git.squeep.com Git - akkoma/blob - test/pleroma/web/activity_pub/mrf/simple_policy_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
   6   use Pleroma.DataCase
   7   import Pleroma.Factory
   8   alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
   9   alias Pleroma.Web.CommonAPI
  10
  11   setup do:
  12           clear_config(:mrf_simple,
  13             media_removal: [],
  14             media_nsfw: [],
  15             federated_timeline_removal: [],
  16             report_removal: [],
  17             reject: [],
  18             followers_only: [],
  19             accept: [],
  20             avatar_removal: [],
  21             banner_removal: [],
  22             reject_deletes: []
  23           )
  24
  25   describe "when :media_removal" do
  26     test "is empty" do
  27       clear_config([:mrf_simple, :media_removal], [])
  28       media_message = build_media_message()
  29       local_message = build_local_message()
  30
  31       assert SimplePolicy.filter(media_message) == {:ok, media_message}
  32       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  33     end
  34
  35     test "has a matching host" do
  36       clear_config([:mrf_simple, :media_removal], ["remote.instance"])
  37       media_message = build_media_message()
  38       local_message = build_local_message()
  39
  40       assert SimplePolicy.filter(media_message) ==
  41                {:ok,
  42                 media_message
  43                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
  44
  45       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  46     end
  47
  48     test "match with wildcard domain" do
  49       clear_config([:mrf_simple, :media_removal], ["*.remote.instance"])
  50       media_message = build_media_message()
  51       local_message = build_local_message()
  52
  53       assert SimplePolicy.filter(media_message) ==
  54                {:ok,
  55                 media_message
  56                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
  57
  58       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  59     end
  60   end
  61
  62   describe "when :media_nsfw" do
  63     test "is empty" do
  64       clear_config([:mrf_simple, :media_nsfw], [])
  65       media_message = build_media_message()
  66       local_message = build_local_message()
  67
  68       assert SimplePolicy.filter(media_message) == {:ok, media_message}
  69       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  70     end
  71
  72     test "has a matching host" do
  73       clear_config([:mrf_simple, :media_nsfw], ["remote.instance"])
  74       media_message = build_media_message()
  75       local_message = build_local_message()
  76
  77       assert SimplePolicy.filter(media_message) ==
  78                {:ok, put_in(media_message, ["object", "sensitive"], true)}
  79
  80       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  81     end
  82
  83     test "match with wildcard domain" do
  84       clear_config([:mrf_simple, :media_nsfw], ["*.remote.instance"])
  85       media_message = build_media_message()
  86       local_message = build_local_message()
  87
  88       assert SimplePolicy.filter(media_message) ==
  89                {:ok, put_in(media_message, ["object", "sensitive"], true)}
  90
  91       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  92     end
  93   end
  94
  95   defp build_media_message do
  96     %{
  97       "actor" => "https://remote.instance/users/bob",
  98       "type" => "Create",
  99       "object" => %{
 100         "attachment" => [%{}],
 101         "tag" => ["foo"],
 102         "sensitive" => false
 103       }
 104     }
 105   end
 106
 107   describe "when :report_removal" do
 108     test "is empty" do
 109       clear_config([:mrf_simple, :report_removal], [])
 110       report_message = build_report_message()
 111       local_message = build_local_message()
 112
 113       assert SimplePolicy.filter(report_message) == {:ok, report_message}
 114       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 115     end
 116
 117     test "has a matching host" do
 118       clear_config([:mrf_simple, :report_removal], ["remote.instance"])
 119       report_message = build_report_message()
 120       local_message = build_local_message()
 121
 122       assert {:reject, _} = SimplePolicy.filter(report_message)
 123       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 124     end
 125
 126     test "match with wildcard domain" do
 127       clear_config([:mrf_simple, :report_removal], ["*.remote.instance"])
 128       report_message = build_report_message()
 129       local_message = build_local_message()
 130
 131       assert {:reject, _} = SimplePolicy.filter(report_message)
 132       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 133     end
 134   end
 135
 136   defp build_report_message do
 137     %{
 138       "actor" => "https://remote.instance/users/bob",
 139       "type" => "Flag"
 140     }
 141   end
 142
 143   describe "when :federated_timeline_removal" do
 144     test "is empty" do
 145       clear_config([:mrf_simple, :federated_timeline_removal], [])
 146       {_, ftl_message} = build_ftl_actor_and_message()
 147       local_message = build_local_message()
 148
 149       assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
 150       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 151     end
 152
 153     test "has a matching host" do
 154       {actor, ftl_message} = build_ftl_actor_and_message()
 155
 156       ftl_message_actor_host =
 157         ftl_message
 158         |> Map.fetch!("actor")
 159         |> URI.parse()
 160         |> Map.fetch!(:host)
 161
 162       clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
 163       local_message = build_local_message()
 164
 165       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
 166       assert actor.follower_address in ftl_message["to"]
 167       refute actor.follower_address in ftl_message["cc"]
 168       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
 169       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
 170
 171       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 172     end
 173
 174     test "match with wildcard domain" do
 175       {actor, ftl_message} = build_ftl_actor_and_message()
 176
 177       ftl_message_actor_host =
 178         ftl_message
 179         |> Map.fetch!("actor")
 180         |> URI.parse()
 181         |> Map.fetch!(:host)
 182
 183       clear_config([:mrf_simple, :federated_timeline_removal], ["*." <> ftl_message_actor_host])
 184       local_message = build_local_message()
 185
 186       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
 187       assert actor.follower_address in ftl_message["to"]
 188       refute actor.follower_address in ftl_message["cc"]
 189       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
 190       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
 191
 192       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 193     end
 194
 195     test "has a matching host but only as:Public in to" do
 196       {_actor, ftl_message} = build_ftl_actor_and_message()
 197
 198       ftl_message_actor_host =
 199         ftl_message
 200         |> Map.fetch!("actor")
 201         |> URI.parse()
 202         |> Map.fetch!(:host)
 203
 204       ftl_message = Map.put(ftl_message, "cc", [])
 205
 206       clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
 207
 208       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
 209       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
 210       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
 211     end
 212   end
 213
 214   defp build_ftl_actor_and_message do
 215     actor = insert(:user)
 216
 217     {actor,
 218      %{
 219        "actor" => actor.ap_id,
 220        "to" => ["https://www.w3.org/ns/activitystreams#Public", "http://foo.bar/baz"],
 221        "cc" => [actor.follower_address, "http://foo.bar/qux"]
 222      }}
 223   end
 224
 225   describe "when :reject" do
 226     test "is empty" do
 227       clear_config([:mrf_simple, :reject], [])
 228
 229       remote_message = build_remote_message()
 230
 231       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
 232     end
 233
 234     test "activity has a matching host" do
 235       clear_config([:mrf_simple, :reject], ["remote.instance"])
 236
 237       remote_message = build_remote_message()
 238
 239       assert {:reject, _} = SimplePolicy.filter(remote_message)
 240     end
 241
 242     test "activity matches with wildcard domain" do
 243       clear_config([:mrf_simple, :reject], ["*.remote.instance"])
 244
 245       remote_message = build_remote_message()
 246
 247       assert {:reject, _} = SimplePolicy.filter(remote_message)
 248     end
 249
 250     test "actor has a matching host" do
 251       clear_config([:mrf_simple, :reject], ["remote.instance"])
 252
 253       remote_user = build_remote_user()
 254
 255       assert {:reject, _} = SimplePolicy.filter(remote_user)
 256     end
 257   end
 258
 259   describe "when :followers_only" do
 260     test "is empty" do
 261       clear_config([:mrf_simple, :followers_only], [])
 262       {_, ftl_message} = build_ftl_actor_and_message()
 263       local_message = build_local_message()
 264
 265       assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
 266       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 267     end
 268
 269     test "has a matching host" do
 270       actor = insert(:user)
 271       following_user = insert(:user)
 272       non_following_user = insert(:user)
 273
 274       {:ok, _, _, _} = CommonAPI.follow(following_user, actor)
 275
 276       activity = %{
 277         "actor" => actor.ap_id,
 278         "to" => [
 279           "https://www.w3.org/ns/activitystreams#Public",
 280           following_user.ap_id,
 281           non_following_user.ap_id
 282         ],
 283         "cc" => [actor.follower_address, "http://foo.bar/qux"]
 284       }
 285
 286       dm_activity = %{
 287         "actor" => actor.ap_id,
 288         "to" => [
 289           following_user.ap_id,
 290           non_following_user.ap_id
 291         ],
 292         "cc" => []
 293       }
 294
 295       actor_domain =
 296         activity
 297         |> Map.fetch!("actor")
 298         |> URI.parse()
 299         |> Map.fetch!(:host)
 300
 301       clear_config([:mrf_simple, :followers_only], [actor_domain])
 302
 303       assert {:ok, new_activity} = SimplePolicy.filter(activity)
 304       assert actor.follower_address in new_activity["cc"]
 305       assert following_user.ap_id in new_activity["to"]
 306       refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]
 307       refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]
 308       refute non_following_user.ap_id in new_activity["to"]
 309       refute non_following_user.ap_id in new_activity["cc"]
 310
 311       assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)
 312       assert new_dm_activity["to"] == [following_user.ap_id]
 313       assert new_dm_activity["cc"] == []
 314     end
 315   end
 316
 317   describe "when :accept" do
 318     test "is empty" do
 319       clear_config([:mrf_simple, :accept], [])
 320
 321       local_message = build_local_message()
 322       remote_message = build_remote_message()
 323
 324       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 325       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
 326     end
 327
 328     test "is not empty but activity doesn't have a matching host" do
 329       clear_config([:mrf_simple, :accept], ["non.matching.remote"])
 330
 331       local_message = build_local_message()
 332       remote_message = build_remote_message()
 333
 334       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 335       assert {:reject, _} = SimplePolicy.filter(remote_message)
 336     end
 337
 338     test "activity has a matching host" do
 339       clear_config([:mrf_simple, :accept], ["remote.instance"])
 340
 341       local_message = build_local_message()
 342       remote_message = build_remote_message()
 343
 344       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 345       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
 346     end
 347
 348     test "activity matches with wildcard domain" do
 349       clear_config([:mrf_simple, :accept], ["*.remote.instance"])
 350
 351       local_message = build_local_message()
 352       remote_message = build_remote_message()
 353
 354       assert SimplePolicy.filter(local_message) == {:ok, local_message}
 355       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
 356     end
 357
 358     test "actor has a matching host" do
 359       clear_config([:mrf_simple, :accept], ["remote.instance"])
 360
 361       remote_user = build_remote_user()
 362
 363       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
 364     end
 365   end
 366
 367   describe "when :avatar_removal" do
 368     test "is empty" do
 369       clear_config([:mrf_simple, :avatar_removal], [])
 370
 371       remote_user = build_remote_user()
 372
 373       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
 374     end
 375
 376     test "is not empty but it doesn't have a matching host" do
 377       clear_config([:mrf_simple, :avatar_removal], ["non.matching.remote"])
 378
 379       remote_user = build_remote_user()
 380
 381       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
 382     end
 383
 384     test "has a matching host" do
 385       clear_config([:mrf_simple, :avatar_removal], ["remote.instance"])
 386
 387       remote_user = build_remote_user()
 388       {:ok, filtered} = SimplePolicy.filter(remote_user)
 389
 390       refute filtered["icon"]
 391     end
 392
 393     test "match with wildcard domain" do
 394       clear_config([:mrf_simple, :avatar_removal], ["*.remote.instance"])
 395
 396       remote_user = build_remote_user()
 397       {:ok, filtered} = SimplePolicy.filter(remote_user)
 398
 399       refute filtered["icon"]
 400     end
 401   end
 402
 403   describe "when :banner_removal" do
 404     test "is empty" do
 405       clear_config([:mrf_simple, :banner_removal], [])
 406
 407       remote_user = build_remote_user()
 408
 409       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
 410     end
 411
 412     test "is not empty but it doesn't have a matching host" do
 413       clear_config([:mrf_simple, :banner_removal], ["non.matching.remote"])
 414
 415       remote_user = build_remote_user()
 416
 417       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
 418     end
 419
 420     test "has a matching host" do
 421       clear_config([:mrf_simple, :banner_removal], ["remote.instance"])
 422
 423       remote_user = build_remote_user()
 424       {:ok, filtered} = SimplePolicy.filter(remote_user)
 425
 426       refute filtered["image"]
 427     end
 428
 429     test "match with wildcard domain" do
 430       clear_config([:mrf_simple, :banner_removal], ["*.remote.instance"])
 431
 432       remote_user = build_remote_user()
 433       {:ok, filtered} = SimplePolicy.filter(remote_user)
 434
 435       refute filtered["image"]
 436     end
 437   end
 438
 439   describe "when :reject_deletes is empty" do
 440     setup do: clear_config([:mrf_simple, :reject_deletes], [])
 441
 442     test "it accepts deletions even from rejected servers" do
 443       clear_config([:mrf_simple, :reject], ["remote.instance"])
 444
 445       deletion_message = build_remote_deletion_message()
 446
 447       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
 448     end
 449
 450     test "it accepts deletions even from non-whitelisted servers" do
 451       clear_config([:mrf_simple, :accept], ["non.matching.remote"])
 452
 453       deletion_message = build_remote_deletion_message()
 454
 455       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
 456     end
 457   end
 458
 459   describe "when :reject_deletes is not empty but it doesn't have a matching host" do
 460     setup do: clear_config([:mrf_simple, :reject_deletes], ["non.matching.remote"])
 461
 462     test "it accepts deletions even from rejected servers" do
 463       clear_config([:mrf_simple, :reject], ["remote.instance"])
 464
 465       deletion_message = build_remote_deletion_message()
 466
 467       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
 468     end
 469
 470     test "it accepts deletions even from non-whitelisted servers" do
 471       clear_config([:mrf_simple, :accept], ["non.matching.remote"])
 472
 473       deletion_message = build_remote_deletion_message()
 474
 475       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
 476     end
 477   end
 478
 479   describe "when :reject_deletes has a matching host" do
 480     setup do: clear_config([:mrf_simple, :reject_deletes], ["remote.instance"])
 481
 482     test "it rejects the deletion" do
 483       deletion_message = build_remote_deletion_message()
 484
 485       assert {:reject, _} = SimplePolicy.filter(deletion_message)
 486     end
 487   end
 488
 489   describe "when :reject_deletes match with wildcard domain" do
 490     setup do: clear_config([:mrf_simple, :reject_deletes], ["*.remote.instance"])
 491
 492     test "it rejects the deletion" do
 493       deletion_message = build_remote_deletion_message()
 494
 495       assert {:reject, _} = SimplePolicy.filter(deletion_message)
 496     end
 497   end
 498
 499   defp build_local_message do
 500     %{
 501       "actor" => "#{Pleroma.Web.base_url()}/users/alice",
 502       "to" => [],
 503       "cc" => []
 504     }
 505   end
 506
 507   defp build_remote_message do
 508     %{"actor" => "https://remote.instance/users/bob"}
 509   end
 510
 511   defp build_remote_user do
 512     %{
 513       "id" => "https://remote.instance/users/bob",
 514       "icon" => %{
 515         "url" => "http://example.com/image.jpg",
 516         "type" => "Image"
 517       },
 518       "image" => %{
 519         "url" => "http://example.com/image.jpg",
 520         "type" => "Image"
 521       },
 522       "type" => "Person"
 523     }
 524   end
 525
 526   defp build_remote_deletion_message do
 527     %{
 528       "type" => "Delete",
 529       "actor" => "https://remote.instance/users/bob"
 530     }
 531   end
 532 end