Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation

# Conflicts:
#	CHANGELOG.md
#	config/config.exs

test/plugs/http_signature_plug_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   alias Pleroma.Web.Plugs.HTTPSignaturePlug
 
   import Plug.Conn
+  import Phoenix.Controller, only: [put_format: 2]
   import Mock
 
   test "it call HTTPSignatures to check validity if the actor sighed it" do
@@ -20,10 +21,69 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
           "signature",
           "keyId=\"http://mastodon.example.org/users/admin#main-key"
         )
+        |> put_format("activity+json")
         |> HTTPSignaturePlug.call(%{})
 
       assert conn.assigns.valid_signature == true
+      assert conn.halted == false
       assert called(HTTPSignatures.validate_conn(:_))
     end
   end
+
+  describe "requires a signature when `authorized_fetch_mode` is enabled" do
+    setup do
+      Pleroma.Config.put([:activitypub, :authorized_fetch_mode], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
+      end)
+
+      params = %{"actor" => "http://mastodon.example.org/users/admin"}
+      conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
+
+      [conn: conn]
+    end
+
+    test "when signature header is present", %{conn: conn} do
+      with_mock HTTPSignatures, validate_conn: fn _ -> false end do
+        conn =
+          conn
+          |> put_req_header(
+            "signature",
+            "keyId=\"http://mastodon.example.org/users/admin#main-key"
+          )
+          |> HTTPSignaturePlug.call(%{})
+
+        assert conn.assigns.valid_signature == false
+        assert conn.halted == true
+        assert conn.status == 401
+        assert conn.state == :sent
+        assert conn.resp_body == "Request not signed"
+        assert called(HTTPSignatures.validate_conn(:_))
+      end
+
+      with_mock HTTPSignatures, validate_conn: fn _ -> true end do
+        conn =
+          conn
+          |> put_req_header(
+            "signature",
+            "keyId=\"http://mastodon.example.org/users/admin#main-key"
+          )
+          |> HTTPSignaturePlug.call(%{})
+
+        assert conn.assigns.valid_signature == true
+        assert conn.halted == false
+        assert called(HTTPSignatures.validate_conn(:_))
+      end
+    end
+
+    test "halts the connection when `signature` header is not present", %{conn: conn} do
+      conn = HTTPSignaturePlug.call(conn, %{})
+      assert conn.assigns[:valid_signature] == nil
+      assert conn.halted == true
+      assert conn.status == 401
+      assert conn.state == :sent
+      assert conn.resp_body == "Request not signed"
+    end
+  end
 end

test/web/pleroma_api/controllers/pleroma_api_controller_test.exs

@@ -96,6 +96,32 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
              result
   end
 
+  test "GET /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions/🎅")
+      |> json_response(200)
+
+    assert result == []
+
+    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions/🎅")
+      |> json_response(200)
+
+    [%{"name" => "🎅", "count" => 1, "accounts" => [represented_user], "me" => false}] = result
+
+    assert represented_user["id"] == other_user.id
+  end
+
   test "/api/v1/pleroma/conversations/:id" do
     user = insert(:user)
     %{user: other_user, conn: conn} = oauth_access(["read:statuses"])

test/web/twitter_api/remote_follow_controller_test.exs

@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
@@ -92,15 +92,13 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
       user = insert(:user)
       user2 = insert(:user)
 
-      response =
+      conn =
         conn
         |> assign(:user, user)
         |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"]))
         |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
-        |> response(200)
 
-      assert response =~ "Account followed!"
-      assert user2.follower_address in User.following(user)
+      assert redirected_to(conn) == "/users/#{user2.id}"
     end
 
     test "returns error when user is deactivated", %{conn: conn} do
@@ -149,14 +147,13 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
       user2 = insert(:user)
       {:ok, _, _, _} = CommonAPI.follow(user, user2)
 
-      response =
+      conn =
         conn
         |> assign(:user, refresh_record(user))
         |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:follows"]))
         |> post(remote_follow_path(conn, :do_follow), %{"user" => %{"id" => user2.id}})
-        |> response(200)
 
-      assert response =~ "Account followed!"
+      assert redirected_to(conn) == "/users/#{user2.id}"
     end
   end
 
@@ -165,14 +162,13 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
       user = insert(:user)
       user2 = insert(:user)
 
-      response =
+      conn =
         conn
         |> post(remote_follow_path(conn, :do_follow), %{
           "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
         })
-        |> response(200)
 
-      assert response =~ "Account followed!"
+      assert redirected_to(conn) == "/users/#{user2.id}"
       assert user2.follower_address in User.following(user)
     end