commit: 63bdf4dc2bd5258d0f306eeed71e49ed1e4b17a7
parent 426535bc38330cff207cea4a0ba113b68ecbaee3
Author: Phantasm <phantasm@centrum.cz>
Date: Wed, 10 Dec 2025 01:11:16 +0100
C2S: New Add/Remove and Actor creation tests
Creating Actors via C2S doesn't make sense, thus it should fail.
Tests creating Actors with type: Application/Person/Service.
All Create Activities for new Actors currently fail with
`validator not set` in the pipeline.
Diffstat:
1 file changed, 103 insertions(+), 0 deletions(-)
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -1706,6 +1706,109 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
assert note_object == Object.normalize(note_activity, fetch: false)
end
+ test "it rejects Add to other user's collection", %{conn: conn} do
+ user = insert(:user)
+ target_user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{status: "Post"})
+ object = Object.normalize(activity, fetch: false)
+ object_id = object.data["id"]
+
+ data = %{
+ type: "Add",
+ target: "#{Pleroma.Web.Endpoint.url()}/users/#{target_user.nickname}/collections/featured",
+ object: object_id
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
+
+ test "it rejects Remove to other user's collection", %{conn: conn} do
+ user = insert(:user)
+ target_user = insert(:user)
+
+ {:ok, activity} = CommonAPI.post(user, %{status: "Post"})
+ object = Object.normalize(activity, fetch: false)
+ object_id = object.data["id"]
+
+ data = %{
+ type: "Remove",
+ target: "#{Pleroma.Web.Endpoint.url()}/users/#{target_user.nickname}/collections/featured",
+ object: object_id
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/activity+json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
+
+ test "it rejects creating Actors of type Application", %{conn: conn} do
+ user = insert(:user, local: true)
+
+ data = %{
+ type: "Create",
+ object: %{
+ type: "Application"
+ }
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
+
+ test "it rejects creating Actors of type Person", %{conn: conn} do
+ user = insert(:user, local: true)
+
+ data = %{
+ type: "Create",
+ object: %{
+ type: "Person"
+ }
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
+
+ test "it rejects creating Actors of type Service", %{conn: conn} do
+ user = insert(:user, local: true)
+
+ data = %{
+ type: "Create",
+ object: %{
+ type: "Service"
+ }
+ }
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> put_req_header("content-type", "application/json")
+ |> post("/users/#{user.nickname}/outbox", data)
+
+ assert json_response(conn, 400)
+ end
+
test "it rejects like activity to object invisible to actor", %{conn: conn} do
user = insert(:user)
stranger = insert(:user, local: true)
