akkoma/test/pleroma/web/common_api/utils_test.exs

657 lines
21 KiB
Elixir
Raw Permalink Normal View History

2018-12-23 13:11:29 -07:00
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
2018-12-23 13:11:29 -07:00
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.CommonAPI.UtilsTest do
alias Pleroma.Builders.UserBuilder
2019-06-03 11:08:38 -06:00
alias Pleroma.Web.CommonAPI
2020-10-02 11:00:50 -06:00
alias Pleroma.Web.CommonAPI.ActivityDraft
alias Pleroma.Web.CommonAPI.Utils
2017-06-14 06:46:18 -06:00
use Pleroma.DataCase
import ExUnit.CaptureLog
2019-06-03 11:08:38 -06:00
import Pleroma.Factory
@public_address "https://www.w3.org/ns/activitystreams#Public"
2020-05-22 09:19:25 -06:00
describe "add_attachments/2" do
setup do
name =
"Sakura Mana Turned on by a Senior OL with a Temptating Tight Skirt-s Full Hipline and Panty Shot- Beautiful Thick Thighs- and Erotic Ass- -2015- -- Oppaitime 8-28-2017 6-50-33 PM.png"
2017-08-28 11:17:38 -06:00
2020-05-22 09:19:25 -06:00
attachment = %{
"url" => [%{"href" => URI.encode(name)}]
}
2017-06-14 06:46:18 -06:00
2020-05-22 09:19:25 -06:00
%{name: name, attachment: attachment}
end
2017-06-14 06:46:18 -06:00
2020-05-22 09:19:25 -06:00
test "it adds attachment links to a given text and attachment set", %{
name: name,
attachment: attachment
} do
len = 10
clear_config([Pleroma.Upload, :filename_display_max_length], len)
expected =
"<br><a href=\"#{URI.encode(name)}\" class='attachment'>#{String.slice(name, 0..len)}…</a>"
assert Utils.add_attachments("", [attachment]) == expected
end
test "doesn't truncate file name if config for truncate is set to 0", %{
name: name,
attachment: attachment
} do
clear_config([Pleroma.Upload, :filename_display_max_length], 0)
expected = "<br><a href=\"#{URI.encode(name)}\" class='attachment'>#{name}</a>"
assert Utils.add_attachments("", [attachment]) == expected
end
2017-06-14 06:46:18 -06:00
end
describe "it confirms the password given is the current users password" do
2018-05-13 07:56:59 -06:00
test "incorrect password given" do
{:ok, user} = UserBuilder.insert()
2018-05-21 15:32:28 -06:00
assert Utils.confirm_current_password(user, "") == {:error, "Invalid password."}
end
2018-05-13 07:56:59 -06:00
test "correct password given" do
{:ok, user} = UserBuilder.insert()
2018-05-21 15:32:28 -06:00
assert Utils.confirm_current_password(user, "test") == {:ok, user}
end
end
2019-02-26 16:32:26 -07:00
describe "format_input/3" do
test "works for bare text/plain" do
text = "hello world!"
expected = "hello world!"
2019-02-26 16:32:26 -07:00
{output, [], []} = Utils.format_input(text, "text/plain")
assert output == expected
text = "hello world!\n\nsecond paragraph!"
expected = "hello world!<br><br>second paragraph!"
2019-02-26 16:32:26 -07:00
{output, [], []} = Utils.format_input(text, "text/plain")
assert output == expected
end
test "works for bare text/html" do
text = "<p>hello world!</p>"
expected = "<p>hello world!</p>"
2019-02-26 16:32:26 -07:00
{output, [], []} = Utils.format_input(text, "text/html")
assert output == expected
text = "<p>hello world!</p><br/>\n<p>second paragraph</p>"
expected = "<p>hello world!</p><br/>\n<p>second paragraph</p>"
2019-02-26 16:32:26 -07:00
{output, [], []} = Utils.format_input(text, "text/html")
assert output == expected
end
test "works for bare text/markdown" do
text = "**hello world**"
expected = "<p><strong>hello world</strong></p>"
2019-02-26 16:32:26 -07:00
{output, [], []} = Utils.format_input(text, "text/markdown")
assert output == expected
text = "**hello world**\n\n*another paragraph*"
expected = "<p><strong>hello world</strong></p><p><em>another paragraph</em></p>"
2019-02-26 16:32:26 -07:00
{output, [], []} = Utils.format_input(text, "text/markdown")
assert output == expected
2019-02-27 01:40:30 -07:00
text = """
> cool quote
by someone
"""
expected = "<blockquote><p>cool quote</p></blockquote><p>by someone</p>"
2019-02-27 01:40:30 -07:00
{output, [], []} = Utils.format_input(text, "text/markdown")
assert output == expected
2019-02-26 16:32:26 -07:00
end
2019-04-26 04:17:57 -06:00
test "works for bare text/bbcode" do
text = "[b]hello world[/b]"
expected = "<strong>hello world</strong>"
{output, [], []} = Utils.format_input(text, "text/bbcode")
assert output == expected
text = "[b]hello world![/b]\n\nsecond paragraph!"
expected = "<strong>hello world!</strong><br><br>second paragraph!"
{output, [], []} = Utils.format_input(text, "text/bbcode")
assert output == expected
text = "[b]hello world![/b]\n\n<strong>second paragraph!</strong>"
expected =
"<strong>hello world!</strong><br><br>&lt;strong&gt;second paragraph!&lt;/strong&gt;"
2019-04-26 04:17:57 -06:00
{output, [], []} = Utils.format_input(text, "text/bbcode")
assert output == expected
end
2019-02-26 16:32:26 -07:00
test "works for text/markdown with mentions" do
{:ok, user} =
UserBuilder.insert(%{nickname: "user__test", ap_id: "http://foo.com/user__test"})
text = "**hello world**\n\n*another @user__test and @user__test google.com paragraph*"
{output, _, _} = Utils.format_input(text, "text/markdown")
assert output ==
~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a class="u-url mention" data-user="#{user.id}" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a class="u-url mention" data-user="#{user.id}" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>)
end
end
2020-10-12 23:27:51 -06:00
describe "format_input/3 with markdown" do
test "Paragraph" do
code = ~s[Hello\n\nWorld!]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == "<p>Hello</p><p>World!</p>"
end
test "links" do
code = "https://en.wikipedia.org/wiki/Animal_Crossing_(video_game)"
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><a href="#{code}">#{code}</a></p>]
code = "https://github.com/pragdave/earmark/"
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><a href="#{code}">#{code}</a></p>]
end
test "link with local mention" do
insert(:user, %{nickname: "lain"})
code = "https://example.com/@lain"
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><a href="#{code}">#{code}</a></p>]
end
test "local mentions" do
mario = insert(:user, %{nickname: "mario"})
luigi = insert(:user, %{nickname: "luigi"})
code = "@mario @luigi yo what's up?"
{result, _, []} = Utils.format_input(code, "text/markdown")
assert result ==
~s[<p><span class="h-card"><a class="u-url mention" data-user="#{mario.id}" href="#{mario.ap_id}" rel="ugc">@<span>mario</span></a></span> <span class="h-card"><a class="u-url mention" data-user="#{luigi.id}" href="#{luigi.ap_id}" rel="ugc">@<span>luigi</span></a></span> yo whats up?</p>]
end
test "remote mentions" do
mario = insert(:user, %{nickname: "mario@mushroom.world", local: false})
luigi = insert(:user, %{nickname: "luigi@mushroom.world", local: false})
code = "@mario@mushroom.world @luigi@mushroom.world yo what's up?"
{result, _, []} = Utils.format_input(code, "text/markdown")
assert result ==
~s[<p><span class="h-card"><a class="u-url mention" data-user="#{mario.id}" href="#{mario.ap_id}" rel="ugc">@<span>mario</span></a></span> <span class="h-card"><a class="u-url mention" data-user="#{luigi.id}" href="#{luigi.ap_id}" rel="ugc">@<span>luigi</span></a></span> yo whats up?</p>]
end
2020-10-12 23:27:51 -06:00
test "raw HTML" do
code = ~s[<a href="http://example.org/">OwO</a><!-- what's this?-->]
{result, [], []} = Utils.format_input(code, "text/markdown")
2020-10-13 13:27:50 -06:00
assert result == ~s[<a href="http://example.org/">OwO</a>]
2020-10-12 23:27:51 -06:00
end
test "rulers" do
code = ~s[before\n\n-----\n\nafter]
{result, [], []} = Utils.format_input(code, "text/markdown")
2020-10-13 13:27:50 -06:00
assert result == "<p>before</p><hr/><p>after</p>"
2020-10-12 23:27:51 -06:00
end
test "blockquote" do
code = ~s[> whoms't are you quoting?]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == "<blockquote><p>whomst are you quoting?</p></blockquote>"
end
test "code" do
code = ~s[`mix`]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><code class="inline">mix</code></p>]
code = ~s[``mix``]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><code class="inline">mix</code></p>]
code = ~s[```\nputs "Hello World"\n```]
{result, [], []} = Utils.format_input(code, "text/markdown")
2020-10-13 13:27:50 -06:00
assert result == ~s[<pre><code>puts &quot;Hello World&quot;</code></pre>]
code = ~s[ <div>\n </div>]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<pre><code>&lt;div&gt;\n&lt;/div&gt;</code></pre>]
2020-10-12 23:27:51 -06:00
end
test "lists" do
code = ~s[- one\n- two\n- three\n- four]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == "<ul><li>one</li><li>two</li><li>three</li><li>four</li></ul>"
code = ~s[1. one\n2. two\n3. three\n4. four\n]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == "<ol><li>one</li><li>two</li><li>three</li><li>four</li></ol>"
end
test "delegated renderers" do
code = ~s[*aaaa~*]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><em>aaaa~</em></p>]
code = ~s[**aaaa~**]
{result, [], []} = Utils.format_input(code, "text/markdown")
assert result == ~s[<p><strong>aaaa~</strong></p>]
2020-10-13 01:08:41 -06:00
# strikethrough
2020-10-13 13:27:50 -06:00
code = ~s[~~aaaa~~~]
2020-10-12 23:27:51 -06:00
{result, [], []} = Utils.format_input(code, "text/markdown")
2020-10-13 13:27:50 -06:00
assert result == ~s[<p><del>aaaa</del>~</p>]
2020-10-12 23:27:51 -06:00
end
end
describe "formats date to asctime" do
2019-04-02 03:25:51 -06:00
test "when date is in ISO 8601 format" do
date = DateTime.utc_now() |> DateTime.to_iso8601()
expected =
date
2019-04-02 03:25:51 -06:00
|> DateTime.from_iso8601()
|> elem(1)
|> Calendar.Strftime.strftime!("%a %b %d %H:%M:%S %z %Y")
assert Utils.date_to_asctime(date) == expected
end
2019-04-02 03:25:51 -06:00
test "when date is a binary in wrong format" do
date = DateTime.utc_now()
2019-04-02 03:25:51 -06:00
expected = ""
assert capture_log(fn ->
assert Utils.date_to_asctime(date) == expected
2022-06-11 09:14:22 -06:00
end) =~ "[warning] Date #{date} in wrong format, must be ISO 8601"
end
2019-04-02 03:25:51 -06:00
test "when date is a Unix timestamp" do
date = DateTime.utc_now() |> DateTime.to_unix()
2019-04-02 03:25:51 -06:00
expected = ""
assert capture_log(fn ->
assert Utils.date_to_asctime(date) == expected
2022-06-11 09:14:22 -06:00
end) =~ "[warning] Date #{date} in wrong format, must be ISO 8601"
end
2019-04-02 03:25:51 -06:00
test "when date is nil" do
expected = ""
assert capture_log(fn ->
assert Utils.date_to_asctime(nil) == expected
2022-06-11 09:14:22 -06:00
end) =~ "[warning] Date in wrong format, must be ISO 8601"
end
test "when date is a random string" do
assert capture_log(fn ->
assert Utils.date_to_asctime("foo") == ""
2022-06-11 09:14:22 -06:00
end) =~ "[warning] Date foo in wrong format, must be ISO 8601"
2019-04-02 03:25:51 -06:00
end
end
2019-06-03 11:08:38 -06:00
describe "get_to_and_cc" do
test "for public posts, not a reply" do
user = insert(:user)
mentioned_user = insert(:user)
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{user: user, mentions: [mentioned_user.ap_id], visibility: "public"}
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 2
assert length(cc) == 1
assert @public_address in to
assert mentioned_user.ap_id in to
assert user.follower_address in cc
end
test "for public posts, a reply" do
user = insert(:user)
mentioned_user = insert(:user)
third_user = insert(:user)
2020-05-12 13:59:26 -06:00
{:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{
user: user,
mentions: [mentioned_user.ap_id],
visibility: "public",
in_reply_to: activity
}
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 3
assert length(cc) == 1
assert @public_address in to
assert mentioned_user.ap_id in to
assert third_user.ap_id in to
assert user.follower_address in cc
end
test "for unlisted posts, not a reply" do
user = insert(:user)
mentioned_user = insert(:user)
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{user: user, mentions: [mentioned_user.ap_id], visibility: "unlisted"}
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 2
assert length(cc) == 1
assert @public_address in cc
assert mentioned_user.ap_id in to
assert user.follower_address in to
end
test "for unlisted posts, a reply" do
user = insert(:user)
mentioned_user = insert(:user)
third_user = insert(:user)
2020-05-12 13:59:26 -06:00
{:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{
user: user,
mentions: [mentioned_user.ap_id],
visibility: "unlisted",
in_reply_to: activity
}
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 3
assert length(cc) == 1
assert @public_address in cc
assert mentioned_user.ap_id in to
assert third_user.ap_id in to
assert user.follower_address in to
end
test "for private posts, not a reply" do
user = insert(:user)
mentioned_user = insert(:user)
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{user: user, mentions: [mentioned_user.ap_id], visibility: "private"}
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 2
2020-01-20 03:53:14 -07:00
assert Enum.empty?(cc)
2019-06-03 11:08:38 -06:00
assert mentioned_user.ap_id in to
assert user.follower_address in to
end
test "for private posts, a reply" do
user = insert(:user)
mentioned_user = insert(:user)
third_user = insert(:user)
2020-05-12 13:59:26 -06:00
{:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{
user: user,
mentions: [mentioned_user.ap_id],
visibility: "private",
in_reply_to: activity
}
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 2
2020-01-20 03:53:14 -07:00
assert Enum.empty?(cc)
2019-06-03 11:08:38 -06:00
assert mentioned_user.ap_id in to
assert user.follower_address in to
end
test "for direct posts, not a reply" do
user = insert(:user)
mentioned_user = insert(:user)
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{user: user, mentions: [mentioned_user.ap_id], visibility: "direct"}
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 1
2020-01-20 03:53:14 -07:00
assert Enum.empty?(cc)
2019-06-03 11:08:38 -06:00
assert mentioned_user.ap_id in to
end
test "for direct posts, a reply" do
user = insert(:user)
mentioned_user = insert(:user)
third_user = insert(:user)
2020-05-12 13:59:26 -06:00
{:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{
user: user,
mentions: [mentioned_user.ap_id],
visibility: "direct",
in_reply_to: activity
}
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 1
assert Enum.empty?(cc)
assert mentioned_user.ap_id in to
{:ok, direct_activity} = CommonAPI.post(third_user, %{status: "uguu", visibility: "direct"})
2020-10-02 11:00:50 -06:00
draft = %ActivityDraft{
user: user,
mentions: [mentioned_user.ap_id],
visibility: "direct",
in_reply_to: direct_activity
}
{to, cc} = Utils.get_to_and_cc(draft)
2019-06-03 11:08:38 -06:00
assert length(to) == 2
2020-01-20 03:53:14 -07:00
assert Enum.empty?(cc)
2019-06-03 11:08:38 -06:00
assert mentioned_user.ap_id in to
assert third_user.ap_id in to
end
end
2019-08-05 09:37:05 -06:00
describe "to_master_date/1" do
test "removes microseconds from date (NaiveDateTime)" do
assert Utils.to_masto_date(~N[2015-01-23 23:50:07.123]) == "2015-01-23T23:50:07.000Z"
end
test "removes microseconds from date (String)" do
assert Utils.to_masto_date("2015-01-23T23:50:07.123Z") == "2015-01-23T23:50:07.000Z"
end
test "returns unix epoch when date invalid" do
assert Utils.to_masto_date("2015-01?23T23:50:07.123Z") == "1970-01-01T00:00:00Z"
end
test "returns unix epoch when date is before the introduction of the Gregorian Calendar" do
assert Utils.to_masto_date("0621-01-01T00:00:00Z") == "1970-01-01T00:00:00Z"
end
test "returns unix epoch when date is BCE" do
assert Utils.to_masto_date("-0420-01-01T00:00:00Z") == "1970-01-01T00:00:00Z"
2019-08-05 09:37:05 -06:00
end
end
describe "maybe_notify_mentioned_recipients/2" do
test "returns recipients when activity is not `Create`" do
activity = insert(:like_activity)
assert Utils.maybe_notify_mentioned_recipients(["test"], activity) == ["test"]
end
test "returns recipients from tag" do
user = insert(:user)
object =
insert(:note,
user: user,
data: %{
"tag" => [
%{"type" => "Hashtag"},
"",
%{"type" => "Mention", "href" => "https://testing.pleroma.lol/users/lain"},
%{"type" => "Mention", "href" => "https://shitposter.club/user/5381"},
%{"type" => "Mention", "href" => "https://shitposter.club/user/5381"}
]
}
)
activity = insert(:note_activity, user: user, note: object)
assert Utils.maybe_notify_mentioned_recipients(["test"], activity) == [
"test",
"https://testing.pleroma.lol/users/lain",
"https://shitposter.club/user/5381"
]
end
test "returns recipients when object is map" do
user = insert(:user)
object = insert(:note, user: user)
activity =
insert(:note_activity,
user: user,
note: object,
data_attrs: %{
"object" => %{
"tag" => [
%{"type" => "Hashtag"},
"",
%{"type" => "Mention", "href" => "https://testing.pleroma.lol/users/lain"},
%{"type" => "Mention", "href" => "https://shitposter.club/user/5381"},
%{"type" => "Mention", "href" => "https://shitposter.club/user/5381"}
]
}
}
)
Pleroma.Repo.delete(object)
assert Utils.maybe_notify_mentioned_recipients(["test"], activity) == [
"test",
"https://testing.pleroma.lol/users/lain",
"https://shitposter.club/user/5381"
]
end
test "returns recipients when object not found" do
user = insert(:user)
object = insert(:note, user: user)
activity = insert(:note_activity, user: user, note: object)
Pleroma.Repo.delete(object)
2020-02-11 00:12:57 -07:00
obj_url = activity.data["object"]
Tesla.Mock.mock(fn
%{method: :get, url: ^obj_url} ->
%Tesla.Env{status: 404, body: ""}
end)
2019-08-05 09:37:05 -06:00
assert Utils.maybe_notify_mentioned_recipients(["test-test"], activity) == [
"test-test"
]
end
end
describe "attachments_from_ids/1" do
test "returns attachments without descs" do
Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 09:46:18 -06:00
user = insert(:user)
object = insert(:attachment, user: user)
Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 09:46:18 -06:00
assert Utils.attachments_from_ids(user, %{media_ids: ["#{object.id}"]}) == [object.data]
2019-08-05 09:37:05 -06:00
end
test "returns [] when passed non-media object ids" do
user = insert(:user)
object = insert(:note, user: user)
assert Utils.attachments_from_ids(user, %{media_ids: ["#{object.id}"]}) == []
end
2019-08-05 09:37:05 -06:00
test "returns [] when not pass media_ids" do
Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 09:46:18 -06:00
user = insert(:user)
assert Utils.attachments_from_ids(user, %{}) == []
2019-08-05 09:37:05 -06:00
end
end
describe "maybe_add_list_data/3" do
test "adds list params when found user list" do
user = insert(:user)
{:ok, %Pleroma.List{} = list} = Pleroma.List.create("title", user)
assert Utils.maybe_add_list_data(%{additional: %{}, object: %{}}, user, {:list, list.id}) ==
%{
additional: %{"bcc" => [list.ap_id], "listMessage" => list.ap_id},
object: %{"listMessage" => list.ap_id}
}
end
test "returns original params when list not found" do
user = insert(:user)
{:ok, %Pleroma.List{} = list} = Pleroma.List.create("title", insert(:user))
assert Utils.maybe_add_list_data(%{additional: %{}, object: %{}}, user, {:list, list.id}) ==
%{additional: %{}, object: %{}}
end
end
describe "maybe_add_attachments/3" do
test "returns parsed results when attachment_links is false" do
2019-08-05 09:37:05 -06:00
assert Utils.maybe_add_attachments(
{"test", [], ["tags"]},
[],
false
2019-08-05 09:37:05 -06:00
) == {"test", [], ["tags"]}
end
test "adds attachments to parsed results" do
attachment = %{"url" => [%{"href" => "SakuraPM.png"}]}
assert Utils.maybe_add_attachments(
{"test", [], ["tags"]},
[attachment],
true
2019-08-05 09:37:05 -06:00
) == {
"test<br><a href=\"SakuraPM.png\" class='attachment'>SakuraPM.png</a>",
[],
["tags"]
}
end
end
2017-06-14 06:46:18 -06:00
end