Merge branch 'develop' into activation-meta

[akkoma] / test / web / activity_pub / object_validator_test.exs

diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs
index 929fdbc9bc9d09540dadc8404900cceef105671d..f38bf7e0803ee1ad0eefc98431886f3cf37280a7 100644 (file)
--- a/test/web/activity_pub/object_validator_test.exs
+++ b/test/web/activity_pub/object_validator_test.exs
@@ -113,6 +113,20 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
       %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
     end
 
+    test "let's through some basic html", %{user: user, recipient: recipient} do
+      {:ok, valid_chat_message, _} =
+        Builder.chat_message(
+          user,
+          recipient.ap_id,
+          "hey <a href='https://example.org'>example</a> <script>alert('uguu')</script>"
+        )
+
+      assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
+
+      assert object["content"] ==
+               "hey <a href=\"https://example.org\">example</a> alert(&#39;uguu&#39;)"
+    end
+
     test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
       assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, [])
 
@@ -608,4 +622,63 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
       assert {:actor, {"can not announce this object publicly", []}} in cng.errors
     end
   end
+
+  describe "updates" do
+    setup do
+      user = insert(:user)
+
+      object = %{
+        "id" => user.ap_id,
+        "name" => "A new name",
+        "summary" => "A new bio"
+      }
+
+      {:ok, valid_update, []} = Builder.update(user, object)
+
+      %{user: user, valid_update: valid_update}
+    end
+
+    test "validates a basic object", %{valid_update: valid_update} do
+      assert {:ok, _update, []} = ObjectValidator.validate(valid_update, [])
+    end
+
+    test "returns an error if the object can't be updated by the actor", %{
+      valid_update: valid_update
+    } do
+      other_user = insert(:user)
+
+      update =
+        valid_update
+        |> Map.put("actor", other_user.ap_id)
+
+      assert {:error, _cng} = ObjectValidator.validate(update, [])
+    end
+  end
+
+  describe "blocks" do
+    setup do
+      user = insert(:user, local: false)
+      blocked = insert(:user)
+
+      {:ok, valid_block, []} = Builder.block(user, blocked)
+
+      %{user: user, valid_block: valid_block}
+    end
+
+    test "validates a basic object", %{
+      valid_block: valid_block
+    } do
+      assert {:ok, _block, []} = ObjectValidator.validate(valid_block, [])
+    end
+
+    test "returns an error if we don't know the blocked user", %{
+      valid_block: valid_block
+    } do
+      block =
+        valid_block
+        |> Map.put("object", "https://gensokyo.2hu/users/raymoo")
+
+      assert {:error, _cng} = ObjectValidator.validate(block, [])
+    end
+  end
 end