Fix MRF policies to also work with Update

[akkoma] / test / pleroma / web / activity_pub / activity_pub_controller_test.exs
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs

index c1e13c7cbed2e6653263deb9fb1b99ebb30741cb..2008ebf04bc17c106205c0c05f3e196611ed122e 100644 (file)
--- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -33,7 +33,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
    setup do: clear_config([:instance, :federating], true)
  
    describe "/relay" do
-    setup do: clear_config([:instance, :allow_relay])
+    setup do: clear_config([:instance, :allow_relay], true)
  
      test "with the relay active, it returns the relay user", %{conn: conn} do
        res =
@@ -247,6 +247,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert json_response(response, 200) == ObjectView.render("object.json", %{object: object})
      end
  
+    test "does not return local-only objects for remote users", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user, local: false)
+
+      {:ok, post} =
+        CommonAPI.post(user, %{status: "test @#{reader.nickname}", visibility: "local"})
+
+      assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+      object = Object.normalize(post, fetch: false)
+      uuid = String.split(object.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, reader)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+
+      json_response(response, 404)
+    end
+
      test "it returns a json representation of the object with accept application/json", %{
        conn: conn
      } do
@@ -291,6 +312,30 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
      end
  
+    test "does not cache authenticated response", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user)
+
+      {:ok, post} =
+        CommonAPI.post(user, %{status: "test @#{reader.nickname}", visibility: "local"})
+
+      object = Object.normalize(post, fetch: false)
+      uuid = String.split(object.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, reader)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+
+      json_response(response, 200)
+
+      conn
+      |> put_req_header("accept", "application/activity+json")
+      |> get("/objects/#{uuid}")
+      |> json_response(404)
+    end
+
      test "it returns 404 for non-public messages", %{conn: conn} do
        note = insert(:direct_note)
        uuid = String.split(note.data["id"], "/") |> List.last()
@@ -514,6 +559,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header(
+          "signature",
+          "keyId=\"http://mastodon.example.org/users/admin/main-key\""
+        )
          |> put_req_header("content-type", "application/activity+json")
          |> post("/inbox", data)
  
@@ -539,11 +588,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          File.read!("test/fixtures/mastodon-post-activity.json")
          |> Jason.decode!()
          |> Map.put("actor", user.ap_id)
-        |> put_in(["object", "attridbutedTo"], user.ap_id)
+        |> put_in(["object", "attributedTo"], user.ap_id)
  
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{user.ap_id}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/inbox", data)
  
@@ -557,12 +607,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
  
        sender_url = data["actor"]
+      sender = insert(:user, ap_id: data["actor"])
+
        Instances.set_consistently_unreachable(sender_url)
        refute Instances.reachable?(sender_url)
  
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{sender.ap_id}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/inbox", data)
  
@@ -587,6 +640,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert "ok" ==
                 conn
                 |> assign(:valid_signature, true)
+               |> put_req_header("signature", "keyId=\"#{followed_relay.ap_id}/main-key\"")
                 |> put_req_header("content-type", "application/activity+json")
                 |> post("/inbox", accept)
                 |> json_response(200)
@@ -653,6 +707,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
        actor = "https://example.com/users/lain"
  
+      insert(:user,
+        ap_id: actor,
+        featured_address: "https://example.com/users/lain/collections/featured"
+      )
+
        Tesla.Mock.mock(fn
          %{
            method: :get,
@@ -698,6 +757,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert "ok" ==
                 conn
                 |> assign(:valid_signature, true)
+               |> put_req_header("signature", "keyId=\"#{actor}/main-key\"")
                 |> put_req_header("content-type", "application/activity+json")
                 |> post("/inbox", data)
                 |> json_response(200)
@@ -705,6 +765,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
        assert Activity.get_by_ap_id(data["id"])
        user = User.get_cached_by_ap_id(data["actor"])
+
        assert user.pinned_objects[data["object"]]
  
        data = %{
@@ -719,6 +780,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert "ok" ==
                 conn
                 |> assign(:valid_signature, true)
+               |> put_req_header("signature", "keyId=\"#{actor}/main-key\"")
                 |> put_req_header("content-type", "application/activity+json")
                 |> post("/inbox", data)
                 |> json_response(200)
@@ -737,6 +799,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          |> String.replace("{{status_id}}", status_id)
  
        status_url = "https://example.com/users/lain/statuses/#{status_id}"
+      replies_url = status_url <> "/replies?only_other_accounts=true&page=true"
  
        user =
          File.read!("test/fixtures/users_mock/user.json")
@@ -744,6 +807,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
        actor = "https://example.com/users/lain"
  
+      sender =
+        insert(:user,
+          ap_id: actor,
+          featured_address: "https://example.com/users/lain/collections/featured"
+        )
+
        Tesla.Mock.mock(fn
          %{
            method: :get,
@@ -775,6 +844,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
                |> String.replace("{{nickname}}", "lain"),
              headers: [{"content-type", "application/activity+json"}]
            }
+
+        %{
+          method: :get,
+          url: ^replies_url
+        } ->
+          %Tesla.Env{
+            status: 404,
+            body: "",
+            headers: [{"content-type", "application/activity+json"}]
+          }
        end)
  
        data = %{
@@ -788,6 +867,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert "ok" ==
                 conn
                 |> assign(:valid_signature, true)
+               |> put_req_header("signature", "keyId=\"#{sender.ap_id}/main-key\"")
                 |> put_req_header("content-type", "application/activity+json")
                 |> post("/inbox", data)
                 |> json_response(200)
@@ -807,6 +887,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert "ok" ==
                 conn
                 |> assign(:valid_signature, true)
+               |> put_req_header("signature", "keyId=\"#{actor}/main-key\"")
                 |> put_req_header("content-type", "application/activity+json")
                 |> post("/inbox", data)
                 |> json_response(200)
@@ -829,11 +910,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
      test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
        user = insert(:user)
-      data = Map.put(data, "bcc", [user.ap_id])
+
+      data =
+        data
+        |> Map.put("bcc", [user.ap_id])
+        |> Kernel.put_in(["object", "bcc"], [user.ap_id])
  
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{data["actor"]}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/inbox", data)
  
@@ -846,12 +932,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        user = insert(:user)
  
        data =
-        Map.put(data, "to", user.ap_id)
-        |> Map.delete("cc")
+        data
+        |> Map.put("to", user.ap_id)
+        |> Map.put("cc", [])
+        |> Kernel.put_in(["object", "to"], user.ap_id)
+        |> Kernel.put_in(["object", "cc"], [])
  
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{data["actor"]}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/inbox", data)
  
@@ -864,12 +954,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        user = insert(:user)
  
        data =
-        Map.put(data, "cc", user.ap_id)
-        |> Map.delete("to")
+        data
+        |> Map.put("to", [])
+        |> Map.put("cc", user.ap_id)
+        |> Kernel.put_in(["object", "to"], [])
+        |> Kernel.put_in(["object", "cc"], user.ap_id)
  
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{data["actor"]}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/inbox", data)
  
@@ -883,13 +977,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        user = insert(:user)
  
        data =
-        Map.put(data, "bcc", user.ap_id)
-        |> Map.delete("to")
-        |> Map.delete("cc")
+        data
+        |> Map.put("to", [])
+        |> Map.put("cc", [])
+        |> Map.put("bcc", user.ap_id)
+        |> Kernel.put_in(["object", "to"], [])
+        |> Kernel.put_in(["object", "cc"], [])
+        |> Kernel.put_in(["object", "bcc"], user.ap_id)
  
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{data["actor"]}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/inbox", data)
  
@@ -917,6 +1016,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{announcer.ap_id}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/inbox", data)
  
@@ -947,6 +1047,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{actor.ap_id}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{recipient.nickname}/inbox", data)
  
@@ -993,6 +1094,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        conn =
          conn
          |> assign(:valid_signature, true)
+        |> put_req_header("signature", "keyId=\"#{data["actor"]}/main-key\"")
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/inbox", data)
  
@@ -1000,39 +1102,45 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert Instances.reachable?(sender_host)
      end
  
+    @tag capture_log: true
      test "it removes all follower collections but actor's", %{conn: conn} do
        [actor, recipient] = insert_pair(:user)
  
-      data =
-        File.read!("test/fixtures/activitypub-client-post-activity.json")
-        |> Jason.decode!()
+      to = [
+        recipient.ap_id,
+        recipient.follower_address,
+        "https://www.w3.org/ns/activitystreams#Public"
+      ]
  
-      object = Map.put(data["object"], "attributedTo", actor.ap_id)
+      cc = [recipient.follower_address, actor.follower_address]
  
-      data =
-        data
-        |> Map.put("id", Utils.generate_object_id())
-        |> Map.put("actor", actor.ap_id)
-        |> Map.put("object", object)
-        |> Map.put("cc", [
-          recipient.follower_address,
-          actor.follower_address
-        ])
-        |> Map.put("to", [
-          recipient.ap_id,
-          recipient.follower_address,
-          "https://www.w3.org/ns/activitystreams#Public"
-        ])
+      data = %{
+        "@context" => ["https://www.w3.org/ns/activitystreams"],
+        "type" => "Create",
+        "id" => Utils.generate_activity_id(),
+        "to" => to,
+        "cc" => cc,
+        "actor" => actor.ap_id,
+        "object" => %{
+          "type" => "Note",
+          "to" => to,
+          "cc" => cc,
+          "content" => "It's a note",
+          "attributedTo" => actor.ap_id,
+          "id" => Utils.generate_object_id()
+        }
+      }
  
        conn
        |> assign(:valid_signature, true)
+      |> put_req_header("signature", "keyId=\"#{actor.ap_id}/main-key\"")
        |> put_req_header("content-type", "application/activity+json")
        |> post("/users/#{recipient.nickname}/inbox", data)
        |> json_response(200)
  
        ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
  
-      activity = Activity.get_by_ap_id(data["id"])
+      assert activity = Activity.get_by_ap_id(data["id"])
  
        assert activity.id
        assert actor.follower_address in activity.recipients
@@ -1118,6 +1226,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
        conn
        |> assign(:valid_signature, true)
+      |> put_req_header("signature", "keyId=\"#{actor.ap_id}/main-key\"")
        |> put_req_header("content-type", "application/activity+json")
        |> post("/users/#{reported_user.nickname}/inbox", data)
        |> json_response(200)
@@ -1164,7 +1273,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          "actor" => remote_actor,
          "content" => "test report",
          "id" => "https://#{remote_domain}/e3b12fd1-948c-446e-b93b-a5e67edbe1d8",
-        "nickname" => reported_user.nickname,
          "object" => [
            reported_user.ap_id,
            note.data["object"]
@@ -1174,6 +1282,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  
        conn
        |> assign(:valid_signature, true)
+      |> put_req_header("signature", "keyId=\"#{remote_actor}/main-key\"")
        |> put_req_header("content-type", "application/activity+json")
        |> post("/users/#{reported_user.nickname}/inbox", data)
        |> json_response(200)
@@ -1255,6 +1364,35 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        assert outbox_endpoint == result["id"]
      end
  
+    test "it returns a local note activity when authenticated as local user", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user)
+      {:ok, note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+      ap_id = note_activity.data["id"]
+
+      resp =
+        conn
+        |> assign(:user, reader)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => [%{"id" => ^ap_id}]} = resp
+    end
+
+    test "it does not return a local note activity when unauthenticated", %{conn: conn} do
+      user = insert(:user)
+      {:ok, _note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+
+      resp =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => []} = resp
+    end
+
      test "it returns a note activity in a collection", %{conn: conn} do
        note_activity = insert(:note_activity)
        note_object = Object.normalize(note_activity, fetch: false)
@@ -1316,9 +1454,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          activity: %{
            "@context" => "https://www.w3.org/ns/activitystreams",
            "type" => "Create",
-          "object" => %{"type" => "Note", "content" => "AP C2S test"},
-          "to" => "https://www.w3.org/ns/activitystreams#Public",
-          "cc" => []
+          "object" => %{
+            "type" => "Note",
+            "content" => "AP C2S test",
+            "to" => "https://www.w3.org/ns/activitystreams#Public",
+            "cc" => []
+          }
          }
        ]
      end
@@ -1424,19 +1565,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
        user = User.get_cached_by_ap_id(note_activity.data["actor"])
  
        data = %{
-        type: "Delete",
-        object: %{
-          id: note_object.data["id"]
+        "type" => "Delete",
+        "object" => %{
+          "id" => note_object.data["id"]
          }
        }
  
-      conn =
+      result =
          conn
          |> assign(:user, user)
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/outbox", data)
+        |> json_response(201)
  
-      result = json_response(conn, 201)
        assert Activity.get_by_ap_id(result["id"])
  
        assert object = Object.get_by_ap_id(note_object.data["id"])
@@ -1461,7 +1602,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          |> put_req_header("content-type", "application/activity+json")
          |> post("/users/#{user.nickname}/outbox", data)
  
-      assert json_response(conn, 400)
+      assert json_response(conn, 403)
      end
  
      test "it increases like count when receiving a like action", %{conn: conn} do
@@ -1539,7 +1680,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          |> post("/users/#{user.nickname}/outbox", activity)
          |> json_response(400)
  
-      assert result == "Note is over the character limit"
+      assert result == "Character limit (5 characters) exceeded, contains 11 characters"
      end
    end
  
@@ -1916,10 +2057,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
          "object" => %{
            "type" => "Note",
            "content" => "AP C2S test, attachment",
-          "attachment" => [object]
-        },
-        "to" => "https://www.w3.org/ns/activitystreams#Public",
-        "cc" => []
+          "attachment" => [object],
+          "to" => "https://www.w3.org/ns/activitystreams#Public",
+          "cc" => []
+        }
        }
  
        activity_response =