1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.OStatus.OStatusControllerTest do
6 use Pleroma.Web.ConnCase
8 import ExUnit.CaptureLog
13 alias Pleroma.Web.CommonAPI
14 alias Pleroma.Web.OStatus.ActivityRepresenter
17 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
21 clear_config_all([:instance, :federating]) do
22 Pleroma.Config.put([:instance, :federating], true)
25 describe "salmon_incoming" do
26 test "decodes a salmon", %{conn: conn} do
28 salmon = File.read!("test/fixtures/salmon.xml")
30 assert capture_log(fn ->
33 |> put_req_header("content-type", "application/atom+xml")
34 |> post("/users/#{user.nickname}/salmon", salmon)
36 assert response(conn, 200)
40 test "decodes a salmon with a changed magic key", %{conn: conn} do
42 salmon = File.read!("test/fixtures/salmon.xml")
44 assert capture_log(fn ->
47 |> put_req_header("content-type", "application/atom+xml")
48 |> post("/users/#{user.nickname}/salmon", salmon)
50 assert response(conn, 200)
56 "RSA.pu0s-halox4tu7wmES1FVSx6u-4wc0YrUFXcqWXZG4-27UmbCOpMQftRCldNRfyA-qLbz-eqiwrong1EwUvjsD4cYbAHNGHwTvDOyx5AKthQUP44ykPv7kjKGh3DWKySJvcs9tlUG87hlo7AvnMo9pwRS_Zz2CacQ-MKaXyDepk=.AQAB"
59 # Set a wrong magic-key for a user so it has to refetch
60 "http://gs.example.org:4040/index.php/user/1"
61 |> User.get_cached_by_ap_id()
62 |> User.update_changeset(update_params)
63 |> User.update_and_set_cache()
65 assert capture_log(fn ->
68 |> put_req_header("content-type", "application/atom+xml")
69 |> post("/users/#{user.nickname}/salmon", salmon)
71 assert response(conn, 200)
76 describe "GET object/2" do
77 test "gets an object", %{conn: conn} do
78 note_activity = insert(:note_activity)
79 object = Object.normalize(note_activity)
80 user = User.get_cached_by_ap_id(note_activity.data["actor"])
81 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
82 url = "/objects/#{uuid}"
86 |> put_req_header("accept", "application/xml")
90 ActivityRepresenter.to_simple_form(note_activity, user, true)
91 |> ActivityRepresenter.wrap_with_entry()
92 |> :xmerl.export_simple(:xmerl_xml)
95 assert response(conn, 200) == expected
98 test "redirects to /notice/id for html format", %{conn: conn} do
99 note_activity = insert(:note_activity)
100 object = Object.normalize(note_activity)
101 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
102 url = "/objects/#{uuid}"
106 |> put_req_header("accept", "text/html")
109 assert redirected_to(conn) == "/notice/#{note_activity.id}"
112 test "500s when user not found", %{conn: conn} do
113 note_activity = insert(:note_activity)
114 object = Object.normalize(note_activity)
115 user = User.get_cached_by_ap_id(note_activity.data["actor"])
116 User.invalidate_cache(user)
117 Pleroma.Repo.delete(user)
118 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
119 url = "/objects/#{uuid}"
123 |> put_req_header("accept", "application/xml")
126 assert response(conn, 500) == ~S({"error":"Something went wrong"})
129 test "404s on private objects", %{conn: conn} do
130 note_activity = insert(:direct_note_activity)
131 object = Object.normalize(note_activity)
132 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
135 |> get("/objects/#{uuid}")
139 test "404s on nonexisting objects", %{conn: conn} do
141 |> get("/objects/123")
146 describe "GET activity/2" do
147 test "gets an activity in xml format", %{conn: conn} do
148 note_activity = insert(:note_activity)
149 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
152 |> put_req_header("accept", "application/xml")
153 |> get("/activities/#{uuid}")
157 test "redirects to /notice/id for html format", %{conn: conn} do
158 note_activity = insert(:note_activity)
159 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
163 |> put_req_header("accept", "text/html")
164 |> get("/activities/#{uuid}")
166 assert redirected_to(conn) == "/notice/#{note_activity.id}"
169 test "505s when user not found", %{conn: conn} do
170 note_activity = insert(:note_activity)
171 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
172 user = User.get_cached_by_ap_id(note_activity.data["actor"])
173 User.invalidate_cache(user)
174 Pleroma.Repo.delete(user)
178 |> put_req_header("accept", "text/html")
179 |> get("/activities/#{uuid}")
181 assert response(conn, 500) == ~S({"error":"Something went wrong"})
184 test "404s on deleted objects", %{conn: conn} do
185 note_activity = insert(:note_activity)
186 object = Object.normalize(note_activity)
187 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
190 |> put_req_header("accept", "application/xml")
191 |> get("/objects/#{uuid}")
194 Object.delete(object)
197 |> put_req_header("accept", "application/xml")
198 |> get("/objects/#{uuid}")
202 test "404s on private activities", %{conn: conn} do
203 note_activity = insert(:direct_note_activity)
204 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
207 |> get("/activities/#{uuid}")
211 test "404s on nonexistent activities", %{conn: conn} do
213 |> get("/activities/123")
217 test "gets an activity in AS2 format", %{conn: conn} do
218 note_activity = insert(:note_activity)
219 [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
220 url = "/activities/#{uuid}"
224 |> put_req_header("accept", "application/activity+json")
227 assert json_response(conn, 200)
231 describe "GET notice/2" do
232 test "gets a notice in xml format", %{conn: conn} do
233 note_activity = insert(:note_activity)
236 |> get("/notice/#{note_activity.id}")
240 test "gets a notice in AS2 format", %{conn: conn} do
241 note_activity = insert(:note_activity)
244 |> put_req_header("accept", "application/activity+json")
245 |> get("/notice/#{note_activity.id}")
246 |> json_response(200)
249 test "500s when actor not found", %{conn: conn} do
250 note_activity = insert(:note_activity)
251 user = User.get_cached_by_ap_id(note_activity.data["actor"])
252 User.invalidate_cache(user)
253 Pleroma.Repo.delete(user)
257 |> get("/notice/#{note_activity.id}")
259 assert response(conn, 500) == ~S({"error":"Something went wrong"})
262 test "only gets a notice in AS2 format for Create messages", %{conn: conn} do
263 note_activity = insert(:note_activity)
264 url = "/notice/#{note_activity.id}"
268 |> put_req_header("accept", "application/activity+json")
271 assert json_response(conn, 200)
275 {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user)
276 url = "/notice/#{like_activity.id}"
278 assert like_activity.data["type"] == "Like"
282 |> put_req_header("accept", "application/activity+json")
285 assert response(conn, 404)
288 test "render html for redirect for html format", %{conn: conn} do
289 note_activity = insert(:note_activity)
293 |> put_req_header("accept", "text/html")
294 |> get("/notice/#{note_activity.id}")
298 "<meta content=\"#{Pleroma.Web.base_url()}/notice/#{note_activity.id}\" property=\"og:url\">"
302 {:ok, like_activity, _} = CommonAPI.favorite(note_activity.id, user)
304 assert like_activity.data["type"] == "Like"
308 |> put_req_header("accept", "text/html")
309 |> get("/notice/#{like_activity.id}")
312 assert resp =~ "<!--server-generated-meta-->"
315 test "404s a private notice", %{conn: conn} do
316 note_activity = insert(:direct_note_activity)
317 url = "/notice/#{note_activity.id}"
323 assert response(conn, 404)
326 test "404s a nonexisting notice", %{conn: conn} do
333 assert response(conn, 404)
337 describe "GET /notice/:id/embed_player" do
338 test "render embed player", %{conn: conn} do
339 note_activity = insert(:note_activity)
340 object = Pleroma.Object.normalize(note_activity)
343 Map.put(object.data, "attachment", [
348 "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4",
349 "mediaType" => "video/mp4",
357 |> Ecto.Changeset.change(data: object_data)
358 |> Pleroma.Repo.update()
362 |> get("/notice/#{note_activity.id}/embed_player")
364 assert Plug.Conn.get_resp_header(conn, "x-frame-options") == ["ALLOW"]
366 assert Plug.Conn.get_resp_header(
368 "content-security-policy"
370 "default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; media-src 'self' https:;"
373 assert response(conn, 200) =~
374 "<video controls loop><source src=\"https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4\" type=\"video/mp4\">Your browser does not support video/mp4 playback.</video>"
377 test "404s when activity isn't create", %{conn: conn} do
378 note_activity = insert(:note_activity, data_attrs: %{"type" => "Like"})
381 |> get("/notice/#{note_activity.id}/embed_player")
385 test "404s when activity is direct message", %{conn: conn} do
386 note_activity = insert(:note_activity, data_attrs: %{"directMessage" => true})
389 |> get("/notice/#{note_activity.id}/embed_player")
393 test "404s when attachment is empty", %{conn: conn} do
394 note_activity = insert(:note_activity)
395 object = Pleroma.Object.normalize(note_activity)
396 object_data = Map.put(object.data, "attachment", [])
399 |> Ecto.Changeset.change(data: object_data)
400 |> Pleroma.Repo.update()
403 |> get("/notice/#{note_activity.id}/embed_player")
407 test "404s when attachment isn't audio or video", %{conn: conn} do
408 note_activity = insert(:note_activity)
409 object = Pleroma.Object.normalize(note_activity)
412 Map.put(object.data, "attachment", [
416 "href" => "https://peertube.moe/static/webseed/480.jpg",
417 "mediaType" => "image/jpg",
425 |> Ecto.Changeset.change(data: object_data)
426 |> Pleroma.Repo.update()
429 |> get("/notice/#{note_activity.id}/embed_player")