Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms

test/notification_test.exs

@@ -8,11 +8,13 @@ defmodule Pleroma.NotificationTest do
   import Pleroma.Factory
   import Mock
 
+  alias Pleroma.FollowingRelationship
   alias Pleroma.Notification
   alias Pleroma.Tests.ObanHelpers
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.MastodonAPI.NotificationView
   alias Pleroma.Web.Push
   alias Pleroma.Web.Streamer
 
@@ -272,16 +274,6 @@ defmodule Pleroma.NotificationTest do
       refute Notification.create_notification(activity, author)
     end
 
-    test "it doesn't create a notification for follow-unfollow-follow chains" do
-      user = insert(:user)
-      followed_user = insert(:user)
-      {:ok, _, _, activity} = CommonAPI.follow(user, followed_user)
-      Notification.create_notification(activity, followed_user)
-      CommonAPI.unfollow(user, followed_user)
-      {:ok, _, _, activity_dupe} = CommonAPI.follow(user, followed_user)
-      refute Notification.create_notification(activity_dupe, followed_user)
-    end
-
     test "it doesn't create duplicate notifications for follow+subscribed users" do
       user = insert(:user)
       subscriber = insert(:user)
@@ -304,6 +296,74 @@ defmodule Pleroma.NotificationTest do
     end
   end
 
+  describe "follow / follow_request notifications" do
+    test "it creates `follow` notification for approved Follow activity" do
+      user = insert(:user)
+      followed_user = insert(:user, locked: false)
+
+      {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user)
+      assert FollowingRelationship.following?(user, followed_user)
+      assert [notification] = Notification.for_user(followed_user)
+
+      assert %{type: "follow"} =
+               NotificationView.render("show.json", %{
+                 notification: notification,
+                 for: followed_user
+               })
+    end
+
+    test "if `follow_request` notifications are enabled, " <>
+           "it creates `follow_request` notification for pending Follow activity" do
+      clear_config([:notifications, :enable_follow_request_notifications], true)
+      user = insert(:user)
+      followed_user = insert(:user, locked: true)
+
+      {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user)
+      refute FollowingRelationship.following?(user, followed_user)
+      assert [notification] = Notification.for_user(followed_user)
+
+      render_opts = %{notification: notification, for: followed_user}
+      assert %{type: "follow_request"} = NotificationView.render("show.json", render_opts)
+
+      # After request is accepted, the same notification is rendered with type "follow":
+      assert {:ok, _} = CommonAPI.accept_follow_request(user, followed_user)
+
+      notification_id = notification.id
+      assert [%{id: ^notification_id}] = Notification.for_user(followed_user)
+      assert %{type: "follow"} = NotificationView.render("show.json", render_opts)
+    end
+
+    test "if `follow_request` notifications are disabled, " <>
+           "it does NOT create `follow*` notification for pending Follow activity" do
+      clear_config([:notifications, :enable_follow_request_notifications], false)
+      user = insert(:user)
+      followed_user = insert(:user, locked: true)
+
+      {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user)
+      refute FollowingRelationship.following?(user, followed_user)
+      assert [] = Notification.for_user(followed_user)
+
+      # After request is accepted, no new notifications are generated:
+      assert {:ok, _} = CommonAPI.accept_follow_request(user, followed_user)
+      assert [] = Notification.for_user(followed_user)
+    end
+
+    test "it doesn't create a notification for follow-unfollow-follow chains" do
+      user = insert(:user)
+      followed_user = insert(:user, locked: false)
+
+      {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user)
+      assert FollowingRelationship.following?(user, followed_user)
+      assert [notification] = Notification.for_user(followed_user)
+
+      CommonAPI.unfollow(user, followed_user)
+      {:ok, _, _, _activity_dupe} = CommonAPI.follow(user, followed_user)
+
+      notification_id = notification.id
+      assert [%{id: ^notification_id}] = Notification.for_user(followed_user)
+    end
+  end
+
   describe "get notification" do
     test "it gets a notification that belongs to the user" do
       user = insert(:user)

test/plugs/authentication_plug_test.exs

@@ -6,6 +6,8 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
   use Pleroma.Web.ConnCase, async: true
 
   alias Pleroma.Plugs.AuthenticationPlug
+  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Plugs.PlugHelper
   alias Pleroma.User
 
   import ExUnit.CaptureLog
@@ -36,13 +38,16 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
     assert ret_conn == conn
   end
 
-  test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do
+  test "with a correct password in the credentials, " <>
+         "it assigns the auth_user and marks OAuthScopesPlug as skipped",
+       %{conn: conn} do
     conn =
       conn
       |> assign(:auth_credentials, %{password: "guy"})
       |> AuthenticationPlug.call(%{})
 
     assert conn.assigns.user == conn.assigns.auth_user
+    assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
   end
 
   test "with a wrong password in the credentials, it does nothing", %{conn: conn} do

test/plugs/legacy_authentication_plug_test.exs

@@ -8,6 +8,8 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
   import Pleroma.Factory
 
   alias Pleroma.Plugs.LegacyAuthenticationPlug
+  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Plugs.PlugHelper
   alias Pleroma.User
 
   setup do
@@ -36,7 +38,8 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
   end
 
   @tag :skip_on_mac
-  test "it authenticates the auth_user if present and password is correct and resets the password",
+  test "if `auth_user` is present and password is correct, " <>
+         "it authenticates the user, resets the password, marks OAuthScopesPlug as skipped",
        %{
          conn: conn,
          user: user
@@ -49,6 +52,7 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
     conn = LegacyAuthenticationPlug.call(conn, %{})
 
     assert conn.assigns.user.id == user.id
+    assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
   end
 
   @tag :skip_on_mac

test/plugs/oauth_scopes_plug_test.exs

@@ -7,7 +7,6 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
 
   alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
   alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.PlugHelper
   alias Pleroma.Repo
 
   import Mock
@@ -21,7 +20,7 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
     with_mock OAuthScopesPlug, [:passthrough], perform: &passthrough([&1, &2]) do
       conn =
         conn
-        |> PlugHelper.append_to_skipped_plugs(OAuthScopesPlug)
+        |> OAuthScopesPlug.skip_plug()
         |> OAuthScopesPlug.call(%{scopes: ["random_scope"]})
 
       refute called(OAuthScopesPlug.perform(:_, :_))

test/web/activity_pub/side_effects_test.exs

@@ -18,13 +18,14 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
 
   describe "like objects" do
     setup do
+      poster = insert(:user)
       user = insert(:user)
-      {:ok, post} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, post} = CommonAPI.post(poster, %{"status" => "hey"})
 
       {:ok, like_data, _meta} = Builder.like(user, post.object)
       {:ok, like, _meta} = ActivityPub.persist(like_data, local: true)
 
-      %{like: like, user: user}
+      %{like: like, user: user, poster: poster}
     end
 
     test "add the like to the original object", %{like: like, user: user} do
@@ -33,6 +34,11 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
       assert object.data["like_count"] == 1
       assert user.ap_id in object.data["likes"]
     end
+
+    test "creates a notification", %{like: like, poster: poster} do
+      {:ok, like, _} = SideEffects.handle(like)
+      assert Repo.get_by(Notification, user_id: poster.id, activity_id: like.id)
+    end
   end
 
   describe "creation of ChatMessages" do

test/web/auth/basic_auth_test.exs

@@ -0,0 +1,46 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.BasicAuthTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
+    conn: conn
+  } do
+    user = insert(:user)
+    assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+
+    basic_auth_contents =
+      (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
+      |> Base.encode64()
+
+    # Succeeds with HTTP Basic Auth
+    response =
+      conn
+      |> put_req_header("authorization", "Basic " <> basic_auth_contents)
+      |> get("/api/v1/accounts/verify_credentials")
+      |> json_response(200)
+
+    user_nickname = user.nickname
+    assert %{"username" => ^user_nickname} = response
+
+    # Succeeds with a properly scoped OAuth token
+    valid_token = insert(:oauth_token, scopes: ["read:accounts"])
+
+    conn
+    |> put_req_header("authorization", "Bearer #{valid_token.token}")
+    |> get("/api/v1/accounts/verify_credentials")
+    |> json_response(200)
+
+    # Fails with a wrong-scoped OAuth token (proof of restriction)
+    invalid_token = insert(:oauth_token, scopes: ["read:something"])
+
+    conn
+    |> put_req_header("authorization", "Bearer #{invalid_token.token}")
+    |> get("/api/v1/accounts/verify_credentials")
+    |> json_response(403)
+  end
+end