2020-10-12 17:00:50 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 06:49:20 +00:00
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2020-10-12 17:00:50 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2019-11-08 06:29:46 +00:00
|
|
|
defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
|
2023-08-01 10:43:50 +00:00
|
|
|
use Pleroma.Web.ConnCase, async: false
|
2020-02-22 16:48:41 +00:00
|
|
|
|
2019-11-13 01:19:46 +00:00
|
|
|
alias Pleroma.Activity
|
2022-12-07 11:20:53 +00:00
|
|
|
alias Pleroma.User
|
|
|
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
2019-11-08 16:55:32 +00:00
|
|
|
alias Pleroma.Web.ActivityPub.Transmogrifier
|
2020-09-10 09:11:10 +00:00
|
|
|
alias Pleroma.Web.ActivityPub.Utils
|
2019-11-09 17:50:45 +00:00
|
|
|
alias Pleroma.Web.CommonAPI
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2019-11-08 06:29:46 +00:00
|
|
|
import Pleroma.Factory
|
|
|
|
|
2020-03-20 15:33:00 +00:00
|
|
|
setup_all do: clear_config([:static_fe, :enabled], true)
|
2023-08-04 11:50:50 +00:00
|
|
|
setup do: clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
|
2020-03-11 11:05:56 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
setup %{conn: conn} do
|
|
|
|
conn = put_req_header(conn, "accept", "text/html")
|
|
|
|
user = insert(:user)
|
2019-11-08 06:29:46 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
%{conn: conn, user: user}
|
|
|
|
end
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
describe "user profile html" do
|
|
|
|
test "just the profile as HTML", %{conn: conn, user: user} do
|
|
|
|
conn = get(conn, "/users/#{user.nickname}")
|
2019-11-08 06:29:46 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
assert html_response(conn, 200) =~ user.nickname
|
2019-11-08 06:29:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
test "404 when user not found", %{conn: conn} do
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/users/limpopo")
|
2019-11-08 06:29:46 +00:00
|
|
|
|
|
|
|
assert html_response(conn, 404) =~ "not found"
|
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "profile does not include private messages", %{conn: conn, user: user} do
|
2020-05-12 19:59:26 +00:00
|
|
|
CommonAPI.post(user, %{status: "public"})
|
|
|
|
CommonAPI.post(user, %{status: "private", visibility: "private"})
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/users/#{user.nickname}")
|
2019-11-08 16:55:32 +00:00
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
2022-12-07 11:20:53 +00:00
|
|
|
assert html =~ "\npublic\n"
|
|
|
|
refute html =~ "\nprivate\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "main page does not include replies", %{conn: conn, user: user} do
|
|
|
|
{:ok, op} = CommonAPI.post(user, %{status: "beep"})
|
|
|
|
CommonAPI.post(user, %{status: "boop", in_reply_to_id: op})
|
|
|
|
|
|
|
|
conn = get(conn, "/users/#{user.nickname}")
|
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
|
|
|
assert html =~ "\nbeep\n"
|
|
|
|
refute html =~ "\nboop\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "media page only includes posts with attachments", %{conn: conn, user: user} do
|
|
|
|
file = %Plug.Upload{
|
|
|
|
content_type: "image/jpeg",
|
|
|
|
path: Path.absname("test/fixtures/image.jpg"),
|
|
|
|
filename: "an_image.jpg"
|
|
|
|
}
|
|
|
|
|
|
|
|
{:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)
|
|
|
|
|
|
|
|
CommonAPI.post(user, %{status: "virgin text post"})
|
|
|
|
CommonAPI.post(user, %{status: "chad post with attachment", media_ids: [media_id]})
|
|
|
|
|
|
|
|
conn = get(conn, "/users/#{user.nickname}/media")
|
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
|
|
|
assert html =~ "\nchad post with attachment\n"
|
|
|
|
refute html =~ "\nvirgin text post\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "show follower list", %{conn: conn, user: user} do
|
|
|
|
follower = insert(:user)
|
|
|
|
CommonAPI.follow(follower, user)
|
|
|
|
|
|
|
|
conn = get(conn, "/users/#{user.nickname}/followers")
|
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
|
|
|
assert html =~ "user-card"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "don't show followers if hidden", %{conn: conn, user: user} do
|
|
|
|
follower = insert(:user)
|
|
|
|
CommonAPI.follow(follower, user)
|
|
|
|
|
|
|
|
{:ok, user} =
|
|
|
|
user
|
|
|
|
|> User.update_changeset(%{hide_followers: true})
|
|
|
|
|> User.update_and_set_cache()
|
|
|
|
|
|
|
|
conn = get(conn, "/users/#{user.nickname}/followers")
|
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
|
|
|
refute html =~ "user-card"
|
2019-11-08 16:55:32 +00:00
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "pagination", %{conn: conn, user: user} do
|
2020-05-12 19:59:26 +00:00
|
|
|
Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/users/#{user.nickname}")
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2019-11-08 06:29:46 +00:00
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
2022-12-07 11:20:53 +00:00
|
|
|
assert html =~ "\ntest30\n"
|
|
|
|
assert html =~ "\ntest11\n"
|
|
|
|
refute html =~ "\ntest10\n"
|
|
|
|
refute html =~ "\ntest1\n"
|
2019-11-08 06:29:46 +00:00
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "pagination, page 2", %{conn: conn, user: user} do
|
2020-05-12 19:59:26 +00:00
|
|
|
activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
|
2019-11-08 06:29:46 +00:00
|
|
|
{:ok, a11} = Enum.at(activities, 11)
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2019-11-08 06:29:46 +00:00
|
|
|
html = html_response(conn, 200)
|
|
|
|
|
2022-12-07 11:20:53 +00:00
|
|
|
assert html =~ "\ntest1\n"
|
|
|
|
assert html =~ "\ntest10\n"
|
|
|
|
refute html =~ "\ntest20\n"
|
|
|
|
refute html =~ "\ntest29\n"
|
2019-11-08 06:29:46 +00:00
|
|
|
end
|
2020-03-11 11:05:56 +00:00
|
|
|
|
2020-10-02 19:18:02 +00:00
|
|
|
test "does not require authentication on non-federating instances", %{
|
|
|
|
conn: conn,
|
|
|
|
user: user
|
|
|
|
} do
|
|
|
|
clear_config([:instance, :federating], false)
|
|
|
|
|
|
|
|
conn = get(conn, "/users/#{user.nickname}")
|
|
|
|
|
|
|
|
assert html_response(conn, 200) =~ user.nickname
|
2020-03-11 11:05:56 +00:00
|
|
|
end
|
2020-10-11 19:34:28 +00:00
|
|
|
|
|
|
|
test "returns 404 for local user with `restrict_unauthenticated/profiles/local` setting", %{
|
|
|
|
conn: conn
|
|
|
|
} do
|
|
|
|
clear_config([:restrict_unauthenticated, :profiles, :local], true)
|
|
|
|
|
|
|
|
local_user = insert(:user, local: true)
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> get("/users/#{local_user.nickname}")
|
|
|
|
|> html_response(404)
|
|
|
|
end
|
2019-11-08 06:29:46 +00:00
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
describe "notice html" do
|
|
|
|
test "single notice page", %{conn: conn, user: user} do
|
2020-05-12 19:59:26 +00:00
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
|
2019-11-08 06:29:46 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/notice/#{activity.id}")
|
2019-11-08 06:29:46 +00:00
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
2022-12-07 11:20:53 +00:00
|
|
|
assert html =~ "<div class=\"panel conversation\">"
|
2019-11-08 06:29:46 +00:00
|
|
|
assert html =~ user.nickname
|
|
|
|
assert html =~ "testing a thing!"
|
|
|
|
end
|
|
|
|
|
2020-06-26 14:27:39 +00:00
|
|
|
test "redirects to json if requested", %{conn: conn, user: user} do
|
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header(
|
|
|
|
"accept",
|
|
|
|
"Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
|
|
|
|
)
|
|
|
|
|> get("/notice/#{activity.id}")
|
|
|
|
|
|
|
|
assert redirected_to(conn, 302) =~ activity.data["object"]
|
|
|
|
end
|
|
|
|
|
2020-03-15 14:45:57 +00:00
|
|
|
test "filters HTML tags", %{conn: conn} do
|
|
|
|
user = insert(:user)
|
2020-05-12 19:59:26 +00:00
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})
|
2020-03-15 14:45:57 +00:00
|
|
|
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("accept", "text/html")
|
|
|
|
|> get("/notice/#{activity.id}")
|
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
assert html =~ ~s[<script>alert('xss')</script>]
|
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "shows the whole thread", %{conn: conn, user: user} do
|
2020-05-12 19:59:26 +00:00
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
|
2019-11-08 16:55:32 +00:00
|
|
|
|
|
|
|
CommonAPI.post(user, %{
|
2020-05-12 19:59:26 +00:00
|
|
|
status: "these are the voyages or something",
|
|
|
|
in_reply_to_status_id: activity.id
|
2019-11-08 16:55:32 +00:00
|
|
|
})
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/notice/#{activity.id}")
|
2019-11-08 16:55:32 +00:00
|
|
|
|
|
|
|
html = html_response(conn, 200)
|
|
|
|
assert html =~ "the final frontier"
|
|
|
|
assert html =~ "voyages"
|
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "redirect by AP object ID", %{conn: conn, user: user} do
|
2019-11-13 01:19:46 +00:00
|
|
|
{:ok, %Activity{data: %{"object" => object_url}}} =
|
2020-05-12 19:59:26 +00:00
|
|
|
CommonAPI.post(user, %{status: "beam me up"})
|
2019-11-13 01:19:46 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, URI.parse(object_url).path)
|
2019-11-13 01:19:46 +00:00
|
|
|
|
|
|
|
assert html_response(conn, 302) =~ "redirected"
|
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "redirect by activity ID", %{conn: conn, user: user} do
|
2019-11-13 01:33:54 +00:00
|
|
|
{:ok, %Activity{data: %{"id" => id}}} =
|
2020-05-12 19:59:26 +00:00
|
|
|
CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})
|
2019-11-13 01:33:54 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, URI.parse(id).path)
|
2019-11-13 01:33:54 +00:00
|
|
|
|
|
|
|
assert html_response(conn, 302) =~ "redirected"
|
|
|
|
end
|
|
|
|
|
2019-11-08 06:29:46 +00:00
|
|
|
test "404 when notice not found", %{conn: conn} do
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/notice/88c9c317")
|
2019-11-08 16:55:32 +00:00
|
|
|
|
|
|
|
assert html_response(conn, 404) =~ "not found"
|
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "404 for private status", %{conn: conn, user: user} do
|
2020-05-12 19:59:26 +00:00
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})
|
2019-11-08 16:55:32 +00:00
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/notice/#{activity.id}")
|
2019-11-08 16:55:32 +00:00
|
|
|
|
|
|
|
assert html_response(conn, 404) =~ "not found"
|
|
|
|
end
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
test "302 for remote cached status", %{conn: conn, user: user} do
|
2019-11-08 16:55:32 +00:00
|
|
|
message = %{
|
|
|
|
"@context" => "https://www.w3.org/ns/activitystreams",
|
|
|
|
"type" => "Create",
|
2020-09-10 09:11:10 +00:00
|
|
|
"actor" => user.ap_id,
|
2019-11-08 16:55:32 +00:00
|
|
|
"object" => %{
|
2020-09-10 09:11:10 +00:00
|
|
|
"to" => user.follower_address,
|
|
|
|
"cc" => "https://www.w3.org/ns/activitystreams#Public",
|
|
|
|
"id" => Utils.generate_object_id(),
|
2019-11-08 16:55:32 +00:00
|
|
|
"content" => "blah blah blah",
|
|
|
|
"type" => "Note",
|
2020-09-10 09:11:10 +00:00
|
|
|
"attributedTo" => user.ap_id
|
|
|
|
}
|
2019-11-08 16:55:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
assert {:ok, activity} = Transmogrifier.handle_incoming(message)
|
|
|
|
|
2020-02-22 16:48:41 +00:00
|
|
|
conn = get(conn, "/notice/#{activity.id}")
|
2019-11-08 06:29:46 +00:00
|
|
|
|
2019-11-12 01:16:44 +00:00
|
|
|
assert html_response(conn, 302) =~ "redirected"
|
2019-11-08 06:29:46 +00:00
|
|
|
end
|
2020-03-11 11:05:56 +00:00
|
|
|
|
2020-10-02 19:18:02 +00:00
|
|
|
test "does not require authentication on non-federating instances", %{
|
|
|
|
conn: conn,
|
|
|
|
user: user
|
|
|
|
} do
|
|
|
|
clear_config([:instance, :federating], false)
|
|
|
|
|
2020-05-12 19:59:26 +00:00
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
|
2020-03-11 11:05:56 +00:00
|
|
|
|
2020-10-02 19:18:02 +00:00
|
|
|
conn = get(conn, "/notice/#{activity.id}")
|
|
|
|
|
|
|
|
assert html_response(conn, 200) =~ "testing a thing!"
|
2020-03-11 11:05:56 +00:00
|
|
|
end
|
2020-10-11 19:34:28 +00:00
|
|
|
|
|
|
|
test "returns 404 for local public activity with `restrict_unauthenticated/activities/local` setting",
|
|
|
|
%{conn: conn, user: user} do
|
|
|
|
clear_config([:restrict_unauthenticated, :activities, :local], true)
|
|
|
|
|
|
|
|
{:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> get("/notice/#{activity.id}")
|
|
|
|
|> html_response(404)
|
|
|
|
end
|
2019-11-08 06:29:46 +00:00
|
|
|
end
|
|
|
|
end
|