import Pleroma.Factory
- clear_config_all([:static_fe, :enabled]) do
- Config.put([:static_fe, :enabled], true)
- end
-
- clear_config([:instance, :federating]) do
- Config.put([:instance, :federating], true)
- end
+ setup_all do: clear_config([:static_fe, :enabled], true)
+ setup do: clear_config([:instance, :federating], true)
setup %{conn: conn} do
conn = put_req_header(conn, "accept", "text/html")
end
test "profile does not include private messages", %{conn: conn, user: user} do
- CommonAPI.post(user, %{"status" => "public"})
- CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+ CommonAPI.post(user, %{status: "public"})
+ CommonAPI.post(user, %{status: "private", visibility: "private"})
conn = get(conn, "/users/#{user.nickname}")
end
test "pagination", %{conn: conn, user: user} do
- Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
+ Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
conn = get(conn, "/users/#{user.nickname}")
end
test "pagination, page 2", %{conn: conn, user: user} do
- activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
+ activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
{:ok, a11} = Enum.at(activities, 11)
conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
describe "notice html" do
test "single notice page", %{conn: conn, user: user} do
- {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
+ {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
conn = get(conn, "/notice/#{activity.id}")
assert html =~ "testing a thing!"
end
+ test "filters HTML tags", %{conn: conn} do
+ user = insert(:user)
+ {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
+
+ conn =
+ conn
+ |> put_req_header("accept", "text/html")
+ |> get("/notice/#{activity.id}")
+
+ html = html_response(conn, 200)
+ assert html =~ ~s[<script>alert('xss')</script>]
+ end
+
test "shows the whole thread", %{conn: conn, user: user} do
- {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
+ {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
CommonAPI.post(user, %{
- "status" => "these are the voyages or something",
- "in_reply_to_status_id" => activity.id
+ status: "these are the voyages or something",
+ in_reply_to_status_id: activity.id
})
conn = get(conn, "/notice/#{activity.id}")
test "redirect by AP object ID", %{conn: conn, user: user} do
{:ok, %Activity{data: %{"object" => object_url}}} =
- CommonAPI.post(user, %{"status" => "beam me up"})
+ CommonAPI.post(user, %{status: "beam me up"})
conn = get(conn, URI.parse(object_url).path)
test "redirect by activity ID", %{conn: conn, user: user} do
{:ok, %Activity{data: %{"id" => id}}} =
- CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
+ CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
conn = get(conn, URI.parse(id).path)
end
test "404 for private status", %{conn: conn, user: user} do
- {:ok, activity} =
- CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
+ {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
conn = get(conn, "/notice/#{activity.id}")
end
test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
- {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
+ {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)
end