[#3053] Unauthenticated access control for OStatus-related controllers and ActivityPubController (base actions: :user, :object, :activity). Tests adjustments.
This commit is contained in:
Ivan Tashkinov
parent
f6024252ae
commit
094edde7c4
9 changed files with 159 additions and 176 deletions
|
|
@ -33,25 +33,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
|
||||
setup do: clear_config([:instance, :federating], true)
|
||||
|
||||
defp ensure_federating_or_authenticated(conn, url, user) do
|
||||
Config.put([:instance, :federating], false)
|
||||
|
||||
conn
|
||||
|> get(url)
|
||||
|> response(403)
|
||||
|
||||
conn
|
||||
|> assign(:user, user)
|
||||
|> get(url)
|
||||
|> response(200)
|
||||
|
||||
Config.put([:instance, :federating], true)
|
||||
|
||||
conn
|
||||
|> get(url)
|
||||
|> response(200)
|
||||
end
|
||||
|
||||
describe "/relay" do
|
||||
setup do: clear_config([:instance, :allow_relay])
|
||||
|
||||
|
|
@ -175,21 +156,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
|
||||
assert response == "Not found"
|
||||
end
|
||||
|
||||
test "it requires authentication if instance is NOT federating", %{
|
||||
conn: conn
|
||||
} do
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
put_req_header(
|
||||
conn,
|
||||
"accept",
|
||||
"application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
|
||||
)
|
||||
|
||||
ensure_federating_or_authenticated(conn, "/users/#{user.nickname}.json", user)
|
||||
end
|
||||
end
|
||||
|
||||
describe "mastodon compatibility routes" do
|
||||
|
|
@ -357,18 +323,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
|
||||
assert "Not found" == json_response(conn2, :not_found)
|
||||
end
|
||||
|
||||
test "it requires authentication if instance is NOT federating", %{
|
||||
conn: conn
|
||||
} do
|
||||
user = insert(:user)
|
||||
note = insert(:note)
|
||||
uuid = String.split(note.data["id"], "/") |> List.last()
|
||||
|
||||
conn = put_req_header(conn, "accept", "application/activity+json")
|
||||
|
||||
ensure_federating_or_authenticated(conn, "/objects/#{uuid}", user)
|
||||
end
|
||||
end
|
||||
|
||||
describe "/activities/:uuid" do
|
||||
|
|
@ -440,18 +394,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
|
||||
assert "Not found" == json_response(conn2, :not_found)
|
||||
end
|
||||
|
||||
test "it requires authentication if instance is NOT federating", %{
|
||||
conn: conn
|
||||
} do
|
||||
user = insert(:user)
|
||||
activity = insert(:note_activity)
|
||||
uuid = String.split(activity.data["id"], "/") |> List.last()
|
||||
|
||||
conn = put_req_header(conn, "accept", "application/activity+json")
|
||||
|
||||
ensure_federating_or_authenticated(conn, "/activities/#{uuid}", user)
|
||||
end
|
||||
end
|
||||
|
||||
describe "/inbox" do
|
||||
|
|
@ -912,15 +854,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
|||
|
||||
assert response(conn, 200) =~ announce_activity.data["object"]
|
||||
end
|
||||
|
||||
test "it requires authentication if instance is NOT federating", %{
|
||||
conn: conn
|
||||
} do
|
||||
user = insert(:user)
|
||||
conn = put_req_header(conn, "accept", "application/activity+json")
|
||||
|
||||
ensure_federating_or_authenticated(conn, "/users/#{user.nickname}/outbox", user)
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /users/:nickname/outbox (C2S)" do
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
|
|||
import Pleroma.Factory
|
||||
import SweetXml
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.Feed.FeedView
|
||||
|
|
@ -15,7 +16,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
|
|||
setup do: clear_config([:feed])
|
||||
|
||||
test "gets a feed (ATOM)", %{conn: conn} do
|
||||
Pleroma.Config.put(
|
||||
Config.put(
|
||||
[:feed, :post_title],
|
||||
%{max_length: 25, omission: "..."}
|
||||
)
|
||||
|
|
@ -82,7 +83,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
|
|||
end
|
||||
|
||||
test "gets a feed (RSS)", %{conn: conn} do
|
||||
Pleroma.Config.put(
|
||||
Config.put(
|
||||
[:feed, :post_title],
|
||||
%{max_length: 25, omission: "..."}
|
||||
)
|
||||
|
|
@ -157,7 +158,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
|
|||
response =
|
||||
conn
|
||||
|> put_req_header("accept", "application/rss+xml")
|
||||
|> get(tag_feed_path(conn, :feed, "pleromaart"))
|
||||
|> get(tag_feed_path(conn, :feed, "pleromaart.rss"))
|
||||
|> response(200)
|
||||
|
||||
xml = parse(response)
|
||||
|
|
@ -183,14 +184,12 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
|
|||
end
|
||||
|
||||
describe "private instance" do
|
||||
setup do: clear_config([:instance, :public])
|
||||
setup do: clear_config([:instance, :public], false)
|
||||
|
||||
test "returns 404 for tags feed", %{conn: conn} do
|
||||
Config.put([:instance, :public], false)
|
||||
|
||||
conn
|
||||
|> put_req_header("accept", "application/rss+xml")
|
||||
|> get(tag_feed_path(conn, :feed, "pleromaart"))
|
||||
|> get(tag_feed_path(conn, :feed, "pleromaart.rss"))
|
||||
|> response(404)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue