1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.Web.ActivityPub.Transmogrifier
10 alias Pleroma.Web.ActivityPub.Utils
11 alias Pleroma.Web.CommonAPI
13 import Pleroma.Factory
15 setup_all do: clear_config([:static_fe, :enabled], true)
17 setup %{conn: conn} do
18 conn = put_req_header(conn, "accept", "text/html")
21 %{conn: conn, user: user}
24 describe "user profile html" do
25 test "just the profile as HTML", %{conn: conn, user: user} do
26 conn = get(conn, "/users/#{user.nickname}")
28 assert html_response(conn, 200) =~ user.nickname
31 test "404 when user not found", %{conn: conn} do
32 conn = get(conn, "/users/limpopo")
34 assert html_response(conn, 404) =~ "not found"
37 test "profile does not include private messages", %{conn: conn, user: user} do
38 CommonAPI.post(user, %{status: "public"})
39 CommonAPI.post(user, %{status: "private", visibility: "private"})
41 conn = get(conn, "/users/#{user.nickname}")
43 html = html_response(conn, 200)
45 assert html =~ ">public<"
46 refute html =~ ">private<"
49 test "pagination", %{conn: conn, user: user} do
50 Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
52 conn = get(conn, "/users/#{user.nickname}")
54 html = html_response(conn, 200)
56 assert html =~ ">test30<"
57 assert html =~ ">test11<"
58 refute html =~ ">test10<"
59 refute html =~ ">test1<"
62 test "pagination, page 2", %{conn: conn, user: user} do
63 activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
64 {:ok, a11} = Enum.at(activities, 11)
66 conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
68 html = html_response(conn, 200)
70 assert html =~ ">test1<"
71 assert html =~ ">test10<"
72 refute html =~ ">test20<"
73 refute html =~ ">test29<"
76 test "does not require authentication on non-federating instances", %{
80 clear_config([:instance, :federating], false)
82 conn = get(conn, "/users/#{user.nickname}")
84 assert html_response(conn, 200) =~ user.nickname
87 test "returns 404 for local user with `restrict_unauthenticated/profiles/local` setting", %{
90 clear_config([:restrict_unauthenticated, :profiles, :local], true)
92 local_user = insert(:user, local: true)
95 |> get("/users/#{local_user.nickname}")
100 describe "notice html" do
101 test "single notice page", %{conn: conn, user: user} do
102 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
104 conn = get(conn, "/notice/#{activity.id}")
106 html = html_response(conn, 200)
107 assert html =~ "<header>"
108 assert html =~ user.nickname
109 assert html =~ "testing a thing!"
112 test "redirects to json if requested", %{conn: conn, user: user} do
113 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
119 "Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
121 |> get("/notice/#{activity.id}")
123 assert redirected_to(conn, 302) =~ activity.data["object"]
126 test "filters HTML tags", %{conn: conn} do
128 {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
132 |> put_req_header("accept", "text/html")
133 |> get("/notice/#{activity.id}")
135 html = html_response(conn, 200)
136 assert html =~ ~s[<script>alert('xss')</script>]
139 test "shows the whole thread", %{conn: conn, user: user} do
140 {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
142 CommonAPI.post(user, %{
143 status: "these are the voyages or something",
144 in_reply_to_status_id: activity.id
147 conn = get(conn, "/notice/#{activity.id}")
149 html = html_response(conn, 200)
150 assert html =~ "the final frontier"
151 assert html =~ "voyages"
154 test "redirect by AP object ID", %{conn: conn, user: user} do
155 {:ok, %Activity{data: %{"object" => object_url}}} =
156 CommonAPI.post(user, %{status: "beam me up"})
158 conn = get(conn, URI.parse(object_url).path)
160 assert html_response(conn, 302) =~ "redirected"
163 test "redirect by activity ID", %{conn: conn, user: user} do
164 {:ok, %Activity{data: %{"id" => id}}} =
165 CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
167 conn = get(conn, URI.parse(id).path)
169 assert html_response(conn, 302) =~ "redirected"
172 test "404 when notice not found", %{conn: conn} do
173 conn = get(conn, "/notice/88c9c317")
175 assert html_response(conn, 404) =~ "not found"
178 test "404 for private status", %{conn: conn, user: user} do
179 {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
181 conn = get(conn, "/notice/#{activity.id}")
183 assert html_response(conn, 404) =~ "not found"
186 test "302 for remote cached status", %{conn: conn, user: user} do
188 "@context" => "https://www.w3.org/ns/activitystreams",
190 "actor" => user.ap_id,
192 "to" => user.follower_address,
193 "cc" => "https://www.w3.org/ns/activitystreams#Public",
194 "id" => Utils.generate_object_id(),
195 "content" => "blah blah blah",
197 "attributedTo" => user.ap_id
201 assert {:ok, activity} = Transmogrifier.handle_incoming(message)
203 conn = get(conn, "/notice/#{activity.id}")
205 assert html_response(conn, 302) =~ "redirected"
208 test "does not require authentication on non-federating instances", %{
212 clear_config([:instance, :federating], false)
214 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
216 conn = get(conn, "/notice/#{activity.id}")
218 assert html_response(conn, 200) =~ "testing a thing!"
221 test "returns 404 for local public activity with `restrict_unauthenticated/activities/local` setting",
222 %{conn: conn, user: user} do
223 clear_config([:restrict_unauthenticated, :activities, :local], true)
225 {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
228 |> get("/notice/#{activity.id}")
229 |> html_response(404)