1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Activity
12 alias Pleroma.Delivery
13 alias Pleroma.Instances
15 alias Pleroma.Tests.ObanHelpers
17 alias Pleroma.Web.ActivityPub.ObjectView
18 alias Pleroma.Web.ActivityPub.Relay
19 alias Pleroma.Web.ActivityPub.UserView
20 alias Pleroma.Web.ActivityPub.Utils
21 alias Pleroma.Web.CommonAPI
22 alias Pleroma.Workers.ReceiverWorker
25 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
29 setup do: clear_config([:instance, :federating], true)
32 setup do: clear_config([:instance, :allow_relay])
34 test "with the relay active, it returns the relay user", %{conn: conn} do
37 |> get(activity_pub_path(conn, :relay))
40 assert res["id"] =~ "/relay"
43 test "with the relay disabled, it returns 404", %{conn: conn} do
44 Config.put([:instance, :allow_relay], false)
47 |> get(activity_pub_path(conn, :relay))
51 test "on non-federating instance, it returns 404", %{conn: conn} do
52 Config.put([:instance, :federating], false)
56 |> assign(:user, user)
57 |> get(activity_pub_path(conn, :relay))
62 describe "/internal/fetch" do
63 test "it returns the internal fetch user", %{conn: conn} do
66 |> get(activity_pub_path(conn, :internal_fetch))
69 assert res["id"] =~ "/fetch"
72 test "on non-federating instance, it returns 404", %{conn: conn} do
73 Config.put([:instance, :federating], false)
77 |> assign(:user, user)
78 |> get(activity_pub_path(conn, :internal_fetch))
83 describe "/users/:nickname" do
84 test "it returns a json representation of the user with accept application/json", %{
91 |> put_req_header("accept", "application/json")
92 |> get("/users/#{user.nickname}")
94 user = User.get_cached_by_id(user.id)
96 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
99 test "it returns a json representation of the user with accept application/activity+json", %{
106 |> put_req_header("accept", "application/activity+json")
107 |> get("/users/#{user.nickname}")
109 user = User.get_cached_by_id(user.id)
111 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
114 test "it returns a json representation of the user with accept application/ld+json", %{
123 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
125 |> get("/users/#{user.nickname}")
127 user = User.get_cached_by_id(user.id)
129 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
132 test "it returns 404 for remote users", %{
135 user = insert(:user, local: false, nickname: "remoteuser@example.com")
139 |> put_req_header("accept", "application/json")
140 |> get("/users/#{user.nickname}.json")
142 assert json_response(conn, 404)
145 test "it returns error when user is not found", %{conn: conn} do
148 |> put_req_header("accept", "application/json")
149 |> get("/users/jimm")
150 |> json_response(404)
152 assert response == "Not found"
155 test "it requires authentication if instance is NOT federating", %{
164 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
167 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}.json", user)
171 describe "/objects/:uuid" do
172 test "it returns a json representation of the object with accept application/json", %{
176 uuid = String.split(note.data["id"], "/") |> List.last()
180 |> put_req_header("accept", "application/json")
181 |> get("/objects/#{uuid}")
183 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
186 test "it returns a json representation of the object with accept application/activity+json",
189 uuid = String.split(note.data["id"], "/") |> List.last()
193 |> put_req_header("accept", "application/activity+json")
194 |> get("/objects/#{uuid}")
196 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
199 test "it returns a json representation of the object with accept application/ld+json", %{
203 uuid = String.split(note.data["id"], "/") |> List.last()
209 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
211 |> get("/objects/#{uuid}")
213 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
216 test "it returns 404 for non-public messages", %{conn: conn} do
217 note = insert(:direct_note)
218 uuid = String.split(note.data["id"], "/") |> List.last()
222 |> put_req_header("accept", "application/activity+json")
223 |> get("/objects/#{uuid}")
225 assert json_response(conn, 404)
228 test "it returns 404 for tombstone objects", %{conn: conn} do
229 tombstone = insert(:tombstone)
230 uuid = String.split(tombstone.data["id"], "/") |> List.last()
234 |> put_req_header("accept", "application/activity+json")
235 |> get("/objects/#{uuid}")
237 assert json_response(conn, 404)
240 test "it caches a response", %{conn: conn} do
242 uuid = String.split(note.data["id"], "/") |> List.last()
246 |> put_req_header("accept", "application/activity+json")
247 |> get("/objects/#{uuid}")
249 assert json_response(conn1, :ok)
250 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
254 |> put_req_header("accept", "application/activity+json")
255 |> get("/objects/#{uuid}")
257 assert json_response(conn1, :ok) == json_response(conn2, :ok)
258 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
261 test "cached purged after object deletion", %{conn: conn} do
263 uuid = String.split(note.data["id"], "/") |> List.last()
267 |> put_req_header("accept", "application/activity+json")
268 |> get("/objects/#{uuid}")
270 assert json_response(conn1, :ok)
271 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
277 |> put_req_header("accept", "application/activity+json")
278 |> get("/objects/#{uuid}")
280 assert "Not found" == json_response(conn2, :not_found)
283 test "it requires authentication if instance is NOT federating", %{
288 uuid = String.split(note.data["id"], "/") |> List.last()
290 conn = put_req_header(conn, "accept", "application/activity+json")
292 ensure_federating_or_authenticated(conn, "/objects/#{uuid}", user)
296 describe "/activities/:uuid" do
297 test "it returns a json representation of the activity", %{conn: conn} do
298 activity = insert(:note_activity)
299 uuid = String.split(activity.data["id"], "/") |> List.last()
303 |> put_req_header("accept", "application/activity+json")
304 |> get("/activities/#{uuid}")
306 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
309 test "it returns 404 for non-public activities", %{conn: conn} do
310 activity = insert(:direct_note_activity)
311 uuid = String.split(activity.data["id"], "/") |> List.last()
315 |> put_req_header("accept", "application/activity+json")
316 |> get("/activities/#{uuid}")
318 assert json_response(conn, 404)
321 test "it caches a response", %{conn: conn} do
322 activity = insert(:note_activity)
323 uuid = String.split(activity.data["id"], "/") |> List.last()
327 |> put_req_header("accept", "application/activity+json")
328 |> get("/activities/#{uuid}")
330 assert json_response(conn1, :ok)
331 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
335 |> put_req_header("accept", "application/activity+json")
336 |> get("/activities/#{uuid}")
338 assert json_response(conn1, :ok) == json_response(conn2, :ok)
339 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
342 test "cached purged after activity deletion", %{conn: conn} do
344 {:ok, activity} = CommonAPI.post(user, %{"status" => "cofe"})
346 uuid = String.split(activity.data["id"], "/") |> List.last()
350 |> put_req_header("accept", "application/activity+json")
351 |> get("/activities/#{uuid}")
353 assert json_response(conn1, :ok)
354 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
356 Activity.delete_all_by_object_ap_id(activity.object.data["id"])
360 |> put_req_header("accept", "application/activity+json")
361 |> get("/activities/#{uuid}")
363 assert "Not found" == json_response(conn2, :not_found)
366 test "it requires authentication if instance is NOT federating", %{
370 activity = insert(:note_activity)
371 uuid = String.split(activity.data["id"], "/") |> List.last()
373 conn = put_req_header(conn, "accept", "application/activity+json")
375 ensure_federating_or_authenticated(conn, "/activities/#{uuid}", user)
380 test "it inserts an incoming activity into the database", %{conn: conn} do
381 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
385 |> assign(:valid_signature, true)
386 |> put_req_header("content-type", "application/activity+json")
387 |> post("/inbox", data)
389 assert "ok" == json_response(conn, 200)
391 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
392 assert Activity.get_by_ap_id(data["id"])
395 test "it clears `unreachable` federation status of the sender", %{conn: conn} do
396 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
398 sender_url = data["actor"]
399 Instances.set_consistently_unreachable(sender_url)
400 refute Instances.reachable?(sender_url)
404 |> assign(:valid_signature, true)
405 |> put_req_header("content-type", "application/activity+json")
406 |> post("/inbox", data)
408 assert "ok" == json_response(conn, 200)
409 assert Instances.reachable?(sender_url)
412 test "accept follow activity", %{conn: conn} do
413 Pleroma.Config.put([:instance, :federating], true)
414 relay = Relay.get_actor()
416 assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor")
418 followed_relay = Pleroma.User.get_by_ap_id("https://relay.mastodon.host/actor")
419 relay = refresh_record(relay)
422 File.read!("test/fixtures/relay/accept-follow.json")
423 |> String.replace("{{ap_id}}", relay.ap_id)
424 |> String.replace("{{activity_id}}", activity.data["id"])
428 |> assign(:valid_signature, true)
429 |> put_req_header("content-type", "application/activity+json")
430 |> post("/inbox", accept)
431 |> json_response(200)
433 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
435 assert Pleroma.FollowingRelationship.following?(
440 Mix.shell(Mix.Shell.Process)
443 Mix.shell(Mix.Shell.IO)
446 :ok = Mix.Tasks.Pleroma.Relay.run(["list"])
447 assert_receive {:mix_shell, :info, ["relay.mastodon.host"]}
450 test "without valid signature, " <>
451 "it only accepts Create activities and requires enabled federation",
453 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
454 non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()
456 conn = put_req_header(conn, "content-type", "application/activity+json")
458 Config.put([:instance, :federating], false)
461 |> post("/inbox", data)
462 |> json_response(403)
465 |> post("/inbox", non_create_data)
466 |> json_response(403)
468 Config.put([:instance, :federating], true)
470 ret_conn = post(conn, "/inbox", data)
471 assert "ok" == json_response(ret_conn, 200)
474 |> post("/inbox", non_create_data)
475 |> json_response(400)
479 describe "/users/:nickname/inbox" do
482 File.read!("test/fixtures/mastodon-post-activity.json")
488 test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
490 data = Map.put(data, "bcc", [user.ap_id])
494 |> assign(:valid_signature, true)
495 |> put_req_header("content-type", "application/activity+json")
496 |> post("/users/#{user.nickname}/inbox", data)
498 assert "ok" == json_response(conn, 200)
499 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
500 assert Activity.get_by_ap_id(data["id"])
503 test "it accepts messages with to as string instead of array", %{conn: conn, data: data} do
507 Map.put(data, "to", user.ap_id)
512 |> assign(:valid_signature, true)
513 |> put_req_header("content-type", "application/activity+json")
514 |> post("/users/#{user.nickname}/inbox", data)
516 assert "ok" == json_response(conn, 200)
517 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
518 assert Activity.get_by_ap_id(data["id"])
521 test "it accepts messages with cc as string instead of array", %{conn: conn, data: data} do
525 Map.put(data, "cc", user.ap_id)
530 |> assign(:valid_signature, true)
531 |> put_req_header("content-type", "application/activity+json")
532 |> post("/users/#{user.nickname}/inbox", data)
534 assert "ok" == json_response(conn, 200)
535 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
536 %Activity{} = activity = Activity.get_by_ap_id(data["id"])
537 assert user.ap_id in activity.recipients
540 test "it accepts messages with bcc as string instead of array", %{conn: conn, data: data} do
544 Map.put(data, "bcc", user.ap_id)
550 |> assign(:valid_signature, true)
551 |> put_req_header("content-type", "application/activity+json")
552 |> post("/users/#{user.nickname}/inbox", data)
554 assert "ok" == json_response(conn, 200)
555 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
556 assert Activity.get_by_ap_id(data["id"])
559 test "it accepts announces with to as string instead of array", %{conn: conn} do
563 "@context" => "https://www.w3.org/ns/activitystreams",
564 "actor" => "http://mastodon.example.org/users/admin",
565 "id" => "http://mastodon.example.org/users/admin/statuses/19512778738411822/activity",
566 "object" => "https://mastodon.social/users/emelie/statuses/101849165031453009",
567 "to" => "https://www.w3.org/ns/activitystreams#Public",
568 "cc" => [user.ap_id],
574 |> assign(:valid_signature, true)
575 |> put_req_header("content-type", "application/activity+json")
576 |> post("/users/#{user.nickname}/inbox", data)
578 assert "ok" == json_response(conn, 200)
579 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
580 %Activity{} = activity = Activity.get_by_ap_id(data["id"])
581 assert "https://www.w3.org/ns/activitystreams#Public" in activity.recipients
584 test "it accepts messages from actors that are followed by the user", %{
588 recipient = insert(:user)
589 actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
591 {:ok, recipient} = User.follow(recipient, actor)
595 |> Map.put("attributedTo", actor.ap_id)
599 |> Map.put("actor", actor.ap_id)
600 |> Map.put("object", object)
604 |> assign(:valid_signature, true)
605 |> put_req_header("content-type", "application/activity+json")
606 |> post("/users/#{recipient.nickname}/inbox", data)
608 assert "ok" == json_response(conn, 200)
609 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
610 assert Activity.get_by_ap_id(data["id"])
613 test "it rejects reads from other users", %{conn: conn} do
615 other_user = insert(:user)
619 |> assign(:user, other_user)
620 |> put_req_header("accept", "application/activity+json")
621 |> get("/users/#{user.nickname}/inbox")
623 assert json_response(conn, 403)
626 test "it returns a note activity in a collection", %{conn: conn} do
627 note_activity = insert(:direct_note_activity)
628 note_object = Object.normalize(note_activity)
629 user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
633 |> assign(:user, user)
634 |> put_req_header("accept", "application/activity+json")
635 |> get("/users/#{user.nickname}/inbox?page=true")
637 assert response(conn, 200) =~ note_object.data["content"]
640 test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
642 data = Map.put(data, "bcc", [user.ap_id])
644 sender_host = URI.parse(data["actor"]).host
645 Instances.set_consistently_unreachable(sender_host)
646 refute Instances.reachable?(sender_host)
650 |> assign(:valid_signature, true)
651 |> put_req_header("content-type", "application/activity+json")
652 |> post("/users/#{user.nickname}/inbox", data)
654 assert "ok" == json_response(conn, 200)
655 assert Instances.reachable?(sender_host)
658 test "it removes all follower collections but actor's", %{conn: conn} do
659 [actor, recipient] = insert_pair(:user)
662 File.read!("test/fixtures/activitypub-client-post-activity.json")
665 object = Map.put(data["object"], "attributedTo", actor.ap_id)
669 |> Map.put("id", Utils.generate_object_id())
670 |> Map.put("actor", actor.ap_id)
671 |> Map.put("object", object)
673 recipient.follower_address,
674 actor.follower_address
678 recipient.follower_address,
679 "https://www.w3.org/ns/activitystreams#Public"
683 |> assign(:valid_signature, true)
684 |> put_req_header("content-type", "application/activity+json")
685 |> post("/users/#{recipient.nickname}/inbox", data)
686 |> json_response(200)
688 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
690 activity = Activity.get_by_ap_id(data["id"])
693 assert actor.follower_address in activity.recipients
694 assert actor.follower_address in activity.data["cc"]
696 refute recipient.follower_address in activity.recipients
697 refute recipient.follower_address in activity.data["cc"]
698 refute recipient.follower_address in activity.data["to"]
701 test "it requires authentication", %{conn: conn} do
703 conn = put_req_header(conn, "accept", "application/activity+json")
705 ret_conn = get(conn, "/users/#{user.nickname}/inbox")
706 assert json_response(ret_conn, 403)
710 |> assign(:user, user)
711 |> get("/users/#{user.nickname}/inbox")
713 assert json_response(ret_conn, 200)
717 describe "GET /users/:nickname/outbox" do
718 test "it returns 200 even if there're no activities", %{conn: conn} do
723 |> assign(:user, user)
724 |> put_req_header("accept", "application/activity+json")
725 |> get("/users/#{user.nickname}/outbox")
727 result = json_response(conn, 200)
728 assert user.ap_id <> "/outbox" == result["id"]
731 test "it returns a note activity in a collection", %{conn: conn} do
732 note_activity = insert(:note_activity)
733 note_object = Object.normalize(note_activity)
734 user = User.get_cached_by_ap_id(note_activity.data["actor"])
738 |> assign(:user, user)
739 |> put_req_header("accept", "application/activity+json")
740 |> get("/users/#{user.nickname}/outbox?page=true")
742 assert response(conn, 200) =~ note_object.data["content"]
745 test "it returns an announce activity in a collection", %{conn: conn} do
746 announce_activity = insert(:announce_activity)
747 user = User.get_cached_by_ap_id(announce_activity.data["actor"])
751 |> assign(:user, user)
752 |> put_req_header("accept", "application/activity+json")
753 |> get("/users/#{user.nickname}/outbox?page=true")
755 assert response(conn, 200) =~ announce_activity.data["object"]
758 test "it requires authentication if instance is NOT federating", %{
762 conn = put_req_header(conn, "accept", "application/activity+json")
764 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}/outbox", user)
768 describe "POST /users/:nickname/outbox (C2S)" do
772 "@context" => "https://www.w3.org/ns/activitystreams",
774 "object" => %{"type" => "Note", "content" => "AP C2S test"},
775 "to" => "https://www.w3.org/ns/activitystreams#Public",
781 test "it rejects posts from other users / unauthenticated users", %{
786 other_user = insert(:user)
787 conn = put_req_header(conn, "content-type", "application/activity+json")
790 |> post("/users/#{user.nickname}/outbox", activity)
791 |> json_response(403)
794 |> assign(:user, other_user)
795 |> post("/users/#{user.nickname}/outbox", activity)
796 |> json_response(403)
799 test "it inserts an incoming create activity into the database", %{
807 |> assign(:user, user)
808 |> put_req_header("content-type", "application/activity+json")
809 |> post("/users/#{user.nickname}/outbox", activity)
810 |> json_response(201)
812 assert Activity.get_by_ap_id(result["id"])
813 assert result["object"]
814 assert %Object{data: object} = Object.normalize(result["object"])
815 assert object["content"] == activity["object"]["content"]
818 test "it inserts an incoming sensitive activity into the database", %{
823 object = Map.put(activity["object"], "sensitive", true)
824 activity = Map.put(activity, "object", object)
828 |> assign(:user, user)
829 |> put_req_header("content-type", "application/activity+json")
830 |> post("/users/#{user.nickname}/outbox", activity)
831 |> json_response(201)
833 assert Activity.get_by_ap_id(result["id"])
834 assert result["object"]
835 assert %Object{data: object} = Object.normalize(result["object"])
836 assert object["sensitive"] == activity["object"]["sensitive"]
837 assert object["content"] == activity["object"]["content"]
840 test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do
842 activity = Map.put(activity, "type", "BadType")
846 |> assign(:user, user)
847 |> put_req_header("content-type", "application/activity+json")
848 |> post("/users/#{user.nickname}/outbox", activity)
850 assert json_response(conn, 400)
853 test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
854 note_activity = insert(:note_activity)
855 note_object = Object.normalize(note_activity)
856 user = User.get_cached_by_ap_id(note_activity.data["actor"])
861 id: note_object.data["id"]
867 |> assign(:user, user)
868 |> put_req_header("content-type", "application/activity+json")
869 |> post("/users/#{user.nickname}/outbox", data)
871 result = json_response(conn, 201)
872 assert Activity.get_by_ap_id(result["id"])
874 assert object = Object.get_by_ap_id(note_object.data["id"])
875 assert object.data["type"] == "Tombstone"
878 test "it rejects delete activity of object from other actor", %{conn: conn} do
879 note_activity = insert(:note_activity)
880 note_object = Object.normalize(note_activity)
886 id: note_object.data["id"]
892 |> assign(:user, user)
893 |> put_req_header("content-type", "application/activity+json")
894 |> post("/users/#{user.nickname}/outbox", data)
896 assert json_response(conn, 400)
899 test "it increases like count when receiving a like action", %{conn: conn} do
900 note_activity = insert(:note_activity)
901 note_object = Object.normalize(note_activity)
902 user = User.get_cached_by_ap_id(note_activity.data["actor"])
907 id: note_object.data["id"]
913 |> assign(:user, user)
914 |> put_req_header("content-type", "application/activity+json")
915 |> post("/users/#{user.nickname}/outbox", data)
917 result = json_response(conn, 201)
918 assert Activity.get_by_ap_id(result["id"])
920 assert object = Object.get_by_ap_id(note_object.data["id"])
921 assert object.data["like_count"] == 1
925 describe "/relay/followers" do
926 test "it returns relay followers", %{conn: conn} do
927 relay_actor = Relay.get_actor()
929 User.follow(user, relay_actor)
933 |> get("/relay/followers")
934 |> json_response(200)
936 assert result["first"]["orderedItems"] == [user.ap_id]
939 test "on non-federating instance, it returns 404", %{conn: conn} do
940 Config.put([:instance, :federating], false)
944 |> assign(:user, user)
945 |> get("/relay/followers")
946 |> json_response(404)
950 describe "/relay/following" do
951 test "it returns relay following", %{conn: conn} do
954 |> get("/relay/following")
955 |> json_response(200)
957 assert result["first"]["orderedItems"] == []
960 test "on non-federating instance, it returns 404", %{conn: conn} do
961 Config.put([:instance, :federating], false)
965 |> assign(:user, user)
966 |> get("/relay/following")
967 |> json_response(404)
971 describe "/users/:nickname/followers" do
972 test "it returns the followers in a collection", %{conn: conn} do
974 user_two = insert(:user)
975 User.follow(user, user_two)
979 |> assign(:user, user_two)
980 |> get("/users/#{user_two.nickname}/followers")
981 |> json_response(200)
983 assert result["first"]["orderedItems"] == [user.ap_id]
986 test "it returns a uri if the user has 'hide_followers' set", %{conn: conn} do
988 user_two = insert(:user, hide_followers: true)
989 User.follow(user, user_two)
993 |> assign(:user, user)
994 |> get("/users/#{user_two.nickname}/followers")
995 |> json_response(200)
997 assert is_binary(result["first"])
1000 test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is from another user",
1002 user = insert(:user)
1003 other_user = insert(:user, hide_followers: true)
1007 |> assign(:user, user)
1008 |> get("/users/#{other_user.nickname}/followers?page=1")
1010 assert result.status == 403
1011 assert result.resp_body == ""
1014 test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
1016 user = insert(:user, hide_followers: true)
1017 other_user = insert(:user)
1018 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
1022 |> assign(:user, user)
1023 |> get("/users/#{user.nickname}/followers?page=1")
1024 |> json_response(200)
1026 assert result["totalItems"] == 1
1027 assert result["orderedItems"] == [other_user.ap_id]
1030 test "it works for more than 10 users", %{conn: conn} do
1031 user = insert(:user)
1033 Enum.each(1..15, fn _ ->
1034 other_user = insert(:user)
1035 User.follow(other_user, user)
1040 |> assign(:user, user)
1041 |> get("/users/#{user.nickname}/followers")
1042 |> json_response(200)
1044 assert length(result["first"]["orderedItems"]) == 10
1045 assert result["first"]["totalItems"] == 15
1046 assert result["totalItems"] == 15
1050 |> assign(:user, user)
1051 |> get("/users/#{user.nickname}/followers?page=2")
1052 |> json_response(200)
1054 assert length(result["orderedItems"]) == 5
1055 assert result["totalItems"] == 15
1058 test "returns 403 if requester is not logged in", %{conn: conn} do
1059 user = insert(:user)
1062 |> get("/users/#{user.nickname}/followers")
1063 |> json_response(403)
1067 describe "/users/:nickname/following" do
1068 test "it returns the following in a collection", %{conn: conn} do
1069 user = insert(:user)
1070 user_two = insert(:user)
1071 User.follow(user, user_two)
1075 |> assign(:user, user)
1076 |> get("/users/#{user.nickname}/following")
1077 |> json_response(200)
1079 assert result["first"]["orderedItems"] == [user_two.ap_id]
1082 test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
1083 user = insert(:user)
1084 user_two = insert(:user, hide_follows: true)
1085 User.follow(user, user_two)
1089 |> assign(:user, user)
1090 |> get("/users/#{user_two.nickname}/following")
1091 |> json_response(200)
1093 assert is_binary(result["first"])
1096 test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is from another user",
1098 user = insert(:user)
1099 user_two = insert(:user, hide_follows: true)
1103 |> assign(:user, user)
1104 |> get("/users/#{user_two.nickname}/following?page=1")
1106 assert result.status == 403
1107 assert result.resp_body == ""
1110 test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
1112 user = insert(:user, hide_follows: true)
1113 other_user = insert(:user)
1114 {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
1118 |> assign(:user, user)
1119 |> get("/users/#{user.nickname}/following?page=1")
1120 |> json_response(200)
1122 assert result["totalItems"] == 1
1123 assert result["orderedItems"] == [other_user.ap_id]
1126 test "it works for more than 10 users", %{conn: conn} do
1127 user = insert(:user)
1129 Enum.each(1..15, fn _ ->
1130 user = User.get_cached_by_id(user.id)
1131 other_user = insert(:user)
1132 User.follow(user, other_user)
1137 |> assign(:user, user)
1138 |> get("/users/#{user.nickname}/following")
1139 |> json_response(200)
1141 assert length(result["first"]["orderedItems"]) == 10
1142 assert result["first"]["totalItems"] == 15
1143 assert result["totalItems"] == 15
1147 |> assign(:user, user)
1148 |> get("/users/#{user.nickname}/following?page=2")
1149 |> json_response(200)
1151 assert length(result["orderedItems"]) == 5
1152 assert result["totalItems"] == 15
1155 test "returns 403 if requester is not logged in", %{conn: conn} do
1156 user = insert(:user)
1159 |> get("/users/#{user.nickname}/following")
1160 |> json_response(403)
1164 describe "delivery tracking" do
1165 test "it tracks a signed object fetch", %{conn: conn} do
1166 user = insert(:user, local: false)
1167 activity = insert(:note_activity)
1168 object = Object.normalize(activity)
1170 object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
1173 |> put_req_header("accept", "application/activity+json")
1174 |> assign(:user, user)
1176 |> json_response(200)
1178 assert Delivery.get(object.id, user.id)
1181 test "it tracks a signed activity fetch", %{conn: conn} do
1182 user = insert(:user, local: false)
1183 activity = insert(:note_activity)
1184 object = Object.normalize(activity)
1186 activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
1189 |> put_req_header("accept", "application/activity+json")
1190 |> assign(:user, user)
1191 |> get(activity_path)
1192 |> json_response(200)
1194 assert Delivery.get(object.id, user.id)
1197 test "it tracks a signed object fetch when the json is cached", %{conn: conn} do
1198 user = insert(:user, local: false)
1199 other_user = insert(:user, local: false)
1200 activity = insert(:note_activity)
1201 object = Object.normalize(activity)
1203 object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
1206 |> put_req_header("accept", "application/activity+json")
1207 |> assign(:user, user)
1209 |> json_response(200)
1212 |> put_req_header("accept", "application/activity+json")
1213 |> assign(:user, other_user)
1215 |> json_response(200)
1217 assert Delivery.get(object.id, user.id)
1218 assert Delivery.get(object.id, other_user.id)
1221 test "it tracks a signed activity fetch when the json is cached", %{conn: conn} do
1222 user = insert(:user, local: false)
1223 other_user = insert(:user, local: false)
1224 activity = insert(:note_activity)
1225 object = Object.normalize(activity)
1227 activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
1230 |> put_req_header("accept", "application/activity+json")
1231 |> assign(:user, user)
1232 |> get(activity_path)
1233 |> json_response(200)
1236 |> put_req_header("accept", "application/activity+json")
1237 |> assign(:user, other_user)
1238 |> get(activity_path)
1239 |> json_response(200)
1241 assert Delivery.get(object.id, user.id)
1242 assert Delivery.get(object.id, other_user.id)
1246 describe "Additional ActivityPub C2S endpoints" do
1247 test "GET /api/ap/whoami", %{conn: conn} do
1248 user = insert(:user)
1252 |> assign(:user, user)
1253 |> get("/api/ap/whoami")
1255 user = User.get_cached_by_id(user.id)
1257 assert UserView.render("user.json", %{user: user}) == json_response(conn, 200)
1260 |> get("/api/ap/whoami")
1261 |> json_response(403)
1264 setup do: clear_config([:media_proxy])
1265 setup do: clear_config([Pleroma.Upload])
1267 test "POST /api/ap/upload_media", %{conn: conn} do
1268 user = insert(:user)
1270 desc = "Description of the image"
1272 image = %Plug.Upload{
1273 content_type: "image/jpg",
1274 path: Path.absname("test/fixtures/image.jpg"),
1275 filename: "an_image.jpg"
1280 |> assign(:user, user)
1281 |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
1282 |> json_response(:created)
1284 assert object["name"] == desc
1285 assert object["type"] == "Document"
1286 assert object["actor"] == user.ap_id
1287 assert [%{"href" => object_href, "mediaType" => object_mediatype}] = object["url"]
1288 assert is_binary(object_href)
1289 assert object_mediatype == "image/jpeg"
1291 activity_request = %{
1292 "@context" => "https://www.w3.org/ns/activitystreams",
1296 "content" => "AP C2S test, attachment",
1297 "attachment" => [object]
1299 "to" => "https://www.w3.org/ns/activitystreams#Public",
1305 |> assign(:user, user)
1306 |> post("/users/#{user.nickname}/outbox", activity_request)
1307 |> json_response(:created)
1309 assert activity_response["id"]
1310 assert activity_response["object"]
1311 assert activity_response["actor"] == user.ap_id
1313 assert %Object{data: %{"attachment" => [attachment]}} =
1314 Object.normalize(activity_response["object"])
1316 assert attachment["type"] == "Document"
1317 assert attachment["name"] == desc
1321 "href" => ^object_href,
1323 "mediaType" => ^object_mediatype
1325 ] = attachment["url"]
1327 # Fails if unauthenticated
1329 |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
1330 |> json_response(403)