1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Activity
11 alias Pleroma.Instances
13 alias Pleroma.Tests.ObanHelpers
15 alias Pleroma.Web.ActivityPub.ObjectView
16 alias Pleroma.Web.ActivityPub.Relay
17 alias Pleroma.Web.ActivityPub.UserView
18 alias Pleroma.Web.ActivityPub.Utils
19 alias Pleroma.Web.CommonAPI
20 alias Pleroma.Workers.ReceiverWorker
23 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
27 clear_config_all([:instance, :federating],
28 do: Pleroma.Config.put([:instance, :federating], true)
32 clear_config([:instance, :allow_relay])
34 test "with the relay active, it returns the relay user", %{conn: conn} do
37 |> get(activity_pub_path(conn, :relay))
40 assert res["id"] =~ "/relay"
43 test "with the relay disabled, it returns 404", %{conn: conn} do
44 Pleroma.Config.put([:instance, :allow_relay], false)
47 |> get(activity_pub_path(conn, :relay))
53 describe "/internal/fetch" do
54 test "it returns the internal fetch user", %{conn: conn} do
57 |> get(activity_pub_path(conn, :internal_fetch))
60 assert res["id"] =~ "/fetch"
64 describe "/users/:nickname" do
65 test "it returns a json representation of the user with accept application/json", %{
72 |> put_req_header("accept", "application/json")
73 |> get("/users/#{user.nickname}")
75 user = User.get_cached_by_id(user.id)
77 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
80 test "it returns a json representation of the user with accept application/activity+json", %{
87 |> put_req_header("accept", "application/activity+json")
88 |> get("/users/#{user.nickname}")
90 user = User.get_cached_by_id(user.id)
92 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
95 test "it returns a json representation of the user with accept application/ld+json", %{
104 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
106 |> get("/users/#{user.nickname}")
108 user = User.get_cached_by_id(user.id)
110 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
114 describe "/object/:uuid" do
115 test "it returns a json representation of the object with accept application/json", %{
119 uuid = String.split(note.data["id"], "/") |> List.last()
123 |> put_req_header("accept", "application/json")
124 |> get("/objects/#{uuid}")
126 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
129 test "it returns a json representation of the object with accept application/activity+json",
132 uuid = String.split(note.data["id"], "/") |> List.last()
136 |> put_req_header("accept", "application/activity+json")
137 |> get("/objects/#{uuid}")
139 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
142 test "it returns a json representation of the object with accept application/ld+json", %{
146 uuid = String.split(note.data["id"], "/") |> List.last()
152 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
154 |> get("/objects/#{uuid}")
156 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
159 test "it returns 404 for non-public messages", %{conn: conn} do
160 note = insert(:direct_note)
161 uuid = String.split(note.data["id"], "/") |> List.last()
165 |> put_req_header("accept", "application/activity+json")
166 |> get("/objects/#{uuid}")
168 assert json_response(conn, 404)
171 test "it returns 404 for tombstone objects", %{conn: conn} do
172 tombstone = insert(:tombstone)
173 uuid = String.split(tombstone.data["id"], "/") |> List.last()
177 |> put_req_header("accept", "application/activity+json")
178 |> get("/objects/#{uuid}")
180 assert json_response(conn, 404)
183 test "it caches a response", %{conn: conn} do
185 uuid = String.split(note.data["id"], "/") |> List.last()
189 |> put_req_header("accept", "application/activity+json")
190 |> get("/objects/#{uuid}")
192 assert json_response(conn1, :ok)
193 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
197 |> put_req_header("accept", "application/activity+json")
198 |> get("/objects/#{uuid}")
200 assert json_response(conn1, :ok) == json_response(conn2, :ok)
201 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
204 test "cached purged after object deletion", %{conn: conn} do
206 uuid = String.split(note.data["id"], "/") |> List.last()
210 |> put_req_header("accept", "application/activity+json")
211 |> get("/objects/#{uuid}")
213 assert json_response(conn1, :ok)
214 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
220 |> put_req_header("accept", "application/activity+json")
221 |> get("/objects/#{uuid}")
223 assert "Not found" == json_response(conn2, :not_found)
227 describe "/object/:uuid/likes" do
229 like = insert(:like_activity)
230 like_object_ap_id = Object.normalize(like).data["id"]
237 [id: like.data["id"], uuid: uuid]
240 test "it returns the like activities in a collection", %{conn: conn, id: id, uuid: uuid} do
243 |> put_req_header("accept", "application/activity+json")
244 |> get("/objects/#{uuid}/likes")
245 |> json_response(200)
247 assert List.first(result["first"]["orderedItems"])["id"] == id
248 assert result["type"] == "OrderedCollection"
249 assert result["totalItems"] == 1
250 refute result["first"]["next"]
253 test "it does not crash when page number is exceeded total pages", %{conn: conn, uuid: uuid} do
256 |> put_req_header("accept", "application/activity+json")
257 |> get("/objects/#{uuid}/likes?page=2")
258 |> json_response(200)
260 assert result["type"] == "OrderedCollectionPage"
261 assert result["totalItems"] == 1
262 refute result["next"]
263 assert Enum.empty?(result["orderedItems"])
266 test "it contains the next key when likes count is more than 10", %{conn: conn} do
267 note = insert(:note_activity)
268 insert_list(11, :like_activity, note_activity: note)
272 |> Object.normalize()
280 |> put_req_header("accept", "application/activity+json")
281 |> get("/objects/#{uuid}/likes?page=1")
282 |> json_response(200)
284 assert result["totalItems"] == 11
285 assert length(result["orderedItems"]) == 10
286 assert result["next"]
290 describe "/activities/:uuid" do
291 test "it returns a json representation of the activity", %{conn: conn} do
292 activity = insert(:note_activity)
293 uuid = String.split(activity.data["id"], "/") |> List.last()
297 |> put_req_header("accept", "application/activity+json")
298 |> get("/activities/#{uuid}")
300 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
303 test "it returns 404 for non-public activities", %{conn: conn} do
304 activity = insert(:direct_note_activity)
305 uuid = String.split(activity.data["id"], "/") |> List.last()
309 |> put_req_header("accept", "application/activity+json")
310 |> get("/activities/#{uuid}")
312 assert json_response(conn, 404)
315 test "it caches a response", %{conn: conn} do
316 activity = insert(:note_activity)
317 uuid = String.split(activity.data["id"], "/") |> List.last()
321 |> put_req_header("accept", "application/activity+json")
322 |> get("/activities/#{uuid}")
324 assert json_response(conn1, :ok)
325 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
329 |> put_req_header("accept", "application/activity+json")
330 |> get("/activities/#{uuid}")
332 assert json_response(conn1, :ok) == json_response(conn2, :ok)
333 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
336 test "cached purged after activity deletion", %{conn: conn} do
338 {:ok, activity} = CommonAPI.post(user, %{"status" => "cofe"})
340 uuid = String.split(activity.data["id"], "/") |> List.last()
344 |> put_req_header("accept", "application/activity+json")
345 |> get("/activities/#{uuid}")
347 assert json_response(conn1, :ok)
348 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
350 Activity.delete_by_ap_id(activity.object.data["id"])
354 |> put_req_header("accept", "application/activity+json")
355 |> get("/activities/#{uuid}")
357 assert "Not found" == json_response(conn2, :not_found)
362 test "it inserts an incoming activity into the database", %{conn: conn} do
363 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
367 |> assign(:valid_signature, true)
368 |> put_req_header("content-type", "application/activity+json")
369 |> post("/inbox", data)
371 assert "ok" == json_response(conn, 200)
373 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
374 assert Activity.get_by_ap_id(data["id"])
377 test "it clears `unreachable` federation status of the sender", %{conn: conn} do
378 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
380 sender_url = data["actor"]
381 Instances.set_consistently_unreachable(sender_url)
382 refute Instances.reachable?(sender_url)
386 |> assign(:valid_signature, true)
387 |> put_req_header("content-type", "application/activity+json")
388 |> post("/inbox", data)
390 assert "ok" == json_response(conn, 200)
391 assert Instances.reachable?(sender_url)
395 describe "/users/:nickname/inbox" do
398 File.read!("test/fixtures/mastodon-post-activity.json")
404 test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
406 data = Map.put(data, "bcc", [user.ap_id])
410 |> assign(:valid_signature, true)
411 |> put_req_header("content-type", "application/activity+json")
412 |> post("/users/#{user.nickname}/inbox", data)
414 assert "ok" == json_response(conn, 200)
415 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
416 assert Activity.get_by_ap_id(data["id"])
419 test "it accepts messages from actors that are followed by the user", %{
423 recipient = insert(:user)
424 actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
426 {:ok, recipient} = User.follow(recipient, actor)
430 |> Map.put("attributedTo", actor.ap_id)
434 |> Map.put("actor", actor.ap_id)
435 |> Map.put("object", object)
439 |> assign(:valid_signature, true)
440 |> put_req_header("content-type", "application/activity+json")
441 |> post("/users/#{recipient.nickname}/inbox", data)
443 assert "ok" == json_response(conn, 200)
444 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
445 assert Activity.get_by_ap_id(data["id"])
448 test "it rejects reads from other users", %{conn: conn} do
450 otheruser = insert(:user)
454 |> assign(:user, otheruser)
455 |> put_req_header("accept", "application/activity+json")
456 |> get("/users/#{user.nickname}/inbox")
458 assert json_response(conn, 403)
461 test "it doesn't crash without an authenticated user", %{conn: conn} do
466 |> put_req_header("accept", "application/activity+json")
467 |> get("/users/#{user.nickname}/inbox")
469 assert json_response(conn, 403)
472 test "it returns a note activity in a collection", %{conn: conn} do
473 note_activity = insert(:direct_note_activity)
474 note_object = Object.normalize(note_activity)
475 user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
479 |> assign(:user, user)
480 |> put_req_header("accept", "application/activity+json")
481 |> get("/users/#{user.nickname}/inbox")
483 assert response(conn, 200) =~ note_object.data["content"]
486 test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
488 data = Map.put(data, "bcc", [user.ap_id])
490 sender_host = URI.parse(data["actor"]).host
491 Instances.set_consistently_unreachable(sender_host)
492 refute Instances.reachable?(sender_host)
496 |> assign(:valid_signature, true)
497 |> put_req_header("content-type", "application/activity+json")
498 |> post("/users/#{user.nickname}/inbox", data)
500 assert "ok" == json_response(conn, 200)
501 assert Instances.reachable?(sender_host)
504 test "it removes all follower collections but actor's", %{conn: conn} do
505 [actor, recipient] = insert_pair(:user)
508 File.read!("test/fixtures/activitypub-client-post-activity.json")
511 object = Map.put(data["object"], "attributedTo", actor.ap_id)
515 |> Map.put("id", Utils.generate_object_id())
516 |> Map.put("actor", actor.ap_id)
517 |> Map.put("object", object)
519 recipient.follower_address,
520 actor.follower_address
524 recipient.follower_address,
525 "https://www.w3.org/ns/activitystreams#Public"
529 |> assign(:valid_signature, true)
530 |> put_req_header("content-type", "application/activity+json")
531 |> post("/users/#{recipient.nickname}/inbox", data)
532 |> json_response(200)
534 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
536 activity = Activity.get_by_ap_id(data["id"])
539 assert actor.follower_address in activity.recipients
540 assert actor.follower_address in activity.data["cc"]
542 refute recipient.follower_address in activity.recipients
543 refute recipient.follower_address in activity.data["cc"]
544 refute recipient.follower_address in activity.data["to"]
548 describe "/users/:nickname/outbox" do
549 test "it will not bomb when there is no activity", %{conn: conn} do
554 |> put_req_header("accept", "application/activity+json")
555 |> get("/users/#{user.nickname}/outbox")
557 result = json_response(conn, 200)
558 assert user.ap_id <> "/outbox" == result["id"]
561 test "it returns a note activity in a collection", %{conn: conn} do
562 note_activity = insert(:note_activity)
563 note_object = Object.normalize(note_activity)
564 user = User.get_cached_by_ap_id(note_activity.data["actor"])
568 |> put_req_header("accept", "application/activity+json")
569 |> get("/users/#{user.nickname}/outbox")
571 assert response(conn, 200) =~ note_object.data["content"]
574 test "it returns an announce activity in a collection", %{conn: conn} do
575 announce_activity = insert(:announce_activity)
576 user = User.get_cached_by_ap_id(announce_activity.data["actor"])
580 |> put_req_header("accept", "application/activity+json")
581 |> get("/users/#{user.nickname}/outbox")
583 assert response(conn, 200) =~ announce_activity.data["object"]
586 test "it rejects posts from other users", %{conn: conn} do
587 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
589 otheruser = insert(:user)
593 |> assign(:user, otheruser)
594 |> put_req_header("content-type", "application/activity+json")
595 |> post("/users/#{user.nickname}/outbox", data)
597 assert json_response(conn, 403)
600 test "it inserts an incoming create activity into the database", %{conn: conn} do
601 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
606 |> assign(:user, user)
607 |> put_req_header("content-type", "application/activity+json")
608 |> post("/users/#{user.nickname}/outbox", data)
610 result = json_response(conn, 201)
612 assert Activity.get_by_ap_id(result["id"])
615 test "it rejects an incoming activity with bogus type", %{conn: conn} do
616 data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
621 |> Map.put("type", "BadType")
625 |> assign(:user, user)
626 |> put_req_header("content-type", "application/activity+json")
627 |> post("/users/#{user.nickname}/outbox", data)
629 assert json_response(conn, 400)
632 test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
633 note_activity = insert(:note_activity)
634 note_object = Object.normalize(note_activity)
635 user = User.get_cached_by_ap_id(note_activity.data["actor"])
640 id: note_object.data["id"]
646 |> assign(:user, user)
647 |> put_req_header("content-type", "application/activity+json")
648 |> post("/users/#{user.nickname}/outbox", data)
650 result = json_response(conn, 201)
651 assert Activity.get_by_ap_id(result["id"])
653 assert object = Object.get_by_ap_id(note_object.data["id"])
654 assert object.data["type"] == "Tombstone"
657 test "it rejects delete activity of object from other actor", %{conn: conn} do
658 note_activity = insert(:note_activity)
659 note_object = Object.normalize(note_activity)
665 id: note_object.data["id"]
671 |> assign(:user, user)
672 |> put_req_header("content-type", "application/activity+json")
673 |> post("/users/#{user.nickname}/outbox", data)
675 assert json_response(conn, 400)
678 test "it increases like count when receiving a like action", %{conn: conn} do
679 note_activity = insert(:note_activity)
680 note_object = Object.normalize(note_activity)
681 user = User.get_cached_by_ap_id(note_activity.data["actor"])
686 id: note_object.data["id"]
692 |> assign(:user, user)
693 |> put_req_header("content-type", "application/activity+json")
694 |> post("/users/#{user.nickname}/outbox", data)
696 result = json_response(conn, 201)
697 assert Activity.get_by_ap_id(result["id"])
699 assert object = Object.get_by_ap_id(note_object.data["id"])
700 assert object.data["like_count"] == 1
704 describe "/relay/followers" do
705 test "it returns relay followers", %{conn: conn} do
706 relay_actor = Relay.get_actor()
708 User.follow(user, relay_actor)
712 |> assign(:relay, true)
713 |> get("/relay/followers")
714 |> json_response(200)
716 assert result["first"]["orderedItems"] == [user.ap_id]
720 describe "/relay/following" do
721 test "it returns relay following", %{conn: conn} do
724 |> assign(:relay, true)
725 |> get("/relay/following")
726 |> json_response(200)
728 assert result["first"]["orderedItems"] == []
732 describe "/users/:nickname/followers" do
733 test "it returns the followers in a collection", %{conn: conn} do
735 user_two = insert(:user)
736 User.follow(user, user_two)
740 |> get("/users/#{user_two.nickname}/followers")
741 |> json_response(200)
743 assert result["first"]["orderedItems"] == [user.ap_id]
746 test "it returns returns a uri if the user has 'hide_followers' set", %{conn: conn} do
748 user_two = insert(:user, %{info: %{hide_followers: true}})
749 User.follow(user, user_two)
753 |> get("/users/#{user_two.nickname}/followers")
754 |> json_response(200)
756 assert is_binary(result["first"])
759 test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is not authenticated",
761 user = insert(:user, %{info: %{hide_followers: true}})
765 |> get("/users/#{user.nickname}/followers?page=1")
767 assert result.status == 403
768 assert result.resp_body == ""
771 test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
773 user = insert(:user, %{info: %{hide_followers: true}})
774 other_user = insert(:user)
775 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
779 |> assign(:user, user)
780 |> get("/users/#{user.nickname}/followers?page=1")
781 |> json_response(200)
783 assert result["totalItems"] == 1
784 assert result["orderedItems"] == [other_user.ap_id]
787 test "it works for more than 10 users", %{conn: conn} do
790 Enum.each(1..15, fn _ ->
791 other_user = insert(:user)
792 User.follow(other_user, user)
797 |> get("/users/#{user.nickname}/followers")
798 |> json_response(200)
800 assert length(result["first"]["orderedItems"]) == 10
801 assert result["first"]["totalItems"] == 15
802 assert result["totalItems"] == 15
806 |> get("/users/#{user.nickname}/followers?page=2")
807 |> json_response(200)
809 assert length(result["orderedItems"]) == 5
810 assert result["totalItems"] == 15
814 describe "/users/:nickname/following" do
815 test "it returns the following in a collection", %{conn: conn} do
817 user_two = insert(:user)
818 User.follow(user, user_two)
822 |> get("/users/#{user.nickname}/following")
823 |> json_response(200)
825 assert result["first"]["orderedItems"] == [user_two.ap_id]
828 test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
829 user = insert(:user, %{info: %{hide_follows: true}})
830 user_two = insert(:user)
831 User.follow(user, user_two)
835 |> get("/users/#{user.nickname}/following")
836 |> json_response(200)
838 assert is_binary(result["first"])
841 test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is not authenticated",
843 user = insert(:user, %{info: %{hide_follows: true}})
847 |> get("/users/#{user.nickname}/following?page=1")
849 assert result.status == 403
850 assert result.resp_body == ""
853 test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
855 user = insert(:user, %{info: %{hide_follows: true}})
856 other_user = insert(:user)
857 {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
861 |> assign(:user, user)
862 |> get("/users/#{user.nickname}/following?page=1")
863 |> json_response(200)
865 assert result["totalItems"] == 1
866 assert result["orderedItems"] == [other_user.ap_id]
869 test "it works for more than 10 users", %{conn: conn} do
872 Enum.each(1..15, fn _ ->
873 user = User.get_cached_by_id(user.id)
874 other_user = insert(:user)
875 User.follow(user, other_user)
880 |> get("/users/#{user.nickname}/following")
881 |> json_response(200)
883 assert length(result["first"]["orderedItems"]) == 10
884 assert result["first"]["totalItems"] == 15
885 assert result["totalItems"] == 15
889 |> get("/users/#{user.nickname}/following?page=2")
890 |> json_response(200)
892 assert length(result["orderedItems"]) == 5
893 assert result["totalItems"] == 15