+    test "validates a basic object", %{
+      valid_block: valid_block
+    } do
+      assert {:ok, _block, []} = ObjectValidator.validate(valid_block, [])
+    end
+
+    test "returns an error if we don't know the blocked user", %{
+      valid_block: valid_block
+    } do
+      block =
+        valid_block
+        |> Map.put("object", "https://gensokyo.2hu/users/raymoo")
+
+      assert {:error, _cng} = ObjectValidator.validate(block, [])
+    end
+  end
 end