# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
use Oban.Testing, repo: Pleroma.Repo
alias Pleroma.Activity
- alias Pleroma.Config
alias Pleroma.Delivery
alias Pleroma.Instances
alias Pleroma.Object
end
test "with the relay disabled, it returns 404", %{conn: conn} do
- Config.put([:instance, :allow_relay], false)
+ clear_config([:instance, :allow_relay], false)
conn
|> get(activity_pub_path(conn, :relay))
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
end
describe "/objects/:uuid" do
+ test "it doesn't return a local-only object", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ object = Object.normalize(post, fetch: false)
+ uuid = String.split(object.data["id"], "/") |> List.last()
+
+ conn =
+ conn
+ |> put_req_header("accept", "application/json")
+ |> get("/objects/#{uuid}")
+
+ assert json_response(conn, 404)
+ end
+
+ test "returns local-only objects when authenticated", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ object = Object.normalize(post, fetch: false)
+ uuid = String.split(object.data["id"], "/") |> List.last()
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/objects/#{uuid}")
+
+ assert json_response(response, 200) == ObjectView.render("object.json", %{object: object})
+ end
+
test "it returns a json representation of the object with accept application/json", %{
conn: conn
} do
assert json_response(conn, 404)
end
+ test "returns visible non-public messages when authenticated", %{conn: conn} do
+ note = insert(:direct_note)
+ uuid = String.split(note.data["id"], "/") |> List.last()
+ user = User.get_by_ap_id(note.data["actor"])
+ marisa = insert(:user)
+
+ assert conn
+ |> assign(:user, marisa)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/objects/#{uuid}")
+ |> json_response(404)
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/objects/#{uuid}")
+ |> json_response(200)
+
+ assert response == ObjectView.render("object.json", %{object: note})
+ end
+
test "it returns 404 for tombstone objects", %{conn: conn} do
tombstone = insert(:tombstone)
uuid = String.split(tombstone.data["id"], "/") |> List.last()
end
describe "/activities/:uuid" do
+ test "it doesn't return a local-only activity", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ uuid = String.split(post.data["id"], "/") |> List.last()
+
+ conn =
+ conn
+ |> put_req_header("accept", "application/json")
+ |> get("/activities/#{uuid}")
+
+ assert json_response(conn, 404)
+ end
+
+ test "returns local-only activities when authenticated", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ uuid = String.split(post.data["id"], "/") |> List.last()
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/activities/#{uuid}")
+
+ assert json_response(response, 200) == ObjectView.render("object.json", %{object: post})
+ end
+
test "it returns a json representation of the activity", %{conn: conn} do
activity = insert(:note_activity)
uuid = String.split(activity.data["id"], "/") |> List.last()
assert json_response(conn, 404)
end
+ test "returns visible non-public messages when authenticated", %{conn: conn} do
+ note = insert(:direct_note_activity)
+ uuid = String.split(note.data["id"], "/") |> List.last()
+ user = User.get_by_ap_id(note.data["actor"])
+ marisa = insert(:user)
+
+ assert conn
+ |> assign(:user, marisa)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/activities/#{uuid}")
+ |> json_response(404)
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/activities/#{uuid}")
+ |> json_response(200)
+
+ assert response == ObjectView.render("object.json", %{object: note})
+ end
+
test "it caches a response", %{conn: conn} do
activity = insert(:note_activity)
uuid = String.split(activity.data["id"], "/") |> List.last()
describe "/inbox" do
test "it inserts an incoming activity into the database", %{conn: conn} do
- data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
+ data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
conn =
conn
data =
File.read!("test/fixtures/mastodon-post-activity.json")
- |> Poison.decode!()
+ |> Jason.decode!()
|> Map.put("actor", user.ap_id)
|> put_in(["object", "attridbutedTo"], user.ap_id)
end
test "it clears `unreachable` federation status of the sender", %{conn: conn} do
- data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
+ data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
sender_url = data["actor"]
Instances.set_consistently_unreachable(sender_url)
end
test "accept follow activity", %{conn: conn} do
- Pleroma.Config.put([:instance, :federating], true)
+ clear_config([:instance, :federating], true)
relay = Relay.get_actor()
assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor")
test "without valid signature, " <>
"it only accepts Create activities and requires enabled federation",
%{conn: conn} do
- data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
- non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()
+ data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
+ non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Jason.decode!()
conn = put_req_header(conn, "content-type", "application/activity+json")
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
conn
|> post("/inbox", data)
|> post("/inbox", non_create_data)
|> json_response(403)
- Config.put([:instance, :federating], true)
+ clear_config([:instance, :federating], true)
ret_conn = post(conn, "/inbox", data)
assert "ok" == json_response(ret_conn, 200)
|> post("/inbox", non_create_data)
|> json_response(400)
end
+
+ test "accepts Add/Remove activities", %{conn: conn} do
+ object_id = "c61d6733-e256-4fe1-ab13-1e369789423f"
+
+ status =
+ File.read!("test/fixtures/statuses/note.json")
+ |> String.replace("{{nickname}}", "lain")
+ |> String.replace("{{object_id}}", object_id)
+
+ object_url = "https://example.com/objects/#{object_id}"
+
+ user =
+ File.read!("test/fixtures/users_mock/user.json")
+ |> String.replace("{{nickname}}", "lain")
+
+ actor = "https://example.com/users/lain"
+
+ Tesla.Mock.mock(fn
+ %{
+ method: :get,
+ url: ^object_url
+ } ->
+ %Tesla.Env{
+ status: 200,
+ body: status,
+ headers: [{"content-type", "application/activity+json"}]
+ }
+
+ %{
+ method: :get,
+ url: ^actor
+ } ->
+ %Tesla.Env{
+ status: 200,
+ body: user,
+ headers: [{"content-type", "application/activity+json"}]
+ }
+
+ %{method: :get, url: "https://example.com/users/lain/collections/featured"} ->
+ %Tesla.Env{
+ status: 200,
+ body:
+ "test/fixtures/users_mock/masto_featured.json"
+ |> File.read!()
+ |> String.replace("{{domain}}", "example.com")
+ |> String.replace("{{nickname}}", "lain"),
+ headers: [{"content-type", "application/activity+json"}]
+ }
+ end)
+
+ data = %{
+ "id" => "https://example.com/objects/d61d6733-e256-4fe1-ab13-1e369789423f",
+ "actor" => actor,
+ "object" => object_url,
+ "target" => "https://example.com/users/lain/collections/featured",
+ "type" => "Add",
+ "to" => [Pleroma.Constants.as_public()]
+ }
+
+ assert "ok" ==
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+ assert Activity.get_by_ap_id(data["id"])
+ user = User.get_cached_by_ap_id(data["actor"])
+ assert user.pinned_objects[data["object"]]
+
+ data = %{
+ "id" => "https://example.com/objects/d61d6733-e256-4fe1-ab13-1e369789423d",
+ "actor" => actor,
+ "object" => object_url,
+ "target" => "https://example.com/users/lain/collections/featured",
+ "type" => "Remove",
+ "to" => [Pleroma.Constants.as_public()]
+ }
+
+ assert "ok" ==
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+ user = refresh_record(user)
+ refute user.pinned_objects[data["object"]]
+ end
+
+ test "mastodon pin/unpin", %{conn: conn} do
+ status_id = "105786274556060421"
+
+ status =
+ File.read!("test/fixtures/statuses/masto-note.json")
+ |> String.replace("{{nickname}}", "lain")
+ |> String.replace("{{status_id}}", status_id)
+
+ status_url = "https://example.com/users/lain/statuses/#{status_id}"
+
+ user =
+ File.read!("test/fixtures/users_mock/user.json")
+ |> String.replace("{{nickname}}", "lain")
+
+ actor = "https://example.com/users/lain"
+
+ Tesla.Mock.mock(fn
+ %{
+ method: :get,
+ url: ^status_url
+ } ->
+ %Tesla.Env{
+ status: 200,
+ body: status,
+ headers: [{"content-type", "application/activity+json"}]
+ }
+
+ %{
+ method: :get,
+ url: ^actor
+ } ->
+ %Tesla.Env{
+ status: 200,
+ body: user,
+ headers: [{"content-type", "application/activity+json"}]
+ }
+
+ %{method: :get, url: "https://example.com/users/lain/collections/featured"} ->
+ %Tesla.Env{
+ status: 200,
+ body:
+ "test/fixtures/users_mock/masto_featured.json"
+ |> File.read!()
+ |> String.replace("{{domain}}", "example.com")
+ |> String.replace("{{nickname}}", "lain"),
+ headers: [{"content-type", "application/activity+json"}]
+ }
+ end)
+
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "actor" => actor,
+ "object" => status_url,
+ "target" => "https://example.com/users/lain/collections/featured",
+ "type" => "Add"
+ }
+
+ assert "ok" ==
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+ assert Activity.get_by_object_ap_id_with_object(data["object"])
+ user = User.get_cached_by_ap_id(data["actor"])
+ assert user.pinned_objects[data["object"]]
+
+ data = %{
+ "actor" => actor,
+ "object" => status_url,
+ "target" => "https://example.com/users/lain/collections/featured",
+ "type" => "Remove"
+ }
+
+ assert "ok" ==
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+ assert Activity.get_by_object_ap_id_with_object(data["object"])
+ user = refresh_record(user)
+ refute user.pinned_objects[data["object"]]
+ end
end
describe "/users/:nickname/inbox" do
setup do
data =
File.read!("test/fixtures/mastodon-post-activity.json")
- |> Poison.decode!()
+ |> Jason.decode!()
[data: data]
end
recipient = insert(:user)
actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
- {:ok, recipient} = User.follow(recipient, actor)
+ {:ok, recipient, actor} = User.follow(recipient, actor)
object =
data["object"]
test "it returns a note activity in a collection", %{conn: conn} do
note_activity = insert(:direct_note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
conn =
data =
File.read!("test/fixtures/activitypub-client-post-activity.json")
- |> Poison.decode!()
+ |> Jason.decode!()
object = Map.put(data["object"], "attributedTo", actor.ap_id)
assert json_response(ret_conn, 200)
end
+
+ @tag capture_log: true
+ test "forwarded report", %{conn: conn} do
+ admin = insert(:user, is_admin: true)
+ actor = insert(:user, local: false)
+ remote_domain = URI.parse(actor.ap_id).host
+ reported_user = insert(:user)
+
+ note = insert(:note_activity, user: reported_user)
+
+ data = %{
+ "@context" => [
+ "https://www.w3.org/ns/activitystreams",
+ "https://#{remote_domain}/schemas/litepub-0.1.jsonld",
+ %{
+ "@language" => "und"
+ }
+ ],
+ "actor" => actor.ap_id,
+ "cc" => [
+ reported_user.ap_id
+ ],
+ "content" => "test",
+ "context" => "context",
+ "id" => "http://#{remote_domain}/activities/02be56cf-35e3-46b4-b2c6-47ae08dfee9e",
+ "nickname" => reported_user.nickname,
+ "object" => [
+ reported_user.ap_id,
+ %{
+ "actor" => %{
+ "actor_type" => "Person",
+ "approval_pending" => false,
+ "avatar" => "",
+ "confirmation_pending" => false,
+ "deactivated" => false,
+ "display_name" => "test user",
+ "id" => reported_user.id,
+ "local" => false,
+ "nickname" => reported_user.nickname,
+ "registration_reason" => nil,
+ "roles" => %{
+ "admin" => false,
+ "moderator" => false
+ },
+ "tags" => [],
+ "url" => reported_user.ap_id
+ },
+ "content" => "",
+ "id" => note.data["id"],
+ "published" => note.data["published"],
+ "type" => "Note"
+ }
+ ],
+ "published" => note.data["published"],
+ "state" => "open",
+ "to" => [],
+ "type" => "Flag"
+ }
+
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{reported_user.nickname}/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+
+ assert Pleroma.Repo.aggregate(Activity, :count, :id) == 2
+
+ ObanHelpers.perform_all()
+
+ Swoosh.TestAssertions.assert_email_sent(
+ to: {admin.name, admin.email},
+ html_body: ~r/Reported Account:/i
+ )
+ end
+
+ @tag capture_log: true
+ test "forwarded report from mastodon", %{conn: conn} do
+ admin = insert(:user, is_admin: true)
+ actor = insert(:user, local: false)
+ remote_domain = URI.parse(actor.ap_id).host
+ remote_actor = "https://#{remote_domain}/actor"
+ [reported_user, another] = insert_list(2, :user)
+
+ note = insert(:note_activity, user: reported_user)
+
+ Pleroma.Web.CommonAPI.favorite(another, note.id)
+
+ mock_json_body =
+ "test/fixtures/mastodon/application_actor.json"
+ |> File.read!()
+ |> String.replace("{{DOMAIN}}", remote_domain)
+
+ Tesla.Mock.mock(fn %{url: ^remote_actor} ->
+ %Tesla.Env{
+ status: 200,
+ body: mock_json_body,
+ headers: [{"content-type", "application/activity+json"}]
+ }
+ end)
+
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "actor" => remote_actor,
+ "content" => "test report",
+ "id" => "https://#{remote_domain}/e3b12fd1-948c-446e-b93b-a5e67edbe1d8",
+ "nickname" => reported_user.nickname,
+ "object" => [
+ reported_user.ap_id,
+ note.data["object"]
+ ],
+ "type" => "Flag"
+ }
+
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{reported_user.nickname}/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+
+ flag_activity = "Flag" |> Pleroma.Activity.Queries.by_type() |> Pleroma.Repo.one()
+ reported_user_ap_id = reported_user.ap_id
+
+ [^reported_user_ap_id, flag_data] = flag_activity.data["object"]
+
+ Enum.each(~w(actor content id published type), &Map.has_key?(flag_data, &1))
+ ObanHelpers.perform_all()
+
+ Swoosh.TestAssertions.assert_email_sent(
+ to: {admin.name, admin.email},
+ html_body: ~r/#{note.data["object"]}/i
+ )
+ end
end
describe "GET /users/:nickname/outbox" do
test "it returns a note activity in a collection", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(note_activity.data["actor"])
conn =
assert response(conn, 200) =~ announce_activity.data["object"]
end
+
+ test "It returns poll Answers when authenticated", %{conn: conn} do
+ poller = insert(:user)
+ voter = insert(:user)
+
+ {:ok, activity} =
+ CommonAPI.post(poller, %{
+ status: "suya...",
+ poll: %{options: ["suya", "suya.", "suya.."], expires_in: 10}
+ })
+
+ assert question = Object.normalize(activity, fetch: false)
+
+ {:ok, [activity], _object} = CommonAPI.vote(voter, question, [1])
+
+ assert outbox_get =
+ conn
+ |> assign(:user, voter)
+ |> put_req_header("accept", "application/activity+json")
+ |> get(voter.ap_id <> "/outbox?page=true")
+ |> json_response(200)
+
+ assert [answer_outbox] = outbox_get["orderedItems"]
+ assert answer_outbox["id"] == activity.data["id"]
+ end
end
describe "POST /users/:nickname/outbox (C2S)" do
assert Activity.get_by_ap_id(result["id"])
assert result["object"]
- assert %Object{data: object} = Object.normalize(result["object"])
+ assert %Object{data: object} = Object.normalize(result["object"], fetch: false)
assert object["content"] == activity["object"]["content"]
end
assert Activity.get_by_ap_id(response["id"])
assert response["object"]
- assert %Object{data: response_object} = Object.normalize(response["object"])
+ assert %Object{data: response_object} = Object.normalize(response["object"], fetch: false)
assert response_object["sensitive"] == true
assert response_object["content"] == activity["object"]["content"]
test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(note_activity.data["actor"])
data = %{
test "it rejects delete activity of object from other actor", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = insert(:user)
data = %{
test "it increases like count when receiving a like action", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(note_activity.data["actor"])
data = %{
assert cirno_outbox["attributedTo"] == nil
assert cirno_outbox["actor"] == cirno.ap_id
- assert cirno_object = Object.normalize(cirno_outbox["object"])
+ assert cirno_object = Object.normalize(cirno_outbox["object"], fetch: false)
assert cirno_object.data["actor"] == cirno.ap_id
assert cirno_object.data["attributedTo"] == cirno.ap_id
end
test "Character limitation", %{conn: conn, activity: activity} do
- Pleroma.Config.put([:instance, :limit], 5)
+ clear_config([:instance, :limit], 5)
user = insert(:user)
result =
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
test "it tracks a signed object fetch", %{conn: conn} do
user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
test "it tracks a signed activity fetch", %{conn: conn} do
user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
user = insert(:user, local: false)
other_user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
user = insert(:user, local: false)
other_user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
desc = "Description of the image"
image = %Plug.Upload{
- content_type: "bad/content-type",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
- filename: "an_image.png"
+ filename: "an_image.jpg"
}
object =
assert activity_response["actor"] == user.ap_id
assert %Object{data: %{"attachment" => [attachment]}} =
- Object.normalize(activity_response["object"])
+ Object.normalize(activity_response["object"], fetch: false)
assert attachment["type"] == "Document"
assert attachment["name"] == desc
|> json_response(403)
end
end
+
+ test "pinned collection", %{conn: conn} do
+ clear_config([:instance, :max_pinned_statuses], 2)
+ user = insert(:user)
+ objects = insert_list(2, :note, user: user)
+
+ Enum.reduce(objects, user, fn %{data: %{"id" => object_id}}, user ->
+ {:ok, updated} = User.add_pinned_object_id(user, object_id)
+ updated
+ end)
+
+ %{nickname: nickname, featured_address: featured_address, pinned_objects: pinned_objects} =
+ refresh_record(user)
+
+ %{"id" => ^featured_address, "orderedItems" => items} =
+ conn
+ |> get("/users/#{nickname}/collections/featured")
+ |> json_response(200)
+
+ object_ids = Enum.map(items, & &1["id"])
+
+ assert Enum.all?(pinned_objects, fn {obj_id, _} ->
+ obj_id in object_ids
+ end)
+ end
end