X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fpleroma%2Fweb%2Fmastodon_api%2Fcontrollers%2Fmedia_controller_test.exs;h=7ff8cff6bd0b9e67400986c5a3cc1fa5449745f7;hb=bd040fe96afaf39c1433cd3695bed0ee2c0f55ed;hp=6c8f984d50ea9009364fe4a7ffd6400fbaa8ade2;hpb=cf367fdbd53b50f4324a01ddabdc0520cd787321;p=akkoma

diff --git a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
index 6c8f984d5..7ff8cff6b 100644
--- a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
@@ -5,12 +5,16 @@
 defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
   use Pleroma.Web.ConnCase
 
+  import ExUnit.CaptureLog
+
   alias Pleroma.Object
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
 
   describe "Upload media" do
     setup do: oauth_access(["write:media"])
+    setup do: clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
+    setup do: clear_config([Pleroma.Uploaders.Local, :uploads], "uploads")
 
     setup do
       image = %Plug.Upload{
@@ -67,6 +71,76 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
       object = Object.get_by_id(media["id"])
       assert object.data["actor"] == user.ap_id
     end
+
+    test "/api/v2/media, upload_limit", %{conn: conn, user: user} do
+      desc = "Description of the binary"
+
+      upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
+
+      assert :ok ==
+               File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
+
+      large_binary = %Plug.Upload{
+        content_type: nil,
+        path: Path.absname("test/tmp/large_binary.data"),
+        filename: "large_binary.data"
+      }
+
+      assert capture_log(fn ->
+               assert %{"error" => "file_too_large"} =
+                        conn
+                        |> put_req_header("content-type", "multipart/form-data")
+                        |> post("/api/v2/media", %{
+                          "file" => large_binary,
+                          "description" => desc
+                        })
+                        |> json_response_and_validate_schema(400)
+             end) =~
+               "[error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: :file_too_large"
+
+      clear_config([:instance, :upload_limit], upload_limit)
+
+      assert response =
+               conn
+               |> put_req_header("content-type", "multipart/form-data")
+               |> post("/api/v2/media", %{
+                 "file" => large_binary,
+                 "description" => desc
+               })
+               |> json_response_and_validate_schema(202)
+
+      assert media_id = response["id"]
+
+      %{conn: conn} = oauth_access(["read:media"], user: user)
+
+      media =
+        conn
+        |> get("/api/v1/media/#{media_id}")
+        |> json_response_and_validate_schema(200)
+
+      assert media["type"] == "unknown"
+      assert media["description"] == desc
+      assert media["id"]
+
+      assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
+    end
+
+    test "Do not allow nested filename", %{conn: conn, image: image} do
+      image = %Plug.Upload{
+        image
+        | filename: "../../../../../nested/file.jpg"
+      }
+
+      desc = "Description of the image"
+
+      media =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/v1/media", %{"file" => image, "description" => desc})
+        |> json_response_and_validate_schema(:ok)
+
+      refute Regex.match?(~r"/nested/", media["url"])
+    end
   end
 
   describe "Update media description" do
@@ -140,7 +214,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
 
       conn
       |> get("/api/v1/media/#{object.id}")
-      |> json_response(403)
+      |> json_response_and_validate_schema(403)
     end
   end
 end