1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
9 alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
12 clear_config(:mrf_simple,
15 federated_timeline_removal: [],
24 describe "when :media_removal" do
26 Config.put([:mrf_simple, :media_removal], [])
27 media_message = build_media_message()
28 local_message = build_local_message()
30 assert SimplePolicy.filter(media_message) == {:ok, media_message}
31 assert SimplePolicy.filter(local_message) == {:ok, local_message}
34 test "has a matching host" do
35 Config.put([:mrf_simple, :media_removal], ["remote.instance"])
36 media_message = build_media_message()
37 local_message = build_local_message()
39 assert SimplePolicy.filter(media_message) ==
42 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
44 assert SimplePolicy.filter(local_message) == {:ok, local_message}
47 test "match with wildcard domain" do
48 Config.put([:mrf_simple, :media_removal], ["*.remote.instance"])
49 media_message = build_media_message()
50 local_message = build_local_message()
52 assert SimplePolicy.filter(media_message) ==
55 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
57 assert SimplePolicy.filter(local_message) == {:ok, local_message}
61 describe "when :media_nsfw" do
63 Config.put([:mrf_simple, :media_nsfw], [])
64 media_message = build_media_message()
65 local_message = build_local_message()
67 assert SimplePolicy.filter(media_message) == {:ok, media_message}
68 assert SimplePolicy.filter(local_message) == {:ok, local_message}
71 test "has a matching host" do
72 Config.put([:mrf_simple, :media_nsfw], ["remote.instance"])
73 media_message = build_media_message()
74 local_message = build_local_message()
76 assert SimplePolicy.filter(media_message) ==
79 |> put_in(["object", "tag"], ["foo", "nsfw"])
80 |> put_in(["object", "sensitive"], true)}
82 assert SimplePolicy.filter(local_message) == {:ok, local_message}
85 test "match with wildcard domain" do
86 Config.put([:mrf_simple, :media_nsfw], ["*.remote.instance"])
87 media_message = build_media_message()
88 local_message = build_local_message()
90 assert SimplePolicy.filter(media_message) ==
93 |> put_in(["object", "tag"], ["foo", "nsfw"])
94 |> put_in(["object", "sensitive"], true)}
96 assert SimplePolicy.filter(local_message) == {:ok, local_message}
100 defp build_media_message do
102 "actor" => "https://remote.instance/users/bob",
105 "attachment" => [%{}],
112 describe "when :report_removal" do
114 Config.put([:mrf_simple, :report_removal], [])
115 report_message = build_report_message()
116 local_message = build_local_message()
118 assert SimplePolicy.filter(report_message) == {:ok, report_message}
119 assert SimplePolicy.filter(local_message) == {:ok, local_message}
122 test "has a matching host" do
123 Config.put([:mrf_simple, :report_removal], ["remote.instance"])
124 report_message = build_report_message()
125 local_message = build_local_message()
127 assert {:reject, _} = SimplePolicy.filter(report_message)
128 assert SimplePolicy.filter(local_message) == {:ok, local_message}
131 test "match with wildcard domain" do
132 Config.put([:mrf_simple, :report_removal], ["*.remote.instance"])
133 report_message = build_report_message()
134 local_message = build_local_message()
136 assert {:reject, _} = SimplePolicy.filter(report_message)
137 assert SimplePolicy.filter(local_message) == {:ok, local_message}
141 defp build_report_message do
143 "actor" => "https://remote.instance/users/bob",
148 describe "when :federated_timeline_removal" do
150 Config.put([:mrf_simple, :federated_timeline_removal], [])
151 {_, ftl_message} = build_ftl_actor_and_message()
152 local_message = build_local_message()
154 assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
155 assert SimplePolicy.filter(local_message) == {:ok, local_message}
158 test "has a matching host" do
159 {actor, ftl_message} = build_ftl_actor_and_message()
161 ftl_message_actor_host =
163 |> Map.fetch!("actor")
167 Config.put([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
168 local_message = build_local_message()
170 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
171 assert actor.follower_address in ftl_message["to"]
172 refute actor.follower_address in ftl_message["cc"]
173 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
174 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
176 assert SimplePolicy.filter(local_message) == {:ok, local_message}
179 test "match with wildcard domain" do
180 {actor, ftl_message} = build_ftl_actor_and_message()
182 ftl_message_actor_host =
184 |> Map.fetch!("actor")
188 Config.put([:mrf_simple, :federated_timeline_removal], ["*." <> ftl_message_actor_host])
189 local_message = build_local_message()
191 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
192 assert actor.follower_address in ftl_message["to"]
193 refute actor.follower_address in ftl_message["cc"]
194 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
195 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
197 assert SimplePolicy.filter(local_message) == {:ok, local_message}
200 test "has a matching host but only as:Public in to" do
201 {_actor, ftl_message} = build_ftl_actor_and_message()
203 ftl_message_actor_host =
205 |> Map.fetch!("actor")
209 ftl_message = Map.put(ftl_message, "cc", [])
211 Config.put([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])
213 assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
214 refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
215 assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
219 defp build_ftl_actor_and_message do
220 actor = insert(:user)
224 "actor" => actor.ap_id,
225 "to" => ["https://www.w3.org/ns/activitystreams#Public", "http://foo.bar/baz"],
226 "cc" => [actor.follower_address, "http://foo.bar/qux"]
230 describe "when :reject" do
232 Config.put([:mrf_simple, :reject], [])
234 remote_message = build_remote_message()
236 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
239 test "activity has a matching host" do
240 Config.put([:mrf_simple, :reject], ["remote.instance"])
242 remote_message = build_remote_message()
244 assert {:reject, _} = SimplePolicy.filter(remote_message)
247 test "activity matches with wildcard domain" do
248 Config.put([:mrf_simple, :reject], ["*.remote.instance"])
250 remote_message = build_remote_message()
252 assert {:reject, _} = SimplePolicy.filter(remote_message)
255 test "actor has a matching host" do
256 Config.put([:mrf_simple, :reject], ["remote.instance"])
258 remote_user = build_remote_user()
260 assert {:reject, _} = SimplePolicy.filter(remote_user)
264 describe "when :accept" do
266 Config.put([:mrf_simple, :accept], [])
268 local_message = build_local_message()
269 remote_message = build_remote_message()
271 assert SimplePolicy.filter(local_message) == {:ok, local_message}
272 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
275 test "is not empty but activity doesn't have a matching host" do
276 Config.put([:mrf_simple, :accept], ["non.matching.remote"])
278 local_message = build_local_message()
279 remote_message = build_remote_message()
281 assert SimplePolicy.filter(local_message) == {:ok, local_message}
282 assert {:reject, _} = SimplePolicy.filter(remote_message)
285 test "activity has a matching host" do
286 Config.put([:mrf_simple, :accept], ["remote.instance"])
288 local_message = build_local_message()
289 remote_message = build_remote_message()
291 assert SimplePolicy.filter(local_message) == {:ok, local_message}
292 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
295 test "activity matches with wildcard domain" do
296 Config.put([:mrf_simple, :accept], ["*.remote.instance"])
298 local_message = build_local_message()
299 remote_message = build_remote_message()
301 assert SimplePolicy.filter(local_message) == {:ok, local_message}
302 assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
305 test "actor has a matching host" do
306 Config.put([:mrf_simple, :accept], ["remote.instance"])
308 remote_user = build_remote_user()
310 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
314 describe "when :avatar_removal" do
316 Config.put([:mrf_simple, :avatar_removal], [])
318 remote_user = build_remote_user()
320 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
323 test "is not empty but it doesn't have a matching host" do
324 Config.put([:mrf_simple, :avatar_removal], ["non.matching.remote"])
326 remote_user = build_remote_user()
328 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
331 test "has a matching host" do
332 Config.put([:mrf_simple, :avatar_removal], ["remote.instance"])
334 remote_user = build_remote_user()
335 {:ok, filtered} = SimplePolicy.filter(remote_user)
337 refute filtered["icon"]
340 test "match with wildcard domain" do
341 Config.put([:mrf_simple, :avatar_removal], ["*.remote.instance"])
343 remote_user = build_remote_user()
344 {:ok, filtered} = SimplePolicy.filter(remote_user)
346 refute filtered["icon"]
350 describe "when :banner_removal" do
352 Config.put([:mrf_simple, :banner_removal], [])
354 remote_user = build_remote_user()
356 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
359 test "is not empty but it doesn't have a matching host" do
360 Config.put([:mrf_simple, :banner_removal], ["non.matching.remote"])
362 remote_user = build_remote_user()
364 assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
367 test "has a matching host" do
368 Config.put([:mrf_simple, :banner_removal], ["remote.instance"])
370 remote_user = build_remote_user()
371 {:ok, filtered} = SimplePolicy.filter(remote_user)
373 refute filtered["image"]
376 test "match with wildcard domain" do
377 Config.put([:mrf_simple, :banner_removal], ["*.remote.instance"])
379 remote_user = build_remote_user()
380 {:ok, filtered} = SimplePolicy.filter(remote_user)
382 refute filtered["image"]
386 describe "when :reject_deletes is empty" do
387 setup do: Config.put([:mrf_simple, :reject_deletes], [])
389 test "it accepts deletions even from rejected servers" do
390 Config.put([:mrf_simple, :reject], ["remote.instance"])
392 deletion_message = build_remote_deletion_message()
394 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
397 test "it accepts deletions even from non-whitelisted servers" do
398 Config.put([:mrf_simple, :accept], ["non.matching.remote"])
400 deletion_message = build_remote_deletion_message()
402 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
406 describe "when :reject_deletes is not empty but it doesn't have a matching host" do
407 setup do: Config.put([:mrf_simple, :reject_deletes], ["non.matching.remote"])
409 test "it accepts deletions even from rejected servers" do
410 Config.put([:mrf_simple, :reject], ["remote.instance"])
412 deletion_message = build_remote_deletion_message()
414 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
417 test "it accepts deletions even from non-whitelisted servers" do
418 Config.put([:mrf_simple, :accept], ["non.matching.remote"])
420 deletion_message = build_remote_deletion_message()
422 assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
426 describe "when :reject_deletes has a matching host" do
427 setup do: Config.put([:mrf_simple, :reject_deletes], ["remote.instance"])
429 test "it rejects the deletion" do
430 deletion_message = build_remote_deletion_message()
432 assert {:reject, _} = SimplePolicy.filter(deletion_message)
436 describe "when :reject_deletes match with wildcard domain" do
437 setup do: Config.put([:mrf_simple, :reject_deletes], ["*.remote.instance"])
439 test "it rejects the deletion" do
440 deletion_message = build_remote_deletion_message()
442 assert {:reject, _} = SimplePolicy.filter(deletion_message)
446 defp build_local_message do
448 "actor" => "#{Pleroma.Web.base_url()}/users/alice",
454 defp build_remote_message do
455 %{"actor" => "https://remote.instance/users/bob"}
458 defp build_remote_user do
460 "id" => "https://remote.instance/users/bob",
462 "url" => "http://example.com/image.jpg",
466 "url" => "http://example.com/image.jpg",
473 defp build_remote_deletion_message do
476 "actor" => "https://remote.instance/users/bob"