Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/poll-validation

2020-08-04 15:28:41 +02:00 · 2020-08-04 15:28:41 +02:00 · 878c7f3f30
commit 878c7f3f30
parent 0f088d8ce3 28584bb224
39 changed files with 876 additions and 247 deletions
--- a/test/web/activity_pub/mrf/object_age_policy_test.exs
+++ b/test/web/activity_pub/mrf/object_age_policy_test.exs
@ -38,6 +38,17 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
  end

  describe "with reject action" do
+    test "works with objects with empty to or cc fields" do
+      Config.put([:mrf_object_age, :actions], [:reject])
+
+      data =
+        get_old_message()
+        |> Map.put("cc", nil)
+        |> Map.put("to", nil)
+
+      assert match?({:reject, _}, ObjectAgePolicy.filter(data))
+    end
+
    test "it rejects an old post" do
      Config.put([:mrf_object_age, :actions], [:reject])

@ -56,6 +67,21 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
  end

  describe "with delist action" do
+    test "works with objects with empty to or cc fields" do
+      Config.put([:mrf_object_age, :actions], [:delist])
+
+      data =
+        get_old_message()
+        |> Map.put("cc", nil)
+        |> Map.put("to", nil)
+
+      {:ok, _u} = User.get_or_fetch_by_ap_id(data["actor"])
+
+      {:ok, data} = ObjectAgePolicy.filter(data)
+
+      assert Visibility.get_visibility(%{data: data}) == "unlisted"
+    end
+
    test "it delists an old post" do
      Config.put([:mrf_object_age, :actions], [:delist])

@ -80,6 +106,22 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
  end

  describe "with strip_followers action" do
+    test "works with objects with empty to or cc fields" do
+      Config.put([:mrf_object_age, :actions], [:strip_followers])
+
+      data =
+        get_old_message()
+        |> Map.put("cc", nil)
+        |> Map.put("to", nil)
+
+      {:ok, user} = User.get_or_fetch_by_ap_id(data["actor"])
+
+      {:ok, data} = ObjectAgePolicy.filter(data)
+
+      refute user.follower_address in data["to"]
+      refute user.follower_address in data["cc"]
+    end
+
    test "it strips followers collections from an old post" do
      Config.put([:mrf_object_age, :actions], [:strip_followers])

--- a/test/web/activity_pub/mrf/simple_policy_test.exs
+++ b/test/web/activity_pub/mrf/simple_policy_test.exs
@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
  import Pleroma.Factory
  alias Pleroma.Config
  alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
+  alias Pleroma.Web.CommonAPI

  setup do:
          clear_config(:mrf_simple,
@ -15,6 +16,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
            federated_timeline_removal: [],
            report_removal: [],
            reject: [],
+            followers_only: [],
            accept: [],
            avatar_removal: [],
            banner_removal: [],
@ -261,6 +263,64 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
    end
  end

+  describe "when :followers_only" do
+    test "is empty" do
+      Config.put([:mrf_simple, :followers_only], [])
+      {_, ftl_message} = build_ftl_actor_and_message()
+      local_message = build_local_message()
+
+      assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
+      assert SimplePolicy.filter(local_message) == {:ok, local_message}
+    end
+
+    test "has a matching host" do
+      actor = insert(:user)
+      following_user = insert(:user)
+      non_following_user = insert(:user)
+
+      {:ok, _, _, _} = CommonAPI.follow(following_user, actor)
+
+      activity = %{
+        "actor" => actor.ap_id,
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public",
+          following_user.ap_id,
+          non_following_user.ap_id
+        ],
+        "cc" => [actor.follower_address, "http://foo.bar/qux"]
+      }
+
+      dm_activity = %{
+        "actor" => actor.ap_id,
+        "to" => [
+          following_user.ap_id,
+          non_following_user.ap_id
+        ],
+        "cc" => []
+      }
+
+      actor_domain =
+        activity
+        |> Map.fetch!("actor")
+        |> URI.parse()
+        |> Map.fetch!(:host)
+
+      Config.put([:mrf_simple, :followers_only], [actor_domain])
+
+      assert {:ok, new_activity} = SimplePolicy.filter(activity)
+      assert actor.follower_address in new_activity["cc"]
+      assert following_user.ap_id in new_activity["to"]
+      refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]
+      refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]
+      refute non_following_user.ap_id in new_activity["to"]
+      refute non_following_user.ap_id in new_activity["cc"]
+
+      assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)
+      assert new_dm_activity["to"] == [following_user.ap_id]
+      assert new_dm_activity["cc"] == []
+    end
+  end
+
  describe "when :accept" do
    test "is empty" do
      Config.put([:mrf_simple, :accept], [])
--- a/test/web/admin_api/controllers/report_controller_test.exs
+++ b/test/web/admin_api/controllers/report_controller_test.exs
@ -204,7 +204,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
    test "returns empty response when no reports created", %{conn: conn} do
      response =
        conn
-        |> get("/api/pleroma/admin/reports")
+        |> get(report_path(conn, :index))
        |> json_response_and_validate_schema(:ok)

      assert Enum.empty?(response["reports"])
@ -224,7 +224,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do

      response =
        conn
-        |> get("/api/pleroma/admin/reports")
+        |> get(report_path(conn, :index))
        |> json_response_and_validate_schema(:ok)

      [report] = response["reports"]
@ -256,7 +256,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do

      response =
        conn
-        |> get("/api/pleroma/admin/reports?state=open")
+        |> get(report_path(conn, :index, %{state: "open"}))
        |> json_response_and_validate_schema(:ok)

      assert [open_report] = response["reports"]
@ -268,7 +268,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do

      response =
        conn
-        |> get("/api/pleroma/admin/reports?state=closed")
+        |> get(report_path(conn, :index, %{state: "closed"}))
        |> json_response_and_validate_schema(:ok)

      assert [closed_report] = response["reports"]
@ -280,9 +280,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do

      assert %{"total" => 0, "reports" => []} ==
               conn
-               |> get("/api/pleroma/admin/reports?state=resolved", %{
-                 "" => ""
-               })
+               |> get(report_path(conn, :index, %{state: "resolved"}))
               |> json_response_and_validate_schema(:ok)
    end

--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@ -5,7 +5,6 @@
 defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
  use Pleroma.Web.ConnCase

-  alias Pleroma.Config
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
@ -16,8 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
  import Pleroma.Factory

  describe "account fetching" do
-    setup do: clear_config([:instance, :limit_to_local_content])
-
    test "works by id" do
      %User{id: user_id} = insert(:user)

@ -42,7 +39,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end

    test "works by nickname for remote users" do
-      Config.put([:instance, :limit_to_local_content], false)
+      clear_config([:instance, :limit_to_local_content], false)

      user = insert(:user, nickname: "user@example.com", local: false)

@ -53,7 +50,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end

    test "respects limit_to_local_content == :all for remote user nicknames" do
-      Config.put([:instance, :limit_to_local_content], :all)
+      clear_config([:instance, :limit_to_local_content], :all)

      user = insert(:user, nickname: "user@example.com", local: false)

@ -63,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end

    test "respects limit_to_local_content == :unauthenticated for remote user nicknames" do
-      Config.put([:instance, :limit_to_local_content], :unauthenticated)
+      clear_config([:instance, :limit_to_local_content], :unauthenticated)

      user = insert(:user, nickname: "user@example.com", local: false)
      reading_user = insert(:user)
@ -903,10 +900,93 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      [valid_params: valid_params]
    end

-    setup do: clear_config([:instance, :account_activation_required])
-    setup do: clear_config([:instance, :account_approval_required])
+    test "registers and logs in without :account_activation_required / :account_approval_required",
+         %{conn: conn} do
+      clear_config([:instance, :account_activation_required], false)
+      clear_config([:instance, :account_approval_required], false)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/apps", %{
+          client_name: "client_name",
+          redirect_uris: "urn:ietf:wg:oauth:2.0:oob",
+          scopes: "read, write, follow"
+        })
+
+      assert %{
+               "client_id" => client_id,
+               "client_secret" => client_secret,
+               "id" => _,
+               "name" => "client_name",
+               "redirect_uri" => "urn:ietf:wg:oauth:2.0:oob",
+               "vapid_key" => _,
+               "website" => nil
+             } = json_response_and_validate_schema(conn, 200)
+
+      conn =
+        post(conn, "/oauth/token", %{
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        })
+
+      assert %{"access_token" => token, "refresh_token" => refresh, "scope" => scope} =
+               json_response(conn, 200)
+
+      assert token
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      assert refresh
+      assert scope == "read write follow"
+
+      clear_config([User, :email_blacklist], ["example.org"])
+
+      params = %{
+        username: "lain",
+        email: "lain@example.org",
+        password: "PlzDontHackLain",
+        bio: "Test Bio",
+        agreement: true
+      }
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", params)
+
+      assert %{"error" => "{\"email\":[\"Invalid email\"]}"} =
+               json_response_and_validate_schema(conn, 400)
+
+      Pleroma.Config.put([User, :email_blacklist], [])
+
+      conn =
+        build_conn()
+        |> put_req_header("content-type", "multipart/form-data")
+        |> put_req_header("authorization", "Bearer " <> token)
+        |> post("/api/v1/accounts", params)
+
+      %{
+        "access_token" => token,
+        "created_at" => _created_at,
+        "scope" => ^scope,
+        "token_type" => "Bearer"
+      } = json_response_and_validate_schema(conn, 200)
+
+      token_from_db = Repo.get_by(Token, token: token)
+      assert token_from_db
+      user = Repo.preload(token_from_db, :user).user
+
+      assert user
+      refute user.confirmation_pending
+      refute user.approval_pending
+    end
+
+    test "registers but does not log in with :account_activation_required", %{conn: conn} do
+      clear_config([:instance, :account_activation_required], true)
+      clear_config([:instance, :account_approval_required], false)

-    test "Account registration via Application", %{conn: conn} do
      conn =
        conn
        |> put_req_header("content-type", "application/json")
@ -954,23 +1034,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
          agreement: true
        })

-      %{
-        "access_token" => token,
-        "created_at" => _created_at,
-        "scope" => ^scope,
-        "token_type" => "Bearer"
-      } = json_response_and_validate_schema(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
+      assert %{"identifier" => "missing_confirmed_email"} = response
+      refute response["access_token"]
+      refute response["token_type"]

-      token_from_db = Repo.get_by(Token, token: token)
-      assert token_from_db
-      token_from_db = Repo.preload(token_from_db, :user)
-      assert token_from_db.user
-
-      assert token_from_db.user.confirmation_pending
+      user = Repo.get_by(User, email: "lain@example.org")
+      assert user.confirmation_pending
    end

-    test "Account registration via app with account_approval_required", %{conn: conn} do
-      Pleroma.Config.put([:instance, :account_approval_required], true)
+    test "registers but does not log in with :account_approval_required", %{conn: conn} do
+      clear_config([:instance, :account_approval_required], true)
+      clear_config([:instance, :account_activation_required], false)

      conn =
        conn
@ -1020,22 +1095,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
          reason: "I'm a cool dude, bro"
        })

-      %{
-        "access_token" => token,
-        "created_at" => _created_at,
-        "scope" => ^scope,
-        "token_type" => "Bearer"
-      } = json_response_and_validate_schema(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
+      assert %{"identifier" => "awaiting_approval"} = response
+      refute response["access_token"]
+      refute response["token_type"]

-      token_from_db = Repo.get_by(Token, token: token)
-      assert token_from_db
-      token_from_db = Repo.preload(token_from_db, :user)
-      assert token_from_db.user
+      user = Repo.get_by(User, email: "lain@example.org")

-      assert token_from_db.user.confirmation_pending
-      assert token_from_db.user.approval_pending
-
-      assert token_from_db.user.registration_reason == "I'm a cool dude, bro"
+      assert user.approval_pending
+      assert user.registration_reason == "I'm a cool dude, bro"
    end

    test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
@ -1089,11 +1157,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      end)
    end

-    setup do: clear_config([:instance, :account_activation_required])
-
    test "returns bad_request if missing email params when :account_activation_required is enabled",
         %{conn: conn, valid_params: valid_params} do
-      Pleroma.Config.put([:instance, :account_activation_required], true)
+      clear_config([:instance, :account_activation_required], true)

      app_token = insert(:oauth_token, user: nil)

@ -1258,8 +1324,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
        assert token_from_db
        token_from_db = Repo.preload(token_from_db, :user)
        assert token_from_db.user
-
-        assert token_from_db.user.confirmation_pending
      end

      conn =
--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
@ -1432,6 +1432,20 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
      [%{"id" => id}] = response
      assert id == other_user.id
    end
+
+    test "returns empty array when :show_reactions is disabled", %{conn: conn, activity: activity} do
+      clear_config([:instance, :show_reactions], false)
+
+      other_user = insert(:user)
+      {:ok, _} = CommonAPI.favorite(other_user, activity.id)
+
+      response =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}/favourited_by")
+        |> json_response_and_validate_schema(:ok)
+
+      assert Enum.empty?(response)
+    end
  end

  describe "GET /api/v1/statuses/:id/reblogged_by" do
--- a/test/web/pleroma_api/controllers/emoji_reaction_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_reaction_controller_test.exs
@ -106,6 +106,23 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionControllerTest do
             result
  end

+  test "GET /api/v1/pleroma/statuses/:id/reactions with :show_reactions disabled", %{conn: conn} do
+    clear_config([:instance, :show_reactions], false)
+
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
+      |> json_response_and_validate_schema(200)
+
+    assert result == []
+  end
+
  test "GET /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
    user = insert(:user)
    other_user = insert(:user)
--- a/test/web/pleroma_api/views/chat/message_reference_view_test.exs
+++ b/test/web/pleroma_api/views/chat/message_reference_view_test.exs
@ -43,7 +43,17 @@ defmodule Pleroma.Web.PleromaAPI.Chat.MessageReferenceViewTest do
    assert chat_message[:unread] == false
    assert match?([%{shortcode: "firefox"}], chat_message[:emojis])

-    {:ok, activity} = CommonAPI.post_chat_message(recipient, user, "gkgkgk", media_id: upload.id)
+    clear_config([:rich_media, :enabled], true)
+
+    Tesla.Mock.mock(fn
+      %{url: "https://example.com/ogp"} ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
+    end)
+
+    {:ok, activity} =
+      CommonAPI.post_chat_message(recipient, user, "gkgkgk https://example.com/ogp",
+        media_id: upload.id
+      )

    object = Object.normalize(activity)

@ -52,10 +62,11 @@ defmodule Pleroma.Web.PleromaAPI.Chat.MessageReferenceViewTest do
    chat_message_two = MessageReferenceView.render("show.json", chat_message_reference: cm_ref)

    assert chat_message_two[:id] == cm_ref.id
-    assert chat_message_two[:content] == "gkgkgk"
+    assert chat_message_two[:content] == object.data["content"]
    assert chat_message_two[:account_id] == recipient.id
    assert chat_message_two[:chat_id] == chat_message[:chat_id]
    assert chat_message_two[:attachment]
    assert chat_message_two[:unread] == true
+    assert chat_message_two[:card]
  end
 end