Merge branch 'develop' into feature/addressable-lists

test/web/activity_pub/activity_pub_controller_test.exs

@@ -15,6 +15,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+
+    config_path = [:instance, :federating]
+    initial_setting = Pleroma.Config.get(config_path)
+
+    Pleroma.Config.put(config_path, true)
+    on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
+
     :ok
   end
 
@@ -163,7 +170,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
   describe "/object/:uuid/likes" do
     test "it returns the like activities in a collection", %{conn: conn} do
       like = insert(:like_activity)
-      uuid = String.split(like.data["object"], "/") |> List.last()
+      like_object_ap_id = Object.normalize(like).data["id"]
+      uuid = String.split(like_object_ap_id, "/") |> List.last()
 
       result =
         conn
@@ -302,6 +310,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
     test "it returns a note activity in a collection", %{conn: conn} do
       note_activity = insert(:direct_note_activity)
+      note_object = Object.normalize(note_activity)
       user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))
 
       conn =
@@ -310,7 +319,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
         |> put_req_header("accept", "application/activity+json")
         |> get("/users/#{user.nickname}/inbox")
 
-      assert response(conn, 200) =~ note_activity.data["object"]["content"]
+      assert response(conn, 200) =~ note_object.data["content"]
     end
 
     test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do
@@ -388,6 +397,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
     test "it returns a note activity in a collection", %{conn: conn} do
       note_activity = insert(:note_activity)
+      note_object = Object.normalize(note_activity)
       user = User.get_cached_by_ap_id(note_activity.data["actor"])
 
       conn =
@@ -395,7 +405,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
         |> put_req_header("accept", "application/activity+json")
         |> get("/users/#{user.nickname}/outbox")
 
-      assert response(conn, 200) =~ note_activity.data["object"]["content"]
+      assert response(conn, 200) =~ note_object.data["content"]
     end
 
     test "it returns an announce activity in a collection", %{conn: conn} do
@@ -457,12 +467,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
     test "it erects a tombstone when receiving a delete activity", %{conn: conn} do
       note_activity = insert(:note_activity)
+      note_object = Object.normalize(note_activity)
       user = User.get_cached_by_ap_id(note_activity.data["actor"])
 
       data = %{
         type: "Delete",
         object: %{
-          id: note_activity.data["object"]["id"]
+          id: note_object.data["id"]
         }
       }
 
@@ -475,19 +486,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       result = json_response(conn, 201)
       assert Activity.get_by_ap_id(result["id"])
 
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
-      assert object
+      assert object = Object.get_by_ap_id(note_object.data["id"])
       assert object.data["type"] == "Tombstone"
     end
 
     test "it rejects delete activity of object from other actor", %{conn: conn} do
       note_activity = insert(:note_activity)
+      note_object = Object.normalize(note_activity)
       user = insert(:user)
 
       data = %{
         type: "Delete",
         object: %{
-          id: note_activity.data["object"]["id"]
+          id: note_object.data["id"]
         }
       }
 
@@ -502,12 +513,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
     test "it increases like count when receiving a like action", %{conn: conn} do
       note_activity = insert(:note_activity)
+      note_object = Object.normalize(note_activity)
       user = User.get_cached_by_ap_id(note_activity.data["actor"])
 
       data = %{
         type: "Like",
         object: %{
-          id: note_activity.data["object"]["id"]
+          id: note_object.data["id"]
         }
       }
 
@@ -520,8 +532,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       result = json_response(conn, 201)
       assert Activity.get_by_ap_id(result["id"])
 
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
-      assert object
+      assert object = Object.get_by_ap_id(note_object.data["id"])
       assert object.data["like_count"] == 1
     end
   end

test/web/activity_pub/activity_pub_test.exs

@@ -254,10 +254,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       }
 
       {:ok, %Activity{} = activity} = ActivityPub.insert(data)
-      object = Object.normalize(activity.data["object"])
-
+      assert object = Object.normalize(activity)
       assert is_binary(object.data["id"])
-      assert %Object{} = Object.get_by_ap_id(activity.data["object"])
     end
   end
 
@@ -659,7 +657,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   describe "like an object" do
     test "adds a like activity to the db" do
       note_activity = insert(:note_activity)
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      assert object = Object.normalize(note_activity)
+
       user = insert(:user)
       user_two = insert(:user)
 
@@ -678,19 +677,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
 
       assert like_activity == same_like_activity
       assert object.data["likes"] == [user.ap_id]
+      assert object.data["like_count"] == 1
 
       [note_activity] = Activity.get_all_create_by_object_ap_id(object.data["id"])
       assert note_activity.data["object"]["like_count"] == 1
 
       {:ok, _like_activity, object} = ActivityPub.like(user_two, object)
       assert object.data["like_count"] == 2
+
+      [note_activity] = Activity.get_all_create_by_object_ap_id(object.data["id"])
+      assert note_activity.data["object"]["like_count"] == 2
     end
   end
 
   describe "unliking" do
     test "unliking a previously liked object" do
       note_activity = insert(:note_activity)
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      object = Object.normalize(note_activity)
       user = insert(:user)
 
       # Unliking something that hasn't been liked does nothing
@@ -710,7 +713,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   describe "announcing an object" do
     test "adds an announce activity to the db" do
       note_activity = insert(:note_activity)
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      object = Object.normalize(note_activity)
       user = insert(:user)
 
       {:ok, announce_activity, object} = ActivityPub.announce(user, object)
@@ -731,7 +734,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   describe "unannouncing an object" do
     test "unannouncing a previously announced object" do
       note_activity = insert(:note_activity)
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      object = Object.normalize(note_activity)
       user = insert(:user)
 
       # Unannouncing an object that is not announced does nothing
@@ -810,10 +813,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       assert activity.data["type"] == "Undo"
       assert activity.data["actor"] == follower.ap_id
 
-      assert is_map(activity.data["object"])
-      assert activity.data["object"]["type"] == "Follow"
-      assert activity.data["object"]["object"] == followed.ap_id
-      assert activity.data["object"]["id"] == follow_activity.data["id"]
+      embedded_object = activity.data["object"]
+      assert is_map(embedded_object)
+      assert embedded_object["type"] == "Follow"
+      assert embedded_object["object"] == followed.ap_id
+      assert embedded_object["id"] == follow_activity.data["id"]
     end
   end
 
@@ -839,22 +843,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       assert activity.data["type"] == "Undo"
       assert activity.data["actor"] == blocker.ap_id
 
-      assert is_map(activity.data["object"])
-      assert activity.data["object"]["type"] == "Block"
-      assert activity.data["object"]["object"] == blocked.ap_id
-      assert activity.data["object"]["id"] == block_activity.data["id"]
+      embedded_object = activity.data["object"]
+      assert is_map(embedded_object)
+      assert embedded_object["type"] == "Block"
+      assert embedded_object["object"] == blocked.ap_id
+      assert embedded_object["id"] == block_activity.data["id"]
     end
   end
 
   describe "deletion" do
     test "it creates a delete activity and deletes the original object" do
       note = insert(:note_activity)
-      object = Object.get_by_ap_id(note.data["object"]["id"])
+      object = Object.normalize(note)
       {:ok, delete} = ActivityPub.delete(object)
 
       assert delete.data["type"] == "Delete"
       assert delete.data["actor"] == note.data["actor"]
-      assert delete.data["object"] == note.data["object"]["id"]
+      assert delete.data["object"] == object.data["id"]
 
       assert Activity.get_by_id(delete.id) != nil
 
@@ -900,13 +905,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
     test "it creates a delete activity and checks that it is also sent to users mentioned by the deleted object" do
       user = insert(:user)
       note = insert(:note_activity)
+      object = Object.normalize(note)
 
       {:ok, object} =
-        Object.get_by_ap_id(note.data["object"]["id"])
+        object
         |> Object.change(%{
           data: %{
-            "actor" => note.data["object"]["actor"],
-            "id" => note.data["object"]["id"],
+            "actor" => object.data["actor"],
+            "id" => object.data["id"],
             "to" => [user.ap_id],
             "type" => "Note"
           }
@@ -1018,8 +1024,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
 
       assert update.data["actor"] == user.ap_id
       assert update.data["to"] == [user.follower_address]
-      assert update.data["object"]["id"] == user_data["id"]
-      assert update.data["object"]["type"] == user_data["type"]
+      assert embedded_object = update.data["object"]
+      assert embedded_object["id"] == user_data["id"]
+      assert embedded_object["type"] == user_data["type"]
     end
   end
 

test/web/activity_pub/mrf/anti_link_spam_policy_test.exs

@@ -0,0 +1,145 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicyTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+  import ExUnit.CaptureLog
+
+  alias Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy
+
+  @linkless_message %{
+    "type" => "Create",
+    "object" => %{
+      "content" => "hi world!"
+    }
+  }
+
+  @linkful_message %{
+    "type" => "Create",
+    "object" => %{
+      "content" => "<a href='https://example.com'>hi world!</a>"
+    }
+  }
+
+  @response_message %{
+    "type" => "Create",
+    "object" => %{
+      "name" => "yes",
+      "type" => "Answer"
+    }
+  }
+
+  describe "with new user" do
+    test "it allows posts without links" do
+      user = insert(:user)
+
+      assert user.info.note_count == 0
+
+      message =
+        @linkless_message
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _message} = AntiLinkSpamPolicy.filter(message)
+    end
+
+    test "it disallows posts with links" do
+      user = insert(:user)
+
+      assert user.info.note_count == 0
+
+      message =
+        @linkful_message
+        |> Map.put("actor", user.ap_id)
+
+      {:reject, _} = AntiLinkSpamPolicy.filter(message)
+    end
+  end
+
+  describe "with old user" do
+    test "it allows posts without links" do
+      user = insert(:user, info: %{note_count: 1})
+
+      assert user.info.note_count == 1
+
+      message =
+        @linkless_message
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _message} = AntiLinkSpamPolicy.filter(message)
+    end
+
+    test "it allows posts with links" do
+      user = insert(:user, info: %{note_count: 1})
+
+      assert user.info.note_count == 1
+
+      message =
+        @linkful_message
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _message} = AntiLinkSpamPolicy.filter(message)
+    end
+  end
+
+  describe "with followed new user" do
+    test "it allows posts without links" do
+      user = insert(:user, info: %{follower_count: 1})
+
+      assert user.info.follower_count == 1
+
+      message =
+        @linkless_message
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _message} = AntiLinkSpamPolicy.filter(message)
+    end
+
+    test "it allows posts with links" do
+      user = insert(:user, info: %{follower_count: 1})
+
+      assert user.info.follower_count == 1
+
+      message =
+        @linkful_message
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _message} = AntiLinkSpamPolicy.filter(message)
+    end
+  end
+
+  describe "with unknown actors" do
+    test "it rejects posts without links" do
+      message =
+        @linkless_message
+        |> Map.put("actor", "http://invalid.actor")
+
+      assert capture_log(fn ->
+               {:reject, _} = AntiLinkSpamPolicy.filter(message)
+             end) =~ "[error] Could not decode user at fetch http://invalid.actor"
+    end
+
+    test "it rejects posts with links" do
+      message =
+        @linkful_message
+        |> Map.put("actor", "http://invalid.actor")
+
+      assert capture_log(fn ->
+               {:reject, _} = AntiLinkSpamPolicy.filter(message)
+             end) =~ "[error] Could not decode user at fetch http://invalid.actor"
+    end
+  end
+
+  describe "with contentless-objects" do
+    test "it does not reject them or error out" do
+      user = insert(:user, info: %{note_count: 1})
+
+      message =
+        @response_message
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _message} = AntiLinkSpamPolicy.filter(message)
+    end
+  end
+end

test/web/activity_pub/mrf/ensure_re_prepended_test.exs

@@ -0,0 +1,82 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrependedTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.MRF.EnsureRePrepended
+
+  describe "rewrites summary" do
+    test "it adds `re:` to summary object when child summary and parent summary equal" do
+      message = %{
+        "type" => "Create",
+        "object" => %{
+          "summary" => "object-summary",
+          "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "object-summary"}}}
+        }
+      }
+
+      assert {:ok, res} = EnsureRePrepended.filter(message)
+      assert res["object"]["summary"] == "re: object-summary"
+    end
+
+    test "it adds `re:` to summary object when child summary containts re-subject of parent summary " do
+      message = %{
+        "type" => "Create",
+        "object" => %{
+          "summary" => "object-summary",
+          "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "re: object-summary"}}}
+        }
+      }
+
+      assert {:ok, res} = EnsureRePrepended.filter(message)
+      assert res["object"]["summary"] == "re: object-summary"
+    end
+  end
+
+  describe "skip filter" do
+    test "it skip if type isn't 'Create'" do
+      message = %{
+        "type" => "Annotation",
+        "object" => %{"summary" => "object-summary"}
+      }
+
+      assert {:ok, res} = EnsureRePrepended.filter(message)
+      assert res == message
+    end
+
+    test "it skip if summary is empty" do
+      message = %{
+        "type" => "Create",
+        "object" => %{
+          "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "summary"}}}
+        }
+      }
+
+      assert {:ok, res} = EnsureRePrepended.filter(message)
+      assert res == message
+    end
+
+    test "it skip if inReplyTo is empty" do
+      message = %{"type" => "Create", "object" => %{"summary" => "summary"}}
+      assert {:ok, res} = EnsureRePrepended.filter(message)
+      assert res == message
+    end
+
+    test "it skip if parent and child summary isn't equal" do
+      message = %{
+        "type" => "Create",
+        "object" => %{
+          "summary" => "object-summary",
+          "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "summary"}}}
+        }
+      }
+
+      assert {:ok, res} = EnsureRePrepended.filter(message)
+      assert res == message
+    end
+  end
+end

test/web/activity_pub/mrf/mediaproxy_warming_policy_test.exs

@@ -0,0 +1,45 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicyTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.HTTP
+  alias Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy
+
+  import Mock
+
+  @message %{
+    "type" => "Create",
+    "object" => %{
+      "type" => "Note",
+      "content" => "content",
+      "attachment" => [
+        %{"url" => [%{"href" => "http://example.com/image.jpg"}]}
+      ]
+    }
+  }
+
+  test "it prefetches media proxy URIs" do
+    with_mock HTTP, get: fn _, _, _ -> {:ok, []} end do
+      MediaProxyWarmingPolicy.filter(@message)
+      assert called(HTTP.get(:_, :_, :_))
+    end
+  end
+
+  test "it does nothing when no attachments are present" do
+    object =
+      @message["object"]
+      |> Map.delete("attachment")
+
+    message =
+      @message
+      |> Map.put("object", object)
+
+    with_mock HTTP, get: fn _, _, _ -> {:ok, []} end do
+      MediaProxyWarmingPolicy.filter(message)
+      refute called(HTTP.get(:_, :_, :_))
+    end
+  end
+end

test/web/activity_pub/mrf/no_placeholder_text_policy_test.exs

@@ -0,0 +1,37 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicyTest do
+  use Pleroma.DataCase
+  alias Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicy
+
+  test "it clears content object" do
+    message = %{
+      "type" => "Create",
+      "object" => %{"content" => ".", "attachment" => "image"}
+    }
+
+    assert {:ok, res} = NoPlaceholderTextPolicy.filter(message)
+    assert res["object"]["content"] == ""
+
+    message = put_in(message, ["object", "content"], "<p>.</p>")
+    assert {:ok, res} = NoPlaceholderTextPolicy.filter(message)
+    assert res["object"]["content"] == ""
+  end
+
+  @messages [
+    %{
+      "type" => "Create",
+      "object" => %{"content" => "test", "attachment" => "image"}
+    },
+    %{"type" => "Create", "object" => %{"content" => "."}},
+    %{"type" => "Create", "object" => %{"content" => "<p>.</p>"}}
+  ]
+  test "it skips filter" do
+    Enum.each(@messages, fn message ->
+      assert {:ok, res} = NoPlaceholderTextPolicy.filter(message)
+      assert res == message
+    end)
+  end
+end

test/web/activity_pub/mrf/normalize_markup_test.exs

@@ -0,0 +1,42 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
+  use Pleroma.DataCase
+  alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
+
+  @html_sample """
+  <b>this is in bold</b>
+  <p>this is a paragraph</p>
+  this is a linebreak<br />
+  this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
+  this is a link with not allowed "rel" attribute: <a href="http://example.com/" rel="tag noallowed">example.com</a>
+  this is an image: <img src="http://example.com/image.jpg"><br />
+  <script>alert('hacked')</script>
+  """
+
+  test "it filter html tags" do
+    expected = """
+    <b>this is in bold</b>
+    <p>this is a paragraph</p>
+    this is a linebreak<br />
+    this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
+    this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
+    this is an image: <img src="http://example.com/image.jpg" /><br />
+    alert('hacked')
+    """
+
+    message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
+
+    assert {:ok, res} = NormalizeMarkup.filter(message)
+    assert res["object"]["content"] == expected
+  end
+
+  test "it skips filter if type isn't `Create`" do
+    message = %{"type" => "Note", "object" => %{}}
+
+    assert {:ok, res} = NormalizeMarkup.filter(message)
+    assert res == message
+  end
+end

test/web/activity_pub/mrf/reject_non_public_test.exs

@@ -0,0 +1,105 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublicTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.Web.ActivityPub.MRF.RejectNonPublic
+
+  setup do
+    policy = Pleroma.Config.get([:mrf_rejectnonpublic])
+    on_exit(fn -> Pleroma.Config.put([:mrf_rejectnonpublic], policy) end)
+
+    :ok
+  end
+
+  describe "public message" do
+    test "it's allowed when address is public" do
+      actor = insert(:user, follower_address: "test-address")
+
+      message = %{
+        "actor" => actor.ap_id,
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "cc" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "type" => "Create"
+      }
+
+      assert {:ok, message} = RejectNonPublic.filter(message)
+    end
+
+    test "it's allowed when cc address contain public address" do
+      actor = insert(:user, follower_address: "test-address")
+
+      message = %{
+        "actor" => actor.ap_id,
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "cc" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "type" => "Create"
+      }
+
+      assert {:ok, message} = RejectNonPublic.filter(message)
+    end
+  end
+
+  describe "followers message" do
+    test "it's allowed when addrer of message in the follower addresses of user and it enabled in config" do
+      actor = insert(:user, follower_address: "test-address")
+
+      message = %{
+        "actor" => actor.ap_id,
+        "to" => ["test-address"],
+        "cc" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "type" => "Create"
+      }
+
+      Pleroma.Config.put([:mrf_rejectnonpublic, :allow_followersonly], true)
+      assert {:ok, message} = RejectNonPublic.filter(message)
+    end
+
+    test "it's rejected when addrer of message in the follower addresses of user and it disabled in config" do
+      actor = insert(:user, follower_address: "test-address")
+
+      message = %{
+        "actor" => actor.ap_id,
+        "to" => ["test-address"],
+        "cc" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "type" => "Create"
+      }
+
+      Pleroma.Config.put([:mrf_rejectnonpublic, :allow_followersonly], false)
+      assert {:reject, nil} = RejectNonPublic.filter(message)
+    end
+  end
+
+  describe "direct message" do
+    test "it's allows when direct messages are allow" do
+      actor = insert(:user)
+
+      message = %{
+        "actor" => actor.ap_id,
+        "to" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "cc" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "type" => "Create"
+      }
+
+      Pleroma.Config.put([:mrf_rejectnonpublic, :allow_direct], true)
+      assert {:ok, message} = RejectNonPublic.filter(message)
+    end
+
+    test "it's reject when direct messages aren't allow" do
+      actor = insert(:user)
+
+      message = %{
+        "actor" => actor.ap_id,
+        "to" => ["https://www.w3.org/ns/activitystreams#Publid~~~"],
+        "cc" => ["https://www.w3.org/ns/activitystreams#Publid"],
+        "type" => "Create"
+      }
+
+      Pleroma.Config.put([:mrf_rejectnonpublic, :allow_direct], false)
+      assert {:reject, nil} = RejectNonPublic.filter(message)
+    end
+  end
+end

test/web/activity_pub/mrf/tag_policy_test.exs

@@ -0,0 +1,123 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.TagPolicyTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.Web.ActivityPub.MRF.TagPolicy
+  @public "https://www.w3.org/ns/activitystreams#Public"
+
+  describe "mrf_tag:disable-any-subscription" do
+    test "rejects message" do
+      actor = insert(:user, tags: ["mrf_tag:disable-any-subscription"])
+      message = %{"object" => actor.ap_id, "type" => "Follow"}
+      assert {:reject, nil} = TagPolicy.filter(message)
+    end
+  end
+
+  describe "mrf_tag:disable-remote-subscription" do
+    test "rejects non-local follow requests" do
+      actor = insert(:user, tags: ["mrf_tag:disable-remote-subscription"])
+      follower = insert(:user, tags: ["mrf_tag:disable-remote-subscription"], local: false)
+      message = %{"object" => actor.ap_id, "type" => "Follow", "actor" => follower.ap_id}
+      assert {:reject, nil} = TagPolicy.filter(message)
+    end
+
+    test "allows non-local follow requests" do
+      actor = insert(:user, tags: ["mrf_tag:disable-remote-subscription"])
+      follower = insert(:user, tags: ["mrf_tag:disable-remote-subscription"], local: true)
+      message = %{"object" => actor.ap_id, "type" => "Follow", "actor" => follower.ap_id}
+      assert {:ok, message} = TagPolicy.filter(message)
+    end
+  end
+
+  describe "mrf_tag:sandbox" do
+    test "removes from public timelines" do
+      actor = insert(:user, tags: ["mrf_tag:sandbox"])
+
+      message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{},
+        "to" => [@public, "f"],
+        "cc" => [@public, "d"]
+      }
+
+      except_message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{"to" => ["f", actor.follower_address], "cc" => ["d"]},
+        "to" => ["f", actor.follower_address],
+        "cc" => ["d"]
+      }
+
+      assert TagPolicy.filter(message) == {:ok, except_message}
+    end
+  end
+
+  describe "mrf_tag:force-unlisted" do
+    test "removes from the federated timeline" do
+      actor = insert(:user, tags: ["mrf_tag:force-unlisted"])
+
+      message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{},
+        "to" => [@public, "f"],
+        "cc" => [actor.follower_address, "d"]
+      }
+
+      except_message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{"to" => ["f", actor.follower_address], "cc" => ["d", @public]},
+        "to" => ["f", actor.follower_address],
+        "cc" => ["d", @public]
+      }
+
+      assert TagPolicy.filter(message) == {:ok, except_message}
+    end
+  end
+
+  describe "mrf_tag:media-strip" do
+    test "removes attachments" do
+      actor = insert(:user, tags: ["mrf_tag:media-strip"])
+
+      message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{"attachment" => ["file1"]}
+      }
+
+      except_message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{}
+      }
+
+      assert TagPolicy.filter(message) == {:ok, except_message}
+    end
+  end
+
+  describe "mrf_tag:media-force-nsfw" do
+    test "Mark as sensitive on presence of attachments" do
+      actor = insert(:user, tags: ["mrf_tag:media-force-nsfw"])
+
+      message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{"tag" => ["test"], "attachment" => ["file1"]}
+      }
+
+      except_message = %{
+        "actor" => actor.ap_id,
+        "type" => "Create",
+        "object" => %{"tag" => ["test", "nsfw"], "attachment" => ["file1"], "sensitive" => true}
+      }
+
+      assert TagPolicy.filter(message) == {:ok, except_message}
+    end
+  end
+end

test/web/activity_pub/mrf/user_allowlist_policy_test.exs

@@ -0,0 +1,36 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicyTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy
+
+  setup do
+    policy = Pleroma.Config.get([:mrf_user_allowlist]) || []
+    on_exit(fn -> Pleroma.Config.put([:mrf_user_allowlist], policy) end)
+
+    :ok
+  end
+
+  test "pass filter if allow list is empty" do
+    actor = insert(:user)
+    message = %{"actor" => actor.ap_id}
+    assert UserAllowListPolicy.filter(message) == {:ok, message}
+  end
+
+  test "pass filter if allow list isn't empty and user in allow list" do
+    actor = insert(:user)
+    Pleroma.Config.put([:mrf_user_allowlist, :localhost], [actor.ap_id, "test-ap-id"])
+    message = %{"actor" => actor.ap_id}
+    assert UserAllowListPolicy.filter(message) == {:ok, message}
+  end
+
+  test "rejected if allow list isn't empty and user not in allow list" do
+    actor = insert(:user)
+    Pleroma.Config.put([:mrf_user_allowlist, :localhost], ["test-ap-id"])
+    message = %{"actor" => actor.ap_id}
+    assert UserAllowListPolicy.filter(message) == {:reject, nil}
+  end
+end

test/web/activity_pub/transmogrifier/follow_handling_test.exs

@@ -0,0 +1,143 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.FollowHandlingTest do
+  use Pleroma.DataCase
+  alias Pleroma.Activity
+  alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.ActivityPub.Utils
+
+  import Pleroma.Factory
+  import Ecto.Query
+
+  setup_all do
+    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  describe "handle_incoming" do
+    test "it works for incoming follow requests" do
+      user = insert(:user)
+
+      data =
+        File.read!("test/fixtures/mastodon-follow-activity.json")
+        |> Poison.decode!()
+        |> Map.put("object", user.ap_id)
+
+      {:ok, %Activity{data: data, local: false} = activity} = Transmogrifier.handle_incoming(data)
+
+      assert data["actor"] == "http://mastodon.example.org/users/admin"
+      assert data["type"] == "Follow"
+      assert data["id"] == "http://mastodon.example.org/users/admin#follows/2"
+
+      activity = Repo.get(Activity, activity.id)
+      assert activity.data["state"] == "accept"
+      assert User.following?(User.get_cached_by_ap_id(data["actor"]), user)
+    end
+
+    test "with locked accounts, it does not create a follow or an accept" do
+      user = insert(:user, info: %{locked: true})
+
+      data =
+        File.read!("test/fixtures/mastodon-follow-activity.json")
+        |> Poison.decode!()
+        |> Map.put("object", user.ap_id)
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+      assert data["state"] == "pending"
+
+      refute User.following?(User.get_cached_by_ap_id(data["actor"]), user)
+
+      accepts =
+        from(
+          a in Activity,
+          where: fragment("?->>'type' = ?", a.data, "Accept")
+        )
+        |> Repo.all()
+
+      assert length(accepts) == 0
+    end
+
+    test "it works for follow requests when you are already followed, creating a new accept activity" do
+      # This is important because the remote might have the wrong idea about the
+      # current follow status. This can lead to instance A thinking that x@A is
+      # followed by y@B, but B thinks they are not. In this case, the follow can
+      # never go through again because it will never get an Accept.
+      user = insert(:user)
+
+      data =
+        File.read!("test/fixtures/mastodon-follow-activity.json")
+        |> Poison.decode!()
+        |> Map.put("object", user.ap_id)
+
+      {:ok, %Activity{local: false}} = Transmogrifier.handle_incoming(data)
+
+      accepts =
+        from(
+          a in Activity,
+          where: fragment("?->>'type' = ?", a.data, "Accept")
+        )
+        |> Repo.all()
+
+      assert length(accepts) == 1
+
+      data =
+        File.read!("test/fixtures/mastodon-follow-activity.json")
+        |> Poison.decode!()
+        |> Map.put("id", String.replace(data["id"], "2", "3"))
+        |> Map.put("object", user.ap_id)
+
+      {:ok, %Activity{local: false}} = Transmogrifier.handle_incoming(data)
+
+      accepts =
+        from(
+          a in Activity,
+          where: fragment("?->>'type' = ?", a.data, "Accept")
+        )
+        |> Repo.all()
+
+      assert length(accepts) == 2
+    end
+
+    test "it rejects incoming follow requests from blocked users when deny_follow_blocked is enabled" do
+      Pleroma.Config.put([:user, :deny_follow_blocked], true)
+
+      user = insert(:user)
+      {:ok, target} = User.get_or_fetch("http://mastodon.example.org/users/admin")
+
+      {:ok, user} = User.block(user, target)
+
+      data =
+        File.read!("test/fixtures/mastodon-follow-activity.json")
+        |> Poison.decode!()
+        |> Map.put("object", user.ap_id)
+
+      {:ok, %Activity{data: %{"id" => id}}} = Transmogrifier.handle_incoming(data)
+
+      %Activity{} = activity = Activity.get_by_ap_id(id)
+
+      assert activity.data["state"] == "reject"
+    end
+
+    test "it works for incoming follow requests from hubzilla" do
+      user = insert(:user)
+
+      data =
+        File.read!("test/fixtures/hubzilla-follow-activity.json")
+        |> Poison.decode!()
+        |> Map.put("object", user.ap_id)
+        |> Utils.normalize_params()
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+      assert data["actor"] == "https://hubzilla.example.org/channel/kaniini"
+      assert data["type"] == "Follow"
+      assert data["id"] == "https://hubzilla.example.org/channel/kaniini#follows/2"
+      assert User.following?(User.get_cached_by_ap_id(data["actor"]), user)
+    end
+  end
+end

test/web/activity_pub/transmogrifier_test.exs

@@ -11,12 +11,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Transmogrifier
-  alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.OStatus
   alias Pleroma.Web.Websub.WebsubClientSubscription
 
+  import Mock
   import Pleroma.Factory
-  alias Pleroma.Web.CommonAPI
+  import ExUnit.CaptureLog
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -30,7 +31,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       data =
         File.read!("test/fixtures/mastodon-post-activity.json")
         |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
+        |> Map.put("object", Object.normalize(activity).data)
 
       {:ok, returned_activity} = Transmogrifier.handle_incoming(data)
 
@@ -46,12 +47,9 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
         data["object"]
         |> Map.put("inReplyTo", "https://shitposter.club/notice/2827873")
 
-      data =
-        data
-        |> Map.put("object", object)
-
+      data = Map.put(data, "object", object)
       {:ok, returned_activity} = Transmogrifier.handle_incoming(data)
-      returned_object = Object.normalize(returned_activity.data["object"])
+      returned_object = Object.normalize(returned_activity, false)
 
       assert activity =
                Activity.get_create_by_object_ap_id(
@@ -61,6 +59,50 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert returned_object.data["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873"
     end
 
+    test "it does not fetch replied-to activities beyond max_replies_depth" do
+      data =
+        File.read!("test/fixtures/mastodon-post-activity.json")
+        |> Poison.decode!()
+
+      object =
+        data["object"]
+        |> Map.put("inReplyTo", "https://shitposter.club/notice/2827873")
+
+      data = Map.put(data, "object", object)
+
+      with_mock Pleroma.Web.Federator,
+        allowed_incoming_reply_depth?: fn _ -> false end do
+        {:ok, returned_activity} = Transmogrifier.handle_incoming(data)
+
+        returned_object = Object.normalize(returned_activity, false)
+
+        refute Activity.get_create_by_object_ap_id(
+                 "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment"
+               )
+
+        assert returned_object.data["inReplyToAtomUri"] ==
+                 "https://shitposter.club/notice/2827873"
+      end
+    end
+
+    test "it does not crash if the object in inReplyTo can't be fetched" do
+      data =
+        File.read!("test/fixtures/mastodon-post-activity.json")
+        |> Poison.decode!()
+
+      object =
+        data["object"]
+        |> Map.put("inReplyTo", "https://404.site/whatever")
+
+      data =
+        data
+        |> Map.put("object", object)
+
+      assert capture_log(fn ->
+               {:ok, _returned_activity} = Transmogrifier.handle_incoming(data)
+             end) =~ "[error] Couldn't fetch \"\"https://404.site/whatever\"\", error: nil"
+    end
+
     test "it works for incoming notices" do
       data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()
 
@@ -81,25 +123,27 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       assert data["actor"] == "http://mastodon.example.org/users/admin"
 
-      object = Object.normalize(data["object"]).data
-      assert object["id"] == "http://mastodon.example.org/users/admin/statuses/99512778738411822"
+      object_data = Object.normalize(data["object"]).data
 
-      assert object["to"] == ["https://www.w3.org/ns/activitystreams#Public"]
+      assert object_data["id"] ==
+               "http://mastodon.example.org/users/admin/statuses/99512778738411822"
 
-      assert object["cc"] == [
+      assert object_data["to"] == ["https://www.w3.org/ns/activitystreams#Public"]
+
+      assert object_data["cc"] == [
                "http://mastodon.example.org/users/admin/followers",
                "http://localtesting.pleroma.lol/users/lain"
              ]
 
-      assert object["actor"] == "http://mastodon.example.org/users/admin"
-      assert object["attributedTo"] == "http://mastodon.example.org/users/admin"
+      assert object_data["actor"] == "http://mastodon.example.org/users/admin"
+      assert object_data["attributedTo"] == "http://mastodon.example.org/users/admin"
 
-      assert object["context"] ==
+      assert object_data["context"] ==
                "tag:mastodon.example.org,2018-02-12:objectId=20:objectType=Conversation"
 
-      assert object["sensitive"] == true
+      assert object_data["sensitive"] == true
 
-      user = User.get_cached_by_ap_id(object["actor"])
+      user = User.get_cached_by_ap_id(object_data["actor"])
 
       assert user.info.note_count == 1
     end
@@ -248,59 +292,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert object_data["cc"] == to
     end
 
-    test "it works for incoming follow requests" do
-      user = insert(:user)
-
-      data =
-        File.read!("test/fixtures/mastodon-follow-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", user.ap_id)
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Follow"
-      assert data["id"] == "http://mastodon.example.org/users/admin#follows/2"
-      assert User.following?(User.get_cached_by_ap_id(data["actor"]), user)
-    end
-
-    test "it rejects incoming follow requests from blocked users when deny_follow_blocked is enabled" do
-      Pleroma.Config.put([:user, :deny_follow_blocked], true)
-
-      user = insert(:user)
-      {:ok, target} = User.get_or_fetch("http://mastodon.example.org/users/admin")
-
-      {:ok, user} = User.block(user, target)
-
-      data =
-        File.read!("test/fixtures/mastodon-follow-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", user.ap_id)
-
-      {:ok, %Activity{data: %{"id" => id}}} = Transmogrifier.handle_incoming(data)
-
-      %Activity{} = activity = Activity.get_by_ap_id(id)
-
-      assert activity.data["state"] == "reject"
-    end
-
-    test "it works for incoming follow requests from hubzilla" do
-      user = insert(:user)
-
-      data =
-        File.read!("test/fixtures/hubzilla-follow-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", user.ap_id)
-        |> Utils.normalize_params()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "https://hubzilla.example.org/channel/kaniini"
-      assert data["type"] == "Follow"
-      assert data["id"] == "https://hubzilla.example.org/channel/kaniini#follows/2"
-      assert User.following?(User.get_cached_by_ap_id(data["actor"]), user)
-    end
-
     test "it works for incoming likes" do
       user = insert(:user)
       {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
@@ -554,11 +545,38 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
         data
         |> Map.put("object", object)
 
-      :error = Transmogrifier.handle_incoming(data)
+      assert capture_log(fn ->
+               :error = Transmogrifier.handle_incoming(data)
+             end) =~
+               "[error] Could not decode user at fetch http://mastodon.example.org/users/gargron, {:error, {:error, :nxdomain}}"
 
       assert Activity.get_by_id(activity.id)
     end
 
+    test "it works for incoming user deletes" do
+      %{ap_id: ap_id} = insert(:user, ap_id: "http://mastodon.example.org/users/admin")
+
+      data =
+        File.read!("test/fixtures/mastodon-delete-user.json")
+        |> Poison.decode!()
+
+      {:ok, _} = Transmogrifier.handle_incoming(data)
+
+      refute User.get_cached_by_ap_id(ap_id)
+    end
+
+    test "it fails for incoming user deletes with spoofed origin" do
+      %{ap_id: ap_id} = insert(:user)
+
+      data =
+        File.read!("test/fixtures/mastodon-delete-user.json")
+        |> Poison.decode!()
+        |> Map.put("actor", ap_id)
+
+      assert :error == Transmogrifier.handle_incoming(data)
+      assert User.get_cached_by_ap_id(ap_id)
+    end
+
     test "it works for incoming unannounces with an existing notice" do
       user = insert(:user)
       {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
@@ -580,10 +598,11 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
 
       assert data["type"] == "Undo"
-      assert data["object"]["type"] == "Announce"
-      assert data["object"]["object"] == activity.data["object"]
+      assert object_data = data["object"]
+      assert object_data["type"] == "Announce"
+      assert object_data["object"] == activity.data["object"]
 
-      assert data["object"]["id"] ==
+      assert object_data["id"] ==
                "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
     end
 
@@ -893,7 +912,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       other_user = insert(:user)
 
       {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"})
-      object = Object.normalize(activity.data["object"])
+      object = Object.normalize(activity)
 
       message = %{
         "@context" => "https://www.w3.org/ns/activitystreams",

test/web/activity_pub/utils_test.exs

@@ -1,7 +1,12 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.UtilsTest do
   use Pleroma.DataCase
   alias Pleroma.Activity
   alias Pleroma.Object
+  alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Utils
@@ -247,4 +252,51 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
       assert fetched_vote.id == vote.id
     end
   end
+
+  describe "update_follow_state_for_all/2" do
+    test "updates the state of all Follow activities with the same actor and object" do
+      user = insert(:user, info: %{locked: true})
+      follower = insert(:user)
+
+      {:ok, follow_activity} = ActivityPub.follow(follower, user)
+      {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
+
+      data =
+        follow_activity_two.data
+        |> Map.put("state", "accept")
+
+      cng = Ecto.Changeset.change(follow_activity_two, data: data)
+
+      {:ok, follow_activity_two} = Repo.update(cng)
+
+      {:ok, follow_activity_two} =
+        Utils.update_follow_state_for_all(follow_activity_two, "accept")
+
+      assert Repo.get(Activity, follow_activity.id).data["state"] == "accept"
+      assert Repo.get(Activity, follow_activity_two.id).data["state"] == "accept"
+    end
+  end
+
+  describe "update_follow_state/2" do
+    test "updates the state of the given follow activity" do
+      user = insert(:user, info: %{locked: true})
+      follower = insert(:user)
+
+      {:ok, follow_activity} = ActivityPub.follow(follower, user)
+      {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
+
+      data =
+        follow_activity_two.data
+        |> Map.put("state", "accept")
+
+      cng = Ecto.Changeset.change(follow_activity_two, data: data)
+
+      {:ok, follow_activity_two} = Repo.update(cng)
+
+      {:ok, follow_activity_two} = Utils.update_follow_state(follow_activity_two, "reject")
+
+      assert Repo.get(Activity, follow_activity.id).data["state"] == "pending"
+      assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
+    end
+  end
 end

test/web/activity_pub/views/object_view_test.exs

@@ -1,7 +1,12 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
   use Pleroma.DataCase
   import Pleroma.Factory
 
+  alias Pleroma.Object
   alias Pleroma.Web.ActivityPub.ObjectView
   alias Pleroma.Web.CommonAPI
 
@@ -19,19 +24,21 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
 
   test "renders a note activity" do
     note = insert(:note_activity)
+    object = Object.normalize(note)
 
     result = ObjectView.render("object.json", %{object: note})
 
     assert result["id"] == note.data["id"]
     assert result["to"] == note.data["to"]
     assert result["object"]["type"] == "Note"
-    assert result["object"]["content"] == note.data["object"]["content"]
+    assert result["object"]["content"] == object.data["content"]
     assert result["type"] == "Create"
     assert result["@context"]
   end
 
   test "renders a like activity" do
     note = insert(:note_activity)
+    object = Object.normalize(note)
     user = insert(:user)
 
     {:ok, like_activity, _} = CommonAPI.favorite(note.id, user)
@@ -39,12 +46,13 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
     result = ObjectView.render("object.json", %{object: like_activity})
 
     assert result["id"] == like_activity.data["id"]
-    assert result["object"] == note.data["object"]["id"]
+    assert result["object"] == object.data["id"]
     assert result["type"] == "Like"
   end
 
   test "renders an announce activity" do
     note = insert(:note_activity)
+    object = Object.normalize(note)
     user = insert(:user)
 
     {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user)
@@ -52,7 +60,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
     result = ObjectView.render("object.json", %{object: announce_activity})
 
     assert result["id"] == announce_activity.data["id"]
-    assert result["object"] == note.data["object"]["id"]
+    assert result["object"] == object.data["id"]
     assert result["type"] == "Announce"
   end
 end

test/web/activity_pub/views/user_view_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.UserViewTest do
   use Pleroma.DataCase
   import Pleroma.Factory

test/web/activity_pub/visibilty_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.ActivityPub.VisibilityTest do
   use Pleroma.DataCase
 

test/web/admin_api/admin_api_controller_test.exs

@@ -6,9 +6,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
   use Pleroma.Web.ConnCase
 
   alias Pleroma.Activity
+  alias Pleroma.HTML
   alias Pleroma.User
   alias Pleroma.UserInviteToken
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.MediaProxy
   import Pleroma.Factory
 
   describe "/api/pleroma/admin/users" do
@@ -58,7 +60,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
         "local" => true,
         "nickname" => user.nickname,
         "roles" => %{"admin" => false, "moderator" => false},
-        "tags" => []
+        "tags" => [],
+        "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+        "display_name" => HTML.strip_tags(user.name || user.nickname)
       }
 
       assert expected == json_response(conn, 200)
@@ -445,7 +449,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => admin.nickname,
             "roles" => %{"admin" => true, "moderator" => false},
             "local" => true,
-            "tags" => []
+            "tags" => [],
+            "avatar" => User.avatar_url(admin) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(admin.name || admin.nickname)
           },
           %{
             "deactivated" => user.info.deactivated,
@@ -453,7 +459,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => user.nickname,
             "roles" => %{"admin" => false, "moderator" => false},
             "local" => false,
-            "tags" => ["foo", "bar"]
+            "tags" => ["foo", "bar"],
+            "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(user.name || user.nickname)
           }
         ]
         |> Enum.sort_by(& &1["nickname"])
@@ -492,7 +500,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -514,7 +524,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -536,7 +548,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -558,7 +572,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -580,7 +596,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -602,7 +620,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -619,7 +639,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user2.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user2) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user2.name || user2.nickname)
                  }
                ]
              }
@@ -646,7 +668,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => true,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -671,7 +695,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => user.nickname,
             "roles" => %{"admin" => false, "moderator" => false},
             "local" => true,
-            "tags" => []
+            "tags" => [],
+            "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(user.name || user.nickname)
           },
           %{
             "deactivated" => admin.info.deactivated,
@@ -679,7 +705,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => admin.nickname,
             "roles" => %{"admin" => true, "moderator" => false},
             "local" => true,
-            "tags" => []
+            "tags" => [],
+            "avatar" => User.avatar_url(admin) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(admin.name || admin.nickname)
           },
           %{
             "deactivated" => false,
@@ -687,7 +715,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "local" => true,
             "nickname" => old_admin.nickname,
             "roles" => %{"admin" => true, "moderator" => false},
-            "tags" => []
+            "tags" => [],
+            "avatar" => User.avatar_url(old_admin) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(old_admin.name || old_admin.nickname)
           }
         ]
         |> Enum.sort_by(& &1["nickname"])
@@ -714,7 +744,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => admin.nickname,
             "roles" => %{"admin" => true, "moderator" => false},
             "local" => admin.local,
-            "tags" => []
+            "tags" => [],
+            "avatar" => User.avatar_url(admin) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(admin.name || admin.nickname)
           },
           %{
             "deactivated" => false,
@@ -722,7 +754,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => second_admin.nickname,
             "roles" => %{"admin" => true, "moderator" => false},
             "local" => second_admin.local,
-            "tags" => []
+            "tags" => [],
+            "avatar" => User.avatar_url(second_admin) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(second_admin.name || second_admin.nickname)
           }
         ]
         |> Enum.sort_by(& &1["nickname"])
@@ -751,7 +785,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => moderator.nickname,
                    "roles" => %{"admin" => false, "moderator" => true},
                    "local" => moderator.local,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(moderator) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(moderator.name || moderator.nickname)
                  }
                ]
              }
@@ -773,7 +809,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => user1.nickname,
             "roles" => %{"admin" => false, "moderator" => false},
             "local" => user1.local,
-            "tags" => ["first"]
+            "tags" => ["first"],
+            "avatar" => User.avatar_url(user1) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(user1.name || user1.nickname)
           },
           %{
             "deactivated" => false,
@@ -781,7 +819,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "nickname" => user2.nickname,
             "roles" => %{"admin" => false, "moderator" => false},
             "local" => user2.local,
-            "tags" => ["second"]
+            "tags" => ["second"],
+            "avatar" => User.avatar_url(user2) |> MediaProxy.url(),
+            "display_name" => HTML.strip_tags(user2.name || user2.nickname)
           }
         ]
         |> Enum.sort_by(& &1["nickname"])
@@ -815,7 +855,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                    "nickname" => user.nickname,
                    "roles" => %{"admin" => false, "moderator" => false},
                    "local" => user.local,
-                   "tags" => []
+                   "tags" => [],
+                   "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+                   "display_name" => HTML.strip_tags(user.name || user.nickname)
                  }
                ]
              }
@@ -838,7 +880,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                "nickname" => user.nickname,
                "roles" => %{"admin" => false, "moderator" => false},
                "local" => true,
-               "tags" => []
+               "tags" => [],
+               "avatar" => User.avatar_url(user) |> MediaProxy.url(),
+               "display_name" => HTML.strip_tags(user.name || user.nickname)
              }
   end
 
@@ -1190,7 +1234,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       recipients = Enum.map(response["mentions"], & &1["username"])
 
-      assert conn.assigns[:user].nickname in recipients
       assert reporter.nickname in recipients
       assert response["content"] == "I will check it out"
       assert response["visibility"] == "direct"
@@ -1292,4 +1335,345 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert json_response(conn, :bad_request) == "Could not delete"
     end
   end
+
+  describe "GET /api/pleroma/admin/config" do
+    setup %{conn: conn} do
+      admin = insert(:user, info: %{is_admin: true})
+
+      %{conn: assign(conn, :user, admin)}
+    end
+
+    test "without any settings in db", %{conn: conn} do
+      conn = get(conn, "/api/pleroma/admin/config")
+
+      assert json_response(conn, 200) == %{"configs" => []}
+    end
+
+    test "with settings in db", %{conn: conn} do
+      config1 = insert(:config)
+      config2 = insert(:config)
+
+      conn = get(conn, "/api/pleroma/admin/config")
+
+      %{
+        "configs" => [
+          %{
+            "key" => key1,
+            "value" => _
+          },
+          %{
+            "key" => key2,
+            "value" => _
+          }
+        ]
+      } = json_response(conn, 200)
+
+      assert key1 == config1.key
+      assert key2 == config2.key
+    end
+  end
+
+  describe "POST /api/pleroma/admin/config" do
+    setup %{conn: conn} do
+      admin = insert(:user, info: %{is_admin: true})
+
+      temp_file = "config/test.exported_from_db.secret.exs"
+
+      on_exit(fn ->
+        Application.delete_env(:pleroma, :key1)
+        Application.delete_env(:pleroma, :key2)
+        Application.delete_env(:pleroma, :key3)
+        Application.delete_env(:pleroma, :key4)
+        Application.delete_env(:pleroma, :keyaa1)
+        Application.delete_env(:pleroma, :keyaa2)
+        Application.delete_env(:pleroma, Pleroma.Web.Endpoint.NotReal)
+        Application.delete_env(:pleroma, Pleroma.Captcha.NotReal)
+        :ok = File.rm(temp_file)
+      end)
+
+      dynamic = Pleroma.Config.get([:instance, :dynamic_configuration])
+
+      Pleroma.Config.put([:instance, :dynamic_configuration], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put([:instance, :dynamic_configuration], dynamic)
+      end)
+
+      %{conn: assign(conn, :user, admin)}
+    end
+
+    test "create new config setting in db", %{conn: conn} do
+      conn =
+        post(conn, "/api/pleroma/admin/config", %{
+          configs: [
+            %{group: "pleroma", key: "key1", value: "value1"},
+            %{
+              group: "pleroma",
+              key: "key2",
+              value: %{
+                "nested_1" => "nested_value1",
+                "nested_2" => [
+                  %{"nested_22" => "nested_value222"},
+                  %{"nested_33" => %{"nested_44" => "nested_444"}}
+                ]
+              }
+            },
+            %{
+              group: "pleroma",
+              key: "key3",
+              value: [
+                %{"nested_3" => ":nested_3", "nested_33" => "nested_33"},
+                %{"nested_4" => ":true"}
+              ]
+            },
+            %{
+              group: "pleroma",
+              key: "key4",
+              value: %{"nested_5" => ":upload", "endpoint" => "https://example.com"}
+            },
+            %{
+              group: "idna",
+              key: "key5",
+              value: %{"tuple" => ["string", "Pleroma.Captcha.NotReal", []]}
+            }
+          ]
+        })
+
+      assert json_response(conn, 200) == %{
+               "configs" => [
+                 %{
+                   "group" => "pleroma",
+                   "key" => "key1",
+                   "value" => "value1"
+                 },
+                 %{
+                   "group" => "pleroma",
+                   "key" => "key2",
+                   "value" => [
+                     %{"nested_1" => "nested_value1"},
+                     %{
+                       "nested_2" => [
+                         %{"nested_22" => "nested_value222"},
+                         %{"nested_33" => %{"nested_44" => "nested_444"}}
+                       ]
+                     }
+                   ]
+                 },
+                 %{
+                   "group" => "pleroma",
+                   "key" => "key3",
+                   "value" => [
+                     [%{"nested_3" => "nested_3"}, %{"nested_33" => "nested_33"}],
+                     %{"nested_4" => true}
+                   ]
+                 },
+                 %{
+                   "group" => "pleroma",
+                   "key" => "key4",
+                   "value" => [%{"endpoint" => "https://example.com"}, %{"nested_5" => "upload"}]
+                 },
+                 %{
+                   "group" => "idna",
+                   "key" => "key5",
+                   "value" => %{"tuple" => ["string", "Pleroma.Captcha.NotReal", []]}
+                 }
+               ]
+             }
+
+      assert Application.get_env(:pleroma, :key1) == "value1"
+
+      assert Application.get_env(:pleroma, :key2) == [
+               nested_1: "nested_value1",
+               nested_2: [
+                 [nested_22: "nested_value222"],
+                 [nested_33: [nested_44: "nested_444"]]
+               ]
+             ]
+
+      assert Application.get_env(:pleroma, :key3) == [
+               [nested_3: :nested_3, nested_33: "nested_33"],
+               [nested_4: true]
+             ]
+
+      assert Application.get_env(:pleroma, :key4) == [
+               endpoint: "https://example.com",
+               nested_5: :upload
+             ]
+
+      assert Application.get_env(:idna, :key5) == {"string", Pleroma.Captcha.NotReal, []}
+    end
+
+    test "update config setting & delete", %{conn: conn} do
+      config1 = insert(:config, key: "keyaa1")
+      config2 = insert(:config, key: "keyaa2")
+
+      conn =
+        post(conn, "/api/pleroma/admin/config", %{
+          configs: [
+            %{group: config1.group, key: config1.key, value: "another_value"},
+            %{group: config2.group, key: config2.key, delete: "true"}
+          ]
+        })
+
+      assert json_response(conn, 200) == %{
+               "configs" => [
+                 %{
+                   "group" => "pleroma",
+                   "key" => config1.key,
+                   "value" => "another_value"
+                 }
+               ]
+             }
+
+      assert Application.get_env(:pleroma, :keyaa1) == "another_value"
+      refute Application.get_env(:pleroma, :keyaa2)
+    end
+
+    test "common config example", %{conn: conn} do
+      conn =
+        post(conn, "/api/pleroma/admin/config", %{
+          configs: [
+            %{
+              "group" => "pleroma",
+              "key" => "Pleroma.Captcha.NotReal",
+              "value" => %{
+                "enabled" => ":false",
+                "method" => "Pleroma.Captcha.Kocaptcha",
+                "seconds_valid" => "i:60"
+              }
+            }
+          ]
+        })
+
+      assert json_response(conn, 200) == %{
+               "configs" => [
+                 %{
+                   "group" => "pleroma",
+                   "key" => "Pleroma.Captcha.NotReal",
+                   "value" => [
+                     %{"enabled" => false},
+                     %{"method" => "Pleroma.Captcha.Kocaptcha"},
+                     %{"seconds_valid" => 60}
+                   ]
+                 }
+               ]
+             }
+    end
+
+    test "tuples with more than two values", %{conn: conn} do
+      conn =
+        post(conn, "/api/pleroma/admin/config", %{
+          configs: [
+            %{
+              "group" => "pleroma",
+              "key" => "Pleroma.Web.Endpoint.NotReal",
+              "value" => [
+                %{
+                  "http" => %{
+                    "dispatch" => [
+                      %{
+                        "tuple" => [
+                          ":_",
+                          [
+                            %{
+                              "tuple" => [
+                                "/api/v1/streaming",
+                                "Pleroma.Web.MastodonAPI.WebsocketHandler",
+                                []
+                              ]
+                            },
+                            %{
+                              "tuple" => [
+                                "/websocket",
+                                "Phoenix.Endpoint.CowboyWebSocket",
+                                %{
+                                  "tuple" => [
+                                    "Phoenix.Transports.WebSocket",
+                                    %{
+                                      "tuple" => [
+                                        "Pleroma.Web.Endpoint",
+                                        "Pleroma.Web.UserSocket",
+                                        []
+                                      ]
+                                    }
+                                  ]
+                                }
+                              ]
+                            },
+                            %{
+                              "tuple" => [
+                                ":_",
+                                "Phoenix.Endpoint.Cowboy2Handler",
+                                %{
+                                  "tuple" => ["Pleroma.Web.Endpoint", []]
+                                }
+                              ]
+                            }
+                          ]
+                        ]
+                      }
+                    ]
+                  }
+                }
+              ]
+            }
+          ]
+        })
+
+      assert json_response(conn, 200) == %{
+               "configs" => [
+                 %{
+                   "group" => "pleroma",
+                   "key" => "Pleroma.Web.Endpoint.NotReal",
+                   "value" => [
+                     %{
+                       "http" => %{
+                         "dispatch" => %{
+                           "_" => [
+                             %{
+                               "tuple" => [
+                                 "/api/v1/streaming",
+                                 "Pleroma.Web.MastodonAPI.WebsocketHandler",
+                                 []
+                               ]
+                             },
+                             %{
+                               "tuple" => [
+                                 "/websocket",
+                                 "Phoenix.Endpoint.CowboyWebSocket",
+                                 %{
+                                   "Elixir.Phoenix.Transports.WebSocket" => %{
+                                     "tuple" => [
+                                       "Pleroma.Web.Endpoint",
+                                       "Pleroma.Web.UserSocket",
+                                       []
+                                     ]
+                                   }
+                                 }
+                               ]
+                             },
+                             %{
+                               "tuple" => [
+                                 "_",
+                                 "Phoenix.Endpoint.Cowboy2Handler",
+                                 %{"Elixir.Pleroma.Web.Endpoint" => []}
+                               ]
+                             }
+                           ]
+                         }
+                       }
+                     }
+                   ]
+                 }
+               ]
+             }
+    end
+  end
+end
+
+# Needed for testing
+defmodule Pleroma.Web.Endpoint.NotReal do
+end
+
+defmodule Pleroma.Captcha.NotReal do
 end

test/web/admin_api/config_test.exs

@@ -0,0 +1,262 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.ConfigTest do
+  use Pleroma.DataCase, async: true
+  import Pleroma.Factory
+  alias Pleroma.Web.AdminAPI.Config
+
+  test "get_by_key/1" do
+    config = insert(:config)
+    insert(:config)
+
+    assert config == Config.get_by_params(%{group: config.group, key: config.key})
+  end
+
+  test "create/1" do
+    {:ok, config} = Config.create(%{group: "pleroma", key: "some_key", value: "some_value"})
+    assert config == Config.get_by_params(%{group: "pleroma", key: "some_key"})
+  end
+
+  test "update/1" do
+    config = insert(:config)
+    {:ok, updated} = Config.update(config, %{value: "some_value"})
+    loaded = Config.get_by_params(%{group: config.group, key: config.key})
+    assert loaded == updated
+  end
+
+  test "update_or_create/1" do
+    config = insert(:config)
+    key2 = "another_key"
+
+    params = [
+      %{group: "pleroma", key: key2, value: "another_value"},
+      %{group: config.group, key: config.key, value: "new_value"}
+    ]
+
+    assert Repo.all(Config) |> length() == 1
+
+    Enum.each(params, &Config.update_or_create(&1))
+
+    assert Repo.all(Config) |> length() == 2
+
+    config1 = Config.get_by_params(%{group: config.group, key: config.key})
+    config2 = Config.get_by_params(%{group: "pleroma", key: key2})
+
+    assert config1.value == Config.transform("new_value")
+    assert config2.value == Config.transform("another_value")
+  end
+
+  test "delete/1" do
+    config = insert(:config)
+    {:ok, _} = Config.delete(%{key: config.key, group: config.group})
+    refute Config.get_by_params(%{key: config.key, group: config.group})
+  end
+
+  describe "transform/1" do
+    test "string" do
+      binary = Config.transform("value as string")
+      assert binary == :erlang.term_to_binary("value as string")
+      assert Config.from_binary(binary) == "value as string"
+    end
+
+    test "list of modules" do
+      binary = Config.transform(["Pleroma.Repo", "Pleroma.Activity"])
+      assert binary == :erlang.term_to_binary([Pleroma.Repo, Pleroma.Activity])
+      assert Config.from_binary(binary) == [Pleroma.Repo, Pleroma.Activity]
+    end
+
+    test "list of strings" do
+      binary = Config.transform(["string1", "string2"])
+      assert binary == :erlang.term_to_binary(["string1", "string2"])
+      assert Config.from_binary(binary) == ["string1", "string2"]
+    end
+
+    test "map" do
+      binary =
+        Config.transform(%{
+          "types" => "Pleroma.PostgresTypes",
+          "telemetry_event" => ["Pleroma.Repo.Instrumenter"],
+          "migration_lock" => ""
+        })
+
+      assert binary ==
+               :erlang.term_to_binary(
+                 telemetry_event: [Pleroma.Repo.Instrumenter],
+                 types: Pleroma.PostgresTypes
+               )
+
+      assert Config.from_binary(binary) == [
+               telemetry_event: [Pleroma.Repo.Instrumenter],
+               types: Pleroma.PostgresTypes
+             ]
+    end
+
+    test "complex map with nested integers, lists and atoms" do
+      binary =
+        Config.transform(%{
+          "uploader" => "Pleroma.Uploaders.Local",
+          "filters" => ["Pleroma.Upload.Filter.Dedupe"],
+          "link_name" => ":true",
+          "proxy_remote" => ":false",
+          "proxy_opts" => %{
+            "redirect_on_failure" => ":false",
+            "max_body_length" => "i:1048576",
+            "http" => %{
+              "follow_redirect" => ":true",
+              "pool" => ":upload"
+            }
+          }
+        })
+
+      assert binary ==
+               :erlang.term_to_binary(
+                 filters: [Pleroma.Upload.Filter.Dedupe],
+                 link_name: true,
+                 proxy_opts: [
+                   http: [
+                     follow_redirect: true,
+                     pool: :upload
+                   ],
+                   max_body_length: 1_048_576,
+                   redirect_on_failure: false
+                 ],
+                 proxy_remote: false,
+                 uploader: Pleroma.Uploaders.Local
+               )
+
+      assert Config.from_binary(binary) ==
+               [
+                 filters: [Pleroma.Upload.Filter.Dedupe],
+                 link_name: true,
+                 proxy_opts: [
+                   http: [
+                     follow_redirect: true,
+                     pool: :upload
+                   ],
+                   max_body_length: 1_048_576,
+                   redirect_on_failure: false
+                 ],
+                 proxy_remote: false,
+                 uploader: Pleroma.Uploaders.Local
+               ]
+    end
+
+    test "keyword" do
+      binary =
+        Config.transform(%{
+          "level" => ":warn",
+          "meta" => [":all"],
+          "webhook_url" => "https://hooks.slack.com/services/YOUR-KEY-HERE"
+        })
+
+      assert binary ==
+               :erlang.term_to_binary(
+                 level: :warn,
+                 meta: [:all],
+                 webhook_url: "https://hooks.slack.com/services/YOUR-KEY-HERE"
+               )
+
+      assert Config.from_binary(binary) == [
+               level: :warn,
+               meta: [:all],
+               webhook_url: "https://hooks.slack.com/services/YOUR-KEY-HERE"
+             ]
+    end
+
+    test "complex map with sigil" do
+      binary =
+        Config.transform(%{
+          federated_timeline_removal: [],
+          reject: [~r/comp[lL][aA][iI][nN]er/],
+          replace: []
+        })
+
+      assert binary ==
+               :erlang.term_to_binary(
+                 federated_timeline_removal: [],
+                 reject: [~r/comp[lL][aA][iI][nN]er/],
+                 replace: []
+               )
+
+      assert Config.from_binary(binary) ==
+               [federated_timeline_removal: [], reject: [~r/comp[lL][aA][iI][nN]er/], replace: []]
+    end
+
+    test "complex map with tuples with more than 2 values" do
+      binary =
+        Config.transform(%{
+          "http" => %{
+            "dispatch" => [
+              %{
+                "tuple" => [
+                  ":_",
+                  [
+                    %{
+                      "tuple" => [
+                        "/api/v1/streaming",
+                        "Pleroma.Web.MastodonAPI.WebsocketHandler",
+                        []
+                      ]
+                    },
+                    %{
+                      "tuple" => [
+                        "/websocket",
+                        "Phoenix.Endpoint.CowboyWebSocket",
+                        %{
+                          "tuple" => [
+                            "Phoenix.Transports.WebSocket",
+                            %{"tuple" => ["Pleroma.Web.Endpoint", "Pleroma.Web.UserSocket", []]}
+                          ]
+                        }
+                      ]
+                    },
+                    %{
+                      "tuple" => [
+                        ":_",
+                        "Phoenix.Endpoint.Cowboy2Handler",
+                        %{
+                          "tuple" => ["Pleroma.Web.Endpoint", []]
+                        }
+                      ]
+                    }
+                  ]
+                ]
+              }
+            ]
+          }
+        })
+
+      assert binary ==
+               :erlang.term_to_binary(
+                 http: [
+                   dispatch: [
+                     _: [
+                       {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
+                       {"/websocket", Phoenix.Endpoint.CowboyWebSocket,
+                        {Phoenix.Transports.WebSocket,
+                         {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, []}}},
+                       {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
+                     ]
+                   ]
+                 ]
+               )
+
+      assert Config.from_binary(binary) == [
+               http: [
+                 dispatch: [
+                   {:_,
+                    [
+                      {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
+                      {"/websocket", Phoenix.Endpoint.CowboyWebSocket,
+                       {Phoenix.Transports.WebSocket,
+                        {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, []}}},
+                      {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
+                    ]}
+                 ]
+               ]
+             ]
+    end
+  end
+end

test/web/admin_api/views/report_view_test.exs

@@ -0,0 +1,130 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.ReportViewTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+  alias Pleroma.Web.AdminAPI.ReportView
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.MastodonAPI.AccountView
+  alias Pleroma.Web.MastodonAPI.StatusView
+
+  test "renders a report" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.report(user, %{"account_id" => other_user.id})
+
+    expected = %{
+      content: nil,
+      actor:
+        Map.merge(
+          AccountView.render("account.json", %{user: user}),
+          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user})
+        ),
+      account:
+        Map.merge(
+          AccountView.render("account.json", %{user: other_user}),
+          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user})
+        ),
+      statuses: [],
+      state: "open",
+      id: activity.id
+    }
+
+    result =
+      ReportView.render("show.json", %{report: activity})
+      |> Map.delete(:created_at)
+
+    assert result == expected
+  end
+
+  test "includes reported statuses" do
+    user = insert(:user)
+    other_user = insert(:user)
+    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "toot"})
+
+    {:ok, report_activity} =
+      CommonAPI.report(user, %{"account_id" => other_user.id, "status_ids" => [activity.id]})
+
+    expected = %{
+      content: nil,
+      actor:
+        Map.merge(
+          AccountView.render("account.json", %{user: user}),
+          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user})
+        ),
+      account:
+        Map.merge(
+          AccountView.render("account.json", %{user: other_user}),
+          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user})
+        ),
+      statuses: [StatusView.render("status.json", %{activity: activity})],
+      state: "open",
+      id: report_activity.id
+    }
+
+    result =
+      ReportView.render("show.json", %{report: report_activity})
+      |> Map.delete(:created_at)
+
+    assert result == expected
+  end
+
+  test "renders report's state" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.report(user, %{"account_id" => other_user.id})
+    {:ok, activity} = CommonAPI.update_report_state(activity.id, "closed")
+    assert %{state: "closed"} = ReportView.render("show.json", %{report: activity})
+  end
+
+  test "renders report description" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} =
+      CommonAPI.report(user, %{
+        "account_id" => other_user.id,
+        "comment" => "posts are too good for this instance"
+      })
+
+    assert %{content: "posts are too good for this instance"} =
+             ReportView.render("show.json", %{report: activity})
+  end
+
+  test "sanitizes report description" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} =
+      CommonAPI.report(user, %{
+        "account_id" => other_user.id,
+        "comment" => ""
+      })
+
+    data = Map.put(activity.data, "content", "<script> alert('hecked :D:D:D:D:D:D:D') </script>")
+    activity = Map.put(activity, :data, data)
+
+    refute "<script> alert('hecked :D:D:D:D:D:D:D') </script>" ==
+             ReportView.render("show.json", %{report: activity})[:content]
+  end
+
+  test "doesn't error out when the user doesn't exists" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} =
+      CommonAPI.report(user, %{
+        "account_id" => other_user.id,
+        "comment" => ""
+      })
+
+    Pleroma.User.delete(other_user)
+    Pleroma.User.invalidate_cache(other_user)
+
+    assert %{} = ReportView.render("show.json", %{report: activity})
+  end
+end

test/web/common_api/common_api_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.CommonAPITest do
   alias Pleroma.Activity
   alias Pleroma.Object
   alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.CommonAPI
 
   import Pleroma.Factory
@@ -33,7 +34,7 @@ defmodule Pleroma.Web.CommonAPITest do
     user = insert(:user)
     {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu #2HU"})
 
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert object.data["tag"] == ["2hu"]
   end
@@ -86,7 +87,7 @@ defmodule Pleroma.Web.CommonAPITest do
           "content_type" => "text/html"
         })
 
-      object = Object.normalize(activity.data["object"])
+      object = Object.normalize(activity)
 
       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
     end
@@ -102,7 +103,7 @@ defmodule Pleroma.Web.CommonAPITest do
           "content_type" => "text/markdown"
         })
 
-      object = Object.normalize(activity.data["object"])
+      object = Object.normalize(activity)
 
       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
     end
@@ -120,7 +121,7 @@ defmodule Pleroma.Web.CommonAPITest do
                })
 
       Enum.each(["public", "private", "unlisted"], fn visibility ->
-        assert {:error, {:private_to_public, _}} =
+        assert {:error, "The message visibility must be direct"} =
                  CommonAPI.post(user, %{
                    "status" => "suya..",
                    "visibility" => visibility,
@@ -198,6 +199,11 @@ defmodule Pleroma.Web.CommonAPITest do
       assert %User{info: %{pinned_activities: [^id]}} = user
     end
 
+    test "unlisted statuses can be pinned", %{user: user} do
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!", "visibility" => "unlisted"})
+      assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
+    end
+
     test "only self-authored can be pinned", %{activity: activity} do
       user = insert(:user)
 
@@ -350,4 +356,46 @@ defmodule Pleroma.Web.CommonAPITest do
       assert User.showing_reblogs?(muter, muted) == true
     end
   end
+
+  describe "accept_follow_request/2" do
+    test "after acceptance, it sets all existing pending follow request states to 'accept'" do
+      user = insert(:user, info: %{locked: true})
+      follower = insert(:user)
+      follower_two = insert(:user)
+
+      {:ok, follow_activity} = ActivityPub.follow(follower, user)
+      {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
+      {:ok, follow_activity_three} = ActivityPub.follow(follower_two, user)
+
+      assert follow_activity.data["state"] == "pending"
+      assert follow_activity_two.data["state"] == "pending"
+      assert follow_activity_three.data["state"] == "pending"
+
+      {:ok, _follower} = CommonAPI.accept_follow_request(follower, user)
+
+      assert Repo.get(Activity, follow_activity.id).data["state"] == "accept"
+      assert Repo.get(Activity, follow_activity_two.id).data["state"] == "accept"
+      assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
+    end
+
+    test "after rejection, it sets all existing pending follow request states to 'reject'" do
+      user = insert(:user, info: %{locked: true})
+      follower = insert(:user)
+      follower_two = insert(:user)
+
+      {:ok, follow_activity} = ActivityPub.follow(follower, user)
+      {:ok, follow_activity_two} = ActivityPub.follow(follower, user)
+      {:ok, follow_activity_three} = ActivityPub.follow(follower_two, user)
+
+      assert follow_activity.data["state"] == "pending"
+      assert follow_activity_two.data["state"] == "pending"
+      assert follow_activity_three.data["state"] == "pending"
+
+      {:ok, _follower} = CommonAPI.reject_follow_request(follower, user)
+
+      assert Repo.get(Activity, follow_activity.id).data["state"] == "reject"
+      assert Repo.get(Activity, follow_activity_two.id).data["state"] == "reject"
+      assert Repo.get(Activity, follow_activity_three.id).data["state"] == "pending"
+    end
+  end
 end

test/web/federator_test.exs

@@ -12,6 +12,13 @@ defmodule Pleroma.Web.FederatorTest do
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+
+    config_path = [:instance, :federating]
+    initial_setting = Pleroma.Config.get(config_path)
+
+    Pleroma.Config.put(config_path, true)
+    on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
+
     :ok
   end
 

test/web/mastodon_api/account_view_test.exs

@@ -19,9 +19,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       ]
     }
 
+    background_image = %{
+      "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}]
+    }
+
     user =
       insert(:user, %{
-        info: %{note_count: 5, follower_count: 3, source_data: source_data},
+        info: %{
+          note_count: 5,
+          follower_count: 3,
+          source_data: source_data,
+          background: background_image
+        },
         nickname: "shp@shitposter.club",
         name: ":karjalanpiirakka: shp",
         bio: "<script src=\"invalid-html\"></script><span>valid html</span>",
@@ -60,6 +69,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         pleroma: %{}
       },
       pleroma: %{
+        background_image: "https://example.com/images/asuka_hospital.png",
         confirmation_pending: false,
         tags: [],
         is_admin: false,
@@ -126,6 +136,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         pleroma: %{}
       },
       pleroma: %{
+        background_image: nil,
         confirmation_pending: false,
         tags: [],
         is_admin: false,
@@ -216,6 +227,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         pleroma: %{}
       },
       pleroma: %{
+        background_image: nil,
         confirmation_pending: false,
         tags: [],
         is_admin: false,
@@ -257,4 +269,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
     result = AccountView.render("account.json", %{user: user, for: user})
     assert result.pleroma[:settings_store] == nil
   end
+
+  test "sanitizes display names" do
+    user = insert(:user, name: "<marquee> username </marquee>")
+    result = AccountView.render("account.json", %{user: user})
+    refute result.display_name == "<marquee> username </marquee>"
+  end
 end

test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs

@@ -0,0 +1,304 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
+  alias Pleroma.Repo
+  alias Pleroma.User
+
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  describe "updating credentials" do
+    test "sets user settings in a generic way", %{conn: conn} do
+      user = insert(:user)
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_settings_store" => %{
+            pleroma_fe: %{
+              theme: "bla"
+            }
+          }
+        })
+
+      assert user = json_response(res_conn, 200)
+      assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
+
+      user = Repo.get(User, user["id"])
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_settings_store" => %{
+            masto_fe: %{
+              theme: "bla"
+            }
+          }
+        })
+
+      assert user = json_response(res_conn, 200)
+
+      assert user["pleroma"]["settings_store"] ==
+               %{
+                 "pleroma_fe" => %{"theme" => "bla"},
+                 "masto_fe" => %{"theme" => "bla"}
+               }
+
+      user = Repo.get(User, user["id"])
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_settings_store" => %{
+            masto_fe: %{
+              theme: "blub"
+            }
+          }
+        })
+
+      assert user = json_response(res_conn, 200)
+
+      assert user["pleroma"]["settings_store"] ==
+               %{
+                 "pleroma_fe" => %{"theme" => "bla"},
+                 "masto_fe" => %{"theme" => "blub"}
+               }
+    end
+
+    test "updates the user's bio", %{conn: conn} do
+      user = insert(:user)
+      user2 = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "note" => "I drink #cofe with @#{user2.nickname}"
+        })
+
+      assert user = json_response(conn, 200)
+
+      assert user["note"] ==
+               ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe" rel="tag">#cofe</a> with <span class="h-card"><a data-user=") <>
+                 user2.id <>
+                 ~s(" class="u-url mention" href=") <>
+                 user2.ap_id <> ~s(">@<span>) <> user2.nickname <> ~s(</span></a></span>)
+    end
+
+    test "updates the user's locking status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{locked: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["locked"] == true
+    end
+
+    test "updates the user's default scope", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{default_scope: "cofe"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["privacy"] == "cofe"
+    end
+
+    test "updates the user's hide_followers status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_followers: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_followers"] == true
+    end
+
+    test "updates the user's skip_thread_containment option", %{conn: conn} do
+      user = insert(:user)
+
+      response =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{skip_thread_containment: "true"})
+        |> json_response(200)
+
+      assert response["pleroma"]["skip_thread_containment"] == true
+      assert refresh_record(user).info.skip_thread_containment
+    end
+
+    test "updates the user's hide_follows status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_follows: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_follows"] == true
+    end
+
+    test "updates the user's hide_favorites status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{hide_favorites: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["pleroma"]["hide_favorites"] == true
+    end
+
+    test "updates the user's show_role status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{show_role: "false"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["pleroma"]["show_role"] == false
+    end
+
+    test "updates the user's no_rich_text status", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{no_rich_text: "true"})
+
+      assert user = json_response(conn, 200)
+      assert user["source"]["pleroma"]["no_rich_text"] == true
+    end
+
+    test "updates the user's name", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"display_name" => "markorepairs"})
+
+      assert user = json_response(conn, 200)
+      assert user["display_name"] == "markorepairs"
+    end
+
+    test "updates the user's avatar", %{conn: conn} do
+      user = insert(:user)
+
+      new_avatar = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"avatar" => new_avatar})
+
+      assert user_response = json_response(conn, 200)
+      assert user_response["avatar"] != User.avatar_url(user)
+    end
+
+    test "updates the user's banner", %{conn: conn} do
+      user = insert(:user)
+
+      new_header = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
+
+      assert user_response = json_response(conn, 200)
+      assert user_response["header"] != User.banner_url(user)
+    end
+
+    test "updates the user's background", %{conn: conn} do
+      user = insert(:user)
+
+      new_header = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "pleroma_background_image" => new_header
+        })
+
+      assert user_response = json_response(conn, 200)
+      assert user_response["pleroma"]["background_image"]
+    end
+
+    test "requires 'write' permission", %{conn: conn} do
+      token1 = insert(:oauth_token, scopes: ["read"])
+      token2 = insert(:oauth_token, scopes: ["write", "follow"])
+
+      for token <- [token1, token2] do
+        conn =
+          conn
+          |> put_req_header("authorization", "Bearer #{token.token}")
+          |> patch("/api/v1/accounts/update_credentials", %{})
+
+        if token == token1 do
+          assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
+        else
+          assert json_response(conn, 200)
+        end
+      end
+    end
+
+    test "updates profile emojos", %{conn: conn} do
+      user = insert(:user)
+
+      note = "*sips :blank:*"
+      name = "I am :firefox:"
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> patch("/api/v1/accounts/update_credentials", %{
+          "note" => note,
+          "display_name" => name
+        })
+
+      assert json_response(conn, 200)
+
+      conn =
+        conn
+        |> get("/api/v1/accounts/#{user.id}")
+
+      assert user = json_response(conn, 200)
+
+      assert user["note"] == note
+      assert user["display_name"] == name
+      assert [%{"shortcode" => "blank"}, %{"shortcode" => "firefox"}] = user["emojis"]
+    end
+  end
+end

test/web/mastodon_api/search_controller_test.exs

@@ -0,0 +1,199 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Object
+  alias Pleroma.Web
+  alias Pleroma.Web.CommonAPI
+  import Pleroma.Factory
+  import ExUnit.CaptureLog
+  import Tesla.Mock
+  import Mock
+
+  setup do
+    mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  describe ".search2" do
+    test "it returns empty result if user or status search return undefined error", %{conn: conn} do
+      with_mocks [
+        {Pleroma.User, [], [search: fn _q, _o -> raise "Oops" end]},
+        {Pleroma.Activity, [], [search: fn _u, _q -> raise "Oops" end]}
+      ] do
+        conn = get(conn, "/api/v2/search", %{"q" => "2hu"})
+
+        assert results = json_response(conn, 200)
+
+        assert results["accounts"] == []
+        assert results["statuses"] == []
+      end
+    end
+
+    test "search", %{conn: conn} do
+      user = insert(:user)
+      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu private"})
+
+      {:ok, _activity} =
+        CommonAPI.post(user, %{
+          "status" => "This is about 2hu, but private",
+          "visibility" => "private"
+        })
+
+      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+
+      conn = get(conn, "/api/v2/search", %{"q" => "2hu #private"})
+
+      assert results = json_response(conn, 200)
+      # IO.inspect results
+
+      [account | _] = results["accounts"]
+      assert account["id"] == to_string(user_three.id)
+
+      assert results["hashtags"] == [
+               %{"name" => "private", "url" => "#{Web.base_url()}/tag/private"}
+             ]
+
+      [status] = results["statuses"]
+      assert status["id"] == to_string(activity.id)
+    end
+  end
+
+  describe ".account_search" do
+    test "account search", %{conn: conn} do
+      user = insert(:user)
+      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      results =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/search", %{"q" => "shp"})
+        |> json_response(200)
+
+      result_ids = for result <- results, do: result["acct"]
+
+      assert user_two.nickname in result_ids
+      assert user_three.nickname in result_ids
+
+      results =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/accounts/search", %{"q" => "2hu"})
+        |> json_response(200)
+
+      result_ids = for result <- results, do: result["acct"]
+
+      assert user_three.nickname in result_ids
+    end
+  end
+
+  describe ".search" do
+    test "it returns empty result if user or status search return undefined error", %{conn: conn} do
+      with_mocks [
+        {Pleroma.User, [], [search: fn _q, _o -> raise "Oops" end]},
+        {Pleroma.Activity, [], [search: fn _u, _q -> raise "Oops" end]}
+      ] do
+        conn =
+          conn
+          |> get("/api/v1/search", %{"q" => "2hu"})
+
+        assert results = json_response(conn, 200)
+
+        assert results["accounts"] == []
+        assert results["statuses"] == []
+      end
+    end
+
+    test "search", %{conn: conn} do
+      user = insert(:user)
+      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
+      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+
+      {:ok, _activity} =
+        CommonAPI.post(user, %{
+          "status" => "This is about 2hu, but private",
+          "visibility" => "private"
+        })
+
+      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+
+      conn =
+        conn
+        |> get("/api/v1/search", %{"q" => "2hu"})
+
+      assert results = json_response(conn, 200)
+
+      [account | _] = results["accounts"]
+      assert account["id"] == to_string(user_three.id)
+
+      assert results["hashtags"] == []
+
+      [status] = results["statuses"]
+      assert status["id"] == to_string(activity.id)
+    end
+
+    test "search fetches remote statuses", %{conn: conn} do
+      capture_log(fn ->
+        conn =
+          conn
+          |> get("/api/v1/search", %{"q" => "https://shitposter.club/notice/2827873"})
+
+        assert results = json_response(conn, 200)
+
+        [status] = results["statuses"]
+
+        assert status["uri"] ==
+                 "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment"
+      end)
+    end
+
+    test "search doesn't show statuses that it shouldn't", %{conn: conn} do
+      {:ok, activity} =
+        CommonAPI.post(insert(:user), %{
+          "status" => "This is about 2hu, but private",
+          "visibility" => "private"
+        })
+
+      capture_log(fn ->
+        conn =
+          conn
+          |> get("/api/v1/search", %{"q" => Object.normalize(activity).data["id"]})
+
+        assert results = json_response(conn, 200)
+
+        [] = results["statuses"]
+      end)
+    end
+
+    test "search fetches remote accounts", %{conn: conn} do
+      user = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, user)
+        |> get("/api/v1/search", %{"q" => "shp@social.heldscal.la", "resolve" => "true"})
+
+      assert results = json_response(conn, 200)
+      [account] = results["accounts"]
+      assert account["acct"] == "shp@social.heldscal.la"
+    end
+
+    test "search doesn't fetch remote accounts if resolve is false", %{conn: conn} do
+      conn =
+        conn
+        |> get("/api/v1/search", %{"q" => "shp@social.heldscal.la", "resolve" => "false"})
+
+      assert results = json_response(conn, 200)
+      assert [] == results["accounts"]
+    end
+  end
+end

test/web/mastodon_api/status_view_test.exs

@@ -55,7 +55,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
   test "a note with null content" do
     note = insert(:note_activity)
-    note_object = Object.normalize(note.data["object"])
+    note_object = Object.normalize(note)
 
     data =
       note_object.data
@@ -73,26 +73,27 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
   test "a note activity" do
     note = insert(:note_activity)
+    object_data = Object.normalize(note).data
     user = User.get_cached_by_ap_id(note.data["actor"])
 
-    convo_id = Utils.context_to_conversation_id(note.data["object"]["context"])
+    convo_id = Utils.context_to_conversation_id(object_data["context"])
 
     status = StatusView.render("status.json", %{activity: note})
 
     created_at =
-      (note.data["object"]["published"] || "")
+      (object_data["published"] || "")
       |> String.replace(~r/\.\d+Z/, ".000Z")
 
     expected = %{
       id: to_string(note.id),
-      uri: note.data["object"]["id"],
+      uri: object_data["id"],
       url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
       account: AccountView.render("account.json", %{user: user}),
       in_reply_to_id: nil,
       in_reply_to_account_id: nil,
       card: nil,
       reblog: nil,
-      content: HtmlSanitizeEx.basic_html(note.data["object"]["content"]),
+      content: HtmlSanitizeEx.basic_html(object_data["content"]),
       created_at: created_at,
       reblogs_count: 0,
       replies_count: 0,
@@ -104,14 +105,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       pinned: false,
       sensitive: false,
       poll: nil,
-      spoiler_text: HtmlSanitizeEx.basic_html(note.data["object"]["summary"]),
+      spoiler_text: HtmlSanitizeEx.basic_html(object_data["summary"]),
       visibility: "public",
       media_attachments: [],
       mentions: [],
       tags: [
         %{
-          name: "#{note.data["object"]["tag"]}",
-          url: "/tag/#{note.data["object"]["tag"]}"
+          name: "#{object_data["tag"]}",
+          url: "/tag/#{object_data["tag"]}"
         }
       ],
       application: %{
@@ -131,8 +132,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
         local: true,
         conversation_id: convo_id,
         in_reply_to_account_acct: nil,
-        content: %{"text/plain" => HtmlSanitizeEx.strip_tags(note.data["object"]["content"])},
-        spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(note.data["object"]["summary"])}
+        content: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["content"])},
+        spoiler_text: %{"text/plain" => HtmlSanitizeEx.strip_tags(object_data["summary"])}
       }
     }
 
@@ -202,10 +203,71 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     status = StatusView.render("status.json", %{activity: activity})
 
-    actor = User.get_cached_by_ap_id(activity.actor)
-
     assert status.mentions ==
-             Enum.map([user, actor], fn u -> AccountView.render("mention.json", %{user: u}) end)
+             Enum.map([user], fn u -> AccountView.render("mention.json", %{user: u}) end)
+  end
+
+  test "create mentions from the 'to' field" do
+    %User{ap_id: recipient_ap_id} = insert(:user)
+    cc = insert_pair(:user) |> Enum.map(& &1.ap_id)
+
+    object =
+      insert(:note, %{
+        data: %{
+          "to" => [recipient_ap_id],
+          "cc" => cc
+        }
+      })
+
+    activity =
+      insert(:note_activity, %{
+        note: object,
+        recipients: [recipient_ap_id | cc]
+      })
+
+    assert length(activity.recipients) == 3
+
+    %{mentions: [mention] = mentions} = StatusView.render("status.json", %{activity: activity})
+
+    assert length(mentions) == 1
+    assert mention.url == recipient_ap_id
+  end
+
+  test "create mentions from the 'tag' field" do
+    recipient = insert(:user)
+    cc = insert_pair(:user) |> Enum.map(& &1.ap_id)
+
+    object =
+      insert(:note, %{
+        data: %{
+          "cc" => cc,
+          "tag" => [
+            %{
+              "href" => recipient.ap_id,
+              "name" => recipient.nickname,
+              "type" => "Mention"
+            },
+            %{
+              "href" => "https://example.com/search?tag=test",
+              "name" => "#test",
+              "type" => "Hashtag"
+            }
+          ]
+        }
+      })
+
+    activity =
+      insert(:note_activity, %{
+        note: object,
+        recipients: [recipient.ap_id | cc]
+      })
+
+    assert length(activity.recipients) == 3
+
+    %{mentions: [mention] = mentions} = StatusView.render("status.json", %{activity: activity})
+
+    assert length(mentions) == 1
+    assert mention.url == recipient.ap_id
   end
 
   test "attachments" do
@@ -444,4 +506,39 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       assert Enum.at(result[:options], 2)[:votes_count] == 1
     end
   end
+
+  test "embeds a relationship in the account" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} =
+      CommonAPI.post(user, %{
+        "status" => "drink more water"
+      })
+
+    result = StatusView.render("status.json", %{activity: activity, for: other_user})
+
+    assert result[:account][:pleroma][:relationship] ==
+             AccountView.render("relationship.json", %{user: other_user, target: user})
+  end
+
+  test "embeds a relationship in the account in reposts" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} =
+      CommonAPI.post(user, %{
+        "status" => "˙˙ɐʎns"
+      })
+
+    {:ok, activity, _object} = CommonAPI.repeat(activity.id, other_user)
+
+    result = StatusView.render("status.json", %{activity: activity, for: user})
+
+    assert result[:account][:pleroma][:relationship] ==
+             AccountView.render("relationship.json", %{user: user, target: other_user})
+
+    assert result[:reblog][:account][:pleroma][:relationship] ==
+             AccountView.render("relationship.json", %{user: user, target: user})
+  end
 end

test/web/metadata/rel_me_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.Metadata.Providers.RelMeTest do
   use Pleroma.DataCase
   import Pleroma.Factory

test/web/oauth/oauth_controller_test.exs

@@ -10,6 +10,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
   alias Pleroma.Registration
   alias Pleroma.Repo
   alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.OAuthController
   alias Pleroma.Web.OAuth.Token
 
   @oauth_config_path [:oauth2, :issue_new_refresh_token]
@@ -49,7 +50,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           %{
             "response_type" => "code",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => OAuthController.default_redirect_uri(app),
             "scope" => "read"
           }
         )
@@ -72,7 +73,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "authorization" => %{
               "scope" => "read follow",
               "client_id" => app.client_id,
-              "redirect_uri" => app.redirect_uris,
+              "redirect_uri" => OAuthController.default_redirect_uri(app),
               "state" => "a_state"
             }
           }
@@ -98,11 +99,12 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "with user-bound registration, GET /oauth/<provider>/callback redirects to `redirect_uri` with `code`",
          %{app: app, conn: conn} do
       registration = insert(:registration)
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       state_params = %{
         "scope" => Enum.join(app.scopes, " "),
         "client_id" => app.client_id,
-        "redirect_uri" => app.redirect_uris,
+        "redirect_uri" => redirect_uri,
         "state" => ""
       }
 
@@ -121,7 +123,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           )
 
         assert response = html_response(conn, 302)
-        assert redirected_to(conn) =~ ~r/#{app.redirect_uris}\?code=.+/
+        assert redirected_to(conn) =~ ~r/#{redirect_uri}\?code=.+/
       end
     end
 
@@ -132,7 +134,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       state_params = %{
         "scope" => "read write",
         "client_id" => app.client_id,
-        "redirect_uri" => app.redirect_uris,
+        "redirect_uri" => OAuthController.default_redirect_uri(app),
         "state" => "a_state"
       }
 
@@ -165,7 +167,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       state_params = %{
         "scope" => Enum.join(app.scopes, " "),
         "client_id" => app.client_id,
-        "redirect_uri" => app.redirect_uris,
+        "redirect_uri" => OAuthController.default_redirect_uri(app),
         "state" => ""
       }
 
@@ -199,7 +201,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "authorization" => %{
               "scopes" => app.scopes,
               "client_id" => app.client_id,
-              "redirect_uri" => app.redirect_uris,
+              "redirect_uri" => OAuthController.default_redirect_uri(app),
               "state" => "a_state",
               "nickname" => nil,
               "email" => "john@doe.com"
@@ -218,6 +220,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            conn: conn
          } do
       registration = insert(:registration, user: nil, info: %{"nickname" => nil, "email" => nil})
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       conn =
         conn
@@ -229,7 +232,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "authorization" => %{
               "scopes" => app.scopes,
               "client_id" => app.client_id,
-              "redirect_uri" => app.redirect_uris,
+              "redirect_uri" => redirect_uri,
               "state" => "a_state",
               "nickname" => "availablenick",
               "email" => "available@email.com"
@@ -238,7 +241,36 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         )
 
       assert response = html_response(conn, 302)
-      assert redirected_to(conn) =~ ~r/#{app.redirect_uris}\?code=.+/
+      assert redirected_to(conn) =~ ~r/#{redirect_uri}\?code=.+/
+    end
+
+    test "with unlisted `redirect_uri`, POST /oauth/register?op=register results in HTTP 401",
+         %{
+           app: app,
+           conn: conn
+         } do
+      registration = insert(:registration, user: nil, info: %{"nickname" => nil, "email" => nil})
+      unlisted_redirect_uri = "http://cross-site-request.com"
+
+      conn =
+        conn
+        |> put_session(:registration_id, registration.id)
+        |> post(
+          "/oauth/register",
+          %{
+            "op" => "register",
+            "authorization" => %{
+              "scopes" => app.scopes,
+              "client_id" => app.client_id,
+              "redirect_uri" => unlisted_redirect_uri,
+              "state" => "a_state",
+              "nickname" => "availablenick",
+              "email" => "available@email.com"
+            }
+          }
+        )
+
+      assert response = html_response(conn, 401)
     end
 
     test "with invalid params, POST /oauth/register?op=register renders registration_details page",
@@ -254,7 +286,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         "authorization" => %{
           "scopes" => app.scopes,
           "client_id" => app.client_id,
-          "redirect_uri" => app.redirect_uris,
+          "redirect_uri" => OAuthController.default_redirect_uri(app),
           "state" => "a_state",
           "nickname" => "availablenickname",
           "email" => "available@email.com"
@@ -286,6 +318,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
          } do
       user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
       registration = insert(:registration, user: nil)
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       conn =
         conn
@@ -297,7 +330,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "authorization" => %{
               "scopes" => app.scopes,
               "client_id" => app.client_id,
-              "redirect_uri" => app.redirect_uris,
+              "redirect_uri" => redirect_uri,
               "state" => "a_state",
               "name" => user.nickname,
               "password" => "testpassword"
@@ -306,7 +339,37 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         )
 
       assert response = html_response(conn, 302)
-      assert redirected_to(conn) =~ ~r/#{app.redirect_uris}\?code=.+/
+      assert redirected_to(conn) =~ ~r/#{redirect_uri}\?code=.+/
+    end
+
+    test "with unlisted `redirect_uri`, POST /oauth/register?op=connect results in HTTP 401`",
+         %{
+           app: app,
+           conn: conn
+         } do
+      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
+      registration = insert(:registration, user: nil)
+      unlisted_redirect_uri = "http://cross-site-request.com"
+
+      conn =
+        conn
+        |> put_session(:registration_id, registration.id)
+        |> post(
+          "/oauth/register",
+          %{
+            "op" => "connect",
+            "authorization" => %{
+              "scopes" => app.scopes,
+              "client_id" => app.client_id,
+              "redirect_uri" => unlisted_redirect_uri,
+              "state" => "a_state",
+              "name" => user.nickname,
+              "password" => "testpassword"
+            }
+          }
+        )
+
+      assert response = html_response(conn, 401)
     end
 
     test "with invalid params, POST /oauth/register?op=connect renders registration_details page",
@@ -322,7 +385,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         "authorization" => %{
           "scopes" => app.scopes,
           "client_id" => app.client_id,
-          "redirect_uri" => app.redirect_uris,
+          "redirect_uri" => OAuthController.default_redirect_uri(app),
           "state" => "a_state",
           "name" => user.nickname,
           "password" => "wrong password"
@@ -358,7 +421,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           %{
             "response_type" => "code",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => OAuthController.default_redirect_uri(app),
             "scope" => "read"
           }
         )
@@ -378,7 +441,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "authorization" => %{
               "response_type" => "code",
               "client_id" => app.client_id,
-              "redirect_uri" => app.redirect_uris,
+              "redirect_uri" => OAuthController.default_redirect_uri(app),
               "scope" => "read"
             }
           }
@@ -399,7 +462,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           %{
             "response_type" => "code",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => OAuthController.default_redirect_uri(app),
             "scope" => "read",
             "force_login" => "true"
           }
@@ -408,7 +471,11 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       assert html_response(conn, 200) =~ ~s(type="submit")
     end
 
-    test "redirects to app if user is already authenticated", %{app: app, conn: conn} do
+    test "with existing authentication and non-OOB `redirect_uri`, redirects to app with `token` and `state` params",
+         %{
+           app: app,
+           conn: conn
+         } do
       token = insert(:oauth_token, app_id: app.id)
 
       conn =
@@ -419,12 +486,62 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           %{
             "response_type" => "code",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => OAuthController.default_redirect_uri(app),
+            "state" => "specific_client_state",
             "scope" => "read"
           }
         )
 
-      assert redirected_to(conn) == "https://redirect.url"
+      assert URI.decode(redirected_to(conn)) ==
+               "https://redirect.url?access_token=#{token.token}&state=specific_client_state"
+    end
+
+    test "with existing authentication and unlisted non-OOB `redirect_uri`, redirects without credentials",
+         %{
+           app: app,
+           conn: conn
+         } do
+      unlisted_redirect_uri = "http://cross-site-request.com"
+      token = insert(:oauth_token, app_id: app.id)
+
+      conn =
+        conn
+        |> put_session(:oauth_token, token.token)
+        |> get(
+          "/oauth/authorize",
+          %{
+            "response_type" => "code",
+            "client_id" => app.client_id,
+            "redirect_uri" => unlisted_redirect_uri,
+            "state" => "specific_client_state",
+            "scope" => "read"
+          }
+        )
+
+      assert redirected_to(conn) == unlisted_redirect_uri
+    end
+
+    test "with existing authentication and OOB `redirect_uri`, redirects to app with `token` and `state` params",
+         %{
+           app: app,
+           conn: conn
+         } do
+      token = insert(:oauth_token, app_id: app.id)
+
+      conn =
+        conn
+        |> put_session(:oauth_token, token.token)
+        |> get(
+          "/oauth/authorize",
+          %{
+            "response_type" => "code",
+            "client_id" => app.client_id,
+            "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+            "scope" => "read"
+          }
+        )
+
+      assert html_response(conn, 200) =~ "Authorization exists"
     end
   end
 
@@ -432,6 +549,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "redirects with oauth authorization" do
       user = insert(:user)
       app = insert(:oauth_app, scopes: ["read", "write", "follow"])
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       conn =
         build_conn()
@@ -440,14 +558,14 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "name" => user.nickname,
             "password" => "test",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => redirect_uri,
             "scope" => "read write",
             "state" => "statepassed"
           }
         })
 
       target = redirected_to(conn)
-      assert target =~ app.redirect_uris
+      assert target =~ redirect_uri
 
       query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
 
@@ -460,6 +578,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "returns 401 for wrong credentials", %{conn: conn} do
       user = insert(:user)
       app = insert(:oauth_app)
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       result =
         conn
@@ -468,7 +587,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "name" => user.nickname,
             "password" => "wrong",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => redirect_uri,
             "state" => "statepassed",
             "scope" => Enum.join(app.scopes, " ")
           }
@@ -477,7 +596,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       # Keep the details
       assert result =~ app.client_id
-      assert result =~ app.redirect_uris
+      assert result =~ redirect_uri
 
       # Error message
       assert result =~ "Invalid Username/Password"
@@ -486,6 +605,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "returns 401 for missing scopes", %{conn: conn} do
       user = insert(:user)
       app = insert(:oauth_app)
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       result =
         conn
@@ -494,7 +614,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "name" => user.nickname,
             "password" => "test",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => redirect_uri,
             "state" => "statepassed",
             "scope" => ""
           }
@@ -503,7 +623,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       # Keep the details
       assert result =~ app.client_id
-      assert result =~ app.redirect_uris
+      assert result =~ redirect_uri
 
       # Error message
       assert result =~ "This action is outside the authorized scopes"
@@ -512,6 +632,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "returns 401 for scopes beyond app scopes", %{conn: conn} do
       user = insert(:user)
       app = insert(:oauth_app, scopes: ["read", "write"])
+      redirect_uri = OAuthController.default_redirect_uri(app)
 
       result =
         conn
@@ -520,7 +641,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
             "name" => user.nickname,
             "password" => "test",
             "client_id" => app.client_id,
-            "redirect_uri" => app.redirect_uris,
+            "redirect_uri" => redirect_uri,
             "state" => "statepassed",
             "scope" => "read write follow"
           }
@@ -529,7 +650,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       # Keep the details
       assert result =~ app.client_id
-      assert result =~ app.redirect_uris
+      assert result =~ redirect_uri
 
       # Error message
       assert result =~ "This action is outside the authorized scopes"
@@ -548,7 +669,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         |> post("/oauth/token", %{
           "grant_type" => "authorization_code",
           "code" => auth.token,
-          "redirect_uri" => app.redirect_uris,
+          "redirect_uri" => OAuthController.default_redirect_uri(app),
           "client_id" => app.client_id,
           "client_secret" => app.client_secret
         })
@@ -602,7 +723,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         |> post("/oauth/token", %{
           "grant_type" => "authorization_code",
           "code" => auth.token,
-          "redirect_uri" => app.redirect_uris
+          "redirect_uri" => OAuthController.default_redirect_uri(app)
         })
 
       assert %{"access_token" => token, "scope" => scope} = json_response(conn, 200)
@@ -647,7 +768,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         |> post("/oauth/token", %{
           "grant_type" => "authorization_code",
           "code" => auth.token,
-          "redirect_uri" => app.redirect_uris
+          "redirect_uri" => OAuthController.default_redirect_uri(app)
         })
 
       assert resp = json_response(conn, 400)
@@ -726,7 +847,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
         |> post("/oauth/token", %{
           "grant_type" => "authorization_code",
           "code" => "Imobviouslyinvalid",
-          "redirect_uri" => app.redirect_uris,
+          "redirect_uri" => OAuthController.default_redirect_uri(app),
           "client_id" => app.client_id,
           "client_secret" => app.client_secret
         })

test/web/ostatus/activity_representer_test.exs

@@ -38,22 +38,23 @@ defmodule Pleroma.Web.OStatus.ActivityRepresenterTest do
 
   test "a note activity" do
     note_activity = insert(:note_activity)
+    object_data = Object.normalize(note_activity).data
 
     user = User.get_cached_by_ap_id(note_activity.data["actor"])
 
     expected = """
     <activity:object-type>http://activitystrea.ms/schema/1.0/note</activity:object-type>
     <activity:verb>http://activitystrea.ms/schema/1.0/post</activity:verb>
-    <id>#{note_activity.data["object"]["id"]}</id>
+    <id>#{object_data["id"]}</id>
     <title>New note by #{user.nickname}</title>
-    <content type="html">#{note_activity.data["object"]["content"]}</content>
-    <published>#{note_activity.data["object"]["published"]}</published>
-    <updated>#{note_activity.data["object"]["published"]}</updated>
+    <content type="html">#{object_data["content"]}</content>
+    <published>#{object_data["published"]}</published>
+    <updated>#{object_data["published"]}</updated>
     <ostatus:conversation ref="#{note_activity.data["context"]}">#{note_activity.data["context"]}</ostatus:conversation>
     <link ref="#{note_activity.data["context"]}" rel="ostatus:conversation" />
-    <summary>#{note_activity.data["object"]["summary"]}</summary>
-    <link type="application/atom+xml" href="#{note_activity.data["object"]["id"]}" rel="self" />
-    <link type="text/html" href="#{note_activity.data["object"]["id"]}" rel="alternate" />
+    <summary>#{object_data["summary"]}</summary>
+    <link type="application/atom+xml" href="#{object_data["id"]}" rel="self" />
+    <link type="text/html" href="#{object_data["id"]}" rel="alternate" />
     <category term="2hu"/>
     <link rel="mentioned" ostatus:object-type="http://activitystrea.ms/schema/1.0/collection" href="http://activityschema.org/collection/public"/>
     <link name="2hu" rel="emoji" href="corndog.png" />
@@ -106,7 +107,7 @@ defmodule Pleroma.Web.OStatus.ActivityRepresenterTest do
   test "an announce activity" do
     note = insert(:note_activity)
     user = insert(:user)
-    object = Object.get_cached_by_ap_id(note.data["object"]["id"])
+    object = Object.normalize(note)
 
     {:ok, announce, _object} = ActivityPub.announce(user, object)
 
@@ -125,7 +126,7 @@ defmodule Pleroma.Web.OStatus.ActivityRepresenterTest do
     <activity:verb>http://activitystrea.ms/schema/1.0/share</activity:verb>
     <id>#{announce.data["id"]}</id>
     <title>#{user.nickname} repeated a notice</title>
-    <content type="html">RT #{note.data["object"]["content"]}</content>
+    <content type="html">RT #{object.data["content"]}</content>
     <published>#{announce.data["published"]}</published>
     <updated>#{announce.data["published"]}</updated>
     <ostatus:conversation ref="#{announce.data["context"]}">#{announce.data["context"]}</ostatus:conversation>

test/web/ostatus/incoming_documents/delete_handling_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatus.DeleteHandlingTest do
   use Pleroma.DataCase
 
@@ -17,8 +21,9 @@ defmodule Pleroma.Web.OStatus.DeleteHandlingTest do
     test "it removes the mentioned activity" do
       note = insert(:note_activity)
       second_note = insert(:note_activity)
+      object = Object.normalize(note)
+      second_object = Object.normalize(second_note)
       user = insert(:user)
-      object = Object.get_by_ap_id(note.data["object"]["id"])
 
       {:ok, like, _object} = Pleroma.Web.ActivityPub.ActivityPub.like(user, object)
 
@@ -26,16 +31,16 @@ defmodule Pleroma.Web.OStatus.DeleteHandlingTest do
         File.read!("test/fixtures/delete.xml")
         |> String.replace(
           "tag:mastodon.sdf.org,2017-06-10:objectId=310513:objectType=Status",
-          note.data["object"]["id"]
+          object.data["id"]
         )
 
       {:ok, [delete]} = OStatus.handle_incoming(incoming)
 
       refute Activity.get_by_id(note.id)
       refute Activity.get_by_id(like.id)
-      assert Object.get_by_ap_id(note.data["object"]["id"]).data["type"] == "Tombstone"
+      assert Object.get_by_ap_id(object.data["id"]).data["type"] == "Tombstone"
       assert Activity.get_by_id(second_note.id)
-      assert Object.get_by_ap_id(second_note.data["object"]["id"])
+      assert Object.get_by_ap_id(second_object.data["id"])
 
       assert delete.data["type"] == "Delete"
     end

test/web/ostatus/ostatus_controller_test.exs

@@ -12,6 +12,13 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+
+    config_path = [:instance, :federating]
+    initial_setting = Pleroma.Config.get(config_path)
+
+    Pleroma.Config.put(config_path, true)
+    on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
+
     :ok
   end
 
@@ -65,6 +72,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
   test "gets a feed", %{conn: conn} do
     note_activity = insert(:note_activity)
+    object = Object.normalize(note_activity)
     user = User.get_cached_by_ap_id(note_activity.data["actor"])
 
     conn =
@@ -72,7 +80,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
       |> put_req_header("content-type", "application/atom+xml")
       |> get("/users/#{user.nickname}/feed.atom")
 
-    assert response(conn, 200) =~ note_activity.data["object"]["content"]
+    assert response(conn, 200) =~ object.data["content"]
   end
 
   test "returns 404 for a missing feed", %{conn: conn} do
@@ -86,8 +94,9 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
   test "gets an object", %{conn: conn} do
     note_activity = insert(:note_activity)
+    object = Object.normalize(note_activity)
     user = User.get_cached_by_ap_id(note_activity.data["actor"])
-    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["object"]["id"]))
+    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
     url = "/objects/#{uuid}"
 
     conn =
@@ -106,7 +115,8 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
   test "404s on private objects", %{conn: conn} do
     note_activity = insert(:direct_note_activity)
-    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["object"]["id"]))
+    object = Object.normalize(note_activity)
+    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
 
     conn
     |> get("/objects/#{uuid}")
@@ -131,8 +141,8 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
   test "404s on deleted objects", %{conn: conn} do
     note_activity = insert(:note_activity)
-    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["object"]["id"]))
-    object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+    object = Object.normalize(note_activity)
+    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, object.data["id"]))
 
     conn
     |> put_req_header("accept", "application/xml")

test/web/ostatus/ostatus_test.exs

@@ -11,8 +11,10 @@ defmodule Pleroma.Web.OStatusTest do
   alias Pleroma.User
   alias Pleroma.Web.OStatus
   alias Pleroma.Web.XML
-  import Pleroma.Factory
+
   import ExUnit.CaptureLog
+  import Mock
+  import Pleroma.Factory
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -28,7 +30,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming note - GS, Salmon" do
     incoming = File.read!("test/fixtures/incoming_note_activity.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     user = User.get_cached_by_ap_id(activity.data["actor"])
     assert user.info.note_count == 1
@@ -51,7 +53,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming notes - GS, subscription" do
     incoming = File.read!("test/fixtures/ostatus_incoming_post.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert activity.data["type"] == "Create"
     assert object.data["type"] == "Note"
@@ -65,7 +67,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming notes with attachments - GS, subscription" do
     incoming = File.read!("test/fixtures/incoming_websub_gnusocial_attachments.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert activity.data["type"] == "Create"
     assert object.data["type"] == "Note"
@@ -78,7 +80,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming notes with tags" do
     incoming = File.read!("test/fixtures/ostatus_incoming_post_tag.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert object.data["tag"] == ["nsfw"]
     assert "https://www.w3.org/ns/activitystreams#Public" in activity.data["to"]
@@ -95,7 +97,7 @@ defmodule Pleroma.Web.OStatusTest do
 
     incoming = File.read!("test/fixtures/incoming_reply_mastodon.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert activity.data["type"] == "Create"
     assert object.data["type"] == "Note"
@@ -107,7 +109,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming notes - Mastodon, with CW" do
     incoming = File.read!("test/fixtures/mastodon-note-cw.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert activity.data["type"] == "Create"
     assert object.data["type"] == "Note"
@@ -119,7 +121,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming unlisted messages, put public into cc" do
     incoming = File.read!("test/fixtures/mastodon-note-unlisted.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     refute "https://www.w3.org/ns/activitystreams#Public" in activity.data["to"]
     assert "https://www.w3.org/ns/activitystreams#Public" in activity.data["cc"]
@@ -130,7 +132,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming retweets - Mastodon, with CW" do
     incoming = File.read!("test/fixtures/cw_retweet.xml")
     {:ok, [[_activity, retweeted_activity]]} = OStatus.handle_incoming(incoming)
-    retweeted_object = Object.normalize(retweeted_activity.data["object"])
+    retweeted_object = Object.normalize(retweeted_activity)
 
     assert retweeted_object.data["summary"] == "Hey."
   end
@@ -138,7 +140,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming notes - GS, subscription, reply" do
     incoming = File.read!("test/fixtures/ostatus_incoming_reply.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     assert activity.data["type"] == "Create"
     assert object.data["type"] == "Note"
@@ -164,7 +166,7 @@ defmodule Pleroma.Web.OStatusTest do
     refute activity.local
 
     retweeted_activity = Activity.get_by_id(retweeted_activity.id)
-    retweeted_object = Object.normalize(retweeted_activity.data["object"])
+    retweeted_object = Object.normalize(retweeted_activity)
     assert retweeted_activity.data["type"] == "Create"
     assert retweeted_activity.data["actor"] == "https://pleroma.soykaf.com/users/lain"
     refute retweeted_activity.local
@@ -176,18 +178,19 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming retweets - GS, subscription - local message" do
     incoming = File.read!("test/fixtures/share-gs-local.xml")
     note_activity = insert(:note_activity)
+    object = Object.normalize(note_activity)
     user = User.get_cached_by_ap_id(note_activity.data["actor"])
 
     incoming =
       incoming
-      |> String.replace("LOCAL_ID", note_activity.data["object"]["id"])
+      |> String.replace("LOCAL_ID", object.data["id"])
       |> String.replace("LOCAL_USER", user.ap_id)
 
     {:ok, [[activity, retweeted_activity]]} = OStatus.handle_incoming(incoming)
 
     assert activity.data["type"] == "Announce"
     assert activity.data["actor"] == "https://social.heldscal.la/user/23211"
-    assert activity.data["object"] == retweeted_activity.data["object"]["id"]
+    assert activity.data["object"] == object.data["id"]
     assert user.ap_id in activity.data["to"]
     refute activity.local
 
@@ -202,7 +205,7 @@ defmodule Pleroma.Web.OStatusTest do
   test "handle incoming retweets - Mastodon, salmon" do
     incoming = File.read!("test/fixtures/share.xml")
     {:ok, [[activity, retweeted_activity]]} = OStatus.handle_incoming(incoming)
-    retweeted_object = Object.normalize(retweeted_activity.data["object"])
+    retweeted_object = Object.normalize(retweeted_activity)
 
     assert activity.data["type"] == "Announce"
     assert activity.data["actor"] == "https://mastodon.social/users/lambadalambda"
@@ -251,25 +254,29 @@ defmodule Pleroma.Web.OStatusTest do
 
   test "handle incoming favorites with locally available object - GS, websub" do
     note_activity = insert(:note_activity)
+    object = Object.normalize(note_activity)
 
     incoming =
       File.read!("test/fixtures/favorite_with_local_note.xml")
-      |> String.replace("localid", note_activity.data["object"]["id"])
+      |> String.replace("localid", object.data["id"])
 
     {:ok, [[activity, favorited_activity]]} = OStatus.handle_incoming(incoming)
 
     assert activity.data["type"] == "Like"
     assert activity.data["actor"] == "https://social.heldscal.la/user/23211"
-    assert activity.data["object"] == favorited_activity.data["object"]["id"]
+    assert activity.data["object"] == object.data["id"]
     refute activity.local
     assert note_activity.id == favorited_activity.id
     assert favorited_activity.local
   end
 
-  test "handle incoming replies" do
+  test_with_mock "handle incoming replies, fetching replied-to activities if we don't have them",
+                 OStatus,
+                 [:passthrough],
+                 [] do
     incoming = File.read!("test/fixtures/incoming_note_activity_answer.xml")
     {:ok, [activity]} = OStatus.handle_incoming(incoming)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity, false)
 
     assert activity.data["type"] == "Create"
     assert object.data["type"] == "Note"
@@ -282,6 +289,23 @@ defmodule Pleroma.Web.OStatusTest do
     assert object.data["id"] == "tag:gs.example.org:4040,2017-04-25:noticeId=55:objectType=note"
 
     assert "https://www.w3.org/ns/activitystreams#Public" in activity.data["to"]
+
+    assert called(OStatus.fetch_activity_from_url(object.data["inReplyTo"], :_))
+  end
+
+  test_with_mock "handle incoming replies, not fetching replied-to activities beyond max_replies_depth",
+                 OStatus,
+                 [:passthrough],
+                 [] do
+    incoming = File.read!("test/fixtures/incoming_note_activity_answer.xml")
+
+    with_mock Pleroma.Web.Federator,
+      allowed_incoming_reply_depth?: fn _ -> false end do
+      {:ok, [activity]} = OStatus.handle_incoming(incoming)
+      object = Object.normalize(activity, false)
+
+      refute called(OStatus.fetch_activity_from_url(object.data["inReplyTo"], :_))
+    end
   end
 
   test "handle incoming follows" do
@@ -315,13 +339,14 @@ defmodule Pleroma.Web.OStatusTest do
              "undo:tag:social.heldscal.la,2017-05-07:subscription:23211:person:44803:2017-05-07T09:54:48+00:00"
 
     assert activity.data["actor"] == "https://social.heldscal.la/user/23211"
-    assert is_map(activity.data["object"])
-    assert activity.data["object"]["type"] == "Follow"
-    assert activity.data["object"]["object"] == "https://pawoo.net/users/pekorino"
+    embedded_object = activity.data["object"]
+    assert is_map(embedded_object)
+    assert embedded_object["type"] == "Follow"
+    assert embedded_object["object"] == "https://pawoo.net/users/pekorino"
     refute activity.local
 
     follower = User.get_cached_by_ap_id(activity.data["actor"])
-    followed = User.get_cached_by_ap_id(activity.data["object"]["object"])
+    followed = User.get_cached_by_ap_id(embedded_object["object"])
 
     refute User.following?(follower, followed)
   end
@@ -538,8 +563,7 @@ defmodule Pleroma.Web.OStatusTest do
 
     test "Article objects are not representable" do
       note_activity = insert(:note_activity)
-
-      note_object = Object.normalize(note_activity.data["object"])
+      note_object = Object.normalize(note_activity)
 
       note_data =
         note_object.data

test/web/plugs/federating_plug_test.exs

@@ -5,6 +5,15 @@
 defmodule Pleroma.Web.FederatingPlugTest do
   use Pleroma.Web.ConnCase
 
+  setup_all do
+    config_path = [:instance, :federating]
+    initial_setting = Pleroma.Config.get(config_path)
+
+    on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
+
+    :ok
+  end
+
   test "returns and halt the conn when federating is disabled" do
     Pleroma.Config.put([:instance, :federating], false)
 
@@ -14,11 +23,11 @@ defmodule Pleroma.Web.FederatingPlugTest do
 
     assert conn.status == 404
     assert conn.halted
-
-    Pleroma.Config.put([:instance, :federating], true)
   end
 
   test "does nothing when federating is enabled" do
+    Pleroma.Config.put([:instance, :federating], true)
+
     conn =
       build_conn()
       |> Pleroma.Web.FederatingPlug.call(%{})

test/web/rel_me_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.RelMeTest do
   use ExUnit.Case, async: true
 

test/web/rich_media/helpers_test.exs

@@ -1,14 +1,23 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.RichMedia.HelpersTest do
   use Pleroma.DataCase
 
+  alias Pleroma.Config
   alias Pleroma.Object
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.RichMedia.Helpers
 
   import Pleroma.Factory
   import Tesla.Mock
 
   setup do
     mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    rich_media = Config.get([:rich_media, :enabled])
+    on_exit(fn -> Config.put([:rich_media, :enabled], rich_media) end)
+
     :ok
   end
 
@@ -21,11 +30,9 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
         "content_type" => "text/markdown"
       })
 
-    Pleroma.Config.put([:rich_media, :enabled], true)
+    Config.put([:rich_media, :enabled], true)
 
     assert %{} == Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
-
-    Pleroma.Config.put([:rich_media, :enabled], false)
   end
 
   test "refuses to crawl malformed URLs" do
@@ -37,11 +44,9 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
         "content_type" => "text/markdown"
       })
 
-    Pleroma.Config.put([:rich_media, :enabled], true)
+    Config.put([:rich_media, :enabled], true)
 
     assert %{} == Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
-
-    Pleroma.Config.put([:rich_media, :enabled], false)
   end
 
   test "crawls valid, complete URLs" do
@@ -49,16 +54,14 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     {:ok, activity} =
       CommonAPI.post(user, %{
-        "status" => "[test](http://example.com/ogp)",
+        "status" => "[test](https://example.com/ogp)",
         "content_type" => "text/markdown"
       })
 
-    Pleroma.Config.put([:rich_media, :enabled], true)
+    Config.put([:rich_media, :enabled], true)
 
-    assert %{page_url: "http://example.com/ogp", rich_media: _} =
+    assert %{page_url: "https://example.com/ogp", rich_media: _} =
              Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
-
-    Pleroma.Config.put([:rich_media, :enabled], false)
   end
 
   test "refuses to crawl URLs from posts marked sensitive" do
@@ -74,11 +77,9 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     assert object.data["sensitive"]
 
-    Pleroma.Config.put([:rich_media, :enabled], true)
+    Config.put([:rich_media, :enabled], true)
 
     assert %{} = Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
-
-    Pleroma.Config.put([:rich_media, :enabled], false)
   end
 
   test "refuses to crawl URLs from posts tagged NSFW" do
@@ -93,10 +94,28 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
 
     assert object.data["sensitive"]
 
-    Pleroma.Config.put([:rich_media, :enabled], true)
+    Config.put([:rich_media, :enabled], true)
 
     assert %{} = Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
+  end
 
-    Pleroma.Config.put([:rich_media, :enabled], false)
+  test "refuses to crawl URLs of private network from posts" do
+    user = insert(:user)
+
+    {:ok, activity} =
+      CommonAPI.post(user, %{"status" => "http://127.0.0.1:4000/notice/9kCP7VNyPJXFOXDrgO"})
+
+    {:ok, activity2} = CommonAPI.post(user, %{"status" => "https://10.111.10.1/notice/9kCP7V"})
+    {:ok, activity3} = CommonAPI.post(user, %{"status" => "https://172.16.32.40/notice/9kCP7V"})
+    {:ok, activity4} = CommonAPI.post(user, %{"status" => "https://192.168.10.40/notice/9kCP7V"})
+    {:ok, activity5} = CommonAPI.post(user, %{"status" => "https://pleroma.local/notice/9kCP7V"})
+
+    Config.put([:rich_media, :enabled], true)
+
+    assert %{} = Helpers.fetch_data_for_activity(activity)
+    assert %{} = Helpers.fetch_data_for_activity(activity2)
+    assert %{} = Helpers.fetch_data_for_activity(activity3)
+    assert %{} = Helpers.fetch_data_for_activity(activity4)
+    assert %{} = Helpers.fetch_data_for_activity(activity5)
   end
 end

test/web/rich_media/parser_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.RichMedia.ParserTest do
   use ExUnit.Case, async: true
 
@@ -9,6 +13,21 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
       } ->
         %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
 
+      %{
+        method: :get,
+        url: "http://example.com/non-ogp"
+      } ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/non_ogp_embed.html")}
+
+      %{
+        method: :get,
+        url: "http://example.com/ogp-missing-title"
+      } ->
+        %Tesla.Env{
+          status: 200,
+          body: File.read!("test/fixtures/rich_media/ogp-missing-title.html")
+        }
+
       %{
         method: :get,
         url: "http://example.com/twitter-card"
@@ -38,6 +57,11 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
     assert {:error, _} = Pleroma.Web.RichMedia.Parser.parse("http://example.com/empty")
   end
 
+  test "doesn't just add a title" do
+    assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/non-ogp") ==
+             {:error, "Found metadata was invalid or incomplete: %{}"}
+  end
+
   test "parses ogp" do
     assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp") ==
              {:ok,
@@ -51,6 +75,19 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
               }}
   end
 
+  test "falls back to <title> when ogp:title is missing" do
+    assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp-missing-title") ==
+             {:ok,
+              %{
+                image: "http://ia.media-imdb.com/images/rock.jpg",
+                title: "The Rock (1996)",
+                description:
+                  "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
+                type: "video.movie",
+                url: "http://www.imdb.com/title/tt0117500/"
+              }}
+  end
+
   test "parses twitter card" do
     assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/twitter-card") ==
              {:ok,

test/web/streamer_test.exs

@@ -21,6 +21,52 @@ defmodule Pleroma.Web.StreamerTest do
     :ok
   end
 
+  describe "user streams" do
+    setup do
+      GenServer.start(Streamer, %{}, name: Streamer)
+
+      on_exit(fn ->
+        if pid = Process.whereis(Streamer) do
+          Process.exit(pid, :kill)
+        end
+      end)
+
+      user = insert(:user)
+      notify = insert(:notification, user: user, activity: build(:note_activity))
+      {:ok, %{user: user, notify: notify}}
+    end
+
+    test "it sends notify to in the 'user' stream", %{user: user, notify: notify} do
+      task =
+        Task.async(fn ->
+          assert_receive {:text, _}, 4_000
+        end)
+
+      Streamer.add_socket(
+        "user",
+        %{transport_pid: task.pid, assigns: %{user: user}}
+      )
+
+      Streamer.stream("user", notify)
+      Task.await(task)
+    end
+
+    test "it sends notify to in the 'user:notification' stream", %{user: user, notify: notify} do
+      task =
+        Task.async(fn ->
+          assert_receive {:text, _}, 4_000
+        end)
+
+      Streamer.add_socket(
+        "user:notification",
+        %{transport_pid: task.pid, assigns: %{user: user}}
+      )
+
+      Streamer.stream("user:notification", notify)
+      Task.await(task)
+    end
+  end
+
   test "it sends to public" do
     user = insert(:user)
     other_user = insert(:user)
@@ -310,4 +356,110 @@ defmodule Pleroma.Web.StreamerTest do
 
     Task.await(task)
   end
+
+  describe "direct streams" do
+    setup do
+      GenServer.start(Streamer, %{}, name: Streamer)
+
+      on_exit(fn ->
+        if pid = Process.whereis(Streamer) do
+          Process.exit(pid, :kill)
+        end
+      end)
+
+      :ok
+    end
+
+    test "it sends conversation update to the 'direct' stream", %{} do
+      user = insert(:user)
+      another_user = insert(:user)
+
+      task =
+        Task.async(fn ->
+          assert_receive {:text, _received_event}, 4_000
+        end)
+
+      Streamer.add_socket(
+        "direct",
+        %{transport_pid: task.pid, assigns: %{user: user}}
+      )
+
+      {:ok, _create_activity} =
+        CommonAPI.post(another_user, %{
+          "status" => "hey @#{user.nickname}",
+          "visibility" => "direct"
+        })
+
+      Task.await(task)
+    end
+
+    test "it doesn't send conversation update to the 'direct' streamj when the last message in the conversation is deleted" do
+      user = insert(:user)
+      another_user = insert(:user)
+
+      {:ok, create_activity} =
+        CommonAPI.post(another_user, %{
+          "status" => "hi @#{user.nickname}",
+          "visibility" => "direct"
+        })
+
+      task =
+        Task.async(fn ->
+          assert_receive {:text, received_event}, 4_000
+          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
+
+          refute_receive {:text, _}, 4_000
+        end)
+
+      Streamer.add_socket(
+        "direct",
+        %{transport_pid: task.pid, assigns: %{user: user}}
+      )
+
+      {:ok, _} = CommonAPI.delete(create_activity.id, another_user)
+
+      Task.await(task)
+    end
+
+    test "it sends conversation update to the 'direct' stream when a message is deleted" do
+      user = insert(:user)
+      another_user = insert(:user)
+
+      {:ok, create_activity} =
+        CommonAPI.post(another_user, %{
+          "status" => "hi @#{user.nickname}",
+          "visibility" => "direct"
+        })
+
+      {:ok, create_activity2} =
+        CommonAPI.post(another_user, %{
+          "status" => "hi @#{user.nickname}",
+          "in_reply_to_status_id" => create_activity.id,
+          "visibility" => "direct"
+        })
+
+      task =
+        Task.async(fn ->
+          assert_receive {:text, received_event}, 4_000
+          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
+
+          assert_receive {:text, received_event}, 4_000
+
+          assert %{"event" => "conversation", "payload" => received_payload} =
+                   Jason.decode!(received_event)
+
+          assert %{"last_status" => last_status} = Jason.decode!(received_payload)
+          assert last_status["id"] == to_string(create_activity.id)
+        end)
+
+      Streamer.add_socket(
+        "direct",
+        %{transport_pid: task.pid, assigns: %{user: user}}
+      )
+
+      {:ok, _} = CommonAPI.delete(create_activity2.id, another_user)
+
+      Task.await(task)
+    end
+  end
 end

test/web/twitter_api/password_controller_test.exs

@@ -0,0 +1,60 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.PasswordResetToken
+  alias Pleroma.Web.OAuth.Token
+  import Pleroma.Factory
+
+  describe "GET /api/pleroma/password_reset/token" do
+    test "it returns error when token invalid", %{conn: conn} do
+      response =
+        conn
+        |> get("/api/pleroma/password_reset/token")
+        |> html_response(:ok)
+
+      assert response =~ "<h2>Invalid Token</h2>"
+    end
+
+    test "it shows password reset form", %{conn: conn} do
+      user = insert(:user)
+      {:ok, token} = PasswordResetToken.create_token(user)
+
+      response =
+        conn
+        |> get("/api/pleroma/password_reset/#{token.token}")
+        |> html_response(:ok)
+
+      assert response =~ "<h2>Password Reset for #{user.nickname}</h2>"
+    end
+  end
+
+  describe "POST /api/pleroma/password_reset" do
+    test "it returns HTTP 200", %{conn: conn} do
+      user = insert(:user)
+      {:ok, token} = PasswordResetToken.create_token(user)
+      {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{})
+
+      params = %{
+        "password" => "test",
+        password_confirmation: "test",
+        token: token.token
+      }
+
+      response =
+        conn
+        |> assign(:user, user)
+        |> post("/api/pleroma/password_reset", %{data: params})
+        |> html_response(:ok)
+
+      assert response =~ "<h2>Password changed!</h2>"
+
+      user = refresh_record(user)
+      assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+      assert length(Token.get_user_tokens(user)) == 0
+    end
+  end
+end

test/web/twitter_api/twitter_api_controller_test.exs

@@ -40,6 +40,18 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       user = refresh_record(user)
       assert user.info.banner["type"] == "Image"
     end
+
+    test "profile banner can be reset", %{conn: conn} do
+      user = insert(:user)
+
+      conn
+      |> assign(:user, user)
+      |> post(authenticated_twitter_api__path(conn, :update_banner), %{"banner" => ""})
+      |> json_response(200)
+
+      user = refresh_record(user)
+      assert user.info.banner == %{}
+    end
   end
 
   describe "POST /api/qvitter/update_background_image" do
@@ -54,6 +66,18 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       user = refresh_record(user)
       assert user.info.background["type"] == "Image"
     end
+
+    test "background can be reset", %{conn: conn} do
+      user = insert(:user)
+
+      conn
+      |> assign(:user, user)
+      |> post(authenticated_twitter_api__path(conn, :update_background), %{"img" => ""})
+      |> json_response(200)
+
+      user = refresh_record(user)
+      assert user.info.background == %{}
+    end
   end
 
   describe "POST /api/account/verify_credentials" do
@@ -821,6 +845,19 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       assert json_response(conn, 200) ==
                UserView.render("show.json", %{user: current_user, for: current_user})
     end
+
+    test "user avatar can be reset", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/qvitter/update_avatar.json", %{img: ""})
+
+      current_user = User.get_cached_by_id(current_user.id)
+      assert current_user.avatar == nil
+
+      assert json_response(conn, 200) ==
+               UserView.render("show.json", %{user: current_user, for: current_user})
+    end
   end
 
   describe "GET /api/qvitter/mutes.json" do
@@ -892,7 +929,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
 
     test "with credentials", %{conn: conn, user: current_user} do
       note_activity = insert(:note_activity)
-      object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+      object = Object.normalize(note_activity)
       ActivityPub.like(current_user, object)
 
       conn =

test/web/twitter_api/twitter_api_test.exs

@@ -46,7 +46,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     }
 
     {:ok, activity = %Activity{}} = TwitterAPI.create_status(user, input)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     expected_text =
       "Hello again, <span class='h-card'><a data-user='#{mentioned_user.id}' class='u-url mention' href='shp'>@<span>shp</span></a></span>.&lt;script&gt;&lt;/script&gt;<br>This is on another :firefox: line. <a class='hashtag' data-tag='2hu' href='http://localhost:4001/tag/2hu' rel='tag'>#2hu</a> <a class='hashtag' data-tag='epic' href='http://localhost:4001/tag/epic' rel='tag'>#epic</a> <a class='hashtag' data-tag='phantasmagoric' href='http://localhost:4001/tag/phantasmagoric' rel='tag'>#phantasmagoric</a><br><a href=\"http://example.org/image.jpg\" class='attachment'>image.jpg</a>"
@@ -91,7 +91,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     }
 
     {:ok, activity = %Activity{}} = TwitterAPI.create_status(user, input)
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     input = %{
       "status" => "Here's your (you).",
@@ -99,7 +99,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     }
 
     {:ok, reply = %Activity{}} = TwitterAPI.create_status(user, input)
-    reply_object = Object.normalize(reply.data["object"])
+    reply_object = Object.normalize(reply)
 
     assert get_in(reply.data, ["context"]) == get_in(activity.data, ["context"])
 
@@ -116,8 +116,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     {:ok, user, followed, _activity} = TwitterAPI.follow(user, %{"user_id" => followed.id})
     assert User.ap_followers(followed) in user.following
 
-    {:error, msg} = TwitterAPI.follow(user, %{"user_id" => followed.id})
-    assert msg == "Could not follow user: #{followed.nickname} is already on your list."
+    {:ok, _, _, _} = TwitterAPI.follow(user, %{"user_id" => followed.id})
   end
 
   test "Follow another user using screen_name" do
@@ -132,8 +131,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     followed = User.get_cached_by_ap_id(followed.ap_id)
     assert followed.info.follower_count == 1
 
-    {:error, msg} = TwitterAPI.follow(user, %{"screen_name" => followed.nickname})
-    assert msg == "Could not follow user: #{followed.nickname} is already on your list."
+    {:ok, _, _, _} = TwitterAPI.follow(user, %{"screen_name" => followed.nickname})
   end
 
   test "Unfollow another user using user_id" do
@@ -218,7 +216,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
     updated_activity = Activity.get_by_ap_id(note_activity.data["id"])
     assert ActivityView.render("activity.json", %{activity: updated_activity})["fave_num"] == 1
 
-    object = Object.normalize(note_activity.data["object"])
+    object = Object.normalize(note_activity)
 
     assert object.data["like_count"] == 1
 
@@ -226,7 +224,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
 
     {:ok, _status} = TwitterAPI.fav(other_user, note_activity.id)
 
-    object = Object.normalize(note_activity.data["object"])
+    object = Object.normalize(note_activity)
 
     assert object.data["like_count"] == 2
 
@@ -237,7 +235,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
   test "it unfavorites a status, returns the updated activity" do
     user = insert(:user)
     note_activity = insert(:note_activity)
-    object = Object.get_by_ap_id(note_activity.data["object"]["id"])
+    object = Object.normalize(note_activity)
 
     {:ok, _like_activity, _object} = ActivityPub.like(user, object)
     updated_activity = Activity.get_by_ap_id(note_activity.data["id"])

test/web/twitter_api/util_controller_test.exs

@@ -1,3 +1,7 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
   use Pleroma.Web.ConnCase
 

test/web/twitter_api/views/activity_view_test.exs

@@ -126,7 +126,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
     other_user = insert(:user, %{nickname: "shp"})
 
     {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     result = ActivityView.render("activity.json", activity: activity)
 
@@ -177,7 +177,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
     user = insert(:user)
     other_user = insert(:user, %{nickname: "shp"})
     {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!"})
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     convo_id = Utils.context_to_conversation_id(object.data["context"])
 
@@ -351,7 +351,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityViewTest do
       "is_post_verb" => false,
       "statusnet_html" => "deleted notice {{tag",
       "text" => "deleted notice {{tag",
-      "uri" => delete.data["object"],
+      "uri" => Object.normalize(delete).data["id"],
       "user" => UserView.render("show.json", user: user)
     }
 

test/web/web_finger/web_finger_controller_test.exs

@@ -10,6 +10,12 @@ defmodule Pleroma.Web.WebFinger.WebFingerControllerTest do
 
   setup do
     mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
+
+    config_path = [:instance, :federating]
+    initial_setting = Pleroma.Config.get(config_path)
+
+    Pleroma.Config.put(config_path, true)
+    on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
     :ok
   end
 

test/web/web_finger/web_finger_test.exs

@@ -104,5 +104,16 @@ defmodule Pleroma.Web.WebFingerTest do
 
       assert template == "http://status.alpicola.com/main/xrd?uri={uri}"
     end
+
+    test "it works with idna domains as nickname" do
+      nickname = "lain@" <> to_string(:idna.encode("zetsubou.みんな"))
+
+      {:ok, _data} = WebFinger.finger(nickname)
+    end
+
+    test "it works with idna domains as link" do
+      ap_id = "https://" <> to_string(:idna.encode("zetsubou.みんな")) <> "/users/lain"
+      {:ok, _data} = WebFinger.finger(ap_id)
+    end
   end
 end

test/web/websub/websub_controller_test.exs

@@ -9,6 +9,16 @@ defmodule Pleroma.Web.Websub.WebsubControllerTest do
   alias Pleroma.Web.Websub
   alias Pleroma.Web.Websub.WebsubClientSubscription
 
+  setup_all do
+    config_path = [:instance, :federating]
+    initial_setting = Pleroma.Config.get(config_path)
+
+    Pleroma.Config.put(config_path, true)
+    on_exit(fn -> Pleroma.Config.put(config_path, initial_setting) end)
+
+    :ok
+  end
+
   test "websub subscription request", %{conn: conn} do
     user = insert(:user)