logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

activity_pub_controller_test.exs (47449B)

    

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do

  6.   use Pleroma.Web.ConnCase

  7.   use Oban.Testing, repo: Pleroma.Repo

  8. 

  9.   alias Pleroma.Activity

  10.   alias Pleroma.Config

  11.   alias Pleroma.Delivery

  12.   alias Pleroma.Instances

  13.   alias Pleroma.Object

  14.   alias Pleroma.Tests.ObanHelpers

  15.   alias Pleroma.User

  16.   alias Pleroma.Web.ActivityPub.ActivityPub

  17.   alias Pleroma.Web.ActivityPub.ObjectView

  18.   alias Pleroma.Web.ActivityPub.Relay

  19.   alias Pleroma.Web.ActivityPub.UserView

  20.   alias Pleroma.Web.ActivityPub.Utils

  21.   alias Pleroma.Web.CommonAPI

  22.   alias Pleroma.Web.Endpoint

  23.   alias Pleroma.Workers.ReceiverWorker

  24. 

  25.   import Pleroma.Factory

  26. 

  27.   require Pleroma.Constants

  28. 

  29.   setup_all do

  30.     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)

  31.     :ok

  32.   end

  33. 

  34.   setup do: clear_config([:instance, :federating], true)

  35. 

  36.   describe "/relay" do

  37.     setup do: clear_config([:instance, :allow_relay])

  38. 

  39.     test "with the relay active, it returns the relay user", %{conn: conn} do

  40.       res =

  41.         conn

  42.         |> get(activity_pub_path(conn, :relay))

  43.         |> json_response(200)

  44. 

  45.       assert res["id"] =~ "/relay"

  46.     end

  47. 

  48.     test "with the relay disabled, it returns 404", %{conn: conn} do

  49.       Config.put([:instance, :allow_relay], false)

  50. 

  51.       conn

  52.       |> get(activity_pub_path(conn, :relay))

  53.       |> json_response(404)

  54.     end

  55. 

  56.     test "on non-federating instance, it returns 404", %{conn: conn} do

  57.       Config.put([:instance, :federating], false)

  58.       user = insert(:user)

  59. 

  60.       conn

  61.       |> assign(:user, user)

  62.       |> get(activity_pub_path(conn, :relay))

  63.       |> json_response(404)

  64.     end

  65.   end

  66. 

  67.   describe "/internal/fetch" do

  68.     test "it returns the internal fetch user", %{conn: conn} do

  69.       res =

  70.         conn

  71.         |> get(activity_pub_path(conn, :internal_fetch))

  72.         |> json_response(200)

  73. 

  74.       assert res["id"] =~ "/fetch"

  75.     end

  76. 

  77.     test "on non-federating instance, it returns 404", %{conn: conn} do

  78.       Config.put([:instance, :federating], false)

  79.       user = insert(:user)

  80. 

  81.       conn

  82.       |> assign(:user, user)

  83.       |> get(activity_pub_path(conn, :internal_fetch))

  84.       |> json_response(404)

  85.     end

  86.   end

  87. 

  88.   describe "/users/:nickname" do

  89.     test "it returns a json representation of the user with accept application/json", %{

  90.       conn: conn

  91.     } do

  92.       user = insert(:user)

  93. 

  94.       conn =

  95.         conn

  96.         |> put_req_header("accept", "application/json")

  97.         |> get("/users/#{user.nickname}")

  98. 

  99.       user = User.get_cached_by_id(user.id)

  100. 

  101.       assert json_response(conn, 200) == UserView.render("user.json", %{user: user})

  102.     end

  103. 

  104.     test "it returns a json representation of the user with accept application/activity+json", %{

  105.       conn: conn

  106.     } do

  107.       user = insert(:user)

  108. 

  109.       conn =

  110.         conn

  111.         |> put_req_header("accept", "application/activity+json")

  112.         |> get("/users/#{user.nickname}")

  113. 

  114.       user = User.get_cached_by_id(user.id)

  115. 

  116.       assert json_response(conn, 200) == UserView.render("user.json", %{user: user})

  117.     end

  118. 

  119.     test "it returns a json representation of the user with accept application/ld+json", %{

  120.       conn: conn

  121.     } do

  122.       user = insert(:user)

  123. 

  124.       conn =

  125.         conn

  126.         |> put_req_header(

  127.           "accept",

  128.           "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""

  129.         )

  130.         |> get("/users/#{user.nickname}")

  131. 

  132.       user = User.get_cached_by_id(user.id)

  133. 

  134.       assert json_response(conn, 200) == UserView.render("user.json", %{user: user})

  135.     end

  136. 

  137.     test "it returns 404 for remote users", %{

  138.       conn: conn

  139.     } do

  140.       user = insert(:user, local: false, nickname: "remoteuser@example.com")

  141. 

  142.       conn =

  143.         conn

  144.         |> put_req_header("accept", "application/json")

  145.         |> get("/users/#{user.nickname}.json")

  146. 

  147.       assert json_response(conn, 404)

  148.     end

  149. 

  150.     test "it returns error when user is not found", %{conn: conn} do

  151.       response =

  152.         conn

  153.         |> put_req_header("accept", "application/json")

  154.         |> get("/users/jimm")

  155.         |> json_response(404)

  156. 

  157.       assert response == "Not found"

  158.     end

  159. 

  160.     test "it requires authentication if instance is NOT federating", %{

  161.       conn: conn

  162.     } do

  163.       user = insert(:user)

  164. 

  165.       conn =

  166.         put_req_header(

  167.           conn,

  168.           "accept",

  169.           "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""

  170.         )

  171. 

  172.       ensure_federating_or_authenticated(conn, "/users/#{user.nickname}.json", user)

  173.     end

  174.   end

  175. 

  176.   describe "mastodon compatibility routes" do

  177.     test "it returns a json representation of the object with accept application/json", %{

  178.       conn: conn

  179.     } do

  180.       {:ok, object} =

  181.         %{

  182.           "type" => "Note",

  183.           "content" => "hey",

  184.           "id" => Endpoint.url() <> "/users/raymoo/statuses/999999999",

  185.           "actor" => Endpoint.url() <> "/users/raymoo",

  186.           "to" => [Pleroma.Constants.as_public()]

  187.         }

  188.         |> Object.create()

  189. 

  190.       conn =

  191.         conn

  192.         |> put_req_header("accept", "application/json")

  193.         |> get("/users/raymoo/statuses/999999999")

  194. 

  195.       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: object})

  196.     end

  197. 

  198.     test "it returns a json representation of the activity with accept application/json", %{

  199.       conn: conn

  200.     } do

  201.       {:ok, object} =

  202.         %{

  203.           "type" => "Note",

  204.           "content" => "hey",

  205.           "id" => Endpoint.url() <> "/users/raymoo/statuses/999999999",

  206.           "actor" => Endpoint.url() <> "/users/raymoo",

  207.           "to" => [Pleroma.Constants.as_public()]

  208.         }

  209.         |> Object.create()

  210. 

  211.       {:ok, activity, _} =

  212.         %{

  213.           "id" => object.data["id"] <> "/activity",

  214.           "type" => "Create",

  215.           "object" => object.data["id"],

  216.           "actor" => object.data["actor"],

  217.           "to" => object.data["to"]

  218.         }

  219.         |> ActivityPub.persist(local: true)

  220. 

  221.       conn =

  222.         conn

  223.         |> put_req_header("accept", "application/json")

  224.         |> get("/users/raymoo/statuses/999999999/activity")

  225. 

  226.       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})

  227.     end

  228.   end

  229. 

  230.   describe "/objects/:uuid" do

  231.     test "it returns a json representation of the object with accept application/json", %{

  232.       conn: conn

  233.     } do

  234.       note = insert(:note)

  235.       uuid = String.split(note.data["id"], "/") |> List.last()

  236. 

  237.       conn =

  238.         conn

  239.         |> put_req_header("accept", "application/json")

  240.         |> get("/objects/#{uuid}")

  241. 

  242.       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})

  243.     end

  244. 

  245.     test "it returns a json representation of the object with accept application/activity+json",

  246.          %{conn: conn} do

  247.       note = insert(:note)

  248.       uuid = String.split(note.data["id"], "/") |> List.last()

  249. 

  250.       conn =

  251.         conn

  252.         |> put_req_header("accept", "application/activity+json")

  253.         |> get("/objects/#{uuid}")

  254. 

  255.       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})

  256.     end

  257. 

  258.     test "it returns a json representation of the object with accept application/ld+json", %{

  259.       conn: conn

  260.     } do

  261.       note = insert(:note)

  262.       uuid = String.split(note.data["id"], "/") |> List.last()

  263. 

  264.       conn =

  265.         conn

  266.         |> put_req_header(

  267.           "accept",

  268.           "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""

  269.         )

  270.         |> get("/objects/#{uuid}")

  271. 

  272.       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})

  273.     end

  274. 

  275.     test "it returns 404 for non-public messages", %{conn: conn} do

  276.       note = insert(:direct_note)

  277.       uuid = String.split(note.data["id"], "/") |> List.last()

  278. 

  279.       conn =

  280.         conn

  281.         |> put_req_header("accept", "application/activity+json")

  282.         |> get("/objects/#{uuid}")

  283. 

  284.       assert json_response(conn, 404)

  285.     end

  286. 

  287.     test "it returns 404 for tombstone objects", %{conn: conn} do

  288.       tombstone = insert(:tombstone)

  289.       uuid = String.split(tombstone.data["id"], "/") |> List.last()

  290. 

  291.       conn =

  292.         conn

  293.         |> put_req_header("accept", "application/activity+json")

  294.         |> get("/objects/#{uuid}")

  295. 

  296.       assert json_response(conn, 404)

  297.     end

  298. 

  299.     test "it caches a response", %{conn: conn} do

  300.       note = insert(:note)

  301.       uuid = String.split(note.data["id"], "/") |> List.last()

  302. 

  303.       conn1 =

  304.         conn

  305.         |> put_req_header("accept", "application/activity+json")

  306.         |> get("/objects/#{uuid}")

  307. 

  308.       assert json_response(conn1, :ok)

  309.       assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))

  310. 

  311.       conn2 =

  312.         conn

  313.         |> put_req_header("accept", "application/activity+json")

  314.         |> get("/objects/#{uuid}")

  315. 

  316.       assert json_response(conn1, :ok) == json_response(conn2, :ok)

  317.       assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))

  318.     end

  319. 

  320.     test "cached purged after object deletion", %{conn: conn} do

  321.       note = insert(:note)

  322.       uuid = String.split(note.data["id"], "/") |> List.last()

  323. 

  324.       conn1 =

  325.         conn

  326.         |> put_req_header("accept", "application/activity+json")

  327.         |> get("/objects/#{uuid}")

  328. 

  329.       assert json_response(conn1, :ok)

  330.       assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))

  331. 

  332.       Object.delete(note)

  333. 

  334.       conn2 =

  335.         conn

  336.         |> put_req_header("accept", "application/activity+json")

  337.         |> get("/objects/#{uuid}")

  338. 

  339.       assert "Not found" == json_response(conn2, :not_found)

  340.     end

  341. 

  342.     test "it requires authentication if instance is NOT federating", %{

  343.       conn: conn

  344.     } do

  345.       user = insert(:user)

  346.       note = insert(:note)

  347.       uuid = String.split(note.data["id"], "/") |> List.last()

  348. 

  349.       conn = put_req_header(conn, "accept", "application/activity+json")

  350. 

  351.       ensure_federating_or_authenticated(conn, "/objects/#{uuid}", user)

  352.     end

  353.   end

  354. 

  355.   describe "/activities/:uuid" do

  356.     test "it returns a json representation of the activity", %{conn: conn} do

  357.       activity = insert(:note_activity)

  358.       uuid = String.split(activity.data["id"], "/") |> List.last()

  359. 

  360.       conn =

  361.         conn

  362.         |> put_req_header("accept", "application/activity+json")

  363.         |> get("/activities/#{uuid}")

  364. 

  365.       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})

  366.     end

  367. 

  368.     test "it returns 404 for non-public activities", %{conn: conn} do

  369.       activity = insert(:direct_note_activity)

  370.       uuid = String.split(activity.data["id"], "/") |> List.last()

  371. 

  372.       conn =

  373.         conn

  374.         |> put_req_header("accept", "application/activity+json")

  375.         |> get("/activities/#{uuid}")

  376. 

  377.       assert json_response(conn, 404)

  378.     end

  379. 

  380.     test "it caches a response", %{conn: conn} do

  381.       activity = insert(:note_activity)

  382.       uuid = String.split(activity.data["id"], "/") |> List.last()

  383. 

  384.       conn1 =

  385.         conn

  386.         |> put_req_header("accept", "application/activity+json")

  387.         |> get("/activities/#{uuid}")

  388. 

  389.       assert json_response(conn1, :ok)

  390.       assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))

  391. 

  392.       conn2 =

  393.         conn

  394.         |> put_req_header("accept", "application/activity+json")

  395.         |> get("/activities/#{uuid}")

  396. 

  397.       assert json_response(conn1, :ok) == json_response(conn2, :ok)

  398.       assert Enum.any?(conn2.resp_headers, &(&1 == {"x-cache", "HIT from Pleroma"}))

  399.     end

  400. 

  401.     test "cached purged after activity deletion", %{conn: conn} do

  402.       user = insert(:user)

  403.       {:ok, activity} = CommonAPI.post(user, %{status: "cofe"})

  404. 

  405.       uuid = String.split(activity.data["id"], "/") |> List.last()

  406. 

  407.       conn1 =

  408.         conn

  409.         |> put_req_header("accept", "application/activity+json")

  410.         |> get("/activities/#{uuid}")

  411. 

  412.       assert json_response(conn1, :ok)

  413.       assert Enum.any?(conn1.resp_headers, &(&1 == {"x-cache", "MISS from Pleroma"}))

  414. 

  415.       Activity.delete_all_by_object_ap_id(activity.object.data["id"])

  416. 

  417.       conn2 =

  418.         conn

  419.         |> put_req_header("accept", "application/activity+json")

  420.         |> get("/activities/#{uuid}")

  421. 

  422.       assert "Not found" == json_response(conn2, :not_found)

  423.     end

  424. 

  425.     test "it requires authentication if instance is NOT federating", %{

  426.       conn: conn

  427.     } do

  428.       user = insert(:user)

  429.       activity = insert(:note_activity)

  430.       uuid = String.split(activity.data["id"], "/") |> List.last()

  431. 

  432.       conn = put_req_header(conn, "accept", "application/activity+json")

  433. 

  434.       ensure_federating_or_authenticated(conn, "/activities/#{uuid}", user)

  435.     end

  436.   end

  437. 

  438.   describe "/inbox" do

  439.     test "it inserts an incoming activity into the database", %{conn: conn} do

  440.       data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()

  441. 

  442.       conn =

  443.         conn

  444.         |> assign(:valid_signature, true)

  445.         |> put_req_header("content-type", "application/activity+json")

  446.         |> post("/inbox", data)

  447. 

  448.       assert "ok" == json_response(conn, 200)

  449. 

  450.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  451.       assert Activity.get_by_ap_id(data["id"])

  452.     end

  453. 

  454.     @tag capture_log: true

  455.     test "it inserts an incoming activity into the database" <>

  456.            "even if we can't fetch the user but have it in our db",

  457.          %{conn: conn} do

  458.       user =

  459.         insert(:user,

  460.           ap_id: "https://mastodon.example.org/users/raymoo",

  461.           ap_enabled: true,

  462.           local: false,

  463.           last_refreshed_at: nil

  464.         )

  465. 

  466.       data =

  467.         File.read!("test/fixtures/mastodon-post-activity.json")

  468.         |> Poison.decode!()

  469.         |> Map.put("actor", user.ap_id)

  470.         |> put_in(["object", "attributedTo"], user.ap_id)

  471. 

  472.       conn =

  473.         conn

  474.         |> assign(:valid_signature, true)

  475.         |> put_req_header("content-type", "application/activity+json")

  476.         |> post("/inbox", data)

  477. 

  478.       assert "ok" == json_response(conn, 200)

  479. 

  480.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  481.       assert Activity.get_by_ap_id(data["id"])

  482.     end

  483. 

  484.     test "it clears `unreachable` federation status of the sender", %{conn: conn} do

  485.       data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()

  486. 

  487.       sender_url = data["actor"]

  488.       Instances.set_consistently_unreachable(sender_url)

  489.       refute Instances.reachable?(sender_url)

  490. 

  491.       conn =

  492.         conn

  493.         |> assign(:valid_signature, true)

  494.         |> put_req_header("content-type", "application/activity+json")

  495.         |> post("/inbox", data)

  496. 

  497.       assert "ok" == json_response(conn, 200)

  498.       assert Instances.reachable?(sender_url)

  499.     end

  500. 

  501.     test "accept follow activity", %{conn: conn} do

  502.       Pleroma.Config.put([:instance, :federating], true)

  503.       relay = Relay.get_actor()

  504. 

  505.       assert {:ok, %Activity{} = activity} = Relay.follow("https://relay.mastodon.host/actor")

  506. 

  507.       followed_relay = Pleroma.User.get_by_ap_id("https://relay.mastodon.host/actor")

  508.       relay = refresh_record(relay)

  509. 

  510.       accept =

  511.         File.read!("test/fixtures/relay/accept-follow.json")

  512.         |> String.replace("{{ap_id}}", relay.ap_id)

  513.         |> String.replace("{{activity_id}}", activity.data["id"])

  514. 

  515.       assert "ok" ==

  516.                conn

  517.                |> assign(:valid_signature, true)

  518.                |> put_req_header("content-type", "application/activity+json")

  519.                |> post("/inbox", accept)

  520.                |> json_response(200)

  521. 

  522.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  523. 

  524.       assert Pleroma.FollowingRelationship.following?(

  525.                relay,

  526.                followed_relay

  527.              )

  528. 

  529.       Mix.shell(Mix.Shell.Process)

  530. 

  531.       on_exit(fn ->

  532.         Mix.shell(Mix.Shell.IO)

  533.       end)

  534. 

  535.       :ok = Mix.Tasks.Pleroma.Relay.run(["list"])

  536.       assert_receive {:mix_shell, :info, ["https://relay.mastodon.host/actor"]}

  537.     end

  538. 

  539.     @tag capture_log: true

  540.     test "without valid signature, " <>

  541.            "it only accepts Create activities and requires enabled federation",

  542.          %{conn: conn} do

  543.       data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()

  544.       non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()

  545. 

  546.       conn = put_req_header(conn, "content-type", "application/activity+json")

  547. 

  548.       Config.put([:instance, :federating], false)

  549. 

  550.       conn

  551.       |> post("/inbox", data)

  552.       |> json_response(403)

  553. 

  554.       conn

  555.       |> post("/inbox", non_create_data)

  556.       |> json_response(403)

  557. 

  558.       Config.put([:instance, :federating], true)

  559. 

  560.       ret_conn = post(conn, "/inbox", data)

  561.       assert "ok" == json_response(ret_conn, 200)

  562. 

  563.       conn

  564.       |> post("/inbox", non_create_data)

  565.       |> json_response(400)

  566.     end

  567.   end

  568. 

  569.   describe "/users/:nickname/inbox" do

  570.     setup do

  571.       data =

  572.         File.read!("test/fixtures/mastodon-post-activity.json")

  573.         |> Poison.decode!()

  574. 

  575.       [data: data]

  576.     end

  577. 

  578.     test "it inserts an incoming activity into the database", %{conn: conn, data: data} do

  579.       user = insert(:user)

  580. 

  581.       data =

  582.         data

  583.         |> Map.put("bcc", [user.ap_id])

  584.         |> Kernel.put_in(["object", "bcc"], [user.ap_id])

  585. 

  586.       conn =

  587.         conn

  588.         |> assign(:valid_signature, true)

  589.         |> put_req_header("content-type", "application/activity+json")

  590.         |> post("/users/#{user.nickname}/inbox", data)

  591. 

  592.       assert "ok" == json_response(conn, 200)

  593.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  594.       assert Activity.get_by_ap_id(data["id"])

  595.     end

  596. 

  597.     test "it accepts messages with to as string instead of array", %{conn: conn, data: data} do

  598.       user = insert(:user)

  599. 

  600.       data =

  601.         data

  602.         |> Map.put("to", user.ap_id)

  603.         |> Map.put("cc", [])

  604.         |> Kernel.put_in(["object", "to"], user.ap_id)

  605.         |> Kernel.put_in(["object", "cc"], [])

  606. 

  607.       conn =

  608.         conn

  609.         |> assign(:valid_signature, true)

  610.         |> put_req_header("content-type", "application/activity+json")

  611.         |> post("/users/#{user.nickname}/inbox", data)

  612. 

  613.       assert "ok" == json_response(conn, 200)

  614.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  615.       assert Activity.get_by_ap_id(data["id"])

  616.     end

  617. 

  618.     test "it accepts messages with cc as string instead of array", %{conn: conn, data: data} do

  619.       user = insert(:user)

  620. 

  621.       data =

  622.         data

  623.         |> Map.put("to", [])

  624.         |> Map.put("cc", user.ap_id)

  625.         |> Kernel.put_in(["object", "to"], [])

  626.         |> Kernel.put_in(["object", "cc"], user.ap_id)

  627. 

  628.       conn =

  629.         conn

  630.         |> assign(:valid_signature, true)

  631.         |> put_req_header("content-type", "application/activity+json")

  632.         |> post("/users/#{user.nickname}/inbox", data)

  633. 

  634.       assert "ok" == json_response(conn, 200)

  635.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  636.       %Activity{} = activity = Activity.get_by_ap_id(data["id"])

  637.       assert user.ap_id in activity.recipients

  638.     end

  639. 

  640.     test "it accepts messages with bcc as string instead of array", %{conn: conn, data: data} do

  641.       user = insert(:user)

  642. 

  643.       data =

  644.         data

  645.         |> Map.put("to", [])

  646.         |> Map.put("cc", [])

  647.         |> Map.put("bcc", user.ap_id)

  648.         |> Kernel.put_in(["object", "to"], [])

  649.         |> Kernel.put_in(["object", "cc"], [])

  650.         |> Kernel.put_in(["object", "bcc"], user.ap_id)

  651. 

  652.       conn =

  653.         conn

  654.         |> assign(:valid_signature, true)

  655.         |> put_req_header("content-type", "application/activity+json")

  656.         |> post("/users/#{user.nickname}/inbox", data)

  657. 

  658.       assert "ok" == json_response(conn, 200)

  659.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  660.       assert Activity.get_by_ap_id(data["id"])

  661.     end

  662. 

  663.     test "it accepts announces with to as string instead of array", %{conn: conn} do

  664.       user = insert(:user)

  665. 

  666.       {:ok, post} = CommonAPI.post(user, %{status: "hey"})

  667.       announcer = insert(:user, local: false)

  668. 

  669.       data = %{

  670.         "@context" => "https://www.w3.org/ns/activitystreams",

  671.         "actor" => announcer.ap_id,

  672.         "id" => "#{announcer.ap_id}/statuses/19512778738411822/activity",

  673.         "object" => post.data["object"],

  674.         "to" => "https://www.w3.org/ns/activitystreams#Public",

  675.         "cc" => [user.ap_id],

  676.         "type" => "Announce"

  677.       }

  678. 

  679.       conn =

  680.         conn

  681.         |> assign(:valid_signature, true)

  682.         |> put_req_header("content-type", "application/activity+json")

  683.         |> post("/users/#{user.nickname}/inbox", data)

  684. 

  685.       assert "ok" == json_response(conn, 200)

  686.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  687.       %Activity{} = activity = Activity.get_by_ap_id(data["id"])

  688.       assert "https://www.w3.org/ns/activitystreams#Public" in activity.recipients

  689.     end

  690. 

  691.     test "it accepts messages from actors that are followed by the user", %{

  692.       conn: conn,

  693.       data: data

  694.     } do

  695.       recipient = insert(:user)

  696.       actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"})

  697. 

  698.       {:ok, recipient} = User.follow(recipient, actor)

  699. 

  700.       object =

  701.         data["object"]

  702.         |> Map.put("attributedTo", actor.ap_id)

  703. 

  704.       data =

  705.         data

  706.         |> Map.put("actor", actor.ap_id)

  707.         |> Map.put("object", object)

  708. 

  709.       conn =

  710.         conn

  711.         |> assign(:valid_signature, true)

  712.         |> put_req_header("content-type", "application/activity+json")

  713.         |> post("/users/#{recipient.nickname}/inbox", data)

  714. 

  715.       assert "ok" == json_response(conn, 200)

  716.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  717.       assert Activity.get_by_ap_id(data["id"])

  718.     end

  719. 

  720.     test "it rejects reads from other users", %{conn: conn} do

  721.       user = insert(:user)

  722.       other_user = insert(:user)

  723. 

  724.       conn =

  725.         conn

  726.         |> assign(:user, other_user)

  727.         |> put_req_header("accept", "application/activity+json")

  728.         |> get("/users/#{user.nickname}/inbox")

  729. 

  730.       assert json_response(conn, 403)

  731.     end

  732. 

  733.     test "it returns a note activity in a collection", %{conn: conn} do

  734.       note_activity = insert(:direct_note_activity)

  735.       note_object = Object.normalize(note_activity)

  736.       user = User.get_cached_by_ap_id(hd(note_activity.data["to"]))

  737. 

  738.       conn =

  739.         conn

  740.         |> assign(:user, user)

  741.         |> put_req_header("accept", "application/activity+json")

  742.         |> get("/users/#{user.nickname}/inbox?page=true")

  743. 

  744.       assert response(conn, 200) =~ note_object.data["content"]

  745.     end

  746. 

  747.     test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do

  748.       user = insert(:user)

  749.       data = Map.put(data, "bcc", [user.ap_id])

  750. 

  751.       sender_host = URI.parse(data["actor"]).host

  752.       Instances.set_consistently_unreachable(sender_host)

  753.       refute Instances.reachable?(sender_host)

  754. 

  755.       conn =

  756.         conn

  757.         |> assign(:valid_signature, true)

  758.         |> put_req_header("content-type", "application/activity+json")

  759.         |> post("/users/#{user.nickname}/inbox", data)

  760. 

  761.       assert "ok" == json_response(conn, 200)

  762.       assert Instances.reachable?(sender_host)

  763.     end

  764. 

  765.     @tag capture_log: true

  766.     test "it removes all follower collections but actor's", %{conn: conn} do

  767.       [actor, recipient] = insert_pair(:user)

  768. 

  769.       to = [

  770.         recipient.ap_id,

  771.         recipient.follower_address,

  772.         "https://www.w3.org/ns/activitystreams#Public"

  773.       ]

  774. 

  775.       cc = [recipient.follower_address, actor.follower_address]

  776. 

  777.       data = %{

  778.         "@context" => ["https://www.w3.org/ns/activitystreams"],

  779.         "type" => "Create",

  780.         "id" => Utils.generate_activity_id(),

  781.         "to" => to,

  782.         "cc" => cc,

  783.         "actor" => actor.ap_id,

  784.         "object" => %{

  785.           "type" => "Note",

  786.           "to" => to,

  787.           "cc" => cc,

  788.           "content" => "It's a note",

  789.           "attributedTo" => actor.ap_id,

  790.           "id" => Utils.generate_object_id()

  791.         }

  792.       }

  793. 

  794.       conn

  795.       |> assign(:valid_signature, true)

  796.       |> put_req_header("content-type", "application/activity+json")

  797.       |> post("/users/#{recipient.nickname}/inbox", data)

  798.       |> json_response(200)

  799. 

  800.       ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))

  801. 

  802.       assert activity = Activity.get_by_ap_id(data["id"])

  803. 

  804.       assert activity.id

  805.       assert actor.follower_address in activity.recipients

  806.       assert actor.follower_address in activity.data["cc"]

  807. 

  808.       refute recipient.follower_address in activity.recipients

  809.       refute recipient.follower_address in activity.data["cc"]

  810.       refute recipient.follower_address in activity.data["to"]

  811.     end

  812. 

  813.     test "it requires authentication", %{conn: conn} do

  814.       user = insert(:user)

  815.       conn = put_req_header(conn, "accept", "application/activity+json")

  816. 

  817.       ret_conn = get(conn, "/users/#{user.nickname}/inbox")

  818.       assert json_response(ret_conn, 403)

  819. 

  820.       ret_conn =

  821.         conn

  822.         |> assign(:user, user)

  823.         |> get("/users/#{user.nickname}/inbox")

  824. 

  825.       assert json_response(ret_conn, 200)

  826.     end

  827.   end

  828. 

  829.   describe "GET /users/:nickname/outbox" do

  830.     test "it paginates correctly", %{conn: conn} do

  831.       user = insert(:user)

  832.       conn = assign(conn, :user, user)

  833.       outbox_endpoint = user.ap_id <> "/outbox"

  834. 

  835.       _posts =

  836.         for i <- 0..25 do

  837.           {:ok, activity} = CommonAPI.post(user, %{status: "post #{i}"})

  838.           activity

  839.         end

  840. 

  841.       result =

  842.         conn

  843.         |> put_req_header("accept", "application/activity+json")

  844.         |> get(outbox_endpoint <> "?page=true")

  845.         |> json_response(200)

  846. 

  847.       result_ids = Enum.map(result["orderedItems"], fn x -> x["id"] end)

  848.       assert length(result["orderedItems"]) == 20

  849.       assert length(result_ids) == 20

  850.       assert result["next"]

  851.       assert String.starts_with?(result["next"], outbox_endpoint)

  852. 

  853.       result_next =

  854.         conn

  855.         |> put_req_header("accept", "application/activity+json")

  856.         |> get(result["next"])

  857.         |> json_response(200)

  858. 

  859.       result_next_ids = Enum.map(result_next["orderedItems"], fn x -> x["id"] end)

  860.       assert length(result_next["orderedItems"]) == 6

  861.       assert length(result_next_ids) == 6

  862.       refute Enum.find(result_next_ids, fn x -> x in result_ids end)

  863.       refute Enum.find(result_ids, fn x -> x in result_next_ids end)

  864.       assert String.starts_with?(result["id"], outbox_endpoint)

  865. 

  866.       result_next_again =

  867.         conn

  868.         |> put_req_header("accept", "application/activity+json")

  869.         |> get(result_next["id"])

  870.         |> json_response(200)

  871. 

  872.       assert result_next == result_next_again

  873.     end

  874. 

  875.     test "it returns 200 even if there're no activities", %{conn: conn} do

  876.       user = insert(:user)

  877.       outbox_endpoint = user.ap_id <> "/outbox"

  878. 

  879.       conn =

  880.         conn

  881.         |> assign(:user, user)

  882.         |> put_req_header("accept", "application/activity+json")

  883.         |> get(outbox_endpoint)

  884. 

  885.       result = json_response(conn, 200)

  886.       assert outbox_endpoint == result["id"]

  887.     end

  888. 

  889.     test "it returns a note activity in a collection", %{conn: conn} do

  890.       note_activity = insert(:note_activity)

  891.       note_object = Object.normalize(note_activity)

  892.       user = User.get_cached_by_ap_id(note_activity.data["actor"])

  893. 

  894.       conn =

  895.         conn

  896.         |> assign(:user, user)

  897.         |> put_req_header("accept", "application/activity+json")

  898.         |> get("/users/#{user.nickname}/outbox?page=true")

  899. 

  900.       assert response(conn, 200) =~ note_object.data["content"]

  901.     end

  902. 

  903.     test "it returns an announce activity in a collection", %{conn: conn} do

  904.       announce_activity = insert(:announce_activity)

  905.       user = User.get_cached_by_ap_id(announce_activity.data["actor"])

  906. 

  907.       conn =

  908.         conn

  909.         |> assign(:user, user)

  910.         |> put_req_header("accept", "application/activity+json")

  911.         |> get("/users/#{user.nickname}/outbox?page=true")

  912. 

  913.       assert response(conn, 200) =~ announce_activity.data["object"]

  914.     end

  915. 

  916.     test "it requires authentication if instance is NOT federating", %{

  917.       conn: conn

  918.     } do

  919.       user = insert(:user)

  920.       conn = put_req_header(conn, "accept", "application/activity+json")

  921. 

  922.       ensure_federating_or_authenticated(conn, "/users/#{user.nickname}/outbox", user)

  923.     end

  924.   end

  925. 

  926.   describe "POST /users/:nickname/outbox (C2S)" do

  927.     setup do: clear_config([:instance, :limit])

  928. 

  929.     setup do

  930.       [

  931.         activity: %{

  932.           "@context" => "https://www.w3.org/ns/activitystreams",

  933.           "type" => "Create",

  934.           "object" => %{"type" => "Note", "content" => "AP C2S test"},

  935.           "to" => "https://www.w3.org/ns/activitystreams#Public",

  936.           "cc" => []

  937.         }

  938.       ]

  939.     end

  940. 

  941.     test "it rejects posts from other users / unauthenticated users", %{

  942.       conn: conn,

  943.       activity: activity

  944.     } do

  945.       user = insert(:user)

  946.       other_user = insert(:user)

  947.       conn = put_req_header(conn, "content-type", "application/activity+json")

  948. 

  949.       conn

  950.       |> post("/users/#{user.nickname}/outbox", activity)

  951.       |> json_response(403)

  952. 

  953.       conn

  954.       |> assign(:user, other_user)

  955.       |> post("/users/#{user.nickname}/outbox", activity)

  956.       |> json_response(403)

  957.     end

  958. 

  959.     test "it inserts an incoming create activity into the database", %{

  960.       conn: conn,

  961.       activity: activity

  962.     } do

  963.       user = insert(:user)

  964. 

  965.       result =

  966.         conn

  967.         |> assign(:user, user)

  968.         |> put_req_header("content-type", "application/activity+json")

  969.         |> post("/users/#{user.nickname}/outbox", activity)

  970.         |> json_response(201)

  971. 

  972.       assert Activity.get_by_ap_id(result["id"])

  973.       assert result["object"]

  974.       assert %Object{data: object} = Object.normalize(result["object"])

  975.       assert object["content"] == activity["object"]["content"]

  976.     end

  977. 

  978.     test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do

  979.       user = insert(:user)

  980. 

  981.       activity =

  982.         activity

  983.         |> put_in(["object", "type"], "Benis")

  984. 

  985.       _result =

  986.         conn

  987.         |> assign(:user, user)

  988.         |> put_req_header("content-type", "application/activity+json")

  989.         |> post("/users/#{user.nickname}/outbox", activity)

  990.         |> json_response(400)

  991.     end

  992. 

  993.     test "it inserts an incoming sensitive activity into the database", %{

  994.       conn: conn,

  995.       activity: activity

  996.     } do

  997.       user = insert(:user)

  998.       conn = assign(conn, :user, user)

  999.       object = Map.put(activity["object"], "sensitive", true)

  1000.       activity = Map.put(activity, "object", object)

  1001. 

  1002.       response =

  1003.         conn

  1004.         |> put_req_header("content-type", "application/activity+json")

  1005.         |> post("/users/#{user.nickname}/outbox", activity)

  1006.         |> json_response(201)

  1007. 

  1008.       assert Activity.get_by_ap_id(response["id"])

  1009.       assert response["object"]

  1010.       assert %Object{data: response_object} = Object.normalize(response["object"])

  1011.       assert response_object["sensitive"] == true

  1012.       assert response_object["content"] == activity["object"]["content"]

  1013. 

  1014.       representation =

  1015.         conn

  1016.         |> put_req_header("accept", "application/activity+json")

  1017.         |> get(response["id"])

  1018.         |> json_response(200)

  1019. 

  1020.       assert representation["object"]["sensitive"] == true

  1021.     end

  1022. 

  1023.     test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do

  1024.       user = insert(:user)

  1025.       activity = Map.put(activity, "type", "BadType")

  1026. 

  1027.       conn =

  1028.         conn

  1029.         |> assign(:user, user)

  1030.         |> put_req_header("content-type", "application/activity+json")

  1031.         |> post("/users/#{user.nickname}/outbox", activity)

  1032. 

  1033.       assert json_response(conn, 400)

  1034.     end

  1035. 

  1036.     test "it erects a tombstone when receiving a delete activity", %{conn: conn} do

  1037.       note_activity = insert(:note_activity)

  1038.       note_object = Object.normalize(note_activity)

  1039.       user = User.get_cached_by_ap_id(note_activity.data["actor"])

  1040. 

  1041.       data = %{

  1042.         type: "Delete",

  1043.         object: %{

  1044.           id: note_object.data["id"]

  1045.         }

  1046.       }

  1047. 

  1048.       conn =

  1049.         conn

  1050.         |> assign(:user, user)

  1051.         |> put_req_header("content-type", "application/activity+json")

  1052.         |> post("/users/#{user.nickname}/outbox", data)

  1053. 

  1054.       result = json_response(conn, 201)

  1055.       assert Activity.get_by_ap_id(result["id"])

  1056. 

  1057.       assert object = Object.get_by_ap_id(note_object.data["id"])

  1058.       assert object.data["type"] == "Tombstone"

  1059.     end

  1060. 

  1061.     test "it rejects delete activity of object from other actor", %{conn: conn} do

  1062.       note_activity = insert(:note_activity)

  1063.       note_object = Object.normalize(note_activity)

  1064.       user = insert(:user)

  1065. 

  1066.       data = %{

  1067.         type: "Delete",

  1068.         object: %{

  1069.           id: note_object.data["id"]

  1070.         }

  1071.       }

  1072. 

  1073.       conn =

  1074.         conn

  1075.         |> assign(:user, user)

  1076.         |> put_req_header("content-type", "application/activity+json")

  1077.         |> post("/users/#{user.nickname}/outbox", data)

  1078. 

  1079.       assert json_response(conn, 400)

  1080.     end

  1081. 

  1082.     test "it increases like count when receiving a like action", %{conn: conn} do

  1083.       note_activity = insert(:note_activity)

  1084.       note_object = Object.normalize(note_activity)

  1085.       user = User.get_cached_by_ap_id(note_activity.data["actor"])

  1086. 

  1087.       data = %{

  1088.         type: "Like",

  1089.         object: %{

  1090.           id: note_object.data["id"]

  1091.         }

  1092.       }

  1093. 

  1094.       conn =

  1095.         conn

  1096.         |> assign(:user, user)

  1097.         |> put_req_header("content-type", "application/activity+json")

  1098.         |> post("/users/#{user.nickname}/outbox", data)

  1099. 

  1100.       result = json_response(conn, 201)

  1101.       assert Activity.get_by_ap_id(result["id"])

  1102. 

  1103.       assert object = Object.get_by_ap_id(note_object.data["id"])

  1104.       assert object.data["like_count"] == 1

  1105.     end

  1106. 

  1107.     test "it doesn't spreads faulty attributedTo or actor fields", %{

  1108.       conn: conn,

  1109.       activity: activity

  1110.     } do

  1111.       reimu = insert(:user, nickname: "reimu")

  1112.       cirno = insert(:user, nickname: "cirno")

  1113. 

  1114.       assert reimu.ap_id

  1115.       assert cirno.ap_id

  1116. 

  1117.       activity =

  1118.         activity

  1119.         |> put_in(["object", "actor"], reimu.ap_id)

  1120.         |> put_in(["object", "attributedTo"], reimu.ap_id)

  1121.         |> put_in(["actor"], reimu.ap_id)

  1122.         |> put_in(["attributedTo"], reimu.ap_id)

  1123. 

  1124.       _reimu_outbox =

  1125.         conn

  1126.         |> assign(:user, cirno)

  1127.         |> put_req_header("content-type", "application/activity+json")

  1128.         |> post("/users/#{reimu.nickname}/outbox", activity)

  1129.         |> json_response(403)

  1130. 

  1131.       cirno_outbox =

  1132.         conn

  1133.         |> assign(:user, cirno)

  1134.         |> put_req_header("content-type", "application/activity+json")

  1135.         |> post("/users/#{cirno.nickname}/outbox", activity)

  1136.         |> json_response(201)

  1137. 

  1138.       assert cirno_outbox["attributedTo"] == nil

  1139.       assert cirno_outbox["actor"] == cirno.ap_id

  1140. 

  1141.       assert cirno_object = Object.normalize(cirno_outbox["object"])

  1142.       assert cirno_object.data["actor"] == cirno.ap_id

  1143.       assert cirno_object.data["attributedTo"] == cirno.ap_id

  1144.     end

  1145. 

  1146.     test "Character limitation", %{conn: conn, activity: activity} do

  1147.       Pleroma.Config.put([:instance, :limit], 5)

  1148.       user = insert(:user)

  1149. 

  1150.       result =

  1151.         conn

  1152.         |> assign(:user, user)

  1153.         |> put_req_header("content-type", "application/activity+json")

  1154.         |> post("/users/#{user.nickname}/outbox", activity)

  1155.         |> json_response(400)

  1156. 

  1157.       assert result == "Note is over the character limit"

  1158.     end

  1159.   end

  1160. 

  1161.   describe "/relay/followers" do

  1162.     test "it returns relay followers", %{conn: conn} do

  1163.       relay_actor = Relay.get_actor()

  1164.       user = insert(:user)

  1165.       User.follow(user, relay_actor)

  1166. 

  1167.       result =

  1168.         conn

  1169.         |> get("/relay/followers")

  1170.         |> json_response(200)

  1171. 

  1172.       assert result["first"]["orderedItems"] == [user.ap_id]

  1173.     end

  1174. 

  1175.     test "on non-federating instance, it returns 404", %{conn: conn} do

  1176.       Config.put([:instance, :federating], false)

  1177.       user = insert(:user)

  1178. 

  1179.       conn

  1180.       |> assign(:user, user)

  1181.       |> get("/relay/followers")

  1182.       |> json_response(404)

  1183.     end

  1184.   end

  1185. 

  1186.   describe "/relay/following" do

  1187.     test "it returns relay following", %{conn: conn} do

  1188.       result =

  1189.         conn

  1190.         |> get("/relay/following")

  1191.         |> json_response(200)

  1192. 

  1193.       assert result["first"]["orderedItems"] == []

  1194.     end

  1195. 

  1196.     test "on non-federating instance, it returns 404", %{conn: conn} do

  1197.       Config.put([:instance, :federating], false)

  1198.       user = insert(:user)

  1199. 

  1200.       conn

  1201.       |> assign(:user, user)

  1202.       |> get("/relay/following")

  1203.       |> json_response(404)

  1204.     end

  1205.   end

  1206. 

  1207.   describe "/users/:nickname/followers" do

  1208.     test "it returns the followers in a collection", %{conn: conn} do

  1209.       user = insert(:user)

  1210.       user_two = insert(:user)

  1211.       User.follow(user, user_two)

  1212. 

  1213.       result =

  1214.         conn

  1215.         |> assign(:user, user_two)

  1216.         |> get("/users/#{user_two.nickname}/followers")

  1217.         |> json_response(200)

  1218. 

  1219.       assert result["first"]["orderedItems"] == [user.ap_id]

  1220.     end

  1221. 

  1222.     test "it returns a uri if the user has 'hide_followers' set", %{conn: conn} do

  1223.       user = insert(:user)

  1224.       user_two = insert(:user, hide_followers: true)

  1225.       User.follow(user, user_two)

  1226. 

  1227.       result =

  1228.         conn

  1229.         |> assign(:user, user)

  1230.         |> get("/users/#{user_two.nickname}/followers")

  1231.         |> json_response(200)

  1232. 

  1233.       assert is_binary(result["first"])

  1234.     end

  1235. 

  1236.     test "it returns a 403 error on pages, if the user has 'hide_followers' set and the request is from another user",

  1237.          %{conn: conn} do

  1238.       user = insert(:user)

  1239.       other_user = insert(:user, hide_followers: true)

  1240. 

  1241.       result =

  1242.         conn

  1243.         |> assign(:user, user)

  1244.         |> get("/users/#{other_user.nickname}/followers?page=1")

  1245. 

  1246.       assert result.status == 403

  1247.       assert result.resp_body == ""

  1248.     end

  1249. 

  1250.     test "it renders the page, if the user has 'hide_followers' set and the request is authenticated with the same user",

  1251.          %{conn: conn} do

  1252.       user = insert(:user, hide_followers: true)

  1253.       other_user = insert(:user)

  1254.       {:ok, _other_user, user, _activity} = CommonAPI.follow(other_user, user)

  1255. 

  1256.       result =

  1257.         conn

  1258.         |> assign(:user, user)

  1259.         |> get("/users/#{user.nickname}/followers?page=1")

  1260.         |> json_response(200)

  1261. 

  1262.       assert result["totalItems"] == 1

  1263.       assert result["orderedItems"] == [other_user.ap_id]

  1264.     end

  1265. 

  1266.     test "it works for more than 10 users", %{conn: conn} do

  1267.       user = insert(:user)

  1268. 

  1269.       Enum.each(1..15, fn _ ->

  1270.         other_user = insert(:user)

  1271.         User.follow(other_user, user)

  1272.       end)

  1273. 

  1274.       result =

  1275.         conn

  1276.         |> assign(:user, user)

  1277.         |> get("/users/#{user.nickname}/followers")

  1278.         |> json_response(200)

  1279. 

  1280.       assert length(result["first"]["orderedItems"]) == 10

  1281.       assert result["first"]["totalItems"] == 15

  1282.       assert result["totalItems"] == 15

  1283. 

  1284.       result =

  1285.         conn

  1286.         |> assign(:user, user)

  1287.         |> get("/users/#{user.nickname}/followers?page=2")

  1288.         |> json_response(200)

  1289. 

  1290.       assert length(result["orderedItems"]) == 5

  1291.       assert result["totalItems"] == 15

  1292.     end

  1293. 

  1294.     test "does not require authentication", %{conn: conn} do

  1295.       user = insert(:user)

  1296. 

  1297.       conn

  1298.       |> get("/users/#{user.nickname}/followers")

  1299.       |> json_response(200)

  1300.     end

  1301.   end

  1302. 

  1303.   describe "/users/:nickname/following" do

  1304.     test "it returns the following in a collection", %{conn: conn} do

  1305.       user = insert(:user)

  1306.       user_two = insert(:user)

  1307.       User.follow(user, user_two)

  1308. 

  1309.       result =

  1310.         conn

  1311.         |> assign(:user, user)

  1312.         |> get("/users/#{user.nickname}/following")

  1313.         |> json_response(200)

  1314. 

  1315.       assert result["first"]["orderedItems"] == [user_two.ap_id]

  1316.     end

  1317. 

  1318.     test "it returns a uri if the user has 'hide_follows' set", %{conn: conn} do

  1319.       user = insert(:user)

  1320.       user_two = insert(:user, hide_follows: true)

  1321.       User.follow(user, user_two)

  1322. 

  1323.       result =

  1324.         conn

  1325.         |> assign(:user, user)

  1326.         |> get("/users/#{user_two.nickname}/following")

  1327.         |> json_response(200)

  1328. 

  1329.       assert is_binary(result["first"])

  1330.     end

  1331. 

  1332.     test "it returns a 403 error on pages, if the user has 'hide_follows' set and the request is from another user",

  1333.          %{conn: conn} do

  1334.       user = insert(:user)

  1335.       user_two = insert(:user, hide_follows: true)

  1336. 

  1337.       result =

  1338.         conn

  1339.         |> assign(:user, user)

  1340.         |> get("/users/#{user_two.nickname}/following?page=1")

  1341. 

  1342.       assert result.status == 403

  1343.       assert result.resp_body == ""

  1344.     end

  1345. 

  1346.     test "it renders the page, if the user has 'hide_follows' set and the request is authenticated with the same user",

  1347.          %{conn: conn} do

  1348.       user = insert(:user, hide_follows: true)

  1349.       other_user = insert(:user)

  1350.       {:ok, user, _other_user, _activity} = CommonAPI.follow(user, other_user)

  1351. 

  1352.       result =

  1353.         conn

  1354.         |> assign(:user, user)

  1355.         |> get("/users/#{user.nickname}/following?page=1")

  1356.         |> json_response(200)

  1357. 

  1358.       assert result["totalItems"] == 1

  1359.       assert result["orderedItems"] == [other_user.ap_id]

  1360.     end

  1361. 

  1362.     test "it works for more than 10 users", %{conn: conn} do

  1363.       user = insert(:user)

  1364. 

  1365.       Enum.each(1..15, fn _ ->

  1366.         user = User.get_cached_by_id(user.id)

  1367.         other_user = insert(:user)

  1368.         User.follow(user, other_user)

  1369.       end)

  1370. 

  1371.       result =

  1372.         conn

  1373.         |> assign(:user, user)

  1374.         |> get("/users/#{user.nickname}/following")

  1375.         |> json_response(200)

  1376. 

  1377.       assert length(result["first"]["orderedItems"]) == 10

  1378.       assert result["first"]["totalItems"] == 15

  1379.       assert result["totalItems"] == 15

  1380. 

  1381.       result =

  1382.         conn

  1383.         |> assign(:user, user)

  1384.         |> get("/users/#{user.nickname}/following?page=2")

  1385.         |> json_response(200)

  1386. 

  1387.       assert length(result["orderedItems"]) == 5

  1388.       assert result["totalItems"] == 15

  1389.     end

  1390. 

  1391.     test "does not require authentication", %{conn: conn} do

  1392.       user = insert(:user)

  1393. 

  1394.       conn

  1395.       |> get("/users/#{user.nickname}/following")

  1396.       |> json_response(200)

  1397.     end

  1398.   end

  1399. 

  1400.   describe "delivery tracking" do

  1401.     test "it tracks a signed object fetch", %{conn: conn} do

  1402.       user = insert(:user, local: false)

  1403.       activity = insert(:note_activity)

  1404.       object = Object.normalize(activity)

  1405. 

  1406.       object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())

  1407. 

  1408.       conn

  1409.       |> put_req_header("accept", "application/activity+json")

  1410.       |> assign(:user, user)

  1411.       |> get(object_path)

  1412.       |> json_response(200)

  1413. 

  1414.       assert Delivery.get(object.id, user.id)

  1415.     end

  1416. 

  1417.     test "it tracks a signed activity fetch", %{conn: conn} do

  1418.       user = insert(:user, local: false)

  1419.       activity = insert(:note_activity)

  1420.       object = Object.normalize(activity)

  1421. 

  1422.       activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())

  1423. 

  1424.       conn

  1425.       |> put_req_header("accept", "application/activity+json")

  1426.       |> assign(:user, user)

  1427.       |> get(activity_path)

  1428.       |> json_response(200)

  1429. 

  1430.       assert Delivery.get(object.id, user.id)

  1431.     end

  1432. 

  1433.     test "it tracks a signed object fetch when the json is cached", %{conn: conn} do

  1434.       user = insert(:user, local: false)

  1435.       other_user = insert(:user, local: false)

  1436.       activity = insert(:note_activity)

  1437.       object = Object.normalize(activity)

  1438. 

  1439.       object_path = String.trim_leading(object.data["id"], Pleroma.Web.Endpoint.url())

  1440. 

  1441.       conn

  1442.       |> put_req_header("accept", "application/activity+json")

  1443.       |> assign(:user, user)

  1444.       |> get(object_path)

  1445.       |> json_response(200)

  1446. 

  1447.       build_conn()

  1448.       |> put_req_header("accept", "application/activity+json")

  1449.       |> assign(:user, other_user)

  1450.       |> get(object_path)

  1451.       |> json_response(200)

  1452. 

  1453.       assert Delivery.get(object.id, user.id)

  1454.       assert Delivery.get(object.id, other_user.id)

  1455.     end

  1456. 

  1457.     test "it tracks a signed activity fetch when the json is cached", %{conn: conn} do

  1458.       user = insert(:user, local: false)

  1459.       other_user = insert(:user, local: false)

  1460.       activity = insert(:note_activity)

  1461.       object = Object.normalize(activity)

  1462. 

  1463.       activity_path = String.trim_leading(activity.data["id"], Pleroma.Web.Endpoint.url())

  1464. 

  1465.       conn

  1466.       |> put_req_header("accept", "application/activity+json")

  1467.       |> assign(:user, user)

  1468.       |> get(activity_path)

  1469.       |> json_response(200)

  1470. 

  1471.       build_conn()

  1472.       |> put_req_header("accept", "application/activity+json")

  1473.       |> assign(:user, other_user)

  1474.       |> get(activity_path)

  1475.       |> json_response(200)

  1476. 

  1477.       assert Delivery.get(object.id, user.id)

  1478.       assert Delivery.get(object.id, other_user.id)

  1479.     end

  1480.   end

  1481. 

  1482.   describe "Additional ActivityPub C2S endpoints" do

  1483.     test "GET /api/ap/whoami", %{conn: conn} do

  1484.       user = insert(:user)

  1485. 

  1486.       conn =

  1487.         conn

  1488.         |> assign(:user, user)

  1489.         |> get("/api/ap/whoami")

  1490. 

  1491.       user = User.get_cached_by_id(user.id)

  1492. 

  1493.       assert UserView.render("user.json", %{user: user}) == json_response(conn, 200)

  1494. 

  1495.       conn

  1496.       |> get("/api/ap/whoami")

  1497.       |> json_response(403)

  1498.     end

  1499. 

  1500.     setup do: clear_config([:media_proxy])

  1501.     setup do: clear_config([Pleroma.Upload])

  1502. 

  1503.     test "POST /api/ap/upload_media", %{conn: conn} do

  1504.       user = insert(:user)

  1505. 

  1506.       desc = "Description of the image"

  1507. 

  1508.       image = %Plug.Upload{

  1509.         content_type: "bad/content-type",

  1510.         path: Path.absname("test/fixtures/image.jpg"),

  1511.         filename: "an_image.png"

  1512.       }

  1513. 

  1514.       object =

  1515.         conn

  1516.         |> assign(:user, user)

  1517.         |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})

  1518.         |> json_response(:created)

  1519. 

  1520.       assert object["name"] == desc

  1521.       assert object["type"] == "Document"

  1522.       assert object["actor"] == user.ap_id

  1523.       assert [%{"href" => object_href, "mediaType" => object_mediatype}] = object["url"]

  1524.       assert is_binary(object_href)

  1525.       assert object_mediatype == "image/jpeg"

  1526.       assert String.ends_with?(object_href, ".jpg")

  1527. 

  1528.       activity_request = %{

  1529.         "@context" => "https://www.w3.org/ns/activitystreams",

  1530.         "type" => "Create",

  1531.         "object" => %{

  1532.           "type" => "Note",

  1533.           "content" => "AP C2S test, attachment",

  1534.           "attachment" => [object]

  1535.         },

  1536.         "to" => "https://www.w3.org/ns/activitystreams#Public",

  1537.         "cc" => []

  1538.       }

  1539. 

  1540.       activity_response =

  1541.         conn

  1542.         |> assign(:user, user)

  1543.         |> post("/users/#{user.nickname}/outbox", activity_request)

  1544.         |> json_response(:created)

  1545. 

  1546.       assert activity_response["id"]

  1547.       assert activity_response["object"]

  1548.       assert activity_response["actor"] == user.ap_id

  1549. 

  1550.       assert %Object{data: %{"attachment" => [attachment]}} =

  1551.                Object.normalize(activity_response["object"])

  1552. 

  1553.       assert attachment["type"] == "Document"

  1554.       assert attachment["name"] == desc

  1555. 

  1556.       assert [

  1557.                %{

  1558.                  "href" => ^object_href,

  1559.                  "type" => "Link",

  1560.                  "mediaType" => ^object_mediatype

  1561.                }

  1562.              ] = attachment["url"]

  1563. 

  1564.       # Fails if unauthenticated

  1565.       conn

  1566.       |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})

  1567.       |> json_response(403)

  1568.     end

  1569.   end

  1570. end