projects / akkoma / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'feature/restrict-c2s' into 'develop'
[akkoma] / test / web / activity_pub / activity_pub_controller_test.exs
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index fbacb399335cd5bc56e4e198504175a98f8776b5..776ddc8d40bb1ad4e7abfa553d28398076ebbac7 100644 (file)
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -765,51 +765,110 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
     end
   end
 
-  describe "POST /users/:nickname/outbox" do
-    test "it rejects posts from other users / unauuthenticated users", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+  describe "POST /users/:nickname/outbox (C2S)" do
+    setup do
+      [
+        activity: %{
+          "@context" => "https://www.w3.org/ns/activitystreams",
+          "type" => "Create",
+          "object" => %{"type" => "Note", "content" => "AP C2S test"},
+          "to" => "https://www.w3.org/ns/activitystreams#Public",
+          "cc" => []
+        }
+      ]
+    end
+
+    test "it rejects posts from other users / unauthenticated users", %{
+      conn: conn,
+      activity: activity
+    } do
       user = insert(:user)
       other_user = insert(:user)
       conn = put_req_header(conn, "content-type", "application/activity+json")
 
       conn
-      |> post("/users/#{user.nickname}/outbox", data)
+      |> post("/users/#{user.nickname}/outbox", activity)
       |> json_response(403)
 
       conn
       |> assign(:user, other_user)
-      |> post("/users/#{user.nickname}/outbox", data)
+      |> post("/users/#{user.nickname}/outbox", activity)
       |> json_response(403)
     end
 
-    test "it inserts an incoming create activity into the database", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it inserts an incoming create activity into the database", %{
+      conn: conn,
+      activity: activity
+    } do
       user = insert(:user)
 
-      conn =
+      result =
         conn
         |> assign(:user, user)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
-
-      result = json_response(conn, 201)
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(201)
 
       assert Activity.get_by_ap_id(result["id"])
+      assert result["object"]
+      assert %Object{data: object} = Object.normalize(result["object"])
+      assert object["content"] == activity["object"]["content"]
     end
 
-    test "it rejects an incoming activity with bogus type", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
       user = insert(:user)
 
-      data =
-        data
-        |> Map.put("type", "BadType")
+      activity =
+        activity
+        |> put_in(["object", "type"], "Benis")
+
+      _result =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(400)
+    end
+
+    test "it inserts an incoming sensitive activity into the database", %{
+      conn: conn,
+      activity: activity
+    } do
+      user = insert(:user)
+      conn = assign(conn, :user, user)
+      object = Map.put(activity["object"], "sensitive", true)
+      activity = Map.put(activity, "object", object)
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(201)
+
+      assert Activity.get_by_ap_id(response["id"])
+      assert response["object"]
+      assert %Object{data: response_object} = Object.normalize(response["object"])
+      assert response_object["sensitive"] == true
+      assert response_object["content"] == activity["object"]["content"]
+
+      representation =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get(response["id"])
+        |> json_response(200)
+
+      assert representation["object"]["sensitive"] == true
+    end
+
+    test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do
+      user = insert(:user)
+      activity = Map.put(activity, "type", "BadType")
 
       conn =
         conn
         |> assign(:user, user)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
+        |> post("/users/#{user.nickname}/outbox", activity)
 
       assert json_response(conn, 400)
     end
@@ -1019,12 +1078,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert result["totalItems"] == 15
     end
 
-    test "returns 403 if requester is not logged in", %{conn: conn} do
+    test "does not require authentication", %{conn: conn} do
       user = insert(:user)
 
       conn
       |> get("/users/#{user.nickname}/followers")
-      |> json_response(403)
+      |> json_response(200)
     end
   end
 
@@ -1116,12 +1175,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert result["totalItems"] == 15
     end
 
-    test "returns 403 if requester is not logged in", %{conn: conn} do
+    test "does not require authentication", %{conn: conn} do
       user = insert(:user)
 
       conn
       |> get("/users/#{user.nickname}/following")
-      |> json_response(403)
+      |> json_response(200)
     end
   end
 
Fork of https://akkoma.dev/AkkomaGang/akkoma.git