X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Fstatic_fe%2Fstatic_fe_controller_test.exs;h=a49ab002fcb665754d1741c0430ed9f08b461648;hb=d15aa9d9503e59b3cd0731394855781f435ec63c;hp=a072cc78faaf5580456fe1f06d3036a1811adee8;hpb=ecb7809e92b8ee6ac8f4b4a812673684e762c215;p=akkoma diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs index a072cc78f..a49ab002f 100644 --- a/test/web/static_fe/static_fe_controller_test.exs +++ b/test/web/static_fe/static_fe_controller_test.exs @@ -8,13 +8,8 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do import Pleroma.Factory - clear_config_all([:static_fe, :enabled]) do - Config.put([:static_fe, :enabled], true) - end - - clear_config([:instance, :federating]) do - Config.put([:instance, :federating], true) - end + setup_all do: clear_config([:static_fe, :enabled], true) + setup do: clear_config([:instance, :federating], true) setup %{conn: conn} do conn = put_req_header(conn, "accept", "text/html") @@ -37,8 +32,8 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do end test "profile does not include private messages", %{conn: conn, user: user} do - CommonAPI.post(user, %{"status" => "public"}) - CommonAPI.post(user, %{"status" => "private", "visibility" => "private"}) + CommonAPI.post(user, %{status: "public"}) + CommonAPI.post(user, %{status: "private", visibility: "private"}) conn = get(conn, "/users/#{user.nickname}") @@ -49,7 +44,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do end test "pagination", %{conn: conn, user: user} do - Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end) + Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end) conn = get(conn, "/users/#{user.nickname}") @@ -62,7 +57,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do end test "pagination, page 2", %{conn: conn, user: user} do - activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end) + activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end) {:ok, a11} = Enum.at(activities, 11) conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}") @@ -82,7 +77,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do describe "notice html" do test "single notice page", %{conn: conn, user: user} do - {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"}) + {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"}) conn = get(conn, "/notice/#{activity.id}") @@ -92,12 +87,25 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do assert html =~ "testing a thing!" end + test "filters HTML tags", %{conn: conn} do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{status: ""}) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") + + html = html_response(conn, 200) + assert html =~ ~s[<script>alert('xss')</script>] + end + test "shows the whole thread", %{conn: conn, user: user} do - {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"}) + {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"}) CommonAPI.post(user, %{ - "status" => "these are the voyages or something", - "in_reply_to_status_id" => activity.id + status: "these are the voyages or something", + in_reply_to_status_id: activity.id }) conn = get(conn, "/notice/#{activity.id}") @@ -109,7 +117,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do test "redirect by AP object ID", %{conn: conn, user: user} do {:ok, %Activity{data: %{"object" => object_url}}} = - CommonAPI.post(user, %{"status" => "beam me up"}) + CommonAPI.post(user, %{status: "beam me up"}) conn = get(conn, URI.parse(object_url).path) @@ -118,7 +126,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do test "redirect by activity ID", %{conn: conn, user: user} do {:ok, %Activity{data: %{"id" => id}}} = - CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"}) + CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"}) conn = get(conn, URI.parse(id).path) @@ -132,8 +140,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do end test "404 for private status", %{conn: conn, user: user} do - {:ok, activity} = - CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"}) + {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"}) conn = get(conn, "/notice/#{activity.id}") @@ -163,7 +170,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do end test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do - {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"}) + {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"}) ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user) end