1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
6 use Pleroma.Web.ConnCase
7 use Oban.Testing, repo: Pleroma.Repo
10 alias Pleroma.Activity
12 alias Pleroma.Delivery
13 alias Pleroma.Instances
15 alias Pleroma.Tests.ObanHelpers
17 alias Pleroma.Web.ActivityPub.ObjectView
18 alias Pleroma.Web.ActivityPub.Relay
19 alias Pleroma.Web.ActivityPub.UserView
20 alias Pleroma.Web.ActivityPub.Utils
21 alias Pleroma.Web.CommonAPI
22 alias Pleroma.Workers.ReceiverWorker
25 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
29 setup do: clear_config([:instance, :federating], true)
32 setup do: clear_config([:instance, :allow_relay])
34 test "with the relay active, it returns the relay user", %{conn: conn} do
37 |> get(activity_pub_path(conn, :relay))
40 assert res["id"] =~ "/relay"
43 test "with the relay disabled, it returns 404", %{conn: conn} do
44 Config.put([:instance, :allow_relay], false)
47 |> get(activity_pub_path(conn, :relay))
51 test "on non-federating instance, it returns 404", %{conn: conn} do
52 Config.put([:instance, :federating], false)
56 |> assign(:user, user)
57 |> get(activity_pub_path(conn, :relay))
62 describe "/internal/fetch" do
63 test "it returns the internal fetch user", %{conn: conn} do
66 |> get(activity_pub_path(conn, :internal_fetch))
69 assert res["id"] =~ "/fetch"
72 test "on non-federating instance, it returns 404", %{conn: conn} do
73 Config.put([:instance, :federating], false)
77 |> assign(:user, user)
78 |> get(activity_pub_path(conn, :internal_fetch))
83 describe "/users/:nickname" do
84 test "it returns a json representation of the user with accept application/json", %{
91 |> put_req_header("accept", "application/json")
92 |> get("/users/#{user.nickname}")
94 user = User.get_cached_by_id(user.id)
96 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
99 test "it returns a json representation of the user with accept application/activity+json", %{
106 |> put_req_header("accept", "application/activity+json")
107 |> get("/users/#{user.nickname}")
109 user = User.get_cached_by_id(user.id)
111 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
114 test "it returns a json representation of the user with accept application/ld+json", %{
123 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
125 |> get("/users/#{user.nickname}")
127 user = User.get_cached_by_id(user.id)
129 assert json_response(conn, 200) == UserView.render("user.json", %{user: user})
132 test "it returns 404 for remote users", %{
135 user = insert(:user, local: false, nickname: "remoteuser@example.com")
139 |> put_req_header("accept", "application/json")
140 |> get("/users/#{user.nickname}.json")
142 assert json_response(conn, 404)
145 test "it returns error when user is not found", %{conn: conn} do
148 |> put_req_header("accept", "application/json")
149 |> get("/users/jimm")
150 |> json_response(404)
152 assert response == "Not found"
155 test "it requires authentication if instance is NOT federating", %{
164 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
167 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}.json", user)
171 describe "/objects/:uuid" do
172 test "it returns a json representation of the object with accept application/json", %{
176 uuid = String.split(note.data["id"], "/") |> List.last()
180 |> put_req_header("accept", "application/json")
181 |> get("/objects/#{uuid}")
183 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
186 test "it returns a json representation of the object with accept application/activity+json",
189 uuid = String.split(note.data["id"], "/") |> List.last()
193 |> put_req_header("accept", "application/activity+json")
194 |> get("/objects/#{uuid}")
196 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
199 test "it returns a json representation of the object with accept application/ld+json", %{
203 uuid = String.split(note.data["id"], "/") |> List.last()
209 "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
211 |> get("/objects/#{uuid}")
213 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
216 test "it returns 404 for non-public messages", %{conn: conn} do
217 note = insert(:direct_note)
218 uuid = String.split(note.data["id"], "/") |> List.last()
222 |> put_req_header("accept", "application/activity+json")
223 |> get("/objects/#{uuid}")
225 assert json_response(conn, 404)
228 test "it returns 404 for tombstone objects", %{conn: conn} do
229 tombstone = insert(:tombstone)
230 uuid = String.split(tombstone.data["id"], "/") |> List.last()
234 |> put_req_header("accept", "application/activity+json")
235 |> get("/objects/#{uuid}")
237 assert json_response(conn, 404)
240 test "it caches a response", %{conn: conn} do
242 uuid = String.split(note.data["id"], "/") |> List.last()
246 |> put_req_header("accept", "application/activity+json")
247 |> get("/objects/#{uuid}")
249 assert json_response(conn1, :ok)
250 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
254 |> put_req_header("accept", "application/activity+json")
255 |> get("/objects/#{uuid}")
257 assert json_response(conn1, :ok) == json_response(conn2, :ok)
258 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
261 test "cached purged after object deletion", %{conn: conn} do
263 uuid = String.split(note.data["id"], "/") |> List.last()
267 |> put_req_header("accept", "application/activity+json")
268 |> get("/objects/#{uuid}")
270 assert json_response(conn1, :ok)
271 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
277 |> put_req_header("accept", "application/activity+json")
278 |> get("/objects/#{uuid}")
280 assert "Not found" == json_response(conn2, :not_found)
283 test "it requires authentication if instance is NOT federating", %{
288 uuid = String.split(note.data["id"], "/") |> List.last()
290 conn = put_req_header(conn, "accept", "application/activity+json")
292 ensure_federating_or_authenticated(conn, "/objects/#{uuid}", user)
296 describe "/activities/:uuid" do
297 test "it returns a json representation of the activity", %{conn: conn} do
298 activity = insert(:note_activity)
299 uuid = String.split(activity.data["id"], "/") |> List.last()
303 |> put_req_header("accept", "application/activity+json")
304 |> get("/activities/#{uuid}")
306 assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
309 test "it returns 404 for non-public activities", %{conn: conn} do
310 activity = insert(:direct_note_activity)
311 uuid = String.split(activity.data["id"], "/") |> List.last()
315 |> put_req_header("accept", "application/activity+json")
316 |> get("/activities/#{uuid}")
318 assert json_response(conn, 404)
321 test "it caches a response", %{conn: conn} do
322 activity = insert(:note_activity)
323 uuid = String.split(activity.data["id"], "/") |> List.last()
327 |> put_req_header("accept", "application/activity+json")
328 |> get("/activities/#{uuid}")
330 assert json_response(conn1, :ok)
331 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
335 |> put_req_header("accept", "application/activity+json")
336 |> get("/activities/#{uuid}")
338 assert json_response(conn1, :ok) == json_response(conn2, :ok)
339 assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))
342 test "cached purged after activity deletion", %{conn: conn} do
344 {:ok, activity} = CommonAPI.post(user, %{"status" => "cofe"})
346 uuid = String.split(activity.data["id"], "/") |> List.last()
350 |> put_req_header("accept", "application/activity+json")
351 |> get("/activities/#{uuid}")
353 assert json_response(conn1, :ok)
354 assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))
356 Activity.delete_all_by_object_ap_id(activity.object.data["id"])
360 |> put_req_header("accept", "application/activity+json")
361 |> get("/activities/#{uuid}")
363 assert "Not found" == json_response(conn2, :not_found)
366 test "it requires authentication if instance is NOT federating", %{
370 activity = insert(:note_activity)
371 uuid = String.split(activity.data["id"], "/") |> List.last()
373 conn = put_req_header(conn, "accept", "application/activity+json")
375 ensure_federating_or_authenticated(conn, "/activities/#{uuid}", user)
380 test "it inserts an incoming activity into the database", %{conn: conn} do
381 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
385 |> assign(:valid_signature, true)
386 |> put_req_header("content-type", "application/activity+json")
387 |> post("/inbox", data)
389 assert "ok" == json_response(conn, 200)
391 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
392 assert Activity.get_by_ap_id(data["id"])
395 test "it clears `unreachable` federation status of the sender", %{conn: conn} do
396 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
398 sender_url = data["actor"]
399 Instances.set_consistently_unreachable(sender_url)
400 refute Instances.reachable?(sender_url)
404 |> assign(:valid_signature, true)
405 |> put_req_header("content-type", "application/activity+json")
406 |> post("/inbox", data)
408 assert "ok" == json_response(conn, 200)
409 assert Instances.reachable?(sender_url)
412 test "accept follow activity", %{conn: conn} do
413 Pleroma.Config.put([:instance, :federating], true)
414 relay = Relay.get_actor()
416 assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor")
418 followed_relay = Pleroma.User.get_by_ap_id("https://relay.mastodon.host/actor")
419 relay = refresh_record(relay)
422 File.read!("test/fixtures/relay/accept-follow.json")
423 |> String.replace("{{ap_id}}", relay.ap_id)
424 |> String.replace("{{activity_id}}", activity.data["id"])
428 |> assign(:valid_signature, true)
429 |> put_req_header("content-type", "application/activity+json")
430 |> post("/inbox", accept)
431 |> json_response(200)
433 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
435 assert Pleroma.FollowingRelationship.following?(
440 Mix.shell(Mix.Shell.Process)
443 Mix.shell(Mix.Shell.IO)
446 :ok = Mix.Tasks.Pleroma.Relay.run(["list"])
447 assert_receive {:mix_shell, :info, ["relay.mastodon.host"]}
450 test "without valid signature, " <>
451 "it only accepts Create activities and requires enabled federation",
453 data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
454 non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()
456 conn = put_req_header(conn, "content-type", "application/activity+json")
458 Config.put([:instance, :federating], false)
461 |> post("/inbox", data)
462 |> json_response(403)
465 |> post("/inbox", non_create_data)
466 |> json_response(403)
468 Config.put([:instance, :federating], true)
470 ret_conn = post(conn, "/inbox", data)
471 assert "ok" == json_response(ret_conn, 200)
474 |> post("/inbox", non_create_data)
475 |> json_response(400)
479 describe "/users/:nickname/inbox" do
482 File.read!("test/fixtures/mastodon-post-activity.json")
488 test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
490 data = Map.put(data, "bcc", [user.ap_id])
494 |> assign(:valid_signature, true)
495 |> put_req_header("content-type", "application/activity+json")
496 |> post("/users/#{user.nickname}/inbox", data)
498 assert "ok" == json_response(conn, 200)
499 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
500 assert Activity.get_by_ap_id(data["id"])
503 test "it accepts messages with to as string instead of array", %{conn: conn, data: data} do
507 Map.put(data, "to", user.ap_id)
512 |> assign(:valid_signature, true)
513 |> put_req_header("content-type", "application/activity+json")
514 |> post("/users/#{user.nickname}/inbox", data)
516 assert "ok" == json_response(conn, 200)
517 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
518 assert Activity.get_by_ap_id(data["id"])
521 test "it accepts messages with cc as string instead of array", %{conn: conn, data: data} do
525 Map.put(data, "cc", user.ap_id)
530 |> assign(:valid_signature, true)
531 |> put_req_header("content-type", "application/activity+json")
532 |> post("/users/#{user.nickname}/inbox", data)
534 assert "ok" == json_response(conn, 200)
535 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
536 %Activity{} = activity = Activity.get_by_ap_id(data["id"])
537 assert user.ap_id in activity.recipients
540 test "it accepts messages with bcc as string instead of array", %{conn: conn, data: data} do
544 Map.put(data, "bcc", user.ap_id)
550 |> assign(:valid_signature, true)
551 |> put_req_header("content-type", "application/activity+json")
552 |> post("/users/#{user.nickname}/inbox", data)
554 assert "ok" == json_response(conn, 200)
555 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
556 assert Activity.get_by_ap_id(data["id"])
559 test "it accepts announces with to as string instead of array", %{conn: conn} do
563 "@context" => "https://www.w3.org/ns/activitystreams",
564 "actor" => "http://mastodon.example.org/users/admin",
565 "id" => "http://mastodon.example.org/users/admin/statuses/19512778738411822/activity",
566 "object" => "https://mastodon.social/users/emelie/statuses/101849165031453009",
567 "to" => "https://www.w3.org/ns/activitystreams#Public",
568 "cc" => [user.ap_id],
574 |> assign(:valid_signature, true)
575 |> put_req_header("content-type", "application/activity+json")
576 |> post("/users/#{user.nickname}/inbox", data)
578 assert "ok" == json_response(conn, 200)
579 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
580 %Activity{} = activity = Activity.get_by_ap_id(data["id"])
581 assert "https://www.w3.org/ns/activitystreams#Public" in activity.recipients
584 test "it accepts messages from actors that are followed by the user", %{
588 recipient = insert(:user)
589 actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
591 {:ok, recipient} = User.follow(recipient, actor)
595 |> Map.put("attributedTo", actor.ap_id)
599 |> Map.put("actor", actor.ap_id)
600 |> Map.put("object", object)
604 |> assign(:valid_signature, true)
605 |> put_req_header("content-type", "application/activity+json")
606 |> post("/users/#{recipient.nickname}/inbox", data)
608 assert "ok" == json_response(conn, 200)
609 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
610 assert Activity.get_by_ap_id(data["id"])
613 test "it rejects reads from other users", %{conn: conn} do
615 other_user = insert(:user)
619 |> assign(:user, other_user)
620 |> put_req_header("accept", "application/activity+json")
621 |> get("/users/#{user.nickname}/inbox")
623 assert json_response(conn, 403)
626 test "it returns a note activity in a collection", %{conn: conn} do
627 note_activity = insert(:direct_note_activity)
628 note_object = Object.normalize(note_activity)
629 user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
633 |> assign(:user, user)
634 |> put_req_header("accept", "application/activity+json")
635 |> get("/users/#{user.nickname}/inbox?page=true")
637 assert response(conn, 200) =~ note_object.data["content"]
640 test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
642 data = Map.put(data, "bcc", [user.ap_id])
644 sender_host = URI.parse(data["actor"]).host
645 Instances.set_consistently_unreachable(sender_host)
646 refute Instances.reachable?(sender_host)
650 |> assign(:valid_signature, true)
651 |> put_req_header("content-type", "application/activity+json")
652 |> post("/users/#{user.nickname}/inbox", data)
654 assert "ok" == json_response(conn, 200)
655 assert Instances.reachable?(sender_host)
658 test "it removes all follower collections but actor's", %{conn: conn} do
659 [actor, recipient] = insert_pair(:user)
662 File.read!("test/fixtures/activitypub-client-post-activity.json")
665 object = Map.put(data["object"], "attributedTo", actor.ap_id)
669 |> Map.put("id", Utils.generate_object_id())
670 |> Map.put("actor", actor.ap_id)
671 |> Map.put("object", object)
673 recipient.follower_address,
674 actor.follower_address
678 recipient.follower_address,
679 "https://www.w3.org/ns/activitystreams#Public"
683 |> assign(:valid_signature, true)
684 |> put_req_header("content-type", "application/activity+json")
685 |> post("/users/#{recipient.nickname}/inbox", data)
686 |> json_response(200)
688 ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
690 activity = Activity.get_by_ap_id(data["id"])
693 assert actor.follower_address in activity.recipients
694 assert actor.follower_address in activity.data["cc"]
696 refute recipient.follower_address in activity.recipients
697 refute recipient.follower_address in activity.data["cc"]
698 refute recipient.follower_address in activity.data["to"]
701 test "it requires authentication", %{conn: conn} do
703 conn = put_req_header(conn, "accept", "application/activity+json")
705 ret_conn = get(conn, "/users/#{user.nickname}/inbox")
706 assert json_response(ret_conn, 403)
710 |> assign(:user, user)
711 |> get("/users/#{user.nickname}/inbox")
713 assert json_response(ret_conn, 200)
717 describe "GET /users/:nickname/outbox" do
718 test "it returns 200 even if there're no activities", %{conn: conn} do
723 |> assign(:user, user)
724 |> put_req_header("accept", "application/activity+json")
725 |> get("/users/#{user.nickname}/outbox")
727 result = json_response(conn, 200)
728 assert user.ap_id <> "/outbox" == result["id"]
731 test "it returns a note activity in a collection", %{conn: conn} do
732 note_activity = insert(:note_activity)
733 note_object = Object.normalize(note_activity)
734 user = User.get_cached_by_ap_id(note_activity.data["actor"])
738 |> assign(:user, user)
739 |> put_req_header("accept", "application/activity+json")
740 |> get("/users/#{user.nickname}/outbox?page=true")
742 assert response(conn, 200) =~ note_object.data["content"]
745 test "it returns an announce activity in a collection", %{conn: conn} do
746 announce_activity = insert(:announce_activity)
747 user = User.get_cached_by_ap_id(announce_activity.data["actor"])
751 |> assign(:user, user)
752 |> put_req_header("accept", "application/activity+json")
753 |> get("/users/#{user.nickname}/outbox?page=true")
755 assert response(conn, 200) =~ announce_activity.data["object"]
758 test "it requires authentication if instance is NOT federating", %{
762 conn = put_req_header(conn, "accept", "application/activity+json")
764 ensure_federating_or_authenticated(conn, "/users/#{user.nickname}/outbox", user)
768 describe "POST /users/:nickname/outbox (C2S)" do
772 "@context" => "https://www.w3.org/ns/activitystreams",
774 "object" => %{"type" => "Note", "content" => "AP C2S test"},
775 "to" => "https://www.w3.org/ns/activitystreams#Public",
781 test "it rejects posts from other users / unauthenticated users", %{
786 other_user = insert(:user)
787 conn = put_req_header(conn, "content-type", "application/activity+json")
790 |> post("/users/#{user.nickname}/outbox", activity)
791 |> json_response(403)
794 |> assign(:user, other_user)
795 |> post("/users/#{user.nickname}/outbox", activity)
796 |> json_response(403)
799 test "it inserts an incoming create activity into the database", %{
807 |> assign(:user, user)
808 |> put_req_header("content-type", "application/activity+json")
809 |> post("/users/#{user.nickname}/outbox", activity)
810 |> json_response(201)
812 assert Activity.get_by_ap_id(result["id"])
813 assert result["object"]
814 assert %Object{data: object} = Object.normalize(result["object"])
815 assert object["content"] == activity["object"]["content"]
818 test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
823 |> put_in(["object", "type"], "Benis")
827 |> assign(:user, user)
828 |> put_req_header("content-type", "application/activity+json")
829 |> post("/users/#{user.nickname}/outbox", activity)
830 |> json_response(400)
833 test "it inserts an incoming sensitive activity into the database", %{
838 object = Map.put(activity["object"], "sensitive", true)
839 activity = Map.put(activity, "object", object)
843 |> assign(:user, user)
844 |> put_req_header("content-type", "application/activity+json")
845 |> post("/users/#{user.nickname}/outbox", activity)
846 |> json_response(201)
848 assert Activity.get_by_ap_id(result["id"])
849 assert result["object"]
850 assert %Object{data: object} = Object.normalize(result["object"])
851 assert object["sensitive"] == activity["object"]["sensitive"]
852 assert object["content"] == activity["object"]["content"]
855 test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do
857 activity = Map.put(activity, "type", "BadType")
861 |> assign(:user, user)
862 |> put_req_header("content-type", "application/activity+json")
863 |> post("/users/#{user.nickname}/outbox", activity)
865 assert json_response(conn, 400)
868 test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
869 note_activity = insert(:note_activity)
870 note_object = Object.normalize(note_activity)
871 user = User.get_cached_by_ap_id(note_activity.data["actor"])
876 id: note_object.data["id"]
882 |> assign(:user, user)
883 |> put_req_header("content-type", "application/activity+json")
884 |> post("/users/#{user.nickname}/outbox", data)
886 result = json_response(conn, 201)
887 assert Activity.get_by_ap_id(result["id"])
889 assert object = Object.get_by_ap_id(note_object.data["id"])
890 assert object.data["type"] == "Tombstone"
893 test "it rejects delete activity of object from other actor", %{conn: conn} do
894 note_activity = insert(:note_activity)
895 note_object = Object.normalize(note_activity)
901 id: note_object.data["id"]
907 |> assign(:user, user)
908 |> put_req_header("content-type", "application/activity+json")
909 |> post("/users/#{user.nickname}/outbox", data)
911 assert json_response(conn, 400)
914 test "it increases like count when receiving a like action", %{conn: conn} do
915 note_activity = insert(:note_activity)
916 note_object = Object.normalize(note_activity)
917 user = User.get_cached_by_ap_id(note_activity.data["actor"])
922 id: note_object.data["id"]
928 |> assign(:user, user)
929 |> put_req_header("content-type", "application/activity+json")
930 |> post("/users/#{user.nickname}/outbox", data)
932 result = json_response(conn, 201)
933 assert Activity.get_by_ap_id(result["id"])
935 assert object = Object.get_by_ap_id(note_object.data["id"])
936 assert object.data["like_count"] == 1
940 describe "/relay/followers" do
941 test "it returns relay followers", %{conn: conn} do
942 relay_actor = Relay.get_actor()
944 User.follow(user, relay_actor)
948 |> get("/relay/followers")
949 |> json_response(200)
951 assert result["first"]["orderedItems"] == [user.ap_id]
954 test "on non-federating instance, it returns 404", %{conn: conn} do
955 Config.put([:instance, :federating], false)
959 |> assign(:user, user)
960 |> get("/relay/followers")
961 |> json_response(404)
965 describe "/relay/following" do
966 test "it returns relay following", %{conn: conn} do
969 |> get("/relay/following")
970 |> json_response(200)
972 assert result["first"]["orderedItems"] == []
975 test "on non-federating instance, it returns 404", %{conn: conn} do
976 Config.put([:instance, :federating], false)
980 |> assign(:user, user)
981 |> get("/relay/following")
982 |> json_response(404)
986 describe "/users/:nickname/followers" do
987 test "it returns the followers in a collection", %{conn: conn} do
989 user_two = insert(:user)
990 User.follow(user, user_two)
994 |> assign(:user, user_two)
995 |> get("/users/#{user_two.nickname}/followers")
996 |> json_response(200)
998 assert result["first"]["orderedItems"] == [user.ap_id]
1001 test "it returns a uri if the user has 'hide_followers' set", %{conn: conn} do
1002 user = insert(:user)
1003 user_two = insert(:user, hide_followers: true)
1004 User.follow(user, user_two)
1008 |> assign(:user, user)
1009 |> get("/users/#{user_two.nickname}/followers")
1010 |> json_response(200)
1012 assert is_binary(result["first"])
1015 test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is from another user",
1017 user = insert(:user)
1018 other_user = insert(:user, hide_followers: true)
1022 |> assign(:user, user)
1023 |> get("/users/#{other_user.nickname}/followers?page=1")
1025 assert result.status == 403
1026 assert result.resp_body == ""
1029 test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
1031 user = insert(:user, hide_followers: true)
1032 other_user = insert(:user)
1033 {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
1037 |> assign(:user, user)
1038 |> get("/users/#{user.nickname}/followers?page=1")
1039 |> json_response(200)
1041 assert result["totalItems"] == 1
1042 assert result["orderedItems"] == [other_user.ap_id]
1045 test "it works for more than 10 users", %{conn: conn} do
1046 user = insert(:user)
1048 Enum.each(1..15, fn _ ->
1049 other_user = insert(:user)
1050 User.follow(other_user, user)
1055 |> assign(:user, user)
1056 |> get("/users/#{user.nickname}/followers")
1057 |> json_response(200)
1059 assert length(result["first"]["orderedItems"]) == 10
1060 assert result["first"]["totalItems"] == 15
1061 assert result["totalItems"] == 15
1065 |> assign(:user, user)
1066 |> get("/users/#{user.nickname}/followers?page=2")
1067 |> json_response(200)
1069 assert length(result["orderedItems"]) == 5
1070 assert result["totalItems"] == 15
1073 test "does not require authentication", %{conn: conn} do
1074 user = insert(:user)
1077 |> get("/users/#{user.nickname}/followers")
1078 |> json_response(200)
1082 describe "/users/:nickname/following" do
1083 test "it returns the following in a collection", %{conn: conn} do
1084 user = insert(:user)
1085 user_two = insert(:user)
1086 User.follow(user, user_two)
1090 |> assign(:user, user)
1091 |> get("/users/#{user.nickname}/following")
1092 |> json_response(200)
1094 assert result["first"]["orderedItems"] == [user_two.ap_id]
1097 test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
1098 user = insert(:user)
1099 user_two = insert(:user, hide_follows: true)
1100 User.follow(user, user_two)
1104 |> assign(:user, user)
1105 |> get("/users/#{user_two.nickname}/following")
1106 |> json_response(200)
1108 assert is_binary(result["first"])
1111 test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is from another user",
1113 user = insert(:user)
1114 user_two = insert(:user, hide_follows: true)
1118 |> assign(:user, user)
1119 |> get("/users/#{user_two.nickname}/following?page=1")
1121 assert result.status == 403
1122 assert result.resp_body == ""
1125 test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
1127 user = insert(:user, hide_follows: true)
1128 other_user = insert(:user)
1129 {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
1133 |> assign(:user, user)
1134 |> get("/users/#{user.nickname}/following?page=1")
1135 |> json_response(200)
1137 assert result["totalItems"] == 1
1138 assert result["orderedItems"] == [other_user.ap_id]
1141 test "it works for more than 10 users", %{conn: conn} do
1142 user = insert(:user)
1144 Enum.each(1..15, fn _ ->
1145 user = User.get_cached_by_id(user.id)
1146 other_user = insert(:user)
1147 User.follow(user, other_user)
1152 |> assign(:user, user)
1153 |> get("/users/#{user.nickname}/following")
1154 |> json_response(200)
1156 assert length(result["first"]["orderedItems"]) == 10
1157 assert result["first"]["totalItems"] == 15
1158 assert result["totalItems"] == 15
1162 |> assign(:user, user)
1163 |> get("/users/#{user.nickname}/following?page=2")
1164 |> json_response(200)
1166 assert length(result["orderedItems"]) == 5
1167 assert result["totalItems"] == 15
1170 test "does not require authentication", %{conn: conn} do
1171 user = insert(:user)
1174 |> get("/users/#{user.nickname}/following")
1175 |> json_response(200)
1179 describe "delivery tracking" do
1180 test "it tracks a signed object fetch", %{conn: conn} do
1181 user = insert(:user, local: false)
1182 activity = insert(:note_activity)
1183 object = Object.normalize(activity)
1185 object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
1188 |> put_req_header("accept", "application/activity+json")
1189 |> assign(:user, user)
1191 |> json_response(200)
1193 assert Delivery.get(object.id, user.id)
1196 test "it tracks a signed activity fetch", %{conn: conn} do
1197 user = insert(:user, local: false)
1198 activity = insert(:note_activity)
1199 object = Object.normalize(activity)
1201 activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
1204 |> put_req_header("accept", "application/activity+json")
1205 |> assign(:user, user)
1206 |> get(activity_path)
1207 |> json_response(200)
1209 assert Delivery.get(object.id, user.id)
1212 test "it tracks a signed object fetch when the json is cached", %{conn: conn} do
1213 user = insert(:user, local: false)
1214 other_user = insert(:user, local: false)
1215 activity = insert(:note_activity)
1216 object = Object.normalize(activity)
1218 object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
1221 |> put_req_header("accept", "application/activity+json")
1222 |> assign(:user, user)
1224 |> json_response(200)
1227 |> put_req_header("accept", "application/activity+json")
1228 |> assign(:user, other_user)
1230 |> json_response(200)
1232 assert Delivery.get(object.id, user.id)
1233 assert Delivery.get(object.id, other_user.id)
1236 test "it tracks a signed activity fetch when the json is cached", %{conn: conn} do
1237 user = insert(:user, local: false)
1238 other_user = insert(:user, local: false)
1239 activity = insert(:note_activity)
1240 object = Object.normalize(activity)
1242 activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
1245 |> put_req_header("accept", "application/activity+json")
1246 |> assign(:user, user)
1247 |> get(activity_path)
1248 |> json_response(200)
1251 |> put_req_header("accept", "application/activity+json")
1252 |> assign(:user, other_user)
1253 |> get(activity_path)
1254 |> json_response(200)
1256 assert Delivery.get(object.id, user.id)
1257 assert Delivery.get(object.id, other_user.id)
1261 describe "Additional ActivityPub C2S endpoints" do
1262 test "GET /api/ap/whoami", %{conn: conn} do
1263 user = insert(:user)
1267 |> assign(:user, user)
1268 |> get("/api/ap/whoami")
1270 user = User.get_cached_by_id(user.id)
1272 assert UserView.render("user.json", %{user: user}) == json_response(conn, 200)
1275 |> get("/api/ap/whoami")
1276 |> json_response(403)
1279 setup do: clear_config([:media_proxy])
1280 setup do: clear_config([Pleroma.Upload])
1282 test "POST /api/ap/upload_media", %{conn: conn} do
1283 user = insert(:user)
1285 desc = "Description of the image"
1287 image = %Plug.Upload{
1288 content_type: "image/jpg",
1289 path: Path.absname("test/fixtures/image.jpg"),
1290 filename: "an_image.jpg"
1295 |> assign(:user, user)
1296 |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
1297 |> json_response(:created)
1299 assert object["name"] == desc
1300 assert object["type"] == "Document"
1301 assert object["actor"] == user.ap_id
1302 assert [%{"href" => object_href, "mediaType" => object_mediatype}] = object["url"]
1303 assert is_binary(object_href)
1304 assert object_mediatype == "image/jpeg"
1306 activity_request = %{
1307 "@context" => "https://www.w3.org/ns/activitystreams",
1311 "content" => "AP C2S test, attachment",
1312 "attachment" => [object]
1314 "to" => "https://www.w3.org/ns/activitystreams#Public",
1320 |> assign(:user, user)
1321 |> post("/users/#{user.nickname}/outbox", activity_request)
1322 |> json_response(:created)
1324 assert activity_response["id"]
1325 assert activity_response["object"]
1326 assert activity_response["actor"] == user.ap_id
1328 assert %Object{data: %{"attachment" => [attachment]}} =
1329 Object.normalize(activity_response["object"])
1331 assert attachment["type"] == "Document"
1332 assert attachment["name"] == desc
1336 "href" => ^object_href,
1338 "mediaType" => ^object_mediatype
1340 ] = attachment["url"]
1342 # Fails if unauthenticated
1344 |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
1345 |> json_response(403)