# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
use Oban.Testing, repo: Pleroma.Repo
alias Pleroma.Activity
- alias Pleroma.Config
alias Pleroma.Delivery
alias Pleroma.Instances
alias Pleroma.Object
end
test "with the relay disabled, it returns 404", %{conn: conn} do
- Config.put([:instance, :allow_relay], false)
+ clear_config([:instance, :allow_relay], false)
conn
|> get(activity_pub_path(conn, :relay))
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
- object = Object.normalize(post, false)
+ object = Object.normalize(post, fetch: false)
uuid = String.split(object.data["id"], "/") |> List.last()
conn =
assert json_response(conn, 404)
end
+ test "returns local-only objects when authenticated", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ object = Object.normalize(post, fetch: false)
+ uuid = String.split(object.data["id"], "/") |> List.last()
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/objects/#{uuid}")
+
+ assert json_response(response, 200) == ObjectView.render("object.json", %{object: object})
+ end
+
test "it returns a json representation of the object with accept application/json", %{
conn: conn
} do
assert json_response(conn, 404)
end
+ test "returns visible non-public messages when authenticated", %{conn: conn} do
+ note = insert(:direct_note)
+ uuid = String.split(note.data["id"], "/") |> List.last()
+ user = User.get_by_ap_id(note.data["actor"])
+ marisa = insert(:user)
+
+ assert conn
+ |> assign(:user, marisa)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/objects/#{uuid}")
+ |> json_response(404)
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/objects/#{uuid}")
+ |> json_response(200)
+
+ assert response == ObjectView.render("object.json", %{object: note})
+ end
+
test "it returns 404 for tombstone objects", %{conn: conn} do
tombstone = insert(:tombstone)
uuid = String.split(tombstone.data["id"], "/") |> List.last()
assert json_response(conn, 404)
end
+ test "returns local-only activities when authenticated", %{conn: conn} do
+ user = insert(:user)
+ {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+ assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+ uuid = String.split(post.data["id"], "/") |> List.last()
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/activities/#{uuid}")
+
+ assert json_response(response, 200) == ObjectView.render("object.json", %{object: post})
+ end
+
test "it returns a json representation of the activity", %{conn: conn} do
activity = insert(:note_activity)
uuid = String.split(activity.data["id"], "/") |> List.last()
assert json_response(conn, 404)
end
+ test "returns visible non-public messages when authenticated", %{conn: conn} do
+ note = insert(:direct_note_activity)
+ uuid = String.split(note.data["id"], "/") |> List.last()
+ user = User.get_by_ap_id(note.data["actor"])
+ marisa = insert(:user)
+
+ assert conn
+ |> assign(:user, marisa)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/activities/#{uuid}")
+ |> json_response(404)
+
+ assert response =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("accept", "application/activity+json")
+ |> get("/activities/#{uuid}")
+ |> json_response(200)
+
+ assert response == ObjectView.render("object.json", %{object: note})
+ end
+
test "it caches a response", %{conn: conn} do
activity = insert(:note_activity)
uuid = String.split(activity.data["id"], "/") |> List.last()
describe "/inbox" do
test "it inserts an incoming activity into the database", %{conn: conn} do
- data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
+ data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
conn =
conn
data =
File.read!("test/fixtures/mastodon-post-activity.json")
- |> Poison.decode!()
+ |> Jason.decode!()
|> Map.put("actor", user.ap_id)
- |> put_in(["object", "attridbutedTo"], user.ap_id)
+ |> put_in(["object", "attributedTo"], user.ap_id)
conn =
conn
end
test "it clears `unreachable` federation status of the sender", %{conn: conn} do
- data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
+ data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
sender_url = data["actor"]
Instances.set_consistently_unreachable(sender_url)
end
test "accept follow activity", %{conn: conn} do
- Pleroma.Config.put([:instance, :federating], true)
+ clear_config([:instance, :federating], true)
relay = Relay.get_actor()
assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor")
test "without valid signature, " <>
"it only accepts Create activities and requires enabled federation",
%{conn: conn} do
- data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
- non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()
+ data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
+ non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Jason.decode!()
conn = put_req_header(conn, "content-type", "application/activity+json")
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
conn
|> post("/inbox", data)
|> post("/inbox", non_create_data)
|> json_response(403)
- Config.put([:instance, :federating], true)
+ clear_config([:instance, :federating], true)
ret_conn = post(conn, "/inbox", data)
assert "ok" == json_response(ret_conn, 200)
setup do
data =
File.read!("test/fixtures/mastodon-post-activity.json")
- |> Poison.decode!()
+ |> Jason.decode!()
[data: data]
end
test "it inserts an incoming activity into the database", %{conn: conn, data: data} do
user = insert(:user)
- data = Map.put(data, "bcc", [user.ap_id])
+
+ data =
+ data
+ |> Map.put("bcc", [user.ap_id])
+ |> Kernel.put_in(["object", "bcc"], [user.ap_id])
conn =
conn
user = insert(:user)
data =
- Map.put(data, "to", user.ap_id)
- |> Map.delete("cc")
+ data
+ |> Map.put("to", user.ap_id)
+ |> Map.put("cc", [])
+ |> Kernel.put_in(["object", "to"], user.ap_id)
+ |> Kernel.put_in(["object", "cc"], [])
conn =
conn
user = insert(:user)
data =
- Map.put(data, "cc", user.ap_id)
- |> Map.delete("to")
+ data
+ |> Map.put("to", [])
+ |> Map.put("cc", user.ap_id)
+ |> Kernel.put_in(["object", "to"], [])
+ |> Kernel.put_in(["object", "cc"], user.ap_id)
conn =
conn
user = insert(:user)
data =
- Map.put(data, "bcc", user.ap_id)
- |> Map.delete("to")
- |> Map.delete("cc")
+ data
+ |> Map.put("to", [])
+ |> Map.put("cc", [])
+ |> Map.put("bcc", user.ap_id)
+ |> Kernel.put_in(["object", "to"], [])
+ |> Kernel.put_in(["object", "cc"], [])
+ |> Kernel.put_in(["object", "bcc"], user.ap_id)
conn =
conn
recipient = insert(:user)
actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})
- {:ok, recipient} = User.follow(recipient, actor)
+ {:ok, recipient, actor} = User.follow(recipient, actor)
object =
data["object"]
test "it returns a note activity in a collection", %{conn: conn} do
note_activity = insert(:direct_note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
conn =
assert Instances.reachable?(sender_host)
end
+ @tag capture_log: true
test "it removes all follower collections but actor's", %{conn: conn} do
[actor, recipient] = insert_pair(:user)
- data =
- File.read!("test/fixtures/activitypub-client-post-activity.json")
- |> Poison.decode!()
+ to = [
+ recipient.ap_id,
+ recipient.follower_address,
+ "https://www.w3.org/ns/activitystreams#Public"
+ ]
- object = Map.put(data["object"], "attributedTo", actor.ap_id)
+ cc = [recipient.follower_address, actor.follower_address]
- data =
- data
- |> Map.put("id", Utils.generate_object_id())
- |> Map.put("actor", actor.ap_id)
- |> Map.put("object", object)
- |> Map.put("cc", [
- recipient.follower_address,
- actor.follower_address
- ])
- |> Map.put("to", [
- recipient.ap_id,
- recipient.follower_address,
- "https://www.w3.org/ns/activitystreams#Public"
- ])
+ data = %{
+ "@context" => ["https://www.w3.org/ns/activitystreams"],
+ "type" => "Create",
+ "id" => Utils.generate_activity_id(),
+ "to" => to,
+ "cc" => cc,
+ "actor" => actor.ap_id,
+ "object" => %{
+ "type" => "Note",
+ "to" => to,
+ "cc" => cc,
+ "content" => "It's a note",
+ "attributedTo" => actor.ap_id,
+ "id" => Utils.generate_object_id()
+ }
+ }
conn
|> assign(:valid_signature, true)
ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
- activity = Activity.get_by_ap_id(data["id"])
+ assert activity = Activity.get_by_ap_id(data["id"])
assert activity.id
assert actor.follower_address in activity.recipients
assert json_response(ret_conn, 200)
end
+
+ @tag capture_log: true
+ test "forwarded report", %{conn: conn} do
+ admin = insert(:user, is_admin: true)
+ actor = insert(:user, local: false)
+ remote_domain = URI.parse(actor.ap_id).host
+ reported_user = insert(:user)
+
+ note = insert(:note_activity, user: reported_user)
+
+ data = %{
+ "@context" => [
+ "https://www.w3.org/ns/activitystreams",
+ "https://#{remote_domain}/schemas/litepub-0.1.jsonld",
+ %{
+ "@language" => "und"
+ }
+ ],
+ "actor" => actor.ap_id,
+ "cc" => [
+ reported_user.ap_id
+ ],
+ "content" => "test",
+ "context" => "context",
+ "id" => "http://#{remote_domain}/activities/02be56cf-35e3-46b4-b2c6-47ae08dfee9e",
+ "nickname" => reported_user.nickname,
+ "object" => [
+ reported_user.ap_id,
+ %{
+ "actor" => %{
+ "actor_type" => "Person",
+ "approval_pending" => false,
+ "avatar" => "",
+ "confirmation_pending" => false,
+ "deactivated" => false,
+ "display_name" => "test user",
+ "id" => reported_user.id,
+ "local" => false,
+ "nickname" => reported_user.nickname,
+ "registration_reason" => nil,
+ "roles" => %{
+ "admin" => false,
+ "moderator" => false
+ },
+ "tags" => [],
+ "url" => reported_user.ap_id
+ },
+ "content" => "",
+ "id" => note.data["id"],
+ "published" => note.data["published"],
+ "type" => "Note"
+ }
+ ],
+ "published" => note.data["published"],
+ "state" => "open",
+ "to" => [],
+ "type" => "Flag"
+ }
+
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{reported_user.nickname}/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+
+ assert Pleroma.Repo.aggregate(Activity, :count, :id) == 2
+
+ ObanHelpers.perform_all()
+
+ Swoosh.TestAssertions.assert_email_sent(
+ to: {admin.name, admin.email},
+ html_body: ~r/Reported Account:/i
+ )
+ end
+
+ @tag capture_log: true
+ test "forwarded report from mastodon", %{conn: conn} do
+ admin = insert(:user, is_admin: true)
+ actor = insert(:user, local: false)
+ remote_domain = URI.parse(actor.ap_id).host
+ remote_actor = "https://#{remote_domain}/actor"
+ [reported_user, another] = insert_list(2, :user)
+
+ note = insert(:note_activity, user: reported_user)
+
+ Pleroma.Web.CommonAPI.favorite(another, note.id)
+
+ mock_json_body =
+ "test/fixtures/mastodon/application_actor.json"
+ |> File.read!()
+ |> String.replace("{{DOMAIN}}", remote_domain)
+
+ Tesla.Mock.mock(fn %{url: ^remote_actor} ->
+ %Tesla.Env{
+ status: 200,
+ body: mock_json_body,
+ headers: [{"content-type", "application/activity+json"}]
+ }
+ end)
+
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "actor" => remote_actor,
+ "content" => "test report",
+ "id" => "https://#{remote_domain}/e3b12fd1-948c-446e-b93b-a5e67edbe1d8",
+ "nickname" => reported_user.nickname,
+ "object" => [
+ reported_user.ap_id,
+ note.data["object"]
+ ],
+ "type" => "Flag"
+ }
+
+ conn
+ |> assign(:valid_signature, true)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{reported_user.nickname}/inbox", data)
+ |> json_response(200)
+
+ ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+
+ flag_activity = "Flag" |> Pleroma.Activity.Queries.by_type() |> Pleroma.Repo.one()
+ reported_user_ap_id = reported_user.ap_id
+
+ [^reported_user_ap_id, flag_data] = flag_activity.data["object"]
+
+ Enum.each(~w(actor content id published type), &Map.has_key?(flag_data, &1))
+ ObanHelpers.perform_all()
+
+ Swoosh.TestAssertions.assert_email_sent(
+ to: {admin.name, admin.email},
+ html_body: ~r/#{note.data["object"]}/i
+ )
+ end
end
describe "GET /users/:nickname/outbox" do
test "it returns a note activity in a collection", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(note_activity.data["actor"])
conn =
assert response(conn, 200) =~ announce_activity.data["object"]
end
+
+ test "It returns poll Answers when authenticated", %{conn: conn} do
+ poller = insert(:user)
+ voter = insert(:user)
+
+ {:ok, activity} =
+ CommonAPI.post(poller, %{
+ status: "suya...",
+ poll: %{options: ["suya", "suya.", "suya.."], expires_in: 10}
+ })
+
+ assert question = Object.normalize(activity, fetch: false)
+
+ {:ok, [activity], _object} = CommonAPI.vote(voter, question, [1])
+
+ assert outbox_get =
+ conn
+ |> assign(:user, voter)
+ |> put_req_header("accept", "application/activity+json")
+ |> get(voter.ap_id <> "/outbox?page=true")
+ |> json_response(200)
+
+ assert [answer_outbox] = outbox_get["orderedItems"]
+ assert answer_outbox["id"] == activity.data["id"]
+ end
end
describe "POST /users/:nickname/outbox (C2S)" do
assert Activity.get_by_ap_id(result["id"])
assert result["object"]
- assert %Object{data: object} = Object.normalize(result["object"])
+ assert %Object{data: object} = Object.normalize(result["object"], fetch: false)
assert object["content"] == activity["object"]["content"]
end
assert Activity.get_by_ap_id(response["id"])
assert response["object"]
- assert %Object{data: response_object} = Object.normalize(response["object"])
+ assert %Object{data: response_object} = Object.normalize(response["object"], fetch: false)
assert response_object["sensitive"] == true
assert response_object["content"] == activity["object"]["content"]
test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(note_activity.data["actor"])
data = %{
test "it rejects delete activity of object from other actor", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = insert(:user)
data = %{
test "it increases like count when receiving a like action", %{conn: conn} do
note_activity = insert(:note_activity)
- note_object = Object.normalize(note_activity)
+ note_object = Object.normalize(note_activity, fetch: false)
user = User.get_cached_by_ap_id(note_activity.data["actor"])
data = %{
assert cirno_outbox["attributedTo"] == nil
assert cirno_outbox["actor"] == cirno.ap_id
- assert cirno_object = Object.normalize(cirno_outbox["object"])
+ assert cirno_object = Object.normalize(cirno_outbox["object"], fetch: false)
assert cirno_object.data["actor"] == cirno.ap_id
assert cirno_object.data["attributedTo"] == cirno.ap_id
end
test "Character limitation", %{conn: conn, activity: activity} do
- Pleroma.Config.put([:instance, :limit], 5)
+ clear_config([:instance, :limit], 5)
user = insert(:user)
result =
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
end
test "on non-federating instance, it returns 404", %{conn: conn} do
- Config.put([:instance, :federating], false)
+ clear_config([:instance, :federating], false)
user = insert(:user)
conn
test "it tracks a signed object fetch", %{conn: conn} do
user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
test "it tracks a signed activity fetch", %{conn: conn} do
user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
user = insert(:user, local: false)
other_user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())
user = insert(:user, local: false)
other_user = insert(:user, local: false)
activity = insert(:note_activity)
- object = Object.normalize(activity)
+ object = Object.normalize(activity, fetch: false)
activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())
desc = "Description of the image"
image = %Plug.Upload{
- content_type: "bad/content-type",
+ content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
- filename: "an_image.png"
+ filename: "an_image.jpg"
}
object =
assert activity_response["actor"] == user.ap_id
assert %Object{data: %{"attachment" => [attachment]}} =
- Object.normalize(activity_response["object"])
+ Object.normalize(activity_response["object"], fetch: false)
assert attachment["type"] == "Document"
assert attachment["name"] == desc
projects / akkoma / blobdiff