1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.Web.ActivityPub.Transmogrifier
10 alias Pleroma.Web.CommonAPI
12 import Pleroma.Factory
14 setup_all do: clear_config([:static_fe, :enabled], true)
16 setup %{conn: conn} do
17 conn = put_req_header(conn, "accept", "text/html")
20 %{conn: conn, user: user}
23 describe "user profile html" do
24 test "just the profile as HTML", %{conn: conn, user: user} do
25 conn = get(conn, "/users/#{user.nickname}")
27 assert html_response(conn, 200) =~ user.nickname
30 test "404 when user not found", %{conn: conn} do
31 conn = get(conn, "/users/limpopo")
33 assert html_response(conn, 404) =~ "not found"
36 test "profile does not include private messages", %{conn: conn, user: user} do
37 CommonAPI.post(user, %{status: "public"})
38 CommonAPI.post(user, %{status: "private", visibility: "private"})
40 conn = get(conn, "/users/#{user.nickname}")
42 html = html_response(conn, 200)
44 assert html =~ ">public<"
45 refute html =~ ">private<"
48 test "pagination", %{conn: conn, user: user} do
49 Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
51 conn = get(conn, "/users/#{user.nickname}")
53 html = html_response(conn, 200)
55 assert html =~ ">test30<"
56 assert html =~ ">test11<"
57 refute html =~ ">test10<"
58 refute html =~ ">test1<"
61 test "pagination, page 2", %{conn: conn, user: user} do
62 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
63 {:ok, a11} = Enum.at(activities, 11)
65 conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
67 html = html_response(conn, 200)
69 assert html =~ ">test1<"
70 assert html =~ ">test10<"
71 refute html =~ ">test20<"
72 refute html =~ ">test29<"
75 test "does not require authentication on non-federating instances", %{
79 clear_config([:instance, :federating], false)
81 conn = get(conn, "/users/#{user.nickname}")
83 assert html_response(conn, 200) =~ user.nickname
86 test "returns 404 for local user with `restrict_unauthenticated/profiles/local` setting", %{
89 clear_config([:restrict_unauthenticated, :profiles, :local], true)
91 local_user = insert(:user, local: true)
94 |> get("/users/#{local_user.nickname}")
99 describe "notice html" do
100 test "single notice page", %{conn: conn, user: user} do
101 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
103 conn = get(conn, "/notice/#{activity.id}")
105 html = html_response(conn, 200)
106 assert html =~ "<header>"
107 assert html =~ user.nickname
108 assert html =~ "testing a thing!"
111 test "redirects to json if requested", %{conn: conn, user: user} do
112 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
118 "Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
120 |> get("/notice/#{activity.id}")
122 assert redirected_to(conn, 302) =~ activity.data["object"]
125 test "filters HTML tags", %{conn: conn} do
127 {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
131 |> put_req_header("accept", "text/html")
132 |> get("/notice/#{activity.id}")
134 html = html_response(conn, 200)
135 assert html =~ ~s[<script>alert('xss')</script>]
138 test "shows the whole thread", %{conn: conn, user: user} do
139 {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
141 CommonAPI.post(user, %{
142 status: "these are the voyages or something",
143 in_reply_to_status_id: activity.id
146 conn = get(conn, "/notice/#{activity.id}")
148 html = html_response(conn, 200)
149 assert html =~ "the final frontier"
150 assert html =~ "voyages"
153 test "redirect by AP object ID", %{conn: conn, user: user} do
154 {:ok, %Activity{data: %{"object" => object_url}}} =
155 CommonAPI.post(user, %{status: "beam me up"})
157 conn = get(conn, URI.parse(object_url).path)
159 assert html_response(conn, 302) =~ "redirected"
162 test "redirect by activity ID", %{conn: conn, user: user} do
163 {:ok, %Activity{data: %{"id" => id}}} =
164 CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
166 conn = get(conn, URI.parse(id).path)
168 assert html_response(conn, 302) =~ "redirected"
171 test "404 when notice not found", %{conn: conn} do
172 conn = get(conn, "/notice/88c9c317")
174 assert html_response(conn, 404) =~ "not found"
177 test "404 for private status", %{conn: conn, user: user} do
178 {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
180 conn = get(conn, "/notice/#{activity.id}")
182 assert html_response(conn, 404) =~ "not found"
185 test "302 for remote cached status", %{conn: conn, user: user} do
187 "@context" => "https://www.w3.org/ns/activitystreams",
188 "to" => user.follower_address,
189 "cc" => "https://www.w3.org/ns/activitystreams#Public",
192 "content" => "blah blah blah",
194 "attributedTo" => user.ap_id,
197 "actor" => user.ap_id
200 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
202 conn = get(conn, "/notice/#{activity.id}")
204 assert html_response(conn, 302) =~ "redirected"
207 test "does not require authentication on non-federating instances", %{
211 clear_config([:instance, :federating], false)
213 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
215 conn = get(conn, "/notice/#{activity.id}")
217 assert html_response(conn, 200) =~ "testing a thing!"
220 test "returns 404 for local public activity with `restrict_unauthenticated/activities/local` setting",
221 %{conn: conn, user: user} do
222 clear_config([:restrict_unauthenticated, :activities, :local], true)
224 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
227 |> get("/notice/#{activity.id}")
228 |> html_response(404)