[#534] Merged upstream/develop.

test/flake_id_test.exs

@@ -0,0 +1,42 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.FlakeIdTest do
+  use Pleroma.DataCase
+  import Kernel, except: [to_string: 1]
+  import Pleroma.FlakeId
+
+  describe "fake flakes (compatibility with older serial integers)" do
+    test "from_string/1" do
+      fake_flake = <<0::integer-size(64), 42::integer-size(64)>>
+      assert from_string("42") == fake_flake
+      assert from_string(42) == fake_flake
+    end
+
+    test "zero or -1 is a null flake" do
+      fake_flake = <<0::integer-size(128)>>
+      assert from_string("0") == fake_flake
+      assert from_string("-1") == fake_flake
+    end
+
+    test "to_string/1" do
+      fake_flake = <<0::integer-size(64), 42::integer-size(64)>>
+      assert to_string(fake_flake) == "42"
+    end
+  end
+
+  test "ecto type behaviour" do
+    flake = <<0, 0, 1, 104, 80, 229, 2, 235, 140, 22, 69, 201, 53, 210, 0, 0>>
+    flake_s = "9eoozpwTul5mjSEDRI"
+
+    assert cast(flake) == {:ok, flake_s}
+    assert cast(flake_s) == {:ok, flake_s}
+
+    assert load(flake) == {:ok, flake_s}
+    assert load(flake_s) == {:ok, flake_s}
+
+    assert dump(flake_s) == {:ok, flake}
+    assert dump(flake) == {:ok, flake}
+  end
+end

test/support/http_request_mock.ex

@@ -653,6 +653,14 @@ defmodule HttpRequestMock do
     {:ok, Tesla.Mock.json(%{"id" => "https://social.heldscal.la/user/23211"}, status: 200)}
   end
 
+  def get("http://example.com/ogp", _, _, _) do
+    {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}}
+  end
+
+  def get("http://example.com/empty", _, _, _) do
+    {:ok, %Tesla.Env{status: 200, body: "hello"}}
+  end
+
   def get("http://404.site" <> _, _, _, _) do
     {:ok,
      %Tesla.Env{

test/user_test.exs

@@ -672,12 +672,13 @@ defmodule Pleroma.UserTest do
         "status" => "hey @#{addressed.nickname} @#{addressed_remote.nickname}"
       })
 
-    assert [addressed] == User.get_recipients_from_activity(activity)
+    assert Enum.map([actor, addressed], & &1.ap_id) --
+             Enum.map(User.get_recipients_from_activity(activity), & &1.ap_id) == []
 
     {:ok, user} = User.follow(user, actor)
     {:ok, _user_two} = User.follow(user_two, actor)
     recipients = User.get_recipients_from_activity(activity)
-    assert length(recipients) == 2
+    assert length(recipients) == 3
     assert user in recipients
     assert addressed in recipients
   end

test/web/activity_pub/activity_pub_test.exs

@@ -65,6 +65,34 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       assert user.info.ap_enabled
       assert user.follower_address == "http://mastodon.example.org/users/admin/followers"
     end
+
+    test "it fetches the appropriate tag-restricted posts" do
+      user = insert(:user)
+
+      {:ok, status_one} = CommonAPI.post(user, %{"status" => ". #test"})
+      {:ok, status_two} = CommonAPI.post(user, %{"status" => ". #essais"})
+      {:ok, status_three} = CommonAPI.post(user, %{"status" => ". #test #reject"})
+
+      fetch_one = ActivityPub.fetch_activities([], %{"tag" => "test"})
+      fetch_two = ActivityPub.fetch_activities([], %{"tag" => ["test", "essais"]})
+
+      fetch_three =
+        ActivityPub.fetch_activities([], %{
+          "tag" => ["test", "essais"],
+          "tag_reject" => ["reject"]
+        })
+
+      fetch_four =
+        ActivityPub.fetch_activities([], %{
+          "tag" => ["test"],
+          "tag_all" => ["test", "reject"]
+        })
+
+      assert fetch_one == [status_one, status_three]
+      assert fetch_two == [status_one, status_two, status_three]
+      assert fetch_three == [status_one, status_two]
+      assert fetch_four == [status_three]
+    end
   end
 
   describe "insertion" do
@@ -86,6 +114,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data)
     end
 
+    test "doesn't drop activities with content being null" do
+      data = %{
+        "ok" => true,
+        "object" => %{
+          "content" => nil
+        }
+      }
+
+      assert {:ok, _} = ActivityPub.insert(data)
+    end
+
     test "returns the activity if one with the same id is already in" do
       activity = insert(:note_activity)
       {:ok, new_activity} = ActivityPub.insert(activity.data)
@@ -161,7 +200,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
 
       assert activity.data["to"] == ["user1", "user2"]
       assert activity.actor == user.ap_id
-      assert activity.recipients == ["user1", "user2"]
+      assert activity.recipients == ["user1", "user2", user.ap_id]
     end
   end
 

test/web/activity_pub/mrf/anti_followbot_policy_test.exs

@@ -0,0 +1,57 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicyTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicy
+
+  describe "blocking based on attributes" do
+    test "matches followbots by nickname" do
+      actor = insert(:user, %{nickname: "followbot@example.com"})
+      target = insert(:user)
+
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "type" => "Follow",
+        "actor" => actor.ap_id,
+        "object" => target.ap_id,
+        "id" => "https://example.com/activities/1234"
+      }
+
+      {:reject, nil} = AntiFollowbotPolicy.filter(message)
+    end
+
+    test "matches followbots by display name" do
+      actor = insert(:user, %{name: "Federation Bot"})
+      target = insert(:user)
+
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "type" => "Follow",
+        "actor" => actor.ap_id,
+        "object" => target.ap_id,
+        "id" => "https://example.com/activities/1234"
+      }
+
+      {:reject, nil} = AntiFollowbotPolicy.filter(message)
+    end
+  end
+
+  test "it allows non-followbots" do
+    actor = insert(:user)
+    target = insert(:user)
+
+    message = %{
+      "@context" => "https://www.w3.org/ns/activitystreams",
+      "type" => "Follow",
+      "actor" => actor.ap_id,
+      "object" => target.ap_id,
+      "id" => "https://example.com/activities/1234"
+    }
+
+    {:ok, _} = AntiFollowbotPolicy.filter(message)
+  end
+end

test/web/mastodon_api/account_view_test.exs

@@ -61,7 +61,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       },
       pleroma: %{
         confirmation_pending: false,
-        tags: []
+        tags: [],
+        is_admin: false,
+        is_moderator: false
       }
     }
 
@@ -102,7 +104,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       },
       pleroma: %{
         confirmation_pending: false,
-        tags: []
+        tags: [],
+        is_admin: false,
+        is_moderator: false
       }
     }
 

test/web/mastodon_api/mastodon_api_controller_test.exs

@@ -148,7 +148,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
     assert %{"id" => id, "visibility" => "direct"} = json_response(conn, 200)
     assert activity = Repo.get(Activity, id)
-    assert activity.recipients == [user2.ap_id]
+    assert activity.recipients == [user2.ap_id, user1.ap_id]
     assert activity.data["to"] == [user2.ap_id]
     assert activity.data["cc"] == []
   end
@@ -182,6 +182,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     assert %{"visibility" => "direct"} = status
     assert status["url"] != direct.data["id"]
 
+    # User should be able to see his own direct message
+    res_conn =
+      build_conn()
+      |> assign(:user, user_one)
+      |> get("api/v1/timelines/direct")
+
+    [status] = json_response(res_conn, 200)
+
+    assert %{"visibility" => "direct"} = status
+
     # Both should be visible here
     res_conn =
       conn
@@ -1034,6 +1044,34 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
     end)
   end
 
+  test "multi-hashtag timeline", %{conn: conn} do
+    user = insert(:user)
+
+    {:ok, activity_test} = CommonAPI.post(user, %{"status" => "#test"})
+    {:ok, activity_test1} = CommonAPI.post(user, %{"status" => "#test #test1"})
+    {:ok, activity_none} = CommonAPI.post(user, %{"status" => "#test #none"})
+
+    any_test =
+      conn
+      |> get("/api/v1/timelines/tag/test", %{"any" => ["test1"]})
+
+    [status_none, status_test1, status_test] = json_response(any_test, 200)
+
+    assert to_string(activity_test.id) == status_test["id"]
+    assert to_string(activity_test1.id) == status_test1["id"]
+    assert to_string(activity_none.id) == status_none["id"]
+
+    restricted_test =
+      conn
+      |> get("/api/v1/timelines/tag/test", %{"all" => ["test1"], "none" => ["none"]})
+
+    assert [status_test1] == json_response(restricted_test, 200)
+
+    all_test = conn |> get("/api/v1/timelines/tag/test", %{"all" => ["none"]})
+
+    assert [status_none] == json_response(all_test, 200)
+  end
+
   test "getting followers", %{conn: conn} do
     user = insert(:user)
     other_user = insert(:user)
@@ -1613,5 +1651,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
                |> post("/api/v1/statuses/#{activity_two.id}/pin")
                |> json_response(400)
     end
+
+    test "Status rich-media Card", %{conn: conn, user: user} do
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "http://example.com/ogp"})
+
+      response =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}/card")
+        |> json_response(200)
+
+      assert response == %{
+               "image" => "http://ia.media-imdb.com/images/rock.jpg",
+               "provider_name" => "www.imdb.com",
+               "title" => "The Rock",
+               "type" => "link",
+               "url" => "http://www.imdb.com/title/tt0117500/"
+             }
+    end
   end
 end

test/web/mastodon_api/status_view_test.exs

@@ -149,7 +149,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
     status = StatusView.render("status.json", %{activity: activity})
 
-    assert status.mentions == [AccountView.render("mention.json", %{user: user})]
+    actor = Repo.get_by(User, ap_id: activity.actor)
+
+    assert status.mentions ==
+             Enum.map([user, actor], fn u -> AccountView.render("mention.json", %{user: u}) end)
   end
 
   test "attachments" do

test/web/metadata/opengraph_test.exs

@@ -0,0 +1,94 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Metadata.Providers.OpenGraphTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+  alias Pleroma.Web.Metadata.Providers.OpenGraph
+
+  test "it renders all supported types of attachments and skips unknown types" do
+    user = insert(:user)
+
+    note =
+      insert(:note, %{
+        data: %{
+          "actor" => user.ap_id,
+          "tag" => [],
+          "id" => "https://pleroma.gov/objects/whatever",
+          "content" => "pleroma in a nutshell",
+          "attachment" => [
+            %{
+              "url" => [
+                %{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}
+              ]
+            },
+            %{
+              "url" => [
+                %{
+                  "mediaType" => "application/octet-stream",
+                  "href" => "https://pleroma.gov/fqa/badapple.sfc"
+                }
+              ]
+            },
+            %{
+              "url" => [
+                %{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"}
+              ]
+            },
+            %{
+              "url" => [
+                %{
+                  "mediaType" => "audio/basic",
+                  "href" => "http://www.gnu.org/music/free-software-song.au"
+                }
+              ]
+            }
+          ]
+        }
+      })
+
+    result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
+
+    assert Enum.all?(
+             [
+               {:meta, [property: "og:image", content: "https://pleroma.gov/tenshi.png"], []},
+               {:meta,
+                [property: "og:audio", content: "http://www.gnu.org/music/free-software-song.au"],
+                []},
+               {:meta, [property: "og:video", content: "https://pleroma.gov/about/juche.webm"],
+                []}
+             ],
+             fn element -> element in result end
+           )
+  end
+
+  test "it does not render attachments if post is nsfw" do
+    Pleroma.Config.put([Pleroma.Web.Metadata, :unfurl_nsfw], false)
+    user = insert(:user, avatar: %{"url" => [%{"href" => "https://pleroma.gov/tenshi.png"}]})
+
+    note =
+      insert(:note, %{
+        data: %{
+          "actor" => user.ap_id,
+          "id" => "https://pleroma.gov/objects/whatever",
+          "content" => "#cuteposting #nsfw #hambaga",
+          "tag" => ["cuteposting", "nsfw", "hambaga"],
+          "sensitive" => true,
+          "attachment" => [
+            %{
+              "url" => [
+                %{"mediaType" => "image/png", "href" => "https://misskey.microsoft/corndog.png"}
+              ]
+            }
+          ]
+        }
+      })
+
+    result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
+
+    assert {:meta, [property: "og:image", content: "https://pleroma.gov/tenshi.png"], []} in result
+
+    refute {:meta, [property: "og:image", content: "https://misskey.microsoft/corndog.png"], []} in result
+  end
+end

test/web/oauth/oauth_controller_test.exs

@@ -34,6 +34,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     assert Repo.get_by(Authorization, token: code)
   end
 
+  test "correctly handles wrong credentials", %{conn: conn} do
+    user = insert(:user)
+    app = insert(:oauth_app)
+
+    result =
+      conn
+      |> post("/oauth/authorize", %{
+        "authorization" => %{
+          "name" => user.nickname,
+          "password" => "wrong",
+          "client_id" => app.client_id,
+          "redirect_uri" => app.redirect_uris,
+          "state" => "statepassed"
+        }
+      })
+      |> html_response(:unauthorized)
+
+    # Keep the details
+    assert result =~ app.client_id
+    assert result =~ app.redirect_uris
+
+    # Error message
+    assert result =~ "Invalid"
+  end
+
   test "issues a token for an all-body request" do
     user = insert(:user)
     app = insert(:oauth_app)

test/web/ostatus/ostatus_controller_test.exs

@@ -108,6 +108,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
     conn =
       conn
+      |> put_req_header("accept", "application/xml")
       |> get(url)
 
     expected =
@@ -134,31 +135,34 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
     |> response(404)
   end
 
+  test "gets an activity in xml format", %{conn: conn} do
+    note_activity = insert(:note_activity)
+    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
+
+    conn
+    |> put_req_header("accept", "application/xml")
+    |> get("/activities/#{uuid}")
+    |> response(200)
+  end
+
   test "404s on deleted objects", %{conn: conn} do
     note_activity = insert(:note_activity)
     [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["object"]["id"]))
     object = Object.get_by_ap_id(note_activity.data["object"]["id"])
 
     conn
+    |> put_req_header("accept", "application/xml")
     |> get("/objects/#{uuid}")
     |> response(200)
 
     Object.delete(object)
 
     conn
+    |> put_req_header("accept", "application/xml")
     |> get("/objects/#{uuid}")
     |> response(404)
   end
 
-  test "gets an activity", %{conn: conn} do
-    note_activity = insert(:note_activity)
-    [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
-
-    conn
-    |> get("/activities/#{uuid}")
-    |> response(200)
-  end
-
   test "404s on private activities", %{conn: conn} do
     note_activity = insert(:direct_note_activity)
     [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
@@ -174,7 +178,7 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
     |> response(404)
   end
 
-  test "gets a notice", %{conn: conn} do
+  test "gets a notice in xml format", %{conn: conn} do
     note_activity = insert(:note_activity)
 
     conn

test/web/rich_media/controllers/rich_media_controller_test.exs

@@ -1,19 +1,14 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.RichMedia.RichMediaControllerTest do
   use Pleroma.Web.ConnCase
   import Pleroma.Factory
+  import Tesla.Mock
 
   setup do
-    Tesla.Mock.mock(fn
-      %{
-        method: :get,
-        url: "http://example.com/ogp"
-      } ->
-        %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}
-
-      %{method: :get, url: "http://example.com/empty"} ->
-        %Tesla.Env{status: 200, body: "hello"}
-    end)
-
+    mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
     :ok
   end
 

test/web/twitter_api/twitter_api_controller_test.exs

@@ -797,7 +797,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
         |> with_credentials(current_user.nickname, "test")
         |> post("/api/favorites/create/1.json")
 
-      assert json_response(conn, 500)
+      assert json_response(conn, 400)
     end
   end
 
@@ -1621,7 +1621,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       conn =
         build_conn()
         |> assign(:user, user)
-        |> post("/api/pleroma/friendships/approve", %{"user_id" => to_string(other_user.id)})
+        |> post("/api/pleroma/friendships/approve", %{"user_id" => other_user.id})
 
       assert relationship = json_response(conn, 200)
       assert other_user.id == relationship["id"]
@@ -1644,7 +1644,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
       conn =
         build_conn()
         |> assign(:user, user)
-        |> post("/api/pleroma/friendships/deny", %{"user_id" => to_string(other_user.id)})
+        |> post("/api/pleroma/friendships/deny", %{"user_id" => other_user.id})
 
       assert relationship = json_response(conn, 200)
       assert other_user.id == relationship["id"]

test/web/twitter_api/views/user_view_test.exs

@@ -100,6 +100,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
+      "hide_network" => false,
       "fields" => [],
       "pleroma" => %{
         "confirmation_pending" => false,
@@ -146,6 +147,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
+      "hide_network" => false,
       "fields" => [],
       "pleroma" => %{
         "confirmation_pending" => false,
@@ -193,6 +195,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
+      "hide_network" => false,
       "fields" => [],
       "pleroma" => %{
         "confirmation_pending" => false,
@@ -254,6 +257,7 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "locked" => false,
       "default_scope" => "public",
       "no_rich_text" => false,
+      "hide_network" => false,
       "fields" => [],
       "pleroma" => %{
         "confirmation_pending" => false,