# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.CommonAPITest do
alias Pleroma.Object
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
+ alias Pleroma.Web.ActivityPub.Transmogrifier
alias Pleroma.Web.ActivityPub.Visibility
alias Pleroma.Web.AdminAPI.AccountView
alias Pleroma.Web.CommonAPI
import Pleroma.Factory
+ import Mock
require Pleroma.Constants
- clear_config([:instance, :safe_dm_mentions])
- clear_config([:instance, :limit])
- clear_config([:instance, :max_pinned_statuses])
+ setup do: clear_config([:instance, :safe_dm_mentions])
+ setup do: clear_config([:instance, :limit])
+ setup do: clear_config([:instance, :max_pinned_statuses])
+
+ describe "deletion" do
+ test "it allows users to delete their posts" do
+ user = insert(:user)
+
+ {:ok, post} = CommonAPI.post(user, %{"status" => "namu amida butsu"})
+
+ with_mock Pleroma.Web.Federator,
+ publish: fn _ -> nil end do
+ assert {:ok, delete} = CommonAPI.delete(post.id, user)
+ assert delete.local
+ assert called(Pleroma.Web.Federator.publish(delete))
+ end
+
+ refute Activity.get_by_id(post.id)
+ end
+
+ test "it does not allow a user to delete their posts" do
+ user = insert(:user)
+ other_user = insert(:user)
+
+ {:ok, post} = CommonAPI.post(user, %{"status" => "namu amida butsu"})
+
+ assert {:error, "Could not delete"} = CommonAPI.delete(post.id, other_user)
+ assert Activity.get_by_id(post.id)
+ end
+
+ test "it allows moderators to delete other user's posts" do
+ user = insert(:user)
+ moderator = insert(:user, is_moderator: true)
+
+ {:ok, post} = CommonAPI.post(user, %{"status" => "namu amida butsu"})
+
+ assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+ assert delete.local
+
+ refute Activity.get_by_id(post.id)
+ end
+
+ test "it allows admins to delete other user's posts" do
+ user = insert(:user)
+ moderator = insert(:user, is_admin: true)
+
+ {:ok, post} = CommonAPI.post(user, %{"status" => "namu amida butsu"})
+
+ assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+ assert delete.local
+
+ refute Activity.get_by_id(post.id)
+ end
+
+ test "superusers deleting non-local posts won't federate the delete" do
+ # This is the user of the ingested activity
+ _user =
+ insert(:user,
+ local: false,
+ ap_id: "http://mastodon.example.org/users/admin",
+ last_refreshed_at: NaiveDateTime.utc_now()
+ )
+
+ moderator = insert(:user, is_admin: true)
+
+ data =
+ File.read!("test/fixtures/mastodon-post-activity.json")
+ |> Jason.decode!()
+
+ {:ok, post} = Transmogrifier.handle_incoming(data)
+
+ with_mock Pleroma.Web.Federator,
+ publish: fn _ -> nil end do
+ assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+ assert delete.local
+ refute called(Pleroma.Web.Federator.publish(:_))
+ end
+
+ refute Activity.get_by_id(post.id)
+ end
+ end
+
+ test "favoriting race condition" do
+ user = insert(:user)
+ users_serial = insert_list(10, :user)
+ users = insert_list(10, :user)
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "."})
+
+ users_serial
+ |> Enum.map(fn user ->
+ CommonAPI.favorite(user, activity.id)
+ end)
+
+ object = Object.get_by_ap_id(activity.data["object"])
+ assert object.data["like_count"] == 10
+
+ users
+ |> Enum.map(fn user ->
+ Task.async(fn ->
+ CommonAPI.favorite(user, activity.id)
+ end)
+ end)
+ |> Enum.map(&Task.await/1)
+
+ object = Object.get_by_ap_id(activity.data["object"])
+ assert object.data["like_count"] == 20
+ end
+
+ test "repeating race condition" do
+ user = insert(:user)
+ users_serial = insert_list(10, :user)
+ users = insert_list(10, :user)
+
+ {:ok, activity} = CommonAPI.post(user, %{"status" => "."})
+
+ users_serial
+ |> Enum.map(fn user ->
+ CommonAPI.repeat(activity.id, user)
+ end)
+
+ object = Object.get_by_ap_id(activity.data["object"])
+ assert object.data["announcement_count"] == 10
+
+ users
+ |> Enum.map(fn user ->
+ Task.async(fn ->
+ CommonAPI.repeat(activity.id, user)
+ end)
+ end)
+ |> Enum.map(&Task.await/1)
+
+ object = Object.get_by_ap_id(activity.data["object"])
+ assert object.data["announcement_count"] == 20
+ end
test "when replying to a conversation / participation, it will set the correct context id even if no explicit reply_to is given" do
user = insert(:user)
har = insert(:user)
jafnhar = insert(:user)
tridi = insert(:user)
+
Pleroma.Config.put([:instance, :safe_dm_mentions], true)
{:ok, activity} =
assert Object.normalize(activity).data["emoji"]["firefox"]
end
- test "it adds emoji when updating profiles" do
- user = insert(:user, %{name: ":firefox:"})
-
- {:ok, activity} = CommonAPI.update(user)
- user = User.get_cached_by_ap_id(user.ap_id)
- [firefox] = user.source_data["tag"]
-
- assert firefox["name"] == ":firefox:"
-
- assert Pleroma.Constants.as_public() in activity.recipients
- end
-
describe "posting" do
test "it supports explicit addressing" do
user = insert(:user)
CommonAPI.post(user, %{"status" => ""})
end
- test "it returns error when character limit is exceeded" do
+ test "it validates character limits are correctly enforced" do
Pleroma.Config.put([:instance, :limit], 5)
user = insert(:user)
assert {:error, "The status is over the character limit"} =
CommonAPI.post(user, %{"status" => "foobar"})
+
+ assert {:ok, activity} = CommonAPI.post(user, %{"status" => "12345"})
end
test "it can handle activities that expire" do
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
- {:ok, reaction, _} = CommonAPI.react_with_emoji(activity.id, user, "👍")
+ {:ok, reaction} = CommonAPI.react_with_emoji(activity.id, user, "👍")
assert reaction.data["actor"] == user.ap_id
assert reaction.data["content"] == "👍"
- # TODO: test error case.
+ {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+
+ {:error, _} = CommonAPI.react_with_emoji(activity.id, user, ".")
end
test "unreacting to a status with an emoji" do
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
- {:ok, reaction, _} = CommonAPI.react_with_emoji(activity.id, user, "👍")
+ {:ok, reaction} = CommonAPI.react_with_emoji(activity.id, user, "👍")
- {:ok, unreaction, _} = CommonAPI.unreact_with_emoji(activity.id, user, "👍")
+ {:ok, unreaction} = CommonAPI.unreact_with_emoji(activity.id, user, "👍")
assert unreaction.data["type"] == "Undo"
assert unreaction.data["object"] == reaction.data["id"]
+ assert unreaction.local
end
test "repeating a status" do
{:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
end
+ test "can't repeat a repeat" do
+ user = insert(:user)
+ other_user = insert(:user)
+ {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+
+ {:ok, %Activity{} = announce, _} = CommonAPI.repeat(activity.id, other_user)
+
+ refute match?({:ok, %Activity{}, _}, CommonAPI.repeat(announce.id, user))
+ end
+
test "repeating a status privately" do
user = insert(:user)
other_user = insert(:user)
user = insert(:user)
other_user = insert(:user)
- {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+ {:ok, post_activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
- {:ok, %Activity{}, _} = CommonAPI.favorite(activity.id, user)
+ {:ok, %Activity{data: data}} = CommonAPI.favorite(user, post_activity.id)
+ assert data["type"] == "Like"
+ assert data["actor"] == user.ap_id
+ assert data["object"] == post_activity.data["object"]
end
test "retweeting a status twice returns the status" do
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
- {:ok, %Activity{} = activity, object} = CommonAPI.repeat(activity.id, user)
- {:ok, ^activity, ^object} = CommonAPI.repeat(activity.id, user)
+ {:ok, %Activity{} = announce, object} = CommonAPI.repeat(activity.id, user)
+ {:ok, ^announce, ^object} = CommonAPI.repeat(activity.id, user)
end
- test "favoriting a status twice returns the status" do
+ test "favoriting a status twice returns ok, but without the like activity" do
user = insert(:user)
other_user = insert(:user)
{:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
- {:ok, %Activity{} = activity, object} = CommonAPI.favorite(activity.id, user)
- {:ok, ^activity, ^object} = CommonAPI.favorite(activity.id, user)
+ {:ok, %Activity{}} = CommonAPI.favorite(user, activity.id)
+ assert {:ok, :already_liked} = CommonAPI.favorite(user, activity.id)
end
end
assert %User{pinned_activities: [^id]} = user
end
+ test "pin poll", %{user: user} do
+ {:ok, activity} =
+ CommonAPI.post(user, %{
+ "status" => "How is fediverse today?",
+ "poll" => %{"options" => ["Absolutely outstanding", "Not good"], "expires_in" => 20}
+ })
+
+ assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
+
+ id = activity.id
+ user = refresh_record(user)
+
+ assert %User{pinned_activities: [^id]} = user
+ end
+
test "unlisted statuses can be pinned", %{user: user} do
{:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!", "visibility" => "unlisted"})
assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
user = refresh_record(user)
- assert {:ok, ^activity} = CommonAPI.unpin(activity.id, user)
+ id = activity.id
+
+ assert match?({:ok, %{id: ^id}}, CommonAPI.unpin(activity.id, user))
user = refresh_record(user)
comment = "foobar"
report_data = %{
- "account_id" => target_user.id,
- "comment" => comment,
- "status_ids" => [activity.id]
+ account_id: target_user.id,
+ comment: comment,
+ status_ids: [activity.id]
}
note_obj = %{
{:ok, %Activity{id: report_id}} =
CommonAPI.report(reporter, %{
- "account_id" => target_user.id,
- "comment" => "I feel offended",
- "status_ids" => [activity.id]
+ account_id: target_user.id,
+ comment: "I feel offended",
+ status_ids: [activity.id]
})
{:ok, report} = CommonAPI.update_report_state(report_id, "resolved")
{:ok, %Activity{id: report_id}} =
CommonAPI.report(reporter, %{
- "account_id" => target_user.id,
- "comment" => "I feel offended",
- "status_ids" => [activity.id]
+ account_id: target_user.id,
+ comment: "I feel offended",
+ status_ids: [activity.id]
})
assert CommonAPI.update_report_state(report_id, "test") == {:error, "Unsupported state"}
{:ok, %Activity{id: first_report_id}} =
CommonAPI.report(reporter, %{
- "account_id" => target_user.id,
- "comment" => "I feel offended",
- "status_ids" => [activity.id]
+ account_id: target_user.id,
+ comment: "I feel offended",
+ status_ids: [activity.id]
})
{:ok, %Activity{id: second_report_id}} =
CommonAPI.report(reporter, %{
- "account_id" => target_user.id,
- "comment" => "I feel very offended!",
- "status_ids" => [activity.id]
+ account_id: target_user.id,
+ comment: "I feel very offended!",
+ status_ids: [activity.id]
})
{:ok, report_ids} =
refute User.subscribed_to?(follower, followed)
end
+
+ test "cancels a pending follow for a local user" do
+ follower = insert(:user)
+ followed = insert(:user, locked: true)
+
+ assert {:ok, follower, followed, %{id: activity_id, data: %{"state" => "pending"}}} =
+ CommonAPI.follow(follower, followed)
+
+ assert User.get_follow_state(follower, followed) == :follow_pending
+ assert {:ok, follower} = CommonAPI.unfollow(follower, followed)
+ assert User.get_follow_state(follower, followed) == nil
+
+ assert %{id: ^activity_id, data: %{"state" => "cancelled"}} =
+ Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(follower, followed)
+
+ assert %{
+ data: %{
+ "type" => "Undo",
+ "object" => %{"type" => "Follow", "state" => "cancelled"}
+ }
+ } = Pleroma.Web.ActivityPub.Utils.fetch_latest_undo(follower)
+ end
+
+ test "cancels a pending follow for a remote user" do
+ follower = insert(:user)
+ followed = insert(:user, locked: true, local: false, ap_enabled: true)
+
+ assert {:ok, follower, followed, %{id: activity_id, data: %{"state" => "pending"}}} =
+ CommonAPI.follow(follower, followed)
+
+ assert User.get_follow_state(follower, followed) == :follow_pending
+ assert {:ok, follower} = CommonAPI.unfollow(follower, followed)
+ assert User.get_follow_state(follower, followed) == nil
+
+ assert %{id: ^activity_id, data: %{"state" => "cancelled"}} =
+ Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(follower, followed)
+
+ assert %{
+ data: %{
+ "type" => "Undo",
+ "object" => %{"type" => "Follow", "state" => "cancelled"}
+ }
+ } = Pleroma.Web.ActivityPub.Utils.fetch_latest_undo(follower)
+ end
end
describe "accept_follow_request/2" do
assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
end
+
+ test "doesn't create a following relationship if the corresponding follow request doesn't exist" do
+ user = insert(:user, locked: true)
+ not_follower = insert(:user)
+ CommonAPI.accept_follow_request(not_follower, user)
+
+ assert Pleroma.FollowingRelationship.following?(not_follower, user) == false
+ end
end
describe "vote/3" do