logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

media_controller_test.exs (6711B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
  6.   use Pleroma.Web.ConnCase
  8.   import ExUnit.CaptureLog
  9.   import Mox
  11.   alias Pleroma.Object
  12.   alias Pleroma.UnstubbedConfigMock, as: ConfigMock
  13.   alias Pleroma.User
  14.   alias Pleroma.Web.ActivityPub.ActivityPub
  16.   describe "Upload media" do
  17.     setup do: oauth_access(["write:media"])
  19.     setup do
  20.       ConfigMock
  21.       |> stub_with(Pleroma.Test.StaticConfig)
  23.       image = %Plug.Upload{
  24.         content_type: "image/jpeg",
  25.         path: Path.absname("test/fixtures/image.jpg"),
  26.         filename: "an_image.jpg"
  27.       }
  29.       [image: image]
  30.     end
  32.     setup do: clear_config([:media_proxy])
  33.     setup do: clear_config([Pleroma.Upload])
  35.     test "/api/v1/media", %{conn: conn, image: image} do
  36.       desc = "Description of the image"
  38.       media =
  39.         conn
  40.         |> put_req_header("content-type", "multipart/form-data")
  41.         |> post("/api/v1/media", %{"file" => image, "description" => desc})
  42.         |> json_response_and_validate_schema(:ok)
  44.       assert media["type"] == "image"
  45.       assert media["description"] == desc
  46.       assert media["id"]
  48.       object = Object.get_by_id(media["id"])
  49.       assert object.data["actor"] == User.ap_id(conn.assigns[:user])
  50.     end
  52.     test "/api/v2/media", %{conn: conn, user: user, image: image} do
  53.       desc = "Description of the image"
  55.       response =
  56.         conn
  57.         |> put_req_header("content-type", "multipart/form-data")
  58.         |> post("/api/v2/media", %{"file" => image, "description" => desc})
  59.         |> json_response_and_validate_schema(202)
  61.       assert media_id = response["id"]
  63.       %{conn: conn} = oauth_access(["read:media"], user: user)
  65.       media =
  66.         conn
  67.         |> get("/api/v1/media/#{media_id}")
  68.         |> json_response_and_validate_schema(200)
  70.       assert media["type"] == "image"
  71.       assert media["description"] == desc
  72.       assert media["id"]
  74.       object = Object.get_by_id(media["id"])
  75.       assert object.data["actor"] == user.ap_id
  76.     end
  78.     test "/api/v2/media, upload_limit", %{conn: conn, user: user} do
  79.       desc = "Description of the binary"
  81.       upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
  83.       assert :ok ==
  84.                File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
  86.       large_binary = %Plug.Upload{
  87.         content_type: nil,
  88.         path: Path.absname("test/tmp/large_binary.data"),
  89.         filename: "large_binary.data"
  90.       }
  92.       assert capture_log(fn ->
  93.                assert %{"error" => "file_too_large"} =
  94.                         conn
  95.                         |> put_req_header("content-type", "multipart/form-data")
  96.                         |> post("/api/v2/media", %{
  97.                           "file" => large_binary,
  98.                           "description" => desc
  99.                         })
  100.                         |> json_response_and_validate_schema(400)
  101.              end) =~
  102.                "[error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: :file_too_large"
  104.       clear_config([:instance, :upload_limit], upload_limit)
  106.       assert response =
  107.                conn
  108.                |> put_req_header("content-type", "multipart/form-data")
  109.                |> post("/api/v2/media", %{
  110.                  "file" => large_binary,
  111.                  "description" => desc
  112.                })
  113.                |> json_response_and_validate_schema(202)
  115.       assert media_id = response["id"]
  117.       %{conn: conn} = oauth_access(["read:media"], user: user)
  119.       media =
  120.         conn
  121.         |> get("/api/v1/media/#{media_id}")
  122.         |> json_response_and_validate_schema(200)
  124.       assert media["type"] == "unknown"
  125.       assert media["description"] == desc
  126.       assert media["id"]
  128.       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
  129.     end
  131.     test "Do not allow nested filename", %{conn: conn, image: image} do
  132.       image = %Plug.Upload{
  133.         image
  134.         | filename: "../../../../../nested/file.jpg"
  135.       }
  137.       desc = "Description of the image"
  139.       media =
  140.         conn
  141.         |> put_req_header("content-type", "multipart/form-data")
  142.         |> post("/api/v1/media", %{"file" => image, "description" => desc})
  143.         |> json_response_and_validate_schema(:ok)
  145.       refute Regex.match?(~r"/nested/", media["url"])
  146.     end
  147.   end
  149.   describe "Update media description" do
  150.     setup do: oauth_access(["write:media"])
  152.     setup %{user: actor} do
  153.       ConfigMock
  154.       |> stub_with(Pleroma.Test.StaticConfig)
  156.       file = %Plug.Upload{
  157.         content_type: "image/jpeg",
  158.         path: Path.absname("test/fixtures/image.jpg"),
  159.         filename: "an_image.jpg"
  160.       }
  162.       {:ok, %Object{} = object} =
  163.         ActivityPub.upload(
  164.           file,
  165.           actor: User.ap_id(actor),
  166.           description: "test-m"
  167.         )
  169.       [object: object]
  170.     end
  172.     test "/api/v1/media/:id good request", %{conn: conn, object: object} do
  173.       media =
  174.         conn
  175.         |> put_req_header("content-type", "multipart/form-data")
  176.         |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"})
  177.         |> json_response_and_validate_schema(:ok)
  179.       assert media["description"] == "test-media"
  180.       assert refresh_record(object).data["name"] == "test-media"
  181.     end
  182.   end
  184.   describe "Get media by id (/api/v1/media/:id)" do
  185.     setup do: oauth_access(["read:media"])
  187.     setup %{user: actor} do
  188.       ConfigMock
  189.       |> stub_with(Pleroma.Test.StaticConfig)
  191.       file = %Plug.Upload{
  192.         content_type: "image/jpeg",
  193.         path: Path.absname("test/fixtures/image.jpg"),
  194.         filename: "an_image.jpg"
  195.       }
  197.       {:ok, %Object{} = object} =
  198.         ActivityPub.upload(
  199.           file,
  200.           actor: User.ap_id(actor),
  201.           description: "test-media"
  202.         )
  204.       [object: object]
  205.     end
  207.     test "it returns media object when requested by owner", %{conn: conn, object: object} do
  208.       media =
  209.         conn
  210.         |> get("/api/v1/media/#{object.id}")
  211.         |> json_response_and_validate_schema(:ok)
  213.       assert media["description"] == "test-media"
  214.       assert media["type"] == "image"
  215.       assert media["id"]
  216.     end
  218.     test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do
  219.       %{conn: conn, user: other_user} = oauth_access(["read:media"])
  221.       assert object.data["actor"] == user.ap_id
  222.       refute user.id == other_user.id
  224.       conn
  225.       |> get("/api/v1/media/#{object.id}")
  226.       |> json_response_and_validate_schema(403)
  227.     end
  228.   end
  229. end