Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost

2019-12-17 12:36:56 +03:00 · 2019-12-17 12:36:56 +03:00 · 45180d4c60
commit 45180d4c60
parent eb11c60289 38ad407395
132 changed files with 598 additions and 1680 deletions
--- a/test/captcha_test.exs
+++ b/test/captcha_test.exs
@ -8,6 +8,7 @@ defmodule Pleroma.CaptchaTest do
  import Tesla.Mock

  alias Pleroma.Captcha.Kocaptcha
+  alias Pleroma.Captcha.Native

  @ets_options [:ordered_set, :private, :named_table, {:read_concurrency, true}]

@ -43,4 +44,21 @@ defmodule Pleroma.CaptchaTest do
             ) == :ok
    end
  end
+
+  describe "Native" do
+    test "new and validate" do
+      new = Native.new()
+
+      assert %{
+               answer_data: answer,
+               token: token,
+               type: :native,
+               url: "data:image/png;base64," <> _
+             } = new
+
+      assert is_binary(answer)
+      assert :ok = Native.validate(token, answer, answer)
+      assert {:error, "Invalid CAPTCHA"} == Native.validate(token, answer, answer <> "foobar")
+    end
+  end
 end
--- a/test/conversation/participation_test.exs
+++ b/test/conversation/participation_test.exs
@ -5,7 +5,9 @@
 defmodule Pleroma.Conversation.ParticipationTest do
  use Pleroma.DataCase
  import Pleroma.Factory
+  alias Pleroma.Conversation
  alias Pleroma.Conversation.Participation
+  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI

@ -98,7 +100,9 @@ defmodule Pleroma.Conversation.ParticipationTest do
    assert participation.user_id == user.id
    assert participation.conversation_id == conversation.id

+    # Needed because updated_at is accurate down to a second
    :timer.sleep(1000)
+
    # Creating again returns the same participation
    {:ok, %Participation{} = participation_two} =
      Participation.create_for_user_and_conversation(user, conversation)
@ -150,9 +154,7 @@ defmodule Pleroma.Conversation.ParticipationTest do
  test "gets all the participations for a user, ordered by updated at descending" do
    user = insert(:user)
    {:ok, activity_one} = CommonAPI.post(user, %{"status" => "x", "visibility" => "direct"})
-    :timer.sleep(1000)
    {:ok, activity_two} = CommonAPI.post(user, %{"status" => "x", "visibility" => "direct"})
-    :timer.sleep(1000)

    {:ok, activity_three} =
      CommonAPI.post(user, %{
@ -161,6 +163,17 @@ defmodule Pleroma.Conversation.ParticipationTest do
        "in_reply_to_status_id" => activity_one.id
      })

+    # Offset participations because the accuracy of updated_at is down to a second
+
+    for {activity, offset} <- [{activity_two, 1}, {activity_three, 2}] do
+      conversation = Conversation.get_for_ap_id(activity.data["context"])
+      participation = Participation.for_user_and_conversation(user, conversation)
+      updated_at = NaiveDateTime.add(Map.get(participation, :updated_at), offset)
+
+      Ecto.Changeset.change(participation, %{updated_at: updated_at})
+      |> Repo.update!()
+    end
+
    assert [participation_one, participation_two] = Participation.for_user(user)

    object2 = Pleroma.Object.normalize(activity_two)
--- a/test/moderation_log_test.exs
+++ b/test/moderation_log_test.exs
@ -214,7 +214,7 @@ defmodule Pleroma.ModerationLogTest do
      {:ok, _} =
        ModerationLog.insert_log(%{
          actor: moderator,
-          action: "report_response",
+          action: "report_note",
          subject: report,
          text: "look at this"
        })
@ -222,7 +222,7 @@ defmodule Pleroma.ModerationLogTest do
      log = Repo.one(ModerationLog)

      assert log.data["message"] ==
-               "@#{moderator.nickname} responded with 'look at this' to report ##{report.id}"
+               "@#{moderator.nickname} added note 'look at this' to report ##{report.id}"
    end

    test "logging status sensitivity update", %{moderator: moderator} do
--- a/test/plugs/rate_limiter_test.exs
+++ b/test/plugs/rate_limiter_test.exs
@ -178,10 +178,10 @@ defmodule Pleroma.Plugs.RateLimiterTest do
    test "can have limits seperate from unauthenticated connections" do
      limiter_name = :test_authenticated

-      scale = 1000
+      scale = 50
      limit = 5
      Pleroma.Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
-      Pleroma.Config.put([:rate_limit, limiter_name], [{1, 10}, {scale, limit}])
+      Pleroma.Config.put([:rate_limit, limiter_name], [{1000, 1}, {scale, limit}])

      opts = RateLimiter.init(name: limiter_name)

@ -198,16 +198,6 @@ defmodule Pleroma.Plugs.RateLimiterTest do

      assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
      assert conn.halted
-
-      Process.sleep(1550)
-
-      conn = conn(:get, "/") |> assign(:user, user)
-      conn = RateLimiter.call(conn, opts)
-      assert {1, 4} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
-
-      refute conn.status == Plug.Conn.Status.code(:too_many_requests)
-      refute conn.resp_body
-      refute conn.halted
    end

    test "diffrerent users are counted independently" do
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@ -1639,13 +1639,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do

      {:ok, _, _} = CommonAPI.favorite(a4.id, user)
      {:ok, _, _} = CommonAPI.favorite(a3.id, other_user)
-      Process.sleep(1000)
      {:ok, _, _} = CommonAPI.favorite(a3.id, user)
      {:ok, _, _} = CommonAPI.favorite(a5.id, other_user)
-      Process.sleep(1000)
      {:ok, _, _} = CommonAPI.favorite(a5.id, user)
      {:ok, _, _} = CommonAPI.favorite(a4.id, other_user)
-      Process.sleep(1000)
      {:ok, _, _} = CommonAPI.favorite(a1.id, user)
      {:ok, _, _} = CommonAPI.favorite(a1.id, other_user)
      result = ActivityPub.fetch_favourites(user)
--- a/test/web/activity_pub/views/user_view_test.exs
+++ b/test/web/activity_pub/views/user_view_test.exs
@ -126,7 +126,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
      {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)
      assert %{"totalItems" => 1} = UserView.render("followers.json", %{user: user})
      user = Map.merge(user, %{hide_followers_count: true, hide_followers: true})
-      assert %{"totalItems" => 0} = UserView.render("followers.json", %{user: user})
+      refute UserView.render("followers.json", %{user: user}) |> Map.has_key?("totalItems")
    end

    test "sets correct totalItems when followers are hidden but the follower counter is not" do
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@ -10,6 +10,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
  alias Pleroma.HTML
  alias Pleroma.ModerationLog
  alias Pleroma.Repo
+  alias Pleroma.ReportNote
  alias Pleroma.Tests.ObanHelpers
  alias Pleroma.User
  alias Pleroma.UserInviteToken
@ -1831,61 +1832,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end
  end

-  describe "POST /api/pleroma/admin/reports/:id/respond" do
-    setup %{conn: conn} do
-      admin = insert(:user, is_admin: true)
-
-      %{conn: assign(conn, :user, admin), admin: admin}
-    end
-
-    test "returns created dm", %{conn: conn, admin: admin} do
-      [reporter, target_user] = insert_pair(:user)
-      activity = insert(:note_activity, user: target_user)
-
-      {:ok, %{id: report_id}} =
-        CommonAPI.report(reporter, %{
-          "account_id" => target_user.id,
-          "comment" => "I feel offended",
-          "status_ids" => [activity.id]
-        })
-
-      response =
-        conn
-        |> post("/api/pleroma/admin/reports/#{report_id}/respond", %{
-          "status" => "I will check it out"
-        })
-        |> json_response(:ok)
-
-      recipients = Enum.map(response["mentions"], & &1["username"])
-
-      assert reporter.nickname in recipients
-      assert response["content"] == "I will check it out"
-      assert response["visibility"] == "direct"
-
-      log_entry = Repo.one(ModerationLog)
-
-      assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} responded with 'I will check it out' to report ##{
-                 response["id"]
-               }"
-    end
-
-    test "returns 400 when status is missing", %{conn: conn} do
-      conn = post(conn, "/api/pleroma/admin/reports/test/respond")
-
-      assert json_response(conn, :bad_request) == "Invalid parameters"
-    end
-
-    test "returns 404 when report id is invalid", %{conn: conn} do
-      conn =
-        post(conn, "/api/pleroma/admin/reports/test/respond", %{
-          "status" => "foo"
-        })
-
-      assert json_response(conn, :not_found) == "Not found"
-    end
-  end
-
  describe "PUT /api/pleroma/admin/statuses/:id" do
    setup %{conn: conn} do
      admin = insert(:user, is_admin: true)
@ -3082,6 +3028,77 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
               }"
    end
  end
+
+  describe "POST /reports/:id/notes" do
+    setup do
+      admin = insert(:user, is_admin: true)
+      [reporter, target_user] = insert_pair(:user)
+      activity = insert(:note_activity, user: target_user)
+
+      {:ok, %{id: report_id}} =
+        CommonAPI.report(reporter, %{
+          "account_id" => target_user.id,
+          "comment" => "I feel offended",
+          "status_ids" => [activity.id]
+        })
+
+      build_conn()
+      |> assign(:user, admin)
+      |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+        content: "this is disgusting!"
+      })
+
+      build_conn()
+      |> assign(:user, admin)
+      |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+        content: "this is disgusting2!"
+      })
+
+      %{
+        admin_id: admin.id,
+        report_id: report_id,
+        admin: admin
+      }
+    end
+
+    test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
+      [note, _] = Repo.all(ReportNote)
+
+      assert %{
+               activity_id: ^report_id,
+               content: "this is disgusting!",
+               user_id: ^admin_id
+             } = note
+    end
+
+    test "it returns reports with notes", %{admin: admin} do
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> get("/api/pleroma/admin/reports")
+
+      response = json_response(conn, 200)
+      notes = hd(response["reports"])["notes"]
+      [note, _] = notes
+
+      assert note["user"]["nickname"] == admin.nickname
+      assert note["content"] == "this is disgusting!"
+      assert note["created_at"]
+      assert response["total"] == 1
+    end
+
+    test "it deletes the note", %{admin: admin, report_id: report_id} do
+      assert ReportNote |> Repo.all() |> length() == 2
+
+      [note, _] = Repo.all(ReportNote)
+
+      build_conn()
+      |> assign(:user, admin)
+      |> delete("/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
+
+      assert ReportNote |> Repo.all() |> length() == 1
+    end
+  end
 end

 # Needed for testing
--- a/test/web/admin_api/views/report_view_test.exs
+++ b/test/web/admin_api/views/report_view_test.exs
@ -30,6 +30,7 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user})
        ),
      statuses: [],
+      notes: [],
      state: "open",
      id: activity.id
    }
@ -65,6 +66,7 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
        ),
      statuses: [StatusView.render("show.json", %{activity: activity})],
      state: "open",
+      notes: [],
      id: report_activity.id
    }

--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@ -567,33 +567,41 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
  end

  describe "POST /oauth/authorize" do
-    test "redirects with oauth authorization" do
-      user = insert(:user)
-      app = insert(:oauth_app, scopes: ["read", "write", "follow"])
+    test "redirects with oauth authorization, " <>
+           "keeping only non-admin scopes for non-admin user" do
+      app = insert(:oauth_app, scopes: ["read", "write", "admin"])
      redirect_uri = OAuthController.default_redirect_uri(app)

-      conn =
-        build_conn()
-        |> post("/oauth/authorize", %{
-          "authorization" => %{
-            "name" => user.nickname,
-            "password" => "test",
-            "client_id" => app.client_id,
-            "redirect_uri" => redirect_uri,
-            "scope" => "read:subscope write",
-            "state" => "statepassed"
-          }
-        })
+      non_admin = insert(:user, is_admin: false)
+      admin = insert(:user, is_admin: true)

-      target = redirected_to(conn)
-      assert target =~ redirect_uri
+      for {user, expected_scopes} <- %{
+            non_admin => ["read:subscope", "write"],
+            admin => ["read:subscope", "write", "admin"]
+          } do
+        conn =
+          build_conn()
+          |> post("/oauth/authorize", %{
+            "authorization" => %{
+              "name" => user.nickname,
+              "password" => "test",
+              "client_id" => app.client_id,
+              "redirect_uri" => redirect_uri,
+              "scope" => "read:subscope write admin",
+              "state" => "statepassed"
+            }
+          })

-      query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+        target = redirected_to(conn)
+        assert target =~ redirect_uri

-      assert %{"state" => "statepassed", "code" => code} = query
-      auth = Repo.get_by(Authorization, token: code)
-      assert auth
-      assert auth.scopes == ["read:subscope", "write"]
+        query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+
+        assert %{"state" => "statepassed", "code" => code} = query
+        auth = Repo.get_by(Authorization, token: code)
+        assert auth
+        assert auth.scopes == expected_scopes
+      end
    end

    test "returns 401 for wrong credentials", %{conn: conn} do
@ -623,31 +631,34 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      assert result =~ "Invalid Username/Password"
    end

-    test "returns 401 for missing scopes", %{conn: conn} do
-      user = insert(:user)
-      app = insert(:oauth_app)
+    test "returns 401 for missing scopes " <>
+           "(including all admin-only scopes for non-admin user)" do
+      user = insert(:user, is_admin: false)
+      app = insert(:oauth_app, scopes: ["read", "write", "admin"])
      redirect_uri = OAuthController.default_redirect_uri(app)

-      result =
-        conn
-        |> post("/oauth/authorize", %{
-          "authorization" => %{
-            "name" => user.nickname,
-            "password" => "test",
-            "client_id" => app.client_id,
-            "redirect_uri" => redirect_uri,
-            "state" => "statepassed",
-            "scope" => ""
-          }
-        })
-        |> html_response(:unauthorized)
+      for scope_param <- ["", "admin:read admin:write"] do
+        result =
+          build_conn()
+          |> post("/oauth/authorize", %{
+            "authorization" => %{
+              "name" => user.nickname,
+              "password" => "test",
+              "client_id" => app.client_id,
+              "redirect_uri" => redirect_uri,
+              "state" => "statepassed",
+              "scope" => scope_param
+            }
+          })
+          |> html_response(:unauthorized)

-      # Keep the details
-      assert result =~ app.client_id
-      assert result =~ redirect_uri
+        # Keep the details
+        assert result =~ app.client_id
+        assert result =~ redirect_uri

-      # Error message
-      assert result =~ "This action is outside the authorized scopes"
+        # Error message
+        assert result =~ "This action is outside the authorized scopes"
+      end
    end

    test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do
--- a/test/web/streamer/streamer_test.exs
+++ b/test/web/streamer/streamer_test.exs
@ -16,6 +16,10 @@ defmodule Pleroma.Web.StreamerTest do
  alias Pleroma.Web.Streamer.Worker

  @moduletag needs_streamer: true, capture_log: true
+
+  @streamer_timeout 150
+  @streamer_start_wait 10
+
  clear_config_all([:instance, :skip_thread_containment])

  describe "user streams" do
@ -28,7 +32,7 @@ defmodule Pleroma.Web.StreamerTest do
    test "it sends notify to in the 'user' stream", %{user: user, notify: notify} do
      task =
        Task.async(fn ->
-          assert_receive {:text, _}, 4_000
+          assert_receive {:text, _}, @streamer_timeout
        end)

      Streamer.add_socket(
@ -43,7 +47,7 @@ defmodule Pleroma.Web.StreamerTest do
    test "it sends notify to in the 'user:notification' stream", %{user: user, notify: notify} do
      task =
        Task.async(fn ->
-          assert_receive {:text, _}, 4_000
+          assert_receive {:text, _}, @streamer_timeout
        end)

      Streamer.add_socket(
@ -61,7 +65,7 @@ defmodule Pleroma.Web.StreamerTest do
      blocked = insert(:user)
      {:ok, _user_relationship} = User.block(user, blocked)

-      task = Task.async(fn -> refute_receive {:text, _}, 4_000 end)
+      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)

      Streamer.add_socket(
        "user:notification",
@ -79,7 +83,7 @@ defmodule Pleroma.Web.StreamerTest do
      user: user
    } do
      user2 = insert(:user)
-      task = Task.async(fn -> refute_receive {:text, _}, 4_000 end)
+      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)

      Streamer.add_socket(
        "user:notification",
@ -97,7 +101,7 @@ defmodule Pleroma.Web.StreamerTest do
      user: user
    } do
      user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"})
-      task = Task.async(fn -> refute_receive {:text, _}, 4_000 end)
+      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)

      Streamer.add_socket(
        "user:notification",
@ -116,7 +120,9 @@ defmodule Pleroma.Web.StreamerTest do
      user: user
    } do
      user2 = insert(:user)
-      task = Task.async(fn -> assert_receive {:text, _}, 4_000 end)
+      task = Task.async(fn -> assert_receive {:text, _}, @streamer_timeout end)
+
+      Process.sleep(@streamer_start_wait)

      Streamer.add_socket(
        "user:notification",
@ -137,7 +143,7 @@ defmodule Pleroma.Web.StreamerTest do

    task =
      Task.async(fn ->
-        assert_receive {:text, _}, 4_000
+        assert_receive {:text, _}, @streamer_timeout
      end)

    fake_socket = %StreamerSocket{
@ -164,7 +170,7 @@ defmodule Pleroma.Web.StreamerTest do
          }
          |> Jason.encode!()

-        assert_receive {:text, received_event}, 4_000
+        assert_receive {:text, received_event}, @streamer_timeout
        assert received_event == expected_event
      end)

@ -458,9 +464,7 @@ defmodule Pleroma.Web.StreamerTest do

    {:ok, activity} = CommonAPI.add_mute(user2, activity)

-    task = Task.async(fn -> refute_receive {:text, _}, 4_000 end)
-
-    Process.sleep(4000)
+    task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)

    Streamer.add_socket(
      "user",
@ -482,7 +486,7 @@ defmodule Pleroma.Web.StreamerTest do

      task =
        Task.async(fn ->
-          assert_receive {:text, received_event}, 4_000
+          assert_receive {:text, received_event}, @streamer_timeout

          assert %{"event" => "conversation", "payload" => received_payload} =
                   Jason.decode!(received_event)
@ -518,13 +522,13 @@ defmodule Pleroma.Web.StreamerTest do

      task =
        Task.async(fn ->
-          assert_receive {:text, received_event}, 4_000
+          assert_receive {:text, received_event}, @streamer_timeout
          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)

-          refute_receive {:text, _}, 4_000
+          refute_receive {:text, _}, @streamer_timeout
        end)

-      Process.sleep(1000)
+      Process.sleep(@streamer_start_wait)

      Streamer.add_socket(
        "direct",
@ -555,10 +559,10 @@ defmodule Pleroma.Web.StreamerTest do

      task =
        Task.async(fn ->
-          assert_receive {:text, received_event}, 4_000
+          assert_receive {:text, received_event}, @streamer_timeout
          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)

-          assert_receive {:text, received_event}, 4_000
+          assert_receive {:text, received_event}, @streamer_timeout

          assert %{"event" => "conversation", "payload" => received_payload} =
                   Jason.decode!(received_event)
@ -567,7 +571,7 @@ defmodule Pleroma.Web.StreamerTest do
          assert last_status["id"] == to_string(create_activity.id)
        end)

-      Process.sleep(1000)
+      Process.sleep(@streamer_start_wait)

      Streamer.add_socket(
        "direct",
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@ -898,8 +898,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
        |> post("/api/pleroma/delete_account", %{"password" => "test"})

      assert json_response(conn, 200) == %{"status" => "success"}
-      # Wait a second for the started task to end
-      :timer.sleep(1000)
    end
  end
 end