Merge branch 'develop' into feature/admin-api-user-statuses

test/media_proxy_test.exs

@@ -88,10 +88,10 @@ defmodule Pleroma.MediaProxyTest do
       assert decode_url(sig, base64) == {:error, :invalid_signature}
     end
 
-    test "filename_matches matches url encoded paths" do
+    test "filename_matches preserves the encoded or decoded path" do
       assert MediaProxyController.filename_matches(
                true,
-               "/Hello%20world.jpg",
+               "/Hello world.jpg",
                "http://pleroma.social/Hello world.jpg"
              ) == :ok
 
@@ -100,19 +100,11 @@ defmodule Pleroma.MediaProxyTest do
                "/Hello%20world.jpg",
                "http://pleroma.social/Hello%20world.jpg"
              ) == :ok
-    end
-
-    test "filename_matches matches non-url encoded paths" do
-      assert MediaProxyController.filename_matches(
-               true,
-               "/Hello world.jpg",
-               "http://pleroma.social/Hello%20world.jpg"
-             ) == :ok
 
       assert MediaProxyController.filename_matches(
                true,
-               "/Hello world.jpg",
-               "http://pleroma.social/Hello world.jpg"
+               "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg",
+               "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
              ) == :ok
     end
 

test/plugs/rate_limiter_test.exs

@@ -10,12 +10,13 @@ defmodule Pleroma.Plugs.RateLimiterTest do
 
   import Pleroma.Factory
 
-  @limiter_name :testing
+  # Note: each example must work with separate buckets in order to prevent concurrency issues
 
   test "init/1" do
-    Pleroma.Config.put([:rate_limit, @limiter_name], {1, 1})
+    limiter_name = :test_init
+    Pleroma.Config.put([:rate_limit, limiter_name], {1, 1})
 
-    assert {@limiter_name, {1, 1}} == RateLimiter.init(@limiter_name)
+    assert {limiter_name, {1, 1}, []} == RateLimiter.init(limiter_name)
     assert nil == RateLimiter.init(:foo)
   end
 
@@ -24,14 +25,15 @@ defmodule Pleroma.Plugs.RateLimiterTest do
   end
 
   test "it restricts by opts" do
+    limiter_name = :test_opts
     scale = 1000
     limit = 5
 
-    Pleroma.Config.put([:rate_limit, @limiter_name], {scale, limit})
+    Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit})
 
-    opts = RateLimiter.init(@limiter_name)
+    opts = RateLimiter.init(limiter_name)
     conn = conn(:get, "/")
-    bucket_name = "#{@limiter_name}:#{RateLimiter.ip(conn)}"
+    bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}"
 
     conn = RateLimiter.call(conn, opts)
     assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
@@ -65,18 +67,78 @@ defmodule Pleroma.Plugs.RateLimiterTest do
     refute conn.halted
   end
 
+  test "`bucket_name` option overrides default bucket name" do
+    limiter_name = :test_bucket_name
+    scale = 1000
+    limit = 5
+
+    Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit})
+    base_bucket_name = "#{limiter_name}:group1"
+    opts = RateLimiter.init({limiter_name, bucket_name: base_bucket_name})
+
+    conn = conn(:get, "/")
+    default_bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}"
+    customized_bucket_name = "#{base_bucket_name}:#{RateLimiter.ip(conn)}"
+
+    RateLimiter.call(conn, opts)
+    assert {1, 4, _, _, _} = ExRated.inspect_bucket(customized_bucket_name, scale, limit)
+    assert {0, 5, _, _, _} = ExRated.inspect_bucket(default_bucket_name, scale, limit)
+  end
+
+  test "`params` option appends specified params' values to bucket name" do
+    limiter_name = :test_params
+    scale = 1000
+    limit = 5
+
+    Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit})
+    opts = RateLimiter.init({limiter_name, params: ["id"]})
+    id = "1"
+
+    conn = conn(:get, "/?id=#{id}")
+    conn = Plug.Conn.fetch_query_params(conn)
+
+    default_bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}"
+    parametrized_bucket_name = "#{limiter_name}:#{id}:#{RateLimiter.ip(conn)}"
+
+    RateLimiter.call(conn, opts)
+    assert {1, 4, _, _, _} = ExRated.inspect_bucket(parametrized_bucket_name, scale, limit)
+    assert {0, 5, _, _, _} = ExRated.inspect_bucket(default_bucket_name, scale, limit)
+  end
+
+  test "it supports combination of options modifying bucket name" do
+    limiter_name = :test_options_combo
+    scale = 1000
+    limit = 5
+
+    Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit})
+    base_bucket_name = "#{limiter_name}:group1"
+    opts = RateLimiter.init({limiter_name, bucket_name: base_bucket_name, params: ["id"]})
+    id = "100"
+
+    conn = conn(:get, "/?id=#{id}")
+    conn = Plug.Conn.fetch_query_params(conn)
+
+    default_bucket_name = "#{limiter_name}:#{RateLimiter.ip(conn)}"
+    parametrized_bucket_name = "#{base_bucket_name}:#{id}:#{RateLimiter.ip(conn)}"
+
+    RateLimiter.call(conn, opts)
+    assert {1, 4, _, _, _} = ExRated.inspect_bucket(parametrized_bucket_name, scale, limit)
+    assert {0, 5, _, _, _} = ExRated.inspect_bucket(default_bucket_name, scale, limit)
+  end
+
   test "optional limits for authenticated users" do
+    limiter_name = :test_authenticated
     Ecto.Adapters.SQL.Sandbox.checkout(Pleroma.Repo)
 
     scale = 1000
     limit = 5
-    Pleroma.Config.put([:rate_limit, @limiter_name], [{1, 10}, {scale, limit}])
+    Pleroma.Config.put([:rate_limit, limiter_name], [{1, 10}, {scale, limit}])
 
-    opts = RateLimiter.init(@limiter_name)
+    opts = RateLimiter.init(limiter_name)
 
     user = insert(:user)
     conn = conn(:get, "/") |> assign(:user, user)
-    bucket_name = "#{@limiter_name}:#{user.id}"
+    bucket_name = "#{limiter_name}:#{user.id}"
 
     conn = RateLimiter.call(conn, opts)
     assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)

test/web/activity_pub/activity_pub_controller_test.exs

@@ -12,6 +12,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
   alias Pleroma.Web.ActivityPub.ObjectView
   alias Pleroma.Web.ActivityPub.UserView
   alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.Web.CommonAPI
 
   setup_all do
     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -551,7 +552,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert result["first"]["orderedItems"] == [user.ap_id]
     end
 
-    test "it returns returns empty if the user has 'hide_followers' set", %{conn: conn} do
+    test "it returns returns a uri if the user has 'hide_followers' set", %{conn: conn} do
       user = insert(:user)
       user_two = insert(:user, %{info: %{hide_followers: true}})
       User.follow(user, user_two)
@@ -561,8 +562,35 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
         |> get("/users/#{user_two.nickname}/followers")
         |> json_response(200)
 
-      assert result["first"]["orderedItems"] == []
-      assert result["totalItems"] == 0
+      assert is_binary(result["first"])
+    end
+
+    test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is not authenticated",
+         %{conn: conn} do
+      user = insert(:user, %{info: %{hide_followers: true}})
+
+      result =
+        conn
+        |> get("/users/#{user.nickname}/followers?page=1")
+
+      assert result.status == 403
+      assert result.resp_body == ""
+    end
+
+    test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",
+         %{conn: conn} do
+      user = insert(:user, %{info: %{hide_followers: true}})
+      other_user = insert(:user)
+      {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
+
+      result =
+        conn
+        |> assign(:user, user)
+        |> get("/users/#{user.nickname}/followers?page=1")
+        |> json_response(200)
+
+      assert result["totalItems"] == 1
+      assert result["orderedItems"] == [other_user.ap_id]
     end
 
     test "it works for more than 10 users", %{conn: conn} do
@@ -606,7 +634,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert result["first"]["orderedItems"] == [user_two.ap_id]
     end
 
-    test "it returns returns empty if the user has 'hide_follows' set", %{conn: conn} do
+    test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do
       user = insert(:user, %{info: %{hide_follows: true}})
       user_two = insert(:user)
       User.follow(user, user_two)
@@ -616,8 +644,35 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
         |> get("/users/#{user.nickname}/following")
         |> json_response(200)
 
-      assert result["first"]["orderedItems"] == []
-      assert result["totalItems"] == 0
+      assert is_binary(result["first"])
+    end
+
+    test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is not authenticated",
+         %{conn: conn} do
+      user = insert(:user, %{info: %{hide_follows: true}})
+
+      result =
+        conn
+        |> get("/users/#{user.nickname}/following?page=1")
+
+      assert result.status == 403
+      assert result.resp_body == ""
+    end
+
+    test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",
+         %{conn: conn} do
+      user = insert(:user, %{info: %{hide_follows: true}})
+      other_user = insert(:user)
+      {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
+
+      result =
+        conn
+        |> assign(:user, user)
+        |> get("/users/#{user.nickname}/following?page=1")
+        |> json_response(200)
+
+      assert result["totalItems"] == 1
+      assert result["orderedItems"] == [other_user.ap_id]
     end
 
     test "it works for more than 10 users", %{conn: conn} do

test/web/activity_pub/views/user_view_test.exs

@@ -8,6 +8,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.UserView
+  alias Pleroma.Web.CommonAPI
 
   test "Renders a user, including the public key" do
     user = insert(:user)
@@ -82,4 +83,28 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
       refute result["endpoints"]["oauthTokenEndpoint"]
     end
   end
+
+  describe "followers" do
+    test "sets totalItems to zero when followers are hidden" do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
+      assert %{"totalItems" => 1} = UserView.render("followers.json", %{user: user})
+      info = Map.put(user.info, :hide_followers, true)
+      user = Map.put(user, :info, info)
+      assert %{"totalItems" => 0} = UserView.render("followers.json", %{user: user})
+    end
+  end
+
+  describe "following" do
+    test "sets totalItems to zero when follows are hidden" do
+      user = insert(:user)
+      other_user = insert(:user)
+      {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)
+      assert %{"totalItems" => 1} = UserView.render("following.json", %{user: user})
+      info = Map.put(user.info, :hide_follows, true)
+      user = Map.put(user, :info, info)
+      assert %{"totalItems" => 0} = UserView.render("following.json", %{user: user})
+    end
+  end
 end

test/web/mastodon_api/mastodon_api_controller_test.exs

@@ -593,7 +593,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     conn =
       conn
       |> assign(:user, user)
-      |> patch("/api/v1/accounts/update_avatar", %{img: avatar_image})
+      |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})
 
     user = refresh_record(user)
 
@@ -618,7 +618,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     conn =
       conn
       |> assign(:user, user)
-      |> patch("/api/v1/accounts/update_avatar", %{img: ""})
+      |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: ""})
 
     user = User.get_cached_by_id(user.id)
 
@@ -633,7 +633,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     conn =
       conn
       |> assign(:user, user)
-      |> patch("/api/v1/accounts/update_banner", %{"banner" => @image})
+      |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})
 
     user = refresh_record(user)
     assert user.info.banner["type"] == "Image"
@@ -647,7 +647,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     conn =
       conn
       |> assign(:user, user)
-      |> patch("/api/v1/accounts/update_banner", %{"banner" => ""})
+      |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})
 
     user = refresh_record(user)
     assert user.info.banner == %{}
@@ -661,7 +661,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     conn =
       conn
       |> assign(:user, user)
-      |> patch("/api/v1/accounts/update_background", %{"img" => @image})
+      |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => @image})
 
     user = refresh_record(user)
     assert user.info.background["type"] == "Image"
@@ -674,7 +674,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     conn =
       conn
       |> assign(:user, user)
-      |> patch("/api/v1/accounts/update_background", %{"img" => ""})
+      |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => ""})
 
     user = refresh_record(user)
     assert user.info.background == %{}

test/web/metadata/player_view_test.exs

@@ -0,0 +1,33 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Metadata.PlayerViewTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Web.Metadata.PlayerView
+
+  test "it renders audio tag" do
+    res =
+      PlayerView.render(
+        "player.html",
+        %{"mediaType" => "audio", "href" => "test-href"}
+      )
+      |> Phoenix.HTML.safe_to_string()
+
+    assert res ==
+             "<audio controls><source src=\"test-href\" type=\"audio\">Your browser does not support audio playback.</audio>"
+  end
+
+  test "it renders videos tag" do
+    res =
+      PlayerView.render(
+        "player.html",
+        %{"mediaType" => "video", "href" => "test-href"}
+      )
+      |> Phoenix.HTML.safe_to_string()
+
+    assert res ==
+             "<video controls loop><source src=\"test-href\" type=\"video\">Your browser does not support video playback.</video>"
+  end
+end

test/web/metadata/twitter_card_test.exs

@@ -0,0 +1,123 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.Metadata.Providers.TwitterCard
+  alias Pleroma.Web.Metadata.Utils
+  alias Pleroma.Web.Router
+
+  test "it renders twitter card for user info" do
+    user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
+    avatar_url = Utils.attachment_url(User.avatar_url(user))
+    res = TwitterCard.build_tags(%{user: user})
+
+    assert res == [
+             {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
+             {:meta, [property: "twitter:description", content: "born 19 March 1994"], []},
+             {:meta, [property: "twitter:image", content: avatar_url], []},
+             {:meta, [property: "twitter:card", content: "summary"], []}
+           ]
+  end
+
+  test "it does not render attachments if post is nsfw" do
+    Pleroma.Config.put([Pleroma.Web.Metadata, :unfurl_nsfw], false)
+    user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
+    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+
+    note =
+      insert(:note, %{
+        data: %{
+          "actor" => user.ap_id,
+          "tag" => [],
+          "id" => "https://pleroma.gov/objects/whatever",
+          "content" => "pleroma in a nutshell",
+          "sensitive" => true,
+          "attachment" => [
+            %{
+              "url" => [%{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}]
+            },
+            %{
+              "url" => [
+                %{
+                  "mediaType" => "application/octet-stream",
+                  "href" => "https://pleroma.gov/fqa/badapple.sfc"
+                }
+              ]
+            },
+            %{
+              "url" => [
+                %{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"}
+              ]
+            }
+          ]
+        }
+      })
+
+    result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id})
+
+    assert [
+             {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
+             {:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []},
+             {:meta, [property: "twitter:image", content: "http://localhost:4001/images/avi.png"],
+              []},
+             {:meta, [property: "twitter:card", content: "summary_large_image"], []}
+           ] == result
+  end
+
+  test "it renders supported types of attachments and skips unknown types" do
+    user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
+    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+
+    note =
+      insert(:note, %{
+        data: %{
+          "actor" => user.ap_id,
+          "tag" => [],
+          "id" => "https://pleroma.gov/objects/whatever",
+          "content" => "pleroma in a nutshell",
+          "attachment" => [
+            %{
+              "url" => [%{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}]
+            },
+            %{
+              "url" => [
+                %{
+                  "mediaType" => "application/octet-stream",
+                  "href" => "https://pleroma.gov/fqa/badapple.sfc"
+                }
+              ]
+            },
+            %{
+              "url" => [
+                %{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"}
+              ]
+            }
+          ]
+        }
+      })
+
+    result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id})
+
+    assert [
+             {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
+             {:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []},
+             {:meta, [property: "twitter:card", content: "summary_large_image"], []},
+             {:meta, [property: "twitter:player", content: "https://pleroma.gov/tenshi.png"], []},
+             {:meta, [property: "twitter:card", content: "player"], []},
+             {:meta,
+              [
+                property: "twitter:player",
+                content: Router.Helpers.o_status_url(Endpoint, :notice_player, activity.id)
+              ], []},
+             {:meta, [property: "twitter:player:width", content: "480"], []},
+             {:meta, [property: "twitter:player:height", content: "480"], []}
+           ] == result
+  end
+end

test/web/node_info_test.exs

@@ -83,4 +83,47 @@ defmodule Pleroma.Web.NodeInfoTest do
 
     Pleroma.Config.put([:instance, :safe_dm_mentions], option)
   end
+
+  test "it shows MRF transparency data if enabled", %{conn: conn} do
+    option = Pleroma.Config.get([:instance, :mrf_transparency])
+    Pleroma.Config.put([:instance, :mrf_transparency], true)
+
+    simple_config = %{"reject" => ["example.com"]}
+    Pleroma.Config.put(:mrf_simple, simple_config)
+
+    response =
+      conn
+      |> get("/nodeinfo/2.1.json")
+      |> json_response(:ok)
+
+    assert response["metadata"]["federation"]["mrf_simple"] == simple_config
+
+    Pleroma.Config.put([:instance, :mrf_transparency], option)
+    Pleroma.Config.put(:mrf_simple, %{})
+  end
+
+  test "it performs exclusions from MRF transparency data if configured", %{conn: conn} do
+    option = Pleroma.Config.get([:instance, :mrf_transparency])
+    Pleroma.Config.put([:instance, :mrf_transparency], true)
+
+    exclusions = Pleroma.Config.get([:instance, :mrf_transparency_exclusions])
+    Pleroma.Config.put([:instance, :mrf_transparency_exclusions], ["other.site"])
+
+    simple_config = %{"reject" => ["example.com", "other.site"]}
+    expected_config = %{"reject" => ["example.com"]}
+
+    Pleroma.Config.put(:mrf_simple, simple_config)
+
+    response =
+      conn
+      |> get("/nodeinfo/2.1.json")
+      |> json_response(:ok)
+
+    assert response["metadata"]["federation"]["mrf_simple"] == expected_config
+    assert response["metadata"]["federation"]["exclusions"] == true
+
+    Pleroma.Config.put([:instance, :mrf_transparency], option)
+    Pleroma.Config.put([:instance, :mrf_transparency_exclusions], exclusions)
+    Pleroma.Config.put(:mrf_simple, %{})
+  end
 end