git.squeep.com Git - akkoma/blob - test/pleroma/web/mastodon_api/controllers/media_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
   6   use Pleroma.Web.ConnCase
   7
   8   import ExUnit.CaptureLog
   9
  10   alias Pleroma.Object
  11   alias Pleroma.User
  12   alias Pleroma.Web.ActivityPub.ActivityPub
  13
  14   describe "Upload media" do
  15     setup do: oauth_access(["write:media"])
  16     setup do: clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
  17     setup do: clear_config([Pleroma.Uploaders.Local, :uploads], "uploads")
  18
  19     setup do
  20       image = %Plug.Upload{
  21         content_type: "image/jpeg",
  22         path: Path.absname("test/fixtures/image.jpg"),
  23         filename: "an_image.jpg"
  24       }
  25
  26       [image: image]
  27     end
  28
  29     setup do: clear_config([:media_proxy])
  30     setup do: clear_config([Pleroma.Upload])
  31
  32     test "/api/v1/media", %{conn: conn, image: image} do
  33       desc = "Description of the image"
  34
  35       media =
  36         conn
  37         |> put_req_header("content-type", "multipart/form-data")
  38         |> post("/api/v1/media", %{"file" => image, "description" => desc})
  39         |> json_response_and_validate_schema(:ok)
  40
  41       assert media["type"] == "image"
  42       assert media["description"] == desc
  43       assert media["id"]
  44
  45       object = Object.get_by_id(media["id"])
  46       assert object.data["actor"] == User.ap_id(conn.assigns[:user])
  47     end
  48
  49     test "/api/v2/media", %{conn: conn, user: user, image: image} do
  50       desc = "Description of the image"
  51
  52       response =
  53         conn
  54         |> put_req_header("content-type", "multipart/form-data")
  55         |> post("/api/v2/media", %{"file" => image, "description" => desc})
  56         |> json_response_and_validate_schema(202)
  57
  58       assert media_id = response["id"]
  59
  60       %{conn: conn} = oauth_access(["read:media"], user: user)
  61
  62       media =
  63         conn
  64         |> get("/api/v1/media/#{media_id}")
  65         |> json_response_and_validate_schema(200)
  66
  67       assert media["type"] == "image"
  68       assert media["description"] == desc
  69       assert media["id"]
  70
  71       object = Object.get_by_id(media["id"])
  72       assert object.data["actor"] == user.ap_id
  73     end
  74
  75     test "/api/v2/media, upload_limit", %{conn: conn, user: user} do
  76       desc = "Description of the binary"
  77
  78       upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
  79
  80       assert :ok ==
  81                File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
  82
  83       large_binary = %Plug.Upload{
  84         content_type: nil,
  85         path: Path.absname("test/tmp/large_binary.data"),
  86         filename: "large_binary.data"
  87       }
  88
  89       assert capture_log(fn ->
  90                assert %{"error" => "file_too_large"} =
  91                         conn
  92                         |> put_req_header("content-type", "multipart/form-data")
  93                         |> post("/api/v2/media", %{
  94                           "file" => large_binary,
  95                           "description" => desc
  96                         })
  97                         |> json_response_and_validate_schema(400)
  98              end) =~
  99                "[error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: :file_too_large"
 100
 101       clear_config([:instance, :upload_limit], upload_limit)
 102
 103       assert response =
 104                conn
 105                |> put_req_header("content-type", "multipart/form-data")
 106                |> post("/api/v2/media", %{
 107                  "file" => large_binary,
 108                  "description" => desc
 109                })
 110                |> json_response_and_validate_schema(202)
 111
 112       assert media_id = response["id"]
 113
 114       %{conn: conn} = oauth_access(["read:media"], user: user)
 115
 116       media =
 117         conn
 118         |> get("/api/v1/media/#{media_id}")
 119         |> json_response_and_validate_schema(200)
 120
 121       assert media["type"] == "unknown"
 122       assert media["description"] == desc
 123       assert media["id"]
 124
 125       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
 126     end
 127
 128     test "Do not allow nested filename", %{conn: conn, image: image} do
 129       image = %Plug.Upload{
 130         image
 131         | filename: "../../../../../nested/file.jpg"
 132       }
 133
 134       desc = "Description of the image"
 135
 136       media =
 137         conn
 138         |> put_req_header("content-type", "multipart/form-data")
 139         |> post("/api/v1/media", %{"file" => image, "description" => desc})
 140         |> json_response_and_validate_schema(:ok)
 141
 142       refute Regex.match?(~r"/nested/", media["url"])
 143     end
 144   end
 145
 146   describe "Update media description" do
 147     setup do: oauth_access(["write:media"])
 148
 149     setup %{user: actor} do
 150       file = %Plug.Upload{
 151         content_type: "image/jpeg",
 152         path: Path.absname("test/fixtures/image.jpg"),
 153         filename: "an_image.jpg"
 154       }
 155
 156       {:ok, %Object{} = object} =
 157         ActivityPub.upload(
 158           file,
 159           actor: User.ap_id(actor),
 160           description: "test-m"
 161         )
 162
 163       [object: object]
 164     end
 165
 166     test "/api/v1/media/:id good request", %{conn: conn, object: object} do
 167       media =
 168         conn
 169         |> put_req_header("content-type", "multipart/form-data")
 170         |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"})
 171         |> json_response_and_validate_schema(:ok)
 172
 173       assert media["description"] == "test-media"
 174       assert refresh_record(object).data["name"] == "test-media"
 175     end
 176   end
 177
 178   describe "Get media by id (/api/v1/media/:id)" do
 179     setup do: oauth_access(["read:media"])
 180
 181     setup %{user: actor} do
 182       file = %Plug.Upload{
 183         content_type: "image/jpeg",
 184         path: Path.absname("test/fixtures/image.jpg"),
 185         filename: "an_image.jpg"
 186       }
 187
 188       {:ok, %Object{} = object} =
 189         ActivityPub.upload(
 190           file,
 191           actor: User.ap_id(actor),
 192           description: "test-media"
 193         )
 194
 195       [object: object]
 196     end
 197
 198     test "it returns media object when requested by owner", %{conn: conn, object: object} do
 199       media =
 200         conn
 201         |> get("/api/v1/media/#{object.id}")
 202         |> json_response_and_validate_schema(:ok)
 203
 204       assert media["description"] == "test-media"
 205       assert media["type"] == "image"
 206       assert media["id"]
 207     end
 208
 209     test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do
 210       %{conn: conn, user: other_user} = oauth_access(["read:media"])
 211
 212       assert object.data["actor"] == user.ap_id
 213       refute user.id == other_user.id
 214
 215       conn
 216       |> get("/api/v1/media/#{object.id}")
 217       |> json_response_and_validate_schema(403)
 218     end
 219   end
 220 end