logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

static_fe_controller_test.exs (5961B)

    

  1. defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do

  2.   use Pleroma.Web.ConnCase

  3. 

  4.   alias Pleroma.Activity

  5.   alias Pleroma.Config

  6.   alias Pleroma.Web.ActivityPub.Transmogrifier

  7.   alias Pleroma.Web.ActivityPub.Utils

  8.   alias Pleroma.Web.CommonAPI

  9. 

  10.   import Pleroma.Factory

  11. 

  12.   setup_all do: clear_config([:static_fe, :enabled], true)

  13.   setup do: clear_config([:instance, :federating], true)

  14. 

  15.   setup %{conn: conn} do

  16.     conn = put_req_header(conn, "accept", "text/html")

  17.     user = insert(:user)

  18. 

  19.     %{conn: conn, user: user}

  20.   end

  21. 

  22.   describe "user profile html" do

  23.     test "just the profile as HTML", %{conn: conn, user: user} do

  24.       conn = get(conn, "/users/#{user.nickname}")

  25. 

  26.       assert html_response(conn, 200) =~ user.nickname

  27.     end

  28. 

  29.     test "404 when user not found", %{conn: conn} do

  30.       conn = get(conn, "/users/limpopo")

  31. 

  32.       assert html_response(conn, 404) =~ "not found"

  33.     end

  34. 

  35.     test "profile does not include private messages", %{conn: conn, user: user} do

  36.       CommonAPI.post(user, %{status: "public"})

  37.       CommonAPI.post(user, %{status: "private", visibility: "private"})

  38. 

  39.       conn = get(conn, "/users/#{user.nickname}")

  40. 

  41.       html = html_response(conn, 200)

  42. 

  43.       assert html =~ ">public<"

  44.       refute html =~ ">private<"

  45.     end

  46. 

  47.     test "pagination", %{conn: conn, user: user} do

  48.       Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)

  49. 

  50.       conn = get(conn, "/users/#{user.nickname}")

  51. 

  52.       html = html_response(conn, 200)

  53. 

  54.       assert html =~ ">test30<"

  55.       assert html =~ ">test11<"

  56.       refute html =~ ">test10<"

  57.       refute html =~ ">test1<"

  58.     end

  59. 

  60.     test "pagination, page 2", %{conn: conn, user: user} do

  61.       activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)

  62.       {:ok, a11} = Enum.at(activities, 11)

  63. 

  64.       conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")

  65. 

  66.       html = html_response(conn, 200)

  67. 

  68.       assert html =~ ">test1<"

  69.       assert html =~ ">test10<"

  70.       refute html =~ ">test20<"

  71.       refute html =~ ">test29<"

  72.     end

  73. 

  74.     test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do

  75.       ensure_federating_or_authenticated(conn, "/users/#{user.nickname}", user)

  76.     end

  77.   end

  78. 

  79.   describe "notice html" do

  80.     test "single notice page", %{conn: conn, user: user} do

  81.       {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})

  82. 

  83.       conn = get(conn, "/notice/#{activity.id}")

  84. 

  85.       html = html_response(conn, 200)

  86.       assert html =~ "<header>"

  87.       assert html =~ user.nickname

  88.       assert html =~ "testing a thing!"

  89.     end

  90. 

  91.     test "redirects to json if requested", %{conn: conn, user: user} do

  92.       {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})

  93. 

  94.       conn =

  95.         conn

  96.         |> put_req_header(

  97.           "accept",

  98.           "Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"

  99.         )

  100.         |> get("/notice/#{activity.id}")

  101. 

  102.       assert redirected_to(conn, 302) =~ activity.data["object"]

  103.     end

  104. 

  105.     test "filters HTML tags", %{conn: conn} do

  106.       user = insert(:user)

  107.       {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})

  108. 

  109.       conn =

  110.         conn

  111.         |> put_req_header("accept", "text/html")

  112.         |> get("/notice/#{activity.id}")

  113. 

  114.       html = html_response(conn, 200)

  115.       assert html =~ ~s[&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;]

  116.     end

  117. 

  118.     test "shows the whole thread", %{conn: conn, user: user} do

  119.       {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})

  120. 

  121.       CommonAPI.post(user, %{

  122.         status: "these are the voyages or something",

  123.         in_reply_to_status_id: activity.id

  124.       })

  125. 

  126.       conn = get(conn, "/notice/#{activity.id}")

  127. 

  128.       html = html_response(conn, 200)

  129.       assert html =~ "the final frontier"

  130.       assert html =~ "voyages"

  131.     end

  132. 

  133.     test "redirect by AP object ID", %{conn: conn, user: user} do

  134.       {:ok, %Activity{data: %{"object" => object_url}}} =

  135.         CommonAPI.post(user, %{status: "beam me up"})

  136. 

  137.       conn = get(conn, URI.parse(object_url).path)

  138. 

  139.       assert html_response(conn, 302) =~ "redirected"

  140.     end

  141. 

  142.     test "redirect by activity ID", %{conn: conn, user: user} do

  143.       {:ok, %Activity{data: %{"id" => id}}} =

  144.         CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})

  145. 

  146.       conn = get(conn, URI.parse(id).path)

  147. 

  148.       assert html_response(conn, 302) =~ "redirected"

  149.     end

  150. 

  151.     test "404 when notice not found", %{conn: conn} do

  152.       conn = get(conn, "/notice/88c9c317")

  153. 

  154.       assert html_response(conn, 404) =~ "not found"

  155.     end

  156. 

  157.     test "404 for private status", %{conn: conn, user: user} do

  158.       {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})

  159. 

  160.       conn = get(conn, "/notice/#{activity.id}")

  161. 

  162.       assert html_response(conn, 404) =~ "not found"

  163.     end

  164. 

  165.     test "302 for remote cached status", %{conn: conn, user: user} do

  166.       message = %{

  167.         "@context" => "https://www.w3.org/ns/activitystreams",

  168.         "type" => "Create",

  169.         "actor" => user.ap_id,

  170.         "object" => %{

  171.           "to" => user.follower_address,

  172.           "cc" => "https://www.w3.org/ns/activitystreams#Public",

  173.           "id" => Utils.generate_object_id(),

  174.           "content" => "blah blah blah",

  175.           "type" => "Note",

  176.           "attributedTo" => user.ap_id

  177.         }

  178.       }

  179. 

  180.       assert {:ok, activity} = Transmogrifier.handle_incoming(message)

  181. 

  182.       conn = get(conn, "/notice/#{activity.id}")

  183. 

  184.       assert html_response(conn, 302) =~ "redirected"

  185.     end

  186. 

  187.     test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do

  188.       {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})

  189. 

  190.       ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)

  191.     end

  192.   end

  193. end