Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F33101661
static_fe_controller_test.exs
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Award Token
Flag For Later
Size
6 KB
Referenced Files
None
Subscribers
None
static_fe_controller_test.exs
View Options
# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule
Pleroma.Web.StaticFE.StaticFEControllerTest
do
use
Pleroma.Web.ConnCase
alias
Pleroma.Activity
alias
Pleroma.Web.ActivityPub.Transmogrifier
alias
Pleroma.Web.ActivityPub.Utils
alias
Pleroma.Web.CommonAPI
import
Pleroma.Factory
setup_all
do
:
clear_config
([
:static_fe
,
:enabled
],
true
)
setup
%{
conn
:
conn
}
do
conn
=
put_req_header
(
conn
,
"accept"
,
"text/html"
)
user
=
insert
(
:user
)
%{
conn
:
conn
,
user
:
user
}
end
describe
"user profile html"
do
test
"just the profile as HTML"
,
%{
conn
:
conn
,
user
:
user
}
do
conn
=
get
(
conn
,
"/users/
#{
user
.
nickname
}
"
)
assert
html_response
(
conn
,
200
)
=~
user
.
nickname
end
test
"404 when user not found"
,
%{
conn
:
conn
}
do
conn
=
get
(
conn
,
"/users/limpopo"
)
assert
html_response
(
conn
,
404
)
=~
"not found"
end
test
"profile does not include private messages"
,
%{
conn
:
conn
,
user
:
user
}
do
CommonAPI
.
post
(
user
,
%{
status
:
"public"
})
CommonAPI
.
post
(
user
,
%{
status
:
"private"
,
visibility
:
"private"
})
conn
=
get
(
conn
,
"/users/
#{
user
.
nickname
}
"
)
html
=
html_response
(
conn
,
200
)
assert
html
=~
">public<"
refute
html
=~
">private<"
end
test
"pagination"
,
%{
conn
:
conn
,
user
:
user
}
do
Enum
.
map
(
1
..
30
,
fn
i
->
CommonAPI
.
post
(
user
,
%{
status
:
"test
#{
i
}
"
})
end
)
conn
=
get
(
conn
,
"/users/
#{
user
.
nickname
}
"
)
html
=
html_response
(
conn
,
200
)
assert
html
=~
">test30<"
assert
html
=~
">test11<"
refute
html
=~
">test10<"
refute
html
=~
">test1<"
end
test
"pagination, page 2"
,
%{
conn
:
conn
,
user
:
user
}
do
activities
=
Enum
.
map
(
1
..
30
,
fn
i
->
CommonAPI
.
post
(
user
,
%{
status
:
"test
#{
i
}
"
})
end
)
{
:ok
,
a11
}
=
Enum
.
at
(
activities
,
11
)
conn
=
get
(
conn
,
"/users/
#{
user
.
nickname
}
?max_id=
#{
a11
.
id
}
"
)
html
=
html_response
(
conn
,
200
)
assert
html
=~
">test1<"
assert
html
=~
">test10<"
refute
html
=~
">test20<"
refute
html
=~
">test29<"
end
test
"does not require authentication on non-federating instances"
,
%{
conn
:
conn
,
user
:
user
}
do
clear_config
([
:instance
,
:federating
],
false
)
conn
=
get
(
conn
,
"/users/
#{
user
.
nickname
}
"
)
assert
html_response
(
conn
,
200
)
=~
user
.
nickname
end
test
"returns 404 for local user with `restrict_unauthenticated/profiles/local` setting"
,
%{
conn
:
conn
}
do
clear_config
([
:restrict_unauthenticated
,
:profiles
,
:local
],
true
)
local_user
=
insert
(
:user
,
local
:
true
)
conn
|>
get
(
"/users/
#{
local_user
.
nickname
}
"
)
|>
html_response
(
404
)
end
end
describe
"notice html"
do
test
"single notice page"
,
%{
conn
:
conn
,
user
:
user
}
do
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"testing a thing!"
})
conn
=
get
(
conn
,
"/notice/
#{
activity
.
id
}
"
)
html
=
html_response
(
conn
,
200
)
assert
html
=~
"<header>"
assert
html
=~
user
.
nickname
assert
html
=~
"testing a thing!"
end
test
"redirects to json if requested"
,
%{
conn
:
conn
,
user
:
user
}
do
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"testing a thing!"
})
conn
=
conn
|>
put_req_header
(
"accept"
,
"Accept: application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\", text/html"
)
|>
get
(
"/notice/
#{
activity
.
id
}
"
)
assert
redirected_to
(
conn
,
302
)
=~
activity
.
data
[
"object"
]
end
test
"filters HTML tags"
,
%{
conn
:
conn
}
do
user
=
insert
(
:user
)
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"<script>alert('xss')</script>"
})
conn
=
conn
|>
put_req_header
(
"accept"
,
"text/html"
)
|>
get
(
"/notice/
#{
activity
.
id
}
"
)
html
=
html_response
(
conn
,
200
)
assert
html
=~
~s[<script>alert(&
#
39;xss&
#
39;)</script>]
end
test
"shows the whole thread"
,
%{
conn
:
conn
,
user
:
user
}
do
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"space: the final frontier"
})
CommonAPI
.
post
(
user
,
%{
status
:
"these are the voyages or something"
,
in_reply_to_status_id
:
activity
.
id
})
conn
=
get
(
conn
,
"/notice/
#{
activity
.
id
}
"
)
html
=
html_response
(
conn
,
200
)
assert
html
=~
"the final frontier"
assert
html
=~
"voyages"
end
test
"redirect by AP object ID"
,
%{
conn
:
conn
,
user
:
user
}
do
{
:ok
,
%
Activity
{
data
:
%{
"object"
=>
object_url
}}}
=
CommonAPI
.
post
(
user
,
%{
status
:
"beam me up"
})
conn
=
get
(
conn
,
URI
.
parse
(
object_url
)
.
path
)
assert
html_response
(
conn
,
302
)
=~
"redirected"
end
test
"redirect by activity ID"
,
%{
conn
:
conn
,
user
:
user
}
do
{
:ok
,
%
Activity
{
data
:
%{
"id"
=>
id
}}}
=
CommonAPI
.
post
(
user
,
%{
status
:
"I'm a doctor, not a devops!"
})
conn
=
get
(
conn
,
URI
.
parse
(
id
)
.
path
)
assert
html_response
(
conn
,
302
)
=~
"redirected"
end
test
"404 when notice not found"
,
%{
conn
:
conn
}
do
conn
=
get
(
conn
,
"/notice/88c9c317"
)
assert
html_response
(
conn
,
404
)
=~
"not found"
end
test
"404 for private status"
,
%{
conn
:
conn
,
user
:
user
}
do
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"don't show me!"
,
visibility
:
"private"
})
conn
=
get
(
conn
,
"/notice/
#{
activity
.
id
}
"
)
assert
html_response
(
conn
,
404
)
=~
"not found"
end
test
"302 for remote cached status"
,
%{
conn
:
conn
,
user
:
user
}
do
message
=
%{
"@context"
=>
"https://www.w3.org/ns/activitystreams"
,
"type"
=>
"Create"
,
"actor"
=>
user
.
ap_id
,
"object"
=>
%{
"to"
=>
user
.
follower_address
,
"cc"
=>
"https://www.w3.org/ns/activitystreams
#
Public"
,
"id"
=>
Utils
.
generate_object_id
(),
"content"
=>
"blah blah blah"
,
"type"
=>
"Note"
,
"attributedTo"
=>
user
.
ap_id
}
}
assert
{
:ok
,
activity
}
=
Transmogrifier
.
handle_incoming
(
message
)
conn
=
get
(
conn
,
"/notice/
#{
activity
.
id
}
"
)
assert
html_response
(
conn
,
302
)
=~
"redirected"
end
test
"does not require authentication on non-federating instances"
,
%{
conn
:
conn
,
user
:
user
}
do
clear_config
([
:instance
,
:federating
],
false
)
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"testing a thing!"
})
conn
=
get
(
conn
,
"/notice/
#{
activity
.
id
}
"
)
assert
html_response
(
conn
,
200
)
=~
"testing a thing!"
end
test
"returns 404 for local public activity with `restrict_unauthenticated/activities/local` setting"
,
%{
conn
:
conn
,
user
:
user
}
do
clear_config
([
:restrict_unauthenticated
,
:activities
,
:local
],
true
)
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
status
:
"testing a thing!"
})
conn
|>
get
(
"/notice/
#{
activity
.
id
}
"
)
|>
html_response
(
404
)
end
end
end
File Metadata
Details
Attached
Mime Type
text/html
Expires
Tue, Jan 20, 12:43 PM (1 d, 21 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
941205
Default Alt Text
static_fe_controller_test.exs (6 KB)
Attached To
Mode
rPUBE pleroma-upstream
Attached
Detach File
Event Timeline
Log In to Comment